BOSTON (05/31/2000) - USA Group's Hamed Omar remembers when it was relatively easy to protect enterprise computers against viruses. "In the early '90s, viruses spread from machine to machine by 'sneakernet'--the manual exchange of files," says the senior vice president of information technology at USA Group, a student loan guarantor. "Now, viruses can spread in a heartbeat via the internet as an e-mail attachment and can be a real problem to guard against and eliminate."
Much like 486 processors and Windows 3.1, easily eradicated viruses have faded into history. As the third millennium dawns, new network-aware viruses possess the ability to wreak widespread and nearly instantaneous damage on internet-linked PCs and servers.
Hackers create next-generation viruses for just one purpose--destruction--says Samir Bhavnani, a research analyst at Computer Economics Inc., a Carlsbad, California-based technology market research company. "Viruses are no longer simply the minor annoyances they were a few years ago. Now they can verge on the catastrophic." Computer Economics estimates that virus attacks racked up more than $12.1 billion in damages to businesses during 1999, including loss of productivity because of PC and network downtime. "Corporations cannot afford to play Russian roulette with professional virus writers," says Bhavnani.
RETURN TO SENDER A new virus threat materialized last year with the arrival of the Melissa and ExplorerZip viruses. Melissa surfaced in the spring, sneaking onto PCs as an e-mail message with an attached list of pornographic websites.
When users opened the file, the virus would strike. When a user attempted to send from an infected machine any Word document as an e-mail attachment using Microsoft Outlook, the message would automatically send itself to the first 50 addresses in the client's address book--bogging down networks and servers with errant messages. ExplorerZip arrived a few weeks after Melissa and was even more destructive. This malicious code ordered the infected PC to respond automatically to incoming messages with an attached file that, when opened, deleted data in Microsoft Word, Excel, PowerPoint and other files. It was "purely evil," says Bhavnani.
Jeffrey Baker, manager of system services at Melbourne, Florida-based communications equipment manufacturer Harris Corp., learned the hard way about the headaches a virus attack can inflict upon an organization. During last year's initial Melissa outbreak, he spent a very long weekend tending to Harris's crippled enterprise e-mail system.
Baker became aware of the virus attack one Friday evening as he was heading to dinner with several coworkers. "Our pagers went off, telling us that we had an important message from [virus scanner vendor] Network Associates," he recalls.
Once back at the office, Baker discovered that all 30 of Harris's mail servers had been victimized. "At its height, we had over 50,000 copies of the virus inside our Microsoft Exchange environment." At the time, Harris had no virus protection installed on its e-mail servers, opting instead for less secure client-based solutions.
Baker and his team detached the servers from the internet and spent frantic hours installing new server-based virus scanners and clearing existing infected files. By Monday morning, he was able to reconnect the servers--and then he watched as thousands of Melissa-infected files tried, and failed, to enter the company's systems. "All in all, you could say it was a very challenging experience and a heck of an interesting weekend," says Baker.
Melissa and ExplorerZip, along with the other network-aware viruses that followed in their wake, were a wake-up call to the IT community, says Bhavnani.
"Organizations started to realize the severity and the malicious intent of most computer viruses." But recognizing the threat and dealing with it in a sensible manner are two different things, says Charles Rutstein, a senior analyst in the e-business infrastructure group of Cambridge, Massachusetts-based Forrester Research. "Despite the increased awareness, most CIOs only act after there's been a widespread infection," Rutstein says. "Then they overcompensate by buying a tremendous amount of new software and support." The more intelligent approach, claims Rutstein, is to tackle the problem systematically. "To deal with viruses you must understand the threat, design a rapid response, integrate the response into your existing security infrastructure, train your staff and then hope for the best."
KNOW YOUR ENEMY The first step toward managing viruses is to understand the people who create and unleash them, says Narender Mangalam, director of security strategy for Islandia, New York-based enterprise management software vendor Computer Associates International Inc. He notes that many CIOs mistakenly believe that only attention-starved kids create viruses. Although not widely publicized, an increasing number of virus attacks have been traced back to sources ranging from competitors to disgruntled employees to international terrorists, says Mangalam. "You have a lot of situations where there is malice involved, and it's not merely 16-year-olds sending out stuff."
Computer Economics's Bhavnani agrees, "This form of economic terrorism is one of the easiest ways to disrupt a corporation."
