One of the most frustrating things to watch is the implementation of security measures as I advise clients. I don’t claim to know everything, but my 25 years of experience with computers and my focus on client needs has revealed a diversity of security problems and some unique ways to provide solutions.

Some clients want to implement complex systems and insist on strong security. Other clients want easy end-user experience as a higher priority than security, and are willing to sacrifice security for efficiency for their employees.

I always try to explain the advantages and disadvantages of each decision, but it’s often hard to convey all the “pros and cons” to a busy business owner or CEO.

Still, I insist on full disclosure, and sometimes find myself warning against changing passwords for all users to a single easy to remember code. Sure, there is a trade-off between security and usability, but there is also a suicidal strategy for an organization. What’s at risk? The business data, identities of all employees, and financial disaster for all involved!

Security is necessarily a partnership between all those involved with activities and decisions relating to a business. If the executive leaders of the business are not willing to acknowledge risks and help enforce fundamental security measures, there is little that can be done to secure a business long-term.

It’s a partnership. Each partner must listen and heed the advice of the specialists seeking to provide help to an organization. Decision makers need to listen to and consider the advice of security professionals and weigh that against the needs and demands of workers “in the trenche”. The long-term health of a business is at risk in this dance.

“This page has an unspecified security risk…”

Here is how I disabled the message. (Yes there are other ways to do it, but this is simplest I found.)

Go to Control Panel – Internet Options – Security Tab – Local Intranet – Sites, and uncheck ‘Automatically detect intranet network’. (Kept the three sub-selections checked). Click ok, close the Internet Properties window, and you are done.

Whenever a computer is slow or behaving weird, I check the System Configuration Utility (msconfig), in the Startup tab. Not all malware will be found there, but it’s a good place to start with a quick check. If you see some unknown process there, especially if it has a name that looks like gibberish, it’s likely malware (hey, what’s this ragjv32f4w5t.exe program?

Some insidious malware will intervene in just about anything you are trying to do. When you try to open a browser, you can’t. When you try to start msconfig, you can’t. All you get are FAKE errors about your computer being infected by a virus (false alerts from the malware). The malware is blocking you from even starting a program, so how can you make progress?

Of course, you can try some drastic things like reverting to a previous system save, or you can try to start in safe mode. These are not optimal strategies, however, because (for one reason) they take too much time.

I am a big fan of the Process Explorer from Microsoft (from Mark Russinovich, formerly of Sysinternals). I make sure I place the executable in the System32 folder of every machine that I have to manage. Then I can fire it up whenever needed.

When malware strikes as described above, there is a little trick you can use to launch Process Explorer. If you can manage to locate Process Explorer (procexp.exe), you can move it to the desktop (just to make it easy to work with, or leave it in System32 if you must), then rename it to explorer.exe.

Malware won’t usually interfere with running of explorer executable, and you can then launch the renamed Process Explorer. Ta-dah!

Now with Process Explorer, you can look for offending malware processes, and kill them easily. Look at the paths to instances of malware before you kill the processes, so you can delete the offending files immediately after you stop them from running.

There you go, an insider’s tip for the tough times when you think malware won’t let you do anything!

Of course, it may be hard to implement this tip if you can’t even open a browser, and you don’t already have Process Explorer installed. So be sure to equip ALL machines with this little gem of a troubleshooting tool.

There is a strategy for computer troubleshooting, and tactics to implement. Our overall strategy I call “Divide and Conquer”. Basically this means we will go through a process of evaluation of possibilities and eliminate (or confirm) them one by one. In this step by step process, we want to use two important tactics.

Our first important tactic is to collect data. Sometimes I call this the “Discovery Phase”, because we want to get details about the problem(s) that are arising with the “troubled” computer. Maybe the video output is always black. Maybe a web browser always reports an error connecting to web sites. Maybe there is a recurring error message whenever a specific application is started.

Our next tactic is the “Substitute Known-Good” method. In this method, we have already tentatively identified a likely cause of the observed problem. For the scientifically inclined, we call this an hypothesis. We can often test our hypothesis using a “known-good” piece of hardware.

