Sharks patrol these waters

You can’t expect an anti-virus program to fully protect IT systems, the risks are far more pervasive.

The announcement that the New York Times was attacked by Chinese hackers after exposing the financial details of the nation’s Premier doesn’t come as much of a surprise to anybody following either China or computer security issues.

One of the realities of modern computing is that systems are constantly being compromised, the complexity of IT networks is so great that even the best security experts can be caught off guard.

Securing our networks

In such an environment the normal business and home computer user has little chance against sophisticated criminal or government sponsored attacks, by the Chinese or any other spy agency.

One example of how badly wrong things can go for an organisation is the hacking of security advisory firm Stratfor in 2011, this illustrated how small business practices of having relatively open networks and poor password security can have serious consequences.

The issue is not how we fortify our systems against intruders, but how we manage the risk. A useful analogy is how supermarkets deal with shoplifters – they can’t eliminate the problem, but they can manage it in ways that control losses.

Businesses, governments and home users have a range of things they can do to make it harder for hackers to get into a system and limit what they can access if determined one gets in.

The limits of anti-virus

Another aspect in the story that doesn’t surprise is the poor performance of the New York Times’ anti-virus software. According to Forbes, Symantec only caught one malware program out of the 45 installed by the hackers.

I have an entirely rational hatred of Symantec. While running an IT support business, their products were the bane of our lives and we encouraged users to choose alternative security software because of the unreliability of many of Symantec products, particularly the once proud Norton brand that was aimed at home and small business users.

At the time of the great malware epidemic in the early 2000s, Norton Anti-Virus had a huge market share and it proved to be worse than useless against the various forms of drive by downloads and infected sites that were exploiting weaknesses in Microsoft Windows 98 and XP systems.

Windows weaknesses

The common culprit was Windows ActiveX scripting language that Microsoft had introduced to standardise its web features. While a good idea, Microsoft made ActiveX a fundamental part of Windows and gave the features full access into the inner workings of the system.

Sadly Symantec made the decision to run all their security software on ActiveX as well.

As ActiveX was the main target for malware writers it meant that Norton AntiVirus or their Security suite would crash in a heap once a computer became infected and the Symantec software would actively interfere with attempts to cleanup a compromised system.

Making matters worse was Symantec’s subscription policies which cut customers off from vital updates and their bizarre policy of not including important upgrades in their automated updating function.

The failures of tech journalism

All of these factors made Symantec a loathed product in our office. It wasn’t helped by a generation of tech journalists who wrote gushing stories about Symantec, gave their products favourable reviews despite the company’s lousy reputation and consulted their employees for expert comment.

It wasn’t tech journalism’s finest hour. What really grates is the number of these folk still peddling nonsense about IT security and anti-virus software.

That distrust of Symantec continues to this day and those of us who struggled with their products a decade ago are not surprised at their poor performance on the New York Times’ network.

State sponsored risks

In defense of Symantec, the Chinese hackers are very good and its unlikely any security software would stand up to a sustained and determined attack from them or their counterparts in the US and Israeli governments.

We should also note that government agencies trying to get into systems is not just something done by the Chinese, US and Israelis; every government in the world is engaging in these activities against foreign businesses and their own citizens.

So we have to accept that these breaches and attacks are a real threat to any computer and any organisation. It may well be should build our security strategies around the assumption the bad guys are already in the system rather than believe we can build a giant electronic fort to keep the bad guys out.

One thing is for sure, you can’t rely solely on anti-virus software to secure your IT systems.

Similar posts:

Necessity, innovation and the birth of the web

The world wide web was born out of necessity. It’s inventor, Tim Berners-Lee, says the innovation has barely begun.

The man who invented the world wide web, Tim Berners-Lee spoke at the launch of the CSIRO’s Digital Productivity and Services Flagship in Sydney yesterday.

In telling about how the idea the idea of web, or Hyper Text Markup Language (HTML), came about Berners-Lee touched on some fundamental truths about innovation in big organisations.

