I confess I was a bit frugal even before we moved to Maine seven years ago, but I’d like to think of myself as “value conscious” and not “price sensitive.” So when it came time to think about replacing my trusty, but four year old, IBM R52 laptop (which boots Linux and which also runs a Windows 7 virtual machine if you must know), I naturally gravitated toward the new core i5 15″ MacBook Pro with the hi-res anti-glare screen. Kitted out to last four-to-five years with few compromises, the price came in at more than $3,000. At $3K though, how can anyone not be “price sensitive”?! Time to re-evaluate…

The problem was that a few of the more popular keys on my laptop’s keyboard were becoming unpredictable, and the hard drive was getting noisier, meaning a hard drive failure in the near future was more likely than not — especially as I have been using this machine hard pretty much every working day (all seven every week…) for the past four-plus years.

After a bit of research, I decided instead of buying a new laptop to try an experiment: I got a new replacement keyboard for $60 and a new all-digital (no moving parts!) fast SSD hard disk for $240. After about 45 minutes of careful screwdriver work and a 2-hour wait for the hard disk cloning to complete, I found I had a “new” laptop about as fast as a MacBook Pro (prior to their update this week). Boot times are down from 1:20 to about 20 seconds and everything loads in about 1/4 of the time it used to.

Essentially, for $300 I can now get another year or two out of my trusty IBM R52 laptop. If circumstances dictate I need a truly new laptop some months down the road, I can choose the most optimal model at that time. How “value conscious” is that, eh?

But that’s for me. The overwhelming majority of my work is disk- and network-intensive, not processor intensive, so running a 1.6GHz Centrino processor is not a bottleneck for me. “Old ‘n Busted” is plenty good enough…

One of my partners, Chris Falk, spends a lot of time prototyping new client deployments using virtualization on his laptop. Where I will have only one virtual machine, perhaps two, running at any one time, Chris can often have four or more. Chris’s four-year-old MacBook Pro was keeping up with the workload, but wheezing, and impeding Chris’s productivity.

So yesterday, Chris bought a brand new 15″ MacBook Pro, and by being smart about the feature set, kept the price under $3K. “New Hotness” was the right choice for Chris.

If you are trying to get a handle on life cycling your company’s workstations, laptops and servers, please give us a call at (207) 772-5678. Remember, we are intentionally not a reseller for any hardware or software, so whether or not you buy new hardware doesn’t impact our bottom line one iota.

Hope that helps!

All the best,
Mark, CIO

Reliable Networks is pleased to host the April meeting of the New England ISO group, a collaborative group of Information Security Officers and Chief Security Officers from New England enterprises.

During the meeting, I will be sharing our best practices regarding email server security. The talk will be less bits ‘n bytes technical (no procmail rulesets for example!) than it will be strategic; intended to provide ISOs with both a framework and a template for securing email systems.

Malware infestations typically penetrate enterprises through web browsing and email payloads. While there is no substitute for good end-user security training, there are some things which can be done on the email server-side of things to mitigate risk, at reasonable cost, and without inconveniencing end users unduly.

NEISO meeting attendance by non-members is by invitation, so if you would like to come, please follow the link on the NEISO website.

Hope to see you there!

All the best,
Mark
CIO

For more than seven years, SCO and Novell (and IBM, and a number of other companies) have been in court trying to decide who owns the copyrights to UNIX. The jury has decided in favor of Novell, and we think this is good for the industry as it promotes competition, which we believe results in better-quality products at more attractive prices.

During this action, SCO threatened every Linux user with claims that Linux violated SCO’s intellectual property. Microsoft-friendly entities invested in SCO apparently to help SCO continue the litigation and, it is alleged, arm-twist risk-averse customers away from Linux and back towards using Microsoft products. Microsoft too has alleged that Linux infringes on its intellectual property as well.

