Small-Biz Security: Monkey in the Middle

By Larry Seltzer  |  Posted 2003-04-13 Print this article Print

In security (like so many other technologies), small network owners get stuck without a ball to play with, writes Security Supersite Editor Larry Seltzer. What should they do to protect themselves?

Ive written a lot about technology for small businesses; if theres one thing Ive learned, its that they get no respect from the industry. Security is yet another market area where no shortage of vendors serves the consumer market, where theyre tripping all over each other to get a piece of the enterprise market, but where few vendors seem to want to deal with small business.

Looking over the agenda for this weeks RSA conference in San Francisco, I dont have high hopes that this situation will change any time soon.

Perhaps this is a sound business decision; enterprises are being cheap enough with their budgets these days, and small businesses always have been. Good luck prying any reasonable dough out of them for products they very likely dont understand to account for risks that must seem bizarre and remote. And maybe that, too, is a sound business decision; are Latvian crackers really breaking into my insurance agents four-man office network? They could be, but that doesnt mean they are or that it makes good sense for me to take measures sufficient to repel them.

But lets assume youre a small business and you do want to be reasonably up-to-date in your computer security. You would likely find products that are geared, both in price and complexity, either to standalone computers or to large managed networks with sophisticated IT staffs. (There is a third class of users: techies who are sophisticated enough to run Snort and Honeyd on the networks in their dorm rooms. Im not talking about them, Im talking about real people.)

In a sense the ideal solution for small business is in these same open-source security products, but there are lots of problems. The most important one is that there is no good "free" antivirus solution (neither "free" as in speech nor beer) for Windows users. (There is Grisofts AVG 6.0 Free Edition, which I reviewed about a year ago, but its only worth recommending to people who are dead-set against spending a penny on software.) The real problem with AVG is the real problem with a lot of the rest of the business: Once you switch over to the network-based protection a business needs once it gets a serious network, cost and complexity go up.

Antivirus is the most important type of protection for small businesses and consumers. It covers the security threats that real people are most likely to encounter. But once youve covered that base, especially if you have a network and a broadband connection, its time for a firewall, and these are almost certainly beyond the ability of most small business users to administer themselves. Ive always liked Winproxy by Ositis Software, which I recently reviewed in PC Magazine, but it too could do a better job.

The real answer for small business people, no matter what software they use, is to find an honest and competent consultant to help—a consultant who will take the time to assess needs and explain the software to the customer, who will be available for help in case there is an incident requiring some immediate response, one who will even check in every now and then just to see if things are going smoothly. Maybe you can see why Im concerned about small business.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel