Google Makes NEW Waves in the Mobile Arena

Google is set to unveil it’s first 100% Google developed and executed mobile phone in Tuesday. Named Nexus One, if successful it will give the search giant a major stronghold in the cell phone market. With the popularity of its apps like Google Maps and the public embrace of the Android operating system, there is no reason to think Google will not hit a home run with this next adventure.

“The tea leaves and crystal balls are all pointing to the same thing: The future is in mobile devices,” said Ramon Lamas, mobile device analyst at IDC. “With its own phone, Google can control the hardware, the software and can put together its own mobile roadmap from there.” The company is expected to unveil its smartphone plans at a scheduled “Android press gathering” at its headquarters in Mountain View, Calif. at 1 p.m. ET. The Nexus One smartphone will be wider but slimmer than Apple’s (AAPL, Fortune 500) iPhone and faster than Motorola’s (MOT, Fortune 500) Droid, according to a review by tech blog Engadget. The new smartphone was built by mobile device maker HTC, but the specifications were all ordered by Google. It will run Google’s Android 2.1 software on a lightning-fast processor.

The Nexus One will be available on T-Mobile and directly for purchase from Google.

Rogueware attack holds your PC hostage

There are so many malware/trojan attacks running amok on the Internet, it’s getting difficult to keep track. Beyond the daily fake anti-viruses invading machines by the hour, there is now one that will hold all of your programs hostage until you buck up $79.99.

Researchers discovered a Trojan attack that basically freezes a user’s system unless he purchases the rogueware, which goes for about $79.99. The Adware/TotalSecurity2009 rogueware attack doesn’t just send fake popup security warnings — it takes over the machine and renders all of its applications useless, except for Internet Explorer, which it uses to receive payment from the victim for the fake antivirus. “The system is completely crippled,” says Sean-Paul Correll, threat researcher and security evangelist for PandaLabs, which found the new attack. Correll says when the rogueware detects any application on the machine starting to execute, it then shuts down the application. “This happens for every file you try to open except IE. The only reason IE works is because that’s what’s used to allow victims to pay the cybercriminals,” he says.

While the attack is not really new, the veracity with which these guys are going after you is. Completely disabling programs raises the bar that victims are going to pay the fee rather than risk losing data.There have been ransoms demanded before-usually from large corporations that have money worth getting. Stooping to this level and holding the everyday consumer to the fire is an all new low. As always, if you find yourself infected with this or any other infection-don’t pay the bad guys-contact us! We can help.

Small Business IT Woes

According to the results of an ongoing study, small business is struggling to meet best practices and, in some cases, even government regulations in IT. Citing the slowing economy and too small or non-existent IT manpower as the reason, a quarter of respondents get a failing grade and more than one-third get a “C”.

“The results to date indicate that many small businesses are falling behind when it comes to implementing accepted best practices for IT operations and management,” according to Steven Kahan of The Planet, one of a consortium of sponsors behind ITEI.
The results so far are especially disturbing, according to Kahan, since more than two-thirds of the small businesses responding to the survey indicated that IT and Web commerce are the foundations that enable their business success. “The IT Effectiveness Index is telling us that in nearly two-thirds of businesses with 100 employees or less, IT operations are failing to fully support or keep pace with small business needs,” he emphasized.

Areas of downtime, security, disaster recovery, and regulatory compliance top the list of concerns. When coupled with the fact that 2/3′s of business also stated IT and Web capabilities are critical to their success, it paints a grim picture. With these concerns and shrinking budgets, SMB’s are clearly feeling vulnerable to impending doom.

The bottom line is Small Businesses are find themselves sacrificing IT because they feel they cannot afford to keep pace. However, the truth is business can’t afford to not spend this money. If you are not practicing good security, you risk data breech and lawsuit. If you are not practicing good disaster recovery, you risk losing all of your records for past years. If you are not practicing good hardware and network maintenance, you are losing money in the form of employee downtime and an inability to do your business. In short, if you are not practicing good IT, you are spending money on IT; you’re just spending twice as much.

Having a trusted partner in IT is always money well spent. Haphazard security and do-it-yourself networks, with poor best-practices just cost you in the end. Take the survey, then find a partner you can trust to take care of your IT needs.

