Social networking – while not high on the list of challenges for many senior executives – is something that businesses need their people to understand. Social media platforms, such as LinkedIn, Facebook, Twitter and YouTube, enable professional collaboration and personal interaction. These benefits, however, should be tempered with an awareness of the risks they carry. Every business should have and make its people aware of policies and acceptable behaviors related to the use of social media tools both internally and in the public environment.

According to a recent survey from financial analyst firm Ernst & Young, only 33 percent of the participants indicated that social networking is a considerable challenge to effectively deliver information security initiatives. Interestingly enough the same survey revealed that only 10 percent of this group considers the examination of new and emerging IT trends as a critically important function.

It seems that almost everyone recognizes the fact that there are risks and information security issues related to social media but very few have actually examined social media and developed an approach that will balance the business opportunity with the risk exposure.

And there are risks associated with the use of social media. A recent article noted the frequency with which worms are identified as originating from Facebook that infiltrate friends lists without the owners knowledge and proliferate throughout their friends’ networks.

What were the participants’ greatest concerns/highest priorities?

Achieving compliance with regulations (55percent)
Protecting reputation and brand (51 percent)
Managing privacy and protecting personal information (44 percent)

Without an effective process in place (i.e. policies and accepted behaviors) to evaluate the risks associated with new emerging IT trends – such as social media tools which encourage the sharing of personal information – protecting privacy-related data could become increasingly difficult to achieve.

A couple encouraging points:
- Only 15 percent of those participating in the survey indicated that they don’t have a security awareness program in place.
- 42 percent plan on spending more over the next year on security awareness and training.
However
- only 34 percent currently use information updates on the risks associated with social networking.

In the participant pool of executives, 45 percent are attempting to control data leakage of sensitive information by restricting or prohibiting the use of instant messaging or e-mail for sensitive data.

Of course the most logical way to reduce the risks associated with social networking would be to restrict or limit the use of these tools in the work environment – but there is nothing to show that this approach is successful.

Statistical Source: Survey from financial analyst firm Ernst & Young as part of the company’s 13th Global Information Security Survey that included 1600 senior executives in 56 countries

Responza’s experts can help companies determine security strategies tailored to fit their needs. Call Responza experts at 206-762-5100.

Depending on the source, desktop virtualization is either the hottest trend in IT or an expensive notion with limited appeal.
InfoWorld describes desktop virtualization a concept that reminds us of the good old mainframe days of centralized computing while upholding the fine desktop tradition of user empowerment. Each user retains his or her own instance of desktop operating system and applications, but that stack runs in a virtual machine on a server – which users can access through a low-cost thin client similar to an old-fashioned terminal.

Weighing the Pros/Cons of Desktop Virtualization

For:
The argument in favor of desktop virtualization is powerful: What burns through more hands-on resources or incurs more risk than desktop computers? Even with remote desktop management, admins must invade cubicles and shoo away employees when it’s time to upgrade or troubleshoot. And each desktop or laptop provides a fat target for hackers and an opportunity to steal data.
But if desktops are run as virtual machines on a server, those desktop user environments can be managed and secured in one central location. Patches and other security measures, along with hardware or software upgrades, demand much less overhead. And the risk that users will make mischief or mistakes that breach security drops dramatically.

Against:
The argument against desktop virtualization is almost as strong. Overhead costs conserved through central management get cancelled out by the need for powerful servers, virtualization software licenses, and additional network bandwidth. Plus, the cost of client hardware and Microsoft software licenses stays roughly the same, while the user experience – at least today – seldom lives up to user expectations. And then the kicker: How are users supposed to compute when they’re disconnected from the network?

Decisions about whether or in what form to adopt desktop virtualization become a whole lot easier when the basic variants and technologies are clear.

Information decision makers should have:
1. Desktop virtualization really is virtualization. Just like server virtualization, desktop virtualization relies on a thin layer of software known as a hypervisor, which runs on bare-metal server hardware and provides a platform on which administrators deploy and manage virtual machines. With desktop virtualization, each user gets a virtual machine that contains a separate instance of the desktop operating system (almost always Windows) and whatever applications have been installed. To the desktop OS, the applications, and the user, the VM does a pretty good job of impersonating a real desktop machine.

