Archive for February, 2009

h1

MFD (Copier) Firmware – Who updates it & how?

February 24, 2009

I have recently met with a number of security people and this question has come up a few times, so I thought that it was worth the time to address it here.

Who updates the firmware on my copier MFD? How can I be assured that it’s getting done?

Here is how we do it at my company. This may give you a starting point for a similar discussion for you to have with your servicing dealer.

“Copier” MFD – Firmware updates

NECS, Canon, and Konica Minolta have a number of policies and procedures in place to ensure that there is current firmware installed on the machines in the field (MIF).

1. NECS Technician all carry laptops not just because it makes it easier to have all of their Tech Manuals  in a searchable PDF format BUT also so they will always have the current firmware for the MFDs that they service. The way NECS accomplishes this is by requiring the Technicians (when they come into any of our offices) to logon to the company network with their laptop. When they do this a script runs that downloads any new firmware of technical bulletins that are available. This automates the process of making sure that the NECS technicians always have the current firmware and all current technical bulletins when they need it.

2. Canon & Konica Minolta Tech support also has a policy and procedure in place to make sure that the firmware is kept current. When an Authorized Technician calls the Canon or Konica MinoltaTech Support Help line one of the first questions that the Help Desk asks is what is the current level of firmware on this MFD? If it is not up to date, they require the technician to first update the firmware (which in many cases that alone can fix a problem) before they proceed with the help desk support.

3. It also seems like the Manufacturers are becoming more aware of the customer sensitivity to this issue and we are hearing that they are moving towards giving the Dealers and/or the customers easier ways to check and or update the firmware. While I have not seen this released yet, we have heard talk that it is coming. Stay tuned for more info

NOTE: It is important for us to compare and contrast MFD firmware updates from a PC or MACs OS Service Pack or Patch. Not all firmware is designed to work on all configurations of an MFD. It is true that there are certain versions made for the general MFD. But we have seen, and do see specific levels of firmware design for an MFD that has a certain option (like a Booklet Maker Finisher) or a specific Print Engine (like a MicroPress RIP). In some cases loading the latest & greatest firmware that is available for a particular MFD will actually cause a problem (I have seen it happen).

So how do you know that youhave  the correct level of firmware for your MFD. The factory trained and authorized technician has access to this information via the manufacturer’s support web site. It is one of the reasons that you REALLY need to have an Authorized Dealer servicing your equipment.

That’s my $0.02
Vince McHugh
vince.mchugh@Yahoo.com

PS: The Canon Ikon letter stated that Ikon would recieve “certain technical support” from Canon for one year. The way I read that is after one year they will recieve no technical support from Canon (Isn’t that what it implies?). If that is the case then the Canon MFDs that Ikon continues to service would NOT be able to get a firmware update, at least not form an Ikon tech. What are the security ramifications of that? If you fall into this category you may may want to talk to Ikon about this serious problem, or better yet speak to you local Authorized Canon Dealer. They definitely will be able to update your firmware!

h1

The “Copier” Keyboard has finally arrived!

February 21, 2009

Our modern day “Copier” (MFD) is much more of a PC than an old style copier.

It has an Operating System (usually some stripped down Unix variant), a Color Monitor (The Copier’s screen), A larger and larger Hard drive, more and more RAM, and their own applications (usually Java or Web based),and FINALLY, FINALLY a real physical (USB) Keyboard!!!

Canon MFD with Mounted USB Keyboard

Canon MFD with Mounted USB Keyboard

Why is this a big deal? Have you ever had to do a lot of typing on a virtual keyboard (The one on the touch screen)? Let’s just agree that it is not an enjoyable experience. For the longest time the eCopy Scan Station was the only scanning solution that offered a real keyboard. I can’t tell you how many times that this was the deciding factor that pushed one of my customer in the direction of an eCopy solution. It may sound trivial to you but I assure you that if you are the one who has to type on it every day you too would insist on a real keyboard too.