Google’s New OS

Recently Google announced they are working on a new, custom version of the Ubuntu operating system to compete in the netbook arena–the low-cost, low-powered, small form factor laptops rapidly gaining market share. Google developing an operating system for this market is probably a great idea. The Android OS for phones has been very popular; netbooks are a step up from a smart phone and a step down from a full size laptop, so it seems like a natural and smart move.

The Ubuntu flavor of Linux has already soared in popularity, so Google basing their OS off it is an excellent choice. It is likely going to be fast and light-weight. Their aim is to move most functions such as email, documents, calendering, music….pretty much everything to the web. This OS will integrate “cloud computing” like no other up to this point.

Speed, simplicity and security are the key aspects of Google Chrome OS. We’re designing the OS to be fast and lightweight, to start up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. It should just work.

These are very noble goals and will be excellent if properly implemented, especially in the netbook form factor. One thing that gives us pause though is the inference it will be immune to viruses, malware and security breeches. While it should be very stable and I will be the first to admit Linux generally provides a very secure and resistant environment, I feel it is misleading to infer users won’t have any issues to deal with. If this OS is going to interact in anyway with any other program that users want to use, there is the possibility of infection and security issues. Flash, Java, for heavens sake even Adobe Acrobat have had their fair share of patches and security issues over time. As Roger Grimes over at InfoWorld points out:

Further, even if Google somehow manages to crank out a perfectly secure OS, it will still need to rely upon other organizations’ software to work. That, in turn, will almost certainly create chinks in the OS’s armor. For example, almost every Internet product relies on DNS, which has proved extremely hackable. Hack that, and you hack everything that relies on it, including otherwise secure browsers and OSes.

Beyond relying on DNS, how will the Google OS and browser render documents and content such as PDFs, Macromedia Flash files, iTunes music, and all other code and content that makes up the rich Internet experience? Google developers will have a hard time delivering all that functionality themselves. They would have to perfectly code every (or at least the most popular) content-type rendering engines. More than likely, Google will allow other vendors’ products to interact with their products, and that brings up dozens of security issues in a given month.

I’m even ignoring for the moment the reports that the Google OS will be a Linux variant. Linux itself has many kernel bugs a year. Google Chrome, the browser, relies upon other components (such as Web Toolkit) with have their own vulnerabilities.

It is important that folks talking about the new Google OS keep in mind that no OS operates in a vacuum. There will likely be some vulnerabilities found and exploited once it is actually released to the public.

With the initial release going to the netbook market and because so much of this OS’es functionally it will be web based, I have great confidence it will be very popular for use in this way. It seems like a great gap in the market to address. Personally, having more functionality than my BlackBerry while also being lighter, quicker and offering simple functionality for everyday tasks is highly appealing. I have been a big fan of the netbooks since they entered the market a couple of years ago-the way I see it, this has the potential to just be one more thing to love.

The Little Bugs that Bug Us

Clients often ask what the difference is between Malware, Spyware, Trojans and viruses. Or they don’t ask this question; many people do not realize they are distinctly different types of rogue programming. In the heat of an infection, the “what” is often secondary to the “how” and the “can it be saved” panic which often ensues once an infection is discovered. Later though, often folks want an explanation; they want to know where it came from, how to protect from future infections and what they were infected with. Those questions and answers are definitely part of your prevention strategy. Most iterations of bad stuff will fall under the category of MalWare. MalWare is any MALicious SoftWARE. So technically, any Virus, Trojan, Worm, or other rogue software is MalWAre. It is a general and broad category which encompasses the several incantations. Most people use the MalWare term to describe what is actually AdWare or “NagWare”. This software has the primary purpose of delivering advertising content in a manner or context that is usually unwanted and unexpected by the computer user. Basically, AdWare nags you to buy a product or service that is not only ineffective, but usually costly. In rare instances, Adware collects credit card information, and then feeds it to an underground network. These networks in turn attempt to resell the information for fraud purposes. This scenario is not as common right now, but it is the next logical step. Mostly, makers are “just” ripping you off at this time, selling you “anti-virus” which is actually nothing of the sort. Another often seen MalWare is SpyWare. SpyWare alone does just as the name suggests. It spies on you, tracking your moves and keystrokes, without your notice or consent. Sometimes SpyWare also transmits that information back to an underground network for sale or use. These programs are often very difficult to remove as they run in the background. Normally, they aren’t obvious and only a trained eye or experienced technician will spot SpyWare when it runs alone. A Trojan Horse is malicious software which tricks a user into installing it on their machine. Many Trojans are downloaded or emailed, presented as one type of program (such as a free music player) which may or may not install, along with a rogue program. Trojans are well known information stealer’s; most often keystroke loggers are installed this way. Viruses and Worms are similar in that they are both viruses, they both replicate themselves and infect the user. The difference is a virus needs a host program to replicate and propagate, a worm does not. Worms have the ability to replicate by themselves. Virus and Worms cause a variety of problems, but usually they are not recorders or information stealer’s. Virus and Worms are often used to cause destruction of some kind and wreak havoc on users’ computers. You must protect yourself against these threats. It is imperative to use an anti-virus. You must also be a vigilant user, don’t click every window that pops up while using the Internet, don’t open attachments from anyone unless you are expecting it and don’t visit disreputable sites on the Internet. With good software, (kept up to date) smart use and a trusted advisor for you and your network, your computers will have a long and healthy life.

