In a recent investigative news story on the local TV station KPIX, a major threat to company confidentiality and a potential risk of identity theft was uncovered.  The full story can be found here and for your safety HP’s Imaging and Printing Security Best Practices document can be also be downloaded.  Other areas of concerns include cellular/smart phones, PDA’s, an old computer hard drive - to ensure proper disposal of any device that contains any confidential and or personal information contact us for assistance.

One of the biggest problems with Windows Vista was Microsoft changed too much “stuff” all at the same time. These changes needed to be made but Vista was too dramatic and should have not been made all at once. The foundation should have been put into place but we should have had better controls and management tools to ease the transition. Many say: Vista broke new ground, but I think Windows Vista broke many of the legacy things we do on a regular basis.

So the question is: Does Windows 7 suffer from the Vista Legacy?

With Windows Vista the hardware vendors were worried they were going to have excess inventory of systems with Windows XP class hardware since sales stopped dead when Windows Vista was announced. As a result a Vista Capable designation of hardware was created to continue to sell Windows XP machines until Windows Vista was released with the idea they would be able to upgrade. Unfortunately these machines really had no business running Windows Vista as they were terribly under powered for the task of running Windows Vista. Windows 7 will not suffer from the poor hardware fate: Several years have passed and we have hardware vendors have learned from their mistakes and the OS / hardware combination is more capable. Plus Windows 7 has been tuned for better performance with older hardware and software.

Windows Vista also introduced a completely new security model. As a side effect; many poorly written applications did not function properly and those same application vendor’s only solution was to disable the new security features, thus making the systems less secure than before. Microsoft with Windows 7 has made improvements to the security model so it should be less intrusive in addition more compatible. Also the application vendors have learned how to work with the new security model in addition to the fact many of these applications have been updated with newer versions. As a result, most software is now compatible with the new security model. We will all be safer as a result.

Windows Vista looked radically different than Windows XP. Windows Vista introduced a completely redefined user interface with “enhancements” that made the transition more difficult than it should have been (also compounding the problem was many new computers also were installed with Office 2007 that looked / operated differently). Windows 7 shares much of the new interface enhancements of Windows Vista but make the transition from Windows XP much easier with several XP like behaviors. Windows XP and Windows Vista users will have an easy time navigating the Window’s 7 user interface and the learning curve will be rather short.

So I ask, will Windows 7 suffer from the Vista Legacy. I would have to say NO, Microsoft and many of the application vendors have learned their lesson and have done amazing things to ensure Windows 7 will not suffer from the Vista Legacy. I believe Windows 7 is not trying to break new ground, just continue with the refinements that have been made while not forgetting the legacy things we all do. So maybe Windows 7 is ground breaking in that respect.

I am often asked: What is the most challenging threat I face on a daily basis? I would have to say that it is educating people on the various methods of social engineering and the impact they can have on your life. I think this comes from the fact people just want to believe in other people and do not want see the potential of something bad. These “Phishing” scams have only one purpose; they are used it to get your information and then use the information to their advantage (and your disadvantage).

Why is this so difficult? Because it is an ever changing target as the people who run these scams change their tactics on a daily basis. So it is best to learn the tactics they use so you will be able to better recognize them and avoid becoming a victim.

We can protect the computers and the network with all of the wiz bang techniques but it all fails if you say yes to one phishing email.

The following facts were taken from the SonicWALL Phishing and Spam IQ site, please take the quiz and don’t forget to let me know how you did. Take the quiz at SonicWALL Phishing and Spam IQ web site.

Phishing Facts

• $886 – The average dollar loss per Phishing Victim (Gartner, Dec 17, 2007)
  
• $3.6 Billion – The total dollar loss of all phishing victims over a 1 year period (Gartner, Dec 17, 2007)
• 3.2 Million – The number of people who fell victims to phishing scams over that same 1 year period (Gartner, Dec 17, 2007)
• 8.5 Billion – The estimated number of phishing emails sent world-wide each month (SonicWALL, 2008)
• 32,414 – The number of phishing web sites that were operational in May 2008 (Anti-Phishing Working Group)

Phishing IQ Facts

• 1,012,000 - The number of people who have taken the Phishing IQ Test worldwide
• 7.4% - The percentage of test takers who get 100% by answering all 10 questions correctly
  
• 86% - The percentage of phishing e-mails that are identifies as “phish” by the test takers
• 57% - The percentage of legitimate e-mails that are identified as “legitimate” by the test takers

How do you protect yourself from phishing attacks? By educating yourself on the phishing warning signs and then deleting the email you suspect of phishing.

In my opinion Microsoft Windows 7 will be successful for the following reasons.

