Boiling Like Frogs

Since completing my recent whirl-wind conference schedule, I have been battling a severe throat infection that just won’t go away.  I could count on one hand the number of times I’ve been actually SICK in the past ten years, but this has been one of them!  Started today on a more potent antibiotic… so hopefully this will be short-lived now.

 

Wanted to (last week) send you this article… but just didn’t have the fortitude to type it all out… (still don’t to be perfectly honest)… but here goes anyway….  I will post a follow up to this article tomorrow… so please take the time to read both… as both go hand in hand for what I am recommending everyone take action on at this time.

 

You must have heard the story about the frog that sits in a pot of water that is gradually heated. The process is slow and the frog doesn’t notice as the temperature inches up, even when it gets quite hot. Finally, it is too late and the frog is boiled.  Well, we are all frogs in the computer security pot and it is getting awfully hot.

 

The manufacture and application of malware is no longer the province of script kiddies, thrill-seeking hackers, and occasional malcontents. It has passed into the hands of professionals who are in it for the same reason as bank robbers- money. These people are in the full-time business of removing your wallet. They are located all over the world and are almost impossible to prosecute (if they are ever caught). Not only do they use sophisticated programming but like other types of con men they are masters of psychology and social engineering.

 

It isn’t just individuals who seem to be ignoring the rising heat. Institutions like banks have been shameful in their neglect of basic security practices. It’s the old story of human behavior when faced with an unpleasant prospect. They hope it’ll go away and they won’t have to actually confront the situation. Security is too much work. Security is inconvenient. Security is unpleasant. Security costs too much.

 

Well, the problem is not going away. It’s only going to get worse; there are too many easy pickings for the international gangs.  The statistics that get reported are very discouraging. There’s no way of knowing the true numbers but various studies show that maybe 10 to 20 percent of PCs (or more) contain malware. Much of this is some form of Trojan horse that makes the unwitting owners of the infected zombie computer part of “botnet” rings. Even a small number of infected machines is a problem. The Internet is like a giant organism with low resistance and a few infected machines rapidly multiply their numbers.

 

In my opinion, this is a situation that is rapidly getting out-of-hand. It’s a mess that gets more complicated by the day. You are supposed to have a vast collection of software to guard you. You need a firewall. You need anti-virus, anti-Trojan, anti-spam, anti-phishing, anti-spyware. And of course, all of these programs don’t always play well together. Yes, you can get suites but so far there is no suite without at least one or more inferior components. All these things running in the background result in a big hit to system performance. Next, you need constant security updates for all of this. And you also need security fixes for all kinds of other applications. You need to update Windows. You need to update your browser. You need to update Microsoft Office. You need to update Flash, You need to update Java. And so on. Then there is the problem that not everybody bothers to update. The software companies are trying to make the updating as automatic as they can but the statistics on the results are not good.

 

Everyone gets “patch fatigue”. We’re numbed by the constant drumbeat about new malware. Even businesses with full-time IT staff have a hard time keeping up. The fact is, even with constant updating, systems are still vulnerable to so-called “zero-day” and undocumented exploits.

 

Moreover, it’s not just the PC that is a problem. People are becoming more and more connected. Cell phones, iPods, Blackberrys, and other similar instruments are ubiquitous. The criminals are not neglecting these fresh pastures.

 

I could go on and on with the lamentations and hand-wringing but all that becomes a bit boring.  Let’s look at possible answers.  We have to begin with the sad fact that our fellow human beings are not to be trusted. Most of us are basically decent and responsible people who do not steal or enjoy vandalizing other people’s computers. We would prefer to be able to use the Internet in a spirit of community and trust. Unfortunately, there are always hoodlums, charlatans and sociopaths waiting to take advantage of our trust. So we have to stop believing everything we read on the Internet. We have to treat all emails as possibly suspicious and never click on any links they contain. We have to regard unfamiliar Websites as potentially dangerous. We must test anything we download before we install it to see if it is malware. We have to trust less and verify more!

 

Also, there is no getting around the fact we must give up a lot of convenience. There is a clear trade-off between ease-of-use and security. Locked doors are less convenient to use than open doors. For example, online operations like banking will have to involve longer procedures. Security can be tedious but we must learn to live with computers that are harder to use. Reports on the Web about the annoyances of the new security features in Windows upcoming release of Vista illustrate that point.

