On the increasing problem of spam
In response to Pete Simpson's opinion article about hackers using company servers to send spam (Computer Weekly, 12 October)
I am at a loss to understand why spam cannot be controlled.
All spam is ether selling an item or service and would not exist if they did not wish to sell more.
Why can't the supplier of the goods or services be fined vast amounts and the supply of the goods to them by the manufacturer be stopped?
It should not take a large concern like Microsoft to trace all the suppliers, stop them in their tracks and close their websites. If spam cannot lead you to a supplier, it is of no use to them. Spam would then just fade away.
Russell Ellis, Sidmouth, Devon
On the difficulty of reporting e-crime
I strongly suspect that I have recently been phished via an e-mail claiming to originate from my bank asking me to confirm my details.
I spotted the ruse partly because the information requested is a classic scam, and partly because I was not the addressee of the e-mail, but even more so because I do not do business with the bank over the internet.
My gripe at the moment is how should I report it? Who to? How?
There should be a simple way to pass things like this on to appropriate bodies, such as the police or the bank concerned.
A quick look revealed a lack of police presence on the internet, and the only way to contact the bank online appears to be as a potential customer for a product.
Their website mentions security, but only to tell you how good it is.
On the need to recycle old IT hardware
In response to the article "IT managers ignorant of EC PC recycling laws as deadline looms", (Computer Weekly, 12 October )
The survey reported that large businesses will find the cost of decommissioning painful, but it will hit home users and smaller businesses just as hard. Surely this is all the more reason to consider refurbishing old kit for resale.
One can only hope that the Waste Electrical and Electronic Equipment Directive will lead to wider availability of refurbished units in this country, which might contribute to increased access to computers and the internet for voluntary groups and poorer families. Whatever happened to Tony Blair's "a PC in every home" pledge?
On the race to meet compliance deadline
In response to the article "IT departments battle to hit new year financial standards deadline" (Computer Weekly, 12 October)
The biggest challenge facing financial organisations is to obtain a complete overview of all the information that they track in their accounting systems, which will be needed in order to meet all their regulatory compliance needs.
Products that can capture, manage, store and deliver a diverse range of documents and reports in any format are needed if the financial sector is to comply with the requirements of Basel 2, Sarbanes Oxley and the International Financial Reporting Standards.
Chief financial officers are under pressure to implement internal controls while keeping costs down to a minimum.
One problem is that companies still collect financial information from multiple systems and consolidate it into spreadsheets for planning, budgeting and reporting.
Total content management products can provide complete auditing and balancing systems that would enable companies to meet their regulatory requirements.
Don't bleat about a self inflicted skills shortage
Your article about skills shortages (Computer Weekly, 5 October) really hit the nail on the head and re-confirmed my experience of the blinkered shortsightedness of the IT industry as regards the skills/age question.
I was made redundant in 2003 at the age of 50 and have struggled to get back into the market ever since. I have applied for more than 200 jobs since then - all of which I believed myself to be perfectly suitable for - but all I have managed was a three-month contract. I am convinced ageism is alive and well in the IT industry and this was partly confirmed for me when I was constantly referred to as "grandad" during my short contract.
I have little sympathy for IT departments, either in large companies or in software houses, when they bleat about so-called skills shortages and then almost in the same strategic boardroom breath offer redundancy terms or early retirement options to anyone over 50 in the most intimidating manner possible.
The over 50s are becoming the biggest demographic group in the country and one third of them are economically inactive but actively seeking work. Many of my redundant colleagues are extremely talented, with a desire to retrain and adapt, but they are not being given the chance due to mindless myopia and blind prejudice on the part of IT departments. It should be giving me smug satisfaction to watch them squirm and suffer but it just makes me depressed to see even more jobs disappearing offshore.
Beware, ageism starts earlier than you think
Ageism in the IT industry does not just apply to the over-40s and over-50s. Try looking at the over 30s too. I have felt it myself.
Once into your early 30s you had better have a good deal of experience and skills to get a job. Managers realise the work is long, often unsociable hours. Men past 30 tend to have children or at least are starting a family. The last thing managers need is an overstretched workforce that has to cover paternity leave, or when a parent has to look after a sick child, attend parent evenings and school plays.
The father will either have to, or want to leave on time to see his children, lest he suddenly realise they are teenagers and disappearing off with their mates.
So if you are going to be employed after 30 with a new company you had better be on top of your game and know the system inside out, so you can instruct the 20-somethings about what to do in the evening shift.
Make IT teaching more interesting and relevant
It does not surprise me that young people are shunning a career in IT. They are deterred by many of the technology courses on offer, which are dull, theoretical and are not equipping students with the practical skills which they need for a real job.
School and university courses need to be more applicable to employers. This will ensure that students see the benefit of education that is more interesting and boosts employment chances.
A number of forward-thinking establishments are already including US-based industry association Comptia's IT certifications as part of their curriculum at either GCSE, A-level or degree level. This allows school leavers and/or graduates to walk away with both the qualification and the industry certifications that employers are looking for, as well as ensuring that they have a passion for IT from an early age.
Robert Chapman, co-founder, The Training Camp
Put people back into the security equation
Am I the only person who thinks that IT security is not being addressed sensibly?
It is all very well putting in firewalls, monitors and so on, but normally there is a core chunk that needs to be protected and rarely changes. It might be data, applications or system software.
Do not fix the symptom, fix the problem. On disc drives is a read/write line, (in Sata/SCSI it is inside the drive, in ATA drives it comes out on the IDE lines) when it is low the disc can be written to. By holding this high it is protected. So, add a physical switch to hold this high and protect your most valuable asset.
Another disc holds data (hopefully not code and is not executed) and temporary files. This is where things are put before being validated by a person and, if OK, they can then transferred to the safe drive. This allows customers to put details in, produce invoices and so on, so functionality is not lost.
To update system software, I check it for authenticity, download from the trusted site, take the server offline, flip the switch to update, then flip it back again.
Is this so hard to understand? What is worse: stopping it dead with a system that requires a simple operation and fairly cheap but experienced human operator; or adding layer upon layer of protection, employing expensive consultants, slowing response for everyone and making the system more fragile?
I know this does not deal with programs/viruses in memory, but it eliminates the expensive clean-up operation with a reboot. Just like macros, the default should be to query whether something is acceptable to run, not just assume that it is. Virtualisation is the next step up from here.
It is time to take instant messaging risk seriously
More needs to be done about instant messaging threats than simply talking about security - a whole culture shift within organisations needs to take place.
Part of the problem is that many people do not understand the full functionality of instant messaging applications. In light of the legal requirement for organisations to store messages, it is not a case of simply installing a firewall and thinking you are safe. Organisations need to treat instant messaging like any other application and ensure that it is monitored and managed properly.
More needs to be done to address the security threats. Paying lip-service to this is not enough. Unless this is hammered home and the management of this type of application is taken seriously, many organisations could soon be in a lot of trouble.
Chris Dunne, technology manager, Compuware