The Heartbleed encryption breach has been all over the news this last week.
I wanted to make sure my customers knew what it was about and what they can do to protect themselves.
This website has a great FAQ and goes over the basics of Heartbleed: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/
Here is a list of the top websites and their statuses related to Heartbleed: http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
Given the number of sites the average person will need to go to and change the password due to this problem, now would be a great time to look into a password manager: http://www.pcmag.com/article2/0,2817,2407168,00.asp
Recently, I had a customer with an Outlook problem and they Googled Microsoft’s 800 number for technical support. Twenty minutes into a this phone call, it was obvious the 800 number that came up in Google was not Microsoft’s real phone number. Instead, they ended up calling a third-party company claiming to be Microsoft. The company remotely logged into this customers machine and then refused to disconnect from their computer after my customer turned down their $300 repair fee. My customer pulled the power cord on their computer and thankfully I was able to remove the remote access software this company had installed and undid the damage.
Hopefully this will now be a lesson learned for all of my customers. When looking for a tech support phone number, don’t rely on Google. It’s unfortunate that so many companies make it difficult the find their number, but if you do need it – go directly to the company website and find the number there.
Spyware, Malware, Worms, Rootkits, Malvertising, Trojans, Exploits, Adware, Key loggers, and Viruses are becoming a bigger and bigger issue with Windows and Mac computers. This guide is designed to help you prevent and maintain your computer and to give you the best chances of avoiding nasty bugs and computer downtime.
Updates are a critical part to keeping your computer protected. Most of the time when your computer is asking for an update, it’s due to software developers finding a problem with their code that will allow some kind of security breach on your computer. Keeping your machine up to date is critical to keeping your computer safe. On the other hand, update notifications have been faked to try to fool a user into clicking it. If you are unsure if a program should be updated, see if it’s on my list of programs that are okay to update (http://www.hyperlogik.com/Blog/computer-programs-that-are-okay-to-update/).
If you are running Windows XP (which was released in 2002), you cannot update to the newest version of Internet Explorer (9 or 10), which is faster and more secure than Internet Explorer 8 (the latest version you can run in Windows XP). For a faster and safer browsing experience, try using either Google Chrome or Firefox.
Anti-virus software is like the locks on your front door. It’s the first line of defense against a bug or hacker breaking into the system. Just like the locks on your door, they don’t stop everything (tossing a rock through a window can easily defeat even the best door lock).
My recommended pay-for-protection package is Norton Internet Security (Comcast users get this for free here: http://www.xfinity.com/norton. Otherwise you can call us to purchase a license).
The main differences between a free anti-virus program and a pay-for anti-virus program are that the free programs have little or no protection against malware, spyware, and rootkits; do not include a firewall and don’t filter your search results (often preventing you from going to a website that could be infected).
If you are unsure if you have any protection installed, just open the Control Panel and Add/Remove Programs (XP users) or Programs and Features (Vista and 7 Users) and see if you have anything in your programs list labeled “Anti-virus”.
Firewall is built into Windows and blocks basic incoming attacks. If you want something more secure, Norton Internet Security offers a full-featured firewall that can block incoming and outgoing traffic.
Blacklisting. There are thousands of websites whose whole reason for existing is to lure users into going to these websites to get infected with viruses. SpywareBlaster is a program that installs a list of thousands of known bad websites into your computer and prevents your machine from being able to visit these sites. Download, install, update and enable all protection.
Block Ads. Advertisements on many websites can have hidden viruses contained in them. Most websites that have advertising on them are linked to a database of thousands of separate ads that are chosen (often at random) to come up. If the random ad that comes up happens to contain a virus, malware or spyware – often times it will immediately infect your machine. There is usually no way of knowing beforehand if you will get a bad ad. To protect yourself from this issue, install an Ad Blocking Program (AdBlock Plus, which is compatible with Google Chrome and Firefox). This program is a middle man in the process of your typing in a web address and its showing up on your screen. It looks at the website before displaying it and looks for the code that is used to display an advertisement and then removes that code before displaying the page on your screen.
Additional Malware Protection. If your computer is frequently infected, you have kids who use the computer, or you just want another level of protection, SuperAntiSpyware can be an additional layer of protection over your anti-virus software. Their free version does not protect you from infection, but can help with its removal. The pay-for version runs all the time and actively tries to prevent your machine from becoming infected in the first place.
Maintenance and Removal
Even with all of the above protection, sometimes you can still become infected. In some cases the infection is obvious and in others it sits silently in the background and you won’t even know it’s there. When experiencing an infection OR once per quarter, you should download, install, and update these spyware scanners (if I have worked on your computer in the past, it’s very likely these programs are already installed. To check, just click on “start” and “programs” and see if any of the programs below are listed):
Each time you use these programs, you will need to first use their built in update tool so they can download the latest definitions and then run a full scan (one program at a time; you may need to reboot in between running each of the above programs).
There are hundreds of free programs on the Internet advertising that they will remove viruses, protect your computer, clean your up computer, fix errors, make your computer run faster, etc. Most of these programs don’t work, were not programmed well, or are just a plain scam (some are so elaborate, they set up a number of fake review websites that give their program good reviews). Many are initially marketed as free but quickly ask for money in order to finish repairing your machine – this is usually all a ploy to get your credit card number. If you are unsure if a program is good/legitimate or not, just email me and ask!
