Did a colleague forward this newsletter? Please email me to join the list and receive your own copy. Blog Please visit the Technology Reflections Blog on the Web for new articles, explainers, and opinion. Here's just a sampling of entries made this last month. 10.21. Protect Your Online Privacy with COPS Methods 10.20. Avoid the Latest eBay Phishing Scam 10.13. Why Microsoft Support Constraints are Good for Small Business 10.06. ID Theft Targets: Small Business 10.04. Microsoft Outlook Disaster Recovery 10.03. IT as a Utility News and Announcements We Welcome our New Customers! Crafton Financial Services NY Life Insurance Co. Vancouver, WA   West Coast Technical Solutions Vancouver, WA Our Online Presentations have been updated! This month, we've made some material changes to our online academic presentations. The following presentations were updated in October: Managing eCommerce Expectations New Backend Database Encryption! This month, we will be rolling out a new backend database encryption process for our clients who run our database solutions. Through the push of a button, this process will automatically create a copy of the backend database, compress it, encrypt it, and email it back to Mickler & Associates, Inc. technical support. Bugs and Viruses As of 10/25/2006, it has been a relatively slow month for bugs and viruses - hey, nothing wrong with that. However, there was a virus released this month that gets an honorable mention. w32.wikedir@mm is a virus that can arrive through email or as a file. When this virus executes, its payload is another virus - backdoor.evilbot -  that allows malicious parties on the Internet to gain access to your computer's hard drive.  A virus begets another virus. You have to admit that's fairly creative. We may ask, though, how viruses like w32.wikedir can spread to your computer? To answer that question, we should look no further than spam, phishing, and file sharing services. Spam can arrive in your inbox as just text, or, with a picture attachment.  Most of these emails are either annoying or offensive, but some carry embedded hyperlinks that - if clicked - would take you to a website under the control of the party that sent the spam.  If you "nibble" on the bait (the hyperlink), you're the "phish": you're hooked. Don't click on any hyperlink presented by an unknown sender. The website you might connect to has the ability to dump a virus like w32.wikedir on your machine. Simply delete the email. Don't open any file attachment from unknown parties, even pictures. Executing the attachment by double-clicking on it is a risk to your computer. Simply delete the email. Don't download files or applications from untrustworthy websites - especially by invitation through email. Simply delete the email. Don't use peer-to-peer file sharing software like BitTorrent, KaZaa, or Morpheus. This is more a suggestion for those who have teenagers: these applications allow your kids to get free *.mp3 files for their iPod. Not only is there a copyright problem, but infected files can move quickly from person to person and on to your PC, bypassing your firewall and anti-virus filters. Finally, use updated junk mail filters with a modern email software package that prevents HTML from rendering in the email preview pane - this prevents HTML code, once compiled, from executing a virus on your computer.   Learn more about key concepts in managing corporate IT security Additional Resources for Technology and Business Professionals The Small Business Resource Center from Inc.com - sponsored by Inc. magazine - provides current articles on topics relevant to all business professionals, but particularly to the innovator. In their Finance and Capital section, look for how-to articles on managing financial resources and acquiring start-up capital. For the technologist in charge of monitoring websites and SEO (Search Engine Optimization), I'm always surprised of how many people are unfamiliar with Google's Webmaster Tools. These tools are free and it allows you to monitor traffic against your website as well as optimize its content for search engine relevance (well, specifically, Google). Did I mention this was free? Not only that, if you understand only a little about websites and SEO, Google's Webmaster Tools can help walk you through some key processes that can improve your site's functionality and speed. It's a keeper. Something similar to Google's Webmaster Tools but useful to the small business owner wanting to easily monitor their website's traffic is another tool called StatCounter.  I use this, in fact, for my own website and blog. This generates easy to read charts and graphs and statistics about your website's traffic. It's not technical and it's easy to use - good marketing information. You may need some help getting StatCounter's code on your website, but it's something your web person could do in under five minutes - it's as easy as cut and paste for them. And did I mention StatCounter was free?  Finally, for the technology student - a great link to put in your favorites: UC Berkley's Technology Lecture Videos Online.  These are actual classrooms, lessons, and lectures available from UC Berkley for you to watch for free on your PC.  As Ferris Bueller would say, "Quite choice. I'd highly recommend it."

