|
written by Brian Place
Issue #11: August, 2004
Contents:
-
-
Security News
• Windows XP Service Pack 2 is released, but DO NOT
INSTALL IT YET!
• Department of Homeland Security says Internet Explorer very
unsafe - what to do?
-
Preventing Spam
• Second in a two-part series: delete spam automatically with
software
-
-
-
Fun & Cool!
• The new Seattle Central Library
• Pre-fab rooftop housing
• Candy wrapper museum
• Gorgeous photos of the 2003 Snow & Ice Festival in Harbin,
China:
• Map of Springfield, USA - home of TV's Simpsons
• Dancing Cats
• Chillout Song
-
Welcome
Welcome back to the BDP Networks newsletter, focused on bringing you straightforward
information about how to make your technology investments work better for
you and your company.
We continue to receive many questions from our customers about e-mail
spam & security, so in this issue we present the second part of our
series on managing the spam crisis using software tools. We also discuss
the life cycle of the average business computer, and introduce you to our
new industrial-strength helpdesk ticketing system, RequestTracker.
In other company news, Le Huffaker & I have been very busy over the
past year with our Maintenance & Support plans. These plans set us up
as the network administrator for small companies and we're finding that
our customers really enjoy the peace of mind that comes with them. If you're
interested in this or know of other companies who could use this service,
please drop me a line. We pay for referrals!
As always, please let me know if you have any questions or comments.
Thanks again for reading!
-Brian
Security News
WINDOWS XP Service Pack 2: Do not apply yet.
As of August 9th, Microsoft has released a new Service Pack for Windows
XP. Microsoft usually releases service packs as a set of tested, combined
fixes that repair software defects. But Service Pack 2 represents a departure
in this tradition as it significantly changes underlying systems in Windows
XP that may break quite a few commonly used applications, at least temporarily.
Microsoft has traditionally put a lot of emphasis on backwards compatibility:
you can still run that ancient DOS-based program from 1991 on a brand new
Windows XP system. This backwards compatibility comes at a high cost though--it
causes the code base for their operating systems to grow cumulatively with
each successive release. (Apple, for instance, threw out their old code
base entirely three years ago when they replaced it with a brand new operating
system--this basically meant you had to upgrade to the latest versions of
lots of programs, but the end result has yielded one of the best, cleanest
operating systems out there).
Successive add-ons of code to the operating system also create a lot of
additional "surface area" with each release for potential new
security threats. So Microsoft has finally taken the step of creating a
set of patches that, when installed, lock down large portions of this code
(including and especially older groups of code) in order to help safeguard
their system.
It can be argued that Microsoft has a number of deep-seated security problems
with Windows XP and they aren't necessarily going to all be fixed with a
simple service pack. But this is a good step in the right direction--though
it'll also mean people need to be more cogniscent of application updates
from now on as patches are rolled out.
I expect Service Pack 2 to cause quite a bit of discomfort for a lot of
people. For instance, in my initial testing, I identified two very up-to-date
programs on my system that were affected by the newly enhanced built-in
firewall software. Therefore, I'm recommending against applying it for a
few months. When you do apply it to your computers at work, give it to just
a few people at first to make sure your applications will still work flawlessly.
We will be rolling out Service Pack 2 in test cases and will bring you
updates on it as things develop. In the meantime, keep on top of those Windows
Critical Updates!
(Thanks to Bob "Dad" Place of Naples, FL for this link!)
DEPARTMENT OF HOMELAND SECURITY RECOMMENDS THROWING OUT INTERNET EXPLORER:
Really? Then what should you run?
Internet Explorer has been targeted by a number of new security vulnerabilities
in the past few months, some of which are being taken advantage of "in
the wild." The Department of Homeland Security (which issues computer
security alerts) actually took the bold step of recommending people jump
ship entirely and use a different web browser.
Why should you care about security problems in Internet Explorer? Security
vulnerabilities, when taken advantage of, can be as dangerous as computer
viruses, spreading to your PC from a website (even one from a major company
you trust) that has been hacked. Your computer could become infected just
through the action of visiting that website.
Because of this, I agree with the DHS's recommendation, with a few exceptions.
For instance, some companies have written their own internal web-based applications
that absolutely require Internet Explorer, so you'll still have to use it
for that.
But IE is still a huge security hole and additionally attracts spyware
(an entirely different problem from viruses). So try something from the
Mozilla group instead, such as FireFox or Mozilla itself (if you want integrated
e-mail).
The Mozilla foundation, spearheaded by the Netscape corporation over five
years ago, has created an elegant, clean web browser that runs on many different
operating systems. It supports all current W3C (World Wide Web Consortium,
the group that defines web standards) specifications and does it with flair.