A few years back, Novell made a bold move, and did a deal with Microsoft to indemnify Novell Linux users from any follow-on claims. Microsoft in turn agreed to improve interoperability with Novell’s Linux server systems, which resulted in Microsoft’s Hyper-V virtualization software being able to host Novell SuSE Linux Enterprise Server guests, among other customer benefits.

Novell was roundly trounced for doing that deal with Microsoft; “selling out” was frequently heard at the time. But we thought the deal was very shrewd on Novell’s part, for two reasons. First, Microsoft paid Novell ~$350 million, which gave Novell some extra cash to see the SCO litigation through to completion. Second, a number of our risk-averse clients who were on the fence about using Linux over Microsoft Server products could now choose between the two without worrying about any legal exposure. We ourselves continued to use Novell’s SuSE Linux server products in favor over other Linux distributions, including RedHat, in part because of this legal protection.

SCO can certainly appeal the decision, and given their history of tenacity, they might indeed do so. But yesterday’s ruling casts a long shadow protecting Linux users everywhere. And if that increasing competition spurs Microsoft towards greater innovation, then everyone benefits.

The full history of this fascinating case, and other related actions, can be found at http://www.groklaw.net.

If you need help understanding how to choose between Linux and Windows (and Macs, too!), we actively support all three platforms and would welcome the opportunity to help. Call us at (207) 772-5678.

Mark
CIO

P.S. If you’d like to subscribe to our blog, you can do so by linking to http://feeds.feedburner.com/ReliableNetworks

Researchers (OK, ethical hackers…) in a hacking contest sponsored by a reputable security research firm yesterday broke through — in under two minutes — a fully patched Windows 7 system running the latest version of Internet Explorer 8. Later in the day, Firefox faired no better.

The article is a bit technical, but if you skip over the techno-blah-blah-blah, you’ll see that these two researches essentially circumvented what Microsoft is touting as the two primary lines of defense in protecting Windows systems from becoming compromised. Here’s a link to the ComputerWorld article: http://bit.ly/cs8jP9

Reps from Microsoft and Firefox were in attendance at the contest, and things were arranged in advance that the exploits were not to be made public, and indeed the security firm who sponsored the contest bought the exploits from the contestants and gave them to Microsoft and Firefox.

But that doesn’t help any of us at this moment, when we still have work to do on the public Internet. So, what can you do to protect yourself when the software that’s supposed to protect you doesn’t?

The short answer is: “Take your time and be careful.”

Take your time to be sure that your systems are fully patched, that you are running modern intrusion-prevention (expanded anti-virus) software with updated virus definitions, and that you don’t click immediately on any new popups, warnings, alerts etc. (often used by malware to get you to bypass your computer’s protective systems). Although the exploits these researchers used were very cutting edge, there are still a lot of older, equally dangerous exploits out there that patches and security software can defend against successfully.

Be careful about where you browse and the links on which you are tempted to click. Your best friend may have sent you an email with a spicy link you are drooling to click, but you got that email because your friend’s machine has been infected with malware which is trying to spread itself by sending emails to everyone in your friend’s address book! Click that link and you’ll infect your own machine… Be careful clicking on ads, even on reputable web sites. The ads are served up by third party servers, and malware-infested ads are all the rage right now as a favored attack vector. You would think you could trust an ad on, say, cnn.com, but you can’t always.

A terrific Firefox extension that helps with ads is Adblock Plus, which has been downloaded more than 75 million times and which has a five-star rating. You can learn more at https://addons.mozilla.org/en-US/firefox/addon/1865?src=api

Lastly, recognize that Microsoft and all the anti-virus software vendors are in a perpetual game of catch-up against the bad guys. If your job requires you to be a heavy Internet user, the chances are that your machine will at some point become compromised.

And when that does happen, we are here to help. Call us at (207) 772-5678 when you are ready.

All the best,
Mark Stone, CIO

(“Borks” is a technical term meaning “really messed up” in somewhat less polite terms…)

A recent Microsoft patch MS10-015, which requires a reboot to complete the install, is reported to be causing a number of Microsoft servers and workstations to fail to reboot at all; the reboot ends with the infamous “Blue Screen of Death” and renders the system unusable.