Once you realize the danger, you need to act. A rapid response is essential to stopping network-aware viruses before they can inflict widespread damage, says Vincent Weafer, director of the Symantec Corp. AntiVirus Research Center in Santa Monica, California. "Vendors must quickly identify viruses, generate new updates and distribute them to customers," he says. "The customers, in turn, make sure that the updates are distributed across their networks."
DODGING THE BULLET USA Group's Omar says a rapid response strategy has helped his company avoid a major virus outbreak. The Indianapolis-based company has installed Computer Associates' Unicenter TNG Advanced AntiVirus Option on each of its PCs. Whenever a user signs onto a PC, the software automatically installs the latest antivirus codes, then seeks out and treats any suspicious files. But even that level of protection proved insufficient, says Omar. "An idle PC can receive an e-mail overnight, and until the user signs on, the virus can stay active in the system all night long." While the security gap didn't cause any major problems, the potential for a major virus outbreak worried Omar and his staff.
To secure the breach, USA Group implemented Computer Associates' Unicenter TNG Asset Management Option. The software allows Omar's staff to centrally manage files across all enterprise PCs. As soon as they discover a virus-contaminated file, staff members treat it universally or quickly delete it from every company PC. "Even though we cannot protect ourselves 100 percent from being affected, we have a very quick resolution time," says Omar.
ROOM FOR IMPROVEMENT As viruses become more sophisticated, CIOs need to view their protection strategies as coordinated network security efforts. Sarah Gordon, an IBM Research data security analyst, recommends deploying an integrated solution that involves installing antivirus software on all enterprise platforms, including servers, desktops and key access points such as internet gateways. "You also need intrusions-detection software to ensure that once there is an intrusion you can stop it," she says.
New tools aren't the only approach, however. Strengthened staff training can also help reduce the risk of a virus outbreak. Simple things, such as not downloading unnecessary files from the internet, not opening executable files sent via e-mail and not frequenting pornographic and other shady websites, can greatly reduce an organization's virus exposure, says Computer Economics' Bhavnani.
MAGIC DENIED A day may come when viruses are virtually unknown, thanks to widespread, high-quality security systems. Computer Associates' Mangalam says he hopes that a standards-based approach to virus security, in which the internet's core structure contains basic safeguards, could make life more difficult, if not impossible, for virus authors. But CIOs hoping for the imminent arrival of such a magic bullet are setting themselves up for disappointment. "Right now, air-tight security combined with nonstop vigilance offers the best--and really the only--protection," Mangalam warns. --John EdwardsJohn Edwards is a freelance technology writer based in Gilbert, Arizona. He can be reached at firstname.lastname@example.org.
CHASING CONTRACTORS Independent contractors can ease a short-term staffing crunch or give you the temporary expertise you need for a special project. But finding qualified contractors can be a time-consuming ordeal. San Rafael, California-based icPlanet Corp. tries to simplify the process by providing online access to information about thousands of independent contractors throughout the United States. Choose the type of contractor you need (software development, systems administration, internet development and so on), then set required availability dates, location, degree achieved and other options. Start the search, and icPlanet returns a list of contractors that includes names, years of experience and a link to a more detailed rsum. The site also features resources to help you write a contract and avoid IRS entanglements over who's a contractor and who's an employee. Best of all, the service is currently free (pricing will be announced later). For more information, visit www.icplanet.com.
SAFE AND SECURE If the security--or lack thereof--of your average e-mail message keeps you up at night, perhaps it's time for a new client. Global Market's recently released 1on1Lite Version 3.1 secure e-mail system provides security features, such as automatic encryption, tracking and delivery confirmation, and even a self-destruct mechanism that lets you destroy an already-sent message after a certain time or on command, should you fear the information might be compromised. The product ranges from a free "lite" version to a $300 "commerce" edition capable of dealing with enterprise-size volumes of e-mail. For more information, visit www.1on1mail.com.
THE SEARCH IS OVER If customers can't find what they need on your website, they'll look elsewhere. But some search engine solutions can be difficult to implement, while others offer few features. Searchbutton.com in Mountain View, California, attempts to avoid both those problems. According to the company, Searchbutton 2.0 lets you quickly integrate its search engine into your site with little or no programming. You can then customize the product's look and feel to match your site, view online activity reports to see what customers are looking for--and what they're not finding--and request reindexing on the fly to guarantee that visitors search the most current information. Pricing starts at $39.95 a month. For more information, visit www.searchbutton .com or call 650 947-8310.
