Taking a serious approach to mobile usage in hospitals

Most hospitals in the country discourage the use of mobile phones in the wards as they believed to interfere with medical equipment used to monitor patients. A total ban, however, has never been carried out, while it was prohibited in other countries. Although some of these countries have relaxed this ban due to pressure from doctors & patients, a new research undertaken by Dutch scientists indicates the need to revert to the old ways and for our hospitals to be more firm on this issue. Researchers found that mobile phone signals can interfere with medical equipment more than 2.8 metres away. A signal from a mobile phone switched off an automatic pump used to deliver life-saving medicines, interfered with a heart monitor & confused an external pacemaker.

Although most of the effects were seen when the phones were within one metre of the equipment, the study also revealed that mobile phones were capable of switching off or affecting life-saving equipment from a distance of 3 metres. The risk to certain life-saving devices was great enough to justify a ban. However, unlike a ban on smoking in hospitals, it will be tough to enforce a ban on mobile phone usage in our hospitals based on 2 factors. Firstly, the widespread usage of mobile phones in the country, & secondly, is the convenience it accords for healthcare workers & patients. Almost everyone owns a mobile phone & carry it wherever they go. We use it without giving much thought about the surroundings. At petrol stations too, some people continue to use it, ignoring the risk of causing an explosion.

For doctors, instead of depending on pages, the mobile phone has made it easier for them to be contacted. And for patients, a mobile phone is a necessary to keep in touch with family & friends while they recuperate in hospitals. Over the years, similar studies have been undertaken & revealed that mobile phone signals could confuse life-saving electronics. However, we have taken a lackadaisical attitude on this matter, arguing that there is no convenience overrules all other matters. However, considering the latest study & the possibility of killing patients yne the process, we should take a serious approach on mobile phone usage in hospitals.

Reducing risks by zeroing on mission-critical areas

Too often, companies focus strictly on technology rather than taking necessary steps to lock down the IT environment in a crisis. Companies need to business processes, procedures and workflow to be in a better position to meet its IT security needs. Everybody has a different threshold of pain. Recognising your company's 'threshold of pain' is an important part of your security strategy because it forces you to identify the areas that are mission-critical to your business.

Identify physical assets

The first step is to identify your company's IT assets, including physical assets such as notebook computers & portable storage devices. Once you know what you have & what you need to protect, you can recommend appropriate solutions & processes, including systems and network configurations, patch management, and hardware & software upgrade paths.

Assess your business processes

Next, analyse your business processes with security in mind. An upfront assessment of core processes goes a long way toward identifying weaknesses & potential failure points. By making this procedure mandatory, it's possible to eliminate days, weeks or months of unauthorised access.

Rank your security needs by importance

After you have finished your business process analysis and made any necessary changes, it's time to prioritise security needs. A basic numerical rating system that ranges from 1 to 3 (low, medium & high) should provide a starting point to determine which systems & assets are most important.

Tips on developing effective plans

Focus on events, not timelines. Although it's often wise to develop a detailed 1, 2-, or 5-year plan for IT security, know that security is a moving target. New technologies & new threats are constantly emerging.

Define security responsibilities across the organisation. Embed them in job descriptions to make security management real. Outline a series of steps to follow during a security incident. This can help prevent employees from panicking in the heat of the moment. After any incident, discuss what worked & what didn't.

Develop a security approach that's flexible but enforceable. You don't wan't to prevent people from doing their work & you don't want to undermine productivity. Striking a balance between practicality & security is a delicate matter, especially as organisations become larger and their IT infrastructure becomes more complex.

Finally, monitor systems and log files on a regular basis. This helps to identify potential problems & respond to changes quickly & efficiently. Use a comprehensive IT security solution to obtain a dashboard view your entire infrastructure from desktops, to the network & servers.

Recovering from a virus attack

Computer viruses are small programs that are specifically written to alter the way a computer operates, without the permission or knowledge of the user. To classify as a virus, it must meet 2 criteria:

1) it must execute itself, and it will often place its own code in the path of execution of another program; and
2) it must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. If your business has suffred a virus attack & your network has been compromised, you'll need to act fast in order to prevent the virus from spreading to other computers on your network. Here are some recommendations on how to quickly get your business backp up & running again:

- Disconnect & isolate

If you suspect one of your computers has suffered a virus attack, immediately quarantine the computer by physically disconnecting it, as infected machines pose a danger to all of the other computers connected to the network. If you suspect other computers may be infected as well, even if they aren't displaying any symptoms, still treat them like they are, as it's counter-productive to clean one machine while an infected computer is still connected to the network.