In the 1990s the European Laboratory for Particle Physics (CERN) in Geneva had thousands of researchers bringing their own computers, it was an early version of what we now call the Bring Your Own Device (BYOD) policy.

“When they used their computers, they used their favourite computer running their favourite operating system. If they didn’t like what was available they wrote the software themselves,” said Tim. “Of course, none of these talked to each other.”

As a result sharing data was a nightmare as each scientist created documents using their own programs which often didn’t work on their colleagues’ computers.

Tim had the idea of standard language that would allow researchers to share information easily, although getting projects like this running in large bureaucratic organisations like CERN isn’t easy.

For getting HTML and the web running in CERN Tim gives credit to his boss, Mike Sendall, who supported him and his idea.

“If you’re wondering why innovation happens, one of the things is great bosses who let you do things on the side, Mike found an excuse to get a NeXT computer,” remembers Tim. “‘Why don’t you test it with your hypertext program?’ Mike said with a wink.”

There’s much talk about innovation in organisations, but without management support those ideas go nowhere, the story of the web is possibly the best example of what can happen when executives don’t just expect their workers to clock in, shut up and watch the clock.

One key point Tim made in his presentation was that it was twenty years after the Internet was invented before the web came along and another five years until the online world really took off.

We’re at that stage of development with the web now and with the development of the new HTML5 standard we’re going to see far more communication between machines.

Berners-Lee says “instead of having 1011 web pages communicating, we start to have 1011 computers talking to each other.”

These connections mean online innovation is only just beginning, we haven’t seen anything yet.

If you want your staff to stay quiet and watch the clock, that’s fine. But your clock might be figuring out how to do your job better than you can.

Tim Berners-Lee image courtesy of Tanaka on Flickr

Similar posts:

A weird case of Stockholm syndrome

Some business have been trapped by their own technology. This is one of the problems for many news organisations.

Hacks and Hackers are regular informal meetups where technologists and journalists get together to discuss how news gathering is changing in the digital age. The November Sydney meeting featured a discussion with Aron Pilhofer, founder of the original event and Editor of Interactive News at The New York Times.

Aron had some great views on how journalism is changing and some of what he mentioned about the New York Times’ digital adventures was off the record

Some gems from Aron included just how ‘dirty’ raw data is from government agencies and how journalists can help open data advocates make their stories more accessible. Those topics are for future blog posts.

One of Aron’s comments about the challenges of the media was how many news organisations are trapped in “a weird case of Stockholm syndrome” – where their output is limited by their Content Management Systems.

It’s notable how many businesses, not just in media are constrained by their own systems – what was set up to serve the organisation has instead has become the master.

Of all the take aways from Aron’s talk, the Stockholm Syndrome of poor CMS’ is the most universal across industries – organisations pay a fortune to multinational consultancies for poor software platforms that management then tries to shoehorn their staff and business processes into.

This rarely ends well and usually creates more problems as the business loses flexibility, which is exactly what has happened to new organisations.

Sometimes biting the bullet and writing off a poor investment, particularly in software, makes damn good sense.

Similar posts:

  • No Related Posts

Windows Phone 8 launch

Can Windows Phone 8 reclaim Microsoft’s lost mobile crown?

This week’s launch of Window 8 Phone is part of Microsoft’s strategy to remain relevant in a world where personal computers and laptops are being left behind by smartphones and tablet computers.

In many ways, the tablet and mobile market is an opportunity lost by Microsoft – for a decade the market had been desperate for decent tablet computers and smartphones. The Windows tablet and PDA product in the early 2000s ran on was expensive, heavy and clunky hardware that discouraged even the most determined user.

The failure of Microsoft and their partners cost the company dearly when the iPhone and then the iPad stole the market from them. Today Apple’s iPad owns the tablet computer market while the iPhone on its own makes more money than all of Microsoft’s products put together.

Microsoft’s response to this threat to their core business has been slow and wasn’t helped by the company Windows Vista disaster, a mis-step that broke the PC upgrade cycle.