Putting aside for a moment that this patch fixes a security hole Microsoft has known about for seventeen years, we think this incident highlights the need for a multi-layered approach to security in the first instance.

Microsoft is claiming that a number of systems experiencing the Blue Screen of Death are doing so because the systems were already compromised. So, right away, that tells you that even applying patches quickly isn’t enough to keep systems safe.

Further, the risk with applying patches immediately when they are released is that you will bork your system. It doesn’t happen often, but when you consider how expensive downtime really is, even once every few years is very expensive. (As I write this post, I see that Microsoft has pulled the patch to avoid borking additional systems.)

Solid network perimeter protection has been a staple of our best practices for years. Smaller clients sometimes balk initially at spending hundreds of dollars for an enterprise-grade firewall, but these devices represent cheap insurance at worst and in many cases generate a positive return on investment.

End-user education and “safe-browsing” policies are also required to avoid security breaches. Malware these days (as we have blogged previously) is increasingly sophisticated and insidious. Firewalls and anti-virus/malware software will always be a few steps behind.

So, when you have good perimeter protection and careful, educated end-users, you have the luxury of time in which to evaluate new patches as they are issued. The benefits are you stay safer all the time, and reduce the risk of borking your production systems.

If you need help with your company’s patch management and security posture, please give us a call at (207) 772-5678.

Hope that helps,
Mark
CIO

Zimbra is a fast-growing competitor to Microsoft Exchange with more than 55 million paid mailboxes globally and some multiple of that in free mailboxes provided via their unpaid open source version. Full Disclosure: More than two years ago we chose Zimbra for our own use, and soon thereafter became a Zimbra Premiere hosting provider.

We don’t play favorites here at Reliable Networks, and we think Exchange 2007 and Exchange 2010 are very good products, much improved over Exchange 2003 and earlier versions. We support Exchange at our clients as well as Zimbra; which platform they choose is based on each client’s unique needs.

VMware is now headed by Paul Maritz, who many pundits feel left Microsoft in a “three’s a crowd” situation nearly a decade ago.

Zimbra has been taking away some very big Exchange accounts from Microsoft since being acquired by Yahoo, and we expect that trend will accelerate with Zimbra now under the VMware umbrella.

So the good news for clients is that, when it comes time to upgrade your old Microsoft Exchange installation, you now have more interesting options than you did yesterday.

And watching the action as VMware and Microsoft compete on this new front, at least to techo-heads like us, is more entertaining than a new season of American Idol!

If you have questions about your email/collaboration choices, give us a call at (207) 772-5678. Zimbra isn’t for everyone, but neither is Exchange. We’ll help you make the choice that’s right for your company.

All the best,
Mark
CIO

Just a few short years ago most virus writers were amateurs trying to trash your PC, just because they could. Nowadays, the “malware” industry is very professional, dominated by organized crime, whose products keep your PC running to enable sensitive keystroke/data logging (think Hannaford, TJ MAXX, etc.), to send spam, or to try to extort money from you with phony “Your computer is infected! Click here to fix!” scams.

The anti-virus software companies have raised the bar by bundling more protections into their traditional anti-virus products, in many cases releasing them as new products: Symantec Endpoint Protection for example has replaced Symantec Anti-Virus Corporate Edition. And although you can still buy products labeled as “anti-virus” from the majors, sales of these limited-use products have declined considerably of late.

As these new protection products have become more complex, sophisticated and bloated, their performance impact on older PCs has become more noticeable. Bargain PCs purchased as recently as two years ago can be too slow to be used efficiently with these full-suite protection products installed. Furthermore, the protection products are by nature always playing “catch-up” with the bad guys, so we have seen some companies forgo desktop protection software altogether in favor of strong network perimeter protection combined with policies limiting Internet access and prohibiting employees from bringing in cdroms, USB drives, outside laptops etc. into the office. (The more powerful servers still have protection software installed however.)