2. Traditional thin client solutions are not desktop virtualization. By far the most popular form of server-based, thin client computing relies on Microsoft Terminal Services (recently renamed Remote Desktop Services), which lets multiple users share the same instance of Windows. Terminal Services is often paired with Citrix XenApp (formerly known as Presentation Server and, before that, MetaFrame), which adds management features and improves performance – no hypervisors or VMs here. The main drawbacks: Some applications run poorly or not at all in this shared environment, and individuals can’t customize their user experience the way they can with virtual machines or real desktops. Nonetheless, people often refer to traditional thin client solutions as desktop virtualization because the basic goal is the same: to consolidate desktop computing at the server.

3. Desktop virtualization and VDI mean pretty much the same thing. VMware was first to promote the VDI (virtual desktop infrastructure) terminology, but Microsoft and Citrix have followed suit, offering VDI solutions of their own based on the Hyper-V and XenServer hypervisors, respectively. Think of it this way: VDI refers to the basic architecture for desktop virtualization, where a VM for each user runs on the server.

4. Don’t confuse desktop virtualization with … desktop virtualization. The desktop virtualization discussed in this post refers to server-based computing. But “desktop virtualization” also refers to running virtual machines on desktop systems, using such desktop virtualization solutions as Microsoft Virtual PC, VMware Fusion, or Parallels Desktop. Probably the most common use of this sort of desktop virtualization is running Windows in a Parallels or Fusion VM on the Mac and has nothing to do with server-based computing.

5. No server-based computing solution supports the same range of hardware as a desktop. The Windows folks in Redmond spend half their lives ensuring compatibility with every printer, graphics card, sound card, scanner, and quirky USB device. With thin clients, support for hardware is going to be pretty generic, and some items won’t work at all. Other limitations are introduced by the fact that users interact with their VMs over the network. Multimedia, videos, and Flash apps can be problematic.

6. VDI solutions cost more (and deliver more) than traditional thin client solutions. With VDI, each virtual machine needs its own slice of memory, storage, and processing power to run a user’s desktop environment, while in the old-fashioned Terminal Services model, users share almost everything except data files. VDI also means a separate Windows license for each user, while Terminal Services-style setups give you a break with Microsoft Client Access Licenses. Plus, VDI incurs greater network traffic, which may add a network upgrade to the purchase order for beefy server hardware.

In return for that extra cost, along with a better user experience, VDI delivers greater manageability and availability. As with server virtualization, virtual machines can be migrated among servers without bringing down those VMs, can enable performance of VM snapshots for quick recovery, and can run automated load balancing, etc. If a virtual machine crashes, that doesn’t affect other VMs; with Terminal Services, that single instance of Windows is going to bring down every connected user when it crashes.

7. Dynamic VDI solutions improve efficiency. In a standard VDI installation, each user’s virtual machine persists from session to session; as the number of users grows so do storage and administration requirements. In a dynamic VDI architecture, when users log in, virtual desktops assemble themselves on the fly by combining a clone of a master image with user profiles. Users still get a personalized desktop, while administrators have fewer operating system and application instances to store, update, and patch.

8. Application virtualization eases VDI requirements even more. When an application is virtualized, it is “packaged” with all the little operating system files and registry entries necessary for execution, so it can run without having to be installed (that is, no changes need be made to the host operating system).

In a dynamic VDI scenario, admins can set up virtualized applications to be delivered to virtual machines at runtime, rather than adding those apps to the master image cloned by VMs. This reduces the footprint of desktop virtual machines and simplifies application management. If application streaming technology is added, virtualized applications appear to start up faster, as if they were installed in the VM all along.

9. Client hypervisors will allow virtual machines to run offline. A client hypervisor installs on an ordinary desktop or laptop so that “business VM” containing your OS, apps, and personal configuration settings cqn be run. Talk about full circle: Why place all that in a virtual machine instead of having it installed on the desktop itself? Two reasons: One, it is completely secure and separate from whatever else may be running on that desktop (such as a Trojan some clueless user accidentally downloaded) and two, all the virtualization management advantages are there, including VM snapshots, portability, easy recovery, and so on. Client hypervisors also make VDI more practical. A user can run off with the business virtual machine on a laptop and compute without a connection; then when the user connects to the network again, the client VM syncs with the server VM.

