The following represents our current thinking on the use of computers in an organizational context from the user's perspective. It represents a starting point for an Information Technology Policy. As new threats emerge, portions may become obsolete. When in doubt, consult your IT professional.

Security

Just as you secure paper documents against prying eyes, so should you keep your computer secure. The Internet is a powerful resource, but it can be a trap for the unwary. The following suggestions are offered as guidelines for securing your computer.

• Computer related fraud
  • Phishing - fake emails lure you into a trap
  • Social Engineering - the old fashioned con game still works
  • Identity Theft - things you can do to protect yourself

• E-mail is now the most common route of virus infection. The best defenses are:
  • Antivirus with current updates (configure to update daily - when the computer is on - what's the good of setting it to update at 11 pm when you turn it off at 5 pm?)
  • A wary user - beware any message purporting to be from a collegue that doesn't seem right. Why would that person send you a mail that is out of character?
  • Remember - Your email address is precious - to a spammer.
    • Protect it - don't respond to spam (that verifies that the address is legitimate!)
    • When surfing the web, don't give your email address out without good reason
• Web Services can be extremely useful - or extremely annoying!
  • Web sites that ask you to register, then want to install "special software" (with or without your permission) are suspect. Two such particularly annoying "services" that many people find objectionable are Gator and Bonzi Buddy. The lure of these sites is that they will give you lots of wonderful freebies. The reality is that they will constantly interrupt you with junk, and may report your keystroke activity back to their owners.
  • We prefer leaner services sites. Google is our favorite. It is fast, helpful and doesn't overload users with junky ads.
• Internet connected peer-to-peer file-sharing services such as Napster and Kazaa are not supported. The legal status of many of these services is in doubt, they tend to use up available computing resources, and they are extremely susceptable to viral infections. We've seen users who could no longer save work related documents to their computer because the hard drive was filled with mp3 files saved by these services to any computer with free space.
  • Remember - your employer provides your computer to enable you to be more productive and better manage your job. Your workplace computer should only have those applications installed that are necessary for work. This makes it easier to maintain, upgrade, and reduces its vulnerability to viruses, worms, etc.
• Wireless LAN
  • Wireless LANs are inherently insecure, as anyone within reception range of a wireless device can intercept traffic.
  • Special pains must be taken to protect yourself against this threat.
    • The use of a personal firewall such as ZoneAlarm Pro is highly desirable.
      • If you use a cellphone modem or public WiFi network such as that provided at Starbucks, a personal firewall must be used.
    • Whenever possible, connect through encrypted means.
      • There is no security on a cellphone modem. You must use a VPN.
      • Wireless LAN - WEP 128 bit or higher is desirable. Though not perfect, this does vastly improve security.
        • Your IT staff will provide encryption keys and instructions if you use a company network.
        • If you are setting up a wireless network yourself, enabling WEP and then getting the pieces to talk to each other can be very frustrating, but it is an essential part of protecting yourself.
      • Some organizations may also use a VPN to increase the level of security with a wireless network.
  • Versions of wireless LAN
    • 802.11b (WiFi) is fairly stable and is currently the most widely deployed. It is used at Starbucks and many other public locations such as airports. Speed is up to 11 mbps. Problem: uses cellphone frequencies, so interference is likely.
    • 802.11a is faster (speed up to 54 mbps), but primarily used in a corporate environment. Uses higher frequency than 802.11b.
    • 802.11g has speed up to 54 mbps, but is backward compatible with 802.11b.. Problem: uses cellphone frequencies, so interference is likely.
    • Cell phone + modem = slow, but commonly used for mobility in most of the country. Problem: No link security.
• VPN (Virtual Private Network) They are a requirement when remotely accessing corporate files and resources within a corporate private network. At the present time, these are still expensive and difficult to configure. Ask your IT staff for help.
• What are "Trusted Computing", CBTCPA(the Hollings Bill) and "Digital Rights Management"?
  • Aren't they supposed to make computers safer?
    • Safer for whom?
      • You, the user?
        • NO!
    • Be VERY CAREFUL when you see terms like these on new software, videos or music!
      • Sony feels so strongly about protecting their music from their listeners that they are using viruses and/or trojan/rootkit software to prevent you from making copies! This allows anyone to freely attack your computer!
      • Microsoft is primarily interested in locking in their users to prevent them from using or installing competitive products to protect their profits!
      • Media content owners/providers do not want you to make copies of programming for your own personal use. They fought home VCRs tooth and nail, they succeeded in extending the copyright laws past a reasonable expiration, they want to stop you from using your Tivo, and so on.
    • Not to be alarmist, but the chain of trust must work both ways. You (the user) have an expectation that goods and services you buy or license will not be harmful to you or your property. Trust isn't just about protecting the vendor from a user who "just might steal something". Following that logic, we might as well all be incarcerated on the assumption that we might someday commit a crime and avoid detection.
• Copy protection, activation keys, dongles, etc.
  • Pros
    • Copy protection has helped game developers make money by slowing down the creation of bootleg copies.
    • Activation keys - small software companies need to make a profit. Activation is a good way to collect marketing data for sales of upgrades and additional products.
    • Dongles insure compliance with software licenses by limiting the number of instances of an application that can run at the same time.
  • Cons
    • Copy protection schemes - more trouble than they are worth. Back in the early 1980's the Apple ][ game "Wizardry" came out - with a disk protection scheme that was so effective that a large percentage of the legitimate retail copies could not be used out of the box. Some users were upset enough that they reverse engineered the protection scheme and "broke" the protection rather than demand their money back. When new episodes came out, the protection was quickly broken and unprotected copies freely distributed. (The company had a good product, but they were so concerned about preventing bootleg copies that they actually lost the good will of their customers and created a whole underground movement to "punish" them by making illegal copies minus the copy protection. Had they brought the price down under the "wince point" so a buyer would see more value in buying rather than finding a bootleg copy, they would have made far more money!
    • Activation Keys - Microsoft originally gave Windows 1.0 away to build/gain market share. Now that most users know Windows and they have a 90% market share, Windows XP shuts down if it hasn't been "activated" with a legitimate license after 10 reboots. This isn't in the users interest, just Microsoft's.
    • Dongles - lose the dongle, buy the software again... Want to use the application on another machine, move the dongle. If the dongle breaks, use of the software is stopped until it is replaced (which is $$).

