Saturday, December 18, 2004

Productivity and Ethics of the Internet

Q: What are the productivity issues of the Internet? Are there ethical issues of the Internet? What does a consumer need to be leery of purchasing goods or services online? What are the greatest risks?


What are the productivity issues of the Internet?

The internet by its very nature is both productive and counter productive. There is a wealth of information hidden in a sea of obscure information and at times disinformation. I find myself a child and veteran of the internet evolution chasing related rabbits down tangent paths. It is very easy to jump from one topic to the next as they are related, linked or of interest. As a result a great amount of time can be spent on reviewing information that is really not relevant to the task at hand.

In the work place web surfing is abused by everyone to a certain degree. Most of the customers I support in Medical, Commercial Real Estate, and Law Firms have very little time to play as small business professionals tent to be extremely busy.

In these small businesses the most abuse is by the low paid workers, who is not as in tuned to the immediate needs of the business and are left unsupervised. As a result the most common abuses are instant messaging, shopping surfing, and online games as a result the PC’s become infected with spyware and other malware software.

Since most entry level computer users do not know how to clean their trail it is easy to tell where and what they have been doing and looking at. To manage these workers we have deployed stealth employee monitoring software that records everything that the user is doing, along with screen shots, keystroke logging, application usage times, email, web surfing, etc. It flags the user when they are doing something they should not and notifies the supervisor or manager. This has dramatically dampened the abuse of the Internet for personal usage and set productivity back on track.


Are there ethical issues of the Internet?

The ethical issues of the internet are more numerous that I can list here. The internet is still a baby as compared to other technologies like the phone and light bulb. I would have to say that there are more ethical violations on the Internet than there are not.

The 50,000 foot view of the ethical issues are a broad range of Legal, Online Activism, Government, Censorship, Free Speech, Intellectual Property, Fair Use, Privacy, Security, Infrastructure, Culture and Legislation. The ethical issues are still in their initial states of definitions, some very clear, most very unclear.

In the news the most recent popular battles on ethical issues is P2P (Peer to Peer) file sharing. With the RIAA filing numerous law suits to stop music swapping it is still a highly debated subject. Identity theft is on the rise, but mostly via spyware and other malicious software. Static’s still show that identify theft is still done the old way of dumpster diving and mailbox raiding. Online identity theft is on the rise with techniques called PHISHING. The ethics of the internet are abused all the time both on purpose and by a lack of understanding what the user is doing.


What does a consumer need to be leery of purchasing goods or services online?

Never purchase anything without an encryption connection to the commerce site that you are connected to.

Never buy anything from a site that is not well known such as Billy-Joes’s House of Pain 666 Book Store. Buy instead from Amazon, Borders, Barnes & Noble, etc.

Always read the return policy, restocking policy, privacy policy, site usage policy, warranty policy, shipping policy, insurance & pricing policy, the user reviews and industry publications reviews of the site that you are purchasing from before you complete your purchase. Compulsive shopping can get you into a lot of unwanted charges and stuck with a product that you can not return.

Never give more information that you have to in order to make the purchase.

Never sign-up for vendor product referrals or allow the site to provide your information to a third party sources. Product newsletters and new release updates are usually ok to check and receive.


What are the greatest risks?

The greatest risks are your account information being compromised, your bank account being emptied, and you being stuck with an ineradicable amount of debt where you did not make the purchases.

Kerberos Security

Kerberos is a hidden feature in Windows 2000, 2003 and XP. It is used for authentication in a Microsoft Network Environment from the client to Server and most people do not know that they are using it. The question was about the Internet. To what extent Kerberos is used ACROSS the internet is not published information from Microsoft or I am unaware of it usage.

Kerberos is one of many important security protocols used behind the scenes.

Here are links for those that wish a quick study of Kerberos.

MS Kerberos Summary

Kerberos FAQ
http://support.microsoft.com/kb/q266080/

Friday, December 17, 2004

Security challenges of the Internet

Q. What are the security challenges of the Internet? What are the regulatory challenges of the Internet? Explain several types of crimes committed on the internet with respect to online businesses.

Wow this is a really tuff question to answer in just 300 words. I could write a book just on the first question alone, but for the sake of everyone’s sanity I will keep it short.


What are the security challenges of the Internet?

