On This Page:
Kiddie Porn
(6-1-2006)Two or three police cars pull up outside. The people get out and come...to your business! They have a properly-executed search warrant and they pull every computer you have. Why? They're looking for child-porn.
Can't happen? Oh, yes it can. It has happened elsewhere more than once. The feds are on a charge and they're trying to stop the kiddie-porn business. Locally, there's an extension of that charge and they're trying to stop online-kiddie-stalkers from hurting children. I applaud both of these efforts: they have already shown results and, if you've followed the news, they've put sexual predators in jail who would have hurt young children.
But let's get back to your business. What must you do? First, you need a published zero-tolerance policy that treats all employees equally, including the top executives. Second, this policy should be explained to all your employees and they should sign a copy of it that you keep.
IT people will tell you that it is not easy to catch child-porn. The purveyors of this filth spend lots of time and energy to hide what it is as it goes "over the wire." There are software filters that attempt to scan for skin-tones and flag or delete images that include too much, but that is not dependable since much of the porn doesn't show a high percentage of skin-tone, but a simple head-shot photo does. The only way to check for kiddie porn is to actively do just that, go to the computers and take a quick visual of the image files that are there to see what they look like. And that is the third step you should take.
The fourth step is to have your IT people watch what websites are being visited regularly by employees. Strange or unknown sites should be checked to see what they are.
Here are some bad stats: in a study on kiddie-porn, 74% of IT managers surveyed said they would not even report child pornography if they found it. And 40% would not even discipline the offenders.
What to do if you find kiddie-porn?
It's easy. Call the police. Don't attempt to do anything on the computer(s) at your business. Don't do updates, backups, or anything else. Call the cops. Cooperate with them and ask that there be no release to the press because your company can't afford the bad publicity. They want to protect the children, so the odds are that they will cooperate with you if you are seen as cooperating with them.
Back to top of page
No-No's
(4/6/2006)OK, we all know not to put a sticky note or something of the sort on your computer with your ID/Password on it--or under the keyboard, etc. Right? But how about these?
- Suppose a well-dress, sohpisticated person is on the street or in the mall handing out "demo" CD's. Would you take one and install the software?
- Suppose a well-dress, sohpisticated person is outside the building where you work handing out "demo" CD's. Would you take one and install the software where you work?
- Someone you don't know calls you at work and says they're from IT and they need to know your password. Would you give it to them?
- Suppose you get an email from someone you don't know and it has a picture attached. The subject and body of the email entice you to open it to see the "cute" or whatever picture. Will you open it?
- Do you use your birthday as a password?
If you answered yes to any of these, you're a prime target for a virus or spyware attack. Change your ways now or you may be one of the many who suffer identity theft each year.IT folks, send us your no-no's and we'll add them to the list.
Back to top of page
Microsoft Admits It's Now Impossible
(4/5/2006)The hackers and crooks have surpassed our ability to stop them entirely and even when we find their stuff has invaded our computers, we can't just get rid of it. We're looking at a full reload of the system. Lots of IT folks have known we were there for some time, but we've not wanted to say it for fear someone would think we were just not as capable as we should be. Well, we should all thank Microsoft for finally saying it, because now we can begin to recommend that everyone setup and keep a periodic full-backup from which they can do a bare-metal restoration of the contents of their hard disk, thus loosing a minimum of time and data.
We're recommending a USB-hard disk drive and Symantec's Ghost product to our users because we know it works, you can take the backup HDD away from the computer it backs up (in case of fire, theft, etc.) and we've used it successfully to reload a damaged system and, guess what, it worked! Be sure to use a hard disk large enough to hold about three copies of your actual hard disk--about 2.5 times its capacity will do the job.
Back to top of page
PC Backup and Disaster Recovery 101:
What happens if one morning you come in and your office is charred and gutted--your PC as melted hunk of useless plastic and metal? What would the effect be on you, your business, you life? If you said, it wouldn't be a big deal, think about what records, pictures, etc. would be gone. If you can still say, "no big deal," why are you reading this? For most of us, it could qualify as a disaster. Sure, our insurance company (after an appropriate deductible) would replace the computer, but what about all that data? All that information? Which brings us to point 1. Make it a point, someone's job if the computer is a business unit, to do a backup on some regular interval. What interval? How many days' information could be lost without killing you? One day? Backup daily. One week? Backup weekly.