There are times or workflows where you do not want to spend a lot of time at the MFD typing, This is one of the main selling points of Omtool’s AccuRoute product; less time standing at the MFD. But that does require more fore thought to where you want to send your documents, and what you want to do with them once you get it there. Many times people ARE looking for an Ad Hoc way to scan their every day work documents. They want to be able to decide on the spot where to send these documents and what to do with them once they get there. For this workflow a real keyboard makes this job a lot easier.

There real keyboard has arrived, but for right now it is clearly an add on, and after thought to the MFD. They are mounted with add on brackets or they find an open spot on the top panel. I fully expect the next design of the modern MFD to really integrate the keyboard into the design (are you listening Canon, Konica Minolta). I should either mount under the Large touch screens (Like eCopy does it on their Scan Stations) or in a pull out type of tray or draw that could come out under the MFDs panel. These keyboards are currently USB and they need to stay non-proprietary. I hate it whan a MFD manufacturer comes out with a great solution that customers love but then make it so pricey that very few people can justify it. So far both the Canon & the Konica Minolta MFDs that I have worked with do take a standard USB Keyboard (My Hats off to both companies).

The other thing that a real keyboard begins to open up is Active Directory Authentication at the MFD. On a side note the Bio-metric readers make this even easier (see the article on “the next killer app” on this Blog) but even if you have a biomentric reader (read fingerprint reader) that is tied into your Windows Active Directory login that does not preclude the need for a real keyboard. Not only can a real keyboard help you login, but you can also use it when you have to type out a new email address or an email “Subject Line” or text for the body of your email. Wouldn’t it be great if you felt that  it was just as easy to do this at your MFD as your PC? It’s comming, it’s almost there. The other functionality that is becomeing standard is the  “type ahead” feature. Type Ahead is where you set up the device to jump to the address book and show names after you type 2, 3, or 4 letters. Why not just do it on the first letter? You could but if you have a really large address book you could still be a hundred names away from the one you want. In that situation you would want 3 or 4 charectors typed before the Type ahead feature kicks in that will put you right in the area of the name that you want. Both eCopy SSOP, and Canon’s Authorized Send (Asend) have this feature and can use the Canon USB keyboard.

Have you used a real keyboard on an MFD yet? Did you even know that they were available? I welcome your comments or questions.

That’s My $0.02
Vince McHugh
vince.mchugh@yahoo.com

h1

Global (Xerox) buys Comdoc, what does that mean to Ricoh?

February 20, 2009

I have been reading about this Condoc sale to Xerox \ Global on a couple of blogs.


And then I got to talking to a friend who use to run the printer program for Ricoh in the Northeast. He reminded me that Comdoc was one of Ricoh’s biggest customers. How big? Enough so that if they stop selling Ricoh products, Ricoh will feel it. This couldn’t have come at a worse time for Ricoh. I have heard from those within Ricoh that sales for the last few months have not been good. We know that Ikon can no longer sell Canon, and (from what I am hearing) soon they won’t have the ability to sell their relabeled version of the Konica Minolta product. On top of that heap on the slumping economy and this should accelerate the merger process between Ricoh & Ikon. While the first to go will likely be the redundant executives and management (some from Ikon and Some from Ricoh) just like they did when they merged with Lanier. But the Sales People and the Tecnicians won’t be far behind. I lived through the Ricoh \ Lanier merger and the last time their was a merger like that was when the Titanic merged with the Iceberg!
The last time that there was a merger like Ricoh \ Lanier...

The last time that there was a merger like Ricoh \ Lanier…

So things are starting to look pretty gloomy for Ricoh, they make this huge purchase of ikon, financing a large debt on top of what they overpayed for ikon, Canon drops them (ikon) as a Dealer, Comdoc (one of their largest customers) gets bought by Xerox \ Global, and it looks like Konica Minolta is going to drop them (ikon) soon. WOW! That is a lot to deal with! I hope that Ricoh has really deep pockets and can ride this out. I still have a lot of friends who work for that company.
I am starting to feel bad for Ricoh, do you think that they will be able to get a bailout from Washington? Hey its worth a try everyone else who has made bad business decisions and run a company into the ground seems to be standing in line in Washington with their hands out. Why not Ricoh?

