Heartbleed Security Breach

The Heartbleed encryption breach has been all over the news this last week.

I wanted to make sure my customers knew what it was about and what they can do to protect themselves.

This website has a great FAQ and goes over the basics of Heartbleed: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

Here is a list of the top websites and their statuses related to Heartbleed: http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Given the number of sites the average person will need to go to and change the password due to this problem, now would be a great time to look into a password manager: http://www.pcmag.com/article2/0,2817,2407168,00.asp

Googling for 800 Numbers

Recently, I had a customer with an Outlook problem and they Googled Microsoft’s 800 number for technical support. Twenty minutes into a this phone call, it was obvious the 800 number that came up in Google was not Microsoft’s real phone number. Instead, they ended up calling a third-party company claiming to be Microsoft. The company remotely logged into this customers machine and then refused to disconnect from their computer after my customer turned down their $300 repair fee. My customer pulled the power cord on their computer and thankfully I was able to remove the remote access software this company had installed and undid the damage.

Hopefully this will now be a lesson learned for all of my customers. When looking for a tech support phone number, don’t rely on Google. It’s unfortunate that so many companies make it difficult the find their number, but if you do need it – go directly to the company website and find the number there.

Virus, Spyware, and Malware Maintenance and Prevention

Spyware, Malware, Worms, Rootkits, Malvertising, Trojans, Exploits, Adware, Key loggers, and Viruses are becoming a bigger and bigger issue with Windows and Mac computers. This guide is designed to help you prevent and maintain your computer and to give you the best chances of avoiding nasty bugs and computer downtime.

PCs

Prevention

Updates are a critical part to keeping your computer protected. Most of the time when your computer is asking for an update, it’s due to software developers finding a problem with their code that will allow some kind of security breach on your computer. Keeping your machine up to date is critical to keeping your computer safe. On the other hand, update notifications have been faked to try to fool a user into clicking it. If you are unsure if a program should be updated, see if it’s on my list of programs that are okay to update (http://www.hyperlogik.com/Blog/computer-programs-that-are-okay-to-update/).

If you are running Windows XP (which was released in 2002), you cannot update to the newest version of Internet Explorer (9 or 10), which is faster and more secure than Internet Explorer 8 (the latest version you can run in Windows XP). For a faster and safer browsing experience, try using either Google Chrome or Firefox.

Anti-virus software is like the locks on your front door. It’s the first line of defense against a bug or hacker breaking into the system. Just like the locks on your door, they don’t stop everything (tossing a rock through a window can easily defeat even the best door lock).

If you are looking for free protection, I recommend either AVG Anti-Virus or Microsoft Security Essentials.

My recommended pay-for-protection package is Norton Internet Security (Comcast users get this for free here: http://www.xfinity.com/norton. Otherwise you can call us to purchase a license).

The main differences between a free anti-virus program and a pay-for anti-virus program are that the free programs have little or no protection against malware, spyware, and rootkits; do not include a firewall and don’t filter your search results (often preventing you from going to a website that could be infected).

If you are unsure if you have any protection installed, just open the Control Panel and Add/Remove Programs (XP users) or Programs and Features (Vista and 7 Users) and see if you have anything in your programs list labeled “Anti-virus”.

Firewall is built into Windows and blocks basic incoming attacks. If you want something more secure, Norton Internet Security offers a full-featured firewall that can block incoming and outgoing traffic.

Blacklisting. There are thousands of websites whose whole reason for existing is to lure users into going to these websites to get infected with viruses. SpywareBlaster is a program that installs a list of thousands of known bad websites into your computer and prevents your machine from being able to visit these sites. Download, install, update and enable all protection.

Block Ads. Advertisements on many websites can have hidden viruses contained in them. Most websites that have advertising on them are linked to a database of thousands of separate ads that are chosen (often at random) to come up. If the random ad that comes up happens to contain a virus, malware or spyware – often times it will immediately infect your machine. There is usually no way of knowing beforehand if you will get a bad ad. To protect yourself from this issue, install an Ad Blocking Program (AdBlock Plus, which is compatible with Google Chrome and Firefox). This program is a middle man in the process of your typing in a web address and its showing up on your screen. It looks at the website before displaying it and looks for the code that is used to display an advertisement and then removes that code before displaying the page on your screen.

Additional Malware Protection. If your computer is frequently infected, you have kids who use the computer, or you just want another level of protection, SuperAntiSpyware can be an additional layer of protection over your anti-virus software. Their free version does not protect you from infection, but can help with its removal. The pay-for version runs all the time and actively tries to prevent your machine from becoming infected in the first place.

Maintenance and Removal

Even with all of the above protection, sometimes you can still become infected. In some cases the infection is obvious and in others it sits silently in the background and you won’t even know it’s there. When experiencing an infection OR once per quarter, you should download, install, and update these spyware scanners (if I have worked on your computer in the past, it’s very likely these programs are already installed. To check, just click on “start” and “programs” and see if any of the programs below are listed):

SuperAntiSpyware

MalwareBytes

Spybot Search and Destroy

Each time you use these programs, you will need to first use their built in update tool so they can download the latest definitions and then run a full scan (one program at a time; you may need to reboot in between running each of the above programs).

There are hundreds of free programs on the Internet advertising that they will remove viruses, protect your computer, clean your up computer, fix errors, make your computer run faster, etc. Most of these programs don’t work, were not programmed well, or are just a plain scam (some are so elaborate, they set up a number of fake review websites that give their program good reviews). Many are initially marketed as free but quickly ask for money in order to finish repairing your machine – this is usually all a ploy to get your credit card number. If you are unsure if a program is good/legitimate or not, just email me and ask!

If you have any problems or questions about the above, feel free to call or email me!

Microsoft/Computer Repair Cold Call Scam

Recently I have talked to a number of clients who have gotten a call from Microsoft telling them that they detected some kind of problem with their computer that needs to be repaired. They then try to get you to go to a website so they can remote into the computer and help you fix it.

This is a scam. Microsoft will never cold call you. The person/company claiming to be Microsoft wants to remote in, create an issue and expect payment to fix it. If you get one of these calls, tell them not to call back and hang up!

You can read more about it in this Microsoft announcement:

http://www.microsoft.com/australia/presspass/post/Microsoft-issues-warning-on-phone-scam