Remote Reboot!

Yes, servers do lock up sometimes! What do you do when it is 11 at night and the server locks up? A simple device from APC saves you a trip to the office to power on and off the server (or router or firewall.) APC's Rack PDU is a rack mountable device that allows you to remotely turn on and off an outlet effectively powering on and off a server. The device has 8 outlets and can be accessed via a web browser, SNMP or Telnet. The device also allows you to delay power up of the equipment so you can choose which devices boot first. The Rack PDU from APC resells for less than $500. If this devices saves you one trip to the office in the middle of the night, it would be worth the price! Installation is simple. Just plug it in and configure the security password and outlet names. Call us if you're interested!

Mike Tanney

Wintertime is Remote Access Time!

Winter in Washington, DC is the best time to think about your remote access needs. End users need a more flexible schedule with children home for the holidays, bad weather restricts driving, and with possibly 5 million visitors coming to DC during the inauguration don’t even think about coming into office on January 20th!

If you run Windows Small Business Server you probably already have some simple yet powerful remote access capabilities through a program called Remote Web Workplace. It allows you to access your email, office PC, and intranet or SharePoint site all remotely. If you are not sure you are taking advantage of this great feature, check with HLP.

When you are ready for more advanced remote desktop capabilities, upgrade to Citrix Access Essentials. Access Essentials, designed for business with up to 75 remote users, delivers secure access to programs and files on your network. Remote users can access assigned programs through a web browser regardless of the age or speed of their home PC. It even works on Macs. All users access a Windows Server rather than individual PCs but are delivered just the applications they need, increasing access speed while keeping your network secure. The solution is faster and has more management capabilities than the basic Windows Terminal Services. And an unsecure home PC can’t infect files on the company server. The price for this software is $249 per user and it includes the Windows Terminal Server Client Access Licenses.

If you want to allow users to work from home, or have an employee that lives far from your main office, these remote access tools allow everyone to access server resources no matter what kind of computer they have. In fact you don’t even need an office, HLP can host these solutions at our hosting facility.

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Malwarebytes - Not just a clever pun!

If you have ever seen a pop up windows on your computer warning that your PC is infected, proceed with caution. You may fall victim to “rogue” security software with names like “Antivirus 2009.” This and other rogue programs are scams to get you to give up your credit card and purchase fake software to remove a virus that doesn’t exist. The software or web site ads try to trick you into thinking your PC is infected and you need to download their program to fix it. Even more insidious, they often take the look of Microsoft’s Security Center to appear “official”.

The good news is you don’t need to be a tech to get rid of these programs. Simply download and run Malwarebytes from www.malwarebytes.org. And yes, it’s free! Malwarebytes is a program designed to get rid of spyware, adware, trojans and other nasty things that infect your PC. The free version is a cleaner only (so it doesn’t include a real time scanner like most common antivirus programs) but does a remarkable job in getting rid of junk off your PC. It takes only a few minutes to download, install, and update the program. Once installed simply run the quick scan first, it will usually remove any malware. If your PC is really in bad shape, run the full scan. The full version of Malwarebytes includes real time protection and scheduled scans and updates. The price for one license is $24.95.

So why didn’t your existing antivirus program catch the “Antivirus 2009” adware? Your antivirus program may not consider that a “virus.” These rogue programs scare you into downloading and installing them while your regular antivirus software believes you are installing a program you actually want. If your antivirus software is not up to date it may not detect these new threats.

As always, if you have any questions, give us a call!

Mike Tanney
HLP Associates, Inc.
www.hlp.net

Microsoft Windows Vista Security "rendered useless."

During the BlackHat security conferences, researchers submitted a report about a fundamental change to the way to attack Microsoft Windows Vista. This report if proved true could alter the security scene for Microsoft's newest operating system.

"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

However further review indicates that this not quite as bad as some have pointed out. It turns out that many of the people citing the Chicken Little attitudes have not actually read the paper presented by the researchers.

While HLP does not believe that this results in a "completely game over" issue, we as always, recognize that security is more than just a single point. It requires "defense in depth" utilizing multiple techniques and programs to assure you of security. This include good hardware, software, security patches, adequate firewalls AND training for the users to reduce potential social engineering exploits.

As always, if you have any questions, please feel free to contact us.


Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

Interactive Guides for Office 2007

We are getting many inquiries on whether those should upgrade to Office 2007. While I won’t discuss the intricacies of deciding that with a simple answer as each client and environment is different, for those that do decide to upgrade there is a slight challenge in the new user interface. The new interface which is called “the ribbon” provides easy access to many advanced features and allows a more logical grouping of functions. Like anything new though, it does take some getting used to.

According to research done by Microsoft, the new interface is much easier for those that have never used Microsoft Office before. It provides a much easier and logical method of finding regular and advanced features. For those of us that are veterans of the older versions, Microsoft realized that there could be a challenge for us learning how to find things in the new programs.

To assist us with the transition, they created some very neat Internet tools that will allow you to easily find the locations of features. Some of these are presentations to present to staff, online interactive training for specific features and functions, and printable reference documents. The one tool though that I think is worth noting are the Interactive Guides. These Flash based web pages provide a representation of the older Microsoft Office programs that you can manipulate. You click on the menus of the older program and the Interactive Guide will tell you where to find it in the new one. If you click on the menu option, the guide will also show you in the Office 2007 product.

These are very cool and kind of fun. Check them out:

http://office.microsoft.com/en-us/training/HA102295841033.aspx

Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

Cisco reports hacker can listen in on Voice over IP phone conversations

Cisco reported a security vulnerability on their IP enabled phone systems. They report it is possible for a hacker to listen in on some of the conversations occuring in Cisco IP phones. The report was issued on November 30th and outlined the problem and the steps necessary for this to occur and some steps to work around the problem.

HLP expects to see more of these kinds of issues along with secuity issues affecting the growing number of smart cell phones and PDAs.

You can read about this issue at: http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html

Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

Hackers can gain access to your computer from Google searches

Sunbelt Software recently announced that many seemingly innocuous search terms may result in Google displaying sites that have malware that can infect your computer.

They reported some results on innocent searches that resulted in high ranking sites that would automatically push malicious software to the user's PC when selected. As always it's important to make sure your computer is up to date with antivirus software.

If you have any questions, please give us a call. Read more at: http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html

Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

Seagate Hard Drives Ship with Virus

Seagate announced last week that an unknown number of it's Maxtor Basics Personal Storage 3200 hard drives have shipped with a virus on them. This virus is primarily designed to steal online game passwords, but still represents a risk to consumers. Seagate is offering a free 60 day trial of an antivirus program that you can download from their website to identify and remove the virus.

You can download the antivirus program from Seagate's website at: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw

This reminds us of the virus that Apple shipped on their video iPod last year (http://www.apple.com/support/windowsvirus.) Remember, even though it's brand new doesn't mean you shouldn't run a virus and spyware check!

Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

Excel 2007 calculation display bug!

Microsoft just announced an issue with Microsoft Excel 2007 that causes incorrect numbers to be displayed in about 12 specific circumstances. These circumstances are a remote, but real possibility for our clients and we wanted to alert you to the problem.

The basic issue, is that it is possible for a calculation that would have resulted in a number around 65,536 to be displayed incorrectly. Microsoft is aware of this issue and has posted information on their Microsoft Excel blog site at: http://blogs.msdn.com/excel/archive/2007/09/25/calculation-issue-update.aspx.

They expect to have a fix and a patch for this very soon. Please note that other versions besides 2007 are not affected by this bug.

Keep your eye out for an Office update to fix this issue or feel free to give us a call.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Office 2003 Service Pack 3 keeps you from opening older files!

If you open up old files often older versions of office (like Word, Powerpoint, or Excel files prior to version 97) or from older programs such as Lotus 1-2-3, Corel Draw the new Service Pack 3 for Office 2003 has just been released and it will keep you from opening these files.

One of the features of this new service pack is the automatic blocking of file types from being opened (or saved) within the program that Office feels is potentially unsafe. While for most of us, this shouldn’t be an issue, we had one client (Thanks Buddy!) report a bug in which he was unable to open any of these types of files even if he used the Microsoft recommended work arounds to allow them.

This was a problem for him as he had quite a few older files that he needed to access. You can find more information at: http://support.microsoft.com/kb/938810/ or feel free to call us.


Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/

HLP's Improved Remote Service Plan

The advent of remote computing technology has really made us much more productive outside of the office. This technology allows us to gain access to our calendar, contacts, E-mail, and files using our laptop or even our cell phones – anywhere at any time.

HLP has also see an increase in the number of service calls that can be solved using this same remote technology by being able to take control of your servers and PCs. We’ve been perfecting several different methods for remote access to make sure we can connect to most environments and PCs no matter where they are located.

One of our newest creations is the ability to take control of your PC (should you provide us permission) no matter where you are – even if you aren’t in your office. This is challenging due to the many different firewall and security configurations that can be encountered especially from the home or while traveling. This cool system requires no special software to have preloaded on your system. If you can connect to our website, then we can connect to your computer!

As such, HLP’s systems are now available and we have the ability to solve many problems much faster than before. Not only are we able to connect and solve them faster than dispatching a technician, but we are able to cut our “minimum” billed time in half! As such, HLP is now able to offer faster remote support for certain problems and only has a 30 minute minimum billing period for any remote support issue. This has the potential to not only reduce your issue response time, but also reduce your cost for support! We hope you like this new service.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

2007 Daylight Savings Time change for Windows

Changes are coming to your clocks! A new law passed that increased the Daylight Savings Time for the United States by a total of four weeks starting in 2007. That isn’t so much a big deal to have the incorrect time your microwave, but if your computer time is wrong you can be late to appointments, have issues with synchronization of data and other weird problems. Since the automatic change of time is “built in” to your Windows operating system, it doesn’t know about the new law and the change of dates for the time.

As such, you must apply a software update to tell your computer the new dates for when Daylight Savings Time is in effect. Microsoft is trying to get the word out that you will need to make an update to your PC and your servers for this to occur. This update varies depending upon what operating system you have, what kind of mobile devices you use, and what kind of services you have running on your server. I’ve listed some important links here for you to get the required patches.

Changes are coming to your clocks! A new law passed that increased the Daylight Savings Time for the United States by a total of four weeks starting in 2007. That isn’t so much a big deal to have the incorrect time your microwave, but if your computer time is wrong you can be late to appointments, have issues with synchronization of data and other weird problems. Since the automatic change of time is “built in” to your Windows operating system, it doesn’t know about the new law and the change of dates for the time.

As such, you must apply a software update to tell your computer the new dates for when Daylight Savings Time is in effect. Microsoft is trying to get the word out that you will need to make an update to your PC and your servers for this to occur. This update varies depending upon what operating system you have, what kind of mobile devices you use, and what kind of services you have running on your server. I’ve listed some important links here for you to get the required patches.

For those with a Windows Server and Exchange Server supported by HLP

You may elect to do the updates yourself; however, we recommend that you have HLP perform these updates. For this to occur, ALL mobile phones and laptops that receive E-mail must be in the office at the same time for the patches to be applied correctly. This is important. To schedule this, please contact our service department at 703-536-8600. You will be charged off your block for these update. We estimate that it will take about two hours assuming you have all of the devices present.

For those without servers, you may want to do the updates yourself. Naturally, we’d be happy to assist you if you would prefer. To help, here are some links:

For Stand Alone PCs running Windows XP (and Server 2003) that do not use Outlook

See: http://support.microsoft.com/kb/931836

For Stand Alone PCs that use Outlook but do not connect to an Exchange Server

See: http://support.microsoft.com/kb/931667/

For Windows Mobile Devices without an Exchange Server

If you have a stand alone PC and a Windows Mobile device (where you do not connect to an Exchange server) you can update your mobile device software directly over the air by pointing your mobile device browser to:
http://microsoft.com/windowsmobile. On this page is a link to download and install the update.

Tons more detail on this subject can be found at:

http://support.microsoft.com/gp/dst_topissues

You may elect to do the updates yourself, however, we recommend that you have HLP perform these updates. For this to occur, ALL mobile phones and laptops that receive E-mail must be in the office at the same time for the patches to be applied correctly. This is important. To schedule this, please contact our service department at 703-536-8600. You will be charged off your block for these update. We estimate that it will take about a two hours assuming you have all of the devices present.

For those without servers, you may want to do the updates yourself. Naturally, we’d be happy to assist you if you’For Stand Alone PCs running Windows XP (and Server 2003) that do not use Outlook

See: http://support.microsoft.com/kb/931836

For Stand Alone PCs that use Outlook but do not connect to an Exchange Server

See: http://support.microsoft.com/kb/931667

For Windows Mobile Devices without an Exchange Server

If you have a stand alone PC and a Windows Mobile device (where you do not connect to an Exchange server) you can update your mobile device software directly over the air by pointing your mobile device browser to:
http://microsoft.com/windowsmobile. On this page is a link to download and install the update.

