| **** News Bytes **** News Bytes **** News Bytes **** |
Coming soon - a rash of MP3-enabled 'toys' (as we predicted in December's IB). Hot on the heels of Sony's slick CMD-MZ5 combined phone and 'MP3-man' player, Palm have announced a snap-on digital music package called "portéson" for its m100 and m105 handheld PDAs.
Pirated CDs are about to fade away - literally. A new anti-piracy system called FADE, embedded internally in a program, detects if it is a pirate and slowly self-destructs, eg by disabling key features of a game. Codemasters believe their new system will help combat illegal copying of software. Mission Impossible comes true!
The US mobile telephony and wireless market is expected to grow in the wake of the terror attacks on New York and Washington. The US, which has long dragged behind most of the world in terms of mobile-phone adoption, is expected to become more interested in the wake of the attack which proved the merits of carrying cellphones.
Btopenworld has announced a half-price promotional offer on set up fees for ADSL installations. Until the end of December consumers can order a Home500 service installation for £74.99 (inc VAT). A similar offer applies to business users ordering Business500 (£75 ex VAT) and Business 500+ (£130 ex VAT). The discount does not apply to the monthly charges.
|
Lager-powered laptops? Sony and NEC research into methanol-based fuel cells may prove to be the saviour for laptop computers continually draining their batteries. With a fuel-to-weight ratio 10 times better than today's best lithium ion cells, they would also have the environmental benefits of producing only water and carbon dioxide as by-products. Methanol is cheap and easy to produce. However, we may have to get used to dumping the concept of recharging batteries and become accustomed to 'injecting' cells with fresh methanol as a means of topping them up. Another round anyone?
Research giant, Gartners, has panned Microsoft's IIS after the series of attacks by CodeRed and Nimda viruses. It recommends victims should look at Web server alternatives like iPlanet and Apache as well as steering clear of the new .NET products.
Apple is switching entirely to supplying LCD (liquid crystal display) flat-panel monitors with their computers and end production of the 17in Studio Display. Industry analysts believe monitor vendors will increasingly follow the same path and start to offer more LCD displays in their ranges as the price difference between conventional CRT-based monitors and LCDs decreases.
Time turns technology on its head - now you can use a pen to read! Drag the new pen-shaped C-Pen 600C over printed text and store it. The £139 digital reader connects to a PC or PDA for document transfer, and dictionaries for most European languages will even translate for you.
|
| **** end of News Bytes **** |
^ Back to contents ^
1. Networks under attack
The terrible events of Tuesday 11th September illustrate how clearly conventional 'networks' can be abused by those with malicious intent - the networks in that case being conventional airlines - especially where those network routes are poorly guarded. In computer networks or applications, we have seen by example over the last few years that, wherever a weakness exists someone will be bound to exploit it, though with far less tragic consequences than in our 'real world' circumstances.
To some extent we are learning how to build better electronic networks; while the trans-Atlantic telephone network soon seized up under a siege of UK-US calls, by comparison Internet connections sagged a little, but continued without catastrophic failure. Granted, most of the major news servers (BBC, CNN, Reuters, Independent) took a dive under the weight of traffic in the hours immediately following the atrocities, but they were soon back on line and the resilience of the global Internetwork as a whole wasn't compromised.
As highlighted below, a major threat in the electronic world is still posed by new viruses, ever more cunningly programmed, but in general we - as an IT community including anti-virus vendors, service providers and users - have a good robust defensive system in place. While technically sophisticated anti-virus programs automate a lot of the protection for us, part of the systems effectiveness is sometimes just down to the vigilance of individuals, whether it's spotting a quirkily-phrased email or simply identifying the difference between hoaxes and genuine virus identities.
Let's hope we can build such robustness into real world networks in future.
|
^ Back to contents ^
2. Computer Theft - Reducing the Risk
What is it ?
Theft of IT related equipment continues to rise. Over the past three years Co-Operative Systems has noted an increasing number of clients reporting the theft of various pieces of equipment. The stolen items are not just expensive, high powered computers, but standard workstations, even older models. Organisations are having to become more aware of the security of their offices and equipment. This fact sheet shows you how to :
- Protect your organisation from computer theft, and
- how to Minimise the impact of theft if your organisation becomes a victim.
