CTO Tech Blog

First of all, thank you Marion for suggesting this week’s topic.

In a few days we will begin the year 2010.  Many people around the world start the year with at least one resolution with the hope of improving themselves or their lives in some way.  I’ve made my share of resolutions to exercise more, eat better, and many other well known promises, so this year why not do something a little different.  This year it’s time to take care of our computers and the data that we have stored on them.

Backups: I keep talking about backups because I’ve seen way too many businesses loose data when it could have been avoided.  We need to be 100% sure that our backups are running, that they are backing up the right data, and that they are restorable.  Many backup software applications have the ability to email someone if a backup fails, but that feature is often not set up.  Take the time to configure and test the notification.  Even with proper notifications configured, it’s a good idea to look at the logs at least once a week in case something got missed.  It’s a good idea to review the backup selections on a regular basis as well.  I would suggest a monthly or quarterly review of what is being backed up compared to what you have stored on your PC or server.  Unless you have very strict control about where files are stored, it’s possible that someone has created a new folder structure, possibly for an important new project, that is outside of the structure that is being backed up.  Finally, test your backups to see if they can be restored.  If you are checking backups regularly then you should only need to test the restore function once a year or when there’s a major change to a computer, but that once a year is critical.  There are many possible reasons for restores to fail so the only way to be sure that you’ve accounted for everything is to test it. 

Archiving: The price of storage and backing up data is getting less and less expensive, but why back up the same data over and over again?  If you have old pictures or documents that you don’t need regular access to copy them to DVDs and store copies in a safe deposit box or other safe location. This will not only ensure that you have backups of your data, but may help you avoid buying a bigger hard disk as well.

Defragmenting: Whenever you install a program or save a file on a computer the bits and bytes that make up the program or file are stored on your hard disk.  As files are created and deleted they leave gaps of unused space on the hard disk.  New files try to fill those gaps and may be split up into smaller chunks to fill multiple gaps.  The result of this after a period of time is that the hard disk may have to jump from one location to another to pick up all of the pieces of a file when you request to open it.  To help combat this fragmentation, Microsoft has included a ‘defrag’ program with Windows.  By default you can find the Disk Defragmenter on your Start Button under Programs -> Accessories -> System Tools.  When you run the program it will scan your hard disk and recommend if a defragmentation should be done.

Desktop Cleanup:  If you’re like me, you save anything you are currently working on to your desktop so that you can easily find it.  Unfortunately I seem to have trouble moving or deleting many of the items once I’m done with them so my desktop gets cluttered.  Apart from the obvious effect of making it harder to locate things, a cluttered desktop also impairs performance.  Move those saved documents to a folder in My Documents and delete shortcuts to programs that are also available in your Start Menu.  Yes, that goes for Mac users too.

This year lets all resolve to make our computers healthier.  A little bit of work up front and a few good habits can reduce stress by helping avoid potential problems and increasing performance.  Of course that doesn’t mean that we can give up on our diet and exercise programs.

Deciding who to call when you have a computer or network problem can be a very difficult task.  Labour rates are probably one of the biggest factors, but certainly not the only factor.  How do you know that the person you’re calling has the knowledge to correct the issue properly?  Many people admit to knowing very little about computers, so they can easily be impressed by anyone who knows more than they do.  So the question is: What criteria can an average person use to determine the skill level of a given company or technician?

The computer industry has many certification standards with varying levels of value to different types of clients and businesses.  The first widely received and respected certification in the industry was Novel’s Certified NetWare Engineer (CNE) certification.  Probably the most well known today is Microsoft’s Certified System Engineer (MCSE) certification which focuses on Microsoft server software.  Both of these certifications test knowledge on specific operating system functional knowledge and configuration techniques, but both lack the ability to test real world troubleshooting ability, communication skills, experience, and basic computer and network knowledge.  In the late 1990’s with the dot com boom and growth of IT, the industry became flooded with people who were referred to as “paper CNE’s”.  This term referred to people who were good at writing tests and absorbing book knowledge, but who ultimately did not have the necessary skills to support computer systems and networks.  As a result both of the above mentioned certifications lost a great deal of credibility.  In addition to this trend, many software and hardware manufacturers started to look at their certification programs as profit centers instead of break even service programs.  The Computer Technology Industry Association (CompTIA) saw the gap between  the manufacturer specific certifications and created the A+ certification to test basic knowledge, communication and troubleshooting skills, and has since added a number of other more focused certifications in areas such as networking, servers and security to name a few.