If you have any problems or questions about the above, feel free to call or email me!
Users are constantly pestered with messages asking to update programs. Many people are not sure if the update is okay to run or not. Many updates are important to run (fixes bugs and security issues) but some of these update notifications are not needed or scams. I have created the list below so people know which programs are okay to update:
• Adobe Products (Shockwave, Flash, Reader, Air)
• Microsoft Products (Security Essentials, Windows, Office, Silverlight)
• Java (Sun MicroSystems)
• Protection Software (SuperAntiSpyware, Malware Bytes, Spybot, Adaware, Norton, MacAfee, Spyware Blaster)
• Google Products (Picasa, Talk, Updater, Toolbar, Earth,
• Apple Products (iTunes, Iphone, iTouch, Nano, Safari, Bonjour, MobileMe)
• Backup Products (Carbonite, Mozy, Acronis)
• Remote Support Products (LogMeIn, GoToMyPC, Team Viewer)
IF A PROGRAMS ASKS TO UPDATE THAT’S NOT ON THIS LIST OR YOU ARE UNSURE OF AN UPDATE – JUST SEND ME AN EMAIL: STEPHEN@HYPERLOGIK.COM
Many of my customers are transitioning over to Windows 7. In many ways, Windows 7 is very similar to past versions of Windows. At the same time there are a number of very useful features in Windows 7 that many people may not know about. Microsoft has developed a great website to familiarize you with many of the new Windows 7 features.
Getting Started With Windows 7 Video and Printable PDFs:
Recently I have talked to a number of clients who have gotten a call from Microsoft telling them that they detected some kind of problem with their computer that needs to be repaired. They then try to get you to go to a website so they can remote into the computer and help you fix it.
This is a scam. Microsoft will never cold call you. The person/company claiming to be Microsoft wants to remote in, create an issue and expect payment to fix it. If you get one of these calls, tell them not to call back and hang up!
You can read more about it in this Microsoft announcement:
In the last 24 hours I have had 5 of my clients email accounts hacked. Someone figures out their email password, logs in and sends out an email something like the following to everyone in their contact list:
“I am traveling in the UK and I had my bag stolen with my passport and all my credit cards. I have no way to pay for a hotel or ticket home. Could you please wire me money ….”
They then change the password on the email account and change all the security questions locking out the true owner of the email account. Now they are free to use your email account, impersonating you and trying to trick anyone they can in your contact list into wiring them money. Frequently they will attach a virus to the message they send to everyone in your contacts list. It looks like the targets of these attacks are owners of common free or free with your internet connection email addresses (ending in sbcglobal.net, yahoo.com, gmail.com, aol.com, msn.com, Hotmail.com, pacbell.net, att.net, etc). So far I have not seen this happen to customers with corporate email addresses (like email@example.com or most other firstname.lastname@example.org type addresses) – however, don’t let this prevent you from trying to setup a more secure password.
On top of trying to trick your contacts out of money, they delete ALL your email history and contacts. From what I can tell so far, the deleted messages and contacts may not be recoverable depending on which service you are using. So there is a potential to lose ALL of your email history.
It takes HOURS of phone calls (many free accounts like Yahoo and Gmail don’t even have a support number to call) and emails to your email provider to get them to reset your password (if you can prove you are the true owner) to regain access to your email account. After submitting proof you own the account it can take them up to 24 hours to process it and get you back in control of your email address.
The reason these accounts have been hacked into is because the passwords are too easy to break (but occasionally it’s because your computer is infected with spyware, malware or keyloggers). Today, computers are so fast, that In just minutes they can try millions of password combinations and quickly figure out your password. This website has a chart showing this: http://wiredcpu.com/how-long-will-it-take-for-hackers-to-crack-your-password/.
This website is a great way to see how secure and how long it would take someone with a modern PC to hack your password: http://howsecureismypassword.net/.
This website describes in great detail what goes into selecting a SECURE password: http://wolfram.org/writing/howto/password.html
In short, if you have a simple or short password I recommend you change it as soon as you can! Many people have trouble remembering a secure password like 4Fz@lo49% (this password would take about a million years for a modern PC to hack). So I suggest you modify an existing password and/or use a word you can remember with a few modifications:
Let’s say your current password is hotdog (this password would be hacked almost instantly as it’s a dictionary word). We can make a few modifications to it to make it a very strong password, yet still easy to remember. We will use pager code (swapping out letters for numbers and symbols that look similar) to make this password a little more difficult, turning the password hotdog into H01d@g (capital H, replaced the o with a zero and the other o with an @ symbol which looks like an o. This password by itself would take about 4 hours to crack). Then we add some numbers before and after this word – 22H0td@g98 (added a 22 before it and a 98 after it. Still relatively easy to remember – but this password would take about 17 thousand years to hack).
If you have any questions about how to change your email password (or a password to any other online account – email accounts and banking websites should be at the top of the list), you can often check the help section of the service you use for instructions or Google it (“how do I change my yahoo email password”). If you are using an application like Outlook Express, Microsoft Outlook, Thunderbird or Mac Mail App you may also have to update that program with your new password. If all else fails, send me an email if you need help!
I am often asked how much it costs to run a computer. I found a great website that explains power usage in great detail: http://www.codinghorror.com/blog/2005/10/the-cost-of-leaving-your-pc-on.html