- Protect your organisation
Reducing the risk
There are various actions you can take to reduce the likelihood of computer theft:
- Do make it harder to steal.
It's a good idea to secure equipment to the desk, especially PCs in public areas. A lock and chain kit will cost about £15 and are available from many office supplies companies. Also, secure the building with door and window locks and lock rooms when not in use. With a network the most valuable item is the file server. Lock it away in a cupboard or room.
- Do make it less desirable to steal the hardware.
Write your organisation's name and post code clearly on the side of the PC with indelible ink - it looks less ugly than a claim form and makes equipment easy to identify if it is stolen.
- Don't leave clues.
Brand new equipment is particularly attractive to thieves. Make sure you install kit as soon as possible and beware of leaving a pile of empty computer boxes outside the building. Some suppliers will take the boxes away with them when they have installed the equipment.
- Do get everyone involved.
It is a good idea to have a policy of awareness amongst the staff. In our experience, bigger organisations are more vulnerable to theft as they generally have more people wandering around who are not known to staff.
- Do get professional advice.
The Crime Prevention Officer at your local police station will be happy to visit your organisation. They can point out areas of weakness and suggest ways to improve security.
Easing insurance claims
If you have equipment stolen, claiming on insurance will be easier if you have done the following:
- Do keep serial numbers together.
Note down the serial numbers of all equipment. This is easiest at the time of installation. The serial numbers should be kept with any paperwork related to the purchase.
- Don't forget to update your cover.
If you purchase new equipment throughout the year, inform the insurance company of the additions to the schedule. If you have portable items that are used off-site, ensure that your insurance documents state they are for "out of office use".
- Do get the right type of cover.
Some insurance polices offer like-for-like cover for office equipment. With the speed at which computer technology develops, this cover can present problems when replacing older equipment that is no longer available. A new-for-old policy allows for replacements to the equivalent value of the stolen items.
- Don't assume it's all covered.
The cost of computer theft is often greater than the cost of the hardware itself. You may need to rent PCs in the short term until you can purchase new equipment. This is not always covered in insurance unless specifically requested. You may also wish to consider the costs of setting up all the software and restoring the data.
- Minimising the impact
Just as important as security to prevent your equipment from going missing, are measures to reduce the disruption after the event.
Make sure you take regular back-ups of all your data, no matter how insignificant you feel it is. This will save you the considerable cost of having to re-key the information, and reduce the likelihood of any important data being lost completely. You should also keep a recent back-up off-site, eg, at someone's home or, more securely, in a bank deposit box. Keep the software disks (or copies of the originals) in a safe place as well, so you can reinstall the software immediately you have the new hardware.
Security Checklist
- Anchor equipment to desks to make it harder to steal, especially in publicly-accessible places, eg library, reception.
- If you have a dedicated network server, lock it away in a room or cupboard.
- Secure the building with good window and door locks, and keep rooms locked when not in use.
- Write your organisations name on the side of the equipment for identification.
- Install kit as soon as possible and do not leave the empty boxes outside the building.
- Promote a policy of awareness amongst staff.
- Note down the serial numbers of all equipment and keep a printed copy of these in a safe place.
- Ensure that your insurance policy provides the correct cover for the use of your equipment on and off-site, and inform the insurance company of any new purchases.
- Consider insurance to cover additional costs such as short term rental, installation of new equipment and restoration of data after a theft.
- Take regular back-ups of all data to prevent so you don't lose this along with the equipment.
Don't assume 'lightning doesn't strike twice in the same place' - thieves have been know to come back during the recovery operation!
All information and prices in Co-Operative Systems factsheets are accurate at the time of printing.
For updated factsheets call 020 7793 0395.
|
^ Back to contents ^
3. Move your bookmarks to another PC
Is there a way of copying my bookmarks to my new PC ?
Yes!
Hang on - what's this all about ?