Security Maxims

Some funny, some not……all true My favorite:

Big Heads Maxim: The farther up the chain of command a (non-security)manager can be found, the more likely he or she thinks that (1) they understand security and (2) security is easy.

Security is important and can be done reasonably in most circumstances. Unfortunately, those with the most decision making power concerning security often (not always) have the least understanding of it.

The Importance of a Good Backup Strategy

One of the lowest rungs in many SMB’s IT budget is a proper and reliable data protection strategy. In a recent poll of small, medium and large business, almost half (49%) of small business reported they do not have a daily backup strategy. This poll was conducted throughout Hong Kong, Singapore and Australia, but here in America the numbers are most certainly the same, if not higher.

This is despite the fact that nearly half of all participants had experienced data loss in their workplace in the past two years, and 36 per cent felt that data loss could have a significant impact on their business.

The excuses as to why a business doesn’t have a back system in place are as numerous as the businesses themselves. “We’ve never had a problem.” “We have a system, but we always forget to change the tapes/discs around.” We can’t afford to put in a system for backing up.” In today’s data driven business climate, it amazes me people fall back on these excuses. Think about every program you use each day. Think about all of the irreplaceable documents, emails, accounting and databases (just to name a few) that you and your staff use. If you don’t have a good backup system in place, a Disaster Recovery Plan, and regular testing of both, all of your data is a risk, and in the event of a catastrophic failure, it is gone forever. Viruses, malware, rogue or uneducated employees and hardware failure are some of the most common causes for valuable data to be unusable or inaccessible. Even completely innocuous things like OS deterioration and program corruption can cause issues with data consistency. Unfortunately, there is often no sign that something is about to go wrong. One minute everything is fine and the next-it’s not. Backup systems don’t have to be expensive. For a few hundred dollars and the cost of a full test every quarter you can feel secure about your ability to recover from catastrophic failures. Your data is one of the most important pieces of your business. Audits, adherance to the laws, record keeping and basic peace of mind are all good reasons to protect your data.

10 essential e-mail security measures

An excellent article on a few “best practice” techniques for email. Of course running an anti-virus and not opening unexpected attachments, no matter who they’re from, are definitely first and foremost in your arsenal of staying safe, but here are a few more tips for you:

#1: Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML – or “Original HTML,” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead. #2: If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail. This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail for e-mail you want to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services, such as Hushmail, can often be less than diligent in providing security to their users’ e-mail. #3: Ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not. The reason for this is simple: You do not want some malicious security cracker listening in on your authentication session with the mail server. Someone who does this can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers). Check with your ISP’s policies to determine whether authentication is encrypted and even how it is encrypted (so you might be able to determine how trivial it is to crack the encryption scheme used). #4: Digitally sign your e-mails. As long as you observe good security practices with e-mail in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of e-mail-but it is still a possibility. But if you use an encryption tool, such as PGP or GnuPG, to digitally sign your e-mails, recipients who have your public key will be able to determine that nobody could have sent the e-mail in question without having access to your private key-and you should definitely have a private key that is well protected. #5: Avoid unsecured networks. If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances. Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust. Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails – and that, in turn, can lead to affecting both you and others adversely as well.

Click HERE to read the rest of the article and 5 more good email security tips.