Tons more detail on this subject can be found at:

http://support.microsoft.com/gp/dst_topissues


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

HLP Now Offers FREE Training!

Really. Starting in 2007, HLP Associates, will offer all of our block and web hosting clients free onsite training. No kidding. Just contact us and we'll put you on the schedule. What's the catch? Well, there aren't many. It is for only 1 hour at a time, only on Microsoft Office products, and no more than six times per year. That's pretty much it.

Why are we doing this? Simple. We want you to be happy. We know that occasionally coming out to see you face to face is a great way to make sure you're happy. However, it is difficult of course to find the time to just meet with us. So, Paula came up with the idea of giving you something that would be a great benefit to make it worth your time.

We've also found that many of the questions that come into our office for support are trying to solve problems that can be done with the software and systems you already own. Providing some free training is a great way to help you be more productive and less frustrated with your computer system!

So, all you have to do is give us a call and we'll get you on the schedule! It's that simple!

Thanks again!

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Help! The Spam is Killing Me!

Is there a perfect ANTI-SPAM solution? Well, no. No system is perfect. Spam will get through and legitimate email will get tagged as junk. But it doesn’t mean you shouldn’t keep fighting! Below are three effective methods for filtering spam. The first is a service, the second is software that runs on your server, and the third is a spam firewall.

There are two general methods when dealing with spam, use a service to filter your mail before it even reaches your network or filter it once it gets to your network. After signing on with a spam filtering service you change the pointer that tells the world where to deliver your E-mail so that mail is first delivered to the filtering service. The service then resends the mail, less the quarantined messages, on to your network.

The biggest advantage of a filtering service is that the junk mail never makes it to your network, so it won’t eat away at disk space, bandwidth or processing power. If 60% of your mail is junk, that’s a lot of time the server spends trying to process it. Much of it in vain, since you’ll receive messages from non-existent users and your server will try to send an undeliverable message back to the non-existent sender.

Filtering services are generally independent of which computer system you run. It doesn’t matter if you have a mail server in your office or if you outsource it. Finally, a filtering service saves you the hassle of updating and maintaining software on your server. You simply pay a monthly fee and the filtering is taken care of. HLP resells a service called Katharion, which filters messages for as little as $1.75 per mailbox per month for 10-24 mailboxes.

The biggest disadvantage is maintaining two separate email lists; one on your in-house server and one at the filtering service. If you are constantly changing employees and creating or deleting E-mail accounts, this may be a hassle. Some other disadvantages will become clear when I discuss an in-house filter, so let’s continue!

Let’s say you prefer controlling your own servers and would rather handle the spam filtering in house. If you are running an Exchange Server, we’ve found GFI MailEssentials a simple inexpensive way to do just that. Since the program runs right on your server, you don’t need to maintain a separate E-mail list for your spam filter, it will use Microsoft’s Active Directory. Another big advantage is GFI’s ability to create a whitelist (or safe senders list) based on E-mails sent. For example, if you send an E-mail to bob@company.com, Bob’s E-mail automatically gets white-listed and will never be tagged as spam (even if Bob tries to sell you on a penny stock scam!)

A little patience is required when you first install GFI’s software. It uses a Bayesian filter to “learn” what is spam and what is not spam, by collecting messages sent by your users (you can also help it along by dropping messages into the legitimate or this is spam box.) After a few weeks the software will know what is spam and what’s not and the Bayesian filtering will start working. GFI’s software starts at only $450 for up to 25 users.

If you still want to control spam in house but don’t want it reaching your mail server, a spam firewall box, such as the one from Barracuda Networks, sits in front of your network to filter spam before it reaches your mail server. This methods still keeps you in control, but takes the load of your server, plus it is OS independent and requires no software modifications on your E-mail server. The Barracuda Spam Firewall is pricier than the GFI software ($3,999 for the 400 model) but less than many other hardware anti-spam solutions on the market. And it is practically plug and play with little management.

Spammers are getting more devious in their sending methods. 63 billion junk messages are sent a day. Your network probably got a few of those. Before your delete key breaks off, consider getting serious about fighting spam by utilizing one of these solutions. If you’d like more information on these or other solutions to your spam, please give us a call today!

Michael Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Are you really backing up your notebook computer?

Admit it. You’d rather loose your wallet than your notebook computer. At least your credit card company will replace your Visa.

But who’s going to replace your data. Of course if you have been backing up your computer, it is less of a problem. You ARE backing up aren’t you? If you’re working on a network computer and saving your data to the server, you can leave the backups to your IT department. However if it’s just you and your laptop against the world, you’ll need to take responsibility for backing up! Here are three simple recommendations for backups.

1. External Hard Drive. Attach a portable external hard drive to your computer via USB (or firewire for Macs.) Maxtor has a line of external drives called OneTouch that enable you to back up you computer with “one touch.” The OneTouch III is about 5 inches by 8 ½ inches and is protected in a hard rubberized chassis. The drives come in a 200, 300 and 500GB capacity. The 200GB drive retails for $189.00. Maxtor also has a OneTouch III mini edition, as you can guess, is much smaller and lighter if you need a portable backup solution. (However they hold less data, 60 or 100GB models.)

Backups can be done with the included Retrospec software and setup to run either automatically or manually using the “one touch” button on the drive. You can also use Windows backup or any other backup software that recognizes external hard drives. Or you can simply drag and drop the files you want backed up to the drive. External hard drives are also a great way to store your overflowing collection of photos or MP3s.

The advantage of this system is it’s cheap, simple, and large enough to backup your entire drive. The disadvantage is you still need to remember to plug the drive in. If you only use your laptop when you are on the road it may not be convenient or light enough to carry the drive around.

2. Off-site backup service. For those who don’t want to think about backup at all, there are now many off-site backup services A typical service will have you install a small software agent on your computer, choose what files to backup and then the agent will automatically backup those files at specified times as long as you are connected to the Internet. Most of the sophisticated backup programs will only backup changes to a file once the initial backup is created which means backup times will usually take a few minutes.

Iron Mountain has a service Connected DataProtector designed to backup an individual PC. Iron Mountain has secure, geographically redundant locations so even though you can’t physically touch your backup, rest assured it’s out there! To retrieve files, use the software provider, or you can access it via a website or even request a CD of your data.

The price for offsite backup starts at $79.95 per year for 250MB of storage and up to 30GB for $799.97 per year. You won’t be able to backup your entire hard drive for that price, so you would need to limit your backups to important data (documents, E-mail, etc.)

