PraxIS February 2005

_______________________________________________________

Welcome to PraxIS

Check out my SCANXLS spreadsheet and tell your audit and accounting friends about it - it's a great way to get a handle on the prevalence of spreadsheet use in an organisation!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Microsoft AntiSpyware free beta

Microsoft have released a beta of an AntiSpyware tool at

http://www.microsoft.com/athome/security/spyware/software/default.mspx

It found some residual traces on a PC I tried it on. It also reported a number of cookies that I'm not too concerned about but will look at when I have time.

You can also try the ZoneLabs product at

http://download.zonelabs.com/bin/promotions/spywaredetector/offer_sk.html

Eric Howes, an instructor at the University of Illinois, has done some statistical research to show that "nearly every anti-adware application on the market catches less than half of the bad stuff." If you use multiple anti-malware tools each can catch what others miss. His test results show that Microsoft's AntiSpyware is the current best of the bunch in antispyware tools. Brian Livingston's report on Howes' work appeared in the Windows Secrets newsletter: http://windowssecrets.com/050127/ 

_______________________________________________________

Book: "Degunking Your Email, Spam, and Viruses" 

http://sysmod.com/az.php?a=193211193X&b=Degunking_Your_Email by Jeff Duntemann, 2004.

This was reviewed by Rob Slade in BKDYESAV.RVW 20041205 who was quite impressed that Duntemann had, in fact, carefully selected those tasks that would give the most protective value for what to do about email and viruses if you had limited amounts of time. He concludes "The book ... is written at a level that any intermediate user, and many intelligent novices can use directly without further experimentation. "

_______________________________________________________

Spam or scam from Invitation.sms.ac

If you get this mail, especially if it appears to be from me, delete it or report it to SpamCop. Apparently how it works is that people pay for mobile calls received:
http://blogs.linux.ie/djmagra/2004/12/07/smsac-spam-scam/
There's another report on http://www.ripoffreport.com  that you might wish to look for, it's rather too litigious for me to post here!

_______________________________________________________

Book: "Open Source Security Tools"

http://sysmod.com/az.php?a=0321194438&b=OS_Security_Tools by Tony Howlett, 2005.

Rob Slade's Review: BKOPSOST.RVW 20041203

The book is intended primarily for systems administrators responsible for for network security. It covers TCP/IP and filtering, port scanning, vulnerability scanners, network sniffers, tools to analyse audit logs, encryption tools, wireless tools, forensic tools, and all the software is included on the CD.

____________________________________________________________
____________________________________________________________   

2) Software Quality

Bug collection

I came across Bruce Tognazzini's collection of "well-known" bugs, more than 130 already!

http://asktog.com/Bughouse/index.html

This was a fairly startling one:
http://asktog.com/Bughouse/10MostWantedDesignBugs.html
"November 4, 2004: Air Force pilot, Maj. Roberto Balzano, his F-16 jet fighter lined up on the training school below, squeezed the trigger, strafing the facility with 27 rounds of 20mm ammunition, sending 8 of the deadly 2-inch slugs crashing through the roof to wreak havoc within. Another terrorist training camp wiped from the face of the earth? Not exactly. The target he struck was the Little Egg Harbor Township Intermediate School in New Jersey. The only reason no one was killed was that the pilot's night time training mission took place while the kids were home, tucked into bed. Maj. Balzano not only believed his weapons were aimed at a target several miles away on the Air Force practice range, he had no intentions of firing his weapons. Both the hardware and software design of the weapons system contributed to the error. The process under which they were designed likely led to it."

_______________________________________________________

Yahoo Desktop Search (YDS)

http://desktop.yahoo.com/

I've downloaded and tried this and it looks pretty good, better than the previous ones I tested: MSN Desktop Search in Jan 2005, Google Desktop Search in Nov 2004, Copernic Desktop Search and Blinx in Sep 2004.

http://www.pcmag.com/article2/0,1759,1749966,00.asp  PC Magazine's review of YDS Jan 11, 2005 pointed out that "The main X1 features not present in YDS are support for Eudora and Mozilla e-mail clients".