Migration & Upgrades

• Email
  • HowTo - self help
    • Eudora - note: Eudora cannot currently be used with mail services whose SSL certificate is not recognized as having root authentication.
    • Mozilla Mail (includes Thunderbird)
    • Outlook
    • Outlook Express - We really don't like Outlook Express, as it has a very bad security track record. If you must use it, the instructions in Outlook may be helpful.
  • Why your email may be rejected by others.
    • You have been placed on a spam blacklist - your computer may be infected and used to send spam without your knowledge.
    • Your mail client may be improperly setup, or your organization needs to invest in a mail server. Some mail servers use a reverse authentication technique to block mail coming from unrecognized or mismatched addresses. If you send mail with a return address such as corporate.user@slmr.com that originates from spammer@pacificbell.net, the filter may reject the mail.
• Windows
  • Moving to Windows 2000 - Service Packs: Service Pack 3 has caused almost as many problems as it solved. This is because many vendors (including Microsoft) originally developed their software without security considerations, and some applications will no longer work when the machine has been updated. Service Pack 4 may have resolved some of these issues, but testing is a good idea...
  • Windows XP Professional - Now that XP Service Pack 2 has been released, this is the Windows to use.
  • Vista - stay away from this one unless you can afford to buy the fastest, biggest computer out there! It demands so much in computing resources that you will find it impossible to use on any machine without a dual core processor and at least 2 gigs of RAM.
  • Older versions of Windows
    • Windows 95, 98 or ME - really not acceptable any more. Terrible security for Internet users.
      • Upgrade to Windows 2000, or XP immediately!
    • Windows NT 4.0 - at least install Service Pack 6
      • NT 4 will run on old computers - as slow as Pentium 66, but it needs at least 32 megs of RAM. This may be your only choice for securing an old machine with Windows applications rather than trashing it.
  • Microsoft recently stated that 50% of the software that crashed Windows was developed by other vendors. Expressed another way, Microsoft's own software is responsible for 50% of the problems encountered when using it - not a very comforting thought for an operating system.
  • Alternatives - Linux variants are beginning to target the desktop. Some, such as Linspire (formerly Lindows), look and act very much like the Microsoft products, while others require more of an adjustment for users. All Linux machines can run a Windows emulator such as Wine, which allow the installation and use of many products developed for the Windows market (not 100% reliable - test before deployment). Don't bother to deploy a Linux distribution for the desktop on anything slower than a 1 GHz pc with at least 512 meg of RAM - it takes at least a 2gHz dual core machine with 2gb of RAM for applications to be responsive. Commercial distributions we've deployed include:
    • Ubuntu - finally makes installing Debian easy (selected for the One Laptop per Child project)
      • Kbuntu - KDE desktop
      • Edubuntu - for schools
      • Server - strips unneeded stuff for a fast server on an old piece of hardware. We suggest installing using Falko Timme's "The Perfect Setup" guide.
    • RedHat - the BlueCurve desktop was introduced in version 8, improved in version 9
      • Fedora is a free version for experimenters and power users
      • RH Enterprise is a fully supported corporate solution.
    • SuSE (Novell) - version 8.0 or newer with the KDE desktop
      • (IBM is working with both vendors to develop the corporate Linux environment)
    • Sun Solaris - top of the line unix based OS, now open source
  • Macintosh OS-X is an alternative that some organizations support, though licensing and/or hardware issues may limit deployment.
• Office Applications
  • Using Open Office - the open source version of Star Office. Uses internationally recognized open standard file formats to "future proof" your data.
  • Star Office - the commercially supported version of Open Office. It is 99+% compatible with Microsoft Office 2000 and offers far more value.
  • Microsoft Office - Office 2000 is still the recommended version. Office XP and newer versions have had issues as Microsoft moved to an XML like file format. Many corporate users are still using Office 97. Microsoft continues to keep file formats a secret, which limits ability to use with other software and may create future archive issues.
  • Sun Java Desktop System - a new approach to office productivity. For corporate, educational and non-profit environments concerned about costs, this application is subscription based to reduce the need for capital expenditure. (incorporates StarOffice 7, email client, etc. and runs from a server. Client computers do not have to be updated every few years - a 600 mHz machine (circa 2000) is perfectly adequate.
• Browser
  • Mozilla - best of Netscape with modern functionality.
  • Firefox - Now the browser of choice - a faster, leaner version of Mozilla.
  • Internet Explorer - Version 7 (XP only) is the most stable and secure. IE 6 offered improved multimedia at the expense of security, so it is not recommended. Check Windows Updates frequently for security patches.
• Security
  • Norton Antivirus - you could just as easily use another brand, the key is to keep it updated daily!
  • Zone Alarm - personal firewall
  • SpyBot (preferred) or Ad Aware (alternate) - free/shareware spyware scanners
  • Vulnerability Scanning - Nessus is a good example.
• Google Desktop
  • A whole new concept in portable office productivity - check it out! Takes the Terminal Server concept to the limit.

