My RAID Rules

RTA Information Technology, Tempe, AZ

RAID arrays (Redundant Array of Inexpensive Drives) are being used by more home PC users than ever. Many want to speed their hard drive performance. This means RAID 0 (striping). Others want to keep their data safe using mirrored drives (RAID 1). No matter which you choose, consider my four RAID rules.

MY RAID RULES:

1) RAID, no matter WHAT kind of RAID array, is NOT a substitute for backups. If you don't want to lose your data, make a BACKUP. Preferably on tape or removable hard drive, where it can be kept safe and away from your computer. Even mirrored RAID drives don't protect against user error, accidental overwrites, accidental deletion, malicious deletion, drive controller failure, worms, viruses, trojans, fire, theft, or flood.

2) RAID arrays of all types are subject to hardware and user mistakes that can cause data loss. RAID arrays ARE COMPLEX and things can go wrong. See 1), above.

3) RAID 1 (mirroring) is easy to use and is the SAFEST RAID array. It's the least storage-efficient array, but has some big ease-of-use advantages. One advantage is you can pull one of the drives and have an instant full backup of your drive. But, see 1) above. People have lost ALL their data on a RAID 1, mirrored, array.

4) RAID 0 (striping) is MUCH more likely to lose data than any other RAID array. Let me put it bluntly:
A RAID 0 array is a disaster waiting to happen.
As long as you realize this and keep ongoing backups, then use RAID 0 if it suits you. See 1), above.

-----------------------------------------------------------------------
Summary Rule:
If you care about your data, have a backup plan. RAID 0, RAID 1, RAID 5, or no RAID at all, it makes no difference.

Stop BadWare! New International Group to Fight Spyware.

RTA Information Technology, Tempe, Arizona

The new Stop Badware Coalition, http://stopbadware.org , is a group of companies dedicated to exposing the damage that spyware and adware distributors cause our economy and the IT industry. Harvard Law's Berkman Center for Internet and Society, Oxford's Internet Institute, and Consumer Reports' WebWatch Project sponsor the group, along with Google, Sun, and Lenovo.

The group's web site opened for business on Wednesday, January 25, 2006. It already has forms for submitting user and technical reports of malware attacks. Such infestations reportedly cost home computer owners billions of dollars each year.

As an IT consultant, I see the effects of these attacks constantly. As the malware has become more clever, I see even experienced users hit. The recent WMF exploit for Windows XP and the Sony DRM Rootkit showed that uninvited software can invade a wide audience.

I'm dismayed by the destruction that malware causes. I estimate that roughly half of home PCs have a spyware or adware infection of some sort. Pick up a newspaper and you'll read of disgusted computer users giving up and buying new computers to fix PCs ground to a near-halt by spyware. But, alas, a month later, that shiny new PC is infected, too.....

Malware is becoming an albatross around Microsoft's neck. I see more Linux promoters than ever, correctly pointing out that Linux has had few malware attacks. This isn't because Linux is bug free or necessarily more secure. In fact, until recently, it was pretty easy to leave security holes in a default Linux installation. But Windows is such a big target, it's tempting for everyone to try to hit it first. Microsoft's Internet Explorer browser and Outlook email client have been other victims of their own popularity.

I haven't yet explored Vista's claim of enhanced security. I have my fingers crossed. And Microsoft's direct involvement in the Anti-Spyware and Anti-Virus market are, I think, signs of Microsoft's concern for the damage being done to its reputation by the ongoing deluge of malware.

StopBadware.org intends to publicize the existence of, the creators of, and the people who profit from malware. By doing so, StopBadware will, no doubt, be the target of numerous lawsuits.

Hang tight, guys. We're all behind you.

Getting Through Life on a Limited User Account

RTA Information Technology, Tempe, Arizona

The day after the Windows WMF exploit hit, I decided to live my life on a Limited User Account. Although this wouldn't have prevented a WMF hit on my personal PC, it would have minimized the damage. I've seen the effect of a trojan hit on a user with Local Administrator rights on his PC, and the results aren't pretty. I always recommend giving limited rights to my clients. But I thought I should live with those same, limited, rights.

In the world of Windows XP, 2000, and 2003, there are two sets of accounts that we deal with. The first are Local Accounts. Local Accounts are created inside the local PC's Windows installation. A Local Account only applies to that PC and the Account has no visibility on other PCs or on the business' Domain.