3. Synchronizing. If your notebook PC is part of a network, you can use Windows XP to synchronize your local “my documents” directory (or other folders) as well as your Outlook E-mail to the network. You will want to ask your system administrator before you set this up to assure that there is room on the network for your data and that your synchronized data is added to the network backup rotation. The advantage of this system is it relieves you the burden of backing up files. You will also have all your documents whether you are in the office or on the road. The disadvantage is synchronization can be time consuming. This also isn’t a complete hard disk backup.

If you would like more information on these solutions, please give us a call!

Michael Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Yes, you too can work from anywhere!

Remember when your cellular phone looked more like your current laptop bag? Well, now cellular phones are trying to be as productive as your laptop, and software vendors are not letting this technology advancement go to waste. You can now be connected to the office 24 hours a day (that has always been my dream - hahaha). Through a partnership with Microsoft Small Business Server 2003 and a Windows mobile device or other smart phone, you can send and receive E-mail, have wireless calendar and contact synchronization, all without purchasing an additional server or software. Using a website, any size company can cost effectively create a site that is accessible from anywhere, and with almost any device. Microsoft found the need for this sort of web-based collaboration and they designed a product called SharePoint server. Microsoft’s Small Business Server includes this product with a template SharePoint site that allows for document collaboration, document version history, tasks, contact management, and access directly to your computer at work. The small business server product, which also includes Microsoft Exchange, for E-mail and shared calendaring, retails starting at $599. Many application service providers also offer this type of virtual collaboration site payable either monthly or a pay-by-use service.

With the increasing traffic congestion, increasing fuel prices, and the ever-looming terrorist threats in the Washington D.C. area it is counterintuitive that more workers are not taking greater advantage of working virtually. Using instant messaging software and web cameras staff can create virtual meetings, where participants can see and interact with one another. This face-to-face time is extremely important studies have found. Citrix is currently in development of an array of products that will allow collaboration from any device. Through a partnership with IBM, Citrix is developing a continuity plan to help companies work through natural disasters. They are in development of devices that hold critical data on USB tokens designed for any technical level employee to be able to connect and work remotely.

One of the most exciting uses of working virtually is Boeing in the design and development of the new “787 Dreamliner” (the 787 is their vision for the future of aircraft due for release in 2007). Boeing works globally with its staff of 164,000 employees in 67 countries. Imagine the technical constraints in designing an airplane: limited bandwidth, poor quality of service in remote locations, and non-Windows platforms. Citrix collaborated with Boeing to address the main technology barriers and allowed them to develop a new way to work. Boeing works in a 24 by 7 by 365 environment, which must be secure and extremely reliable. Given the current technology concerns of limited bandwidth, and poor quality of service, Citrix working diligently to improve their product and allow Boeing to have access to 3-D graphic rendering. If an airplane can be designed globally, using remote connection software, imagine how productive you can be!

HLP Associates works virtually and we have first had experience on what works well. Not only can we provide you with options, we usually have first hand experience with using the technology.

If you’d like to learn more, give us a call!

Paula Crowell
Service Manager
HLP Associates, Inc.
www.hlp.net

How to Choose the Right PC Components - Part 4 - the Motherboard and Case

In previous posts, we talked about CPU, RAM, Hard Drive, and Optical Drives. So what’s left? Many components that used to be add-ons are now built into the motherboard. Most motherboards come with onboard video, so you typically don’t have a choice of video cards. Happily, unless you are running application that utilizes 3D imaging or playing state of the art video games, the video card included with the system is usually sufficient. Audio is another component typically built onto the motherboard. Again, unless you’re a gamer or plan on working with hi-fi audio, the onboard sound should be sufficient to notify you of mail and play the sound on those You Tube videos.

Also onboard the motherboard is a network controller. You’ll typically see two types: a 10/100Mbits adapter or a Gigabit adapter (10/100/1000MBits.) The gigabit adapter is faster, but you’ll only get that speed if you are connected to a network switch that supports that speed. If you are a home user using the network adapter to connect to a cable or DSL modem, the 10/100Mbits adapter would be sufficient since your broadband Internet connections would never reach those speeds.

Lastly, your computer case or chassis is the home to all these components. You may have a choice of a mid-tower case or a slimline or desktop case. The mid-tower cases are larger and have more room to grow, allowing you to add a number of 5 ¼” external devices, such as a DVD drive or tape drive. A slimline or small form factor case, as the name suggest is smaller and will take up less real estate by your desk. However, you’ll only have room for a single hard drive and one optical drive, so there’s little room for expansion. Another downside to the small form factor cases is they often use slim CD (or DVD) drives, which are more expensive than a normal sized drive.

Beyond the form factor, a chassis also houses the power supply. The standard spec for power supplies is ATX12v which support motherboards of the same style. Since the power supply must be compatible with the motherboard which in tern must be compatible with the CPU, you won’t have much choice in this matter.
Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Windows Vista includes cool new Startup Repair Tool

Microsoft has outlined more new features in the upcoming Windows Vista operating system. One of the nicer ones that we think will be of a great benefit to our clients is some of the automated diagnostic and repair facilities. One of these, is the Startup Repair Tool. Here's Microsoft's outline of this great new feature:

"Windows Vista automatically recovers from many types of failures, including failed services and corrupted system files. Every service has a recovery policy, so if it fails, Windows Vista may be able to restart it automatically. Windows Vista automatically handles dependencies, even non-service dependencies.

Startup problems are some of the most difficult to troubleshoot, because an administrator cannot start the operating system and use the built-in troubleshooting tools. Often, administrators choose to reinstall the operating system rather than attempt to solve the problem — even though the solution might be as simple as replacing a single file.

Windows Vista includes the Startup Repair Tool (SRT) to automatically fix many common problems and enable end-users and IT professionals to quickly
diagnose and repair more complex startup problems. When a boot failure is detected, the system fails over into SRT. Once started, SRT performs diagnostics, including analyzing startup log files, to determine the cause of the startup failure. Once SRT determines the cause of the failure, it attempts to fix the problem automatically. When a boot failure occurs on the main operating system and SRT is unable to resolve it, the system is rolled back to the last known working state. If SRT cannot automatically recover the system, it provides the IT professional with diagnostic information and support options to make troubleshooting easier.

Identifying the source of a problem — even one as simple as a single corrupted file on the hard disk — can consume many hours of an administrator's time. SRT will make these problems easier to solve, saving time and money."