That’s one way to do it, but many companies can’t manage the politics associated with limiting or preventing employees from browsing the Internet. And some companies, like ad agencies and web developers, can’t really be restricted at all.

Further, we have seen a lot of malware that these protection products simply can’t protect against, because the malware looks and acts like legitimate software.

Switching to a Mac or a Linux PC can help, but these devices can become “carriers” for malware, bringing a whole host of new challenges. And most security pundits believe that as Macs and Linux PCs become more popular, it will only be a matter of time before malware for these machines starts appearing as well.

So if these big protection products can’t save us from ourselves reliably, what can be done?

Well, here is our list of the top four ways you can protect yourself.

1. Slow Down! We have seen malware come in via email looking like Hallmark e-cards, IRS W-2 form updates, PayPal and bank account alerts, etc. If a friend’s PC gets an infection, you will get an email from your friend, and the web link or attachment that looks so enticing (if not workplace safe) will be your downfall. So, before you click on anything, take a moment to scan it with your own brainpower and a skeptical eye.

2. Be Careful Where You Stick Your Browser. The San Fransisco bath house analogy notwithstanding, the majority of malware infections these days are installed via a web link. Staying away from those web sites you know you shouldn’t be frequenting anyway is a good start, but keep in mind that malware writers are very clever. They do things like buy ads on legitimate web sites to distribute their wares, so just because you are on cnn.com doesn’t mean you can click anywhere safely 100% of the time. When you get a popup or other prompt to take an action you weren’t expecting, apply Rule #1 and slow down before doing anything.

3. Be Proactive and Scan Your PC. Whether you use malware protection software or not, periodically being proactive and running scans on your PC at least once a month is a good thing. We like Malware Bytes a lot, but our favorite tool de jour is Combo Fix, available as of this writing here. Be careful when you search for these tools; the malware folks have bought look-alike domains and lots of Google AdWords! We have seen several folks with a minor infection wind up with a totally borked workstation because the web link they thought was malware removal software from the good guys was actually more malware from the bad guys. Remember Rules #1 and #2?

4. Keep Your PC Patched. The majority of patches coming out of Microsoft are security, not bug fixes. Making sure your PC is regularly updated is key. If you are running non-Microsoft products, like Adobe Acrobat Reader, Apple’s Quicktime, etc. you want to be sure those products are kept up to date as well. Acrobat products this week are being blasted in the trade press because the Javascript code in the product has been a valuable attack vector for malware developers. Adobe can’t or won’t “fix” this because the same Javascript code is used for filling in PDF forms, and Adobe doesn’t want to hinder that functionality.

So be safe out there! And if you have questions or get yourself in trouble, we are here to help. Don’t send us an infected email though, just give us a call at (207) 772-5678.

All the best,
Mark
CIO

Over the past year we have helped a number of our clients reduce their costs and improve reliability by getting rid of premises-based servers in favor of hosted services (e.g. Drop Box for file sharing) and/or data center hosting for mission-critical vertical applications.

Once the servers go off site however, the office’s connection to the Internet becomes the “weak link in the chain.” Some clients attacked that link by swapping out their current Internet connection for a more enterprise-grade connection (e.g. SDSL or bonded T-1s), but that still represents a single point of failure. Other clients upgraded their router/firewall to a device that can load balance or failover between two simultaneously active Internet connections. So when the cable modem service is down, the router automagically switches over to the DSL connection — totally seamlessly to the end users. Some router/firewalls even allow you to use one of those Sprint/Verizon Wireless PC Cards traveling laptop users have for the office’s secondary Internet connection. Which mix of redundant connections to use is a complex matter, requiring careful analysis of not only your bandwidth usage as a whole, but the workflow processes utilized by your employees, customers, vendors and others with whom you connect over the Internet, even if only by email.