- Focus on the clean up

Once you have physically disconnected the computer, you'll need to then focus on removing the malicious code. Use virus removal tools that are written for the specific virus that's causing the damage. Many of these tools can be found on the Internet. In addition, your anti-virus software should have updates or patches available for the specific security threat.

- Reinstall your operating system

After a virus attack, damages may range from changed filenames to obliterated files to permanently disabled software applications. the extent of damage depends on the particular virus. If your operating system (OS) is completely destroyed, you'll need to reinstall your OS by using the quick restore CD that came with your computer. This will restore your computer to its original configuration, meaning that you'll lose any applications you may have installed or data files you may have saved. So, before you begin the reinstallation process, make sure you have all the necessary information handy (for example, the original software, licences, registration, & serial numbers).

- Restore your data

This is assuming that you have been diligent about backing up your files. If you haven't been doing a regular backup of all of the data & files on our computer's hard drive, your files will most likely be permanently lost. If this is the case, learn from your mistake and make sure to back up on a regular, ongoing basis from now on. And keep in mind not all viruses target data files. Some attack only applications.


- Scan for viruses

After restoring & reinstalling, subject your network to a thorough virus scan. Use the most recent virus definitions available for your anti-virus software. Be careful not to overlook anything; scan all files & documents on all computers and servers on your network.

- Prevent future attacks

Run anti-virus software & keep virus definitions current. Make sure your security patches are up-to-date. And if you haven't been running anti-virus software, begin to immediately in order to prevent future attacks. Also, if you lost data files in the recent attack, create & enforce a regular backup schedule.

Moreover, change all of your passwords, including Internet service provider access password, file transfer protocol, e-mail, & Web site passwords. Some viruses can capture or crack passwords, leading to future vulnerabilities.

Above all, learn from your mistakes. If a virus penetrated your defences, consider changing or enhancing your current security patches. Ask yourself why your previous security measures weren't effective. Did you need a firewall? Were you lax about updating virus definitions & security patches? Did you download files without scanning first? Comb through, edit & reinforce your IT security policy, as you'll need to shore up the holes in your security practices. Prevention is always the best security policy.

Active programs at a glance

The Windows Task Manager can show you at a glance exactly which programs are running on your computer - including hidden programs or those that run at startup. There's a quick way to get to the Task Manager. Simply hold down the Ctrl and Shift keys, and tap the Esc key. Doing so will present you with the Processes tab of the Task Manager. From there, you can select a running application and click the End Process button to shut it down.

Activating your screensaver

In Windows, you can easily force your screensaver to activate more quickly. Right click your desktop. Select Properties from the pop-up menu. In the resulting dialogue box, click the Screen Saver tab. In the box next to "Wait", click the up or down arrow until the desired number of minutes is displayed.

Be wary of online health sites

With all the rain we got this past week, it is no suprise that clinics around town had a surge in business recently. Generally, this is because for most Malaysians, the family doctor is the first point of reference for any ailment; be it for minor, or serious ones. however, more and more people are heading to the Internet to get information about their health concerns. Some do this so that they can decide whether the discomfort they are feeling warrants a vsit to the doctor's. For some, the information is becoming a huge trend with cyberchondriacs trawling the Web soaring to about 160 million in 2006. A 37% rise over 2 years, according to market research, firm Harris Interactive. The firm says that cyberchondriacs now represent 84% of all online adults in the US, up from last year's 80%, and 72% in 2005.


But there are concerns that information from the Net are viewed as more than a source of reference for further discussions but rather as a means for self-diagnosis. An online report stated that the information can cause confussion & unnecessary alarm. More worryingly, surfers could also be fleeced by irresponsible parties. Apparently, there are hundreds of unscrupulous sites which exist purely to make money. The consultation, if any, is rather one-sided, and patients often don't know who they are talking to or what their motives are. They could even be victims of counterfeit medicine producers. Before Malaysians get to the level where the US cyberchondriacs are at, there is a need to educate Malaysians on the fact that not all viewed on the Internet is true. There is also a need to somehow verify the sites - whether they are actually authentic. Of course, there are millions of sites out there & that the authorities can't possibly screen all of them. But we can start with the relevant agency screening the sites residing in local servers.

