A survey was conducted by the Pew Internet and American Life Project in Washington, D.C. Results for the survey was gathered from telephone interviews of 1,100 teens and their parents.

The survey found out that

72% of parents were worried that their children were spending too much time online; at the expense of more worthwhile activities.

62% are worried that their child will read inappropriate content online,

58% are concerned that their child will meet strangers online, who will then try to exploit them

When parents are considering how to control their young child’s computer, they need to consider the following.

Pros of Computer usage Some of the pros of a young child using the computer are as follows:

If a child is allowed to use the computer at an early age, he or she is able to develop his or her computer skills faster.

There are many child-appropriate Web sites which are educational and of benefit to the development of a young child.

The computer gives your young child quick and effective access to a large amount of educational material.

Unfortunately, the cons of young children using the computer are many too. There is concern among parents and professionals about the potential harmful effects on a young child of computer use, and they consider it vital that parents should control their young child’s computer.

Cons of Computer Usage Some of the cons of a young child using the computer are as follows:

The Internet has many dangers. There are many wholly inappropriate Web sites for young children, which can pop-up even when your child is not searching for them.

Even a young child can suffer from physical ailments such as neck pain and back pain, due to spending too much time on the computer on unbeneficial activities.

Advertising – Parents of children as young as one year old are targeted, and parents scramble to obtain these products. Promoters use clever marketing drives to empty parents’ wallets for their children’s sake.

If your young child is using the computer for large periods of time doing activities that are of little benefit to his or her education, this is in effect a waste of precious childhood. The computer can be extraordinarily seductive to a child.

http://www.spysureonline.com is one of hundreds of such a

Child's, Computer, Control, Parental, Software

Sitting in a hot office or driving along the melting road people are looking forward to the summer leave to begin. Everybody plans to make a trip abroad, visit the people whom they haven’t seen for ages or simply enjoy peaceful rest with the family.

However it’s a common situation that all plans to have a splendid rest flop like a bubble. The most annoying is that vocations are usually spoiled because of things far less notable than a flood. Simply the manager has forgotten in what folder is the necessary file, or a close friend needs some PC-related help. Also there are such CEOs that don’t care about employees being at the other end of the world, and want to see them the next day in the office just to hold a 15 minute meeting.

Still all upper mentioned situations have one thing in common. They are easily solved with the PC remote control program. And Anyplace Control Software is glad to introduce such a program that is not only on guard of the peaceful holidays but keeps fuss away all the year round.

Anyplace Control is PC remote control program capable of displaying remote PC desktop and enables using local keyboard and mouse to control it remotely. And the innovative connectivity scheme keeps remote machine accessible from any place in the world that is connected to the web. While another piece of good news is that Anyplace Control is router- and firewall-friendly, so there is no need to be a system administrator to hook up the necessary computers. And on top of the cream is the improved screen grabbing feature that gives the real comfort during PC remote control session, so it’s not that hard to forget that you are currently working on a PC located 100 miles away.

Anyplace Control is pretty easy to set up. The software consists of Admin and Host modules that should be installed on the local PC and a remote one respectively. These PCs must be connected with each other either via LAN or via Internet. The way PCs are connected with each other determines which of the two PC remote control connectivity schemes is used: for computers in the same LAN/WLAN, connection is established directly via IP addresses, while computers accessing the web are hooked through Anyplace’s Gateway server using an account name and a nickname.

Besides its main PC remote control feature Anyplace Control enables direct file transfer with the target machine as well. All kinds of personal data, presentations, deadly important reports, and even million dollar worth contract can be transferred directly with Anyplace Control file transfer feature protected with CHAP authentication and RC4 128-bit random key. And this means that spam arrester blocking e-mail attachments or FTP being down won’t make the work to halt again.

Get connected to any necessary computer remotely from any place in the world with Anyplace Control and make sure that vocation won’t be ruined by an annoying nuisance. By hook or by crook, get a free evaluation version of PC remote control utility from http://www.anyplace-control.com/

Control, Guard, Holidays, Peaceful, Remote

GoToMyPC is a service provided by Citrix Online. Citrix Online is a division of Citrix Systems the top performing, NASDAQ listed, networking company.

With these credentials to back it up GoToMyPC has established itself as the foremost remote desktop control service. It is simply the most user friendly, most reliable and most secure remote desktop access service available.