C'mon get with it! I've got some really slick 'marks' which took me ages to find and I want to copy them over to Alexander's PC (and he doesn't know how to find anything on the Web anyway).
What are bookmark files?
Netscape coined the phrase "Bookmark" to describe a means of remembering Web page links for you. Their Navigator browser was able to store these in a local file: bookmark.htm.
In Microsoft's Internet Explorer, they are called "Favourites".
How to make it happen
Assuming that your browsers are installed on the local C: drive (not across the network) there are still 2 alternative scenarios depending on whether :
- your PCs have only one login - "No Profiles"
or
- each user's preferences are retained when they login at that PC - "Profiles enabled".
Bookmarks should not need moving between PCs in the second scenario, since a master copy of the each user profile is stored at the server and copied down to the local workstation every time a user logs in, but the procedure is included here just in case.
Being just a list of Web links, bookmark files and directories are typically 1KB to 100KB in size (depending on how many bookmarks you have been collecting), so should fit easily on any floppy disc (730KB to 1400KB).
Close down any browser applications before you start. Web browsers obviously open and rewrite the contents of bookmark files while they are running.
- No Profiles
- Netscape Navigator:
In Netscape Navigator, the bookmarks are in a file called BOOKMARK.HTM or BOOKMARKS.HTML.
Simply copy this file (via your network or via a floppy disc) to the same directory on the new PC that the user sits at. Typically this will be:
C:\Program Files\Netscape\
- Internet Explorer on Windows 95/98:
In Internet Explorer, the bookmarks are in a directory called :
C:\WINDOWS\Favorites\
Simply copy the whole directory (via your network or via a floppy disc) to the same directory on the new PC that the user sits at, so that it ends up again as:
C:\WINDOWS\Favorites\
- Internet Explorer on Windows 2000:
In Internet Explorer, the bookmarks are in a directory called :
C:\Documents and Settings\
Simply copy the whole directory (via your network or via a floppy disc) to the same directory on the new PC that the user sits at, so that it ends up again as:
C:\Documents and Settings\
- Profiles Enabled
- Netscape Navigator:
In Netscape Navigator, the bookmarks are in a file called BOOKMARK.HTM or BOOKMARKS.HTML.
Simply copy this file (via your network or via a floppy disc) to the same directory on the new PC that the user sits at. Typically this will be:
C:\Program Files\Netscape\User\<username>\
- Internet Explorer on Windows 95/98:
Find the Favourites directory for the user's profile in :
C:\WINDOWS\Profiles\<username>\Favorites\
Simply copy the whole directory (via your network or via a floppy disc) to the same directory on the new PC that the user sits at, so that it ends up again as:
C:\WINDOWS\Profiles\<username>\Favorites\
When the user logs in again, they are likely to see a message saying :
"The local profile is more recent ..."
They should respond "Yes" to copy it to the domain server otherwise the old profile will be copied over the version in C:\WINDOWS\Profiles\<username>\Favorites\ that you have modified. It's not disastrous, but you'll have to go through the above process again.
To move a whole set of users from one PC to another, you would just copy the C:\WINDOWS\Profiles\ directory.
- Internet Explorer on Windows 2000:
Find the Favourites directory for the user's profile in :
C:\Documents and Settings\<username>\Favorites\
Simply copy the whole directory (via your network or via a floppy disc) to the same directory on the new PC that the user sits at, so that it ends up again as:
C:\Documents and Settings\<username>\Favorites\
When the user logs in again, they are likely to see a message saying :
"The local profile is more recent ..."
They should respond "Yes" to copy it to the domain server otherwise the old profile will be copied over the version in C:\Documents and Settings\<username>\Favorites\ that you have modified. It's not disastrous, but you'll have to go through the above process again.
To move a whole set of users from one PC to another, you would just copy the C:\Documents and Settings\ directory.
|
^ Back to contents ^
4. Speed up your PC while you're away from it!
What is it ?
Ever noticed how that brand new PC seems to get more sluggish after about 6 months? Almost as if you were witnessing its obsolesence in the making!