I can indeed add .MBX files to the index, and it will list the files in the search results, but it does not jump to the first found string as it does with other (maybe smaller?) files. I still like Wilbur because it has a collapsed-display mode that shows just the lines in a file that contains the search matches. YDS may improve some more.

____________________________________________________________
____________________________________________________________

3) Europe

EU to equip parents with internet safety tools

http://www.dmeurope.com/default.asp?ArticleID=4901 
"The EU Telecommunications Council has agreed on the Safer Internet Plus programme, which aims to empower parents and teachers with internet safety tools. The four-year programme (2005­08), proposed by the European Commission in March, will have a budget of €45m to combat illegal and harmful internet content. The new programme also covers other media, such as videos, and explicitly addresses the fight against racism, and also spam. It is to focus more closely on end users: parents, educators and children. "

_______________________________________________________

UK Draft Managed Transition Plan

This was published for consultation in January 2005

http://www.euro.gov.uk/managed_transition.asp  "The UK’s preferred phased approach or “Managed Transition” to any possible future UK changeover to the euro was published in the third outline National Changeover Plan on 9 June 2003. The Euro Preparations Unit invites comments on this working draft from all interested parties by 25 March 2005."

_______________________________________________________

Eurobarometer survey: "The Euro, 3 years later"

The European Commission have just published a new Flash Eurobarometer survey : "The euro, 3 years later."

The last survey was conducted in November 2003 (Flash 153) http://europa.eu.int/comm/public_opinion/flash/fl153_en.pdf

It covers:
- The practical aspects of the single currency
- Future expectations for the euro
- Circulation of the euro outside the euro zone
- The social and economic consequences stemming from the euro
- The euro in the world and the public’s perception
- Public opinion and current economic events

This survey telephoned approximately 1000 respondents in each country.
"Difficulties encountered: The rate of respondents, who declare having a lot of difficulty with the euro, has risen by two percentage points (16%) compared to results one year ago (14%). Citizens in Ireland continue to have the highest rate of persons who have no difficulty at all with the euro (78% in 2004 compared to 76% in 2003). It is slightly alarming to observe that, in Italy, the rate of respondents who have a lot of difficulties with the euro has risen since last year, passing from 29% in 2003 to 35% in 2004."

_______________________________________________________

EU Eighth Directive on statutory audit

http://europa.eu.int/comm/internal_market/auditing/officialdocs_en.htm
http://europa.eu.int/eur-lex/en/com/pdf/2004/com2004_0177en01.pdf (Text of directive)

We're still some way away from SOX-style legislation in Europe. I found these comments on this directive:

http://www.accountingnet.ie/content/publish/article_505.shtml 
Roger Adams, Technical Director, ACCA, said: "While ACCA believes that, overall, the Commission's proposals properly reflect post-Sarbanes-Oxley and Parmalat concerns, we recognise that it would only take one more Parmalat for the whole principles-based approach to audit, oversight, ethics and the education of the accountancy profession to fall into disrepute. Parmalat has clearly made Europe move much closer to the US 'rules-based' culture enshrined in Sarbanes-Oxley. Auditors and regulators must be fully aware of this and seek at all times to be seen to be engaging in best practice. The important thing is to get the regulatory balance correct across the whole of the newly- expanded European Union".

http://www.infoconomy.com/pages/politics-management/group99804.adp  Audit crackdown
"Claims that the European Union is preparing its own Sarbanes Oxley, should be treated with scepticism. But to suggest that the eighth directive amounts to a European Sarbanes-Oxley is certainly well wide of the mark. Furthermore, vendors are unlikely to be plausibly able to make the same kind of song and dance over it as they have of the US corporate governance legislation. "

IT managers are not worried, anyway:

http://www.vnunet.com/news/1160554 
"The poll of 400 European chief information officers, chief technology officers and IT directors revealed that 94 per cent recognise that they are increasingly accountable for ensuring that IT applications meet regulatory compliance demands. But 72 per cent describe their attitude as 'not at all concerned', or 'not very concerned' about being held personally responsible for non-compliance."