If you are not really a computer geek, but you need access to your work PC from home or vice versa, then you should have a serious look at the PC remote control service provided by GoToMyPC.

GoToMyPC is a managed service. That means that you don’t have to open ports, configure IP addresses, concern yourself with firewalls or user rights, or do anything else that steals your time.

Installation requires a few simple clicks of the mouse. Go to the GoToMyPC site and follow the instructions. The service will install a small program on the computer that you want to access remotely.

You can then access your PC with any other PC with a web browser and an Internet connection. Simply surf to the GoToMyPC website and from there you call up your computer.

The security of your PC is of the utmost importance with this type of application. This may be the most important reason why you should not use any remote PC access service. GoToMyPC uses a unique 128-bit encrypted key for each connection. The encryption key is based on an access code that resides on the host computer and a random bit sequence. The access code is never transmitted or stored on the Citrix Online servers. Simply put, your PC-to-PC communications cannot be hacked.

Citrix Online has a strong privacy policy and will not disclose your information to third parties.

The above factors need to be considered carefully when you choose a remote access service. Rest assured that your personal information and the integrity of your PC is safe when you use Citrix GoToMyPC. This may not necessarily be true for any other service provider.

Access, Control, GoToMyPC, Internet, Remote, Should

Children and adults alike are spellbound by the world of the Internet. Unfortunately, there are times when children can become exposed to material and information that is not appropriate for their age or experience. In addition, youngsters can unknowingly disclose sensitive personal information to an unscrupulous “lurker,” revealing credit card numbers or other data without being aware. Because of these potential risks, PC computer security is vital, and software for parental control is a necessary component for an all-ages household.

The first line of part of your job is to teach your child how to use the Internet safely. Children are fascinated with computers and the Internet as early as age 2, and young children can be easily guided to appropriate web sites that provide entertainment and education.

As children get older, however, it becomes more difficult to know about all their online activities. By adolescence, they may engage in looking at pornography or chatting online with potential predators. Sometimes they’ll post photos of themselves and provide information that could allow pedophiles to try to meet them offline.

Being involved with your child’s online activities helps reduce some of these risks. Keeping the computer in the where you can see it or just being interested in what they view may be enough to help children resist the lure of ‘forbidden’ sites.

It’s usually not possible, though, to supervise 100 percent of your child’s total online activities. Frightening thought, but when you’re at work or shopping you can’t know what your child is being exposed to.

Or can you?

In fact, there are a wide range of PC computer security software and hardware tools that can limit your child’s Internet access or monitor his or her computer activities. Most cost very little, some are even free, others are simply pointers for how to restrict access.

HOW FILTERING SOFTWARE WORKS

Filtering software works by blocking certain web sites or specific keywords. Parents can specify them or use a pre-built list. For example, a list of pornographic or otherwise inappropriate sites is given by the software vendor and can be updated from their web site. Any time your child tries to access one of these web sites he or she will get a ‘HTTP 404 Page Not Found’ or similar message.

Filters can also be set up to prevent access to certain types of Internet traffic such as instant messaging, newsgroups, e-mail, or peer-to-peer (P2P) hosting. The latter is often used for file exchanges.

These filters aren’t perfect and it’s next to impossible for a database to be totally up-to-date because new web sites come onto the Internet all the time, but they help.

Another type of software for parental control records all your child’s computer activity – sites visited, e-mails sent or received, programs run, even individual keystrokes in some cases.

Another option is to install software which only allows computer use to certain times during the day. The computer shuts off at scheduled times or when a certain amount of data has been downloaded from the Internet. Actually Windows has built-in facilities for doing this, but configuring it requires a level of expertise beyond the average user. You can search for parental control software ratings, as features vary from one manufacturer to another.

Software for parental control exists which can block your child’s name, address or other personal details as specified by the parent from being sent. Be sure to do a parental control software comparison to determine which type of software is right for your family.

UPS AND DOWNS OF BROWSER PROTECTION

Some browsers are specifically created for children that incorporate many of the PC computer security filters discussed above. They’re easier for children to use than Internet Explorer or Firefox but don’t rely totally on this type of browser, however. Internet Explorer can’t be uninstalled from the Windows operating system and any net savvy kid will probably know how to gain access to it.

