Welcome to Working Nets Tech Thoughts!

For more information about our company, please see our main website at www.workingnets.com.

To schedule a Free I.T. Consultation in the Greater Baltimore area, please use our Contact Us page, or phone us at
(443) 992-7394

Monday, May 11, 2009

Adobe Acrobat Vulnerabilities

In the last couple of weeks, Adobe has acknowledged a number of vulnerabilities in their Acrobat products, including a "Zero Day Exploit" (which means exploit code was found "in the wild" before the vulnerability was even known by the Security Community), all involving their use of JavaScript. (See this link for more details.)

What is JavaScript? Well, it's a scripting language... essentially a relatively light programming language. It's used in many web sites, and web-based applications.

But Acrobat is supposed to be a "cross-platform" document format, meaning that the same document can be displayed, and printed, in the same way, regardless of what computer you're using. Windows, Mac, Linux - it doesn't matter.

So why do we need JavaScript in an Acrobat Document?

Frankly, I'm not really sure that we do. It certainly doesn't enhance the ability to use the basic functionality for which it was designed: Creating and reading documents.

At this point, Adobe, and other Security professionals are recommending that you just turn it off. Here's how to do it (at least on Windows systems, but other platforms should be similar):
  1. Open Adobe Acrobat or Acrobat Reader.
  2. Click the Edit menu item.
  3. Click the Preferences menu item.
  4. In the Categories box, along the left side, look for JavaScript, and select it.
  5. Uncheck the Enable Acrobat JavaScript checkbox.
  6. Click OK.
That's it. You can now close Acrobat, or use it for reading documents. Whatever you want.

The Internet's a bit like the Wild Wild West. There are great opportunities out there, but it can be a dangerous place. As Michael Conrad's character used to say after his daily briefings, in the old Hill Street Blues series, "Let's be careful out there..."

Thursday, May 7, 2009

Disaster Preparedness

Disaster Recovery Planning has developed into an industry unto itself. There are firms that specialize in this, providing comprehensive planning systems, often costing tens or hundreds of thousands of dollars. If you're a large enough enterprise, they're worth every penny.

But there's a lot that a small business can do to help prepare for a business disruption too. Obviously, insurance is an important component, but insurance isn't going to prevent your customers from finding other vendors, while you're trying to get things up and running again. No, I don't sell insurance, but if you need some, I know a guy...

The point is, you want to get as much of your business back up, as quickly as possible - even if it means getting a couple of computers set up in your living room for a few weeks.

Redundancy is the key!

The more redundant your systems, the less you will suffer, within reason. That's the idea behind data backups, but there are other things you will need "backed up," besides your data itself.

Here is a short list of things you can do that will greatly decrease the time you'll need to bring your computerized systems back quickly:
  • If you have applications that run your business - even if it's just Microsoft Office - be sure to have copies of the CDs and, if possible, the documentation stored somewhere offsite.

  • Have a list of all your critical system passwords stored in at least two locations: one onsite, and one offsite. Restoring your data doesn't help you, if you can't log into the computer. This list doesn't have to be computerized, by the way. It does, however, have to be a "living document," in that, when you change the information, all copies get updated. And of course, you'll want all copies to be secured.

  • Where possible, use automation to alert you when your critical systems go down. No one really wants a text message at 2:30am, but believe me - you'd rather know than not.

  • Document everything! This is an important one, so let me repeat it: DOCUMENT EVERYTHING!!! (How's that for being redundant?) Pretend you had to bring in someone new to get your computers up and running again, and he knows nothing whatsoever about your business. He'll need all the information we've mentioned above, as well as:
    • Your restore procedures, including how to get to the backup software and media, as well as any documentation he might need to operate it.
    • Vendor information, including account numbers and system credentials (username/password), as well as a list of the software you're using.

  • Do periodic run-throughs of your recovery procedures. This will help identify anything you've left out of your plans, and keep everyone familiar with them.

A basic Disaster Recovery Planning worksheet is available at our website. Click here to get it.

We all hope never to suffer a business disaster, but it happens. As they say in the Boy Scouts, be prepared.

How Often Do You Backup?

"How often do you backup your data?" is a question I very often ask small business owners. Now, I'll admit that, as pickup lines go, that's an odd one. But for business owners, there aren't very many questions more important than that. Almost all businesses today rely on computer data to run their business. Whether it's their Quickbooks files, or those contracts, proposals, or other work-product they've been working on for weeks, that data represents the core of their businesses.

So it might be surprising to learn that, while 85% of computer users say that they're concerned about the prospect of losing their data, only 25% actually do regular backups! That's a scary thought, because some 70% of small firms that experience a major data loss are gone within a year.

Here are some questions to think about for your business:
  • How often do you backup your data?
  • Where do you back it up to?
  • Do you keep the backup media somewhere near your computer, where it can get destroyed by the same catastrophe that wiped out your computer in the first place?
And here's one that even those who backup regularly tend not to consider properly:
  • How often do you test your restores? (Hint: The time to test them is not when you've suffered a data loss, and need to get your data back now!)