Technology

As with many IT-people who are no longer in the 20s, I have been playing around with hardware and software back in the young years. You know, building computers, soldering bits & pieces, hacking code, trying to get Linux running on a MCA-bus IBM...

And as many of my colleagues and peers, I am still getting my hands dirty from time to time. I guess it is the masochist in me.

Last night I was playing around with battered, old computers. Except. They where not that old. One where only 6 months old. And it should not be experiencing hick-ups, halts and driver problems. Usually.

This particular computer was residing in the reception. Many different users - non with any special computer related abilities - would use it over the week. And it had one major, business critical application inside - the booking system.

They had experienced hick-ups over some time now, and although I usually prefer not to get my hands dirty anymore, I decided to step back in time and sniff the dust. And I did the good'ol trick of removing everything (including the mainboard), and blow it all clean. Well, at least I would have if I had had some pressurized air at hand. After giving the components and the box itself a nice clean, the bits and pieces was put back in.

And to no surprise, there where a few things left over. I am a minimalist, and do not believe in using the computer cases as storagerooms, so I removed unused cards and other bits that no longer was of any use.

As I suspected, the computer came back to life, and works a dream. At least for now. Because this very computer was bought by people with no clue when it comes to computers. They had a need, went to the nearest superstore, and just bought a computer. Now, they did decide that this was a business critical computer, and thus made sure not to buy the cheapest one in the store...

But. They had no clue what-so-ever when it came to what makes a good business computer. And as you may have guessed allready, they came back with an overpriced piece of hardware, in combination with Microsoft XP Home edition. I repeat that. Microsoft XP Home edition. For a business critical computer.

I have made them all write one houndred times on a board: "I will never, ever again buy MS XP Home Edition."

And why is that? Why should you not use the home edition for business? It is all in the name. Home is not Business. Not even if you run a home-based business. The Home edition is a cheaper, less reliable and less sturdy OS than its brother XP Pro. Pro == Professional. Business == Professional.

Let me put this into monetary terms for you.

By choosing a cheaper OS like Home Edition, you may save a few bucks. In Norway, you save say 70$. But you buy yourself a large amount of it-related troubles, and will have to rely on an IT-consultant to help sort out all the troubles (face it, if you had the knowledge reqiured in the first place, you would never buy Home Edition. Period). And that IT-consultant does not come cheaply (if he does, he is not worth the money. Another period.). So the calculation I use in Norway is that you save $70, and that will be spent on the first half-hour of your IT-consultant.

By investing in a more sturdy OS, you may have to pay more to get going, but you will save money in the long run as you will not be required to dish out cash to IT-consultants every week.

Particularly when it comes to environments where there are a number of people involved would you do wisely to ensure that you get advises from people who understand the technology, and that can help you make the right decisions. It may cost a bit more to get going, but doing it right the first time is a huge cost and time saver in the long run.

Lets get back to the computer for a second. This computer was bought in February 2008 - so it is what I would call new. But during these months, it has already cost way more to operate and to keep it operating than the cost to buy it. And I have not even considered the cost of lost business when it was not operating, the stress on the not-so knowledgeable users and so on and so forth.

My advice to you if you are considering buying computers for your business are as follows:

• get someone who KNOWS for real to help you choose the right solution (ie. do not just pop down to the nearest superstore - pay a bit more and use a specialized IT-supplier)
• Saving up front usually only serves to increase the costs in the long run. See the first bullet...
• It is not enough to not buy the cheapest thing in the store - you need to understand what you are getting. See bullet 1.
• Give the users propper training. People who unpluggs the power to get the computer to shut down is a clear indication of the need for training. See bullet 1.
• Have a backup solution at hand. That means that you need a second computer available so you can use that if the main one decides to die in your hands. See the first bullet. Yes, again.
• Restrict the computer. That means someone who knows how to deal with computer (see the very first bullet) should enforce system policies (if you do not know what that means, see bullet one. If the people in bullet one have no clue, then you did not read bullet one, and just picked someone you know/from the top of Yellow pages.). The policies should enable the users to do what they need, and nothing more.
• Before you do this, you need not to worry about virus, spam and other security threats, as you already have your hands full. It will not help to buy a firewall, a nice antivirus solution or a security scanner. You need the basics first. See bullet 1.
  