Control, Know, Need, Parental, Software

Adopting port control is essential for a company that issues flash drives to its personnel and must protect confidential data. If a company is going to issue flash drives to its personnel then management and control of those drives is essential. Management entails more then just physical control over the drives. As the theft of flash drives continues to rise, adopting port control becomes more important then ever. Port control allows drive management which includes termination should a flash drive be compromised. Through termination access to the host operating system is not longer possible and the security threat is averted.

Centralized Port Control

Port control software was developed by SanDisk Enterprise for the companies that want central management of their flash drives. The increased need to protect confidential data and host systems sparked the development of the central control software. Port control offers a higher degree of security for companies who need management capability. The options that central control provides are very effective in managing flash drives. Port control manages the access that individual drives have to the operating system and can audit or terminate a drive instantly from the central server.

Port control is fast becoming a necessity due to the reality that millions of flash drives are being used throughout the world today. As the number of operating systems becomes victim to unauthorized users port control software is fast becoming a necessity for enhanced security. Flash drives must be controlled from a central control server or hackers could not only access data but upload viruses into the host system as well. Without port control breaches to security could end up costing companies using flash drives a great deal of money to restore and rectify their systems.

Port Control Management

Port control management allows security personnel to monitor, audit and terminate flash drives which pose a threat to security. Without management software in place these security measures are not possible. The expense of establishing port control management is fractions of what it would cost if data is compromised. Flash drives with port control management capability can avert many security risks before they can occur. SanDisk Enterprise offers management software that is effective in managing flash drive security and eliminating many threats to security.

Port control management software gives companies much more control over their security through control of its flash drives. Previously the only control they had was physical containment and control. Management from a central control point which provides port control virtually eliminates many risks that might be possible by a theft with a stolen drive. The central management capability of port control is important to every company that must protect confidential data. Without this advanced technology in place the risk is high and the cost of damage control even higher.

Adopting, Control, Enhance, Port, Security

There are numerous ways for an individual to gain access to your confidential information and business data on your computer when you employ remote control software. In spite of the risks it is not necessarily a risky business to invest and implement remote control software. If you make sure that your provider can supply a satisfactory solution to the presented 6 risk areas you will be able to enjoy all the advantages of remote control software without hesitation.

A remote control system consists of two primary agents: the host and the guest. You are the host and you should have completely control over who you invite. The best overall method to avoid unwelcome guests is to make sure that your software has the top of the line encryption and a strong overall focus on the pending security issues.

We have pinned the security pitfalls out in six risk areas and we recommend that you consider all six risk areas when you research your possible purchase of remote control software. The six areas are:

1. Unauthorized access across the wire. Popularly known as “high jacking”. We have identified the following key parameters to avoid high jacking:

MAC/IP address check

Closed user group

Authentication

Callback

User controlled access

Authorization

2. Eavesdropping and alteration. Protect the traffic between guest and host modules against eavesdropping and unauthorized alteration of data. Make sure your system has strong features in Encryption (only you and your guest should be able to read the information transmitted). Integrity and message authentication (verify the encrypted data). Key exchange (exchange the right encryption keys for the data transmissions).

3. Security context. It is imperative that the Host components run in proper security contexts on the operating system.

4. Unauthorized change of the Host. Make sure that all maintenance is only accessed through a password and thus prevent unauthorized change of the Host configuration.

5. Adequate range of alerts and security options. An example: The Host must be able to disconnect the Guest user or even restart Windows after reception of a pre-defined number of invalid logon attempts in order to reduce the number of invalid attempts per hour. And you would want a neat range of alert types when someone is trying to access your computer.

6. Adequate event logging. Your system should offer extensive event logging to document a possible attack. All session activity and log on attempts should be logged, preferably in a central database

It is absolutely essential in remote control software that you can ensure that access to data is protected from unauthorized users. Hackers can and will use foot printing, such as port scans, ping sweeps, and NetBIOS enumeration that can be used to glean valuable system-level information to help prepare for more significant attacks. Finally, hackers can attempt to hijack a session, that is, they can try to takeover one end of an already established session.

Your remote control program should contain security features that counteract the methods described to hack into a computer. If you engage with a supplier who is covered in the six risk areas then you’re on your way to improve business efficiency, help system administrators and reduce cost of IT and enjoy many more inherent features with remote control software.