Fortunately Windows 7 put Microsoft’s core business back on an even keel as they contemplated their customers’ move away from the personal computer.

The strategy now for Microsoft with Windows 8 is the “run anywhere” philosophy where a document created on your tablet computer can be accessed just as easily on your PC or on a smartphone. This relies on a cloud computing service and the same operating system running on all devices – interestingly this “hybrid cloud” idea underpins Apple’s iCloud as well.

Being able to run documents across all Windows devices was a key part of Microsoft’s launch today with a demonstration of how Office 2013 files can be accessed.

To get the full features of Windows Phone though you’ll have to be running Windows 8 AND Microsoft 2013 on your tablet and personal computer.

Vendor lock-in isn’t surprising as this strategy lies at the heart of Microsoft’s business model – the problem is the market is moving away from the Windows platform and many of the devices, and people, Windows Phone users will be communicating with are using Android or Apple systems so many of the gee-whiz functions are lost.

One of the functions displayed is Rooms, which allows like minded people to share various features. As the Microsoft media release says;

Sometimes you want to share and chat with one group, not your entire social network. Rooms allow you to create private groups of people who have Windows Phone 8 — like your family members best friends or fantasy football league — and easily connect with just them. Chat, share calendars, shopping lists or photos in an ongoing conversation where only those invited can join in. You can share some aspects of Rooms with friends and family on other smartphones as well.

The problem is that when your family members, best friends or fantasy football league competitors aren’t using Windows 8, the Rooms function becomes little more than a glorified shared calendar – Dropbox and Google Docs provide more features.

For the family user Windows Phone 8 does have unique feature in allowing a children friendly profile called Kids Corner, where parents can quarantine the little ones from the main address books and features while allowing only certain apps to run. Unfortunately there’s only one Kids Corner so the little darlings will have to fight it out over the Angry Birds account.

That Angry Birds app is the harbinger of where Microsoft’s multiple screen strategy will either succeed or die in the ditch as it will be the available applications which will determine whether customers will buy the device over the iPhone or Android competitors.

Looking at the Samsung, HTC and Nokia phones that will be released running Windows Phone next month, all seem to be decent pieces of hardware although the Nokia 920 seems to be a hefty unit compared to the competition. Overall though all three phones seem to be decent competitors with their own strengths compared to the Android and Apple opposition.

The success of Windows Phone will define Microsoft’s place in the post-PC world, now its up to the company and its partners to sell them.

Similar posts:

Apple’s 2am blues

Apple has a silly daylight savings bug.

Should a Sydneysider or Melbournite wanted to set their iPhone alarm to 2am or 2pm today they were plain out of luck.

It appears iOS6 no longer likes 2am or 2pm if your location is set to the parts of Australia that switched to summer daylight savings this morning.

iOS6 loses 2am in Eastern Australia going to daylight savings time

 

While it’s understandable you can’t set your clock to 2am Sydney, Melbourne or Hobart time as the clocks jumped an hour you also can’t set it to 2pm.

Although if you already have a timer set, it still appears as 2am, or 2.30am in the case of my phone.

It’s just a dumb bug and switching to Brisbane time, or any other part of the world that didn’t go over to Australian daylight savings time this morning, fixes the problem.

Had I known about this yesterday I’d have turned on that 2.30am wake up call just to see what would happen. Then again, maybe not.

While it will undoubtedly fix itself tomorrow as the transition day passes, it’s pretty clumsy and embarrassing. Moreover it doesn’t bode well for Apple’s attention to detail in the post-jobs era.

UPDATE: As expected the bug has passed the following day — we have our 2 o’clock back although that such a silly bug could have slipped past Apple’s quality control is still a worry.

Similar posts:

Living the Salesforce dream

Dreamforce showcases Salesforce.com’s vision of cloud computing, big data and social media’s future.

The history of Salesforce.com tracks the evolution of cloud computing. Founded by Marc Benioff and Parker Harris in a San Francisco apartment at the 1999 peak of the dot com boom, today the company has over 100,000 customers with a market capitalisation of 21 billion dollars.