Client hypervisors point to a future where individual computers are brought to work and synched with business virtual machines to start the day. Any computer with a compatible client hypervisor can be used – anywhere. The operative word is “future” – although Citrix has released a “test kit” version of its client hypervisor, and VMware is expected to release its own early version soon, shipping versions will not arrive before 2011.

The long march to the server side. A completely different form of server-based computing continues to gain traction: the variant of cloud computing known as SaaS (software as a service), where service providers maintain applications and user data and deliver everything through the browser. A prime example is Google’s GOOG campaign for Google Docs. This encourages users to forget about upgrading to Office 2010 and adopt Google’s suite of productivity apps instead. Google’s Chrome OS also promises to create entire desktop environments in the cloud that retain user personalization.

Very likely, no big winner will emerge in server-based computing. Old-style Terminal Services setups will continue to crank along for offices harboring users with narrow, simple needs. True desktop virtualization on the VDI model will make sense where security and manageability are paramount, such as widely distributed organizations that use lots of contractors. And where far-flung collaboration is key, SaaS will flourish, because anyone with a Web browser can join the party. Conventional desktops may never disappear, but one way or another, the old centralized model of computing is making a comeback.

Virtualization strategies can tremendously impact the performance and the total cost of ownership (TOC) of business’s technology environments. Responza’s experts can provide insight and expertise that helps identify, design and build out the VDI strategy appropriate to each buisness’s needs. Call Responza experts at 206-762-5100.

In today’s mobile world, battery life is precious. Go to an airport and watch the road warriors jockey for position around the available power outlets and it becomes obvious how true this is. These travelers can attest to what helps preserve the current charge on batteries.

Keep batteries at room temperature whenever possible.
That means between 20 and 25 degrees Celsius or about 65 to 75 degree Fahrenheit. The worst thing that can happen to a lithium-ion battery is to have a full charge and be subjected to elevated temperatures. So don’t leave or charge mobile device’s battery in a car if it’s hot out. Heat is by far the largest factor when it comes to reducing lithium-ion battery life.

Consider a high-capacity lithium-ion battery, rather than carrying a spare.
Batteries deteriorate over time, whether they’re being used or not. So a spare battery won’t last much longer than the one in use. Also try to buy batteries with the most recent manufacturing date.

Allow partial discharges (usually).
Unlike NiCad batteries, lithium-ion batteries do not have a charge memory. That means deep-discharge cycles are not required. In fact, it’s actually better for the battery to use partial-discharge cycles — with one exception. Battery experts suggest that after 30 charges, you should allow lithium-ion batteries to almost completely discharge. Continuous partial discharges create a condition called digital memory, decreasing the accuracy of the device’s power gauge. So let the battery discharge to the cut-off point and then recharge. The power gauge will be recalibrated.

Avoid totally discharging lithium-ion batteries.
If a lithium-ion battery is discharged below 2.5 volts per cell, a safety circuit built into the battery opens and the battery appears to be dead. Unfortunately, in this situation, the device’s original charger will likely not be able to recharge the battery.

Only battery analyzers with the boost function can do the job.
For safety reasons, do not recharge deeply discharged lithium-ion batteries if they have been stored in that condition for several months. For extended storage, discharge a lithium-ion battery to about 40 percent and store it in a cool place that is not exposed to moisture.

Lithium-ion batteries are a huge improvement over previous types of batteries. Getting 500 charge/discharge cycles from a lithium-ion battery is not impossible, but does require a little attention to the battery’s well being.

The mobile technology enterprise is vital in staying ahead of the competition, Responza’s experts can help can help businesses determine the best mobile strategy to integrate with and enhance internal IT infrastructures. Call Responza experts at 206-762-5100.

Tips for users of Outlook – whether experts or beginners – can help them use Outlook better. Even experienced Outlook users may need these pointers to find old features in the new interface.

