Archive

Archive for the ‘Illegal media’ Category

IT – How Pennywise Would’ve Done It

Screaming like a little girl

Screaming like a little girl

Warning: some material may not be suitable for unqualified IT professionals. Some IT pros may be easily scared by the following scenario. Viewer discretion is advised.

Sometimes you walk into a new client’s site, and are amazed by what you see! I have walked into sites where everything is like a bright, sunny day; but I have also walked into some and it was like walking into a horror movie. Unfortunately, I see more bloodcurdling IT infrastructure than I’d like to. Here’s a classic that Hitchcock could have used:

Before we get into the scary details, this client is an awesome company and they are doing great work in the community; and I am very humbled and honored to be a part of their team. The first time I walked in was because the “server” wouldn’t work. (This situation was the basis of my Microsoft Technet blog post, “My IT Guy was Hit By a Bus“). Needless to say, their IT guy went missing. Locals say he was last seen walking into the fog.

What I saw scared me. I wasn’t just a little worried, I was terrified of their setup; and if I were religious, I would have said a prayer.

Their “server”, which was hosting the shared files for the 10 employees, was a homemade box (nothing wrong with this) with a mysterious copy of Windows Server 2003 installed, but not configured for server use. What made me panic like a little girl watching The Shining (with the lights off), was that all their data was stored on a portable USB drive, with a Post-It note, just barely hanging on (much like a severed limb), reading, “Do not ever remove”. Yes, you read that right! All the data was on a USB drive. Talk about a cold sweat. To ensure that nothing would happen to their data, I hunted for a backup. Go ahead, guess what I found. If you guessed “no backup,” you would be correct. This went from The Shining scary to The Exorcist scary.

By following the steps below, you are guaranteed to have a haunted server, and risk data death; and you’ll be playing the lead role in your own horror movie.

1. Server-rated hardware is overrated, just grab the first desktop you can get your bloody hands on.

2. We can always revive your hardware with electrocution, don’t bother with backup strategies.

3. Mirrored drives (and RAID) are only good for funhouses. Make sure to exclude them from your server.

4. Proper licensing is scary (it really is). Avoid it entirely! You don’t need that in your life.

5. Only hire the undead, and unqualified, IT professionals.

For the client in this situation, we immediately ordered new server hardware with a proper and current server operating system. Until the new system was in place, I manually backed up their data weekly to ensure that if the USB drive was ever possessed, we had a backup of their data.

Both the client and I sleep better at night knowing that they now have the proper safeguards in place. Your IT infrastructure should never look like it was put together by Hannibal Lecter. If opening the server closet is scarier than being slashed through a shower curtain, please have your qualified IT professional come in and rescue you from the horror of it all!

Can you find all the scary references? And which movie scares you the most?

PS: I love scary movies, but seriously, your technical infrastructure should not be a scene out of one.

How To Avoid Suspicious Software

My post sold software you did not pay for, generated the question from several people “how do I avoid getting into the situation in the first place?”  Here are 6 quick tips to protect both you and your data from potential fraud:

1.  Be aware of the “Awesome Deal” A software/hardware deal that sounds too good to be true probably is.  For example: a desktop computer (depending on hardware) with a Windows 7 operating system from Future Shop starts at around $500, and this is without MS Office.  Office 2010 Home and Business is another $350.  Getting the whole package at $350 would be more than a clearance sale.

2.  Purchase from authorized dealers When purchasing software, ensure you or your IT support are purchasing from authorized dealers, whether it’s Microsoft, Adobe, Future Shop, etc.

3.  Always ask for proof of purchase If your IT support is purchasing the software on your behalf, make sure you have a copy of the official receipt from the vendor.  This will ensure that if you ever have an issue with the software, you are entitled to software support.

4.  Always ask for the product or license key Ensure you have the appropriate product or license key (i.e. Microsoft sticker on the side of the computer, a license key within the packaging, an official document from the vendor, etc.).  You should have a valid product and/or license key for each copy of software that you have purchased.  If your IT support purchased the software on your behalf, they should be providing you with proper documentation from the vendor with the product or license key.  Again, this ensures that you can contact the vendor for support if required.

5.  Purchase currently supported software Your brand-new system should have current software.  For example: a system purchased in 2012 should come with Microsoft Office 2010 (the latest release is Office 2010).

6.  Purchase the correct edition for your needs A small business with less than 25 desktop systems would not need Enterprise Edition, designed for environments with 250+ desktops.  A better solution would be Windows Small Business Server Essentials for Windows Server Standard.

These 6 guidelines will help you avoid potential scams and ensure that both you and your data are protected. Have you ever felt unsure about your software?

Did You Get What You Paid For?

I recently received a call from a small business that needed to replace a failed hard drive in their server.  Sure, this can be easily done, we just need to put a new hard drive in and reload the operating system (luckily, they had all their data backed up).  “Do you have all the license keys for your operating system?” I asked.  The dreaded “oh no” intake of air, and then, “No, should we?”  It turned out that their original server had been installed by their IT Professional, who installed an operating system that the customer didn’t own.  Not only were they unable to work, but they now had to purchase software they thought they already bought.