This question should read:
What are the security challenges of protecting your business and home computer systems from evil doers abroad?

You can not secure the internet. It is an uncontrolled environment. You can only security the gateways into and out of your home or business and your internal systems.

A hardware firewall or a NAT router is a good start. Followed by software firewall on your PC with Anti-virus software that is updated daily. Also anti-spyware, web filtering or parental control software should be used, for your self if nothing else. Anti-Spam software or service for email and a good healthy dose of security education on what evil doers are trying to do to your computer and to you.

The biggest challenge is getting people to understand what they are about to be hit with. Once they have been burned, then my life gets easier, because for some reason once they have lost something important on their computer their hearing and understanding all of a sudden becomes very clear and they get it.

A couple of other things on security and the Internet as any business related data or commerce data needs to be encrypted when going ACROSS the Internet.

The common protocol to do this is HTTPS. We talked about that last week. Another method is VPN which can use PPTP or L2TP with IPSEC to encrypt the data in 3DES. These protocols can be Microsoft’s, (which I usually use) or they can be propriety like CISCO or NORTEL’s VPN applications.

One other secure method is Terminal Services which is done by use Remote Desktop application to connect to a Terminal Server. This communication also uses 3DES encryption.

All three Microsoft versions are built into the Windows XP Desktops systems. HTTPS and VPN are in all versions of Windows from Win98 to XP. Remote Desktops is a free download from Microsoft and runs on most all support Microsoft OS to include a pocket PC phone.


What are the regulatory challenges of the Internet?

Keeping the internet unregulated is the biggest challenge. I hope the government doesn’t tax the crap out of the internet. There are so many issues about regulatory stuff being proposed it makes my head spin and eyes pop out! Some of the bills going before congress are just plain stupid nonsense crap. While other bills are much welcomed like the Spyware act, but the government has no way to enforce it, especially when the evil is coming from off shore.

Here is a link for a site about the latest Bills being passed in congress.
http://security.efsnm.com/index.php/weblog/C15/

For links that will make you head spin and eyes pop out there are great reads at the EFF (Electronic Frontier Foundation). They fight for sane tech rights against insane Bills in congress.
http://www.eff.org/


Explain several types of crimes committed on the internet with respect to online businesses.

Information and System Rape is the by far the most common and epidemic. This occurs when spyware gets onto your system and uses it for evil deeds. It is no different than someone going into your house, using it to plot, plan and execute their evilness and they move your cheese. With spying on your PC the evil doer can take your banking information, credit card, personal identify theft, while leaving you holding the bag to pay the bills.

One more common ways is PHISHING via email or web site to trick the user into giving freely their account information. For more on PHISHING you can check out this web site.
http://security.efsnm.com/index.php/weblog/C14/

US-CERT Security Information

To learn about security issues you can subscribe to the US-CERT site from the Department of Homeland Cyber Security group. This group is augmented by the security folks from Carnegie Mellon University.

Security Bulletin
http://www.us-cert.gov/cas/bulletins/SB04-350.html

CERT
http://www.cert.org/

Thursday, December 16, 2004

Worm W32.Erkez.D@mm

Here is a link from security.efsnm.com site about the latest evil virus Worm W32.Erkez.D@mm. It is a Threat Level 3.



December Windows Patches

Microsoft Monthly Patch Summary:

Microsoft does such a cryptic job of informing the public about security issues. This web site security.efsnm.com has paraphrased the updates for just the most important information. You can click the link on this site to the cryptic MS security info for a funny read.


Wednesday, December 15, 2004

Memories of past Languages

I am interested in others feedback as to what they are doing and using. I am interested in your experiences, good, bad, ugly and indifferent. Knowing the results of an experience is very valuable.

Thomas Edition was once asked by a reporter how it felt to be such a failure. He replied I beg your pardon? The reporter stated, Mr. Edition you have tested a 1,000 things and none have worked, so how does it feel to be a failure? Mr. Edition responded, Sir, that was a 1,000 things that we did not know that would not work. My good man he said, that is not failure; that is success. Mr. Edition tested 3,000 things before he finally discovered the right elements to use to create a light bulb.