Right Click for Jumplists
New to Outlook 2010 is a Windows 7 integration feature that lets the user right-click on the Outlook icon on the taskbar and pop up a “jumplist” menu that lets the user create an e-mail message, appointment, meeting, contact, or task by selecting an item. (See Fig 1) Outlook doesn’t need to be open when the user clicks on an item, and the only part of the Outlook interface that opens is the part needed to perform the task selected.
Fig. 1

Outlook’s Mobile Options
In large corporations, IT managers may have set up Outlook’s mobile options for sending reminders, calendars, and messages to users’ mobile phones. But individual users can take advantage of this feature too by going into Mobile options (See Fig. 2) and selecting an SMS Service Provider; some offer free trials with no credit-card data required. The user can set up the SMS service to connect to a mobile phone number and get instructions for setting up the SMS account in Outlook. The user then chooses one of the buttons on the menu and sets up Outlook to send the reminders, messages, or calendars that the user need.

Fig. 2

Synch Outlook Calendar with Google Calendar
It may not be surprising that Microsoft doesn’t provide a tool for synching a user’s Outlook calendar with a Google Calendar. But Google does. Start by downloading Google Calendar Sync from this link:
http://dl.google.com/googlecalendarsync/GoogleCalendarSync_Installer.exe
Run the installer and follow the prompts. As shown in the screen shot (Fig 3), the user can choose different kinds of synching and different synching intervals—but the minimum is every ten minutes. Google Calendar Sync installs an icon in the Windows system tray. Right-click on that icon and choose Options to display the menu shown here.

Fig. 3

Create a New Search Folder
An underused feature of all modern e-mail apps is the “search folder”—a virtual folder that displays all messages that fit specified conditions. Outlook comes with four search folders built-in; the user can find them in the navigation pane under “Search Folders.” The user can create a new search folder either by right-clicking on the Search Folders folder on the navigation pane or by going to the Folder tab on the ribbon and clicking New Search Folder (See Figure 4). In the dialog box shown here, create your new search folder by specifying the criteria for the messages that you want to see inside the folder—for example, messages to and from your boss might go into a search folder named Urgent Mail, especially if the boss is in the habit of looking over your shoulder when you work.

Fig. 4

While users are learning to get the most from applications, Responza can help establish or tweak the network environment to optimize computer use and bandwidth consumption.
Call Responza experts at 206-762-5100.

Features users knew by heart in PowerPoint 2003 may be a little difficult to zero in on in the newest version of the software because they are scattered among various tabs.

This post covers 3-D Style, Arrow Style, Designs, Expand All and Collapse All, Print and Print Preview
Of all the Office 2007 and 2010 apps, PowerPoint’s tab and group structure seems to make the most sense. Even though there’s an initial adjustment, finding most options in the newer versions is fairly easy. There are, however, a few options that elude users.

3-D Style
Taking a two-dimensional shape to the next level — 3-D — is a simple task in PowerPoint 2003. The user selects the shape and chooses the preferred selection from the 3-D Style options on the Drawing toolbar. Not so fast in PowerPoint 2007 and 2010. The 3-D option isn’t in the first place users look.
First, select the shape. When the context Format tab appears, click Shape Effects. As in Figure A, there’s a 3-D Rotation option, but no 3-D Style or Format option, which is a bit strange.

Figure A

The 3-D Format option isn’t where expected.
Instead of clicking the Shape Effects drop-down, users must click the Shape Styles (group) dialog box launcher (shown circled in Figure B). Doing so displays the Format Shape dialog box and the 3-D Format option.

Figure B

Users must click the group’s dialog box launcher to apply the 3-D Format.

Arrow Style
The option to choose a style for an arrow is also in an unexpected spot. Users might look in the Shape Effects option – and won’t find what they are looking for.

In PowerPoint 2007 and 2010, select the desired arrow to format. When the context Format tab appears, click Shape Outline in the Shapes Styles group. Then, select Arrows, as shown in Figure C. Users may also click the group’s dialog box launcher, as the options are relative to the selected item.

Figure C

To find arrow options, click Shape Outline | Arrows.
Most of the items on the old Drawing toolbar (#1 and #2) can be found by clicking Shape Outline or Shape Effects (in the Shape Styles group on the context Format tab).

Designs
A number of predefined slide designs are available in the 2003 Slide Design task pane. Users simply select one and apply it to all slides, a group of slides, or just one slide. All of the task panes are gone in PowerPoint 2007 an 2010. User will find the Slide Design options on the Design tab. Users should note that they are not called designs anymore, but themes.