For example, say a user reports a computer has a blank screen. We can ask if any lights or fans are on, when they try to start the computer. If onsite, I will examine the computer myself and try to start it. Let’s say there is no video output, no lights on the front panel of the computer, and no fans turning inside the case. One thing we can do is test that the computer is actually getting power. Here the hypothesis may be that the computer is not getting power, because there is no power being supplied at the outlet. Let’s say a quick test using a floor lamp reveals that the outlet is supplying power (the lamp lights!). Our first hypothesis is proven wrong.

Since the most common component to fail in a computer is the power supply, our next hypothesis is that the computer’s power supply has failed. This can be tested with the “Substitute Known-Good” method. Simply replace the existing power supply with a new (or at least known-good) power supply, and see if the problem is fixed. If it is, we have proven the truth of our second hypothesis, and the computer’s problem is solved.

In our example we used the “Divide and Conquer” strategy because we collected data, looked at likely causes, and tested them in turn.

You can use the tactics of collecting data and substituting “known-good” components to solve computer problems.

Good luck and have fun!

Dr. David

Outside the United States, several companies are building market share in the international security software business. These include F-Secure in Finland, GriSoft in the Czech Republic, Kaspersky in Russia, Panda Software in Spain, and Sophos in the United Kingdom.

The antivirus software market is a rapidly changing one. A huge amount of effort is required to find and provide fixes for viruses. Malicious programs are getting more complex and the number of them is constantly increasing. Many companies may find themselves without the resources to effectively combat this threat. Moreover, the new viruses are getting “smarter” in that they propagate themselves quickly, often moving across the local network to infect numerous computers. They often hide themselves by moving around in a system and by renaming themselves. Viruses that rename themselves to names close or identical to legitimate system files can be difficult to detect. The capabilities of malicious software has multiplied, and now there are software threats that send emails, act as servers, and provide remote control of system functions. Malicious software often combines multiple features of viruses, trojans, emailers, etc., and these are called “hybrid” threats.

Although my recommendations for a good antivirus program has changed over the years, at the time of writing, I like AVG by GriSoft.com. It comes in a free and a paid version; see the site for specifics about their licenses. AVG antivirus actually does a good job at detecting lots of different kinds of malware, including viruses, trojans, rootkits, and various adware.

For companies with about ten or more computers, it makes sense to consider a provider of endpoint security services that can roll out protection to every computer and manage it for you. Endpoint security solutions from Fortress Data Protection provide effective and totally automated antivirus and anti-spyware protection.

Hackers infect computers, usually via email or websites, and group them together under their control to send illegal spam, carry out attacks on web sites, or propagate viruses.

It’s usually quite difficulty to track down the owners or operators of the botnets, who are sometimes called Botmasters. A disturbing trend is an increasing use of botnets in extortion schemes. How? Imagine someone sending you messages to either pay up or see your web site crash.

Botnets can consist of hundreds of thousands of compromised machines. Such large networks can be used in Distributed Denial-of-Service (DDoS) attacks. These attacks seek to make websites unusable, as servers are inundated with targeted bogus traffic. The affected web sites are made to appear offline.

Some security researchers are using Honeypots to combat botnets. Honeypots help discover how attackers infiltrate systems. A Honeypot is essentially a set of resources that one intends to be compromised in order to study how the hackers break into or use the system.

Hobbyists can run a Honeypot. But they must be exposed to the Internet, not usually behind an effective firewall. Routers for small offices often have a “DMZ” setting that allows a Honeypot to be deployed even in a small network.

A great site for more information on this topic is The Honeynet Project (http://project.honeynet.org) which describes its objective as “To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.”

Managed Services are a set of proactive monitoring and maintenance services that provide many benefits. Here are some of the services we offer as separate “a la carte” items, or as part of a holistic IT support agreement:

* Basic Desktop Monitoring, Reporting and Endpoint Protection: includes automated monitoring of all designated computers, for warning conditions such as full disk drives and other hardware and software problems, plus full professional endpoint security which includes automated antivirus and antispyware protection. No need for paying any other company for licenses for antivirus! Each computer under this service is licensed for complete automated malware protection. This is full computer protection and monitoring that will be custom configured for reporting on problem conditions as needed. Cost is only $20 per computer workstation per month. (Similar service for servers is $30 per month per server, or more depending on business requirements).