My first programming language was basic on the Apple IIE networked with a micro mainframe. We it took 15 minutes to logon. We booted, used the rest room, got coffee and stacks and prepared for long nights in the computer lab. My second language was COBOL. I got an A+ in the class, but I hated that language more that anything. Pulling out your fingernails was better than coding in that language. Next was Fortan, PASCAL, and C that was the end of my formula training. I had enough understanding that most all computers languages are the same just different syntax. I went on to self teach myself C++, Assembler, Visual Basic, SQL, Access, VBA, VScript, Jscript, HTML, ADO, ASP, ODBC, PERL, AWAK, WSCRIPT, XML, DHTML, and a bunch of other obscure languages. I was on the beta test teams for ASP.NET long before it was called DOT NET. I was working on DOT in 1999 and 2000 when it was called NEXTGEN. All these languages had their own headache and issues. A lot of languages were not forward nor backward compatible.

Microsoft would have you to believe that you need Visual Studio to be a productive rapid application developer. Well having been on campus in Redmond working with the people who invented the dang stuff, they do most of their work at the command line console or in notepad. Notepad is the universal editor.

Now I mostly write in Access and WScript for desktop and server automation. I have rewritten the same utilities in the same language and others some many times I am just burned out on writing code for a living. Since the dot com bomb days, the big projects are much harder to come by. I enjoy writing utilities and scripts that get used over and over. I enjoy the tech support as the life of a coder is never ending as there is always one more line of code that needs to be written or rewritten.

Tuesday, December 14, 2004

Fighting Spyware

Ad-aware is good, recently Sypbot has become the preferred anti-spyware software as Ad-aware no longer will detect certain versions of known spyware like Gator and Hotbar to name a few. These spyware companies put legal pressure on Ad-aware and other anti-spyware software to have their software removed form their detection lists.

Also before you download anti-spyware check it on Spyware Wwarrior’s web site to ensure that the anti-spyware that you are downloading is not Rouge anti-spyware. There are several hundred rogue anti-spyware programs being free/sold that even show up in Google Ads that are actual the very thing that they claim to get rid of “SPYWARE”

Jen you should be fine with Ad-aware, but I recommend that you add Spybot too.

Links an Article on Rouge Anti-Spyware

Spybot

Spyware Warrior Newsgroup:
http://www.Spywarewarrior.com

Inside Microsoft's IT

Here is an interesting look at Microsoft’s IT department with Ron Markezich, the software maker's chief information officer.


Monday, December 13, 2004

Office Automation and Group Collaboration

Group Collaboration
A collection of software applications and devices used in a computer networked environment are called groupware. The is no specific set of application that make up this groupware, it is software that allows a large group of people to collaborate locally over a LAN and over vast distances over some type of WAN.

The most common type of collaboration is done via electronic messages called email. This email can be either standard SMTP and POP3 email or Newsgroup email like at the University of Phoenix.

The Newsgroups are used to collaborate ideas. The collaboration occurs when a newsreader client connects to a newsreader server and than exchange messages. The people post their messages and download the messages posts of others. The newsreader application that most people are using is Outlook Express. Outlook Express can use both newsgroups and regular email.

Most businesses today use email as a form of collaboration between vendors and customers as well as other employees. A commonly user email collaboration server software is called Microsoft Exchange. Exchange allows users to collaborate email, calendars, contacts, tasks and basic project information via a dashboard. The Exchange server can also be used as newsgroup servers. Newsgroup servers have an advantage over regular email as everyone that is subscribed to a newsgroup gets to read all the messages posted in that group. It aids in keeping everyone in sync with electronic communications. Standard email is one to many or one to one, and sometimes people can be left out of the loop when information is requested or disseminated.
There are other forms of groupware applications such as Microsoft Share Point Service. It allows the posting, collections and better organizing information and documents than what a newsgroup can do. Share Point is getting better, but it is very hard to setup and maintain. It is not backwards compatible and the environment is easily corrupted.

My favorite groupware collaboration software is a web-based groupware application called Intranets.com. Intranets.com allows anyone with little to no experience to built web based relational databases in real-time on the fly, ready to use after building. It is by far the most impressive company I have ever worked with. It allows rapid prototyping, rapid application development and production usage in minute’s verses days, weeks and months. We have converted all our traditional client server based databases all to web-based database group collaboration software at Intranets.com.

