Security Bulletins, computers, and cars

Submitted by John Locke on

It's been a bad week for computer security. Basically, if you use the Internet and have a computer, it needs updating. Even Mac and Linux users are affected.

First off, Windows. For those of you trying to limp along with Windows 98, ME, or NT, I'm sorry to say we've reached the end of the line. Microsoft has announced that they do not plan to release a fix for these operating systems, for the critical vulnerability revealed earlier this week. If you use any Windows 98 or ME machines to browse the Internet, you're vulnerable, and the only thing you can do is update to a newer operating system.

For Windows 2000 and XP users, if you don't already have people responsible for keeping your computer up-to-date, go to Windows Update NOW and download all the available updates.

What's the issue? Basically, there's a problem in the Windows code that translates image files from files to pictures. All you have to do is view a specially crafted image in any Windows program. Including Office, Outlook, Internet Explorer. Including Firefox. Including just about everything that can show you a picture. You could get infected by following a link on Google to a less-than savory site, or opening a Word document from a friend.

Anti-virus software can help block known viruses, but like always, can't protect you from brand new viruses until the anti-virus folks can discover, dissect, and create virus signatures to detect them.

Now let's take a look at a second vulnerability of the week: Firefox, Thunderbird, and the other Mozilla packages. New versions of each were also released on Tuesday. They fix some potential flaws that could lead to hijacks on any operating system.

Mac users on the newest version of the Apple operating system also got an updated release this week, for users of OS 10.4.

Fourth vulnerability: Zlib packages. Zlib is a set of software that makes files take up less space on the disk. This may not sound like much, but it's built into hundreds of other programs, on all platforms. Especially Unix-based platforms, like Mac and Linux. There isn't a specific action to take here, so much as keeping an eye on bulletins for programs you use.

Computer maintenance vs. car maintenance

Which brings me to the point of this newsletter. Like it or not, somebody needs to actively take responsibility for keeping each computer up-to-date.

Think of your computer like your car: every 3,000 miles, you change the oil. Every 15,000 miles, it goes in for more major maintenance. And as things break, they need to get fixed.

Computer maintenance is similar to car maintenance in that with the proper tools, talents, and time, anybody can do it. But do you really want to? Most of us just take our cars into somebody else's shop, pay somebody to handle the maintenance for us.

Obviously, though, computer maintenance is different than car maintenance. Without maintenance, your car will eventually break down and stop working. It could kill you in the process, if something catastrophic goes wrong at a bad time. With a computer, the risks are entirely different:

  • Your computer could break down, taking all of your digital photos, finances, and documents with it.
  • Your computer could slow down, when a virus or spyware starts using up all of its memory, and uses your Internet connection to send itself to all of your friends.
  • Spyware or viruses could reveal your personal information, such as your credit card numbers or social security numbers, along with anything you ever type into it.
  • Worms or viruses could lead you to being unable to get to web sites or send email to your friends, if your computer becomes marked as a virus-carrier.
  • If you're running a business, a compromise could lead to revealing any data you have about your customer, potentially leading to you being the target of a lawsuit.

Aren't you exaggerating a little?

No.

Technology people have an expression that's starting to spread to the mainstream: FUD. FUD stands for Fear, Uncertainty, and Doubt, and basically refers to a marketing practice of whipping up these emotions in people to get them to buy your product, service, or U.S. Congress bill. So before I give you my marketing pitch, let me borrow a phrase from the late Douglas Adams:

DON'T PANIC!

But my point is valid. Think of all the complicated machinery we all have in our houses and lives, besides cars: televisions, toasters, DVD players, digital cameras, refrigerators, ovens, grills, bicycles, furnaces, and vacuum cleaners to name a few. None are as sophisticated or complex as your desktop computer. Most are far more reliable than your desktop computer. All require some sort of maintenance, and many require special expertise to provide that maintenance. And none of these can reveal your financial identity to a thief who lives on the other side of the world. At least not until you hook your toaster up to the Internet, anyway.

Do I have to become a geek?

You don't need a license to run a refrigerator, but you do need quite a bit of training to learn how to drive a car. A hundred years ago, only a handful of enthusiasts knew how to drive a car, and most of them of necessity had to become mechanics while they were at it. Today, hundreds of millions of us drive every day, without thinking twice about it. And we hire mechanics to fix our cars for us.

We're still early in the development of computers--and already more than half of all Americans use them. We expect them to be as reliable as our cars and refrigerators, and when they're not, we get frustrated. But we're already dependent on them for our businesses, and they're starting to have a major impact on our culture as the lines between content producers and content consumers starts to blur.

But collectively, our computer driving skills could use some work. Careless computer use can lead to the results I pointed out earlier: loss of data, computers that become sluggish and unusable, problems accessing things everybody else can use, theft of your financial identity, and potentially even legal trouble.

