Security
Lots of Updates Yesterday – Get ‘em Done!
I know this is the highpoint of your month, so I won’t keep you in suspense any longer.
Yesterday was the SECOND TUESDAY OF THE MONTH! CAN YOU STAND IT!!!
OK, that was a little over the top, but folks, I’m trying everything I can to get you at least ONCE a month to think about the security of your computer, and be to install those updates when they appear on your taskbar tray. Not once but TWICE today I heard people say they were AFRAID to install them. If you’re reading this and know what legitimate apps look like, then you should really be afraid NOT to install them. Delaying them even 2 or 3 days can leave you open to virus attacks that your anti-virus software won’t be able to stop or may not even know about.
Second Tuesday of the month? That’s when Microsoft pushes updates to Windows and other Microsoft products to you. If you and auto-update turned on you may not even see the yellow shield (XP) or the blue box icon (Vista and Windows 7.) Throughout the month you may see the Java coffee cup icon or the Adobe Acrobat or Flash icons – DO THE UPDATES! It breaks my heart when my own clients get a virus when it’s totally preventable. If you’re new to my site and haven’t read my article from a year ago November on how to avoid viruses, take a few minutes and read it here: http://goo.gl/F0DhL
Your Router at Home May NOT be Protecting You!
A new flaw in how your average home router connects to other devices within the network has been discovered and may expose your entire home network (meaning all your computers) to a bad guy.
A “FEATURE” in newer routers is the ability to easily connect your devices like computers or printers to the network. This feature is called WPS – Wi-Fi Protected Setup. This problem is that you’re not so protected. Because of the way it was set up, it is not difficult at all for someone to figure out how to connect to your “secured” network.
The good news is that if your router is 3 or more years old, it probably doesn’t have WPS and you don’t have to worry, but many of the new routers have this feature.
To be safe you should log into your router and DISABLE WPS in the router, now you can keep the bad guys out (assuming you’re NOT using WEP encryption, but that’s another article.)
So if your router has a button on the front for easily connecting to another device you need to log into the router and turn that feature off. If you’re not sure if you’re vulnerable or not sure, then call your favorite computer professional and have them turn off WPS on your router. If they don’t understand why, then you need a new professional handling your computer issues.
So Far Over 45,000 Facebook Users Hit with the Ramnit Virus
Actually, Ramnit is a worm that steals your login credentials, then transmit malicious links to their “Friends” with the intent the link will get clicked on, infect the friend’s computer and continue to spread in the same fashion.
Since most people (hopefully not those of you who regularly read my blog) tend to use the same password for everything, the bad guys, after getting your Facebook login information now probably have your email login. With your email they can find out a lot about you, like where you bank, your credit card holders, etc.
Facebook is downplaying the significance of Ramnit, however they do say “People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information.” Since this is ALWAYS good advice, it’s hard to find fault with a response like that.
This is a variant of a virus that first appeared almost two years ago and is designed to steal information. If you haven’t read my November, 2010 article on how to avoid viruses and malware, you can read it here: http://goo.gl/bOCMF
Surprise Surprise!!!! Yes – Updates Are Upon Us!!!
I know this is the highpoint of your month, so I won’t keep you in suspense any longer.
Yesterday was the SECOND TUESDAY OF THE MONTH! CAN YOU STAND IT!!!
OK, that was a little over the top, but folks, I’m trying everything I can to get you at least ONCE a month to think about the security of your computer, and be to install those updates when they appear on your taskbar tray. Not once but TWICE today I heard people say they were AFRAID to install them. If you’re reading this and know what legitimate apps look like, then you should really be afraid NOT to install them. Delaying them even 2 or 3 days can leave you open to virus attacks that your anti-virus software won’t be able to stop or may not even know about.
Second Tuesday of the month? That’s when Microsoft pushes updates to Windows and other Microsoft products to you. If you and auto-update turned on you may not even see the yellow shield (XP) or the blue box icon (Vista and Windows 7.) Throughout the month you may see the Java coffee cup icon or the Adobe Acrobat or Flash icons – DO THE UPDATES! It breaks my heart when my own clients get a virus when it’s totally preventable. If you’re new to my site and haven’t read my article from a year ago November on how to avoid viruses, take a few minutes and read it here: http://goo.gl/F0DhL
Are Your Updates Installed (did you know they were even delivered?)
Yesterday was the 2nd Tuesday of the month – so Microsoft pushed their updates for Windows out to you. If you don’t know, you might see an icon in your task tray just waiting for you to click on it – but to be sure you can click on your start button, click on “Programs” and up toward the top you should see “Windows Update”. Click on it and see if there are any updates you need to install on your computer. If you leave your computer on 24/7 and auto-update is turned on then your computer is probably already up to date. But if your computer is off then you may not have yet received the updates – so go check and if you need them don’t wait! Download and install them.
In addition to Microsoft’s updates, Adobe has recently updated it’s Flash player and Oracle has updated Java, so be on the lookout for those icons as well.
Can You Spot the Fake? You Better!