Backup? How? There are basically two ways to do this in the smaller-user environment where cost is a prohibitive factor.
- First, and perhaps most often used for home and small-office PC's is the CD-ROM method. This is a simple, inexpensive way to do it. If you don't have a CD writer, get one. You can purchase an external unit that hooks to your machine using a USB port or you can replace the read-only internal unit with a writer. It isn't too dificult--someone who knows what they're doing can do it in about 15 minutes. Next, identify where your data is on the hard drive. This will take a few minutes since many programs put their data files in strange places. Now use the software that came with your CD-RW unit to burn a CD (or three) with your data on it. Label the CD as to what it is, e.g., "Backup 1 of 3 12/30/04" and you're done. Don't forget the Outlook.pst files that hold your address book, emails, etc. Finally, the "duh!" factor: take the CD(s) you've just made and store them away from your computer so a fire, theft, or other disaster wouldn't get them right along with the PC.
- The second method involves a little more expense, but is superior. Notice that the first method did not save your software or your software's settings as they are stored on the hard disk. That can mean that you didn't loose your data, but you are out of business for a week while you "setup" your new machine. The second method is to purchase an external hard disk--USB is most often used for convenience--and a Ghost program. At a regular interval you make a complete hard disk backup to this "portable" hard disk. Then you take the "portable" hard disk away from the PC so that both won't be lost at one time. Now you can restore your system in a fraction of the time. Do be aware that the new PC will have to look essentially like the lost one for this to work.
Of course, if you are a larger user, things get more and more complicated, but for those discussions, individually-tailored plans need to be drawn up and regularly reviewed to be sure of compliance and readiness in case of a disaster. If you are in such an environment, be aware that Sarbanes Oxley may well make you liable if you don't take this step as well as approriate steps to secure your data. We at IHS would be happy to assist you with such a plan and its implementation. Just click here to email us.
Back to top of page
PC Security 101:
Computer security has become a very large problem for us all what with viruses, spy-ware, and hackers seemingly constantly ready to hijack and attack our machines, and steal our very identities. Here are some recommendations for the not-so-computer-savy among us.
First, physical access is the single greatest concern you should have. If you have sensitive information on your computer or if your computer being shut down will really have a negative effect on your life, you should physically secure it: no one else should have access to it. This would especially include children and grandchildren. The saying in the industry is that if I can put a CD in your machine, I own it outright--no questions asked. Your kids and grandkids can download, format, and unintentionally damage more than you have any idea and they can do it in seconds.
Next, you should not use an Administrator account for your everyday operations. When you use a limited account, there are things you cannot do. One of these things is to install new software, and this inability is a wonderful security feature. Why? Because a virus or spy-ware program often cannot install itself onto your system if you are a "limited" account, but if you are an Administrator, it will install and be happy to do whatever malicious thing it is set to do. Run only as an administrator when you need to and then switch back to a "limited" account for your normal usage.
A word about passwords is needed here. First, you should use a password on every account you have. Failure to use any password or using "secret" or "password" or your company name opens everything on the computer to anyone who can sit at that computer. What can someone do who gains physical access to your computer and has your ID/password? Answer: anything they want to--especially if its your administrator ID and password. For example, they can print your customer list and walk away with it. Windows' current versions support using long passwords which can include blanks. Instead of "password"user something like "My middle name is XYZ" as a password. You can remember it, it is easy to type, and hard for someone else to guess. You are still better off if you use "strong" passwords. Strong passwords include a number, professionals like to use them instead of letters, hence, you might say "My midd1e name 1s XYZ" (where ones are used instead of the letter "L." This technique renders your password almost unguessable.
Having said all of that, remember that physical access is the easiest way to control a computer. Go ahead and put the user ID and password on a sticky note or write it on the top of the monitor. The cleaning crew will love using the computer and who knows, maybe they won't email your customer and private data to Pakistan!
Since the Administrator User-ID is commonly on every machine, and since it owns the machine, hackers would like to get into the Administrator account. They expect it to exist because most people don't change it. If they're trying to hack into your computer, they will most probably try to hack into the Administrator User-ID. Change that name from "Administrator" to "Bill" or "Bob" or "Sue"...anything but "Administrator."
