article

Today, John Sheesley amused me with his attempt to use Windows 3.1 (actually 3.11 Windows for Workgroups) as a workstation of 2008. Those of us who remembers WFW, may wonder why on earth he would do that for, but I leave it to that.

One should think that using a software that was designed only 15 - 20 years ago should be quite possible today. After all, a PC is still a PC, right?

Not so. A PC of today (2008) is based upon the same principles as back in the early 1990's, but the technology has reach a maturity point where backwards compatibility hardly exists.

Yes, you may get WfW to actually work, if you like many others keep an old 486, or even a P1/P2 in a closet nearby. The challenge will be to render it useful, as John realises:


And IE 5 is not 15 years ago - it is more like 5.

Now, why should you, a security minded reader, care about the fact that John failed this project?

Several reasons comes to mind:

• From a continuency point of view - if you rely on some old hard-/software, make sure you have the tools and systems available in case of a failure.

It is not enough to dust off the old software boxes, you need to set up a system in parallel and see that you have all the bits it takes. I even suggest you make this a routine thing - once every year, month or week - depending on the criticallity. I also suggest you start plan to change the old system for something a bit more modern.

• From a data storage point of view - if a software can become totally obsolete in less than 5 years, you need to make very sure that your backup systems; long-time storage; and other data you may require access to in the future; uses technology you are able to access.
  

If you have a bundle of old tapes from a streamer that got replaced some time back - will you be able to access that data? Also consider the long-time effect light, magnetizm and dust has on equipment. CDs and DVDs are not safe for more than 10 years storing - but even that is no guarrantee. (Opposed to the advertisments in the midle of the 1990's, claiming CDs to be the best long-term datastorage available...could last for a houndred years, they claimed...)

• From a compliance point of view - if you are obligued to store information for a periode of time - 3, 5, 7 or 10 years - you are also obligued to be able to access the same data in the future. It is your responsibility, and it is usually a good idea to plan the technology at the same time you plan what and where to store your data.

I find one of the comments to the article particularly nice:



Yes, XP, 2000 and many others will be out of date. 2000 actually did this summer, when MS pulled the support for it. Anyone remember OS/2? DOS I guess most still remember, but only hardcore, old-guys still uses it to some extent. The world (and the technology with it) moves on.

To keep up with changes, you need to keep track on what is going on, as well as on your own requirements. You are required to update once in a while, but you do not need to jump on the latest versions of everything - unless you have special requirements. It is simply a matter of balancing your needs.

Bruce Schneier covers corporate spying today - you know, when your employer or your shop uses spying methodology to learn to know you better. I only wish this was new - government trained security specialists have crossed over to private business since the dawn of time.

Since you do not have to work for the government to have a license to kill - it is enough to be a hired gun - and the number of specialists increases, it is only natural that some accepts tempting offers from the corporate world.

What is more - there is nothing strange in a company - big or small; to protect itself. The challenge is to be able to draw the line - where do you stop? Is it OK to have Wall-Mart or HP to install wiretaps on you (or someone else)? If not - when would it be OK? If you think it is just fine, when would it NOT be OK anymore?

We know that most companies today use computers to track everything related to it's production, logistics and sales. Why is it so chocking to read that they are using computers to analyze and track that information too? After all, Business Intelligent and Data warehousing is nothing new under the sky.

From the article:


The fact that they let you know some of their thresholds may raise a few eyebrows, but again - if you are a smart criminal, you would not use a clean ID to buy your batch of prepaid phones, now would you? Most likely you would use someone else's CC?

When your company is large enough, you start spending money on security. And security in this sense means you put into action counter-measures and information gathering. When your company is larger than some countries, it would be quite expected that you use some of the same measures to protect your assets.

I think it is unavoidable. We keep introducing tools that facilitate the collection, storing and analyzing of data. Obviously some will collect and analyze more data than others. Surely this will continue. And most importantly, most people do not care.

I have been asked to contribute to Risks|Opportunities website as author. I am targeting one to two articles per month, covering information security, compliance and corporate governance.

My first article is here.

The Risks|Opportunities website targets managers, business people and the like, thus many of my readers will find it useful.