Maybe We Should Not Judge A Book By Its Cover, But What About Judging Manufacturers By Their Websites?

Monday 1st December 2008

This is not as simplistic a question as might at first appear.

There are those who believe that the Internet is able to be "all things to all men".  On the other hand, there are those who take the view that it is actually more a case of "Jack of all trades and master of none".  Both sides have a point, but neither is entirely accurate.  Certainly, the Internet can be an excellent source of knowledge and entertainment, as well as providing communication facilities in the form of email and Instant Messaging.  It also provides an easy way for operating systems and user applications to update themselves, often automatically, without the attendant cumbersome task of distributing and loading physical media such as CD or DVD disks.  On the other hand, it is built on a set of protocols which were originally developed for the United States Military at the height of the Cold War.  In those days, the requirement was for a network which could continue to function even in the event of a thermonuclear war.  Naturally enough, such considerations do not normally weigh too heavily on the mind of modern civilian users.  What started out as the ARPANET, a restricted-access network linking a relatively small number of military computers, has now become a world-wide network to which practically any computer
less than 10 years old may be connected with little difficulty.  Security, therefore, is very much a bolt-on extra - after all, it was hardly necessary when only restricted military computers could access each other.  Similarly, some hardware manufacturers try to be "all things to all men", with massive web sites which include everything they imagine anyone could ever want in connection with their products.  Some even include content whose relevance is best tenuous, but has been included because "it might increase the level of return visits" or "it might increase brand awareness".  Such websites tend to be confusing, hard to navigate and ugly.  Worst of all, their on-page "Search" facilities usually produce a vast slew of results or else almost
none, neither of which is particularly helpful.

There is nothing wrong with a massive website.  Indeed, for some manufacturers it is absolutely essential.  However, some manufacturers fail to appreciate that the "Inverse Square" law of magnetism also applies to websites.  In the same way as the strength of a magnetic field halves when the distance between two magnets is doubled, so doubling the size of a website can easily halve its ease-of-use and general value as a resource.  Unlike the physical world, however, this degradation can be overcome with careful design and planning.

As a shining example of the high standard that can be achieved, consider IBM (http://www.ibm.com).  It has often been said that "Noone ever got fired for buying IBM". Their products are not normally the cheapest and are often eye-wateringly expensive by comparison with their competitors.  However, their quality is not in question.  This is
borne out by the IBM website, which is an excellent example of how to avoid the "Jack of all trades" syndrome.  For example, imagine that it is necessary to identify a particular ServeRAID adapter without first fitting it into a server or PC.  This could be challenging in the extreme, except that this equipment is made by IBM.  Enter the string "ServeRAID" into the search box on the main page.  This will generate almost 50,000 results, all relating to IBM's long-established range of high-quality RAID adapters.  Such a massive set of results could be daunting, but not here.  Near the search box, IBM has thoughtfully
provided additional search facilities, among them "Search elsewhere", which offers the option of a Google-based search.  Selecting this option brings up a Google search page, complete with an appropriate search string and results.  There, near the top of the first page, is a link to the relevant IBM Redbook entry which begins "Have you ever picked up an adapter that you know is a ServeRAID adapter, but do not know which model?".  Clicking on the link brings up colour photographs and summary information on the entire range, even including the earliest models, which were introduced as far back as 1996. As well as
documentation, links are included to drivers and other essentials.

Many manufacturers regard none of their products over 5 years old as being worthy of a mention on their website.  The clear implication in such cases is that their dubious quality means that they will all have long since been scrapped, so there is no point in wasting website space on them.  In the case of IBM, however, the clear implication is precisely the opposite - it is quite likely that some of even the earliest models are still working quietly away, while many of the models from 2000 or so are undoubtedly still in active service.

As a general guide, then, a good indication of the quality of hardware may be obtained from the manufacturer's website:
 
Is it easy-to-use and attractively laid-out?
Is it comprehensive?
Does it provide accurate, detailed information and drivers for current equipment?
Does it provide accurate, detailed information and drivers for older equipment?

If it does not, then perhaps the quality merits closer investigation - unless, of course, the circumstances are such that, provided the price is sufficiently low, then the quality (or lack of it) does not really matter........

SPAM - What The Spammers Don't Want You To Know

Monday 24th November 2008

Surely spam is merely a nuisance, rather like junk mail, right?

Wrong!

Email servers around the world are groaning under the weight of the endless torrent of rubbish being sent out.  By comparison with viruses and scumware, spam emails may seem to be little more than a nuisance, somewhat like junk mail.  This is most certainly not the case!  At the very least, they consume bandwidth while they are being downloaded, they clog up servers and waste users' time while they try to sift through their bulging mailboxes.  Many spam emails attempt to entice the recipient to
visit certain web sites, in order to persuade him to purchase products of dubious value.  The latest estimates suggest that 3 out of every 4 emails are actually spam.  Thanks to the weak security policies in force on most home computers worldwide, many are infected with viruses and trojans, as well as the many other forms of scumware.  This makes it easy for spammers to control these machines for their own nefarious purposes.

