Have your say at computerweekly.com
On the problem of youth discrimination
In response to Nick Huber's article, entitled Beware youngsters' ageism claims (Computer Weekly, 26 October)
It is time this kind of discrimination was stopped. It is a disgrace that in the 21st century our young people should feel "...unfairly treated because of... their lack of experience".
Why should someone not be given an appointment or promotion just because they don't have the experience to do the job? Why should young people be delayed on their way to their rightful place at the top by some anachronistic requirement to know something about the job?
Clearly, specifying a requirement for 10 years' experience in managing a large computer installation discriminates against those who were in primary school 10 years ago. Things must change. Or maybe they already have.
Bob Harle, European Patent Office, The Hague
On the easy answer to virus protection
In response to Nick Scales's thought for the day, entitled Virus protection is easier than you think (computerweekly.com)
Ironically, many of the anti-virus companies which Scales goes out of his way to criticise have had policy-based features in their e-mail gateway software for years. The problem is not so much offering these features (such as the ability to quarantine executable e-mail attachments) but in getting them accepted as normal business practice.
It should be remembered, of course, that some of the hardest hitting viruses in the past 18 months (Sasser, Blaster, Nachi) did not spread via e-mail so could not be stopped by a secure e-mail policy. It is only by combining anti-virus software, firewall defences and comprehensive security policies that businesses can avoid this type of infection.
If users look beyond the conspiracy theories, I am confident they will find an anti-virus industry that does care about getting businesses to adopt safer IT practices. The problem is not so much enforcing such practices, but evangelising enough that they are written into IT policies in the first place.
Graham Cluley, senior technology consultant, Sophos
Few would question the fact that there are limitations to reactive anti-virus protection,
especially when a new threat can reach global epidemic proportions in hours or even minutes.
That is why the better suppliers have invested time and effort to develop heuristic and generic technologies that can find new, unknown threats. It is also why they continue to investigate ways of effectively supplementing "traditional" anti-virus techniques with other methods of detection, such as behavioural analysis.
How can Scales seriously suggest that by using "the correct enforcement of policy, you can implement a system that is at least as effective as an anti-virus product without definitions or update"? He said that "simple rules [can stop] more than 78% of all viruses". Why not use a round figure, such as 75%, or 80%?
A specific figure suggests he has solid data on which to base his claim. The success of social engineering techniques in spreading malicious code during the past five years has made it clear that any security strategy based on users doing the right thing is inadequate.
Consider the "simple rules": only accept executable code or password-protected files from people you know and are expecting it from. These rules offer no protection from threats that use system exploits with no user action required, and no protection from the malicious code that runs when a user reads an HTML e-mail with embedded script. They also offer no protection from the exploit that allows malicious code to run from "non-executable" files.
Policies, procedures or user education have a part to play, but not on their own. I do not think anti-virus technologies are perfect, but I do not believe a better way has been found.
David Emm, senior technology consultant, Kaspersky Lab
Logistical problems foreseen for ID capture
There have been many discussions about the storage of ID card information and the capability of the recognition systems, but I have not seen anything about the logistics of the initial capture of the information.
Recent articles have explained that the government will be taking three biometrics at the registration stage: iris, fingerprint and facial recognition.
The taking of these biometrics will require specialised equipment, unlike just taking a photo for a passport or driving licence. These will require "registration centres" to be established.
The government must create enough centres open at the right times of day to deal with the volumes without massive queues and ensure the authenticity of the person being registered. Remember the golden IT rule - garbage in, garbage out.
What will happen to ID card information?
The ID card, if David Blunkett gets his way, will be ubiquitous. I can envisage all kinds of purposes currently not included being added to the card's list of features.
Already the government has cancelled the citizenship database, agreeing there would be duplication of data. But what about the proposed NHS card? What about all the other cards we possess? Why would a bank or building society spend costly advertising to persuade us to sign up for one of their cards when the most secure, unique and universal form of identification, government-run, is in our wallets already?
All they need do is offer to supply the government with certain information about our shopping habits, "carefully screened" naturally, and the government will welcome the freebies of an extra intrusion into our lives.
Think of all the aspects of our life that could be controlled. Parking is an obvious one - just swipe the card and you are in - but the government can now track your movements throughout the day.
If ID cards are not used to carry out mass surveillance of the population, how will they help to stop crime or terrorism? The card will not bring any benefits simply by being in existence. It is what the authorities then do with the card that will assist their enquiries, and the only way that can happen is for the public to constantly have to produce the card. The government computers can note that event and act upon the co-ordinated information gathered over time.
And imagine the havoc a would-be terrorist could wreak if the Whitehall computers stopped working. We are only a week from the last government-inspired IT fiasco with the Child Support Agency.
The UK Plc IT systems that have already failed are legion,but tiny in comparison with the ID cards database. One minor glitch could have thousands of citizens unable to withdraw cash, go to the doctor or travel anywhere.
Don't let staff run away with company secrets
Arif Mohamed made an important point in his article on employee monitoring (Computer Weekly, 23 November).
The greatest threat to an organisation is its staff. The article highlighted the need to monitor web and e-mail activity because of the impact they have on employee productivity and the need to protect workers from offensive content. But the article did not mention potentially the most serious concern of organisations today - the leakage of confidential information via e-mail.
Most organisations fail to recognise that almost all their confidential information sits in electronic format with up to half of it stored within their e-mail systems. We know that 84% of all confidential data loss is generated by an organisation's internal staff. At the click of a button, an employee can destroy a company's reputation by accidentally or even intentionally leaking confidential information.
The article emphasised the role of technology in monitoring employee activity, but is in danger of encouraging over-dependence on any IT product.
Filtering technology will enable organisations to customise and define sensitive content in line with their business needs and thus prevent confidential data leakage. But technology alone will leave a company with only rudimentary security protection and without legal recourse if inappropriate activity is discovered.
It is vital that organisations implement a comprehensive security strategy. They must have an acceptable use policy that clearly outlines how employees should use e-mail and the internet in the workplace. This must then be properly communicated to all staff, along with what disciplinary action will be taken if a breach occurs. Enforcement of the policy and monitoring of how IT resources are used can be implemented to prevent unsolicited activity.
Steve Purdham, chief executive, SurfControl
Let's start a recruitment campaign for older ITers
Like others over 40, when I have sent my CV out from time to time I have experienced the inability of agencies to contemplate forwarding my name to companies. I know it is simply an age issue because I tried an experiment - I sent out my same CV falsifying an age of 25, and guess what? I got lots of agencies calling me back.
As an employer, I have seen the same problem from the other side - agencies will by default only send me the CVs of people under 45. I have to ask to see the CVs of those that are older.
Clearly all us "old crumblies" know we have much to offer and, not surprisingly, some of us are becoming frustrated by the way many recruitment agencies work.
Different people will have different opinions and ideas on how to change this, so perhaps it is time to set up a group dedicated to sharing information between people and organisations interested in improving recruitment for those over 40.
Feel free to e-mail me at firstname.lastname@example.org, so we can discuss this.
This was first published in December 2004