Technology Reflections is a newsletter sponsored and prepared by Mickler & Associates, Inc. of Battle Ground, Washington.  The newsletter addresses the technology concerns of small business in every day lingo, and reflects on trends, issues, and tips to help your company gain competitive advantage from tech spend. Please feel free to distribute to colleagues and partners.

Using Microsoft Outlook's Junk Mail Filter

Earlier this month, I wrote a blog entry on how to avoid the latest eBay phishing scam.  In my opinion, one of the most reliable ways to make sure you or your small business is protected from spam is to never see it. Nothing if 100-percent reliable in this area but if you use Microsoft Outlook 2002 or 2003 to read your email, you should be using the Junk Mail Filter.

The Junk Mail filter's options can be accessed from within Microsoft Outlook. Just click on Actions, Junk Email, Junk Email Options.  You will be presented with the following dialog:

I'd recommend you set the Junk Email setting to HIGH. Like the dialog says, though, you have to look at the Junk Mail Folder every so often to make sure that good email that you want wasn't accidentally tossed there.  While in the Junk Mail Folder, and if you find a message from a sender that you trust, you can press the "Not Junk" button in Outlook which will add the sender to your safe sender's list.

What some may not realize is that the Junk Mail Filter is kind of like your anti-virus package in that it needs new definitions from Microsoft. Microsoft publishes new updates for the Junk Mail Filter every month - for Outlook 2003, you can find them here.  Download the most recent update and install it to your computer - just follow the instructions. Look for new updates roughly every month from Microsoft and apply these updates manually because they're not automatically downloaded or installed.

Now, for those using Microsoft Exchange - Microsoft's email server - Outlook will kindly notify you that the Junk Mail Filter is not applicable to your setup when you enter this dialog. This is true. In this case, message filtering needs to be applied at the server level and the filtering options at on your PC are not applicable. Your network administrator should have already applied Exchange Server Service Pack 2 and enabled the Intelligent Message Filter; for my clients where I manage an active Exchange Server 2003, I have already done this months ago when SP2 was released. The IMF is a manually-configured service and requires activation on a specific smtp (email) connector, so your administrator needs to specifically turn it on.  And oh yes, it, too, has manual updates, although your administrator can automate some of those using some handy tools from Microsoft for your server.

Like I was saying: nothing is 100-percent reliable when it comes to email filters. However, a little precaution can go a long way in protecting your team from the most common spam problems.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.

p.s. Ever wonder why spam arrives in your email box with misspelled words, bad grammar, picture attachments, or with long story narratives? It's intentional! The people who're creating the spam are tricking the Junk Mail Filter which looks for specific keywords and sentence construction. If words are misspelled and sentences chopped up, then the filter "sees" nothing wrong with the email and lets it through. Also, graphic images cannot be scanned by the filter so the latest trick is to send picture attachments as spam. And the length of a message matters, too, so a paragraph or so of text can be added to trick the filter.  So even if you use a good junk mail filter, it's never 100-percent accurate because the spammers just get more creative.  Darn spammers!

The Value of Vista (Part Three)

Continuing my exploration of Microsoft Windows Vista, the Windows Security Center in Vista has been significantly improved.  If you'd like to see a couple of beta images of the new and improved Security Center, click here and here.  And by the way, those shots include some nice images of the new Vista desktop and Aero interface. (Yes, it looks a lot like Mac OS-X...)

Windows Security Center was introduced with Windows XP Service Pack 2. It is a feature of Windows that consolidates all of the security-related features of Windows into one simple dialog. The Security Center allows for a diagnostic view of:

1. Firewall Settings.  Preventing your computer from being accessed by unauthorized people and software.

2. Automatic Update Settings. An automatic process that downloads new patches and updates to your PC in the evening, when you're away from the machine.

3. Anti-Spyware and Malware Protection. Native tools that attempts to block malicious software from taking hold of your PC.

4. Anti-Virus.

5. Internet Security and Anti-Phishing Settings.  Configurable options that allow you to customize Windows' Internet settings.

With Windows XP, it is possible to achieve this kind of defense-in-depth security strategy by opening up multiple areas of the operating system and by downloading some additional components to Windows like Defender and IE 7.  The problem is that you would have to know where to find these configurations and extra software and set them up appropriately.  Now, everything is in one place to make it easy on the end user.  Under each one of these headings, the Security Center identifies whether or not these items are configured, turned on, being monitored by Windows, or, being monitored by a 3rd party product. Microsoft's intention is to create what they call "a single-click remediation" with the Security Center so that managing workstation security is quick, painless, and un-complicated.