“Being the low cost provider without a reasonable return can be sustained by growth for only so long. Lochridge’s comment of, “Nothing is going to change”, is a joke. Xerox (Global) spending upwards of $80 million so Comdoc can continue to sell Ricoh doesn’t fly and Ricoh won’t sit still while Xerox upgrades their base either. Further, Ricoh isn’t listed as a Business Partner or Vendor on Global’s web site.”             Posted by Gunnerdog on 02/02/09 at 9:32AM

I was recently chided because Canon “screwed” their loyal customers (in one guys opinion) by dropping ikon as a dealer. But it is the reality of our very competitive business (and this is the business that we have chosen) that you don’t buy a company so that you can help your competitor sell their products (at least not long term). The dilemma that you face is who do you hurt worse your competitor or yourself by dropping them as a dealer? In someways its like getting Chemo Therapy for Cancer. Yes it kills you a little but it kills the cancer faster.

There really isn’t a painless way to do handle it for either party. But pain can be good (REALLY? Yes Really!). Where there is pain there is opportunity. So if you find customers who are in pain or turmoil over the turbulance that our industry is experiencing you have the opportunity to ease their pain. Are you ready to step up? Because I am.

That’s my $0.02
Vince McHugh
vince.mchugh@yahoo.com


h1

Can Ricoh, Konica Minolta, or Xerox do what Ikon, Danka, and Global couldn’t?

February 19, 2009

So the Manufacturers (Ricoh, KM, Xerox) have gobbled up the last of the national dealers (Ikon, Danka, Global). But will they be able to do what the large national dealerships couldn’t? Are not the direct sales & service arms of the Manufacturers the same as the national dealers were?

How will they do what their predecessors could not; stay profitable and continue to deliver premier service? Are the people who run the direct branches smarter, or better than those who ran Ikon, Danka or Global? If you know anything about our industry you will know that for the most part its the same people who worked for Ikon, Danka, or Global. We work in a very small industry, everytime I go to The Print on Demand \ AIIM show its like old home week catching up with all the people that you use to work with and finding out where they landed.

AA Defines “Insanity” as doing the same thing over and over and expecting different results! My question to Ricoh, Konica Minolta, and Xerox is what are you going to do differently than Ikon, Danka, and Global did? If you don’t have a clear and decisive answer then you should expect the same mixed results as the companies that you acquired. Just being “bigger” is not a strategy.

It’s a tough economy and we may be at the beginning of the Darwinian weeding out process of the weak. Panasonic seems to be getting out of our all too competitive business. See Art Post’s blog article http://mfpsolutions.blogspot.com/2009/02/panasonic-copier-division-dumps-all-but.html 

Who’s next? Toshiba, Sharp? Oce? I’ve heard rumors that Canon might be looking at Oce, Maybe they are feeling left out of the club (Ricoh, Konica Minolta, and Xerox). We shall see…

That’s my $0.02
Vince McHugh
vince.mchugh@yahoo.com

h1

Is Konica Minolta dropping IKON as an Authorized dealer too?

February 16, 2009

That’s what I am hearing! That by the second quarter (Q2) of 2009 IKON will no longer be Authorized to sell Konica Minolta. IKON has sold a rebranded Konica Minolta (KM) line under the IKON name. How will Konica Minolta respond?

Who will service these IKON branded Konica Minolta’s? The problem that customers will have getting some other authorized KM dealer is that the IKON branded KM MFDs have unique toner bottles and firmware that was specifically designed to only be used in the IKON version of the KM MFD. Will  Konica Minolta break their agreement with IKON and begin to supply this special toner bottles and such to other dealers who are still authorized on KM equipment?