While certifications do have some value for someone looking to find assistance, there are better measures available.   Reputation is probably the best test of a person or company’s skills.  If someone is recommended by a trusted source with firsthand knowledge of someone’s abilities, then a foundation of trust has been offered.  Experience, while sometimes misleading, shows that a person has been able to stay relevant in a changing and challenging industry.   A company with a varied technical team and a culture that promotes collaboration will offer the combined experience of the team which enhances their ability to address a wider range of technology challenges.  Communication is also an important quality.  The most important step in troubleshooting a problem is understanding what the problem is.  You should feel comfortable that the person you are dealing with has taken the time to fully understand what the issue is that they have been asked to address.  Computers are complex devices with many variables that can affect how software, hardware, and humans interact.  Unforeseen problems will arise regardless of a technician’s skills and experience, so it is important to know how these problems will be addressed as well.

There are always exceptions and exceptional people so these are merely guidelines to help put you on the right path.  Everyone’s specific needs are also different so there is no one company or person that would be considered the best or “guru” in all cases.  Select someone who you feel will meet your needs, but don’t be afraid to change if they are not a good fit.

One of my earliest blogs was about security and I made a point of deterring people from going to web sites other than the big name, well known sites.  I was a little surprised that I didn’t get many emails telling me that I was being overcautious.  I did get one message pointing out that a large part of the value of surfing the net is finding new sites with new information.  I agree.  Is that contradictory?

I’m guilty of doing exactly what I said shouldn’t be done.  When I search for information I frequently click on links to sites that I’ve never been to belonging to companies I’ve never heard of.  I’m not immune to malware, but I do have a few tricks and tools up my sleeve to help make sure I’m protected.  The first and most important tool is education.  I’ve spent a great deal of time since I started this career learning about the methods that hackers use to attack computers.  This knowledge has helped me to develop habits that make me a less likely target for hackers.  While I believe that nothing will completely protect someone from malware and security breaches, I’ll share some tricks and tips that will certainly help.

First of all, any computer connected to the Internet should be fully patched and protected by firewalls.  Yes, that was plural.  Data travels between computers and the Internet in two directions.  Home and small business routers by default block all traffic coming in, but allow all traffic outbound.  They can typically be changed to block all but the necessary outbound traffic, but this requires quite a bit of knowledge and management to implement and maintain.  For outbound traffic I recommend a personal firewall such as the firewall built into recent versions of Microsoft Windows.  This firewall will typically prompt you if a port or program is blocked so that you can consent to allowing access.  If you don’t know what’s asking for access it’s best to say no.  My experience is mainly with Microsoft products, but patching applies to every operating system available today.  For Microsoft Windows, I recommend turning on automatic updates and checking to make sure that updates have been applied at least once a month.   Of course all computers should have up to date antivirus software installed as well.

Once you have this basic protection in place you’re ready to open a web browser.  If you’re searching for information there are many search engines available.  I like Google, but feel that it’s a personal preference, not because of any technological advantage.  When you get your results, look at the URL that is linked.  Most North American domains have a .com, .net, .org or .ca although there are some other new ones gaining popularity.  Phishing and hacking sites are often hosted in countries where law enforcement is not as likely to catch them, so unless you’re looking for something specifically in China, avoid domains ending with .cn for example.  Once you’ve clicked the link, if you see a lot of pop-ups or the page is not what you expected; leave.  Close your browser and any pop-ups.  It may already be too late, but there is a chance you’ve been quick enough to avoid a “drive by download”.

The Internet is a wonderful tool, but like anything popular it attracts people who hope to profit from people who don’t know how to protect themselves.  If you leave your purse on your car seat and your windows down, chances are that it will be stolen.  Basic protection will help avoid the majority of threats.