Eudora reborn as open source

Eudora, a pioneering e-mail program named after author Eudora Welty, is rising from a technical grave as an open source program after owner Qualcomm Inc quit selling the product in May. Eudora routinely got strong reviews from computer magazines and had a loyal user base, but commercially it was overshadowed by software that Microsoft Corp included with new PCs, IBM's Lotus software & Web e-mail programs. Qualcomm donated Eudora to the open source community, which means that anybody is free to download and use it without paying for the product. Developers can also access the code, change it & share those changes. On August 31, the Mozilla Foundation started distributing a test open source version of Eudora, which was developed in the late 80s as one of the first e-mail programs by a student at the University of Illinois. Eudora is not yet promoting the product on its homepage, as it does its other titles, including its popular Mozilla Browser - a rival to Microsoft's Internet Explorer - and Thunderbird, another e-mail program. The new version of Eudora is being developed under the codename Penelope and is available on the Web at http://wiki.mozilla.org/Penelope. Mozilla has said it plans to develop both Eudora & Thunderbird. - Reuters

Beware of PDF spam

If you receive an e-mail message with only a PDF file attached, don't open it. PDF spam, as it's known, is just the latest gimmick that junk e-mail senders are using to get you to read their come-ons. These spammers use enticing subject lines to make you curious about what the PDF file contains. Typically, it contains the same stock tips, get-rich-quick schemes or miracle hair growth cures that spammers have sent for over a decade. - dpa

Protecting against Nuwar virus

The Nuwar virus has return, which was first discovered last year. Then, Nuwar propagated through mass e-mailed and attached executable files capable of transforming PCs into spam and infectious worm e-mail generators. The attached file, when run, dropped a downloader component onto the affected machine and planted copies of the mass e-mailer module. It then downloaded 4 other components which included a new downloader and a rootkit that hid the entire malware army. Nuwar was also known to create a zombie network that sent "pump and dump" spam. "Pump & dump" is a financial fraud that involves creating an artificial demand for stocks so that their prices rise. It's a scam that has proven profitable; as the stock prices reach their peak, the scammers sell their stocks and stop creating the artificial demand, and the stock prices naturally drop even faster than they rose.


Nuwar is clearly a social engineeering attack, and users are the primary targets. For consumers, they should scan their e-mail and instant message (IM) file attachments with security software, and only open attachments from known or expected sources. For enterprises, they need to implement a multi-layered approach that provides security at all possible entry points - including the Internet gateway, messaging gateway, endpoint clients, endpoint servers & the network. They must also keep all browser & instant messenger security patches up-to-date and educate employees about the symptoms of infection, and how to protect servers, computers and mobile devices.

'Bush' worm that dances into IM

Check out this animation of Bush, so says a message popping up in your MSN Messenger. If you click on the link that follows to see the US President letting his hair down, you will unwittingly invite a worm to do some fast-paced moves inside your computer. The worm Worm.Win32.VB.au spreads with the help of a message written in Spanish, which reads, "mira esta animacion de bush", coming from known and unknown contacts. Translated into English, it reads, "See this animation of Bush". After getting into a victim's computer, the worm quickly sends the malicious links to all contacts present. The instant messaging (IM) worm is written in Visual Basic (VB) language & has a size of 122,880 bytes. It creates a few registry entries so it gets executed every time the computer is started. The malware does not contain any dangerous payload in its present form. But similar methods can be employed by virus writers in poliferating more destructive worms or Trojan downloaders in a possible second wave of attacks. Users affected with Worm.Win32.VB.au can download and run MicroWorld's free anti-virus utility MWAV to clean their computers.

E-mail worm lures with a screensaver

The next time you get an e-mail with the subject line "Screensaver" carrying an attachment, watch out. The e-mail worm Conycspa.p is spreading with the help of spam mail that promises you a screensaver. Once a victim of this malware campaign downloads the attachment web.exe and tries to run it, the worm gets activated. The worm comes with downloader Trojan capabilities as it tries to log on to files and sends the malicious attachment to all stolen addressess. It smartly avoids e-mail IDs that contain strings like "Webmaster" and "support". At a time when malware writers are piggybacking on vulnerability exploits to sneak into computers and do all harm, the author of this worm comes from a rather old school of thought. He relies on exploiting the human vulnerability of impulsive curiosity. And the fact these kinds of worms are still managing to get some victims stresses on the need better user education in e-mail handling. If infected with Conycspa.p, you can download and run the free MWAV toolkit from MicroWorld Technologies.

Welcome...

This is my new blog.