• Hardware refresh, the time is right to buy a new PC. Most companies did a big technology refresh starting around the year 2000 time period with those computers lasting 4 to 5 years, The next technology refresh took place in the around 2005 with those computers needing to be refreshed within the next year. The current economy may have an impact on the timing of this but we all know it is due NOW. The price of hardware is as cheap as it is going to get
• Security – It is more secure, really it IS… Microsoft has done a very good job of minimizing the attack surface of Windows 7 by continuing the work that was started in Windows Vista. Many of the 3^rd party vendors have cleaned up their code and it now is operating in a more secure fashion. We will only benefit from this.
• Installation/tight server integration – A fast install process (with clean install taking around 30 minutes to complete). Very tight integration with Windows Server 2008 and Windows Server 2008 R2 will lead better performance when paired together.
• Performance is much improved over Windows XP and Windows Vista:
  • Faster startup and shutdown times, Applications load faster, consume less memory
  • Demonstrated performance leadership over other OS’s, many 3^rd party media outlets have verified Microsoft’s claims of better performance.
  • coping files, finding information
• Better Administration tools – This will lead to reduced administration costs over time:
  • Powershell integration – Powershell is a scripting language used by administrators to perform tasks on Windows 7 and applications. Many of the tasks we as administrators do on your systems can now be automated, thus reducing your costs.
  • Group Policy control over the OS is much improved. A group policy is a tool to set/control how Windows 7 behaves. Why is this important? It will help establish a common environment ensuring items are uniformly setup, installed and secure. Group policies reduce costs through reduced training and uniform system setup.
• Windows XP has reached End of Life and we have entered into the period of it’s product life cycle called “Extended Support”. During this phase only “Security fixes” will be created and no further development on the core product will be performed. Over time many software applications will cease to support XP as it becomes less popular.
• The User Access Control (UAC) less annoying than it was in Vista – Why is this important? Because in Windows Vista most people turned the UAC off due to the fact it was too sensitive and many poorly written applications did not function properly with it ON. This created a situation where a useful security tool was turned off and many the potential local and internet threat were not identified. Somehow this became the fault of Microsoft and the various application vendors who wrote poor code never got blamed for the great misdeed they caused.
• Better Power Management - Windows 7 will automatically slow down resources and even power them off when they are not in use to conserve power. In my testing I have seen increased battery life of around 20% on several of my laptop computers. Over time this will lead to a lower the Total Cost of Ownership (central control is available, yes through Group Policy).
• Hardware Support for older hardware is very good. Many older systems perform very well with Windows 7. Software and hardware driver support has been wonderful through the beta process and now Windows 7 has been released it should only get better.
• Office 2010 with Windows 7 is a winning combination – More on this in the future blog posts.

This topic was originally presented by myself to the September 2009 meeting of BASBITS, Where I am founding member of a consultants group that supports Small Business technology specialists within the Bay Area. The topic was very well received.

A presidential advisory group made up of leading scientists has warned of possible absentee rates of 30% to 50% for an unknown duration. What should you be doing to protect your business? Evaluate your Business continuity and contingency plans to discover the impact of the possibility of mass absenteeism. A few basic guidelines should help you customize your exiting business continuity plan for this kind of disaster, in which absenteeism and an uncertainty of duration are the primary factors. Experts at the Disaster Recovery Institute International suggest the following:

Staff absenteeism could be as high as 40%:

Absenteeism is the issue to focus on for H1N1 flu and as such should be planning for workarounds in case of 40% workforce absenteeism, You need to focus on both organizing staff and enabling remote access for the greatest number of employees, who will need to stay home if their children get sick or there is an outbreak at the office. Identify and cross-train your staff. Designate which personnel/roles are critical to operations of the company; these staff members should be placed on the list to receive preventive and reactive medicines in case of an outbreak.

Staff may be uncertain what the rules and plans are in place durring the H1N1 outbreak:

Communicate the plan/policy regarding what to do if you or a household member gets sick and specifics about where to find updated information. Most companies will want to encourage people who are sick or have been exposed to the H1N1 virus to stay home.

Identify how suppliers will be affected to determine the impact on your organization:

Set up your communication strategy with suppliers now to keep apprised of the impact of the pandemic on their organization. Find out now how your organization’s service levels would be affected by absenteeism at your suppliers.

Steps you can take to aid in the preparation of your business for the H1N1 Flu:

• Test your remote access procedures, document and train employees on how to use remote access. Absenteeism doesn’t necessarily translate to non-working personnel in most cases. Employees need to access corporate systems remotely, and the remote access systems need to be prepared to handle an increased volume of users for users to be productive.
• Work with telecom providers to make sure their organizations have enough bandwidth in place and stipulate that service levels be maintained during a potential H1N1 outbreak.
• Assist with identifying opportunities for the cross training of staff.

With a little planning up front, you can minimize the impact the H1N1 flu will have on your organization. Remember, it will be too late to start planning once the flu hits your organization (at that point all you can do is react to it). Start planning today.