There are many other software applications that are effective tools for groupware collaborations such as WebEx for web based meetings, information and desktop sharing like doing product demos.

Simple instant messaging can be used for example MSN Instance Messenger. Our team uses instant messenger to hold meetings for team assignments. It provides a written record of who said what. It is like a permanent meeting minute’s tracker.

The reading text talks about workflow management groupware applications. I have work with several large companies that have attempted to use these applications and they have not worked out for many reasons. They have been very difficult to use, time consuming to use and very expensive to purchase, deploy and maintain.

The advantage of using groupware applications are the rapid, accurate, in-sync reception and dissemination of information.

The disadvantage is the lack of personal interaction with others in a face to face environment. While video conferencing allows for face to face collaboration, it is not the same as in person interaction and communication of information. Other disadvantages are the additional costs and customization that might be required for a particular business group.

Office Automation
Groupware software applications are often augmented with documents, publications, presentations, spreadsheets, CAD drawings, voice mail, faxes, scanned images, art work, video and other forms of audio within the groupware application. These files are created with other applications such as a word processor, spreadsheet program, power point applications, image editor, video editor, scanning software, etc. The use of this software is referred to as office automation as the software is used replaces the manual method previously used.

Office Automation is the integration of several applications to produce a single output. An example would be a program called HotDocs. It also the fast creations of large documents like legal and commercial real estate contracts. It allows someone with little to no experience to answer a few questions and it will generate all the necessary clauses, language, personal pronouns, sentence structure and pull existing database to populate word documents.

The advantages of Office Automation are an increase in work production, work flow and more accurate information. It is often miss-referred to as a reduction in labor costs. The actual fact is one is still working the same amount of time, but now you are doing more work. The production of work increases, but the labor costs for 8 hours is still 8 hours.

The disadvantage of office automation is the complexity in which office automation can become over a short period of time. It takes more user knowledge to deploy, use and maintain the integration of the various applications and additional user training maybe required. Lastly about every four years all software and hardware used in the office automation efforts will need to be replaced.

Relational Databases

Q. What is a relational database? How is it structured? Indicate commercial database that are sold to the public that are relational in nature. What are the advantages and disadvantages?

What is a relational database?

The concept of a relation database can be thought of as a collection of tables that are connected together by Primary and Foreign keys. A table is like an Excel spreadsheet that is a file based system with cells as fields and rows as records. A table is contained in a DBMS. The purpose of related tables are to reduce the amount of redundant information. One table could contain contact information, another table could contain product information, and another table could contain inventory information and so on.

How is it structured?

The data is contained within table and the tables are connected together with primary and foreign keys.

Indicate commercial database that are sold to the public that are relational in nature.
There are two kinds of database products. One is the product that a database application is developed in such as Microsoft SQL http://www.microsoft.com/sql and another is an actually application that uses a database that is pre-structured such as MOLDTRAX at http://www.moldtrax.com . This commercial relational database uses an Access database. It has seventeen tables with seventeen primary and foreign key relationships. It has sixty custom queries that use one to many relationships to define a view for a form or report.


What are the advantages and disadvantages?

Advantage:

The biggest advantage is the over reduction in redundant information. Another advantage is the ability to relate information and produce queries results that would not otherwise be possible in a single table.

Disadvantage:

The biggest disadvantage is the complexity in knowledge required for an administrator or developer to build, deploy and maintain such a system. Therefore is can be more expensive to use.

In most companies there are measure in place to deal with data contained in a single location such as:
  • Data replication to another server
  • RAID 5 hard drives in which the data is contained on several hard drives at the same time live
  • Cluster Servers in which the same data runs on several servers at the same time in a RAID 5 environment
  • There are two kinds of Backup Agents on real time data backup and the other is night agent backups.
  • The database systems also contain the ability for them to be backed up or dump their data to a text file manually or on a schedule.

Sunday, December 12, 2004

Phishing, Spoofing and Evil oh My

If you manually enter the website address in your browser it will ensure that you are going to the desired website. Otherwise according to recent security issues that were discovered you will have no idea.

It is recommended that the site that you are intending to perform commerce with that you start your connection with a newly opened browser and manually enter the website address.

Never click on links inside an email or suspicious web site that leads to a commerce site. Never fill out a web form inside and email, and never fill out a web form that you did not request.