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

New Internet Explorer 7 released

Internet Explorer 7 has been officially released. This important new update to Microsoft's browser will be automatically downloaded to your PC if you have Automatic Updates turned on starting November 1. While you have the option of not installing this update, HLP recommends that you do. I've been using it for quite some time now and it is good. But it is a bit different. I recommend you take the tour of what's new at: http://www.microsoft.com/ie.

This update has additional safety features and some great new features. One of my favorites it he RSS (or Really Simple Syndication) service to get updates to websites and news sites automatically displayed. In fact, our Blog has an RSS news feed that you can pickup with IE 7.

Look for the orange icon on the right side of our blog. This same icon within your IE 7 toolbar will light up whenever you go to a page that has a feed. (Like this one.)

If you're one of our clients and you would like to NOT get the IE7 downloaded to your systems automatically, give us a call. We will install a Microsoft supplied blocker to prevent the installation of IE 7 until you're ready for it.
There is a free blocker toolkit that can be downloaded to prevent the installation of IE7. This can be found at: http://go.microsoft.com/fwlink/?linkid=65788

Technical information on IE can be found on the IE team blog at: http://blogs.msdn.com/ie/

You can download it now at: http://www.microsoft.com/ie

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Test Drive Office 2007 easily without installing software!

The new Microsoft Office 2007 is almost ready for release. This complete overhaul of the Office application suite is sure to be welcomed and cursed by those that use it. While there are new features, the main advantage to the new Office system is the completely different user interface design.

This new design has been extensively researched by usability experts at Microsoft to deliver the ability to more easily use the powerful features that have always been in the software. This new approach to menus and options was designed to “deliver better results faster.” But, it will take a little getting used to.

The new interface is broken down into several new components. The first is called “ribbons.” The ribbon replaces the normal menu and toolbars. The ribbon is an organized set of tabs that are automatically displayed based on what you are currently doing at that moment and what you have selected in your document. According to Microsoft, “the tabs simplify accessing application features because they organize the commands in a way that corresponds directly to the tasks people perform in these applications.”

The next change is the addition of “contextual tabs.” These are tabs that are displayed when certain type objects in the document are being edited. For example, clicking on a chart, will cause a contextual tab to appear with the commands useful for chart editing.

Galleries are throughout all of the Office applications. These provide a set of results to choose from when working on documents, spreadsheets, presentations, or databases. They simply the process of creating professional looking documents.

There are many more changes to the Office 2007. But talking about them isn’t as effective as actually trying them. Microsoft now has a very cool online method of test driving these applications right within your Internet Explorer browser. There’s no software to load, (other than a browser plugin), nothing to purchase, and it’s fast and easy. They even have online lessons you can go through to get the most out of the test drive experience. This is highly recommended for HLP clients since we know many of you will be upgrading to the new Office next year. This is a great “training” environment to get used to the new features!

You can get more information on Office 2007 at:

http://www.microsoft.com/office/preview

You can test drive the new Office 2007 system at:

http://www.microsoft.com/office/preview/beta/testdrive.mspx

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Latest Microsoft Flaw Marked "Critical."

Last week, Microsoft issued a patch for a new Zero Day fix for the “VML” exploit. This was done two weeks before their normal monthly update.

This is rated as “critical” by Microsoft and HLP concurs. There are now thousands of reports of hackers exploiting this flaw in Windows. This could allow a hacker to take complete control over your system without your knowledge.

We've become aware of some users who have not updated their system or installed this patch. HLP highly recommends that all users run Windows Update to make sure that your system has been updated. Go to http://windowsupdate.microsoft.com/ and make sure you have the latest updates. Your computer many already be setup to download and install these updates automatically, however we have found that many users may have the patch downloaded but not installed.


If you see the “Shield” icon on the right side of your task bar, that means you have patches waiting to be installed. Please close your programs, click on this icon and install these patches. You may have to reboot your system.


More information on this vulnerability can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

Naturally, if you have any questions, please contact us.


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Windows Vista will lock you out if you're not legit.

The new Microsoft operating system coming out next year will have a feature to help thwart software piracy. If a legitimate license key is not entered shortly after installation, the system will run in what they call “reduced functionality mode.” This will limit access to the Internet. This system will be part of all future Windows versions according to Cori Hartje, the director of Windows Genuine Software Initiative.

We’ve seen some of this already with the later patches to Windows XP where it may tell you that you’re not running a legitimate copy of Windows. This can occur when a computer consultant or technician uses a different copy of Windows to repair your computer if you’ve lost yours. As many of you know, HLP requires you to have your original CD and license key for us to perform work on your system when it will require reinstallation of critical operating system components.

With Windows Vista coming out our clients are reminded that the operating system CD and license key are critical to the successful operation of the system and repairs that may be necessary in the future. HLP also recommends that your license keys and media be copied and stored off site to aid in disaster recovery efforts.


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

How to Choose the Right PC Components - Part 3 - the Optical Drives

The optical writable drive is now a standard component for most PCs. You have the option of a CD writer or a DVD writer. CD writer or re-writers (also called CDRW drives) burn data and music to CDs up to 700MBs or 80 minutes of music. Depending on the media you use, you can also write and re-write data to the disk, like you can with a floppy drive. (Note this doesn’t work when making a music CD.) A CD Writer also reads CDs.

Similar to CDRW drives, DVD-RW drives allow you to read, write and rewrite data to DVDs, up to 4.7GB. You can also burn up to 2 hours of video on a DVD (but like music CDs you can only write the data once.) On top of that DVD writers can also read DVDs (even your DVD movies), CDs, and write and rewrite CDs, like a CDRW. These drives may be $50 - $100 more than a CDRW.

To complicate matters, there are two DVD writing formats: DVD+R/RW and DVD-R/RW (sometimes you’ll see plus sign on top of the minus in the PCs specs.) There is no single industry standard, but fortunately, there’s no need to determine which format is superior. When you purchase a DVD writer, make sure it supports both. Typically you’ll see it marked as DVD+/-R/RW or you’ll see the plus sign on top of the minus sign, signaling in the specs that the drive supports both formats.

Like hard drives, optical drives can connect to either a SATA channel or an IDE channel. Although SATA optical drives aren’t as prevalent as SATA hard drives, higher end PCs will offer that option especially with the DVD burners (which already cost more.) To keep cost down in a PC you may only see an IDE CD or DVD writer. Eventually the older IDE (also called ATAPI) interface will be phased out.

In Part Four, we’ll discuss the other components of a system.

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

What maintenance does an E-mail server need?