(And did I mention the download of Firefox, the browser-only version of
Mozilla, is only four megabytes?)
Their software is freely available, freely modifiable, and includes excellent
features such as a built-in pop-up blocker and "tabbed browsing,"
an innovation I can no longer live without. Tabbed browsing lets you open
multiple web pages in the same window pane, selectable by clicking on "tabs"
listed at the top of the window.
Installing one of the Mozilla browsers doesn't mean you have to give up
Internet Explorer at all--it just means you have an alternative you can
use next to it. And if you really like it, you can tell Windows to use it
as your main web browser, still maintaining Internet Explorer if needed.
This is really good stuff - check it out here:
http://www.mozilla.org
Preventing Spam
Spam, viruses, worms, and other riffraff threaten to undermine the value
of e-mail in general. These three options for filtering spam may help.
Spam is Unsolicited Commercial E-mail (or UCE). In the last issue, I
listed specific ways you can prevent your e-mail address from ending up
on spam mailing lists. Since that was published, I've seen a dramatic increase
in the amount of spam & e-mail viruses our customers are receiving.
You can't stop spam from being sent to your e-mail server once spammers
have your address. As I said before, if your account is already receiving
lots of spam you only have two options: change your e-mail address, or install
spam filtering software. Before you delete your account, however, let's
take a look at filtering.
Since I started BDPNetworks three years ago, I've spent a lot of time
looking for the "perfect" spam-filtering solution. Despite the
fact that we have evaluated lots of different products, I keep coming up
empty-handed. Most spam filtering software & services don't catch enough
spam, catch too many legitimate messages, called "false positives",
or put a large burden on the network administrator who must manually classify
each message that arrives.
Additionally, the ideal spam-filtering software in a corporate environment
would have centralized administrator control, similar to the excellent management
interface used by Symantec Antivirus Corporate Edition. This would let the
network administrator monitor the situation & adjust controls for the
entire company from a central location. The products that do have this capability
don't do a good job filtering spam & don't allow for much control by
the end-user. So unfortunately I suspect this ideal doesn't quite exist
yet or is prohibitively expensive.
We have a ways to go before spam-filtering products & services mature
and are as easy to use and effective as virus-protection software. Until
these products (or outside spam-filtering services) get *really* good, I
can make two recommendations that will take care of most of the problem
(for now) for most of our customers. They're not perfect--but they're worth
the trouble.
#1: SpamBayes -- free, accurate spam filtering software for Microsoft
Outlook
SpamBayes is a client-side spam filtering solution installed on each
individual workstation. This open-source software runs on many different
operating systems including Microsoft Windows and various distributions
of Linux. If you run Microsoft Outlook or Outlook Express at work or at
home & receive lots of spam you should immediately download a copy of
this software. Not only is it excellent at combating spam, it is completely
free.
SpamBayes employs Bayesian-style filtering. Bayesian filtering works by
comparing the contents of a given e-mail message to a past history of other
similar e-mail messages. This technique requires a little bit of training:
you click happy face icons on stuff that's NOT spam, and sad face icons
when you see spam. You'll need to occasionally check your "Junk Suspects"
folder when it can't determine what category a particular message falls
in. But after a short training period, SpamBayes gets very good at accurately
classifying your e-mail.
What's unique about SpamBayes is how it can easily adapt to new types
of spam. Compared with rules-based systems that must be manually updated,
Bayesian filtering can be trained to quickly adapt to these newer spam formats
as they are released without having to install additional software or updates.
I should point out that Microsoft Outlook 2003 employs Junk Mail filtering
as well--and it's actually quite good--but it doesn't seem to work as well
as Bayesian filtering in the long run. SpamBayes installed into Outlook
2003 combined with it's own internal Junk Mail filter will give your spam
a one-two punch that'll knock it out almost completely.
Learn more about SpamBayes here:
http://spambayes.sourceforge.net/
#2: Novell GroupWise 6.5 -- with built-in Trust & Block lists
We have a few customers running Novell's excellent GroupWise e-mail platform.
In fact, we even use it internally here because of its reliability &
immunity from e-mail viruses that plague Microsoft-based e-mail systems.
But GroupWise uses its own proprietary protocols to communicate with the
e-mail server so SpamBayes won't do any good here.
Luckily Novell has recently released GroupWise version 6.5. This version
includes some "brute-force" Junk Mail filtering techniques, such
as "white listing" & "blacklisting." GroupWise will
use the contents of your Frequent Contacts address book (which automatically
contains every e-mail address you correspond with) to create a "whitelist"
(called a Trust List) of legitimate e-mail addresses. These e-mails will
always pass through the filter unharmed. Any e-mails from anyone not on
the list end up in the Junk Mail folder. You can purposely add an address
or a domain to the "Junk List" (blacklist) that will always end
up in the Junk Mail folder regardless of other settings, as well.