_______________________________________________________

EU couldn't make it up (straight bananas etc)

Seen in the Guardian :
http://www.guardian.co.uk/g2/story/0,3604,1393292,00.html
From straight bananas to banned doggie bones, ridiculous Euro-rules are a newspaper staple. But now Brussels has launched a website to tell its side of the story.

http://europa.eu.int/comm/dgs/press_communication/facts/index_en.htm

"The stories can make entertaining reading, but many people believe them and often come away with a picture of the EU as a bunch of mad 'eurocrats'. These pages take some of those stories and set the record straight – sadly, we cannot keep track of them all. "

____________________________________________________________
____________________________________________________________

4) Spreadsheets

Eusprig's stories of embarrassing spreadsheet moments

http://www.eusprig.org/stories.htm

I edit this collection of spreadsheet horror stories which have now reached 65:

65) "Mistakes happen during budget planning": US$70M

64) NASA misstated by $644M: undetected spreadsheet errors in "ad hoc" process

_______________________________________________________

ScanXLS spreads in the marketplace

My handy spreadsheet to collect inventory data on spreadsheet files & links is selling steadily. I have kept the price at €39.95 for this month.

What it does

It scans any given directory and below and obtains a list of all the .XLS files. You then select some or all of these, and it opens each one in turn read-only and reports on some file properties, attributes, the presence of unusual features or settings that may represent a risk or are prone to human error, Excel's error checking summaries, a list of other workbooks that it depends on through links, and a scoring on how 'problematic' it might be. SCANXLS can also compare two workbooks to check whether their formulas and/or values are identical.

SCANXLS 2.32 is the February 2005 version. It has been enhanced from the 2004 version by including more information on Excel's settings, and on whether linked files exist.

1. Read me first
2. Excel - checks for settings in Excel itself that you should be aware of
3. SCANXLS - scan settings and results
4. Passwords - to automatically open workbooks if desired
5. Links - a table to help track dependencies among multiple files
6. WBCompare - a WorkBook Comparison utility to check whether a workbook is the same structurally (i.e. has the same formulas and lines of code) as a reference validated workbook.

Reagan Lee, Business Systems Consultant, says "ScanXLS is an invaluable and indispensable tool for anyone working with Excel spreadsheets. It gives you the insight you need to assess your risk and bring your files under control. If you use external links, you will definitely need ScanXLS to lay out your files' inter-dependencies. It's like having a super-robot performing the work of an army of auditors and accountants."  

For more details and to order, visit http://www.sysmod.com/scanxls.htm

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Haugesund to Trondheim, the scenic route ;-)

I saw this on the Risks Digest recently, and apparently it is still doing this:

1. Go to http://mappoint.msn.com/DirectionsFind.aspx 
2. In the Start section, select "Norway" from the listbox and enter "Haugesund" into the "City" field
3. In the End section, select "Norway" from the listbox and enter "Trondheim" into the "City" field
4. Click on "Get Directions"

Interestingly, inverting the cities in the request produces "less spectacular" results.

What was fundamentally the same service (Microsoft Expedia Maps, now called MSN MapPoint) figured in article in RISKs 20.62, more than five years ago.

_______________________________________________________

How To Sleep in an Airport

I found this in http://www.researchbuzz.org/how_to_sleep_in_an_airport_.shtml

"You've made your reservations, you've turned up on  time, you've taken your shoes off when the nice
security people asked you to, you've provided your id, your ticket, and a sample of skin off the back
of your neck -- are you home free for your airplane trip? Of course not! You may get held up."
http://www.sleepinginairports.net/

I had to check out Dublin and was surprised to find so many positive reports!
http://www.sleepinginairports.net/europe/dublin.htm
 

_______________________________________________________
_______________________________________________________

Copyright 2005 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________