• See bullet one.
  

And of course - please share your own advices. So many clueless entrepreneurs and people in general are messing around out there, so any advice will be valuable!

entrepreneur, start-up, computer, microsoft, security

I have a strong interest in entrepreneurship. As my followers know, I am a long-time member of JCI, and I am a serial entrepreneur myself. I developed companies in both Norway, and in France, and I have had my share of success and failures.

I have decided that this blog - the Roer.com Information Security blog will change and narrow it's focus a bit, and focus on information security for entrepreneurs and start-ups. I hope that this small change in focus will not drive away my current readers, while continue to grow my readership.

By doing this change, I hope to fill what I think is a gap in the Security blogging arena - to help start-ups and SME's to adequate security. As far as I see it, most security bloggers out there are in one or more of these three groups:

• vendor or service provider, focusing on promoting their own products/services
• (enterprise) risk management, focusing on what many SMEs will consider theory and not very relevant to their everyday focus
• IT-security, focusing on technology, hacking, and "geek" stuff

I think they all have an important role to play, and that they are needed. But for myself, I do not belong directly in any of the categories, plus I am very interested in entrepreneurship. Thus, I will try to fill this gap :)

But worry not, my readers! I will continue to dish out my opinions on global security, TSA, other bloggers and whatever else even remotely securtiy related that I feel an urge to comment upon!

On a side note, I have also established a new blog, focusing on another area I love - trainings!

Do you think this is a good move? Or am I walking into a dead end? Your thoughts are highly valued!

entrepreneurship, jci, security

Today, John Sheesley amused me with his attempt to use Windows 3.1 (actually 3.11 Windows for Workgroups) as a workstation of 2008. Those of us who remembers WFW, may wonder why on earth he would do that for, but I leave it to that.

One should think that using a software that was designed only 15 - 20 years ago should be quite possible today. After all, a PC is still a PC, right?

Not so. A PC of today (2008) is based upon the same principles as back in the early 1990's, but the technology has reach a maturity point where backwards compatibility hardly exists.

Yes, you may get WfW to actually work, if you like many others keep an old 486, or even a P1/P2 in a closet nearby. The challenge will be to render it useful, as John realises:


And IE 5 is not 15 years ago - it is more like 5.

Now, why should you, a security minded reader, care about the fact that John failed this project?

Several reasons comes to mind:

• From a continuency point of view - if you rely on some old hard-/software, make sure you have the tools and systems available in case of a failure.

It is not enough to dust off the old software boxes, you need to set up a system in parallel and see that you have all the bits it takes. I even suggest you make this a routine thing - once every year, month or week - depending on the criticallity. I also suggest you start plan to change the old system for something a bit more modern.

• From a data storage point of view - if a software can become totally obsolete in less than 5 years, you need to make very sure that your backup systems; long-time storage; and other data you may require access to in the future; uses technology you are able to access.
  

If you have a bundle of old tapes from a streamer that got replaced some time back - will you be able to access that data? Also consider the long-time effect light, magnetizm and dust has on equipment. CDs and DVDs are not safe for more than 10 years storing - but even that is no guarrantee. (Opposed to the advertisments in the midle of the 1990's, claiming CDs to be the best long-term datastorage available...could last for a houndred years, they claimed...)

• From a compliance point of view - if you are obligued to store information for a periode of time - 3, 5, 7 or 10 years - you are also obligued to be able to access the same data in the future. It is your responsibility, and it is usually a good idea to plan the technology at the same time you plan what and where to store your data.

I find one of the comments to the article particularly nice:



Yes, XP, 2000 and many others will be out of date. 2000 actually did this summer, when MS pulled the support for it. Anyone remember OS/2? DOS I guess most still remember, but only hardcore, old-guys still uses it to some extent. The world (and the technology with it) moves on.

To keep up with changes, you need to keep track on what is going on, as well as on your own requirements. You are required to update once in a while, but you do not need to jump on the latest versions of everything - unless you have special requirements. It is simply a matter of balancing your needs.