A conventional direct mailer considers that he has half-won the battle if he can entice the recipient to open the envelope, rather than immediately throwing it in the wastebasket.  Designers of envelopes for junk mail, therefore, deliberately make them appear to be interesting - to excite the natural curiosity of the recipient.  Similarly, the spammer has already half-won the battle if he can persuade the recipient to open the email.  Although the spammer cannot display images in the subject line, he can use intriguing straplines such as "Free degree for you" or "Cheap Viagra".  Such subject lines may or may not bear any relation to the actual contents of the email, which may merely comprise innocent advertising material for the spammer's products with no criminal intent.  On many occasions, however, the contents will be far from innocent.  A typical exploit may include hyperlinks of the "Click here to see nude pictures of....." variety, which actually install viruses or trojans.  Thesse may be used to allow the spammer to take control of the PC and thus send out even more spam, or to obtain details of Bank accounts and other confidentioal information held on the PC.  Another popular trick is the email claiming to be from a Bank requesting that the recipient "Reconfirm their account details....".  This is the well-known "phishing" attack, where the hapless recipient
clicks on the hyperlink and is taken to a fake of a well-known Bank's website, with the intention that he or she enters their account details and password.  The information thus gleaned is used to empty the Bank account concerned.    
  
On the positive side, it is not too difficult to avoid becoming easy prey for spammers.

1) Never, ever, click on a hyperlink in an email, even if it appears to have been sent by a trusted source - this information is all-too-easy for spammers to fake.

2) Never even open an email if its subject is of the "Too good to be true" variety.  As Trading Standards Departments say, "If it sounds to be good to be true - it probably is!"

3) Never attempt to "unsubscribe" from a mailing list unless it is a known and trusted one.  Spammers often kindly offer an invitation to unsubscribe from their lists, but attempting to do so will merely let the spammers know that they have found a gullible recipient.  This is exactly what he wants, so he will therefore send you even greater quantities of spam.

4) Use an email client which has effective built-in spam filtering.  One of the most effective of all is Mozilla Thunderbird, which is available at no charge from http://www.mozilla-europe.org/en/products/thunderbird.  Using its Bayesian spam filtering algorithm, it learns to detect spam with unbelievable accuracy at an amazing rate - typically, it will achieve near-100% accuracy within a week.  It is so effective that one might almost begin to feel sorry for the poor spammers who try to beat it.

5) The final weapons in the security armoury are a good firewall, a good antivirus program and two complementary scumware detection programs.  Suitable programs for this task, all of which are free, are Zone Alarm by ZoneLabs, AVG AntiVirus by Grisoft, AdAware 2008 by Lavasoft and Spybot S&D by Safer Networking Ltd.  Be aware, however, that since there are a number of similarly-named applications which are themselves viruses and scumware, these applications should be downloaded only from known,
trusted sources.  In addition, they must be run regularly and kept up-to-date.  After all, an out-of-date antivirus program is worse than no antivirus program at all, as it lulls the user into a false sense of security.  The classic example of this trap was the antivirus program bundled with Windows 3.11, which was hopelessly out-of-date even before it was released.       

SPAM - Why Is There So Much Of This Rubbish Around?

Monday 17th November 2008

Unfortunately, for the hapless recipients at least, it is unbelievably cheap to send - and the potential benefit to the spammer is huge.

A "traditional" direct mailer will normally regard his campaign as successful if he receives more than one response from every hundred or so mailshots he sends out.  On the other hand, a spammer will be satisfied with only one response for every thousand of his emails.  How can he possibly operate with such a low success rate?  The answer lies in the sheer quantity of spam he sends.  Unlike "traditional" direct mailers, who might send out 30,000 letters or so, a typical spammer will send out hundreds of thousands, or even millions, of emails.  Unlike traditional mailshots, emails are extremely cheap and easy to send using automated processes.

Spammers are rather clever people and do not normally use their own servers and internet facilities.  There are several good reasons for this.  One is that it makes it much more dificult to trace them and then take steps to have them closed down.  Another reason is the same technique used by the cuckoo.  Apart from their distinctive "cuck-oo" call, these birds are well-known for their nesting policies.  The European Cuckoo does not build its own nest, nor does it even hatch or rear its own chicks.  Yet it is a common British bird and is not on any ""At Risk" register.  How, then, can it possibly survive?  The answer is, as many people learned at school, that it uses another, usually smaller, bird's nest.  What happens is that the cuckoo lays its egg in the unwitting host's nest, among the other eggs already laid by the host.  The cuckoo's egg hatches slightly sooner and grows more quickly than the host's chicks, so it is soon able to heave them out of the nest, to their certain death.  The host bird will continue to raise the cuckoo chick in blissful ignorance of the true situation.  Eventually the cuckoo chick reaches adulthood and flies away, ready to repeat the cycle next year.  For the spammer, a further benefit of using other people's systems is that there may well be additional information which he can use for criminal purposes.  At the very least, he will be able to harvest email addresses from the host systems' email addressbooks, as well as the hosts' own email addresses.  These latter addresses are particularly valuable, because the spammer can use them as the sender's address.  Since this will, of course, be known to the people in the host's address book, such email has a far greater chance of being opened than email from an unknown sender.