You should have a firewall. Tests have shown that an unprotected computer on the internet will be attacked within 20 minutes. Your first line of defense is a firewall. What does a firewall do? Well, the simplest way to describe it is that it prevents unwanted access from the internet into your machine or from your machine to the internet. It can prevent programs from accessing the internet and it can prevent outsiders from gaining access to your computer. While our friends in Redmond have put forth a rudimentary firewall, we suggest that you use a better firewall--our favorite is ZoneAlarm from ZoneLabs. Black Ice is also good. And the good news is that home users can have a free version of either of these firewalls--free is our favorite cost!
OK, now that you have a firewall, you're safe, right? Wrong! The firewall will only regulate access to your machine by certain software and by some unauthorized users. Many viruses are delivered by malicious websites, emails, and by hitch-hiking on desireable software. That's where a virus-scan software package comes into play. Many machines come with Symantec's Norton Anti-Virus or McAfee's Anti-Virus packages pre-installed. What you must realize about anti-virus programs is that since new viruses and new variations on old viruses are cranking out every day; you MUST constantly update your anti-virus "DAT" files--the files that update what the anti-virus software can recognize as viruses. This means you will need to subscribe to such a service. Unless you are working with a family's home computer. In that case, you can use AVG Free as your anti-virus package. Just go to free.grisoft.com/freeweb.php/doc/2/ and download your free anti-virus software package. AVG is a great product and it is free for home use--free is still our favorite cost!
Whew, that must have done the job, right? No, not yet. The anti-virus software looks for one kind of problem, but another problem, commonly called spy-ware, has raised its ugly head higher and higher of late. Spy-ware is so-named because it spys on you. At its worst, it will send someone what websites, you visit and your keystrokes while you're there. Think about that for a moment. Let's just say you're using online banking. You go to the bank's website, enter your ID and password, and that information is all sent to someone you don't even know is listening. Now they know what website, User ID, and password to use to get to your bank account. Trouble? You betcha! So what are you to do? Let's get a quick answer from you. Are you using your computer for banking or business? If someone gets your information, will they have anything worth the trouble? If the answer is yes, you should go ahead and purchase an anti-spy-ware program that is constantly updated--just like the anti-virus software. If the answer is no, you should use the free version of AdAware by LavaSoft and just remember to "manually" update your "DAT" files every week or two. Click here to get to the LavaSoft site and download either the professional or the "personal", i.e., free, version of AdAware. Note that if you're using the system for business, you MUST purchase the "Professional" version, since the free version is only for home-PC usage. (Don't worry about other products here, unless you just want them.)
And there's still one more thing to do! Lots of websites will load you down with cookies. Now some cookies are useful and good--they can keep you from having to enter ID/password each time you sign onto a site, for example, because they can store your ID/password in a file (cookie) on your computer and then grab it when the page reloads--good! BUT, they can also store other information--any information--and grab it for other purposes. Tracking is the most common mal-use and this is pretty much benign except that it ties up a little space on your drive. On the other hand, it can store your SS#, your DL#, your Birthdate, etc., and send that back to someone, somewhere, at a later time or as you use a certain website. Consequently, you don't want to allow just everyone to store cookies on your machine--you need to burn those cookies! Our favorite for this is aptly named, "Burnt Cookies" and you can download it and use it for free is you're a home user. What a deal! Well, not quite. They will bug you to death until you finally give in and pay them $5 to register the software--may as well do it up front and be done with the hassle. The program will often ask you if you want to "burn" a cookie and most often you'll want to do just that. Be careful, however, because you don't want to burn your bank's cookies or others that you trust. Once you get used to it, you'll enjoy burning those unwanted cookies off your hard drive so that your system runs faster, is more secure, and keeps your information safe. Yeah! There's just something satisfying about burning those cookies!
Now, you're ready to roll--almost. Our final recommendation is that you to to www.Microsoft.com and search for the Baseline Security Analyzer. Download it, install it, run it. Look at what it says. OK, a little common sense may be needed. It may say you don't have a firewall because you're not using the Microsoft firewall, but you're smarter than it is. Right? It may show you some other things you want to consider, and that's what it is for...think of it as a guide, not the Bible. Once you've covered its report, you'll be in great shape. Enjoy your computer in a new way--securely!