Your E-mail server usually does not get much attention until there is a problem. Some offices institute mailbox size-limits to keep mailboxes within a general recommended size, but often many companies do not. You may have HLP’s bi-weekly or weekly service, and your technician comes out and makes sure that everything is okay. However, what does okay mean? How much mail can the server store? What happens to mail when it is deleted? What happens to a user’s mailbox when it is deleted? Does the server need any special maintenance? These are the common questions that people have about their mail server. We are going to concentrate Microsoft Exchange Server 2000 and Exchange Server 2003 to answer these questions.

Let us start with how an Exchange Server stores mail. The mail is stored in a database, which increases to accommodate the amount of mail; but when you delete a message, the size of the database does not decrease. Therefore, if you delete a user’s mailbox that was 1.5 gigabytes you do not instantly regain that storage space. The space is not available until an on-line defragment occurs. This typically happens automatically on Sunday for most servers. That space also still counts against the total size limit of the database.

Here lies the problem: if you have an Exchange Server Version 2000, your server can hold up to 16 gigabytes of mail. Once the database reaches 16 gigabytes YOUR SERVER, WILL NO LONGER SEND OR RECEIVE MAIL! Therefore, we have a file (the Exchange mail database file) that increases and it also has a size limit -- but it does not decrease! What can we do? Microsoft has a utility that allows you to defragment the database, which will restore it to its actual size, and it is free! With all of that said there is of course a downside; your mail will be down the entire time this process runs, and you need to have double the free disk space available to run the tool. For example if your database is 15 gigabytes then you need 30 gigabytes of free space. HLP offers all of our block customers a free loaner hard-drive for this process if you do not have enough space. The offline defragment usually takes about two and half hours, and this can be performed in the evening, and remotely so that a staff member does not have to stay behind. The defragment is also useful if your backups are starting to run onto two tapes, because it will decrease the amount of data backed up.

If you have an Exchange 2003 server with Service Pack 2, you have 75 gigabytes of mail storage capacity! Although, for backup purposes, you probably do not want to use all of that space, so a defragment can be helpful in this case as well.

Paula Crowell
Service Manager
HLP Associates, Inc.
www.hlp.net

How to Choose the Right PC Components - Part 2 - the Hard Drive

In my previous post I talked about the heart of the PC – the memory and CPU. So let’s jump right in and see what other components are available for your new computer system.

The hard drive is where your documents and programs are stored. The most important spec is the size, usually measured in gigabytes or GBs. (if you come across a drive in megabytes or MBs, run!) The smallest drives available nowadays are 40GBs, which is plenty of space if you plan surfing the web, word processing, and sending e-mails. It’s also a decent size if the PC is part of a network since you will probably be saving most of your work to a server. If you plan on keeping a lot of MP3 music files or pictures on your computer, you’ll definitely want something larger. The jump from 40GB to 160GB is often less than $50.00.

The other specs of the drive describe its interface and speed. This is often what separates the budget PCs from a more expensive model. A SATA drive (or serial ATA) is the standard interface for most business class PCs and it is what you should look for. A budget PC may include a drive with older technology: IDE or EIDE. The only reason to choose this older technology is to get the absolute cheapest PC you can find. You’ll often find a speed rating 7200 rpm or 5600 rpm (revolutions per minute) which relates to the disk platter speed. The higher the number, the faster your drive, and the faster that document will load. (But then we’re talking milliseconds here.) There’s a 10,000 rpm, but for now it’s probably not worth the $100+ for the upgrade.

There are other hard drive technologies: SCSI and SAS, but these are typically used for servers. In Part Three, we'll discuss optical drives.

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Dell Battery Recall

Dell has issued a recall on certain laptop batteries. These may be in the Latitude™, Inspiron™, XPS™, and Precision Mobile Workstation™ models.

According to Dell, “Under rare conditions, it is possible for these batteries to overheat, which could pose a risk of fire.”

Dell is offering a free replacement battery for anyone with a faulty battery.

The following models are affected:
Potentially affected batteries were sold with the following models of Dell notebook computers or separately as secondary batteries:

Latitude™: D410, D500, D505, D510, D520, D600, D610, D620, D800, D810
Inspiron™: 500M, 510M, 600M, 700M, 710M, 6000, 6400, 8500, 8600, 9100, 9200, 9300, 9400, E1505, E1705
Precision™: M20, M60, M70, M90
XPS™: XPS, XPS Gen2, XPS M170, XPS M1710

In addition, these batteries may have also been provided in response to service calls. The batteries were shipped to customers between April 1, 2004 and July 18, 2006. The words "DELL" and "Made in Japan" or "Made in China" or "Battery cell made in Japan, Assembled in China" are printed on the back of the batteries. If your battery does not reflect one of these markings it is not part of this recall.

To properly identify your batteries and to get details on the recall, please visit:

https://www.dellbatteryprogram.com

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

How to Choose the Right PC Components - Part 1 - the CPU and RAM

The CPU is often considered the brains of your PC, since it processes all the data that flies through a computer. To run your Windows OS, there are two brands of CPU available: Intel and AMD. Since Intel has the bulk of the market share out there, and in the interest of keeping this post under control, I’ll just discuss Intel CPUs. (please no hate mail, AMD fans!)

The CPU will normally have a model name and some specs after it. For example, in a typical business class PC you may see Intel Pentium 4 Processor 630 with HT (3.00GHZ, 2M, 800MHz FSB.) Why so much information? To break it down, Intel is the brand, Pentium 4 is the class of CPU, 630 is their model number, and most importantly those last bits of numbers are the specs. Currently Intel offers four classes of processors: on the low end, the Celeron; the mainstream Pentium 4 with HT (hyperthreading); and on the upper end, the Pentium D and Intel’s latest the Core Duo. Ok, there’s more than that, but we’re just considering mainstream desktop computers (not servers or notebooks.)

Intel’s latest technology “dual core” featured in Pentium D and Core Duo chips is like having two chips in one. This is an improvement to their earlier technology hyperthreading (or HT) which split your CPU into two operations (or “threads”). (Try an experiment: open up task manager and choose performance – do you see 2 CPUs listed, even though you only have 1 physical chip? You are using hyper threading. 4 CPUs: dual core.)