Avoid, Control, Remote, Securitypitfalls, Should, Software

Remote control software is software which is used to control a computing server or desktop computer from another computer. Remote control software is used for data transfer and it is a remote controller between two or more computers. In order to understand remote control software completely we should know the term Remote Desktop

A ?Remote Desktop? is a computer platform in a remote location that appears to be local. Remote desktop allows you to control the desktop and the entire applications and contents of a computer from another machine. Remote desktop will actually allow you to see and control your connected PC as you are sitting in front of it.

Remote desktop software enables network administrators to simplify the process of monitoring and maintaining these networks of computers with a simplified and intuitive interface.

With the help of remote control software you can access your pc even if you are far away from it. As remote control software enables long distance access of computers. Remote control operation is used to take control of an unattended desktop personal computer from a remote location as well as to provide instruction and technical support to remote users. In reality software maintenance is one of the most important and common uses of remote control software.

Remote control software reduces call handling time and first calls resolution rates. Some features of remote control software:

? Remote access via internet

? File transferring

? Text and voice chat

? Desktop sharing

? Remote shutdown

Remote computer software permits remote control access to an unlimited number of computer systems over the web and includes support for multiple simultaneous remote desktop support sessions. Remote control software saves time provides the facility to access your pc from anywhere anytime.

You can share this article with your friends, family and colleagues. All reprint rights are granted. All reprints must include an active link to http://www.rhubcom.com/. Content may not be altered and must be used as distributed by The RHUB Communications, Inc.

Control, Desktop, Remote, Software

Here is what you should look for in hosting plan features:

Often hosting plan features are tied into the type of control panel that is provided with the hosting service. Most people take for granted that a control panel should be part of the package, but in smaller countries outside the USA this is often a ‘luxury’ that is not part of the hosting package!

Finding out whether your hosting server provider offer a control panel to manage your website is the first essential feature that you should look for. It is unacceptable to sign up for a hosting package if there is no control panel!

Common control panels for Linux hosting are (my recommendation is to go for Linux hosting and not Windows hosting):

Helm

Plesk

Cpanel

DirectAdmin

All these control panels have their supporters and detractors.

I have to honestly say that my preference is CPanel. Cpanel offers a lot of functionality and a user friendly interface.

The following features are available with CPanel hosting:

~ Email management ~

Under email management you can create and delete all your email accounts. You also have access to a Webmail facility so that you can read your email online (as opposed to linking to your email account with Microsoft Outlook or Outlook Express). You can also set up forwarders to forward one email account to another. You also have access to set up simple autoresponders to send an automated reply back if anyone sends an enquiry email to a specific email address.

~ Website statistics ~

Although most hosting providers do provide statistics facilities, it is worthwhile to make sure that they do. Some hosting providers think that the statistics programs consume too many resources on a shared environment and some of them therefore remove the facility. But statistics and the ability to analyze your traffic is essential when you set up a website, so make sure that you select a hosting provider that do provide you access to a web stats package. My personal favourite is AWStats. You can read an article on the different types of statistics programs as well as how to interpret your statistics here : http://www.tm4y.co.za/internet-marketing-tips/website-statistics.html

~ FTP ~

You should have FTP access to your website in order to upload files. This is absolutely essential if you want to manage your website. Cpanel also allows you to register new FTP accounts to give other people access to your website. You can restrict their access to specific folders on your website and specify if they should have read and/or write access.

~ File manager ~

If you are not comfortable with using an FTP package to upload your files, you can always use the file manager available in CPanel. The file manager enables you to upload files, unzip files on the server and to copy and delete files.

~ Backups ~

This allows you to make a backup of the files on your server, as well as to backup your MySQL database if you have one. This is very useful and should be done regularly. You cannot depend on the backups ran by the hosting service provider, since the service provider itself might just close its doors unexpectedly and you might not have access to your site – not to talk of your backups!

~ Subdomains and Add On Domains ~

You can add sub domains and even Add On domains (depending on whether your hosting provider allows for this)

~ Redirects ~

This is useful to temporarily or permanently redirect pages to another website or ther website pages. Be careful though with using temporary redirects, this might cause problems with the search engines.

~ Protect directories ~

You can set up password protected directories on your website

~ Pre-installed scripts ~

The Fantastico installer is one of the best features of the Cpanel control panel! This installer helps you to quickly and easily install lots of Open Source (in other words, free to use) tools and utilities, such as shopping carts, forums, project management tools, WIKIS and much more.