Back to top of page
Edit the "Open with" Menu
Right click a file Windows Explorer, and you can select "Open with" from the right context menu. While most file types are set to automatically open with a certain program, sometimes you want to open them with a different program. A good example is when you are working with pictures and graphics files. You may prefer to do general editing in one program, but sizing or certain editing jobs in a different program. The "open with" optionallows you to choose a program to use to open the file, instead of the default program that's associated with that file type.
As we said, there will usually be a list of programs that can open your file type. But, if the program you want to use doesn't appear in the list, you can select "Choose Program" and browse for the application you want to use. That program will appear in the list in the future when you select Open with for that type of file and you can, in fact, declare it to be the default program by clicking the "Always use this..." check box.
But what if there are programs in the list that you never want to use to open that file type? For example, maybe you once clicked on Microsoft Word to open .jpg files so now it appears in the list, but you want to remove it from the list? To do so you must edit the registry.
If you don't know what the registry is, or how to edit it, you probably want to seek help since you can really murder your computer while doing this. Even if you are a pro, before you edit the registry, back it up.
To remove the file from the list, follow these steps:
- navigate to the following registry key:HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
- Expand the key, scroll down to the file extension type (for example, .jpg) and expand it.
- Click the folder labeled OpenWithList.
- In the right pane, you'll see a list (in the Data column) of programs that appear in the "open-with" list. To remove one, right click its name in the Name column and click Delete. (If you want it back in the list later, just use the Choose Program option in the context menu and this will add it back to the list.)
Back to top of page
How To Include Your Contact Data With An EmailYou can attach an Outlook contacts business-card to an email by following the steps below. The recipient can then easily add the vCard in their own Outlook Contacts list.
To include a vCard with your e-mail signature:
In Outlook:
1. On the Tools menu, click Options, and then click the Mail Format tab.
2. Under Signature, click Signatures, and then click New.
3. Select the options you want, and then click Next.
4. Under vCard options, select a vCard from the list or click New vCard from Contact.
Back to top of page
Problems with Bulk Emailing?Are you trying to send a newsletter or other information to over 100 people at a time--not spam, legitimate email--and it just doesn't go through? The problem is probably not your email client (Outlook, Outlook Express, Eudora, etc.) The problem is likely that your Internet Service Provider (ISP) has decided to stop spammers from using their email server(s) to send their spam. They have put a setting in that allows you to send only a small number of emails in a given time frame--say 100/hour as a good guess.
So how do you know? The only way is to call your ISP and ask, "Do you prevent me from sending large numbers of email at a time?" If the first person you talk to sounds confused by the question, don't be afraid to ask for "2nd-tier support" help. Many ISP's will offer to sell you an "unlimited" email capability for a small extra amount each month--about $10.00 is reasonable. However, once you sign on for such an offering, you will most likely find that it uses something like MajorDomo, a mass-mailing-list manager running on the ISP's mail server, to do what you want. The problem here is that you'll be asked to maintain your email list on the remote server--usually nothing but the email addresses are kept there. At this point, you'll quickly say, "This isn't worth the time and trouble...I'll do it the way I've been doing it and send emails piece-meal." If you're at this point, check out our DomoHit software as a quick, inexpensive way to get around this final problem. Just Click Here to see more information about DomoHit. One last thing! Be sure to watch your bandwidth and email usage on the ISP's server regularly because if you exceed your limits, most ISP's will really charge you for the overages.
Back to top of page
Air Travel With Your Computer(s)Through a long chain of events, a friend asked how to pack 2 computers to travel through the airports back home. Her plan was to strap the laptops, in a computer bag, to the top of her rolling carry-on luggage. That's when I realized that many people have probably never had the joy of traveling with a computer through the airports and didn't know how to go about it. So, here's the advice I gave her.
First, realize that you probably have about 15 pounds of computers there--doesn't sound like much, but what you describe will be top heavy, wearing you out, and if it is on top, it will want to tump over constantly, trust me.
Second, the most stolen item in the airports are those little bags that scream "I'm a computer, steal me and make money quick!"
So...never put the computers in a computer bag and NEVER put them up on top of your load unless they're the lightest thing you're carrying, in which case, God help you. Put them (or whatever you have that is heaviest) in the bottom of the rolling carry on with a low center of gravity. You know, the one where they expect you to carry your socks, etc. Pad them well on the bottom and back of the case where the rolling will produce the most vibration. Put something, a couple of tee shirts, or whatever, between them so they aren't rubbing each other the entire time. You'll have to get them out and boot them at the airport, so keep that in mind as you put it together.