After the CPU’s make and model, you’ll typically see some additional specs: the megahertz, the cache and the bus speed. The megahertz is the actually speed of the CPU. However you have to take that number in context. The speed is only in comparison to other CPUs of the same family. The cache is onboard memory on the CPU. Intel’s current high-end CPUs have 2MB of memory. If the price of your PC is really low, you may have a CPU with only 512KB or 256KB of cache. Finally, the front side bus (of FSB) is the rate of transfer between the CPU and the rest of the PC. An Intel CPU will typically have a 533MHz or 800MHz front side bus, the later being a faster bus. If you compare computer systems for sale, a lower priced system (the ones advertised for $499 for example) will usually have the lowest end CPU, the ones with the slowest MHz, 533MHz FSB and only 256MB of cache. If you’re looking for a speedy system, pass these by.

The next item is RAM memory. Typically the type of memory must work with the motherboard and CPU, so once there’s not much room to make changes. The faster memory will only be compatible with the faster CPU. The average purchaser can ignore most of the memory specs (such as DRR2, the memory technology or 533MHz, the bus speed.) The bottom line? Simply look for the amount of megabytes (or MB) – no less than 512MB, 1GB if it’s in your budget. And don’t confuse memory with hard disk space. RAM memory is temporary memory your computer uses while your PC is running, while hard disk memory is permanent storage of documents and programs.

In Part Two of this post I’ll discuss what kind of hard disk to look for and what other options you may want to consider in a PC.

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Windows Server May Not Have an Update Applied

Microsoft has published a bulletin about an automatic update that may not have been applied correctly to Windows Server 2003 systems with Service Pack 1. On July 12th Microsoft published some security updates for vulnerabilities. One of these updates may not apply itself correctly but the server will think that it was. This means that it will not ask for the update again. As such, we recommend that all customers manually go to Windows Update again to rerun the scan to check for updates. You can read more information at: http://support.microsoft.com/kb/917537/en-us

If you'd like us to help you with this, feel free to give us a call.


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

CNet TV Launches

I’m hooked. As part of my job, I must read a huge amount of tech articles and news everyday. I’ve really been happy with the RSS news reader that is built into the new Internet Explorer 7 (www.microsoft.com/ie). This is great to see at a glance when the news sites (such as the HLP blog) get updated, you can easily see that and pull up the new content! But reading stories won’t consistently give you all of the information. Sometimes you just need to see a video of a product. CNet.com which has always had a great tech review and news website. They have for sometime also had short videos on product reviews and news items. But you had to search through the news and review sites to find the videos. Well now they have just launched their Internet TV service which is a fantastic site that combines all of their videos in one spot. This is great! It has a very cool interface with customizable channels. Highly recommended. Check it out at http://www.cnettv.com/

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Small Business Computer Security Check List

Microsoft has published several articles on helping you secure your business and your data. Their 7 Step approach provides a great overview on what you can and should do for your business network and IT infrastructure to help you protect your data and secure your network. For more information, go to: www.microsoft.com/smallbusiness/support/checklist/default.mspx for the 7 Steps. You can download an excellent Computer Security Guide for Small Businesses document at:
www.microsoft.com/smallbusiness/support/security-toolkit-pdf.mspx

HLP's goal has always been helping our clients protect their data. Understanding the threats that can occur to your network is the key to creating a good protection system and environment. Naturally, you may call us anytime with questions on helping keep your network, data, and business safe.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Confirmed Vulnerabilities in Microsoft PowerPoint

Microsoft has published a new security advisory for PowerPoint. This advisory states that it is possible for a hacker to gain complete control of your system if they were to send you a malformed PowerPoint presentation. There is currently no fix for this at the moment. Microsoft expects to have a solution soon. In the meantime as always do not open any attachments that from someone you do not know and you are not expecting.

You can review the details at: http://www.microsoft.com/technet/security/advisory/922970.mspx


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

New Excel Vulnerability

A new and as of yet unpatched security hole in Microsoft's Excel program has been exploited. Receiving a malicious Excel spreadsheet attachment. Naturally, you should never open any attachments from anyone you don't know. Even then, you should be expecting the specific attachment. Currently Microsoft has tested this vulnerability on Excel 2003, Excel XP, Excel 2000, Excel 2004 for the Mac, Excel v X for the Mac, and the Excel Viewer. There are several workarounds that can be employed.

Details can be found at: http://www.microsoft.com/technet/security/advisory/921365.mspx

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Attacks targeting unpatched computers

Microsoft released over 21 security updates on June 13th. The day after that, many hackers starting posting detailed instructions on how to break into systems that haven't yet applied those updates. It is important that you apply all security updates from Microsoft or call us to make sure that they get done. All but two of these 21 updates were for vulnerabilities that would allow a hacker to take control over your system.

According to Microsoft, "the exploit code does not affect users who have installed all June security updates."


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Huge vulnerability in Windows 98 and ME not to be fixed

For those of you still running Windows 98 or Windows ME, Microsoft has confirmed last week that it will not fix a security vulnerability in your operating system. This critical vulnerability for all versions of Windows was detailed in April. Since then, all versions have been patched except Windows 98 and ME. Microsoft has determined that it is not possible to fix the vulnerability in Windows 98 or ME without possibly breaking the entire system so that software won’t run properly.

As such they are leaving this huge vulnerability unpatched and recommending that you place your Windows 98 behind a firewall (software firewalls are OK) or upgrade to Windows XP. For more details, see:

http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx

So, if you're still running an older operating system it's important to make sure you're behind a firewall or you should upgrade if possible.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Undo for your whole computer!

Shhh! don’t tell Derek I’m giving away the secrets.

Do you ever wish there was an undo button for your entire computer like there is in word. I hear people say all the time “My computer was working perfectly yesterday and today it won’t…..” Well I am hear to tell you that there is an “Undo” button for the computer called System Restore but it doesn’t quite do what you might think. Say you saved an important file to your C: drive yesterday (which I know that you wouldn’t because for most people the c: drive does not get backed up) and then you deleted it today. System Restore would not help us here. However, if you installed a new program and your Word or Excel now freezes every time you open it, then this is good job for System Restore. System Restore is located Under, All programs > Accessories > System Tools, and it allows you to choose a date to restore your computer to. It is very important to know that while System Restore may seem like the magic wand to solve all of your computer problems; there are some cautions.