The folks at OpenDNS put together a great little quiz to see if you can tell if 14 web pages are fakes or the real thing. It’s simple – just look at the page and click either Phish (for fake) or Real. You need to know how to spot phishing sites because they want login information to your email, social networking and financial web sites. I get a gold star for getting 14 out of 14 right the very first time. Take the test and let me know how you did: http://goo.gl/0lUmT
Have You EVER Changed Your Email Password? (Do You Even Know What it Is?)
Chances are you’ve had your email account for a long time. Chances are you are using the same weak password you originally set it up with, and if you’re using Outlook, Outlook Express, Windows Mail, Thunderbird, Apple Mail or some other program on your computer, chances are you don’t even KNOW what your password is.
Back in June I wrote an article titled “Why You MUST Protect Your Email Account”, because if someone gets into your email account they know a LOT more about you than you may think. Now, a hacker might get into your account and use it to spam your friends, but then you’ll start seeing messages from your friends asking you about the message “you sent”.
But suppose they don’t use your email account for spam, maybe for some reason they just read your eamil and leave it at that. Maybe they’re stalkers, maybe they are trying to learn more about you. All this time you wouldn’t even know that someone else was in your email.
So here we are in the holiday season – approaching the new year. So let’s all just change our email password to keep what we hope is private – private. Don’t just add a “1”, that’s so obvious you’ll be compromised for another year. Review my article from earlier this year (http://goo.gl/qkr7k) and make sure your email is secure.
Viruses are Nasty, Don’t Compound One Lie With Another
Often I find that a person’s computer was infected because they fell for the LIE that was told to them by a bad guy. The most common one is the pop-up window that LOOKS like it comes from their anti-virus software or Windows telling them that they ARE infected. The trick is that at the moment, they are NOT infected – the pop-up window is just a cleverly designed paged that gives the impression that it is scanning your hard drive and finding all kinds of problems. In the window will be a “call to action” to click on a button to download a “fix” or program to get rid of your problems, and often is another button saying “No Thanks” or “Ask me Later”. Clicking on either button (or anywhere within the window) is fatal because THAT is when the real virus gets downloaded onto your computer. It asks for your permission, you say yes and that’s it, you’re infected. If you should ever encounter one of these windows, the best thing to do is DON’T touch, close any other programs you may be running and reboot your computer. If you’re lucky it was just a malicious html (web) page and is gone – if it comes back then they got in another way, probably through an unpatched vulnerability in Adobe Reader, Flash or Java. I wrote about how NOT to get infected in my monthly article exactly one year ago, if you need a refresher or missed it the first time you can read it here: http://goo.gl/afEha
You’ll notice I titled this article “Don’t Compound One Lie With Another.” What’s the other lie? It’s when a tech person tell you over the phone without seeing your computer that they can get rid of any virus, period. There are so many viruses out there, so many ways to infect your computer and so many places to put the virus on your computer that anyone who tells you that is either delusional or lying. I’m not saying that you CAN’T get rid of a particular infestation, professionals have tools at their disposal that you may not know about and a knowledge of where viruses like to hide to make sure that they are in fact gone – but some viruses just don’t want to go. For example, there are infections that “wrap” themselves around you operating systems’ files, making it impossible to remove without actually breaking your computer. Another type is known as a “root kit” – these guys hide where your hard drive first looks when it starts Windows, and Windows just thinks it’s “part of the family” and keeps it safe from things like your anti-virus software. Sometimes, the only way to ensure that the infestation is gone is to completely wipe the hard drive and reinstall Windows from a disc you trust (after having backed up your data of course.)
So if you find yourself infected (and if you’ve followed my advice it’s unlikely you will) and you call someone for help, make sure they give you a best and worst case scenario of your situation. Getting rid of the symptoms of a virus usually isn’t too hard, but that doesn’t mean other stuff isn’t still going on silently in the background. Being free of symptoms and being free of the virus can often be two different things.
I had someone call me with a virus and was hoping to get a “deal” on getting rid of it. I briefly explained what it would probably cost and what it could possible cost and they explained the last time they got a virus they took it to someone who got rid of it for less. If that someone had done them the service of telling them how NOT get a virus, I wouldn’t have even been having the conversation with them. They said “Thank you” and would get back to me. They might have saved a few dollars, but it gets expensive to keep re-infecting a computer.
Get an honest opinion, and if they tell you how to avoid getting re-infected (and they should) please pay attention. Let viruses be other people’s problem, not yours.
Posted in Monthly Articles, Security | Tags: root kits, virus infection, virus removal | 
No Comments »
Adobe Flash – Don’t Say No!”
DON’T say no when you see this window.
These updates fix security flaws that PROTECT you from the bad guys who are hoping you DIDN’T update your computer. So spend the 45 seconds it takes and update your computer. Adobe just updated their Flash player (again) so don’t say “NO” when the windows appears to update the Flash player.
The Scammers are Back at it in Austin
The phone calls continue to come, so be aware – if someone calls you claiming to be from “Microsoft” to help you with a problem they have detected on you computer, hang up. I received a call today from someone who unfortunately didn’t see what I posted in June (http://goo.gl/zhlnn) about getting this phone call, and he followed their instruction and downloaded a file per their instructions. Fortunately he hesitated when they offered to sell him further services and asked for his credit card number, but damage was done and he is infected.