Over the years, I have come across many small businesses that unknowingly had less-than-legal software installed.  Their IT Professional installed and configured the software they assumed they owned, but in reality, wasn’t legitimately purchased in the first place.

Yes, licensing costs money, and I know we all want to save a few bucks wherever possible, but choosing to install software that is illegitimate is not only wrong (not to mention illegal), but it can cost you additional money in the long run.  You are also putting your data at risk if you choose to go down this path.

It is one thing to ask your IT Pro to install illegal software, but it is quite another when your trusted IT “Professional” installs illegal software for a business without their clients knowing they have done so.  See “IT Pros and Questionable Media”

You trust your IT Pro to do what is right and legal.  But if you put too much blind trust into him or her, you could be setting yourself up for a nasty surprise.

Your IT Professional should be using legitimate applications and leaving you all the valid license keys and software.

Some indications that your software may not be above board:

  1. Your IT Professional does not leave you any recognized documentation
  2. Your hardware does not have a valid Microsoft license key sticker on the case (there are some exceptions to this rule)
  3. The software is more than a few years old (i.e. your new server came with Windows Server 2003 Enterprise edition)
  4. The deal on your new system was a steal (no pun intended)

Using illegal software can cause many issues including:

  1. You will not receive any necessary vendor support
  2. You may not be able to download the updates to keep your system and data safe
  3. You may not be able to take advantage of special upgrade pricing
  4. You will not be able to reactivate the software if it requires re-installation

Things you can do to prevent this from happening:

  1. Hire reputable IT Professionals who will not install unauthorized software – if your IT Pro is Microsoft-certified, installing illegal software voids their Microsoft contracts
  2. Insist all documentation, license keys, and serial numbers are left with you
  3. Purchase equipment from trustworthy computer sales establishments

If you do find out you have illegal software:

  1. Purchase a valid license for the software
  2. Remove the software from your systems

If the cost of licensing is a barrier to entry, there are many excellent open source alternatives you can use until software and proper licensing is in your budget.  Your reputable IT Pro can help you choose the solutions that are best for you and your company.

If you discovered your systems had illegal software, what would you do?

Categories: Illegal media

Are You A Prisoner To Your Tech Support?

It’s Monday morning and you come into the office to discover that your network is down for unknown reasons.  You call your IT Professional, only to find out that he/she has been in a serious accident and is in critical condition.  You quickly Google for another “tech” in the area, and call and explain the situation to him/her.  As each moment passes, you are unable to do your job.  Later that day, you see your “geek angel” in the front lobby and you are immediately relieved knowing your problem is going to be fixed.  He/she takes a look at your infrastructure, and tries to access some resources.  He/she suspects it’s a problem on the server, and needs an account with administrative privilege to resolve the issue.  You look at the specialist, and with a sinking feeling, you realize that you don’t have passwords, account information, or any other useful documentations, and the situation quickly goes from bad to worse.

Those of you who know me will hear me refer to the “hit by the bus file”.  This is a file, paper or electronic that documents your entire IT implementation.  Consider this…one day you need IT support and you call your “IT guy” and find out he was crossing the road and was hit by a bus.  You now have to bring in someone else who has never seen your systems or implementation before, and this new person will have to figure out how your tech fits together before he/she can even start to assist you.  He/she can’t start to take anything apart to troubleshoot if they don’t know how to put it back together again for your implementation.  It’s very much like a completed puzzle.  You can see how all the pieces fit together, but without the picture on the box to refer to, the puzzle may not easily go back together again if some of the pieces need to be modified.

Your IT support person is also not un-replaceable.  Any person who holds your IT structure to themselves is (in my opinion) either selfish, lazy, or is hiding something.  Yes, this may sound harsh, but in my experience, it almost always comes down to one of these three factors.

1. Selfish – they want to feel like they are a key element of your companys structure.  You and your data are now hostage of your IT support.

2. Lazy – they don’t want to take the time to document your structure.  This should be part of the contract, and a professional will always include this.

3. Hiding Something – they might not use legitimate/legal software and this could be their way to hide it (follow-up post to come).

You are now at the mercy of whoever holds your information.  You are trapped.

As a small business owner, you need to be responsible for both your data and network.

Your trustworthy IT Professional should be leaving you:

  1. All usernames and passwords for all equipment
  2. A list of all service providers, including ISPs, and any hosting service
  3. A backup number to call
  4. A network schematic
  5. Documentation for custom application
  6. A list and location of all software installers
  7. Backup procedures
  8. Router configuration

This file should be updated whenever there is a change to the infrastructure.  For example, you change your ISP, or add a new file server.  As someone trying to help you, there is nothing more frustrating than realizing the documentation you have is not accurate.

