security

False-Positive Virus Warnings and your Free Purchase Order Software

Viruses_greenDan was installing the Free Version of SpendMap last week when his Panda Antivirus Software displayed a warning about one of our files.

With so many false-positives these days, we immediately uploaded the file to VirusTotal.com and, as we suspected, the other 59 out of 60 virus scanners reported that the file was clean.

False-positive virus warnings are becoming more and more common these days, as the security suites try to stay ahead of the bad guys by trying to “predict” the presence of malicious code.  That is, many antivirus systems will report the presence of a virus (or rather, the POTENTIAL presence of a virus) because there is something in the file that resembles a virus, even though they didn’t actually find a known virus in the file.

It’s a great idea in concept but unfortunately the price you pay for this proactive protection is that they sometimes get things wrong.

That’s where VirusTotal.com comes in.

Owned by Google, VirusTotal lets you upload questionable files to their website and scans them with over 60 security suites in one shot and then shares the results so that everyone can improve their systems.

The idea here being that if only one or two out of the 60 scanners report a problem with a file, then it’s most likely a false-positive.

Of course, only you can decide if you want to proceed when your virus scanner puts up a red flag but with this sort of thing happening more and more often, we thought you’d like to know about this great tool.

One thing you may hear is “You should only proceed if the file came from a trusted source“.  At least there we can give you a hard-and-fast answer; with over 50,000 downloads so far and a spotless 25-year track record of providing clean and reliable Purchase Order Software, it doesn’t get any more trustworthy than SpendMap.

Personal Information in your Free Purchase Order Software

Information privacy is the talk of the town these days and we’ve been getting some questions about how we store, access and process your personal information in the Free Version of SpendMap.

Unlike our SaaS Version that runs on our servers in the Cloud, when you download and install your Free Purchase Order Software, the database that contains all your personal information is on your own PC or server, so you’re the only one who has access to it.

Rest easy and have a great day!

Virus in SpendMap Free Version was False Alarm

Webroot virus scanning software was showing a “false-positive” on our website last week, saying that our site “Contains malicious content”, when it does not.  Webroot has since updated their database to show that SpendMap.com is totally safe.

Are you worried about viruses or malware in the free version of SpendMap?  These days you can’t be too careful when downloading files from the Internet.

And because of the popularity of the free version of SpendMap, our installation package (SETUP.EXE) has been picked up by many download sites, which we have no control over.

So if you’re worried about viruses and malware (as everyone should be these days), make sure to avoid these other download sites and get the installation package directly from our website.

Before posting our installation file, we always scan it for viruses, malware, etc. using the latest version of Symantec’s Antivirus Software and then we sign it with a digital signature so you can tell if something happens to it on the way to you.  To check the status of the digital signature, you can RIGHT-mouse click on the SETUP.EXE file, select “Properties” from the menu, then click the [Digital Signatures] tab…

No Virus in SpendMap

Of course, you should scan any EXE files for viruses, etc. before running them, and you should follow your company’s security protocols when installing any software.

How to set up PO access by user in free Purchase Order Software

I was speaking with Gwen in Connecticut about setting up user accounts in SpendMap for 20 or 30 of her staff.  Gwen wondered if there was a way in SpendMap to only display information on each user’s own Requisitions and Purchase Orders but not orders that the other staff had placed.

While it’s common for managers/approvers to have visibility over an entire department or across a division, sometimes policy requires a more restricted view at the end-user (requisitioner) level, while sometimes document level filters are put in place just for ease of use (e.g. to simplify searches).

You can limit the scope of documents that each user will have access to by locking the document filter option on the way into View PO Status, View Requisition Status, the Receiving utility, etc.

Just use “Add/remove individual menus and pop-up prompts” and navigate to the applicable utility, then select “Lock-out this option” and select the desired filter…

If the user will need access to all documents within their cost center, you can specify their default cost center in the [Settings] folder of the User Master File.

On a related note, there’s also a setting in PO Processing Settings to hide pricing (dollar amounts) in these areas in case your pricing information is confidential but you need users to view other people’s orders, which is not uncommon in some central Receiving and Accounts Payable environments.

TIP: Use your Testing System to play around with this stuff without fear of messing up your Live System. When you run the Testing System, it will give you an opportunity to copy your Live System’s data into the Test System, including all the user accounts, settings, etc.

Too many options for users in free Purchase Order Software

(or “I don’t want my users seeing that”)

One of the most common topics of discussion we’ve been having in our free system setup/training sessions has been around user profiles and how to restrict users so that…

  1. they can’t do certain things in the system,
  2. they can’t see certain information, or
  3. just to make it easier for users that don’t need access to the entire system.

Most of you seem to be logging into the Evaluation Copy using the user ID with full access to all functionality (the user “FULL”), but this user profile, while convenient for evaluation purposes, would be unusual for a real user account in your Live/Production system.

Rather, you would likely set up restricted user profiles with access to only the areas of the system that each user needs.  This is especially true for “casual” (occasional) users like Requisitioners and Approvers that may have little or no training on the system, so you want to make it as easy as possible for them.

To learn now to customize each user’s profile, check out this video tutorial or read “About User-Definable Menus and Pop-Up Prompts” in the Online Help.