The CPanel control panel allows web hosting companies to make a lot of web hosting plan features available to clients who can then easily manage these features themselves.

Control, features, Hosting, panels, Plan, Popular

The objective of a document control software system is to make sure that good manufacturing methods are recorded and improved on. ISO standards require that the process and the documentation directing the manufacturing methods, and any changes to them, are restricted to authorised personnel with any changes recorded for future examination. Therefore ISO certified organisations are required to have a system for controlling the changes to their documents.

One of the challenges of having an ISO system, whether it is certified or not, is to be able to continuously maintain it after it has been set-up. A paper or hybrid electronic/paper systems will require diligence and perseverance on the part of the organisation and senior management in particular for the processes to be maintained and updated. It is in fact not unheard for a system to be left unattended once certification has been achieved and for it to be resurrected only when an audit is imminent because the organisation has considered it to be too time consuming to maintain. Manual systems can also be error prone with uncontrolled documents being made available or new versions not appearing in time. In order to eliminate these problems organisations are increasingly turning to quality management software systems.

This article focuses on the document control element of a quality management system and on how its processes allow an organisation to increase the efficiency of maintaining its processes, controlling the distribution of documents and generally improving profitability.

We will now cover the areas that we think need to be considered when deciding to opt for a document control software system:

1. RESTRICTIVE ACCESS

? User/Password protection ? The system must require a unique Username/Password combination for each user with access to the system. In addition the password must be an alphanumeric combination to further ensure that it cannot be logically recreated.

? Intruder lockout ? An account should be automatically locked out if a user attempts to login using an inaccurate login combination. This is activated when a preconfigured number of false attempts have occurred and protects against unauthorized attempts by individuals to access the system. The System Administrator is the only individual who can re-set a locked out account.

? Document access restrictions ? Each person within an organisation has a role. While each role is unique it may or may not interact with another role in the same organisation. As a result a system needs to be able to restrict access on the basis of their role with the documentation. In most cases this is Viewing (Read Access), Authoring (Write Access) and Approving, with users being given one or more roles for the documentation in question.

2. DOCUMENT MANAGEMENT

Document management capabilities ensure that the iterative elements that are required for an ISO system are automated or simplified thereby increasing efficiency.

? Application independence ? A system must be able to control documents from a variety of commonly used applications i.e. Word, Excel, video, audio etc?

? Lifecycle management ? Documents must follow a strict lifecycle from Draft to Published to Archived. While this can be based on the type of document it must however restrict access at its various stages.

? Document history ? All events that a document goes through must be automatically recorded and accessible by the approved users.

? Central and safe storage – Documents must be stored in such a way to ensure only authorised access while at the same time shielding against loss or destruction.

3. AUTOMATIC VERSION CONTROL

Version control of a document is both time consuming and can lead to embarrassing mistakes when a new version needs to replace an older version. A document control system can provide some key automation benefits:

? Availability of the latest version ? Only the latest approved version of a document needs to be available with no confusion to the people who need to use them.

? Automatic routing ? As defined by its type a document should follow a routing whereby approvers are automatically notified when a document is to be approved, reviewed or when a change request ha been issued.

? Automatic document replacement ? Newer approved versions of a document must automatically replace the older version and shift into archive.

? Automatic email notifications ? E-mail notifications should be provided to inform users when they are required to perform a task or need to be aware of an event. This should be able to be deactivated but at the same time there must always be some alternative form of notification that cannot be able to be deactivated. For required tasks this should apply for reviews, approvals and change requests. For events this should apply for publishing, confirmed rejections and rejected change requests.

? Approval history ? Managers should be able to view the complete approval status and history of a document as it is going through its workflow routings.

? Automatic publishing on approval ? Once a document is approved it should automatically be published to users who have been given access to it and replace any prior versions which are then archived.

4. SIMPLE SYSTEM ADMINISTRATION

An easy to use system administration should ensure that any user can understand the system while having a minimal IT understanding or appreciation:

? Preconfigured routing ? Routings rules should be set and fixed under the bonnet with an easy to understand attribute setting all governed by Document Types also known as Approval Types.

? Configurable user access rights ? While keeping with the concept of keeping things simple the system administrator should be able to configure read and write access rights by grouping of documents.

? System reporting ? A simple report builder should be integrated with the system giving administrators the ability to create reports while at the same time benefiting from a selection of standard built in reports.