* Remote Help Desk. We will provide computer support by remote control when needed. Remote support allows us to solve MOST problems without having to come to your site. This is a tremendous time and money saver for YOU and for US. We include this service at NO EXTRA CHARGE with the above service, in most cases, including server support (certain businesses may have special requirements that require additional charges).

* Coming Soon: Vendor Management. Does someone at your company spend time every week managing problems with the printers, the phone system, the Internet service, or the digital document system? Why not get BACK that time, and get a single point of contact for ALL your system management needs? We make things easy and give you back your time, so you can focus on your business!

* Hardware! Let us provide quality hardware, from workstations, computers, and other network devices, so you don’t have to order them and have problems later on with the specs not being right for your needs. We now offer Hardware as a Service, which gives you quality computers that meet our highly stringent requirements for certified network devices. All the hardware we provide will support YOUR business needs, as well as all the management services we provide for you!

* Monthly reporting, including email alerts sent automatically when designated error conditions occur, is included with above services at NO extra charge! Basic Desktop Monitoring, Reporting and Endpoint Protection, and Remote Help Desk, have alone been key to reducing overall IT costs for our small business customers.

* FDP Automatic Bullet-Proof Backup! Our new service is a much-improved robust set of offerings that let you back up all your data to an onsite dedicated device, as well as saving your data to offsite locations for true disaster recovery, all with automated secure processes! These services include FAST data recovery as needed, and affordable plans to finally make enterprise-wide backup bullet-proof! Although Data Backup and Recovery Services are usually included as part of a contract for total IT services, the new FDP Automatic Bullet-Proof Backup services are available as a separate item.

* Many other services are available as needed, including optimization of WAN and multisite domain services, multisite data replication, local WiFi, wireless broadband multisite links, and provisioning and control of mobile workstations and endpoints.

Managed Services = peace of mind about your network. Look at the many benefits:

You can now:

1. Experience maximized network uptime.

2. Get access to Enterprise-level support without the usual high costs.

3. Control and reduce your overall operating costs.

4. Benefit from increased operational efficiency, through proactive maintenance.

5. Focus on running your business, not managing your network or your vendors.

6. Receive PEACE OF MIND knowing your network is monitored 24/7/365.

The bottom line is comfort and security. And it’s affordable. Contact us now about your needs.

We will work with you on a plan to streamline your IT services, prevent problems, and let you concentrate on your business – not your IT issues!

Fortress Data Protection (FDP) has partnered with ARRC Technology to offer the versatile CharTec HaaS program to all clients.

“We are very excited and proud to extend our service stack to include hardware. Clients are now able to utilize the expertise of the IT specialists at Fortress Data Protection in their software and hardware purchases, including configured workstation and server systems. The CharTec program allows us to provide hardware systems that meet client needs, and stay within the Certified Network specifications required for supporting our full range of Managed Services. In short, we can now provide affordable computers and other hardware for our client’s networks, that meets our high quality standards for integration with our network monitoring, remote help desk, and vendor management services”, said Dr. David Johnson, President of Fortress Data Protection.

The CharTec system allows business clients to purchase and refresh their hardware at low monthly cost. Instead of worrying about when their computers will wear out, and the large capital expenses usually required for hardware, business owners can now relax and know exactly how much they will be paying in one complete monthly fee. This fee can provide for hardware, software, and ongoing support.

Dr. Johnson added, “In order to provide excellent IT support for small and medium businesses, we must ensure that the total network environment meets stringent standards. By offering a hardware solution as part of the total service package, we are able to provide hardware, software, and support to keep critical business processes running with high availability. It’s all part of providing peace of mind for our clients, through proactive management and minimizing downtime.”

Outsourcing IT is an increasing trend, providing reduced costs and risks, more efficient operation of business processes, and increased revenue. Now FDP clients can get complete managed service packages that include hardware, software, and ongoing IT support.

Besides hardware, FDP offerings include 24/7 network monitoring allowing proactive remediation, data backup and disaster recovery, complete endpoint protection (anti-virus, anti-spyware, and anti-spam), and remote help desk.