 

Some people (usually officials who want headlines) suggest that more laws are the answer to the security problem so they urge or pass laws against Internet fraud. These efforts are so pathetic that I have to wonder how seriously the law-makers really take them. There are plenty of laws against fraud already. Does anyone really believe they are going to deter the gangs in places like Uzbekistan, and Iran, and Russia? However, if the legislators want to pass laws, there is a very important way they could help. Let them make fiduciary institutions like banks more responsible for security breaches. At present these institutions are woefully inadequate in guarding your personal data or in guarding against phishing. (There are some exceptions like Bank of America and Vanguard.)

 

If your identity is stolen, the burden is on you, not the bank. Let the legislators pass laws making the banks, stock brokers, etc. responsible for losses due to identity theft. Make them responsible for safeguarding your personal information. Make the institutions liable and then you’ll see a lot more security. Of course, this will cost money and make things like online banking less convenient but it has to be done. As long as it is really easy to steal somebody’s account information, thieves will thrive. As of now, institutions haven’t the incentive to do much about it.

 

I also believe the current notion that the PC should be an all-purpose machine with the same basic type being used by everybody from grannies doing email to big businesses with large applications is fatally flawed. Microsoft, Intel and Dell have a big investment in this model so we are probably stuck with it for a while but it makes no sense. A whole lot of the people who use computers at home simply don’t need the power and flexibility of the current PC and they are completely unprepared to do many of the security measures that these systems require. I deal with a lot of ordinary people who have little understanding of Windows and no interest in learning details about how a PC operates. They want something that works like their other appliances. They want to turn the PC on, do some email, surf a little and that’s it. The needs of this large section of the PC users could easily be met with a machine that is a lot safer and easier to use than the present PC type. It would also be cheaper and that’s the rub; there’s no money in selling a box with limited functions. Unfortunately, these average users are the very people who are the biggest security problem.

 

What about the defenses right there on our own PC? Can we improve them? Previously, I’ve written about “Do We Need a Paradigm Shift in Anti-Virus and Anti-Spyware Protection?”, where I suggested that the reactive approach with anti-everything software was clearly not working. The solutions mentioned in the previous article included using virtual machines and I think that may be the best practical solution.

 

There are various ways to configure your Internet browser to make your computer safer but that’s a subject that involves technical details and will have to wait for another time. Meanwhile, don’t let the scalawags out there ruin your enjoyment of the wonderful world of the Internet.

 

Tomorrow… I will continue this thread with a suggestive measure you can take now to help with your spam dilemma, which in turn will solve many other dilemmas for you as well.

 

Until then….

 

Ed

 

Care to comment on this article?  Your comments are welcomed below….

 

 

Why Read This Blog?

Folks, I cannot begin to even tell you how frustrating it is for me that I spend hours and hours and hours, and thousands and thousands of dollars, trying to stay on the bleeding edge of technology, JUST SO YOU WON’T HAVE TO, but then, when it comes to me condensing everything for you in to simple blog posts, over 75% of you won’t take the time to read and keep up.

 

Trust me… I KNOW everyone is busy (at least most of you want people to THINK you are)… however, what I bring you here at this blog is as condensed and up to date as I can bring it to you, and it’s not like I’m asking you to read a novel every day.  Yet, some consider it too much of a burden on their precious time to take a few minutes (sometimes not even that long) to stay current on things here.

 

Case in point (TWICE THIS WEEK), we had technical issues to deal with.  One we are STILL dealing with at the time of this post (The AOL Email Problem).  In BOTH Cases, I posted information at this blog explaining (to the best of my ability) what was (and is) going on, what was being done to correct the problem, and what you should and could expect.  Yet, even posting updates here to the blog, our phones still rang off the hook (IN BOTH INSTANCES) from people calling here wanting to know what was going on, why they couldn’t send or receive email, etc., when all of the answers I could give you were posted RIGHT HERE!!

 

Same goes for the AOL problem STILL GOING ON at this hour.  I’ve had numerous email’s and phone calls today, wanting to know why AOL was bouncing all of their email… thinking “well… this MUST have something to do with the email problem EBAWebs had the other day.

 

Had you just come here FIRST and checked this blog, you would have seen exactly why some (if not all) of your email to AOL, Netscape, and cs.com subscribers, was bouncing.

 

Folks, I don’t post to this blog just because I have nothing better to do with my time… it’s PURELY for YOUR BENEFIT… and if you’re choosing not to monitor things that affect your business, then SHAME ON YOU!!