Well part of it may be because you did go and load up 20 shareware packages for evaluation, add 10 tasks to the scheduler, 23 icons to the desktop and, as if that weren't enough, your favourite 3D room designer is always just one click away on that taskbar.
How to make it happen
The good news is that some of this sluggishness is curable - with a built-in utility called "Disk Defragmenter", affectionately known as 'defrag'.
On Windows 95/98/2000, click :
Start | Programs | Accessories | System Tools | Disk Defragmenter
Select the drive you want to speed up (eg C:) and click "OK" (Windows 95/98) or "Defragment" (Windows 2000).
OR
Right-click any C: drive icon, eg within Explorer, then select
Properties | Tools tab | "Defragment Now" button
How to use 'Defrag'
You can do this usefully over a lunch time or set it running just before going into a meeting. An hour's processing of the drive may optimise about 20-25% of its contents - definitely the most important hour's worth if you opt to move all the programs to the front for extra speed (see below).
This processing is not lost if your own work forces you to exit Defrag before it's fully done. Next time around it whips through the cluster data it has already optimised in a couple of minutes.
If you get a buzz out of watching paint dry, you can click the "Show Details" button. Expect a slow start but don't worry, it gets quicker after 15 mins or so.
Run Defrag about once a month to keep you hard drive speed in tip-top condition.
Recommended mode of operation
If you have time, save and close all open applications.
If you have even more time disconnect from the network, restart in stand-alone mode, exit from icons like schedulers at the bottom of the taskbar and turn off screen savers temporarily. You can restore the latter and other icons will return on startup.
This shortens the defragmenting time in 2 ways:
Frees up maximum memory for Defrag to work in (so it'll run more quickly)
Reduces the likelihood of the utility having to restart continually.
Things like schedulers (or anything that writes to the hard disc you are defragmenting) may change the contents of the disc and causes thus Defrag to go right back to the beginning - a bit like snakes and ladders. However, it only takes a minute or so to reach where it left off as it 'recognises' pre-optimised data.
How it works (very approximately)
When files are operated on (copied, modified, moved), your PC fits them in anywhere there's room on the hard drive. It doesn't need to keep contiguous (consecutive bits together) because it stores a kind of index of all the file bits at the beginning of the drive (called a File Allocation Table). This FAT tells the drive head reader where to look for all the bits of the jigsaw that make up each file. This is fine, but after a while, finding all the scattered jigsaw bits becomes slow as the disc drive heads flick backwards and forwards across the disc platters. Creating new files and folders also takes longer because the free space available on the volume is scattered too. This scattering becomes common when lot of file moving has occurred - typically, you may have deleted an old application and then worked on some new documents or browsed the Internet (which all create lots of temporary files on disc).
Defrag corrects this in 2 ways:
Putting all the bits back in consecutive order helps the drive head gather single files efficiently,
Moving program files (which are the most accessed files) to the beginning of the drive allows the head to reach them quickest - it's a simple matter of the shortest distance moved takes the fewest number of milliseconds.
This process of finding and consolidating fragmented files and folders is called defragmentation.
Benefits
Faster opening and closing of applications and data files, like documents. Quicker PC startup and shutdown.
Drawbacks
Little effect on speed when whole applications are open - these operations mostly happen in chip memory (RAM).
|
^ Back to contents ^
5. HP/Compaq - what would the new giant mean to you?
What is it ?
We have all by now heard that Hewlett Packard and Compaq are to merge to form the new HP, but what does this mean to us? The 'deal' will take 2 years to close and both companies are effectively still in competition, so they are playing things close to their chest at the moment, but here are a few ideas of things to come in the future ….
PCs
Analysts are saying that Compaq’s corporate PC business is more profitable than HP’s, but HP’s consumer PC’s are more successful. In the rapidly-growing handheld market Compaq’s iPaq is superior to HP’s Jornada, their version of a handheld PC. So it looks like we may be buying HP for consumer systems and Compaq’s PC for the business and handheld market.
Printers
HP’s printer are renowned - this part of the business is one of the most profitable. However Compaq is one of the biggest distributor for HP’s rival Lexmark. HP’s printer range is excellent and unlikely to be dropped in the new partnership.