As the Commonwealth of Virginia has discovered, not having any redundant Internet connectivity, even when using so-called “bulletproof” network connections, is just not acceptable. (You can read the story here.)

Consequently, we find our clients’ businesses increasingly require a conversation about the merits and costs of redundant Internet connectivity. For increasing numbers of clients, redundant Internet connectivity is no longer a luxury; rather, it is very cheap insurance if not a necessity.

If you need help deciding if redundant Internet connectivity is appropriate for your business, please feel free to give us a call at (207) 772-5678.

Mark
CIO

Before we get started, if you would like to subscribe to our blog posts via an RSS feed, just click here.

Now back to our regularly scheduled programming…

Zimbra 6 includes a number of document features already in Gmail and Google Docs, providing spreadsheet and Word-like document features.  Considering the price of Microsoft Office these days, Zimbra 6 and Gmail/Google Docs can be very cost-effective alternatives.

Unless of course the spreadsheets and documents you are creating you want to keep private.

You see, the Google Terms of Service give Google a perpetual and irrevocable right to use all of your Content pretty much any way they want, including republishing rights (It’s all in Section 11, here).  Sure, those same terms of service allow you to retain the copyrights in your works, but so what if Google can repurpose your content at will.

So, if you are using Gmail or Google Docs for anything confidential, well… it’s not.  If you are a bank, doctor, attorney, accountant or any other kind of professional with a fiduciary, regulatory or contractual responsibility to protect information and you have put any of that information in Gmail or Google Docs, you probably ought to speak with an attorney–fast.

Zimbra 6 on the other hand, has no such content licensing terms.  Nor do we (we are a Zimbra Premiere Hosting provider BTW); you not only retain full ownership of your data, you grant no Google-like licensing to us nor to Zimbra when you use Zimbra.

So if you are looking to avoid an expensive company-wide upgrade to Microsoft Office and/or Microsoft Exchange, while Gmail and Google Docs may look like good value for money, you’ll get what you pay for.  Talk to us about Zimbra (our system is very secure and  HIPAA-compliant out of the box.)

And the next time you speak to your own attorney, accountant or health professional, ask them if they are using Gmail or Google Docs, and if they answer yes, you may want to find a different attorney, accountant or health professional…

Mark Stone,

CIO

Microsoft Office is pretty ubiquitous, but most of our clients in the past few years have been complaining that each new version offered little reason to upgrade except that without the new version, you couldn’t open documents others created with the new version. Not really good value for money there, especially when each copy can cost several hundred dollars…

Since we are ourselves somewhat frugal, we have been using OpenOffice instead of Microsoft Office for several years now. Sure, we still have a few copies of Microsoft Office around when needed, but propeller heads like us get a big discount from Microsoft so the pain to our wallets has been minimal. (FWIW, Typically we exchange documents with others in Adobe Acrobat format, not Microsoft Office. OpenOffice includes a free pdf generator with a one-button click.)

Being open source, OpenOffice is both free and readily customizable by anyone who cares to. Novell (SuSE Linux), offers a version called Go Office which includes bits not included in the version available from OpenOffice.org, like better WordPerfect and Microsoft Office import filters. Sun offers a paid, supported version of OpenOffice and IBM’s Lotus division has a free, supported version of OpenOffice called Lotus Symphony.

Not widely reported, back in the Spring IBM made a decision that the OpenDocument format (a world standard supported by OpenOffice) would be the document interchange standard within IBM. The deadline for all 360,000 IBM’ers to start using Symphony (OpenOffice) instead of Microsoft Office is September 22. Already, 330,000 IBM’ers are using Symphony, according to Linux Magazine (http://www.linux-magazine.com/Online/News/IBM-Throws-Out-Microsoft-Office).

Of course, this doesn’t mean the end of Microsoft Office, but it is a nice reminder that we all do have choices, and that if IBM can cut the cord, then maybe we can do it too.

If you would like to learn if OpenOffice is for you (because it isn’t for everybody), call us at (207) 772-5678.

Mark Stone
CIO