A little while ago on our facebook page we advised of a new scam which was doing the rounds. It seems to be ramping up and so we just thought that we would remind people about this latest nuisance.

The scam basically works like this:

1. Some one will ring you on your home or mobile phone and claim to work for a software company like Microsoft or McAfee.
2. They will tell you that they have detected a problem with the security of your computer and that they need you to install a patch or new program to protect it. They will help you do do this over the phone.
3. When you install the program (normally some sort of claimed "security software") it will then pop up lots of annoying reminders saying that you need to purchase it.
4. The software serves no useful security purpose, and between annoying you into paying for it, also seems to take the opportunity to embed itself into your system so you can't remove it.

So the short version is the bad guys con you into installing something on your computer which then annoys you until you pay it some hush money to make it go away. Needless to say the software is hard to uninstall - certainly beyond most people's skills.

At this stage all the reported cases we have heard about involved someone with an obviously foreign accent so that is one thing to keep in mind. But there is an overall message to consider here about scammers and the tricks they are using - when some person's or business's behavior doesn't line up with what you would think of as normal then you probably need to be more skeptical than usual.

In this particular case - have you ever had a software company call you to tell you that their software isn't working? If you've ever rung a software company to tell them their software isn't working you know they barely have enough people to answer the phone, let alone make outbound calls.

Well we seem to keep on batting 1000 and customers love it. For the last quarter of 2010 we once again managed to attain a 100% satisfaction rating from customers for home services via our anonymous survey process.

Among the positive comments was this one:

Mike was especially helpful - fantastic work!!!

If your home computer is giving you grief save yourself a whole lot of time and aggrevation and let us get it back to its old self for you.

ZDnet is reporting that some businesses are losing thousands of dollars in attacks against poorly protected VOIP services.

The way the scam works is that the hackers use the Internet to break into a company's VOIP service, and then use the VOIP service to make calls to premium overseas numbers (pay per minute) etc. They collect the revenue from the pay per minute service while the company is left with a massive bill. It's yet another inventive way to use the Internet to try and rip people off.

The scam often works because it crosses International boundaries and because Telcos can be remarkably unsympathetic to the plight of customers who have quite obviously had some funny business happening on their phone system.

So - how does a business protect itself?

First things first - while VOIP is about telephones it's also just as much about computer networks - your telephone and network people need to work together.

Secondly - you need to take advice on which ports etc to leave open from your security, firewall and network people, not your phone people. No offence to the phone people but in general they know next to nothing about network security.

Third - if you are exposing your own hosted SIP service to the Internet it would be well worth getting some vulnerability assessment and assurance performed.

Finally - as always good operational monitoring provides the final backstop. Not only is there a good chance you would pick up the increased network traffic, but it will also help you manage your ICT more effectively.

Keeping with our standard practice we have launched a facebook page, years after it was cool to do so... If you're on facebook, click the link below and hit the "Like" button to keep up to date with what's going on at Green Light IT.

We will be keeping the facebook page up to date with some of the less formal stuff so please drop by and take a look:

"The only thing more iritating than someone that changes their mind every 5 minutes is someone that never changes their mind"

Green Light IT has an almost unique problem among ICT service providers - our customers are with us long enough to see us change our minds and our positions on things like new technology and new approaches. As always these changes can lead to questions and concerns.

Firstly let's establish why our position has to change:

The IT industry is awash with new ideas and for the forseeable future likely always will be. And for every new approach/idea/gizmo/program (we are going to use the technical term "thing" for the rest of the article) that succeeds and goes on to establish a place for itself 10 "things" (or more) fail because of:

• Insufficient take up.
• Being all sizzle, no steak.
• Under-estimating the complexity of the problem.
• The cure being worse than the illness.
• Lacking reliability and sound support.
• etc.

So, to put it succintly there really aren't any silver bullets but every now and then a new approach/idea/gizmo/program arrives which is useful and thinking needs to change.

What Green Light IT customers probably don't realise is that by the time we announce a changed position to them we will have looked at the issue from every which way we can.

Here are some of the principles we try to use when looking at new "things":

1. Proven - Have enough people tried it and gotten the results they were expecting?
2. Cost Effective - Does it solve a real problem for less than what the original problem cost?
3. Reliable - Does it create a system that you can expect to work?
4. Longevity - Are the people that make and support the "thing" likely to be here tomorrow?
5. Utility - How well does the "thing" do what it should, and how else might it be applied?
6. Risk - Can the "thing" be tried at reasonably low risk? Is a back out position possible or is it all or nothing?
7. Security - Does the "thing" take a new and potentialy dangerous approach.
8. Unintended Consequences - What are consequences of using the "thing"? Does the customer understand and expect these consequences?
9. Inevitability - Is the "thing" going to become the new standard whether the customer likes it or not?

As you can probably guess by looking at the list of considerations "things" normally need to be around for a little while before you can assess them in the positive - this does tend to mean we don't recommend our customers getting on the bleeding edge. It's not like we aren't interested - we are always staying across new technologies/approaches (just the other day we had a heated debate about using Solid State Drives for a customer's database server), however we don't tend to change our position until we think there is a sound case for believing the new "thing" is better than the old "thing".

The upside to this for customers is that they get solutions that work. They might not be the latest solutions, but they are ones we know can be relied on.

For the Jul-Sep quater we have once again received a 100% satisfaction rating from our home service customers.

Some of the comments over the last quarter from happy customers included:

"Great Service. Fixed all my computer issues and dealt with DELL for me! Great fast service & not on hold for ages."

"I was very happy with the service. I will use Green Light IT again in the future if need be. Thank you!"

"[Have already] recommended you to a lot of people - have been very happy with the service thanks"

"Outstanding Service"

Glad to hear we are still delivering the goods.

This is old news for most of our customers, but Green Light IT is merging with the Saltbush Group.

Green Light IT will be forming the new service delivery arm of the Saltbush Group called Saltbush Solutions.

The Saltbush Group is a Canberra based, but Australia wide ICT firm providing services in Consutling, Security, Development, Assurance, and now through Green Light IT, Service Delivery. With over 60 consultants it is Canberra's fastest growing ICT firm.

We will be continuing to call ourselves Green Light IT, some of the time... the rest of the time we will call ourselves Saltbush Solutions. You can call us either - we don't mind.

As we go about helping organisations we see a lot of virtualisation being used to save money on server hardware. But we are also seeing plenty of virtualisation used in ways that is going to eventually cost more than it saves. In short we are seeing some organisations suffer the midrange explosion that we warned about in our previous blog post.

That is - the idea of "free" servers is sometimes leading to the deployment of servers for roles of dubious value.

"If the server is free what's the harm?" I hear some readers ask. The problem is it's not what the server costs to buy that matters, it's what it costs to own. Further, as you add more and more computer systems complexity can have an amplifying effect on the cost of ownership of systems deployed.

When an organisation has to pay for "tin" upfront this acts as a natural restraint on over provisioning. When servers seem to be free sometimes this restraint is absent.

So, here is the 10 second test that will save your organisation thousands. Before you add a new virtual server for any ongoing production role to your design or architecture ask yourself this question - "If I had to pay for the tin would I still design it this way?"

If the answer to that question is not a solid yes then you need to re-think your approach.

Got an infection that just wont go away?

Has your computer got a virus that just wont go away? You've tried disinfecting it, scanning it with different anti-virus scanners and had a friend (or us!) look over it and for a little while it seemed okay, but then it all went bad again?

In this blog post we talk about 3 other possible problem sources that you might need to check.

Other Computers

If you have other computers on your home network then they are a potential source of the infection. It's a bit like having nits in the house - to eliminate the virus completely you will need to isolate all the computers and individually disinfect them before reconnecting them to the home network.

Don't forget to pay particular attention to computers that connect wirelessly. In these cases it is easiest to either turn off the wireless access point, or disable the wireless adapters on the affected computers.

As a general rule if one computer on your home network is infected it is fair to assume they will all need some attention (if they are all Windows computers).

Infected Router

It's possible that the problem isn't your computer at all, it's your Internet router instead.

Some older Internet routers have security flaws that allow hackers to break into them over the Internet. In these cases a hacker may have broken into your router and reprogrammed it to direct your computer to sites were it gets infected. Needless to say this affects all computers on the network.

If you have an older router (normally anything less than 3 years old is unaffected) and virus infections keep on coming back it is probably worth replacing your router, or at least reloading the firmware and changing the default passwords (for many people buying a new router will be much simpler).

Pretend Anti-Virus Software

Sometimes people find themselves being tricked into installing anti-virus software which really isn't anti-virus software. As a general rule of thumb if a site pops up a message saying "your computer is at risk" or something similar, it is selling "junk" anti-virus software. Rather than stopping viruses this software often does the opposite and loads software you don't want on your computer.

If you don't have any anti-virus software, and you use your computer just for home use we strongly recommend AVG Free Edition. Even if your computer is used for work the commercial version is good value.

And if none of that helps we can always have a look at your computer for you. Our fixed price service includes a deep-scan anti-virus check which eliminates viruses that onboard AV scanners can't get rid of.

Everyone seems to want you to remember a new "secret" so that they can identify you don't they? Whether it's a PIN for a credit card, a password for a social networking site, someone wanting you to create a login to read their news content or eCommerce the proliferation of "passwords" that the average person needs to remember continues to grow.

To come straight to the point there are now too many for all, except those with a photographic memory, to remember them all, and for the moment it is likely to get worse before it gets better.

Here are some tips on how to manage your multiple passwords to stop yourself from going insane.

Break your passwords down by importance

The first thing to do is understand that some passwords are more important than others - an easy example is that your online banking password is much more important than your online forum password. This probably seems obvious enough, but it is important later on as we discuss some of the strategies.

Passwords can be thought of as three broad categories:

Low Risk - passwords to accounts which if compromised are unlikely to cause you any significant harm - like a password you use for an online forum where you use a handle (a non de plume, or made up identity if you will).

Medium Risk - accounts where you might be embarrassed if they were disclosed - e.g. an account for an online community where you are known by your true name e.g. facebook, myspace, etc.

High Risk - accounts which could harm you or your finances if disclosed, and which a criminal would likely target such as ebay, paypal and online banking. It is also appropriate to consider passwords which protect other people's information at this level - i.e. your workplace passwords.

Using the Same Password in Certain Situations

The first strategy for managing online passwords is to, in certain circumstances, use the same password for different sites. This is normally pretty safe for low risk passwords. You might, depending on your appetite for risk, want to use one password across all your "medium" risk accounts as well (but a different one to your low risk accounts). You should never use the same password across high risk accounts.

Write some passwords down

In the office you may well have been told to "never write down your password". There's some wisdom in that position, and for a password you use almost every single day like a login to your work it really shouldn't be necessary. However, the problem is that many of your personal passwords aren't used every day - you might only use them once a month or less.

Writing down some passwords is okay under certain circumstances. Firstly - the bit of paper you record them on needs to be secure, and non obvious to others (not a post it note next to your computer, not a list in the first draw of your desk next to your computer, etc). Secondly, you should be really careful about writing down high risk passwords - in general it isn't a good idea. Thirdly - you must comply with the rules of anyone that controls the system the password controls access to - so don't write down your office password and then blame us when you get in trouble with the boss.

Use Your Web Browser Auto Login for Low Risk Passwords

Most web browsers are able to remember login details for you. For low risk, and medium risk accounts, depending on your appetite for risk you can let your web browser remember the login details for you. While this can create problems when you change computers that is a fairly infrequent event and will save you a lot of trouble in the short term.

Make Up Temporary Accounts for Sites Requiring Registration

Sometimes sites will require "registration" before they allow you to access information. Several online newspapers have moved to this model, and there are others. However many of these sites also allow logins to persist between browser sessions so you only need to "log in" the once.

So make up your registration details, login, and then forget the details. If you ever get locked out you can use their password reset process, or just register another account.

So there's a few thoughts on strategies for how to manage lots of passwords. Watch this space for advice on how to choose a good password.

*** Note - this is advice for Home Computers ***

Customers frequently ask us what tools we recommend to keep their PC safe. Here's our recommended list for home computers - all the tools have free versions (at least for home use) and in our opinion are better than other offerings in the space, which pretty much removes any good argument not to use them:

Anti-Virus

Yes you need an anti-virus tool - our first pick for home use is AVG Free Edition which is free for non-commercial home use - you can download version 9 here.

AVG Free is effective, but light weight so your computer still has some capacity to do the stuff you ask it to.

* A word of warning - computers run really badly with two anti-virus products installed, so if you are going to use AVG make sure you uninstall whatever you are currently running first.

Anti-Spyware

Having a dedicated piece of Anti-spyware is a good choice. Anti-virus and anti-spyware are different jobs, and combined tools don't do the job as effectively as dedicated pieces of software.

In our opinon the best tool in the space is malware bytes. There is a version you can pay for, but the free one is perfectly adequate. You can get both versions at the malware bytes web site.

A Better Browser

Your choice of web browser can make a substantial difference to the security of your PC. If you go with the mainstream choice (like Internet Explorer) you will be using the most widely targeted piece of software around. However, if you go too far from the mainstream (for example Chrome) you may find that websites don't work properly.

In our opinion the stand out product in the space is Mozilla Firefox. Needless to say it is free. It's also the second most widely used browser after Internet Explorer, so you aren't wandering too far from the mainstream.

You can download Firefox from the Mozilla website.

Internet Filtering

We think the best product in the space isn't actually a product - it's a service - Open DNS. The Open DNS project is designed to use the power of collaboration to identify potentially dangerous and offensive content on the Internet.

By configuring your PC to use the Open DNS servers you can then use their categorisation system to help keep your PC safe, and better, keep young eyes away from inappropriate content. Our blog post on Open DNS explains how it works in a little more detail and how to configure your system.

There is one other thing you should do to keep your PC safe. Backups - no one likes to hear it, but they are really important.

Backups can be approached in two ways - files only, or complete system backup. We will talk some more about these in the near future.

For quarter 4 2009 Green Light IT has once again achieved a 100% Satisfaction rating with our home service customers.

Between the first of October and the thirty first of December 2009 home service customers once again gave us a 100% satisfaction rating through our after service survey process.

Here's what some of our customers had to say about Green Light IT Home Services between October and December:

"The service and follow up contact and explanation was excellent. I would have no hesitation in going back to Green Light IT and recommending the business to others based on my experience" - Heather, Weston.

"Helpful service, prompt and clear. Will certainly recommend to others." - Luca, Richardson.

"Pickup up and drop off feature is a real plus." - William, Greenway.

"It's about time somebody provided this service." - Norman, Evatt.

"The time for pick ups in the early evening is really convenient and the next day turnaround is brilliant." - Justine, Bonython.

"I was very pleasantly surprised at the friendly and professional service and that everything was explained to me simply and clearly." - Kaye, Scullin.

Needless to say we are always pleased to hear that we are keeping our customers happy.

Green Light IT Home Services Surveys are sent to every Home Services customer. Customers are able to comment anonymously (if they wish) on our services. Our return rate is approximately 50%. Names and addresses have been changed to protect privacy but comments are faithful reproductions of customer comments.

Green Light IT will shortly be moving to our new premises in Albany Street, Fyshwick.

Our new address will be 2/1 Albany Street, Fyshwick (behind Kennards) but our phone and postal address will remain the same. We will be taking advantage of the summer lull to move into the new premises over the next couple of weeks, and anticipate operating from the new location from the 25th of January.

The new office is the former premises of an alarm monitoring company, and so has been constructed to a very high standard of physical security - in fact we have taken to calling it the bunker, but we will have to see if that name sticks. If you want to see what we are on about please feel free to drop by from the 18th of January.

And as a bookend for the year we have now met our Carbon Neutrality Policy (announced here).

At an operational level we are now carbon neutral and would urge all other businesses to consider taking a similar stand on this important issue.

Over Christmas Green Light IT will be taking a break will be closing on the 23rd of December, and re-opening on the 4th of January.

Feel free to leave us a message on the phone or drop us an email over this time. All the best for Christmas and we look forward to talking to you in 2010.