Have your say at computerweekly.com
On the problem of youth
discrimination
In response to Nick Huber's article, entitled Beware
youngsters' ageism claims (Computer Weekly, 26
October)
It is time this kind of discrimination was stopped. It is a
disgrace that in the 21st century our young people should feel
"...unfairly treated because of... their lack of experience".
Why should someone not be given an appointment or promotion just
because they don't have the experience to do the job? Why should
young people be delayed on their way to their rightful place at the
top by some anachronistic requirement to know something about the
job?
Clearly, specifying a requirement for 10 years' experience in
managing a large computer installation discriminates against those
who were in primary school 10 years ago. Things must change. Or
maybe they already have.
Bob Harle, European Patent Office, The Hague
On the easy answer to virus
protection
In response to Nick Scales's thought for the day, entitled
Virus protection is easier than you think
(computerweekly.com)
Ironically, many of the anti-virus companies which Scales goes out
of his way to criticise have had policy-based features in their
e-mail gateway software for years. The problem is not so much
offering these features (such as the ability to quarantine
executable e-mail attachments) but in getting them accepted as
normal business practice.
It should be remembered, of course, that some of the hardest
hitting viruses in the past 18 months (Sasser, Blaster, Nachi) did
not spread via e-mail so could not be stopped by a secure e-mail
policy. It is only by combining anti-virus software, firewall
defences and comprehensive security policies that businesses can
avoid this type of infection.
If users look beyond the conspiracy theories, I am confident they
will find an anti-virus industry that does care about getting
businesses to adopt safer IT practices. The problem is not so much
enforcing such practices, but evangelising enough that they are
written into IT policies in the first place.
Graham Cluley, senior technology consultant,
Sophos
Few would question the fact that there are limitations to
reactive anti-virus protection, especially when a new threat can
reach global epidemic proportions in hours or even minutes.
That is why the better suppliers have invested time and effort to
develop heuristic and generic technologies that can find new,
unknown threats. It is also why they continue to investigate ways
of effectively supplementing "traditional" anti-virus techniques
with other methods of detection, such as behavioural
analysis.
How can Scales seriously suggest that by using "the correct
enforcement of policy, you can implement a system that is at least
as effective as an anti-virus product without definitions or
update"? He said that "simple rules [can stop] more than 78% of all
viruses". Why not use a round figure, such as 75%, or 80%?
A specific figure suggests he has solid data on which to base his
claim. The success of social engineering techniques in spreading
malicious code during the past five years has made it clear that
any security strategy based on users doing the right thing is
inadequate.
Consider the "simple rules": only accept executable code or
password-protected files from people you know and are expecting it
from. These rules offer no protection from threats that use system
exploits with no user action required, and no protection from the
malicious code that runs when a user reads an HTML e-mail with
embedded script. They also offer no protection from the exploit
that allows malicious code to run from "non-executable"
files.
Policies, procedures or user education have a part to play, but not
on their own. I do not think anti-virus technologies are perfect,
but I do not believe a better way has been found.
David Emm, senior technology consultant, Kaspersky Lab
LETTERS
Logistical problems foreseen for ID
capture
There have been many discussions about the storage of ID card
information and the capability of the recognition systems, but I
have not seen anything about the logistics of the initial capture
of the information.
Recent articles have explained that the government will be taking
three biometrics at the registration stage: iris, fingerprint and
facial recognition.
The taking of these biometrics will require specialised equipment,
unlike just taking a photo for a passport or driving licence. These
will require "registration centres" to be established.
The government must create enough centres open at the right times
of day to deal with the volumes without massive queues and ensure
the authenticity of the person being registered. Remember the
golden IT rule - garbage in, garbage out.
Stuart Robinson
What will happen to ID card
information?
The ID card, if David Blunkett gets his way, will be ubiquitous. I
can envisage all kinds of purposes currently not included being
added to the card's list of features.
Already the government has cancelled the citizenship database,
agreeing there would be duplication of data. But what about the
proposed NHS card? What about all the other cards we possess? Why
would a bank or building society spend costly advertising to
persuade us to sign up for one of their cards when the most secure,
unique and universal form of identification, government-run, is in
our wallets already?
All they need do is offer to supply the government with certain
information about our shopping habits, "carefully screened"
naturally, and the government will welcome the freebies of an extra
intrusion into our lives.
Think of all the aspects of our life that could be controlled.
Parking is an obvious one - just swipe the card and you are in -
but the government can now track your movements throughout the
day.
If ID cards are not used to carry out mass surveillance of the
population, how will they help to stop crime or terrorism? The card
will not bring any benefits simply by being in existence. It is
what the authorities then do with the card that will assist their
enquiries, and the only way that can happen is for the public to
constantly have to produce the card. The government computers can
note that event and act upon the co-ordinated information gathered
over time.
And imagine the havoc a would-be terrorist could wreak if the
Whitehall computers stopped working. We are only a week from the
last government-inspired IT fiasco with the Child Support
Agency.
The UK Plc IT systems that have already failed are legion,but tiny
in comparison with the ID cards database. One minor glitch could
have thousands of citizens unable to withdraw cash, go to the
doctor or travel anywhere.
Michael Mitchell
Don't let staff run away with company
secrets
Arif Mohamed made an important point in his article on employee
monitoring (Computer Weekly, 23 November).
The greatest threat to an organisation is its staff. The article
highlighted the need to monitor web and e-mail activity because of
the impact they have on employee productivity and the need to
protect workers from offensive content. But the article did not
mention potentially the most serious concern of organisations today
- the leakage of confidential information via e-mail.
Most organisations fail to recognise that almost all their
confidential information sits in electronic format with up to half
of it stored within their e-mail systems. We know that 84% of all
confidential data loss is generated by an organisation's internal
staff. At the click of a button, an employee can destroy a
company's reputation by accidentally or even intentionally leaking
confidential information.
The article emphasised the role of technology in monitoring
employee activity, but is in danger of encouraging over-dependence
on any IT product.
Filtering technology will enable organisations to customise and
define sensitive content in line with their business needs and thus
prevent confidential data leakage. But technology alone will leave
a company with only rudimentary security protection and without
legal recourse if inappropriate activity is discovered.
It is vital that organisations implement a comprehensive security
strategy. They must have an acceptable use policy that clearly
outlines how employees should use e-mail and the internet in the
workplace. This must then be properly communicated to all staff,
along with what disciplinary action will be taken if a breach
occurs. Enforcement of the policy and monitoring of how IT
resources are used can be implemented to prevent unsolicited
activity.
Steve Purdham, chief executive, SurfControl
Let's start a recruitment campaign for older
ITers
Like others over 40, when I have sent my CV out from time to time I
have experienced the inability of agencies to contemplate
forwarding my name to companies. I know it is simply an age issue
because I tried an experiment - I sent out my same CV falsifying an
age of 25, and guess what? I got lots of agencies calling me
back.
As an employer, I have seen the same problem from the other side -
agencies will by default only send me the CVs of people under 45. I
have to ask to see the CVs of those that are older.
Clearly all us "old crumblies" know we have much to offer and, not
surprisingly, some of us are becoming frustrated by the way many
recruitment agencies work.
Different people will have different opinions and ideas on how to
change this, so perhaps it is time to set up a group dedicated to
sharing information between people and organisations interested in
improving recruitment for those over 40.
Feel free to e-mail me at t.wells@blueyonder.co.uk, so we can
discuss this.
Tony Wells