Servers
HP and Compaq both make servers that are fitted with Intel’s Itanium 64-bit processor for a unified server range. HP’s server sales have slowed in recent months, with their systems seeming to be more suitable for Unix and datacentre systems. Compaq’s server sales are expanding and are better at supporting Windows-based systems.
Software
Once the companies has merged it is likely the new giant will be Microsoft’s largest partner. With the two companies working together to improve HP’s version of Unix, HP-UX could be a big success with input from Compaq’s expertise in clustering technology. The result may be the first operating platform from the new company and could lead the field.
Services
The new HP will be the third largest IT services company, and will compete directly with IBM Global Services. With the combined HP/Compaq capabilities they should have an excellent opportunity to dominate this market, consultations, development and integration.
Will this merger be a success?
It’s difficult to say at the present time, the next year will be critical and this is the time when the shareholders and regulators will form their opinions. Investors are being sought to back the deal, which is stressed as a long term move, so a short term loss of market share is not unexpected. We, the consumer, will have to wait and see if there are any benefits for us.
[Chris Harris]
|
^ Back to contents ^
6. Microsoft patch for OCX attachment vulnerability
What is it ?
Microsoft has released a patch that eliminates a security vulnerability concerning Windows Media Player 7 and either Outlook or Outlook Express. The vulnerability could enable a malicious user to create an e-mail attachment that could cause your e-mail program to shut down.
Do I need to apply this patch ?
Microsoft recommends that customers who have both Windows Media Player 7 and either Outlook or Outlook Express installed consider installing this patch. To get the patch, see Contacts below.
What's the effect of the vulnerability?
This is a Denial of Service vulnerability. If a malicious user created an e-mail containing a particular type of embedded object, it could be used to cause your e-mail application to fail when closing the email message.
This vulnerability does not cause any lasting effects. You can resume normal operation by restarting your mail program and deleting the affected mail.
How would I recognise the vulnerability ?
When the malicious e-mail attachment is received, you get the following error message:
"This program has performed an illegal operation and will be shut down."
Clicking Details may show :
"OUTLOOK caused an invalid page fault in module Wmp.ocx at address"
Systems affected
Microsoft Windows Media Player 7
Microsoft Outlook 2000
Microsoft Outlook Express versions 5.01, 5.5 for Windows 2000
Microsoft Outlook Express, version 5.5 for Windows Millennium Edition
Microsoft Outlook Express versions 5, 5.01, 5.5 for Windows 98 Second Edition
Microsoft Outlook Express versions 5, 5.01, 5.5 for Windows 98
Microsoft Outlook Express versions 5, 5.01, 5.5 for Windows NT 4.0
Contacts
Download the Wmsu28412.exe patch from the "Patch Availability" section of the security bulletin.
Microsoft Security Bulletin (MS00-068)
Knowledge Base article Q274303
|
^ Back to contents ^
7. Remove the Sircam virus easily
What is it ?
This batch file from Sophos makes it trivial 30-second job to remove the Sircam-A virus.
How to make it happen
Find it at :
http://www.sophos.co.uk/support/faqs/sircam.html
You just copy it to a clean bootable floppy, boot the infected PC from that and then double-click the A:\RMSIRC.BAT file.
This useful utility saves all the slog of going through the registry manually (yes, you can do it manually!) and ripping out the corrupted entries. View the batch contents to see what it does.
Typical symptoms of the Sircam virus
If your AV updates are in force, the AV software should stop you getting into the Recycle Bin. Some applications may also refuse to launch.
More details on Sircam
W32/Sircam-A is a network-aware worm. The worm spreads via email and by using open network shares. It arrives in an email with a random subject which is identical to the attached filename. The attached filename is also randomly chosen, but it has a double extension (for instance, .doc.com, doc.bat or .mpg.pif). Details of this worm can be found at:
http://www.sophos.com/virusinfo/analyses/w32sircama.html
It has been discovered that the Sircam virus will also run under the Open Source operating system, but only under the Wine Windows emulator - not technically a Windows emulator for Linux, but a compatibility layer for Windows programs to run on Linux.