Computer mechanics ARE starting to appear, all over the place. And while fixing a computer can often cost less than buying a new one, if you don't learn some basic computer driving skills, you're going to need to hire a mechanic even more quickly.

If you're going to use a computer, you're going to need to learn some basic driving skills if you haven't already, and you're going to need a mechanic.

What do I do now?

If you're set up with Windows 2000 or Windows XP, once you've done your updates, you're fine. For a while. If you're using a recent Mac, you're also probably fine once you've done your updates. If you're still on Windows 98 or Windows ME, it's near time to upgrade.

Before going out and buying Windows XP, however, it might be a good time to look at some alternatives. Unless you have a compelling reason to stick with Windows, if your needs are modest you'll probably end up saving quite a bit of money by switching to Linux. Why?

  • Hardware costs. Your Windows 98 computer may have (barely) enough resources to run Windows XP, but most of the Microsoft software keeps demanding faster computers with more memory. If all you're doing is email, web browsing, and office document-type of work, we can set you up with a streamlined Linux distribution that will do all this for you easily, and breathe new life into that old hardware of yours.
  • Software costs. Most people are used to buying programs to do everything. Need to do something new? You have to go shell out another couple hundred dollars. A recent computer I purchased for a client cost $600 for the basic computer and a nice flat panel monitor. The Microsoft software to go with it cost another $500. If you're willing to try open source software, that $500 could be spent learning how to use some of the free, powerful alternatives. It's no longer necessary to buy basic application software--for just about every business need, there is an alternative that costs nothing more than the time spent learning to use the application, or paying someone to train you.
  • Administration costs. Microsoft provides a great package of tools for managing hundreds of computers in large enterprises. The Windows Update service works reasonably well for individuals. But if you don't want to be your own IT professional, hiring someone to do it for you remotely, especially for more than one or two computers, costs more money because you have to pay them to come visit your office every time something needs to be done. It's possible to set up remote administration facilities for Windows, but this costs more money, while the ability to administer Linux machines is built into the core system. If I install Linux on your computer, I can easily turn on a couple of features that allow me to securely administer your computer from my office. The closest Windows equivalent, Remote Desktop, is the target of another of this week's security vulnerabilities.
  • No escaping administrative costs. With Windows, somebody needs to administer the machine. You need to be an administrator to do many tasks, and if that's not you, it's gotta be somebody. In the Linux world, some people have built operating systems that don't need a hard drive--they can run entirely off a CD-ROM. If all you're doing is email and web, you can have essentially an Internet appliance that essentially cannot be infected by spyware or viruses--every time you start up, it's like having a completely fresh installation of the operating system. Cleaning your system is as simple as restarting your computer. Upgrading is as simple as putting a new CD-ROM in the drive and restarting your computer.

Alternatives to Windows exist, and they come in all shapes and sizes. We can help you figure out the best strategy for keeping your current costs low, while also keeping your computing costs down over the long haul. Just remember that no matter what anybody tells you, as long as you're using computers there's going to continue to be costs involved. Talk to a professional you trust before making major purchasing decisions.

Why not switch to Linux?

You might hear a lot of FUD about how Linux is more expensive, that "it's not ready for the desktop," that it's hard to configure and use, that it's confusing. In many ways, Windows still isn't "ready for the desktop" either--you still have to have somebody administer the machine, to make one point.

But there are some good reasons why you might need to stay with Windows, at least for now. And they boil down to your experience, along with any applications you're already locked into.

To a beginner, all computers are mysterious, complicated, and confusing. Even driving a mouse takes muscle coordination that you may have forgotten that you've learned. In learning to drive a Windows machine, you may have picked up all sorts of habits that are as unnecessary as double-clutching a modern car--habits like rebooting when something goes wrong. Switching to Linux can be like renting a car in another country--the signs are unfamiliar, you drive on the other side of the road, you're sitting on the wrong side of the car. There is a definite learning curve involved in switching to Linux, but with a little time behind the wheel, you'll soon feel right at home.

For the new computer user, learning to use Linux is no harder than learning to use Windows. For really experienced users, Linux offers far more power, customizability, and flexibility that makes Windows feel constraining. It's only those in the middle who have been using Windows for years that have any trouble making the switch. And because large corporations are filled with people who have been using Windows for years, most of the stories you'll hear about add retraining and temporary loss of productivity as a significant cost.

The other reason you might not be able to switch to Linux is if you rely upon some application that's not available in Linux. I don't mean Microsoft Word or Powerpoint--those can be completely replaced by OpenOffice (without even switching to Linux). But in just about every primary business, there are key programs you and your colleagues use, that people in other industries don't need. Many have open source, Linux-based equivalents, but the open source versions are often far behind in terms of functionality.

