Pratum Blog

Good Habits for a Greener PC

You can reduce power consumption and achieve significant energy savings when using your PC simply by acquiring a few good habits. Read the handy tips below.

The monitor

In a PC, the display is greatly responsible for overall energy consumption. Some estimates for laptops show that the monitor accounts for 40% of total energy consumption. The figure is not much different for desktop PCs. LCD monitors typically require between 15 and 60 watts, while a CRT (cathode ray tube) screen requires between 50 and 125 watts.

In order to reduce energy consumption and in particular battery consumption, it is recommended to not change the standard configuration set by the manufacturer. In fact, after a certain period of inactivity, the monitor automatically “goes to sleep”. In this mode, it consumes just 1 to 3 watts of energy.

Windows operating systems, in particular from Windows XP onwards, allow you to easily adjust the monitor’s sleep cycle. To lower consumption, you can shorten the idle time, activating the sleep phase earlier and so saving energy.

Another important factor in energy consumption as regards the screen is its brightness. It’s natural to write in black on a white sheet, but a very bright page is heavy on consumption, and strains the eyes.  Therefore, experts suggest that screen brightness be reduced until your eyes are comfortable. In this way, especially for laptops, battery consumption can be greatly reduced and battery life lengthened.

PC hibernation mode

The most effective way of reducing consumption when your PC is not in use is to put it in hibernate mode. Rather than shutting down your PC every day, restarting it, then re-opening all your applications, it is much better to “suspend” PC activity, because energy consumption in this mode is roughly 5 watts for a desktop PC and 1 watt for a laptop.

In Windows Vista and later systems, you can also save energy by setting your PC to awaken from hibernation to execute scheduled tasks. For example, with the TV program recording function, you can set your PC to activate itself and record your favorite program at a set time. After completing the recording, the PC returns to hibernate mode.

Switch off the Wi-Fi antenna

Today’s laptops and some desktop models are equipped with antennas for transmitting and receiving data via radio waves using hotspots, microcells equipped with Wi-Fi antennas that comply with wireless standards 802.11 a/b/g/n and allow Internet browsing in bars, airports, at work, or in the home.

Radio antennas consume a lot of energy and battery power when they kick into operation. Windows Vista and Windows 7 natively support the ability to disable the laptop antenna when not in use. This ability to disable the antenna for short periods of time helps to prolong battery life.

New Windows PCs normally have the Wi-Fi antenna enabled for best performance, meaning they are not configured for power saving. So it is up to you to use your wireless antenna in a way that maximizes battery life. If you don’t need to browse the Internet or connect, you can switch the Wi-Fi antenna off completely.

Regulate Windows Search indexing

One of the most interesting changes in Windows Vista is the ability to index all PC content, from e-mails to documents to images. This is a task that Windows Vista performs in the background or while you are doing something else, but it’s a task that inevitably consumes energy.

There are three possible settings for the Windows Search indexing system:

  • Maximum Savings: Windows indexes only files defined as high priority or e-mails.

  • Balanced: Windows indexes files defined as high or normal priority.

  • Maximum Performance: All indexing functions are active, including searching for new content on the Internet.

Selecting a sensible indexing status, depending on the electrical or battery connection, can help you better manage and prolong the useful working life of your laptop.

Power Savings Features in Windows 7

Windows 7 runs with fewer background activities so your PC processor doesn't work as hard and draws less power. Other innovations include less power-hungry DVD playback (handy on long flights), automatic screen dimming, powering off unused ports, and a more accurate battery-life indicator.

I need to vent a little bit today. If you’re a security professional pay close attention. If you’re anything else, make sure your trusted security professional pays attention. If you’re a fan of football, the American version, you know what it means to do tackling drills. It’s simply getting back to the basics. All the defensive schemes, cover options, etc. are lost when you simply can’t tackle. When you, the defensive player make contact with the defensive player, you must be able to stop them. Period. End of discussion. Hit’em hard and knock them down or tie’em up long enough for your teammates to help out. If you can’t do those things you need to get back to the basics.

We information security professionals need to get back to the basics sometimes too. Far too often we get caught up in all the defensive schemes such as intrusion detection, application testing, web application firewalls, blah, blah, blah. We’ve forgotten some of our foundational techniques.

I’m going to highlight a few of these in hopes some of us will put on a “throwback” uniform and get back to the “old school” days of information security.

  1. It’s all about information security. Information is the critical term here. Not computer, not server or network security, quite simply…information security. Our job is to protect information, regardless of its state. (Electronic, paper, verbal, etc.) This may not be true in all companies, but it should be and we as professionals need to consider this.

  2. Risk management should be our primary motivation. Just because a risk exists doesn’t mean you need to worry about it. Let the business be your guide. As you become better at driving a car, you learn to watch the road far ahead of you and not worry so much about what’s right at your bumper. We need to do a better job at seeing the risks on the horizon and prioritizing those with the ones under our noses.

  3. Policy and procedures matter. Efficiency is gained and errors are reduced when a process is documented and followed. Without the process, periodic failure is almost assured. We need to place more emphasis on getting systems and applications well documented before moving on to more “mature” techniques.

  4. Location, Location, Location. If we really are worried about information, then the location of that information is critical. “Mothers, it’s 2am, do you know where your children are?” We’ve all heard it and it’s absolutely true. You can’t secure what you don’t control. Finding where your data resides and determining the risk in those locations is paramount to the success of your information security and risk management program.

  5. Walk first, then run. Re-evaluate where you are on the maturing continuum every now and then. Have you taken any steps backwards? Are all of your process documents still valid? Do you have a valid data inventory, has your company made any acquisitions or mergers recently? Our business and technology landscapes change constantly. What makes you think your risk and security posture will remain constant.

Don’t be afraid to take a step back every now and then and run some tackling drills. It’s better to reinforce some basic ideas in a system that’s working well than to wait until everything is falling apart. We have to stop keeping up with the Jones too. Just because all your peers at a conference are buying a new technology doesn’t mean you’re ready for it. As a business owner, I’d rather be working toward maturity slowly and methodically because at some point, the going’s gonna get tough and I want to be prepared to handle it, not just have the badge that says I can.

If your business is working toward PCI-DSS compliance you are undoubtedly familiar with the following two requirements surrounding application security.

6.3.7 Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability.

6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:

  1. Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes

  2. Installing a web-application firewall in front of public-facing web applications Both of these requirements are designed to enhance the security of applications and the databases which support them.

Here are some tips when dealing with these two requirements.

  1. Custom code means, custom code. Even modifying the HTML on a landing page can qualify an application as having custom code. Remember, much of the interpretation during an audit is left to auditor discretion.

  2. 6.3.7 applies to both internal and external systems. Just because a customer never sees the application doesn’t exclude it from scope.

  3. 3. The code must be reviewed BEFORE being placed into production. Vulnerabilities must also be fixed prior to the system go live date.

  4. Separation of duties is a must. If you choose to do code review internally, the person writing the code can’t check their own work.

  5. Many organizations choose to implement both options in 6.6. The web-application firewall is used as the stop gap measure used to mitigate flaws found in an application while they are being fixed. This buys application development teams time to properly code and test the needed repairs.

  6. Don’t forget to test the backend databases as they have as much a role in security as the rest of the infrastructure.

As our infrastructure has improved over the last few years, in terms of security, hackers have increasingly targeted application vulnerabilities. This trend is on the rise and will likely continue for the next few years. Code reviews, vulnerability scanning and penetration testing should become integral parts of your system development lifecycle as well as your long term maintenance plans.

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.