FAST FIREWALL Gigabit ethernet holds tremendous promise--the promise that valuable corporate data could be stolen from your company faster than ever if you don't have the proper security systems in place. To fill the void, NetScreen Technologies recently introduced the NetScreen-1000 Gigabit Security System. The device supports a variety of security features, including stateful packet inspection, TCP/IP header parsing and network address translation, as well as providing for gigabit vir-tual private networking (VPN). According to the company, a fully configured system can handle 500,000 concurrent sessions and 25,000 IPSec tunnels. NetScreen-1000 pricing starts at $109,000. For more information, visit www.netscreen.com or call 408 330-7800.
MOVE YOUR MAIL Buried in e-mail? You're not alone. Mail servers come under more strain today than ever before. Part of the problem is attachments.
Business-related or not, millions of messages flow across the internet weighed down with pictures, documents, programs, music files and more. Often, these attachments are dozens of times larger than the message that contains them--bulky fodder to fill server disks. Mountain View, California-based Veritas Software's new product, Remote Storage for Microsoft Exchange--when used in conjunction with the company's Backup Exec archiving tool--can automatically move aging attachments to another storage device, such as a tape drive, while still providing users with access to the files. Pricing starts at $4,995 for existing Backup Exec users. For more information, visit www.veritas.com or call 650 335-8000.
IN THE CARDS PC card readers for desktop computers are nothing new, but many of the devices are single-slot, external units optimized for reading images from a digital camera. Sunnyvale, California-based Actiontec Technologies' PC750 Card Reader offers more flexibility. The device mounts in a 3.5-inch drive bay and connects to your system via a PCI card, ensuring faster transfer rates than external readers typically do. The dual-slot drive supports PCMCIA Type I, II and III cards, letting you use hard disk drives, Flash memory cards, security cards and more. You can also add and remove cards without having to shut down or reboot the system. The reader retails for $149.95. For more information, visit www.actiontec.com or call 800 797-7001.
REVISIT POS SCANNERS SCANNERS GET PERSONAL Point-of-sale systems do more than just track inventory By fred hapgood The gold standard for personalized marketing was set a hundred years ago. Back then a storekeeper knew his stock by heart, kept all his prices in his head and could direct a customer's attention in real-time across a succession of products while talking with the person about his children, the weather and the harvest. As new retail models have steadily taken us further from these old-time storekeepers, vendors have looked back and wished they could reestablish that intimate connection with their customers.
In the mid-1980s, several companies claimed that they could recapture a bit of this relationship using point-of-sale (POS) scanner data. POS scanners were nothing new, but most companies had used the devices simply for pricing and inventory control. The vendors claimed they could do much more, such as exploiting the scanner data to track product sales and market share, identify trends and evaluate marketing campaigns. Although the process didn't promise to bring back the old days, it certainly was a step in the right direction.
In November 1990 we ran an article evaluating the technology. The story was generally positive, agreeing that POS data had a long list of potential applications. But there was a shadow over the concept: In retail environments, POS scanners could generate astronomical amounts of data--a million new records per day or more. Moving, storing and processing this huge volume demanded technology unavailable to most companies. (The title of the article, "Drowning in Data," reflected that concern.) As a result, vendors pruned back the applications. They transmitted data in summary form, for instance--though analysis still took days to complete.
Designers were also unable to combine data streams or add extra computational routines, such as better error checking. The consequence, according to Frank Malta of IBM's Business Intelligence Services, was that for all their promise, the return on investment for these systems was marginal in practice.
During the last 10 years, however, the tide of computational power, called Moore's Law (which, roughly translated, states that computing power will double every 12 to 18 months), rose until it lifted even the worst POS resource hogs out of the mud. About two or three years ago, recalls Malcolm Fowler, vice president at Ernex Marketing Technologies, POS scanner data applications crossed a subtle point of viability, and a wave of products appeared to try to deliver on the potential of earlier claims.
Ernex, for instance, routinely builds systems that can manipulate POS data quickly enough to calculate unique promotions while customers wait to have their orders rung up. For example, the technology can now look for products missing from one order that tend to appear in other, similar orders: milk, eggs and cereal, but no bacon, for instance. (The process is called "basket analysis," for obvious reasons.) On the assumption that all these items belong together, the seller can immediately remind the customer about the missing item ("How about some bacon?") and perhaps even offer a special price--all calculated on the spot.
Faster processors also allow POS data to integrate with other data streams, such as purchase history based on a customer club-card number as well as data from websites, kiosks or call-in centers. The latest products also permit much more elaborate forms of analysis. IBM's Malta claims that that company now uses artificial learning and reasoning algorithms, such as neural nets and genetic algorithms, to process POS data.