Tips
FAQ
Links
Planning for the Future

Product Licensing

• Each copy of computer software in use in the workplace requires a legal license
  • Company policy does not allow for the installation of personally owned software on a company computer without specific written authorization
• New computers have been purchased with an operating system license
  • Very new computers will have a Microsoft License sticker attached
  • Older computers came with a printed license - usually on the cover of a book
  • Upgraded operating systems require an upgrade license or contract
  • Exceptions - servers or workstations running Linux do not require attached operating system licenses
• The standard applications we recommend are:
  • Adobe Acrobat Reader
  • Eudora
  • Java Runtime
  • Mozilla
  • Norton Corporate Antivirus
  • Open Office 1.1 or higher
  • Quicktime Lite
  • SpyBot
• Additionally, some users may have a demonstrated need for:
  • Microsoft Office 2000 SBE
  • Microsoft Office 2000 Professional (Access users)
  • Star Office
  • WinZip
  • Zone Alarm
• Other applications:
  • Users who have specific demonstrated need for other software may purchase a limited number of licenses for that software subject to approval of a Director. It is the responsibility of that Director to insure that there are an adequate number of licenses for that product.
    • Specific departments with such a demonstrated need are:
    • Finance - accounting software
    • Publications - graphics & publishing software
    • Engineering - CAD and analysis software

Desktop Computer Allocation

Companies have a limited capital equipment budget, but recognize that employees need adequate computing resources to be able to work productively. You should be making every effort in the year 2003 to replace every computer purchased before 1998 as your budget allows. This should NOT be considered a one-time upgrade, but a rolling expense. Plan to replace 20% of your computers every year. Why? because you need to maintain compatibility with the rest of the business world, and newer applications tend to require more computing power.

Year of purchase	Processor Type	Processor Speeds	Memory range	Hard Drive size	Typical model
2003	Pentium IV	2.8 gigaHertz	512 meg	80 gigabyte	Dell Precision
2002	Pentium IV	1.4 gigaHertz	256 meg	30 gigabyte	Dell Optiplex
2001	Pentium III	700 megaHertz	128 - 256 meg	18 gigabyte	Dell Dimension L
2000	Celeron	566 megaHertz	64 - 128 meg	9 gigabyte	Dell Dimension L
1999	Pentium II	400 megaHertz	64 - 128 meg	4 gigabyte	Comp USA
1998	Celeron, K6-2	333 megaHertz	32 - 128 meg	3 gigabyte	Gateway G6-333c
1997	MMX	233 megaHertz	32 - 48 meg	3 gigabyte	Compaq 4540
1996	Pentium, K6	166 megaHertz	16 - 128 meg	2 gigabyte	Generic tower
1995	Pentium	133 megaHertz	16 - 128 meg	1.6 gigabyte	Packard Bell D141

The Food Chain - Our IT/Operations staff has devised a method of allocating new computers to those who have demonstrated the most pressing need for upgrades. Generally, Administrative Assistants and Finance clerks need newer computers than users who only read email, web surf, and create occasional documents. As of 2004, the following chart was useful for allocation planning.

Really well financed IT organizations may choose to group deploy (replace all the computers at once) rather than use the food chain. This has some real advantages. It simplifies maintenance/training and assures a level playing field for all workers. It also allows for volume pricing and a reduced spares inventory.