W2Knews, an online newsletter, asked its readers to participate in a new
survey to gauge the impact spyware has had in 2004 compared to 2003. Spyware
has exploded in 2004. Of the respondents, 58% said it has increased
more than 100% and 23% said it increased 50% over 2003. Respondents
stated that spyware has become a worse problem than viruses.
When asked about the level of severity of spyware infections, 41.3% stated
that it was happening more and more, 33% complained it had become a major
problem and 16.7% said they were very concerned about this and needed
solutions right away.
The responses show that on average 48% of system administrators spend more
than 20 minutes per system removing unwanted spyware, 18% say it takes 15-20
minutes per system, and 16.2% of system admin say it takes 10-15 minutes.
Over three quarters of admins reported that up to 20% of the machines that
are infected need a total rebuild to get rid of persistent malware.
Attempts are made to educate end-users but re-infections of affected systems
occur in a few weeks to a month. The problem with free solutions is that there
is no central management or central updates of threat definition databases,
no reporting, and no real-time protection. System administrators
complain that spyware has become very time consuming and that especially
personal computers used by telecommuters, and laptop devices used by
traveling employees get infected and re-infected with a very high frequency.
Food for thought.
Joe Tartaglia / High Caliber Solutions
If there are any topics you would like to see discussed in the future or
if you have any comments, please contact me at
JoeT@HighCaliber.com
Tape is still the most frequently used backup medium for business
data because of its cost-effectiveness, despite the increasing
popularity of recordable CDs and DVDs. However, just like any
technology, tape drives, backup tapes and tape backup software can fail.
There are ways to minimize the chances of a tape backup's failing in the
first place. Here are a few tips:
Verify your backups. Most backup software will automatically do a quick
"read-after-write" verification and will offer optional full verification.
The latter is both more thorough and more time-consuming, roughly doubling
the backup time. If your files are crucial, it makes sense to do a full
verification regularly.
Do test restores. Periodically test the backup tapes and restore
procedures. You can, for instance, restore the data on them to a different
server or to a different partition or folder on the same server where the
original information is stored.
Store several backup tapes off site. This will ensure your files are preserved
if your site experiences a fire, flood or other disaster. More than one tape
should be removed from the premises to protect against the possibility that
one of the tapes may be bad.
Store tapes properly. With backup tapes on site, keep them stored in a
stable environment, without extreme temperatures, humidity or electromagnetism.
Rotate tapes. Instead of using the same tape time after time, rotate through
multiple tapes.
Replace tapes periodically. Backup tapes are typically rated to be used from
5,000 to 500,000 times, depending on the type of tape. Tape backup software
typically will keep track of how often the tapes are written to.
Maintain your equipment. Clean your tape backup drive periodically,
following directions in its manual regarding frequency. Consider having an
authorized maintenance person from the manufacturer of the tape backup drive
or from a third-party repair firm check the alignment of the drive every 12
to 18 months.
Your back up drive/media/software will fail at some point.
Proper maintenance and testing of your tape backup system will mean when threats
outside your control jeopardize your data, you can turn to your back ups with
confidence and get your business running again smoothly.
Many people think that if they update their antivirus definitions frequently,
their antivirus software will protect them. This is NOT true!
Unless your computer is only a few months old, your antivirus software
is very likely outdated and may not be able to detect the newest,
viruses. Antivirus software actually has two completely, distinct parts:
A computer program that scans your computer for viruses.
Antivirus definitions or "signatures" that tell that program what to look for.
Updating your antivirus definitions--which you should do frequently--
is NOT the same thing as updating your antivirus program.
It is important that you have installed the latest version of your
antivirus software. If you don't have BOTH the latest antivirus
definitions AND the latest antivirus program, your computer may not
be fully protected.
CIO Magazine recently did a survey together with PriceWaterhouse that involved
8,100 respondents from 62 countries. They tabulated the data and distilled out
the successful actions that made some organizations more secure than others.
Here are a few of the most important points:
Spend 14% of your IT budget on security
Conduct very regular penetration tests/security audits
Prioritize and classify threats and vulnerabilities
Define your overall security architecture
Establish a quarterly review process, with metrics to measure your security's effectiveness.
Zvetco Biometrics recently unveiled the Verifi P3400 USB fingerprint
reader, which enables users to secure notebook and desktop PCs without
user names and passwords.
The P3400 performs a biometric fingerprint scan when a user places his
or her finger on the sensor pad. The device can be used to prevent
unauthorized access to Windows, Web sites, and designated data files.
The P3400 not only prevents data theft resulting from unauthorized access,
but also reduces the cost of managing corporate password systems, Zvetco
Biometrics claimed.
The P3400 features an aluminum casing and weighs 2.1 ounces. It comes with a
six-foot USB cable that also provides power. A fingerprint scan takes less
than one second to complete, a company representative said.
Zvetco Biometrics also manufactures a fingerprint reader-equipped USB
keyboard, the $159 Verifi K4000.
The Verifi P3400 is compatible with most Windows-based biometric software
and runs under Windows 98, Me, 2000, and XP. It is sold at retail for $99
under the name VP3400 One-Touch.
Email messages traveling across the Internet move from mail server to
mail server, eventually arriving at their destinations. With each "hop," the
server examines the message header for routing information to determine how
it should process the mail.
Unfortunately, with each hop, the potential exists for the interception of
the email's contents. Another problem with email systems is the potential
for "spoofing," or falsely imitating another valid email server, again
allowing email interception. Other interception techniques exist as well,
earning standard email its reputation as one of businesses' least secure
mission-critical applications.
Most industries use email for numerous business purposes. Studies estimate
as much as 25 to 35 percent of emails contain sensitive information.
With costs and competition driving organizations toward greater
reliance on e-business applications, this percentage will only increase.
Fortunately, advances in Internet technology and products from several
vendors have provided a number of viable solutions to the dilemma. Among the
early offerings was the development of the S/MIME protocol, which uses a
digital certificate to encrypt emails from location to location.
Another common solution is to drop the mail protocols altogether and move to
the Web, relying on Secure Sockets Layer (SSL) technology within Web
browsers to view and protect messages. Other early solutions focused on
existing file or document key encryption technologies such as Pretty Good
Privacy (PGP) or other public key infrastructure (PKI) techniques.
More recent vendor offerings include fully integrated and seamless solutions
that can act as mail relays to encrypt and decrypt message traffic. The most
robust solutions offer multitiered approaches, allowing for the flexibility
of encrypting messages from desktop to desktop, server to server, server to
the Web, or a combination.
Forward-thinking organizations will recognize the tremendous potential
that secure email can provide and begin to truly leverage it in e-business
applications. Success requires careful selection and implementation of a
robust and scalable infrastructure, as well as organizational adoption.