Now, I'm not an expert in these areas, but I'm going to provide some examples of software with different types of issues preventing people from switching. If you're in one of these fields and would like to try out some of this software and help me put in more detail, give me a call and we'll set up a demo for you. Here's a few examples:

Professional Software and Open Source equivalents
Profession Assessement Proprietary Software Open Source Equivalent Notes
Bookkeeper Great equivalents; migration is expensive Quickbooks GnuCash, SQL Ledger It seems like all small businesses use QuickBooks, as if there was no other choice. It's an automatic decision for most businesses. Never mind that many accountants prefer PeachTree. But in any case, there are some great business accounting packages for Linux, and we have quite a bit of experience working with them. Personal finance programs are definitely more polished in Windows, but it's easy to find some simple checkbook managers for Linux. Bookkeeping seems to be the single biggest barrier for moving a small business to Linux--not because there isn't an alternative, but only because people are stuck with several years of data in what they currently have.
Photographer Good equivalents, missing a couple high-end features PhotoShop The GIMP The GIMP is a powerful image manipulation program that does nearly everything Photoshop does. However, until version 2.0 came out a year or so ago, it didn't handle the CMYK color model, which professional photographers and printers need for print production. The GIMP is now pretty much equivalent to Photoshop 6.0, and can read Photoshop files directly. Color management in general is a weak area for Linux and The GIMP.
Print publisher Good equivalents, not quite mature InDesign, Quark Scribus Scribus already does most of what PageMaker could do, and it's only a couple years old. Compared to InDesign, the main lack you'll find in Scribus is the ability to drag and drop pictures and text from other programs--another weak area for Linux in general. There's a way to do just about everything related to laying out and printing a brochure or sales pamphlet in Scribus, but figuring out how can be a challenge. Unlike The GIMP, color management is one of the strong points for Scribus, and most of its users are professional desktop publishers so you know it has compelling features. It also can do PDF forms, and most anything you'd like to do in a PDF. I don't know how effective it would be for laying out a longer catalog or magazine, however.
Architect Equivalents for modest needs AutoCAD QCad QCad is a 2-dimensional CAD program. It doesn't have the 3-dimension capabilities of AutoCad, but it's a lot easier to use in general, and if you don't need the 3-dimensional views, you may find it a great solution at a fraction of the cost. QCad can read industry-standard DXF files.
Building Contractor No equivalents Various estimating packages None There are about a dozen different packages for generating estimates for housing remodels. Some include regularly updated databases with prices of materials in particular cities. As you get to the lower end of software, there are a lot of authors of shareware packages to meet very specific needs, and only a few of these have moved to an Open Source model.

Moving to Open Source

Even if you're stuck using a proprietary, Windows-only software package in your business, there's no reason you can't start taking advantage of open source software for the rest of your business, and start limiting your dependence on vendors who can cut off your service. If you have several computers in your business, you might keep one of them on Windows to run the software you need for your business, and cut the licensing expenses on the rest of your computers. If you'd like to explore this option, contact us to schedule a free technology needs assessment.

Regardless of whether you choose to migrate to Linux, you need to make sure somebody is regularly checking all of your computers that access the Internet for the proper security updates. Freelock Computing offers this service for businesses of two to fifty computers, for both Windows and Linux computers. Our rates for administering Linux computers that we set up are less, because we can install tools to make this process much more automated. We can also refer you to other IT consultants to manage computers for people with different needs.

Freelock News

We have a new phone system, and will soon be hiring. Our new phone number is (206) 577-0540, and it's still in the testing phase. My extension is 20, by the way. We still need to install a router that gives voice traffic priority, to keep the voice quality high even when somebody is sending a large email or downloading a new Linux distribution, but otherwise it's working great.

Voice is becoming more and more just another data stream. If your office needs a similar phone system, make sure you talk with us--we have an amazing package that sends voice-mails to your email inbox, provides conference calling, can ring multiple numbers simultaneously for after-hours emergency contacts, and can even give you a local weather forecast.

We're also doing more and more server maintenance. We specialize in administering Linux servers, and have low monthly rates for keeping them up-to-date, after an initial assessment and possibly a new operating system install. We also administer Windows systems in a mixed environment, so keep us in mind if you just want somebody else to be responsible for keeping your machines free of viruses and spyware.

About Freelock Computing

We provide technology strategy, implementation, and maintenance for our partners at a low monthly rate. We focus on general business processes: marketing systems, sales management systems, operation support systems, financial systems, and reporting. We provide integration of these systems, with particular attention paid to security. We provide custom development services and superior documentation. If you know any small or growing businesses who need a technology partner, send them our way!

Until next time,
John Locke
Manager, Freelock, LLC

This newsletter is available online at /news/0705.php. Feel free to forward on to anyone you'd like! Also note that any links to Amazon in this newsletter and on the Freelock sites are affiliate links--if you purchase a book by following one of these links, I get a small commission.

Add new comment

The content of this field is kept private and will not be shown publicly.
About text formats

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <blockquote cite> <cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h1> <h2 id> <h3 id> <h4 id> <h5 id> <p> <br> <img src alt height width>
  • Lines and paragraphs break automatically.