5. GENERAL USABILITY

A document control system should provide users with an easy to learn experience:

? Platform independence ? No restriction as to the platform the system works on or as it integrates with different databases.

? No installation requirements ? No need to install software on a client?s infrastructure ensures that the system can be easily evaluated and be up and running in a flash.

? Web-based client access ? Ability to connect to the system from any Internet connection regardless of physical location. This means that geographically dispersed clients as well as suppliers and customers can access the system without any additional software or hardware infrastructure requirements.

? Search capability ? Ability to search for documents using keywords and only list documents that meet the search criteria and the user?s access rights.

? Grouping of documents ? An easy to use graphical interface similar to the Windows treeview with folders and sub-folders where documents can be grouped and searched for logically.

? Training for system administrators and regular users ? Training to be available to both of the users using a simple method which can be delivered over the Web and can be easily interrupted and started up where left off.

6. DOCUMENT GROUPING AND ACCESS RIGHTS

Once a document control system has been chosen a clear identification of responsibility for each type or class of document must be well thought out and planned. This is to ensure that the system is an effective one and is focused only on the people who have a role in the system. The specific groupings for a system that groups both documents and users are as follows:

? Grouping of documents ? Documents within a document control system have a purpose and when that purpose is identified then the documents can be logically grouped. This is to ensure that ultimately only the users who need to have a role in those documents can be given that role.

? Readers of documents ? Access to documents must be restricted to the users who effectively need to use the documents as part of their job responsibility. This is where a document control system starts and ends and time must therefore be invested in grouping documents and determining which people have access to each grouping of documents. Certain software system only provide access to groups of users so in addition to grouping the documents the users having access to the document groups in themselves need to be grouped.

? Writers of documents ? These are the people who have management responsibility over the documents. They will be originators or authors of the documents and will have the responsibility for updating them. They may also be readers of the documents. Generally, this may either be at a department or functional level or at an organisation level depending on how large or complex the organisation is. When changes are made to a document they will be required to report on the reason and the detail of the changes.

? Approvers of documents ? Controlled documents must go through a review and approval process. These are the users who have the task of making sure that the documents are accurate. They will tend to be experts in their relative fields so they may be required only to review and approve documents in their functional areas. They may also be readers and writers of documents.

In identifying these four groupings the supporting structure of the document control system is built and from there a smooth running system can be configured. It is of overwhelming importance that plenty of time is allowed for this stage as it will pay dividends in the long run.

7. CONCLUSION

Companies that have moved from a manual to an electronic document control system will say that their day-to-day task has been made easy and that they have made a speedy return on their investment (ROI). However, they will also agree that the transition has required an important investment in time to ensure that the structure of the new system has been well planned out. Finally, they will also have been relieved that when they chose a hosted document control system that it did not necessitate any upgrades in their IT infrastructure.

Comply, Control, Document, Requirements, Software, Using

An evolving workforce, reared on Web 2.0 technologies, is bringing a different perspective to how computers are used within an organization.

With a mindset that is highly tuned to sharing information and applications, and emailing and messaging friends, the new ?employee 2.0? is redefining how individuals interact with the internet and the IT environment as a whole. While the new internet technologies they are exploiting can bring business value in helping employees communicate, share files and work collaboratively online, they also pose a range of new threats.

Internet-enabled applications such as Instant

Messaging (IM), peer-to-peer (P2P) file-sharing applications and Voice over Internet Protocol (VoIP) services have been causing concern for some time.

A Sophos online poll asking IT administrators what kind of software applications they would like to prevent their users from being able to access and use shows that even by late 2006 they recognized the need to be able to exert more control and to prevent users from installing and using unwanted applications.

Today the problem is even more pressing.

While businesses have put in place systems and processes to defend against malware, these defenses do not typically provide adequate protection against the new set of threats posed by today?s user behavior. Employees, many of whom have considerable IT knowledge and expertise, continue to introduce applications onto their desktops ? very often simply to make the tools they work with more suited to their own idiosyncrasies ? unaware of the associated potential risk.

Internet browsers

Many people are rejecting company-approved web browsers in favor of other browsers. Although these are a very real threat as hackers regularly exploit unpatched vulnerabilities in browsers to infect users? computers, nearly a third of respondents to a Sophos poll said they did not consider browser control important.