Users can click one of the options in the group or click the option’s More button (shown circled in Figure D) to see all of the available themes. This figure shows the Apothecary theme applied to an almost blank slide.

Figure D

Click the More button to see the gallery of themes.

Expand All and Collapse All
In PowerPoint 2003’s Outline view (click the Outline tab), users can collapse and expand each slide’s text. Simply right-click the slide and choose Expand or Collapse. Expanding and collapsing all slides is a quick click — the Expand All button on the Standard toolbar toggles between the two states.

Users can still right-click a slide and expand or collapse in Outline view. But the Expand All isn’t on any tab. In PowerPoint 2007 and 2010, it appears as a submenu of the right-click command. Right-click anywhere in Outline view, choose Expand or Collapse, and then choose Expand All or Collapse All, as shown in Figure E.

Figure E

Access to Expand All and Collapse All is still quick, but it’s two layers deep from a right-click.

Print and Print Preview
The Print option isn’t hard to find in PowerPoint 2007. Users click the Office button and choose Print. Set print options, click OK, and PowerPoint prints accordingly. That’s the way it worked in PowerPoint 2003 — set options, click OK.

The change is in PowerPoint 2010 (in all Office 2010 applications). Print options are on the File tab, in Backstage View. If users click Print, they will find a number of print settings.
The problem is that users have been trained to: Choose settings and click OK. In PowerPoint 2010, User must select print settings from several drop-downs. After setting all options, users click Print. Be careful not to choose settings and wait for the printout. It will never appear of users don’t click the big button that says Print.

Clicking Office | Print in PowerPoint 2007 is the route to Print Preview. The Preview button is in the bottom-left corner of the Print dialog box. In PowerPoint 2010, Print Preview is part of Backstage View. By clicking Print, users can preview the current slide automatically. Print Preview isn’t difficult to find, but it is annoying to users to suddenly need several clicks when one used to do. Users can alleviate the annoyance by adding Print Preview to the Quick Access Toolbar.

Responza is a valuable resource for companies searching for the best strategies for getting the most from technology systems.

It has been a couple years since “the cloud” arrived on the IT scene, yet some IT leaders still talk about it with breathless reverence. Even non-IT executives still proudly announce that they’ve “put that in the cloud” when any technology-related topic arises.

The fact of the matter is that the cloud is just another make vs. buy decision.

What is “the cloud”?
Definitions of cloud computing abound, but it has been overly complicated.

Essentially, the cloud is little more than “stuff outside your company.” That “stuff” could be processing power, storage, networks, applications or any other bit of technical wizardry. When the CIO says she’ll “put that in the cloud,” all she is really saying is she will take something that was done in-house and do it with someone else’s “stuff” (outsource it). Any aspect of internal “stuff” can be put into the cloud, from raw data that is stored on another party’s storage systems, to an internal application that is run on someone else’s hardware. Often, the cloud refers to a third party’s applications, analogous to the enterprise equivalent of gmail or hotmail to employees.

Conceptually, all the fancy cloud talk could be applied to anything a company does outside its walls. The toilet paper purchased from an outside vendor effectively comes “from the cloud,” and the same decision making process used to choose that vendor applies to making the decision to move into the cloud – or not.

Mysticism has “clouded” the process
A frightening part of the over-hyping of the cloud is that it has muddled the decision-making process for determining if the cloud is appropriate for a particular IT function. Mysticism seems to creep into any cloud-related discussion, obscuring the fact that deciding to move something into the cloud is merely a simple make vs. buy calculation. If email is under consideration for being moved into the cloud, the process is simple: Tally up the costs of the various servers, software and support, divide by the number of users; Compare that to the per-seat fees from various cloud vendors. Factors that denote reliability, security and support of the vendor can also be figured into the equation.

This process sounds amazingly similar to the process that Operations goes through when selecting vendors for critical components and parts. In companies that produce physical products, supply chain and purchasing groups are likely loaded with experts in this type of process and can assist in making an exceptionally thorough analysis of the various cloud vendors, and apply appropriate rigor to the process.