One other possible option would be to have the KM Direct Branches pick up this service, but that would REALLY make the independent KM Dealers angry. KM has always stated that they do not give special treatment to their branches, so we will see how this goes.

The other thing that I am hearing is that the DANKA name will disappear completely this year. DANKA will be completely absorbed (PACMAN Style) into the direct Konica Minolta organization.

I think that it is a good time to be an Independent Dealer! Especially for those who carry both the Canon & Konica Minolta lines. Stay tuned for future developments on this story.

That’s my $0.02
Vince McHugh
vince.mchugh@yahoo.com

h1

Securing the Copier \ MFD \ MFP

February 4, 2009

I recently have had the pleasure to meet with a number of Security officers to discuss their companies “copiers”. When I spoke to one of them about a copier being “hacked into” he was incredulous, he couldn’t believe his ears. There have been a number of articles on the subject and yet people still think of these networked systems as “copiers”. Something that their “Purchasing Dept” should deal with.

http://www.networkworld.com/news/2005/110905-hacking-copiers.html
http://www.bizjournals.com/triad/stories/2007/08/13/focus1.html
http://www.engadget.com/2007/03/17/your-office-photocopier-could-help-steal-your-identity/

These are not your father’s copiers. These MFDs (Multi-functional Devices) are true Network Nodes, with their own Operating System (OS), hard drive, Ram Memory, and NIC. It is more like a modern day PC than an old style copier. The new crop of smart MFDs even run applications, usually java or web based. Imagine that, copiers running their own applications, just like PCs. Don’t you think that they warrant some attention from both the network admin and security teams?

Here is the good news, most MFDs use a stripped down OS, not a standard PC version. So many standard viruses or hacks that are written for a PC would not run or run the same on your Office MFD. Does that mean you are out of the woods? or you can put your head back in the sand on this issue? not hardly!

Security is a balancing act (see the article on Security with Convenience on this Blog). If we REALLY want total security on the MFD then go ahead and unplug it from the network and return it to copier only status. But you should also disconnect all the PCs from the same dangerous network, and we know that’s not going to happen.

But don’t despair there is more good news for those of us who care about security. There are a few basic things that you can do to better secure your copier MFD MFP. Start with these simple things that can easily be done on most MFDs.

1. Set an Admin password on the MFDs (that is NOT the default password).
For practical purposes you will want to have the same one on all of your MFDs. Resist the temptation to make it different on every MFD in every department. It will make servicing and supporting the equipment a logistical nightmare. Your Service Techs, and Systems  Engineers (SEs) from your servicing dealer will also need access to this password. Don’t panic, remember that your “Copier Dealer” is their to keep your MFD running, it is not likely that they will hack your system.

2.Have your Servicing dealer shut off any ports that you do not need or use. For instance if you are not using the FTP service then turn off port 21 on your MFD. This will stop attacks or hacks that depend on this port. Your dealers Systems Engineer will be able to give you a list of what ports are open and how to shut them off. If not, get another servicing dealer.

3. If everyone is printing through a Print Server than you can easily set up an IP or MAC filter on your MFD, so that the MFD will only communicate with your print server. Any other network device trying to access or communicate with the MFD will be rejected.

There are a number of other steps that you could take to secure the copier. But keep in mind that part of security is Access and Access control. Authorized, legitimate users still need to be able to actually use the MFD to Print, Scan, Fax, and oh yeah Copy.
You could make it soooo secure that no one uses it, then what have you gained…. a hostile end user community, and no one wants that.

If you do nothing but the above three steps your MFD will be more secure than it ever was before. They are not hard to do, nor are they hard to maintain. They will cause a minimal amount of inconvenience to your end user community. To take it to the next level read https://theconnectedcopier.wordpress.com/2008/12/18/security-with-convenience-the-next-killer-app/

That’s my $0.02
Vince McHugh
vince.mchugh@necs.biz