Keeping your documentation current and accurate is critical in protecting your data. If your IT specialist (either on contract or on payroll) does not provide this information, you are at risk of becoming a “prisoner”.  Take the case of Terry Childs, the network administrator for the city of San Francisco.  He refused to give up the administrative passwords to his supervisors, and it cost the city almost $900,000 USD to regain control of their own network.  This is an extreme case, but it demonstrates what can and has happened.

What is the cost of your systems being unusable?  What if those systems are down for an extended period of time?  What would it cost for someone to have to figure it all out before fixing it?

If you don’t have current IT documentation, call your IT Specialist and ask, or if need be, demand that this documentation is updated or created.  Don’t be held captive by your IT support.

Image courtesy of worradmu / FreeDigitalPhotos.net

You Posted “What” on Facebook?

I heard about an interesting story at a large Canadian company last week, which demonstrates the need to be aware of what you are posting online.

First, a little background:

Bob (obviously not his real name) worked for a large Canadian company.  Bob had been there for a few years as a help desk technician. He was moved into this position because of some work he done while working in another part of the company.

A few years back, it was discovered while Bob was on night shift, he was downloading movies and other material.  He was given a warning and he signed an agreement stating he would never do it again, and if he did, he would be terminated.  Now we both know that if he had kept his promise, this post would not be happening 🙂

Recently, the networks at the head office were experiencing some serious lag during specific hours.  It was determined the systems in Bobs cubicle were causing the issue.  Bob came to work one morning and was immediately escorted to a private office, and then off the property.  He did not have the opportunity to go to his cubicle.  His systems were sent to IT for investigation, and it was determined he was back to downloading movies and other items again.  This was not the odd movie here or there (not that makes it any better) but Gigs upon Gigs of data.  He was terminated.

This should be the end of the story (again); another employee is terminated for abusing the network policy at the office.  It happens all the time.  Bob then decided Facebook would be the ideal spot to plead his case.  His first status update after being escorted off the property, but prior to termination, stated that he had learned his lesson, and that he formatted all his hard drives at home and deleted all the material he had illegally downloaded.  He said that realized the error of his ways and would never do this again.  This post was set to “friends only”.  Bobs circle of friends included co-workers.  Again, this story should have ended here, but then Bob was terminated and again Bob took to Facebook to express his frustrations. His next post claimed someone at the office was using his systems and his credentials to access the company network to download material.  He also stated his supervisor knew this was the situation.  Bob named his supervisor and the company in this post.  This post was for friends only.  It set off a chain reaction.  The supervisor was told of this post, by Bob’s Facebook friends.  Trust me, his supervisor was not a happy camper.  The supervisor now had to defend his position and actions.  He took the post to management.  Management then pulled in the company legal department to manage it because the company had been named in the Facebook post, and a supervisor had been implicated in the status update.  Next, the RCMP (Royal Canadian Mounted Police, Canadas equivalent to the FBI) was notified because not only was Bob downloading copyrighted material, but he was also distributing it.  It was not just movies, but also software, music, and games using the company network.

I am guessing Bob thought that just because his Facebook posts were to friends, that he was safe.  He was wrong.

Moral of the story:  If you wouldn’t advertise it, don’t post it online.

Categories: Illegal media

IT Pros and Questionable Media

Every IT Pro is asked to “share” music, movies, or software with a friend or a client. You may think that this is suitable service, but it is absolutely inappropriate. Whether you are asking for free software and/or licenses, illegal downloads, or not reporting prohibited material on your system, it is never acceptable. I have outlined three typical scenarios I have come across over the last 15 years.

  • Free software or licences

Sometimes we are asked to “lend” a license key, or provide a piece of software for any amount of time. We cannot offer copies of Microsoft Office, XP, Windows 7, or any paid software for that matter, even on a temporary basis. When we provide non-purchased software or operating systems, we are violating the ULAs (User License Agreements) of the vendor. Providing free software can jeopardize our standings with our authorized partners. These same companies can take hold of our industry certifications and/or terminate our partnership agreements. Possible legal action could even take place.

If money is an issue, there are many great open source alternatives to commercial versions of software, or operating systems. Osalt.com is an excellent provider for a variety of these programs.

  • Asking your IT Pro to download software or media for you

Yes, we are fully capable of obtaining various media, but we face the same consequences as providing “borrowed” software or licenses. In addition, our ISP could terminate our Internet access. Most of us would not jeopardize our careers by downloading pirated media for ourselves, let alone for a client, or a friend.

  • Reporting of illegal or prohibited material

As ethical IT Pros, if we come across material on your system that violates company policy, or is illegal, we are obligated to report it. We have heard “I don`t know how (fill in the blank) got on my system” a thousand times. It is one thing to be overwhelmed with inappropriate pop ups, but it is another to have intentionally installed illegal software, or other material on your system. Most IT Pros can guess if an ad was accidently clicked on, causing pop-ups; versus illegally downloaded media.

By asking your IT Pro to do any of the above, you are jeopardizing your IT Pros career. When your IT Pro does not download the latest unreleased movie for you, do not take it personally. We are protecting our careers and reputation. Please do not ask us.

Categories: Illegal media
%d bloggers like this: