Security policy


Related Topics



As we state every chance we get, H2OfficeSolutions is not a secure product.  H2OS does offer password protection to start the program and gain access to it's database, but this feature can be hacked by a knowledgeable person with very little effort.


Consequently we require, as a condition of enrollment with our software maintenance plan that you acknowledge and accept full responsibility for the security of your computer systems, including your environment, hardware, the Windows operating system, and all  of the software products installed on your computers, including H2OfficeSolutions.


We trust you'll understand that our position is logical and necessary. Each software product you use can't have it's own security system with all the trappings, moreover neither would you want this. Security is an installation wide responsibility and cannot be the providence of one - or each of - you installed software products. Indeed, imagine if all of the software products you use provided comprehensive security controls and how you'd have to deal with the learning curves, administration and resolving conflicts in definitions and features


On the matter of security we advise our customers to think globally, in installation wide terms. Depending on your needs you may desire to install security related hardware such as cameras, ID cards, locked doors, etc. to protect your physical hardware and wiring, and software controls that focus on your complete system, regardless of the number and variety of computers and software products installed


For our internal use, we utilize one security product: Microsoft Security Essentials. We chose this approach because we believe software security properly belongs at the operating system level. In the Windows environment the responsibility falls squarely with Microsoft, the creators of the Windows operating system. In the Apache/Linux/Internet environment it's quite a different matter because there is no single entity that owns or controls the Internet. Our primary focus is on our own installations' hardware, software and data. Again we trust (have to) Microsoft Security Essentials to defend our computers from any attempts that originate on the Internet.


H2OS interfaces with other programs, such as QuickBooks, UltraVNC, Excel, and Windows itself, but is not and cannot be responsible for the behaviour and security of these programs. You will need to direct questions, concerns and problems related to security with the vendors of these products. This is common sense because we have no access to the program source code (instructions) used in these products, thus we can't learn how it works, other then what we can observe, which may be a small piece.


For remote console operations we freely distribute software provided by UltraVNC to customers, prospects and other interested people with whom we wish to conduct screen sharing activities. This is permitted by UltraVNC because it is open-source software. We have been using VNC products (of which UltraVNC is one variation) for over a decade and have never had a security related issue. Before choosing UltraVNC, we read as much information as we could on the topic and this specific product, and concluded the UltraVNC product met all of our needs, the Single Click feature in particular.