Paul Wallbank – Brilliant Communications

Category: computers

  • The strange story of the Stuxnet worm

    The strange story of the Stuxnet worm

    The tale of the virus infecting Iran’s nuclear program is one of the fascinating stories of the computer world.

    Whoever wrote the Stuxnet worm did a spectacular job in bringing together a number of security problems and then using two weak links — unpatched Windows servers and poorly designed programmable logic controller software — to create a mighty mess in the target organisation.

    The scary thing with a rootkit like Stuxnet is that once it has got into the system, you can never be sure whether you’ve properly got rid of it.

    What’s worse, this program will be writing to the Programmable Logic Controllers the infected computers supervise so plant operators will never know exactly what changes might have carried out on the devices essential to a plant’s operations and safety.

    Damaging Iranian nuclear plants

    A report on the Make The World A Better Place websites over the weekend indicates the Stuxnet Worm may have damaged the Iranian nuclear reactor program.

    The story behind the Suxnet worm is remarkable. It appears this little beast is a sophisticated act of sabotage involving using a number of weaknesses in computer systems as detailed by Computer World in their Stuxnet Worm hits Industrial Systems and is Stuxnet the best Malware Ever articles.

    The risk of unpatched systems

    One of the things that leaps out is how servers running unpatched systems are an important part of the infection process. The Stuxnet worm partly relies on a security hole that was patched by Microsoft two years ago so obviously the Iranian servers were running an unpatched, older version of Windows.

    This is fairly common in the automation industries. I’ve personally seen outdated, unpatched Windows servers running CCTV, security, home automation and dispatch systems. They are in that state because the equipment vendors have supplied the equipment and then failed to maintain them.

    These companies deserve real criticism for using off the shelf, commercial software to run mission critical systems that it was never designed to do.

    Commercial programs like the various Windows, Mac and other mass market operating systems are designed for general use, they come with a whole range of service and features that industrial control systems don’t need. In fact, the Stuxnet worm uses one of those services, the printer spooler, to give itself control of the system.

    Securing industrial systems

    These industrial systems require far more basic and secure control programs, a cheap option would be a customised Linux version with all the unnecessary features stripped out. In the case of Siemens, the providers of the PLCs supplied to the Iranian government, it’s disappointing such a big organisation couldn’t build its own software to control these systems.

    Business owners, and anyone who has computer controlled equipment in the premises, need to ask some hard questions to their suppliers about how secure supplied computer equipment is in this age of networked services and Internet worms.

    Similar posts:

    • No Related Posts
  • What is cloud computing?

    What is cloud computing?

    Cloud computing is about using other people’s computers to do the work for you.

    Rather than having programs running on your computer and saving information to the hard drive, a cloud service connects to your system and you access both the program and your data through a web browser such as Firefox, Internet Explorer or Safari.

    That service could be free such as Hotmail and Flickr or it could be paid for like Salesforce or Google Apps. Either way, they use a “cloud” of computers to provide the application and store their customer’s data.

    Having your applications and data saved on someone else’s servers brings a number of advantages in security, cost and flexibility.

    For businesses, that flexibility comes out of not having to buy complex software licences for their networks, instead they only pay for what they use. For home users it means not having to install software that often slows down machines and sometimes conflicts with other programs.

    As we use the Internet more on our phones or with mobile devices like the iPad, having the advantage of not needing different software versions for each device makes it easier for us to access and use the information that used to be locked in our personal computers or office servers.

    Cost too is an important factor, while many programs such as Yahoo! Mail and WordPress are free, even the paid for programs like Sassu and Basecamp offer considerable savings over their traditional competitors that require you to buy a disk and install the tool on your system.

    One of the reasons for those reduced costs is the cloud services are sharing the resources between many users. That reduces the supplier’s distribution and support costs while making it easier for them to update their program when new features or security problems appear.

    Security is probably the most misunderstood part of cloud computing. While cloud services do require a degree of trust in the supplier, most providers are providing a much more secure and trustworthy computer environment than most homes and businesses.

    There are downsides however; you do need to have a reliable Internet connection and you do have to trust that your supplier will not only keep a secure environment but also won’t share your data with others and won’t go broke.

    While some of those disadvantages with cloud computing mean that some businesses — particularly those in the medical and banking industries — have to be careful about using online services, for most homes and enterprises the cost and flexibility benefits outweigh the risks.

    Over the next few years we’ll see many, if not most, computer programs move onto the cloud as reliable Internet becomes commonplace. It is the way the IT industry is heading and where we will all be doing our computing in the next few years.

    Similar posts:

    • No Related Posts

  • Is Microsoft Office 2010 suitable for your business?

    Last week Microsoft launched Office 2010, the latest version of their business software suite, promising to “redefine how Australian businesses can use technology to save, innovate and grow.” We’ll be seeing the new version appear on store shelves and bundled with new computers from the end of the month.

    Like the last few Office versions the 2010 edition sees incremental tweaks over earlier releases rather than massive changes, most of these improvements recognise how peoples’ computer use is changing with increased emphasis on collaboration and the Internet along with more media editing in Powerpoint and data manipulation tools in Excel. The changes are good, but probably not compelling for most business users.