Corporate email systems are usually capable of intercepting and destroying a good proportion of incoming spam.  In addition, corporate PC's are usually well-protected against infestation by viruses and trojans, thus rendering them of only limited value to spammers.  Unfortunately, the same is not true of most home PC's.  As a result, criminals have been able to create vast "botnets", some comprising hundreds of thousands of infected computers.  The viruses and trojans running on these "zombie" machines enable them to be controlled centrally, which makes it possible for them to be rented out to spammers by the botnet's controllers.  They are then used to spew huge quantities of spam.  Since many home computers are left permanently powered-on and connected to an ADSL line, they can spew out vast quantities of spam 24 hours a day.  The owner may notice that his machine is not quite as fast as once it was, but he will probably either blame Windows or think that it only appears slower because the latest hardware is so much faster.  Wrong, just like the unfortunate bird which unwittingly raises a cuckoo chick!

SPAM - The Curse Of Email Inboxes Everywhere

Monday 10th November 2008

Must we really continue suffering from this never-ending torrent of rubbish?

Almost everyone would agree that email is one of the great benefits of the modern Internet.  Equally, almost everyone would agree that "spam" is one of the great curses of the modern Internet.  What, then, defines "spam"?  The generally-accepted definition is that is email which is both unsolicited and unwanted, rather like the "junk mail" we all receive regularly at home, delivered either by the postman or one of the many leaflet distributors.  However, that is where the similarities end.

There are a number of techniques for dealing with paper-based junk mail.  Simply throwing it in the dustbin or the recycling box can be somewhat satisfying, but it does little to reduce the problem.  However, there are other weapons which are much more effective.

Firstly, sign up to the Mailing Preference Service.  Contrary to what its name suggests, this Government-sponsored organisation exists in order to make it easy for us to opt-out from direct mailshot campaigns.  Although signing-up will not achieve perfect results, it really does make a considerable difference.

It is also worthwhile marking junk mail as "Gone Away" or "Not Known at This Address", then posting it back unopened.  A variation on this technique is to open the mailshot, but then to mark the letter inside as "Gone Away" or "Not Known at This Address" and post it back in the prepaid envelope which the sender has so kindly supplied.  As a bonus, this provides the additional satisfaction of knowing that the sender will have wasted their postage in both directions, as well as wasting their staff's time dealing with the returned envelope.  After all, they will certainly open it as it is probably a reply from a potential customer (or not, in this case!).  This is particularly effective, since the larger direct mail companies subscribe to ACORN (A Classification of Residential Neighborhoods) lists.  These companies will feed back seemingly-obsolete addresses to the list's owner, in order that it may be refined and thus made more useful.

Unfortunately, using these techniques for dealing with "spam" emails will only make matters much, much worse.

Ordinary, paper-based junk mail is delivered by humans.  Therefore, slight inaccuracies in the recipient's name and address do not usually cause any problems.  Indeed, some junk mail uses a general name for the recipient such as "The Occupier" or "The Pizza Lover".  The most extreme junk mail bears no name or address at all, simply being delivered to every house in a selected area.  Mail sent to a given postal address will be delivered correctly, whether it is addressed to "Mr A Browne", "Mr A Brown" or even "Mr Abrowne".  Email, however, requires absolute accuracy, since every single character in an email address must be correct for it to reach its destination and not simply be discarded as "Undeliverable".

Since emails will normally include the address of the sender, one of the best ways to build accurate lists of email addresses is to entice the recipient to reply.  Spammers, therefore, make this really easy.  Rather than expecting people to use the "Reply" button, they will often very thoughtfully provide an "Unsubscribe" link in the body of their emails.  Far from unsubscribing the hapless recipient, this announces to the spammer that the email has reached a valid address and, even better, that there is probably a naive human behind it.  What better target could there possibly be for yet more spam?  A similar effect occurs when the spammer has set the automatic "Notify the sender when this email is opened" feature.  Once again, allowing such a notification to be sent will magnify the problem.

How, then, can inboxes be protected from the ever-mounting deluge of spam?  There are basically two rules to follow.
1) Never, ever click on "Unsubscribe" links, even if the email appears to be from a known, trusted sender.  Spammers will often falsify the visible parts of emails to conceal their true identity.  Instead, either block the senders outright or set your email client filters to send their emails direct to the wastebasket without acknowledgement of receipt.  This may not stop the spam being sent, but at least it will no longer waste your time.
2) When you are asked for an email address by an untrusted or unknown site, use a "disposable" one.  Such a service is available, completely free, from Mailinator - and it really does work.  Just fill in the form with any Mailinator email address you like.  For example, you could use "spamalot.here@mailinator.com".  Next, browse to the Mailinator website at http://www.mailinator.com and see what rubbish has been sent.  It is completely anonymous and absolutely invaluable for dealing with those irritating websites which insist on registration with a valid email address before they will allow access to a particular page or download, etc.  They do this, of course, because it is an excellent way of obtaining targets for spam emails.  Sadly, they do not take into account the annoyance which this dubious practice causes to their visitors.....