28%

Virtualization

Of particular concern currently is the growth in the use of unauthorized virtualization software on company desktops and laptops.

Virtualization separates the logical (software) from the physical (hardware) allowing multiple systems to be run on one piece of hardware. It can represent real value at time of increasingly constrained IT budgets and organizations deploying managed virtual desktops are running no significant increased risk. Unmanaged virtual computers, on the other hand, create a black hole in an organization?s security system, with applications running in an environment about which IT administrators are completely unaware.

The ease with which virtual computer image files can now be downloaded means there is a much higher risk of end users running unauthorized applications ? from games to browsers to beta software ? in a virtual environment, making corporate systems and data much more vulnerable than in the past.

Removable storage devices

An organization?s vulnerabilities are exacerbated by the unchecked ability to launch unauthorized applications from removable storage devices like USB keys, CDs and DVDs, and wireless networking protocols, such as WiFi, Bluetooth and Infrared ? particularly if these applications are then run in a virtual environment.

Compounding the problem is the use of these devices and protocols to transfer business data around and out of an organization. In a recent survey, the inadvertent exposure of company confidential information was cited as the number one threat, above viruses, Trojans and worms.

The business risk

The unauthorized or uncontrolled installation and use of applications, devices and network protocols can negatively impact organizations in several ways.

Security risks

The risk of infection through unauthorized applications is clear. IM-based malware attacks, for example are growing exponentially, and P2P applications are similarly on the increase and are notorious vectors for malicious code such as remote command execution, remote file system exploration or file-borne viruses. Infected files can also come in through wireless connections.

Once infected, computers can be used to send out spam or launch denial of service attacks, or to spy on and capture confidential business data.

As discussed above, data can also be easily taken outside an organization on CDs and USB keys and many recent high-profile incidents confirm how easy it is for these then to be accidentally lost.

Legal and compliance breaches

The installation of unauthorized applications and devices can pose significant legal risk as well as security risks. The need to protect data is particularly important.

Government regulations such as the USA?sSarbanes-Oxley Act and HIPAA (Health Insurance

Portability and Accountability Act), Canada?s PIPEDA Personal Information Protection and Electronic Documents Act), and the UK?s Data Protection Act place requirements on IT administrators to maintain and protect data integrity within their networks. There is further pressure from recognized industry bodies, such as the Center for Internet Security (CIS Benchmarks) and the Payment Card Industry (PCI DSS).

In addition to the repercussions of failing to protect data properly, there are other legal pitfalls. For example, the content of IM chat often includes attachments, jokes, gossip, rumours and disparaging remarks, confidential information about the company, employees and clients, and sexual references.

Extra IT support burden

As discussed, unauthorized applications and devices can introduce infection to the network, but even without this, they can create an additional IT support headache. Applications that are not properly tested and deployed can cause stability performance issues across the network.

Network and system overhead

The corporate network bandwidth and computer processor power consumed by unauthorized applications can have a direct negative impact on network resources and availability.

For example, distributed computing projects harness the ?spare? processing power of millions of computers to help create models or simulations of scenarios such as climate change. VoIP also uses such spare capacity.

Employee productivity issues

Although applications like VoIP and IM can have business value, in most cases they are a distraction and are not required by end users for business purposes. In a virtual environment, applications that are normally banned by an organization, such as games, can be freely run, or users can simply use the environment to organize their own private affairs, all of which has a hugely adverse effect on productivity.

The challenge of the legitimate

The difficulties presented by some legitimate software applications raise particular challenges over and above ?straightforward? protection against malware.

The fundamental step for organizations to increase security and productivity is to create and enforce an acceptable use policy setting out rules on what applications and devices are and are not approved, containing prescriptive advice on best practice, and clearly defining prohibited behavior. Beyond this, from the IT administrator?s perspective there are two distinct challenges:

Allowing controlled use of authorized applications, devices and network protocols.

Preventing use of unauthorized applications, devices and network protocols.

In practice this presents a significant challenge, not least because many users have to be allowed to be local administrators, being given privileges necessary to download applications that they need to do their job, for example downloading updated Adobe Acrobat software. However, this means that they can also download a variety of other software that they might want to install and use. This makes life particularly difficult for the IT administrator: malicious software would be blocked by anti-virus software but applications like IM are not malicious in any way.

Skype End User License Agreement

3.3…Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between You and third parties.