    The biggest changes have been in the SharePoint collaboration tools which is where the Microsoft Office franchise is most threatened by cloud computing services like 37Signals, Google and Zoho. For businesses looking at taking advantage of the impressive range of SharePoint 2010 features the backend capital cost of upgrading servers and desktops to meet the needs of the new system will be substantial and there’ll need to be a very good business case for those levels of investment.

    Upgrading paths are an interesting change to Office 2010, for the first time Microsoft is not going to offer deals to users looking at upgrading to the new version. What this probably shows is how effective Microsoft have been in selling recent versions of Office in OEM packages, where the software is sold cheaply with a new computer with the catch it can’t be used on any other system.

    Taking away the price inducement for upgraders will mean most businesses without volume licensing agreements will move to Office 2010 as they replace that were bundled with Office 2003 and 2007 suites.

    This means there will be a mix of Office 2010, 2007 and, in most businesses, the odd 2003 system so it will be important to test exactly how Office 2010 will work in your business. Microsoft have a trial edition of the new package available for download and you should run that on a test system prior to rolling out Office 2010 in your work environment.

    A potential problem for early adopters is with file formats, while Office 2010 uses the same names — .docx, .xlsx and .pptx — as Office 2007, there are subtle differences in the data so setting the new systems to save in the old format is probably going to be the best way to go, although this will disable many of the new features in the 2010 edition.

    Promising to redefine how businesses use technology is a pretty big aim and Office 2010 doesn’t achieve that, although it is a solid product that goes some way in recognising how work patterns are changing in the modern connected office. It isn’t a bad buy if you find the older Office versions aren’t available or the free and cloud based alternatives don’t meet your needs.

    Similar posts:

    • No Related Posts

  • Why I won’t be buying an iPad for now

    This week the Internet is alive with tech journalists and Apple fans breathlessly describing how the iPad is going to change business and the world. All of their predictions may well be true, but it’s best holding off buying an iPad until the hype cycle runs its course.

    Right now, iPad users are in classic bleeding edge territory as the early adopters explore the neat features and the disappointing drawbacks of the new device. There will be joy and tears as they make their journey.

    It’s great they are making those discoveries as this knowledge will make life easier for the later adopters and Apple will address many of the disappointments in their next version, which is the main reason for holding off buying the first version.

    We saw this with the iPhone — the early adopters rushed into buying it even though it wasn’t a particularly well featured device. A year after the original iPhone release, the new 3G model addressed most of the dissatisfaction with the original model. It was a better, cheaper product.

    Exactly the same thing will happen with the iPad, and that’s why you should save your pennies. Almost certainly the next version of the iPad will include multitasking, without which you can’t be talking on Skype while editing your LinkedIn profile and will probably prove the biggest headache to iPad users.

    Where the iPad may really change things is in the retail, logistics and medical industries. All of these sectors have seen some adoption of tablet computers, but the clunky, overpriced Windows based tablets have held the market back. The cheaper, lighter and better designed Apple device will probably accelerate the take up of tablet devices and the business methods that work with them.

    The retail angle shouldn’t be understated. We recently looked at how iPhone products like Redlazer are changing the retail industry and Smart Company’s Craig Reardon recently described how Australian retailers are being left behind by the net.

    It’s no coincidence one of the first business applications for the iPad is a point of sale application. Should the next iPad version be released with a rear mounted camera, it will be more than a glorified cash register and deliver some serious power to smaller retailers.

    The iPad further illustrates just how pervasive computing and the internet is capable of challenging established business models. If you’re ignoring how tools like the iPad, mobile Internet, cloud computing and social media are changing your business then your company probably isn’t going to be around in a few years time.

    While it’s best to hold off buying an iPad right now, you can’t ignore the changes it presents to business. By waiting you make sure you get the best return on your technology investment.

    Similar posts:

    • No Related Posts

  • The lost generation of computers and Microsoft’s new opportunity

    From March 13 Google will cease supporting older browsers like Internet Explorer 6. This presents a great opportunity for Microsoft to grab the lost generation of computer users.

    The lost generation are the computer users who’ve skipped the last few five year cycles of computer upgrades. There’s two reasons for this; Windows Vista’s well deserved poor reputation and the concept of Good Enough Computing.

    While Vista has a lot to answer for, good enough computing iss the main villain — for most household and business users, a Pentium IV running Windows 98 or XP with Internet Explorer 6 was good enough for their daily computer needs.

    So Google’s move to abandon older browsers is going to force many of that lost generation to upgrade. This means those running computers more than six years old will probably be looking at new systems rather than the expense and compromises of upgrading.

    A year ago, the smart money would have been on many of those new machines being netbooks running Linux with a good proportion of Apple Macs, however Microsoft’s release of Windows 7 has turned the tables and it’s fairly safe to say most upgraders will be sticking with Windows.

    Which is a great opportunity for Microsoft to claw back market share and revenue although this doesn’t come without its challenges.

    Microsoft’s challenge lies in convincing buyers to upgrade their other software. Many of these people will baulk at spending several hundred dollars on new office, photo editing or entertainment software and given much of it is available as cloud based systems the asking price will be steep.

    For home and business computer owners the next month will be the time to consider if your older computers are due for an upgrade. If you find they stop doing the things you want or are are slow and unreliable then it might be time to consider your upgrade options.

    Similar posts:

    • No Related Posts