Thin Clients: A Desktop Alternative

A little background, in case you have no idea what a thin client is. Wikipedia defines a thin client as a computer or client software in client-server architecture networks which depends primarily on the central server for processing activities, and mainly focuses on conveying input and output between the user and the remote server. What?!? In laymen’s terms this translates to a very small, very quiet piece of hardware about the size of a traditional text book that gives you a desktop view of a server sitting locked in a closet far, far away. All main processing takes place on the central server, the thin client simply gives you a view of it. Thin clients or dumb terminals as they have also been known, were more popular in the late 80′s and early 90′s when desktops were not practical. For a while they fell out of favor as PC’s became cheaper; however they are now making a bit of a comeback. Two influencing factors of the resurgence in popularity are reduced upfront purchase costs and reduced on-going maintenance costs. A typical PC appropriate for use in the Domain environment of an office will run about $500. The cost for a thin client in this situation: around $300. If you have several PC’s to replace or purchase this can amount to substantial cost savings. In addition, with the PC you will probably end up replacing a component or two over the life-time due to heat, wear and tear or power surge. This is not at all uncommon, and not only is there the cost to make the repair, but also any potential down-time for employees while they wait for the repair. Thin clients have no (or few) moving parts and extremely low heat output. The result: not only are there few parts that have any chance of failure, but there is less likelihood of failure due to heat issues and power surges. Finally, they are very “green” due to low heat output and the fact they consume 10-15% less power than the traditional PC. Over the life of a PC I estimate the cost savings (including a little extra for the reduced power consumption) to average about $75/per year of ownership with a thin client. Today, securing your company data and protecting your workstations from intentional (and unintentional) rogue software installs is very important. This job can be made more difficult with individual PC’s. Also, custom software, off the shelf software, any software upgrades or replacements can be time consuming with the traditional desktop. Individual PC’s leave some data unprotected not only from possible theft or misuse, but also left out of the nightly backups. In a thin client environment all programs run in the secure and protected environment of the server and all of the data is held there as well. Individual user data is easily made part of your backup scheme and backed up nightly. Software upgrades are simple-run the upgrade on the server and viola’ it is instantly rolled out to all your users at next log on. No more walking from workstation to workstation to install the latest Office upgrade. Want another example? How about that custom interface sitting on top of your Access database-would you like to make a change to it without having to walk up and down all those steps? Make your change, copy it to a folder or your management software and again, like magic, the next time your users log on they get the latest and greatest interface. It is true that thin client computing is not appropriate for every user in every environment, but for some situations it could be an excellent alternative. If you have a server based network, an interest in lower costs (both immediately and on-going), central software and data management, and a “green” alternative to the traditional PC, check into thin client computing.    

Email Scams Abound for Users

I was reading this week about two new exploits that are possibly appearing in an inbox near you. They are both propagating through email, phishing as it is known, and they are both capable of doing some pretty serious damage. In fact, while they are not exactly the same, they do exploit users in similar ways: by duping the user into believing the email has come from a trusted source (on from LinkedIn and one from Microsoft) and executing an attachment included with the email. These tactics are pretty old school; however their effectiveness is clear; users continue to open these attachments and infecting themselves. The payload for both is to open up your computer to attack from the outside and stealing usernames and passwords from your computer. Unfortunately, people rely far too much on their anti-virus, anti-spyware programs to protect them; blindly opening attachments without a thought to the consequence. As I have told clients time and time again: I would not run my computer without these programs but NOTHING is 100% effective and someone always has to be first in a new (or re-worked) exploit. I don’t want it to be you. End users have to be very careful and responsible with any attachment, from any person or entity, at any time, for any reason. You have to examine the email content; you have to think about the likelihood that the promised information makes sense or was even requested. For instance, the exploit “from” LinkedIn contained wording in the email that the contact list “you requested” was attached. Somehow I doubt that everyone infected by this email requested a contact list-this is the first clue-if you did not request it, do not open it. The email “from” Microsoft was supposedly a security fix MS was emailing to you. So this one is two-fold easy to spot: 1) MS NEVER, EVER, emails security patches to you. Never. 2) If this exploit was to be believed, it would mean that Microsoft has the email address of every single Microsoft user everywhere. Now I realize people find Microsoft is far too powerful and all knowing, but this is a stretch. I often hear from people that the reason they opened an attachment is because it came from someone they knew or trusted. Please be aware that this is one of the most common ways to get infected. Someone you know gets some malware and that malware emails itself to everyone in that address book. You always have to be on the lookout-even when it comes from Mom.

Next Page »