While founded as a sales Customer Relationship Manager (CRM) service, Salesforce’s range of products has extended across a number of other business functions such as business intelligence and customer support.

Dreamforce is the company’s international major conference which in 2012 is expected to attract 90,000 attendees to hear what is planned for the platform as they expand into new fields.

Along with Salesforce are 350 partners exhibiting their services that plug into Salesforce’s system. As we saw at the Xero conference, the community of developers and support companies are as important to a software company’s success as its products.

One of the notable things about Salesforce is the company’s hunger for acquisitions having taken over twenty-four companies in the last few years. It will be interesting to see how Salesforce are integrating those startups.

Salesforce are probably the company at the forefront at adopting social media into their products as seen with the acquisitions of companies like Facebook advertising platform Buddy Media and the Rypple  social performance review service.

The move to mobile is changing how businesses interacts with customers, this is one of the challenges for Salesforce.

Just as Salesforce has tracked the rise of cloud computing, the company is now tracking the evolution of Big Data and social media.

The Dreamforce 2012 conference should give some insight into how the company, and other industries, are adapting to the challenges presented by the mobile web, big data and the social workplace.

Paul travelled to the Dreamforce conference courtesy of Cloudforce.

Similar posts:

One platform united under Microsoft

How the software giant wants to lock corporate customers into their products.

Microsoft’s annual Australian TechEd conference on the Gold Coast this week comes at an important time for the software giant as the company launches a range of products to meet the major threats to its tech industry dominance.

With the move away from desktop and laptop computers to smartphones, tablets and cloud computing services Microsoft’s profitable server and office franchises have become less relevant in a rapidly evolving market place.

To counter this move Microsoft are refreshing most of their key product lines this year including launches of Windows 8, Windows Server 2012 and the high stakes Windows Phone 8.

Underlying these releases is Microsoft’s “one consistent platform” offering a seamless experience between traditional in-house servers, the company’s Azure cloud product along with the services of partners, integrators and resellers.

Core to Microsoft’s enterprise strategy is their Hyper-V virtualisation product that allows businesses to reduce costs and business complexity by easily replicating systems onto different servers or networks. At present Microsoft claims 25% of the Australian virtualisation market compared to VMWare’s 50%.

At the home and small business ends of the market Microsoft also have a “one consistent platform” strategy with services like Office365 offering the same look and feel regardless of whether they are using a smartphone, tablet or desktop computer.

Microsoft hopes to replicate the success they had in the 1990s by locking customers into their integrated cloud and server environment. This is consistent with the “own the customer” strategies of other major players like Apple, Amazon, Facebook and Google.

The flaw in trying to own the customer across all devices is the difference in technologies – what works on a desktop computer with a mouse, keyboard and large screen doesn’t necessarily succeed on a smartphone or tablet computer using a smaller touch screen.

Windows 8’s development has illustrated how Microsoft are struggling with their aim delivering a consistent look across all platforms as early users struggle with the now renamed “Metro” touch screen interface and demand they get their start buttons back.

The inconsistency between platforms also appears with the cloud based Office365 productivity suite which lacks many of the advanced features of the desktop Microsoft Office packages that dominate the PC market.

Office’s advanced functions are one of the areas where Microsoft has successfully held off competitors like Google Apps as office workers – and writers – find the richer features in the desktop application actually matter when using word processors or spreadsheets.

Another of the advantages Microsoft has over Google and other cloud based competitors is their army of software partners, integrators and resellers supporting their products.

One of the pillars of the “One Consistent Platform” strategy are the service providers who have built their businesses on supporting Microsoft’s products. With the move to the cloud many of these integrators and resellers have been threatened by the reduced margins offered by online services.

The stakes are high for Microsoft and their partners as the computer industry moves away from the model which has worked well for them over the last twenty years.

Whether customers will stay with the revamped Microsoft services and products is going to depend on how well the “One Consistent Platform” is executed. As Apple, Facebook and Google have shown, customers will stick with one service if their needs are being met.

Similar posts: