Go green: Shut down idle PCs

March 8, 2008 – 3:26 PM

Q. I’ve heard that frequently turning my computer on and off can hurt the performance of internal parts. But I don’t want to leave it on all the time either and waste power. What’s the best course?

A. While it once might have been true that computer hard drives or power-supply systems could be degraded over time by turning the machines on and off, there’s little reason now not to go the green (and money-saving) route: Shut things completely down if you’re not going to be using your PC for many hours.

Recent tests at Canada’s University of Waterloo found that computers with Pentium 4 processors running at 1.7 gigahertz drew 110 watts of electricity while booting up and 60 watts when they were on but idle. A 17-inch cathode-ray tube (CRT) monitor added an additional 75 watts. Newer, flat-screen LCD monitors use about half as much juice as CRTs.

In a sense, then, the PC isn’t a big juice hog. A microwave oven devours electricity at a rate of 750 to 1,100 watts, according to the U.S. Department of Energy.

PCs in power-saving standby or sleep mode have even less of a presence. In the Waterloo tests, they were draining 35 watts. That’s roughly equivalent to three clock radios.

But add up hours of standby time, and multiply that by the millions of computers in the world, and it is some serious electricity.

In fact, microchip maker Infineon Technologies AG, which is working on making electronics’ sleep modes more energy-efficient, estimates that a mere 1 percent decrease in standby power consumption would save the nation 360 megawatts — the equivalent of a medium-sized power plant. Put another way, 10 percent of an average home’s electricity consumption comes from machines of some kind sitting on standby, said Infineon spokesman Saswato Das.

Dell Inc., the world’s leading seller of PCs, has no official position on whether its customers should leave the machines running or not. Leaving computers on all the time doesn’t erode their performance, but it doesn’t appear that turning them off and on does either, because the reliability of key parts has improved significantly, spokesman Lionel Menchaca said.

“There used to be a bigger difference in terms of wear and tear when you power up your PC, but it’s not as much of an issue now,” Menchaca said.

After the tests at Waterloo, Manfred Grisebach of the university’s information systems and technology group pointed out that hard drives that never get shut down seem to live a long time. But, he said, so do drives that get shut off all the time.

“What we can’t say is which last longer,” he said.

http://www.cnn.com/2004/TECH/ptech/07/28/good.question.ap/index.html

Companies step up e-mail surveillance

March 8, 2008 – 3:25 PM

Large companies are now so concerned about the contents of the electronic communications leaving their offices that they’re employing staff to read employees’ outgoing e-mails. According to research from Forrester Consulting, 44 per cent of large corporations in the United States now pay someone to monitor and snoop on what’s in the company’s outgoing mail, with 48 per cent actually regularly auditing e-mail content.

The Proofpoint-sponsored study found the motivation for the mail paranoia was mostly due to fears that employees were leaking confidential memos and other sensitive information, such as intellectual property or trade secrets, with 76 per cent of IT decision makers concerned about the former and 71 per cent concerned about the latter.

Porn and ropey jokes still figure on the list of concerns for execs, though, with 64 per cent admitting to worrying about “inappropriate content and attachments” on the e-mails. What worries those in charge of tech most about their staff e-mails differs depending on the size of the business, the study found.

The smaller the enterprise, the more likely it was to worry more about attachments and less likely to be troubled by the possibility the e-mail won’t be up to compliance standards set by Sarbanes-Oxley and other legislation.

Understandably, with Basel II and similar looming, financial services was the vertical that is the most concerned with meeting compliance targets–as they should be, it appears.

A survey of UK financial institutions found that around half would be unable to find an e-mail over three years old; storing e-mail is a key demand of the new legislation.

http://zdnet.com.com/2100-1105_2-5276512.html

Dropping Internet Explorer

March 8, 2008 – 3:24 PM

Last week, InfoWorld columnist Oliver Rist recommended that you stop using Microsoft Internet Explorer as your browser. He had good reason: The latest vulnerability reports point out some significant security holes in IE that aren?t going to be easily overcome.

According to Rist (who is sitting behind me while I write this, just to make sure I don?t misquote him), the biggest problem is with Microsoft?s continued use of ActiveX, but that’s by no means the only problem. In fact, it looks as if IE can?t be successfully patched, and what?s needed is a whole new version.

But what are you going to do if you don?t use IE? For most, IE is the default browser; they don?t have another choice that?s easy to implement. Does that mean that you should just grit your teeth and hope for the best? Not necessarily.

There are other browsers out there without IE?s security holes, most notably Mozilla. Getting Mozilla isn?t a problem — just download it from the Web site. The real problem is that you have to be sure that moving to Mozilla doesn?t introduce a new set of problems.

My own experience with Mozilla indicates that it works at least as well as IE and appears to be somewhat faster. I?ve already moved to Mozilla as my default browser because of the security issues with IE. As it happens, I’m also finding that I like it better than IE.

Unfortunately, the only way to know for sure whether Mozilla will work with the apps that require a browser is to test it. Download it to a few machines and see if anything breaks.

Testing Mozilla might be the first step on the path to IE separation, but the journey isn’t over yet. Many companies who run Web sites tend to be kind of lazy and code their sites only for IE, because it?s the dominant browser. Sometimes they take shortcuts that keep other browsers from working properly.

The only way to know for sure if these shortcuts will shortcircuit a non-IE browser is to try potential replacement browsers to see if they work with the Web sites you absolutely depend on. If they do, you won?t need to worry as much about adopting them, although you?ll still have to install the new browser on every machine, and that?s not the world?s easiest task in a large enterprise.

But there?s another task you have to worry about. What are you using for your own Web server? Internet Information Server has its own set of vulnerabilities, after all. And what about the code running on your Web site? Have you avoided those programming practices that will lock your visitors into IE? After all, a lot of companies are now using machines that don?t run Windows (and therefore not IE), and a growing number are trying to avoid IE even if they do run Windows because of the security issues. You don?t want to discourage them from visiting your site, do you? I didn?t think so.

Unfortunately, you can?t drop IE from your Windows machines completely. You still need it for Windows Update alerts. But it is possible to use it sparingly, and until Microsoft issues a new release, that would be a good idea.

http://www.infoworld.com/article/04/07/16/29secadvise_1.html

Worm sleeps to avoid detection

March 8, 2008 – 3:23 PM

The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it.

Atak was first discovered Monday. Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam.

Graham Cluley, senior technology consultant for antivirus company Sophos, said authors of malicious software generally try to make the job of antivirus researchers as difficult as possible by adding confusing code and using evasion techniques.

“Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections,” Cluley said.

Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said that although it is common practice for virus writers to protect their malware, this worm is exceptional.

“It is standard for worms to have layers of encryption–or armoring–to keep out snoopers, but this goes way beyond that. It tries actively to detect if it is being analyzed by antivirus research tools. If it thinks it is being analyzed, it stops running and shuts down,” Hypponen said.

Atak is not thought to be a serious threat. But because of recent detection and in-built protection, the worm’s full functionality has not yet been fully analyzed. However, it is known that the worm contains text that seems to threaten other well-known worms and viruses, such as MyDoom, Bagle and Netsky.

Hypponen said there is a possibility that Atak will try to seek out and destroy “rival” worms.

“We haven’t been able to figure out if Atak tries to disable some of these viruses,” he said. “The message implies it does contain some code that attacks other viruses.”

http://news.com.com/Worm+sleeps+to+avoid+detection/2100-7349_3-5267258.html

Web Sites Still Infected

March 8, 2008 – 3:23 PM

More than 100 Web servers running Microsoft’s Internet Information Services software are still infected with malicious code that was part of a widespread Internet attack, known as Scob, or Download.ject, that began two weeks ago, a security researcher says.

Dan Hubbard director of security and technology research at Websense Inc., a maker of employee Internet management and content protection software, says he spotted the 100-plus sites when the firm conducted its routine study of roughly 24 million Web sites for malicious code and possible Web-based attacks.

The Scob attack first surfaced the week of June 21 when security researchers began warning that thousands of hacked Web sites were infected with malicious software and that those servers placed Web surfers at risk to attack.

It’s widely thought that Russian hackers were behind the attack, which took advantage of unpatched Web servers running Microsoft IIS software version 5.0 as well as several vulnerabilities within Internet Explorer. One of the Internet Explorer vulnerabilities the hackers exploited didn’t have a patch, or a fix, at the time of the attack.

Full Story…