Your shout: The legality of bounced virus warnings

In response to Terry Davies' comments (Letters, 30 March) that returned virus alert e-mails are breaching the Data Protection Act


Have your say at





The legality of bounced virus warnings

In response to Terry Davies' comments (Letters, 30 March) that returned virus alert e-mails are breaching the Data Protection Act

I hope that the comments about the legality of bounced virus warnings were more tongue-in-cheek than a serious criticism. I am concerned that this sort of pedantry with regard to the Data Protection Act is indicative of the attitude that led to data on Ian Huntley being deleted, with the disastrous consequences we are familiar with.

The Data Protection Act is there to facilitate the protection of people and restrict the misuse of personal information that is held about them.

Simon Mallett

Regarding Terry Davies' letter voicing his idea about making sites that bounce virus messages to the spoofed sender's address liable to spam and Data Protection Act laws, I have another thought. Why not treat sites that persist in sending such warning messages the same way we treat open mail relays?

If organisations such as Maps, for instance, kept a similar database of sites that forwarded false warnings like these, we would soon see this annoyance greatly reduced, if not stopped altogether. Any site on the blacklist would find its ability to send e-mail greatly hampered until it resolved its notification process, giving them a stronger incentive to put their house in order.

Bill Hart, senior project analyst, Institute of Directors

The distinction between different titles

I have noticed many job descriptions in Computer Weekly involving an information or systems "architect".

It may be a pedantic point to make, but as a chartered architect employed as an IT manager, I feel it is my duty to point out the legal status of the word. I toiled for seven years at college on ever-decreasing grants to now enjoy the title of architect. It is protected in law in the same way the title doctor is. It is technically illegal for anyone other than an ARB-registered architect to call themselves such.

Admittedly, this was originally to prevent unqualified building designers kidding potential clients of their pedigree, but I find it interesting to see its substitution in the place of the word "designer" as applied to the IT industry. Is it because the people describing themselves as such feel it is a good parallel with the function of a traditional architect?

Maybe it sounds better, but I would suggest that many people may be unaware of the official line. I am not proposing the practice stops as the two jobs function in different spheres, so there is no danger of confusion.

Richard Wallis, group IT manager, Lewis & Hickey

The Microsoft/Linux EU decision

I for one was pleased with the EU's decision to fine Microsoft following an antitrust hearing.

Faced with Microsoft's dominance of the PC market, a worldwide community of software engineers, supporting Linux, have created a truly excellent operating system, desktops and applications that are a serious threat to Microsoft's future business.

My company has now moved over to Linux, using the latest hardware, dual-screen configured, and has less problems than with Microsoft.

As an engineer with more than 20 years' experience of software engineering and eight years' of Windows, all I can say is what a miracle the Linux-based operating systems are.

I hope that you, on your part, support the EU in its decision. We all need an equal playing field, because without it, innovation will be stifled by commercial interests.

Robin Colclough, chief executive, Sentel-AVC

Firewalls can hinder effective working

Further to complaints of excessive e-mail filtering (Letters, 30 March), sometimes firewall administrators can cause more harm than benefit to a business because of over-zealous filtering based on content.

Until recently I worked as a software developer for a major UK company, where I needed to access a technical support web page for some third party software we were using. The corporate filter prevented this on the basis of "unsuitable content". A whole day was lost in project development until I got home and could look up the web page from there. I could not find out what word or phrase the firewall was objecting to.

Again, as a software developer it is often necessary to send or receive .exe files via e-mail. The corporate firewall administrators made this impossible and provided no alternative means, nor would they put special permissions in place.

This meant our department could not do its job. I wrote a tunnelling program that could send and receive anything through the firewall. Problem solved? It certainly became the software department's most closely guarded secret.

Firewall administrators need to work with all departments and try not to impose blanket solutions on users.

David Townsend, director, Avisoft

Slow the transition and costs to convergence

It is not surprising that convergence was one of the main themes at this year's CeBIT show (Computer Weekly, 16 March). The reality of voice and data convergence has come to the fore, fuelled by the decreasing cost of network capacity.

However, many organisations keen to leverage the benefits of IP telephony are being put off because they are led to believe that widespread infrastructure change (and therefore significant investment) is required prior to any deployment, irrespective of how far they wish to go towards a fully converged model.

This is simply not true. There are a number of highly effective, cost reducing, halfway houses. In many situations, a hybrid IP solution is best suited to meet current and future requirements.

The best hybrid approach enables an organisation to be 100% native (peer-to-peer) IP at one end of the spectrum, 100% traditional (TDM) telephony at the other end of the spectrum, and any combination in between.

This gives an organisation the freedom to choose how quickly it wants to adopt the latest technology, enabling a cost-effective migratory strategy for convergence, while ensuring a future-proof system.

There is no doubt there is still a need to evangelise the benefits of converged networking. However, the speed at which the transition takes place from separate voice and data networks to a converged network is not the be all and end all.

Chris de Silva, managing director, Philips Business Communications

IT directors could do more to prevent viruses

Last week it was reported that 30% of organisations suffered a serious virus outbreak last year, double the 2002 figure, and that the disaster recovery costs for each disaster were £55,000. Not surprisingly, this sent a shiver through the IT community.

But should we be surprised when so few IT managers are taking the right precautions? Cumbersome "de-install" procedures mean most IT managers continue to rely on anti-virus products that have less than a 100% success rate for "in the wild" testing, slow scanning rates and do not use the most up-to-date heuristic technology. Isn't that just asking for trouble?

Paul Brook, Aspect Systems

Outsourcing could make IT blind to its systems

Julia Vowler's piece on outsourcing (Computer Weekly, 23 March) was the most interesting article I have read on the subject for a long time. But I worry that in following the strategies from the interviews in the article (and I don't doubt they are sensible strategies for those outsourcing), companies could find themselves losing control of their destinies.

One problem lies in the knowledge of technology and its use. One interviewee said companies should retain "just enough technical skills to understand what the outsourcer is bringing and what technology could be useful".

I struggle to see how a company can judge what technology could be useful if it has little technical involvement in its systems, and hence little idea of the technical strengths and weaknesses of the arguments.

I can see how that knowledge will be in place at the start of the outsourcing contract but, as time passes, surely that expertise will wither away, leaving an uniformed buyer unable to make decisions.

Iain Smith, director, Diaz Research

Mobile working leaves corporates exposed

With many employees being encouraged to work remotely, either at home or on the road, a significant amount of company information is being stored locally on laptops and PCs. This quickly becomes a business continuity issue for firms that do not religiously back-up their employee's personal computers as they would their shared company files.

If a PC gets lost or stolen, or if the data on a large-scale project becomes corrupted, the potential cost to the business from just one laptop could be enormous.

Back-ups require human diligence, which is flawed. Back-ups also do not address data accessibility across teams.

What is needed is an automated, reliable mechanism for the data generated outside of the office so that it cannot be abused or circumvented; a mechanism that collates the information centrally without limiting the flexibility of the remote user.

As such technology is available, it is surely an unacceptable risk for firms to allow employees to use personal machines which are not in some way centrally connected to the company database. Apart from the obvious benefits of shared information, working in this way will ultimately be safer for all.

Les Paul, managing director, Datum Consulting

Read more on IT risk management