Whatever you put in on top of them has to be kept where they can see it easily, too. So there's your challenge. Keep it where it won't just all slide down into the computers' space when you pull them out to boot them, or so that if it does, you can push it back quickly and move on.
Put all liquids in the separate bag if you have any so that if they leak, get broken, or whatever, they aren't doing it on the computers. (Electronics and water don't mix.)
Pack EVERYTHING you can in the non-carry-on--mouse, keyboard, whatever. Take only the computers and, if they use the same power cord, 1 power cord. (Weight! Space! Tangle!) They seem to go through x-ray ok. (But, I'll mention this just in case, floppies don't. You probably don't have any, but if you do, keep them in your pocket and let them go through in the little basket thingy with your keys. I've even seen people use a little chain and fasten their keys to a floppy just for this purpose.) Surprisingly, even the memory cards from digital cameras seem to withstand the x-ray machines, which really surprised me.
In summary, Remember,
- weight goes low, not high!
- It has to come out and go back together fast and easy.
- You don't want to advertise what you have.
- No liquids with the electronics.
Back to top of page
Access® vs SQL Server®When is it appropriate to use Access® and when is it not? This is a question that many business owners don't even bother to ask. Why? Because they have already invested in a package, usually Microsoft Office Professional® which included Access and therefore, it looks far less expensive to use Access. Rumor has it that copper wire was first invented when two of these guys got into an argument over a penny!
What these guys do not know or understand is that Access, which is a great little desktop solution for many problems, is definitely NOT appropriate for shared solutions. The greater the number of users you need to let access the data, the farther from Access's purpose you get and more trouble you will get into as a result. In general, two, maybe three good friends, working in ear-shot of each other can use an Access table shared over a peer-to-peer network and get by with it once they discover that they really can't share the data with each other. But what happens if four or more people are trying to use the table? And, to make it more interesting, what if they are not always within ear-shot? In general, Access® will fail under these circumstances because you have exceeded what it is designed for.
Access®, which we can only praise as a desktop solution for one person to use, is definitely NOT designed to have multiple users accessing and changing the same data at the same time. To be more technical about it, Access® lacks any form of row or table locking and sharing facility…it was never designed for multiple users, remember? What that means is that there is no facility to let, say three users work in the data at the same time-the first one in gets the file and that's that. Further, if you finagle around so that you can share the file, whenever two people have the same record, you have an error situation in the making-in the trade it is called, "Last one in wins." Meaning that whatever the changes made by the first of the two users to change the record will be lost when the second one finishes his/her work: the last one in wins.
So, what happens when the whole thing is done using Access® and then multiple users need concurrent access? Errors creep in…sometimes these are minor; sometimes they cost a company lots of money; sometimes this happens before they even discover that the errors are happening, let alone why they are happening. So maybe stretching that penny wasn't such a good idea after all. What should our penny-pincher have done? How about a reasonable assessment of the data base's usage before jumping on the "we already have Access® so it's free" bandwagon. Let's face it, "there are no free lunches."
If your application is going to grow, and if it is going to need multiple-user access, it will prove less expensive in the long run to go ahead and use SQL Server than to pinch those pennies up front (and yes, we know about the time value of money.) This will usually require the help of a software developer (like IHS) and will take some time and, yes, money to develop. But once it is done, it will run faster, incorporate your business model and needs, and be extensible when it needs to grow. It will be secure, data backup will be addressed and taken care of, and you won't have a time when you have to stop using your software for fear it will cost your company a lot of money to correct subsequent errors-that's while you're getting a software developer to come in and fix it on SQL Server like you should have in the first place.
You should also know that if you already have an Access® setup that is almost getting the job done, but not quite, a software developer can build a custom solution using your existing database to finish the job. This often occurs because while Access® is a great package, it is a general-purpose package. It will do 90% of what you need, but sometimes it just won't do 100%, even on the desktop application it was designed for. That is when you need a little custom programming to finish the job.
Access, Office, and SQL Server are registered trademarks of the Microsoft Corporation
Back to top of page