While those in IT may quip that those buying physical commodities could never understand the subtle nuances of the cloud, remember that the supply chain deals with production and design secrets all the time, and reliability is obviously a central concern since a critical vendor could hamper the ability to actually produce products.

Presenting the cloud in these terms can bring internal purchasing expertise onboard to help make better decisions and inspire more realistic discussions with peers. Rather than the cloud offering a voodoo-like panacea to every internal problem, all executives can approach it as a way to cut maintenance and administrative costs, or a way to allow IT to focus on more valuable activities than maintaining email servers or commodity functions and applications.

As with most emerging technologies, the cloud’s near-magical properties will soon wear thin. A rational look at cloud-based services and straight-forward analysis of the decision to utilize them just as any other third party vendor clears away the haze around the “cloud” and makes its use a far more practical solution.

Questions and confusion abound although the cloud concept is not new. Call Responza’s experts for assistance in implementing or tweaking a cloud strategy that meets your requirements and fits your specific needs.

The specs are awesome but users are definitely divided into two camps on the latest Droid device. Many consider it the best of the Android phones. And then again – many don’t.

Let’s look at the arguments for each camp.

The wrong.

Size. The device is just larger than is suitable for a lot of people. That big, bright, high-resolution screen is part of its appeal, but it also makes it awkward to stash in a side pocket and a little too big to fit comfortably in a shirt pocket.

Heat. It is impressively fast but at the cost of generating a level of heat that is literally uncomfortable. It may not be hot enough to fry an egg, but can cause a flinch, on occasion, when the back of the device is touched.

Battery Life. It is pretty significant if a device doesn’t make it through the work day – much less the entire day – without the battery dying. The device gives out before the crucial nine hour mark – which simply isn’t acceptable for business travel. Using the turn-by-turn GPS is a particularly big power gobbler.

Settings. The battery life could probably be extended by tweaking settings – if you could find them. Some settings are part of the OS, some are part of third-party apps, but all looked as if they were designed by a committee of mad scientists.

Default apps. More than 20 started by default. If you download the app called Task Killer – you can shut down the default apps. However, this too is a trick because within a minute or two, all of the default apps restart themselves. Gotcha.

Complexity. It is obvious why geeks love this device and its OS. It has plenty of complexity. It is Linux like in that it is a tweaker’s playground. All problems could probably be solved by rooting the device, downloading a new kernel, and starting from scratch. But who wants a device that requires constant babysitting.

The right.

Touchable. Unlike the old Windows Mobile OS, Android is made to be touched. The touch screen is responsive and quick and can be used without a long fingernail or stylus.

Icons. They are plenty big for touching, but smaller than the tiles on the new Windows Phone 7, which means more will fit on a home screen.

Storage. This device supports up to a 32 GB microSD in addition to the built-in 8 GB of internal memory.

Multitasking. When you really want to run other applications in the background, the Droid can do it.

Big screen. If a 3.8-inch screen seemed big, the Droid X’s 4.3 will seem huge….that is of course until you see the Dell Streak (that boasts a gi-normous 5 inch screen).

Turn-by-turn navigation. Droid is the only one providing the free turn-by-turn navigation that rivals that of a dedicated GPS device. The extra large screen on the Droid X also enhances the navigation experience.

Flash. Droid actually supports Adobe Flash – which the iPhone doesn’t.

Google integration. Naturally, since this is a Google product it is pretty fully integrated with Google’s services.

Infected PCs download fake antivirus

A massive takedown operation conducted by Dutch police and security experts at the end of October does not appear to have completely dissolved the Bredolab botnet that has created recent havoc, but it is unlikely to recover.

The latest look at the botnet by FireEye’s Malware Intelligence Lab shows that two domains are being used to issue instructions to infected computers. PCs that are infected with Bredolab are programmed to check in with certain domains in order to receive new commands.

One domain, which is on an IP (Internet protocol) address registered with a collocation facility in Kazakhstan, tells infected computers to download a fake antivirus program called Antivirusplus. Cybercriminals have found that fake antivirus programs can be a thriving business. If infected, users are badgered to buy the programs that offer little or no actual protection from threats on the Internet.