Basic Business Systems entered the internet backup market about four years ago.  At that time most companies relied on magnetic tape to backup their data and home users either didn’t backup at all or just burned important files to CDs on a regular basis.  Our experience has been that tape backups can be very unreliable for a number of reasons.  Probably the biggest problem with tapes is that someone has to put them in the tape drive every day.  We found that in some cases people didn’t realize they should be doing that or just became complacent and eventually forgot about it.  The other big issue was reliability.  Tapes have a finite life and because they have to move to work they and the tape drives are subject to wear and contamination.  Backups should be checked every day to ensure that they were successful and they really should be tested regularly to verify that the data can actually be restored.  On more than one occasion we were called in to help a company that had a drive fail only to find out that their backups were either very old or non-existent.

Internet backups have helped address most of the challenges we faced, but also presented a few new ones of their own.  The first step to simplifying and increasing the reliability of backups was to remove the human factor for our clients.  Internet backups, or remote backups, store the data on a remote server that is always available eliminating the need to change something such as a tape.  By hosting a number of clients on a single server we were able to build in redundancy that would not have been cost effective for any one client.  This meant that there was clearly a need to encrypt the data to protect it from being accessed by someone other than the owner.  Even transporting the data across the Internet would require encryption to protect it from being read while in transit.  Our approach was to set everything up then allow our clients to set their own password to generate the encryption key.  The encryption key was then used at the source to modify the data to an undecipherable state to be transported and stored on the remote server.  In the event that they needed to restore data, the encrypted files would be copied back to the client’s server and unencrypted using the same key.  Although remote backups are substantially more reliable than tape, they are not infallible.  They do have an advantage over many backup solutions in that they can notify someone if there is a problem.  This could be anything from a corrupt file to an internet connection failure.

For most people, the speed of their Internet connection has increased substantially over the past few years.  Even with the new technologies and lower costs it can still take many days to backup an entire file server to the Internet.  It is not difficult to backup the server to a portable hard disk and ship it to the backup host in many cases, but you would still be faced with getting all of that data back locally in the event of a major failure.  My recommendation would be to keep a copy of the server backup in a safe location which can be restored as needed, then updated with current data from the online backup.  For home users, it may make more sense to keep important files like family photos on CDs or DVDs in a safe deposit box and only backup current data to the Internet.  This makes sure that your backup is as current as possible while keeping the cost more manageable.

Even if you feel that Internet backup is not for you, please check your tapes!

When I started working in the computer industry the term “crash” had a very specific meaning that has now come to encompass just about any computer related problem.  Early computer hard disks were large units about the size of a filing cabinet.  Data was stored on 16 inch diameter aluminum platters coated with iron oxide that could be magnetized by spinning them under a recording head.  This head floated on a cushion of air while in use, but a certain amount of vibration or contamination in the air would cause them to touch the platter or “crash”.  Since the outward effect of a head crash is the same as many other computer failures from a user’s point of view the term “crash” has become the defacto standard of description.  There are many other terms that are not as familiar that I’d like to try to shed some light on.

Malware, mentioned in a previous post, is a term that encompasses a group of malicious or unwanted software.  I would think of malware as anything you didn’t mean to install on your computer, but got there anyway.  Malware rarely performs any function that is to the benefit of the user and includes the following:

·         Virus – Describes software that, when run, replicates itself to other locations

·         Worm – Describes software that actively replicates itself over a network

·         Mass mailer – Is software that sends email to large distribution lists often taken from a user’s email program

·         Trojan – Can be found in many forms, but will always entice the user to run it by misleading them.  For example; a user could receive an email with an executable program that is supposed to be a Christmas greeting, but in fact contains a virus

·         Rootkit – Is a set of tools which is installed on a compromised computer and is used by hackers to control it without the permission on the user

·         Back door – Describes a program that allows a hacker to bypass the security on a compromised computer

·         Spyware – Describes any software that collects and transmits information about a user, something a user has typed or their computer usage habits.

·         Hacker – A person who uses malware

In the world of email there are a number of terms used, many of which I spoke of in my blog on spam.  Here are a few common ones:

·         Relaying – Sending mail to someone through a third party to disguise the source

·         Spoofing – The use of someone else’s email address as the “reply to” address

·         Directory harvesting – Many email messages are sent to random addresses to see which ones go through (are valid) and which don’t for the purpose of creating valid email address lists

 These are but a few of the common terms used in computing.  If you’ve heard a term and wonder about its meaning or origin please post a comment.