The second set of accounts are the Domain Accounts. These are created and stored on the Domain Controllers (such as Small Business Server 2003). A Domain Account's properties are valid on any PC in the Domain. Even if a PC is taken off the network, it will still remember the last version of properties that a Domain Account possesses (credential caching).

When you log onto a PC on a workgroup, the only option is to log into a Local Account. But when you log onto a PC on a Domain, you have the choice of logging in as either a Local Account or a Domain Account.

Within the local computer, you can also set Domain accounts to have Local rights. You can make a Domain Administrator, for instance, have the rights of a Local Administrator. It's common for a Domain user with low rights (a Domain User) to have Local Administrator rights on the PC. That combination allows the user to install programs and perform other administrative actions on the local PC, but limits his rights on the rest of the network. But Local Administrator rights really hurt when a trojan or virus strikes.

Many common actions on a local PC require Local Administrator rights. You need Local Administrator rights to install or remove many programs. You need those rights to change networking properties. You need Local Administrator rights to delete many files on a PC. These same priviliges also allow a trojan or virus free reign over your PC if you accidentally run them.

The lowest (and best, from a safety standpoint) set of User rights is:
Local User = User
Domain User = User

As an IT consultant, working as a "User" is an especially tough decision. I frequently view and change the networking properties of my PC. I provide help to clients and I need to view the settings control panels. It's impossible to remember every single detail of every control panel. Most "normal" users don't need to change these items all day long, like I do.

And I install programs on my PC. No, I don't add a lot of junk to my PCs. I stopped doing that many years ago. If I feel the need to install something, I'll do it on another PC if possible. Or I'll do it in a Virtual PC window, isolating it from my personal PC. But still need to install and remove programs on occasion.

Right now, I'm evaluating Microsoft's Business Contact Manager (Version 2). And I'm having problems. For the life of me, I can't get it to run properly without having Local Administrator rights on my PC. The MSDE database won't allow me access to create a new Contact. I'm waiting for a Microsoft BCM expert to get back to me on that one.

But I'm deciding that even an IT Pro CAN live as a Limited User. With some tricks. I'll list some below.

My best friend is the "Run as....." command. This option is available with a right-mouse-click on many programs. You can use it from the Start menu. You can even use it to open a Command Prompt (DOS) window.

When you select "Run as....", you are given the option to execute a program using user credentials different than those you selected at Log On. You can choose to be a Local or Domain Administrator, if you know the account name and the password. Or, you can select lower rights than you normally have.

"Run as..." has been a Linux staple for years. It's used to give temporary "Root" rights to an administrator, while letting him work normally with lower rights on his PC. This same option has been available to Windows users for years, but has been pretty much ignored.

Sometimes, though, the "Run as...." command doesn't work as expected. A program install may appear to finish, but may not work as expected. You just have to try it to see what happens.

How do you examine and set User rights?
Well, first, you guessed it.....you have to be an Administrator!
Locally, log in as Local Administrator and set the Local rights of the various accounts.

Local Accounts are best managed in the "User Accounts" control panel of your PC.
You'll have to give Local Administrator credentials when you open this control panel.



If you examine the properties of a user, you can choose which Security Groups the user is a member of. The most commonly chosen options are "Users", "Power Users", and "Administrators".



You can view and change the rights of various Local and Domain accounts. You can, for instance, give a Domain Administrator only limited rights on your PC. Remember, we are setting the LOCAL rights of both Local and Domain Accounts. You can only log onto a PC with either a Local Account or a Domain Account, not both. Your rights on the Domain will be set on the Domain Controller. You rights ON THE LOCAL PC will be set by the Local PC, using this control panel.

Note that the Standard User group is the "Power Users Group", giving access to many system settings and allowing installation of programs that don't affect Windows System files.

Double check your work. It's easy to let an account end up with Local Administrator rights when you thought you'd turned them off. A quick check is to go into the local "Add or Remove Programs" control panel. If you are a Local Administrator, you'll have the right to "Remove" all of the intalled progams. A Local User won't have "Remove" rights for many programs.

Easy but SECURE Passwords - Think "Pass Phrases"!

RTA Information Technology, Tempe, Arizona

Don't you hate remembering passwords? I do?

Most people:
1) Write them down near their computer.
2) Make up an easy password. It usually consists of a word from the dictionary, followed by some numbers. Often, the password includes the name of family or pets.
3) When forced to change a password, they increment the number at the end of the password.

If this sounds like you, you're normal! And you are a prime candidate for having your password stolen!

Don't keep your password near your computer. And, so-called "Dictionary Attacks" can break your password in minutes! Dictionary Attacks go through the entire contents of the Dictionary, adding numbers to the beginning and end of each word. A Dictionary Attack will quickly find the right combination, and you've been hacked!

What's the solution? Pass phrases!

What's a pass phrase? It's a LONG bunch of words, numbers, or characters that's easy for you to remember, but hard to crack. Just the fact that it's LONG means it'll take a LOT of guesses to get your password. Even if you use all English words, think of how many combinations there are? Combine six words together, add a few special characters (^%$[+), and you've made it a near-impossible task for a password cracker.

Consider the following three passwords:
1) "Paula11"
2) "Az7%lV8"
3) "Consider buying a GREAT business server."

"Paula11" is what most people use, given a choice. It's easy to remember. It's easy to type. Paula is your daughter or wife.

It's seven characters long. It'll take a Dictionary Attack a few minutes to break. If I look up information about you, I can probably GUESS your password. If you are required to change your password periodically, it may be "Paula99" by now. I can guess that one, too.

2) "Az7$IV8" is what's commonly suggested by the "security-aware" computer system. It's nearly impossible to remember. It's difficult to type. This might be an password assigned randomly by a computer. For sure, nobody would EVER voluntarily pick it.

It's also seven characters long. It'd take a Brute Force attack (every possible combination of letters and numbers) a few hours to break. It's hard to remember, hard to type, and easy to break.

3) "Consider buying a GREAT business server."
This is a pass phrase. It's easy to remember. It's easy to type. It means something to me.

It's FORTY CHARACTERS long. It'll require the world's fasted computer YEARS to do a successful Brute Force Attack. You'll never be able to guess it manually. An even better pass phrase would be "Consider buying a xxxxx business server." Tha'ts even tougher to crack, and no harder to type or remember.

Get the idea?

My rules for secure passwords:
1) It's OK to write down passwords. Just keep them someplace safe and not on your desk!
2) Use more than one password. If a single password somehow gets exposed, you don't want the thief to have access to ALL your accounts. Pick two or three GOOD passphrases and use them on different accounts. Write them down some place safe if you don't use them frequently.
3) Use long, complex, pass phrases. The longer the better. Windows Server 2003, Small Business Server 2003, Windows XP and 2000 allow VERY long passwords, and they allow special keyboard characters. Make your passphrases long and add spaces and a special character or two.
Your pass phrase doesn't have to be hard to type. Make it easy on yourself. Just throw in a couple of extra, easy-to-type characters. Toss in an extra "space" or two. Or four. It doesn't have to be fancy. Just long.
4) I don't recommend enforcing too-frequent password changes, since most people simply modify their existing password. Instead, go for a GOOD passphrase and keep it secret! There's no reason to have to change your password every month. Pick a strong password and change it yearly. Have a "Password Day" annually, when you change your passwords.
5) If you accidentally gave your password to somebody, change it wherever you've used it.

Passwords are the only barrier between thieves and your money and your data. Don't skimp on their length. Good passwords don't have to be hard to remember. They just have to be long.

Obtaining Replacement Microsoft OEM Media

RTA Information Technology, Tempe, Arizona

If you've lost or damaged Microsoft OEM installation media, a Microsoft Partner (System Builder) can request a replacement at:
http://oem.microsoft.com/script/mr/MediaReplacement.aspx

The System Builder needs to furnish the COA Serial Number, or,
* "A copy of the original invoice, with software clearly identified"
* "A Copy of your dated sales receipt"

I haven't used this service, but I ASSUME this only applies to OEM software that the Microsoft Partner originally provided to the end user. I'd be surprised if the Partner could order replacements for Dell OEM software, for example.

The Microsoft Customer Service number for all this is:
866-230-0560 (North America).

Microsoft Releases Windows Update for WMF Exploit

RTA Information Technology - Tempe, Arizona

Microsoft has released its official patch for the WMF Exploit at 2:00pm PST, Thursday, January 5. Employing 200 Microsoft employees to develop and test this patch, Microsoft has released it five days earlier than planned.

RTA recommends that all XP, 2000, and 2003 computers be updated with this patch, available through http://update.microsoft.com, or through your normal automatic updates.