The second domain instructs computers compromised with Bredolab to send spam. That domain is hosted on an IP address assigned to a collocation facility in Russia.
The infected computers that are communicating with domains appear to have a variant of Bredolab installed. Malware authors frequently have to modify the code in order to avoid detection by antivirus software.

The Bredolab variant was submitted to VirusTotal, an online service that accepts malware samples and checks to see whether 42 different security software suites detect it. Tested were some of the most widely sold products from vendors such as Symantec, TrendMicro and McAfee. As of October 27, only one product detected it. The results, however, are not surprising: much new malware remains undetected for a short time. When vendors discover it, the sample is shared throughout the security community, increasing the chances that other security software will pick it up.

The main Bredolab botnet appears to have been taken out after Dutch police seized control of 143 command-and-control servers on October 25 and shut down their communication with infected PCs – which was estimated to total as many 29 million. A warning was issued to all infected computers by the Dutch police.

Working with Dutch police, Armenian authorities arrested a 27-year-old man on October 26 for allegedly controlling Bredolab. If he is extradited to the Netherlands, he could face between four and six years in prison.

The Bredolab variant that is still working may have come from the original Bredolab code, which may have been leaked and used by someone other than its author.

It is also possible that a portion of the Bredolab botnet was rented to some other cybercrimial gangs, who could then upload their own specific code to infected machines or use the computers for spamming.

Authorities have shut down most of Bredolab’s command-and-control servers, so that “a big portion of this botnet has been dismantled and is never going to recover”.

More arrests could be made because it is possible that some of the “bot herders” are still untouched and are committed enough to continue their operations even under extra scrutiny.

Most companies don’t satisfy every major segment of their customers.
This isn’t just true for certain types or sizes of companies but is a trait that can be seen across all companies. Its impact is obvious in how information, products and services are offered on websites. Typically, companies set their sites up in ways that make sense to their need instead of considering how their potential customers actually make buying decisions.

Most companies fall prey to the trap of using an array of general keywords for pulling traffic to their sites. What has been learned in recent research is that potential customers can’t be lumped into a single group – their needs and desires must be specifically articulated. This is especially true with websites and the search engine marketing (SEO) strategies that are applied to them.

Getting specific about the segments where potential customers shop is the best way to ensure that buying customers are attracted by keywords and that they go to the best places on websites to make their purchase decisions.

For example, instead of trying to attract people shopping for “automobiles” or “cars”, dealerships should name the types of vehicles people want to buy in their marketing strategies. Applying this to SEO, the dealership would use SUVs, crossovers and pick-up trucks instead of the more general terminology as the keywords that attract and guide visitors to their sites.

This takes more than guesswork. It takes an understanding of where website visitors go and where they spend the most their time. Website analytics (such as Google Analytics) should be used to gather this information. A comparison of analytics information to what is actually sold by their own businesses and by competitors provides a good measure of where their keyword attention should be focused. This can even help establish product or solution gaps and open up potential for new successful revenue streams.

Examinations of websites should work in tandem with keyword exercises. It is just as important to align website pages to correlate with the categories that appeal to customers as it is to identify and use the best keywords. Once visitors are on websites, they will leave if they can’t quickly find what they’re searching for.

Going back to the car dealership example, keywords of SUVs, crossovers and pick-up trucks should link to pages that are all about those particular vehicles – not a general automobile listing page.

It is also more effective to use keywords matching up to the search terms that customers would actually use. How many people use “automobile” terminology? In reality, they talk about “cars” and when they are shopping for one of their own they use the specific terminology for what they want to buy. Tools are available that help in targeting terms that are more likely used in searches (such as the keyword grader available to Google Adword users). These tools help to bucket keywords into segments so they can be appropriately applied to correlating website pages.

Developing a plan for SEO actually makes website development easier, not harder. There should never be any question about what needs to be created, expanded, or edited when the research is in hand to show what people are looking for.

BLADE (BLock All Drive-by download Exploits), the brainchild of researchers from College of Computing at Georgia Institute of Technology and SRI International, is positioned to help stem the tide of drive-by malware. A big deal according to Dasient.com – the company is tracking over 200 thousand different web-based malware threats.

What is the goal of drive-by malware?
“The goal of the drive-by exploit is to take effective, temporary control of the client web browser for the purpose of forcing it to fetch, store, and then execute a binary application (e.g., .exe, .dll, .msi, .sys) without revealing to the human user that these actions have taken place.”