Control strategies

In response to the wide-ranging threats posed by the unauthorized use of applications and devices, IT administrators have tried a number of different strategies. While each strategy has some merit, there are also disadvantages.

Locking down computers

One of the most straightforward ways to stop the installation of unauthorized applications is simply to enforce a blanket lockdown on all computers, or to ban the unauthorized use of removable storage media, and to assign only limited administrator rights. However, this is precisely where application control has broken down in the past.

Some departments ? notably IT and technical support ? have a clear and obvious need for administrator rights. It might seem an obvious answer to allow these technical groups to install applications and to prevent everyone else from doing so. Unfortunately in practice this is not as simple as it sounds.

Many organizations find it expensive to lockdown computers for some or all of their non-technical end users. The inflexibility of the strategy means that countless policies need to be created. For example, many simple Windows functions, such as adding a printer driver, changing time zones and adjusting power management settings, are not allowed with a standard user account and therefore do require constant changing of the assigned rights. The increased staffing requirements and response times related to centrally administering every change to a computer

create a significant cost for the business.

Installing specialist control products

There are products on the market that are designed specifically for controlling which applications can and cannot be run on a computer.

These products typically involve validating usage against large databases of allowed and blocked applications.

For IT administrators they are yet another product that needs to be evaluated, purchased, installed and managed. Management of these solutions is not an insignificant task and is often difficult due to the size and complexity of allow and block lists. In addition, while application control products can be effective in blocking execution of applications, it is more difficult to stop the initial installation.

Finally, specialist application control products do not provide comprehensive protection against malware and businesses still have to invest in other security products to protect against viruses, spyware, and other threats.

Implementing corporate firewall rules and HIPS

Firewalls and HIPS (Host-based Intrusion Prevention Systems) are generally focused on blocking potentially malicious network traffic and attempts to execute a code, rather than controlling which applications users can and cannot install and/or run. They can play a role in limiting the use of unauthorized applications by controlling access to network or internet resources, for instance by looking for and blocking VoIP traffic, but are far from an adequate solution to this problem.

Applications, virtualization, and devices: Taking back control

Getting more from an anti-malware solution

Most anti-virus and anti-spyware solutions do not offer application or device control capability. However, a business will get more from its investment in protection against malware and save system and management resources if the same scanning and management infrastructure is used by the product to intercept and manage the use of legitimate software applications and devices.

Deploy only one client

Anti-malware is a necessary investment that IT administrators have no choice but to purchase, install and manage. Deploying a single client that incorporates anti-virus, anti-spyware, antiadware and control of unauthorized applications and devices will save time, money, and system resources, and improve security.

Simplify control and policy setting

Anti-malware solutions allow different policies to be set for different user groups. Being able to set policies to remove unauthorized applications and devices alongside anti-malware policies, can enhance efficiency and allow for specific needs of particular users. For example, VoIP or the use of USB keys could be blocked for office-based computers, but authorized for remote computers.

Eliminate administrative overhead

Using the same management and updating mechanisms for application and device control as for anti-malware software has obvious infrastructure and overhead benefits. However, the overall success of this combination of features, in terms of efficiency, depends on the actual way in which applications are detected. Some solutions require administrators to create their own application signatures using filenames that appear in the application, and to maintain allow or block lists. This approach is timeconsuming and IT resource-intensive. It puts the burden of updating onto the administrator and is also unreliable as users can simply change the

filename to avoid the application being detected.

A better approach is for the vendor to create and update application detection signatures in exactly the same way that malware detection is automatically updated, simplifying administration,

updating and maintenance of detection.

Reduce the support burden

By using signature-based detection that not only stops applications from being run but also blocks their download and installation, organizations reduce the time that their technical support staff have to spend sorting out computers that have been destabilized by the installation of unauthorized applications.

Conclusion

The challenges posed by the installation and use of unauthorized applications and devices on company computers are significant. While there are a number of solutions available that help IT administrators to manage the problem, many require additional investment and, for many organizations, they can be expensive, unwieldy and difficult to maintain. A better solution is one which completely integrates the blocking of unauthorized applications and devices into the existing antimalware detection and management infrastructure.

This gives IT administrators ? for whom IT antimalware protection is a must have ? a simple solution that removes the cost and management overhead from the equation.

Applications, Back, Control, devices, Taking, virtualization