I was skeptical about this method, but I've used it for months with great
results. It's very simple, and works extremely well since most spam e-mails
come from random, nonexistent E-mail addresses. The only drawback with this
method is that if you receive new e-mails from people with which you've
never previously corresponded, they automatically end up in the Junk Mail
folder and must be specifically added to the "Trust List" (whitelist).
This can be a problem if you receive sales leads or new client inquiries
on a regular basis.
The other benefit to this method is that it takes place on the server--not
the client--but it's still very easy for the end-user to control the settings.
It doesn't require your computer to be turned on with your e-mail client
open for it to do its filtering.
This method has served me well and is decidedly low-tech. Why can't other
e-mail programs do the same thing? Probably because most programs don't
automatically keep track of every e-mail address ever used--which is the
secret to this method.
If you're running a version of GroupWise older than 6.5 you may want
to consider upgrading in any case because it has other nice features as
well.
#3: Mail.app -- excellent Mail software included in Apple's Macintosh
OS X with built-in Junk Mail filtering
I don't need to say too much about the spam filtering included in Apple's
"Mail" program included with OS X. It works very well, and employs
a system similar to Bayesian filtering (though if you asked Apple's engineers
I'm sure they'd tell you it was nothing like Bayesian filtering). Effective,
easy to use and cool--like most of Apple's current hardware & software
lineup!
Conclusion
As long as it is economically attractive to use spam as a marketing method,
the amount of spam sent to e-mail addresses will continue to rise. You can
protect your e-mail address by using the methods listed in the last issue.
If you already receive too much spam, you can use one of these methods to
stem the tide. They aren't perfect--because spam filtering is not yet a
perfect science--but they'll do the trick so you can concentrate on your
regular business correspondence once again.
Note:
I am still looking for that "perfect" spam-filtering product particularly
for companies running Microsoft Exchange. If you have a lead on this, please
let me know. Ultimately we'll find an effective, appropriately priced, enterprise-grade
product we can stand behind & recommend without hesitation to all of
our clients.
Our Tools: RequestTracker
Many of our customers know we're constantly devising ways to enhance our
overall level of service so people get exactly what they need when they
need it. One of the projects we've been busy with lately is a new help request
system called RequestTracker.
RequestTracker is an industrial grade "ticketing system." It
performs many tasks for us so things never fall through the cracks. Many
larger companies use these systems to track internal processes and support
requests, so we figured it'd be just as useful for our smaller contract
customers. Here's how it works:
-
A BDPNetworks customer sends an e-mail message to "support@bdpnetworks.com"
with a descriptive subject line describing the problem or request.
-
RequestTracker receives the e-mail and sends a message back to the
customer acknowledging the issue. RequestTracker will assign the issue
with a unique number that can be used to track the request. (This is
called a "ticket")
-
RequestTracker alerts us to the new issue and allows any BDPNetworks
engineer to view & add to the history of this issue
-
Our engineers work through the issue to resolution.
-
When the customer is satisfied with the resolution, the ticket is
closed by an engineer and the customer receives a confirmation notice
via e-mail that the issue is resolved.
RequestTracker allows us to constantly reshuffle tickets depending on
due dates, priorities and severity of issues so that we can be as effective
as possible in making sure everyone gets everything they need in a timely
fashion. You can help us out by following a few simple guidelines:
-
Please use a descriptive subject line in your support request.
-
Please hold on to your ticket number when you open a new issue. Include
this number in brackets on the subject line of any subsequent e-mails
like this:
[BDPNETWORKS #123]
You might consider creating a folder in your e-mail program to keep
track of the automatic ticket responses.
-
Additional e-mails without the ticket number included will open new
tickets, so it's extremely easy to open many tickets with similar subjects
- but please send only one request per problem that needs resolution.
-
If you receive a confirmation e-mail for your ticket, it means we
have received it and it shows as "new" in our database. There's
no need to send additional e-mails about the issue unless you have more
information to add--we're already working on it.
-
If you need to expedite a previously requested item, either send
an additional e-mail referencing that ticket number (as shown above)
or call us. Having your ticket number ready will help speed up the process.
-
Open as many tickets as you need on as many issues as you can think
of. Using RequestTracker is the preferred method for handling non-critical
computer network issues.
NOTE: You can also access RequestTracker directly via the web interface.
This allows you to open tickets & track your previous support requests.
If you'd like to have access to this, please send us a support request.
(!)
Please let me know if you have any questions about this exciting and useful
new tool.