 

And please understand, when we have issues going on that involve ANY technical glitch or aspect of your web site and / or email…. we already know the issue exists LONG before you notice.  We have alarms in place… we have bells and whistles that go off.. etc…  so trust me… if you are having a problem…  WE KNOW ABOUT IT.

 

If you are experiencing ANY problem with your site or email… come here… check the blog.  If you don’t see anything posted here… the procedure is… FILL OUT A SUPPORT TICKET.  Please do NOT call our office, or just send an email (if your email is working) because that defeats the whole purpose of having this blog and our support ticket system in place for you.

 

As much as you may think I sit in front of the computer 24/7, or sit by my phone ’round the clock, that’s just not possible.  Therefore…  the systems that are in place to monitor your site and your email, are there for a reason.  You calling here, and emailing me… does not accomplish a whole lot…. other than to tie up our lines and manpower that we need to be using to focus on the problem at hand to get it fixed for you as quickly as humanly possible.

 

If a technical issue has been raised that affects everyone, a post will be put up RIGHT HERE at this blog addressing the issue, and what is being done about it.  Calling our office to tell us you can’t send email… and sending faxes, etc., only takes away precious time we need to be dealing with your issue.

 

I can very much appreciate everyone wanting to know what’s going on…  but please try to understand that you are not our only client… and if everyone picks up the phone and calls here to tell us you’re having a problem, without first checking here…  and without first completing a trouble ticket, only serves to slow down our main task, and that is, to restore your service to 100% effectiveness as quickly as we can.  Taking 5 minutes to answer questions on the phone may not seem like a big deal to you… but multiply that times 100 people calling, and look what it does.  

 

So, please, in the future….  check the blog first.  If you don’t see anything here that addresses any issue you may be having, DON’T SEND ME AN EMAIL.  Use the TROUBLE TICKET form (there is a link from this blog just above the RSS Reader ICONS that says “Submit a Trouble Ticket”….  USE IT if you’re having problems.

 

As a reminder… the TROUBLE TICKET system is for JUST THAT…  T-R-O-U-B-L-E….  not for things like “Would you please set up an email address for Joe Schmuck… he just joined our team…..   Trouble tickets go to me… they also go to my 24/7 tech support guys and gals…   so therefore… if you send me an email… and you tell me in that email that you are having a problem…  our tech people will not see that.  At the same time, if you call our office, leave a voice mail message saying you’re having a problem receiving email….  I may not get that message for hours…   whereas submitting that trouble ticket will get your issue to me and our support staff almost immediately.

 

I don’t mean to sound like I’m ranting and raving here, because that is not my intention.  However, this past week, based on the volume of calls we received about email issues, and the number of email’s (not support tickets) that I received, it spoke VOLUMES to me about how FEW OF YOU are bothering to follow the systems we have put in place for you.

 

Check the blog FIRST.  If you don’t see anything concerning your issue (if it IS a technical issue) then SUBMIT A TROUBLE TICKET.  Calling and emailing should be the LAST THING you do… and if everyone would PLEASE follow this system, it will make everyone’s life and job a lot simpler.

 

Thank you for your cooperation.  Have a good weekend!

 

Ed

 

AOL (ALMOST On Line)

We have just been notified of technical issues related to any domain on the AOL service. This includes such mail domains as aol.com, cs.com, and netscape.net.

 

Here is the notice we received:

 

“AOL has informed us that they are experiencing issues that are affecting their ability to accept and deliver email to the AOL domains (aol.com, netscape.net and cs.com). They have asked that we notify our clients of the problem and request that you suppress sending email to AOL until they have resolved the issue.

 

If you try to send email to AOL during this time you may experience TEMPFAILS or non-responsive AOL MTAs.

 

AOL has not provided us with an estimated time for this issue to be resolved but we are monitoring the situation closely and will send out an update when we have more information.”

 

We have gone one step further and checked with our contacts at AOL. The AOL postmaster has confirmed what we were informed of, and requested as well that we desist mailing their accounts until such time that their service has recovered from the technical issues they are experiencing.

 

We were also furnished with this article, telling us the nature of the issue:

http://www.businessweek.com/ap/financialnews/D8HVIOV00.htm?sub=apn_tech_down&chan=tc

 

Please note that this issue may cause missing mail to AOL, and is in no way under our control. The problem is solely at their end, and we will ensure that you are kept up to date.

 

This also includes any newsletter subscribers we are sending to over these next couple of days with your June Newsletters…  those at AOL “Probably Will Not Receive” this month’s issue. 

 

Regards,

 

Ed