The Security Center will even consolidate the management of 3rd party software products like Norton Anti-Virus. Independent Software Vendors (ISV's) will actually have to present a digital certificate to Windows to authorize its integration and use with Security Center.  A digital certificate is a special key that will confirm that, say, Norton Anti-Virus installed on your PC is legitimate and won't attempt to harm your computer.  The Security Center will also show a status for each ISV application: something like "working", "waiting", or "broken". Further, Windows Security Center will have an "update now" button - all 3rd party ISV products that cover these areas of system security then update at the same time. No longer does the user have to be conscious of updating multiple pieces of software - now they can update all applications with one button.

During the beta testing of Windows Vista, many were anxious to see if Microsoft would ship a native anti-virus application in Windows with the release of Vista. This would put Microsoft in serious contention with key security partners like McAfee and Symantec: Windows could provide native anti-virus solutions so that consumers wouldn't need to purchase a 3rd party anti-virus product. However, Microsoft announced in May 2006 that it did not intend to release an anti-virus product native to Vista, and buckled to European Union pressure this month to allow ISV products access to the kernel - the deepest and most secure area of Windows. So, Vista will not ship with a native anti-virus package, but Microsoft will continue to offer anti-virus solutions through its Windows Live One-Care Service.

The Windows Security Center in Microsoft Vista represents Microsoft's evolution of thought concerning Windows security. Taking it seriously enough to literally "do security themselves", Vista will offer consumers an easier, more consolidated, more user friendly way to protect their computer system from multiple layers of threats.

So does this mean that Vista is more secure than Windows XP? The jury is still out on that one! Vista is just another piece of Microsoft "bloatware" comprising of some 55 million lines of code; that's approximately 12 million lines more than Windows XP. With more programming code comes more variability, and more variability could mean... holes, bugs, trouble!  We'll have to keep our eyes pealed in the first six months of the release.  But the Security Center is a great feature for the common user and small business who may be looking for a low cost, minimum-level of protection for their microcomputer assets.

Look for further revelations on Windows Vista in future editions of Technology Reflections.

IE7 vs. FireFox 2.0: What's the Diff?

Microsoft released its latest browser iteration in five years, Internet Explorer 7.0, and so far, the consensus seems to be "ho-hum".

"I really like the new IE7 but unfortunately it does not really add anything new," blogs DeveloperZen.  And it's true. Sure there are a few new features: native RSS support, tabbed browsing, anti-phishing support, and scaleable printing. However, unless you're an ubergeek, RSS doesn't matter a hill of beans and many novice users are likely to find tabbed browsing more annoyance than a feature.  That leaves anti-phishing and scaled printing, which makes you wonder how it took Microsoft some five years to figure that one out.

This week, FireFox 2.0 was released with similar anti-phishing technology and native RSS feed reader.  FireFox ignited the tabbed browser metaphor.  FireFox has over 1,000 free add-ons and extensions that also makes it very versatile.  Interestingly, what FireFox 2.0 lacks is the scaled printing technology IE7 introduces.  Otherwise, the products are very close to being the same.

FireFox 2.0 comes about a year after their last release and it was timed to be released at the same time as IE 7.0. It's probably easy to say that a lot of system administrators would love to install FireFox in their corporate environments but just don't trust it; it doesn't have the remote management and integrated support that IE does when managing the enterprise, so FireFox is a skeptical choice when considering the technical support alternative.  End-users should also be cautious when running a free browser like FireFox on a home PC. FireFox does have some compatibility issues with other software and troubleshooting your way out of a jam on a Monday morning may not be worth it.  That's not to say that FireFox 2.0 is bad or any better or worse that IE 7, but all of that versatility comes with a degree of risk.

Competition is good. I suspect that competition will be good for Microsoft and it will force them to keep up with FireFox's innovation. Gran Paradiso, or FireFox 3.0, is already being talked about on the blogs and Microsoft says they're going to release IE 8 within the next 18 months.  Whew - by then we'd be just getting done with Vista! Microsoft, of course, is cautious in making dramatic changes to browser given their mass of corporate customers who rely upon it for enterprise applications.  In the end, it may be FireFox's ability to adapt, evolve, and deploy faster than IE that wins out, especially with an increasingly-educated consumer expecting rich, customizable browser experiences.  Until then, we can stifle a brief yawn and continue clicking away with IE7.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.