Microsoft will NEVER call you unless you contact them first AND you give them your phone number. If they sounds new to you, click the link above and read my post from June. Don’t get suckered.
Check Your Facebook Security (Yes, AGAIN!)
Facebook is almost evil for how they are always mucking around with your security settings. I checked mine and what do you know? They had changed! Things that were once marked for Friends (or my eyes) only were now marked “Everyone”. So whether you’re reading this directly on my blog (tek-chic.com/blog), on Facebook, Twitter, Linkedin or Google+, go NOW to your Facebook page and click the down arrow in 
the upper right corner and click on “Privacy Settings”. This will take you to a page (that has changed since I was last there) and go through each and every item to make sure it is STILL what your thought it was. I recommend you keep most things to your “Friends”. Making information about yourself to “Friends of Friends” or worse “Everyone” makes more information about you available to the world than you probably would like if we ran through it line by line.
Facebook makes its money by selling YOU, literally. Information about you is worth money and the more information about you they can sell, the happier they are. Take control of your personal privacy and check those settings now.
Our Favorite Day of the Month is Here! Hooray!
Want to avoid getting viruses and other malware? Then keep your software up to date. It’s the second Tuesday of the month, and that means Microsoft is pushing updates to its operating systems and other software. Windows XP users look for the yellow shield. Windows Vista and Windows 7 users look for the blue logo. If your computer doesn’t automatically update, you’ll see those icons in your task tray (in the lower right corner usually) The orange/brown icon is for Java, and the red icon is Adobe Acrobat 
Reader. You may not see these icon in the next day or two, but you’ll see them at some point so be aware of them when they do. These indicate FIXES to security problems that have been discovered. They update quickly, so don’t click on “remind me later” or anything like that, just do the update and stay safe. The same goes for Adobe Flash, when you get the message that looks like the image to the left (often right after you start your computer) by all means perform the update.
Posted in Security | Tags: 2nd Tuesday of the month, Adobe Flash, Adobe Reader, Windows update | No Comments »
Don’t Get Scammed Into Giving Away Passwords
An attentive client of mine forwarded me an email asking if it were legitimate. I realize that I sometimes impart a sense of paranoia onto my clients because there are so many bad guys trying to fine a way into their computers, but it this case, their caution was justified. Here is the email they received:
No one you do business should EVER ask you to verify your password over email (or frankly even over the phone but sometimes they do.) The email was bogus and NOT from Yahoo, had my client replied and provided the information the bad guys would now have full access to their email account. That would be a HUGH problem, if you don’t know why, then read my article from June on “Why You MUST Protect Your Email Account”.
Never disclose any password via email, it’s never legit.
Got Carbonite? Know Your Password?
The great thing about Carbonite (the very best online backup service) is that once you’ve installed it you can forget about it. The PROBLEM with Carbonite is that once you install it you DO forget about it. Hopefully if you’re a regular reader of my blog you know about and HAVE Carbonite on your computer (if you don’t read last month’s article “Crisis and Carbonite”, then come back here.)
I encountered several clients recently who either had new computes or needed to restore data and surprise – they didn’t know their password! No problem, because when you forget your password, Carbonite will send you a link that will then ask you your three secret questions that you can answer and then reset your password. Well guess what? Every one of them had not only forgotten their password, they forgot the answer to at least one if not all three of their secret questions! Really!
So give yourself a test. Go right now to Carbonite.com and click the “log in” link in the upper right corner of the web site. From there it’s real simple, just enter your email address and your password. If you know your information, you’ll be logged in and you’re good. If not…. then you now know why I’m writing this. After clicking on the “Log in” link, click the link that says “forgot password”. There you will enter your email address and they will send you a link. Click the link in the email and you will be taken to the web site and have to answer your three secret questions. If you FAIL to answer correctly, try again – but after three attempts if you fail you will have to wait 30 minutes before trying again.
At this point it’s clear you don’t know the answers and you’ll need to call Carbonite’s support center during normal business hours and convince them that you are you and they will assist.
When you change your password, make sure it’s a STRONG password and make sure you document it somewhere in case you forget (I recommend you download LastPass, but that’s another article.)
Verizon is Selling Your Information to Marketers
If you’re a Verizon Wireless customer, you might want to opt-out of their program that lets marketers know where you’ve been, your gender, sites you’ve browsed on your phone, even what restaurants you seem to like – pretty much anything they can glean from your phone. PC World has an article detailing it including the link to Verizon’s Privacy Policy. I think it’s just a little ironic that the company that quietly changed their privacy policy to divulge more information about you starts its privacy policy with “Verizon is committed to protecting your privacy”. Though Verizon says it won’t provide personally identifiable information, seems to me they will be providing enough that it won’t be hard to figure out. Here’s the link to PC World’s article: http://bit.ly/TekChic0415
Posted in News, Security, Smartphones/Tablets | Tags: personal information, privacy, Verizon wireless | No Comments »