Let’s look at how the researchers believe the process works.

The process
It all starts when a hapless victim stumbles onto a compromised official web site or possibly a knock off of an official site that’s serving drive-by malware. Next, the code injection process begins and consists of the following three phases:
• Shellcode injection phase: Code purposed to subvert the web browser is downloaded by exploiting a vulnerable component of the web browser.
• Shellcode execution phase: The downloaded code is then injected into the web browser process.
• Covert binary install phase: The web browser, now compromised, tries to retrieve malware from the attacker’s web server. That code installs on the victim’s computer and does all the damage we hear about.
The researchers also determined that drive-by malware somehow avoids the need for user permission to download and execute unsupported file type such as .exe, .dll, and .sys. With this information in hand, the research team developed BLADE.

BLADE’s design criteria
BLADE a browser-independent operating system kernel extension designed to prevent unauthorized content execution. This means BLADE intercepts all downloaded content that has not been okayed by the user and prevents it from executing.
To accomplish that, the research team implemented the following in BLADE:
• Real-time user authorization capture and interpretation: The key to BLADE working properly, user-to-browser interaction is monitored to capture information pertaining to a user authorizing a download.
• Robust correlation between authorization and download content: BLADE must be able to distinguish between user-initiated web-browser downloads and unauthorized ones.
• Stringent enforcement of execution prevention: Unauthorized content must not be allowed to execute.
• Browser agnostic enforcement: BLADE must not rely on how a web browser should work. This is critical, because new web-browser technology is introduced all the time.
• Exploit and evasion independence: BLADE must also be independent of any exploit that attackers use to subvert the web browser.
• Efficient and usable system performance: Web-browser performance must not be compromised, nor any delays allowed. In fact, BLADE should not have a perceptible impact on any computer operation.

How BLADE operates
To spot unsolicited download attempts, BLADE places the following processes in kernel space,
• User-interaction tracking: BLADE uses a screen parser, hardware-event tracer, and a supervisor to track the user’s physical interactions with the web browser, specifically when download authorization is asked for.
• Consent correlation: This process is required by BLADE to distinguish between transparent downloads and those requiring user permission.
• Disk I/O redirection: When BLADE locates un-authorized downloads, it redirects the code to a secure zone. The data is also prevented from loading into memory as an executable.

The following slide (courtesy of the research team) represents BLADE’s system architecture.

The key ingredient that makes BLADE work is its ability to discern whether the download is authorized or not. How that’s done is based on another fact about web browsers.

What the research team has found is that web browsers use a well-defined process to implement download confirmations. That means an application like BLADE, looking specifically for download authorizations, would only need a few examples from the different web browser in order to recognize most download authorization attempts.

The following slide (courtesy of the research team) explains how BLADE checks for authorization:

How effective is BLADE?
BLADE was tested using real-world circumstances as the following quote explains:
“Our testbed automatically harvests malware URLs from multiple whitehat sources on a daily basis and evaluates BLADE against potential drive-by URLs that were reported within the past 48 hours. To validate BLADE’s browser and exploit independence, each URL is tested against multiple software configurations covering different browser versions and common plug-ins. System call and network traces are used to test for missed attacks (false negatives).”

The research team has a web page at blade-defender.org that contains the results of their evaluation. Interestingly, their data seems to verify what other security experts have been saying about Adobe products:

According to the research paper, almost 19,000 trials have taken place, with zero false positives and zero false negatives. Meaning, BLADE prevented in-the-wild drive-by malware from installing in every case.

Not a cure-all
BLADE is designed to block drive-by malware that tries to write to the hard drive. Right now, that works, as a majority of drive-by malware uses that approach. But, security experts are aware of certain threats that reside in memory only and BLADE will not recognize them.

Then there is malware that installs by leveraging social engineering. BLADE is of no help, as the user willingly agrees to the download.
Finally, developers have expressed concern that BLADE may break legitimate applications like Windows Update that download software in the background.

Final thoughts
The research team’s work points out once again how important it is to keep the operating system and all applications up to date. With no vulnerabilities, drive-by malware cannot gain a foothold.