Bigger hard disks let users store the raw data without averaging or aggregating it, which allows data mining down to the customer level. "We can ask questions like 'Tell me the preferred colors of our top 10 customers,'" says Tom Camps, vice president of market strategies at Cognos, a manufacturer of business intelligence tools. "Or show me all the people who buy the same things as this specific person." Meanwhile, faster networks can push the data into more departments and to more business partners, such as suppliers.
In some cases this data even doubles back and revisits its origin: the customer. Image Info Software, based in New York City, sells POS analysis tools to clothing designer showrooms. According to Craig Schlossberg, vice president of software at Image Info, buyers need to customize their orders on such measures as styles, colors, fabrics, top/bottom and woven/knit ratios. Image Info aggregates POS data from several dozen showrooms so that the company's clients can see exactly what they--and their competitors--are buying.
It's enough to make even that old-time storekeeper jealous.
PREDICTIONS E-COMMERCE SOFTWARE E-COMMERCE SOFTWARE EXPLOSION Get ready to open your wallet. According to a recent Forrester Research report, spending on e-commerce software will jump from just over $3 billion in 1999 to more than $14.5 billion in 2003.
The reason? Rapidly increasing pressure to quickly become players in the "e-conomy" will force companies to seek out prepackaged solutions rather than take the time and effort to code their own software. The buying boom won't take long to ramp up either. According to the report by Analyst Eric Schmitt, IT spending on e-commerce software will increase by 72 percent this year alone as companies devote a larger part of their IT budgets to software licensing.
E-commerce software providers who want to dip into that new money may need to change their ways of doing business, however. According to Forrester, many users complain that current products are difficult to integrate or fail to properly follow standards. To remedy the situation, Forrester predicts that software vendors will divide into two types: those who create open-standards-based platforms and those who offer components that integrate into those platforms.
This new model will also help IT executives shift their focus from simply getting sites up quickly, to creating long-term, maintainable sites with enough built-in flexibility to adapt to changing requirements--a critical feature in the still-nascent internet market. -Christopher Lindquist UNDER DEVELOPMENT FLAT-PANEL SCREENS PINT-SIZE POWER SUPPLIES Laptops, PDAs and other portable computers continue to get thinner and lighter, but a new twist on old technology may soon give them a chance to slim down even more.
The electromechanical transformers that currently power flat-panel displays are big and heavy, says Kenji Uchino, a professor of electrical engineering and materials at Penn State University and a member of the school's materials research laboratory. The devices use a pair of bulky wire coils to increase low battery voltages to the higher levels required by the screens. Those coils add weight and size to portables, but that's not the only problem: The units also produce magnetic fields that, without shielding, would wipe the data off floppy disks and hard drives.
Uchino hopes that vendors will eventually replace these electronic monsters with a new type of thumbnail-size ceramic piezoelectric transformer (about one-tenth the size and weight of traditional transformers) that he recently developed with fellow Penn State researchers.
Transformers are critical for portables because their flat-panel screens require more energy than any other component. While most portable computers run on 12-volt batteries, a transformer must produce 500 volts to turn on a screen's backlight and then maintain a steady 250 to 300 volts to keep it lit.
In the past, however, attempts at shrinking transformers also reduced their efficiency. But even very small piezoelectric transformers, which use oscillating ceramic crystals to step up voltage, can operate at full efficiency. The new transformers offer more than a 90 percent boost in efficiency, along with higher reliability and no need for shielding, compared to electromagnetic transformers.
Uchino's circular device also marks an improvement over rectangular piezoelectric transformers, which were widely used in color TVs until they were abandoned several years ago because of excessive heat generation and physical fragility problems. Uchino's version generates no heat and is much more durable: Its disklike shape resists fracturing at major stress points.
"Piezoelectric transformers are not only more efficient, smaller and lighter, but they are also much less expensive to manufacture than conventional coil-wound transformers," says Uchino. The new transformer will sell for about 10 to 40 cents, although required support circuitry will drive the total manufacturing cost to approximately $1 to $3. Regardless, that's a bargain compared with electromagnetic transformers, which typically cost more than twice as much to make.
Penn State is looking to license the technology to component vendors that supply manufacturers of notebook PCs and other flat-panel-equipped devices.
According to Uchino, the transformers could go into production shortly after any deal occurs. -John Edwards