1. System Restore doesn’t change data- this could be good or bad. Good because you will not loose data, and Bad because it will not restore any data.
2. System Restore will restore your computer to the exact time you picked, so if you have uninstalled a program or made any changes you want to keep on your computer you should be careful to choose a restore point that is after that time. If on Monday the 10th you installed Word 2003 and on Tuesday the 18th you install Adobe, but now you are having trouble with Office and want to go back to before you installed Word on the 10th, beware that you will loose Adobe as well if you choose a restore point from the 9th.
3. System Restore could restore a virus. Before you remove a virus, you should turn off System Restore that why you cannot accidentally restore your computer to the time when you had a virus.
4. Have fun, system restore also has an option for “undo my last restore”

For more information on System Restore, please go to http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

Paula Crowell
Service Manager
HLP Associates, Inc.
www.hlp.net

Disaster Recovery for your Exchange E-mail

Just when you thought Microsoft had run out of ways to win your business, they introduce Exchange Hosted Services. These services range from spam filtering, to archiving, to hosted continuity. I’m discussing hosted continuity here, because it’s a unique service that solves a problem that in the past many small businesses thought was simply a fact of life when it comes to technology.

Let’s face it. You’ve grown accustomed to E-mail and your organization can’t live without it. You don’t want to think about it but someday your E-mail may go down. Sure you’ve got redundant hard drives, multiple backups, and plenty of security but there are so many other factors that could cause your server to go down from theft, to fire, to Internet access failure that are out of your control. Microsoft’s Exchange Hosted Continuity is a way to provide continuous access to E-mail for your users even when the server is down.

It works by making a copy of any incoming and outgoing E-mails and storing them in an offsite messages store for 30 days. If your system is down, you simply connect to the off-site website to retrieve your E-mails. What's better, your E-mail continues to come in to this backup server - all automatically! You never lose any incoming E-mail!

And you can retrieve your E-mail from anywhere. There’s no additional hardware or software needed for this service!

So how much does the service cost? The price is $2.50 per user per month with a minimum of three years. You can purchase as few as 5 user license.

Unfortunately the service doesn’t yet replicate public folders or calendars yet, but Microsoft claims they are working on that for a later release. Also, you can’t sign up just a few mailboxes, you need to purchase the service for everyone with an Exchange mailbox in your organization (from the president down to the interns.)

So if your organization can’t function without your E-mail for even a day, Exchange Hosted Continuity may be your answer. For more information give us a call or go to
http://www.microsoft.com/exchange/services/continuity.mspx

For more information on all of Microsoft’s Exchange Hosted Services see:
http://www.microsoft.com/exchange/services/default.mspx

Mike Tanney
Product Manager
HLP Associates, Inc.
www.hlp.net

Is it time to go to Pass Phrases instead of Passwords?

According to most authorities, your passwords are the key to accessing a huge portion of your personal information. Today, so many of us have so much stuff online that keeping track of our passwords isn't easy. This has caused many of us to use passwords that aren't as secure as they should be. With the wave of hackers making easy entry into sites it is ever more important to make sure your passwords are kept secure.

The best way to do this is to first make your password longer (we recommend 15 characters or greater) and make sure it contains symbols, upper and lowercase letters, an numbers. Of course, I know what you're saying. How can you possibly remember such a password? Yeah, I agree. The solution is a pass phrase. This is where you take a phrase and use it as your password (spaces and all). An example would be: Joshua plays #7 in football

This phrase is easy to remember (assuming you know someone named Joshua) and easy to type. It also has a mix of lowercase, uppercase, symbols, numbers, and is long. Another benefit of phrases is that for most of us, it is easy to come up with new ones as we go through our daily lives. This allows us to change our passwords often and still remember them. Oh yeah, there's really nothing wrong with writing your password down on a piece of paper next to your desk. In most of our client offices, there isn't much worry about the person in the next cube getting your password; it's really for the external hacker. But naturally if your position requires your stuff to be secure from your coworkers, obviously a post-it note on your monitor may not be a good choice!

There is a lot more you can do with your passwords, but we recommend you change to a pass phrase environment. HLP can assist you with enforcing these changes so that your users are required to make the change. I've included some links below to read about secure passwords, pass phrases, and there's even a link to a password checker that will show whether or not your password meets the test of being difficult to "hack."

Some links for further reading.

Help product personal information with strong passwords
Are smart cards a new way of life?
The Great Debates: Pass Phrases vs. Passwords
Check the strength of your passwords online


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

P.S. Update to this post. Today, we were contacted by a client to test access to a secured area of their website. We were able to gain access relatively quickly. How did we do it? We guessed their password on the second try. Don't you think you should change your passwords today?

Microsoft announced date for patch release of critical Word vulnerability

Microsoft has disclosed that the fix for the Word virus circulating won't be available until June 13, 2006. HLP recommends that you apply the fix immediately when it's available. The issue is that a maclious attacker could create a Word document (or Excel spreadsheet) and send it through E-mail (or be sent by a user you trust from a virus on their PC) that contains an executable virus. Typically you cannot get viruses from documents. However in this case, a program could be embedded in the Word document and allow your PC to be open for further attacks, allow a hacker to take full control of your PC, etc.

HLP recommends you do not open any documents from those that you don't know and trust and that you aren't expecting. The only work around is to run Word in "safe mode" and not open documents directly from Outlook or other E-mail program. The full details of the vulnerability as well as the work arounds can be found at: http://www.microsoft.com/technet/security/advisory/919637.mspx. As always, HLP would be happy to assist you with this or any other questions you may have.

Microsoft Security Advisory

Vulnerability in Word Could Allow Remote Code Execution
Published: May 22, 2006

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.

Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Microsoft has shipped their new PC security software suite

Microsoft announced today the availability of the new Windows Live OneCare security solution. This new Microsoft software system combines the features that all of our PCs need:

1. Antivirus software
2. Antispyware software
3. Comprehensive firewall protection
4. Data backup and restore
5. Performance tune up software

This software suite has been available for some time in Beta form for a couple of months now. It has several advantages over current software from McAfee or Symantec. The main one is it is less expensive. The Microsoft software is $50 per year for up to three PCs. If you have more than one PC then this is real savings. It also keeps you from having to upgrade the subscriptions on those three PCs separately. The other major advantage is that it includes free 24/7 technical support for the program and virus/spyware issues.

The program doesn't currently work on servers, but is definitely something to consider for your individual PCs. Give us a call if you're interested.

Derek Rowan
President
HLP Associates, Inc.
www.hlp.net

Welcome to the HLP Blog

The HLP blog is designed to be a simple and easy way to provide news and information to our clients. This blog will be updated several times per month with news, security information, and tips to assist you in getting the most out of your computer and networking systems. We'll also be posting our Tech Tips Radio podcasts to listen to.

Naturally, if you have any questions, feel free to contact us at www.hlp.net/contactus.aspx.

Thanks!


Derek Rowan
President
HLP Associates, Inc.
www.hlp.net