How to buy: Planned Obsolescence
Recently, I was in Michigan for a wedding. A produce store I had frequented
in my teens had just updated their antiquated mechanical cash registers
to a state-of-the-art point of sale system. Though their old system was
antiquated and clunky, it had served them well for many years. So when asked
what brought about the change, they replied "Well, the old registers
broke down for several days and we couldn't find anyone to fix them!"
This applies just as easily to computers used in business. Even though
an older computer may seem like it's performing its functions adequately
now, it could be a maintenance time bomb waiting to go off. But I don't
believe in replacing computers every couple of years either, because it
is a very expensive (in time and money) process that can disrupt a person's
normal work flow for many days.
It's no secret that most computers, like most cars, are designed with
planned obsolescence in mind. Some companies buy computers like they're
going out of style and hold onto them tightly for years until they finally
disintegrate. Others buy computers like candy--replacing them every couple
of years whether they need them or not. So what's the best way to go about
this?
I think a practical way to solve the issue of when to buy new
computers is to attach a specific life-span to those purchases. Put them
on a schedule--and rotate them each year to those with the greatest need.
As a rule, the "sweet spot" for holding onto desktop computers
in a business environment seems to be about four years. This allows for
a year of extra "free" use after a three year depreciation.
Laptops may last around three years--they usually wear out a bit faster
than desktop computers (and thus require more maintenance) and are usually
not as powerful as desktop computers so have a more limited useful life.
Servers are a different story altogether--general-purpose file and print
servers can last five years, though they need lots of redundant subsystems
to account for parts that may fail throughout their service life. File and
Print servers don't need to be especially speedy, but specialty servers
that require lightning-fast database access or perform other tasks should
be replaced as often as every two years. (And servers displaced by this
cycle can be turned into additional file, print or e-mail servers.)
New computers should be given to those who need them the most and rotated
yearly. Engineers, designers, publishing editors, photographers, image artists,
3D modelers, programmers, some project managers & other high-tech professions
that require a lot of processing power should always get the fastest computers
because they're integral to their job. Sales, marketing & management
need dependability more than speed: they usually don't need the fastest
systems to run simpler applications such as Microsoft Office, or e-mail
software. (In fact, I'm writing this article at 32,000 feet on my two-and-a-half
year old Macintosh iBook laptop--slow by today's standards, but extremely
reliable.)
If you plan for a four-year cycle, replace one quarter of your computers
each year. This is easier to budget for than randomly replacing systems
as needed. If you prefer not to have to deal with computer purchasing every
year, replace one third for three years: then you can let them ride on the
fourth year.
If we apply these rules to current networks, it means that you should
no longer be using computers running Windows 98 or Windows NT 4.0. Similarly,
servers running Windows NT Server should be replaced with brand new systems
running Windows 2000 Server or Windows 2003 Server. Linux is also now a
very viable option in some cases especially for servers.
Planning your computer procurement can really make a big difference to
the bottom line of a company by saving time & money on maintenance &
support costs without negatively impacting overall productivity. New computers
directly contribute to a company's overall efficiency as well, and often
pay for themselves quickly.
Fun & Cool!
The New Seattle Central Library
Seattle has a world-class building with really forward-thinking design
in the new Seattle Central Public Library. I am infatuated with this structure
designed & built by the cutting-edge dutch architect Rem Koolhaas. This
will be the building people will point to in twenty years when they talk
about public architecture--it's that good! If you're in
or near Seattle, it's definitely worth the visit--and the tenth floor reading
room is gorgeous. Take your laptop and enjoy the free WiFi access.
Other cool stuff:
Information about BDP Networks
BDP Networks, LLC is operated by Brian Place. Since 2001, BDP Networks
has helped increase productivity of small businesses in Seattle, WA and
the surrounding areas by providing outsourced, managed network support and
other computer consulting services. With over 20 years of combined professional
experience in this field, we know how to keep your network running smoothly
so you can concentrate on your business.
Do you know of an organization that could benefit from the services of
BDP Networks?
Then ask about our referral program! New clients receive a free onsite consultation
at no risk by calling (206)329-6600 or emailing bdp@BDPNetworks.com
to set up an appointment.
©2004 Brian Place for BDP Networks, LLC. All Rights Reserved.
Content composed and edited by Brian Place. Additional content & editing
by Katerie Prior of The Writer's Confidant, http://www.writers-confidant.com.
Layout & graphic design by Kelvin Scot of Kelvin Scot Design.
Feel free to forward a copy of this to whomever you wish, but please leave
the contents intact.
Questions, comments, or concerns may be directed to newsletter@BDPNetworks.com.
Thank you for reading!
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND FREEDOM FROM INFRINGEMENT.
|