However, Sircam is unable to create relevant registry entries to make itself relaunch, because of the way Wine is constructed.
Want to know more? Talk to us or write to us here.
|
^ Back to contents ^
8. Removing the Nimda virus
What is it ?
The Nimda virus is widespread and harmful.
A very infectious virus, it re-infects easily. Some disinfected PCs can lose the use of MS Outlook, which then can't be just re-installed.
Precautions to take first
To help avoid this infection (and future likely variants) :
Keep Anti-Virus software up-to-date
In Outlook, don't use "Preview" pane or "Auto-Preview" under the View | Options menu (as first covered in IB June 2001
Delete all unknown emails.
Don't forward virus warnings to each other - usually it's just waste of everyone's time. Simply inform your IT support contact.
Don't panic but don't attempt any patching or fixes unless you are 100% confident - the results could be worse than the virus.
How to remove W32/Nimda
A stand-alone removal tool is provided by Network Associates to remove the very prolific W32/Nimda virus.
Near the bottom of this page (read the cautionary notes first) :
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
the "Stand Alone removal" paragraph leads you to the AVERT tools page where you will find the utility
Nimdascn.zip (440Kb).
Affected operating systems
This threat can infect all unprotected users of Win9x/NT/2000/ME operating systems.
What does W32/Nimda do ?
Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable.
This is a mass-mailing worm where the email subject line varies, message body is blank and attachment name varies and may use the icon for an Internet Explorer HTML document. It also spreads via network shares, the Microsoft Web Folder Transversal vulnerability and a Microsoft incorrect MIME Header vulnerability. It also attempts to create network shares, and use the backdoor created by the W32/CodeRed.c worm.
How it affected us
The time to sort these virus infections has doubled typical support work load - with staff working very late and as a consequence we may need to reschedule non mission-critical installs/FM at short notice. Thanks for bearing with us.
The Nimda virus infected around 10% of our client base during the period 19-21 September 2001. Most of the clients who were infected did have daily anti-viral updates being downloaded from network Associates, however there was a day's delay before a fix was released by the Anti-Virus software houses.
What is particularly nasty about Nimda is that it distributes itself in many ways and targets web servers as well a workstations. It uses weaknesses in web browsers, web servers and e-mail programs to wreak its havoc. So it is not enough to simply update the anti-virus software on your PC - the exploited vulnerabilities in the software need to be removed to prevent new viruses using them.
If you prefer medical analogies at this point) then ...
downloading the anti-virus DAT file (the medicine) is not sufficient in itself to give protection, the Anti-Virus Client Software (the spoon) also needs updating as does the Internet Explorer software and other application/system files (the blood group?) which are used.
Tackling the removal process
Removal of the Nimda virus also needed to be tackled in a manner appropriate to each customer. This was because over-time there have been several releases of WindowsNT, Internet Explorer, and the anti-virus software itself. For the first time we found ourselves in effect assembling a vaccine by using components from all the Anti-Virus software houses.
Ideally to protect against Nimda and its inevitable variants we need to :
update every PC being used to either patched IE5.5 or IE6 and the Network Associates Anti-Virus software to version 4.5.1
re-assess what server services are exposed to the internet (standard installation should only allow inbound SMTP traffic) and close them off if they are not needed
audit what software is installed on the server and apply necessary security patches and service packs.
This is a substantial task and not a thrilling one either. The first steps are to assess the actions needed at each site and estimate the time needed. In terms of priorities larger sites with high mail/web usage will need to be tackled first. We intend to offer the time needed to undertake this work on a discounted FM basis.
Within our standard SLA in common with all the IT providers we know, work related to virus fixes is not covered. This is because the scale and nature of the work is very unpredictable. However where fixes have been short less than 2 hours, ie, as per a typical support jobs we haven't made any charge.
Wayne is our co-ordinator for this process .
Contacts
Contact Wayne via our office here
NAI Nimda virus page
CERT page, type in "Nimda".
[Phil Anthony, Nick Arkas. Acknowledgements: NAI]
|