Protecting yourself online

There is an increasing variety of method being used against us to gather data, steal things, and more.  In this ongoing series of posts I want to cover some of the places where you can get information to help you stay safe.

Once you have all your software up to date and you have a system in place to keep yourself that way, lets add some protection. Many of the attacks against computers are indirect.  The attack has shifted to attacking the person using the computer.  It might be a dodgy advertisement on late night TV or cable.  Or and ad on a web site.  Do not believe it!  We are seeing more and more telephone calls with people pretending to be Microsoft, etc..   There are extortion rackets where you are called and they say that you are infected, etc..  Fake NSA, Fake FBI, the scams go on and on.

Be careful when using the Internet, email, messaging.  Do NOT click on links,  do NOT run software you do not know where it came from.  Be very careful on social networking sites, and with email that appears to be from friends.  “When in doubt; do not Click!”  Here are some online resources to help:

http://www.microsoft.com/protect/default.aspx

http://www.onguardonline.gov/

http://www.staysafeonline.org/

 

 

Welcome to 2014

I hope that all of you had a great 2013!  Moving into 2014 there are a lot of changes in the computing world coming our way.  Microsoft is ending support for Windows XP in a few months.  Intel is changing the name of McAfee to Intel Security, watch for SPAM and Malware around that change!  

Windows 8.1 is now the mainstream release for Microsoft OS.  I know it is different and feels a bit strange.  It is like a new set of shoes you have to break them in.  A couple of hints.  There are two new shortcut keys in Windows 8:  Press the Windows key and the D key at the same time to go to the desktop and the Windows key with the X key for a simplified start menu.  Finally with the start menu up you can just start typing the name of the program you want to run and Windows will find it for you.  

Apple has released their new OS 10.9 for the Mac and IOS 7 for mobile devices.  The OS’s are better integrated with Apples cloud services and much more.  Keep your software upgraded, these releases are free.

 

rjf

 

CryptoLocker Ransomware

In order to help the community at large I would like to ensure you have heard of the Ransomware CryptoLocker.  This software encrypts files on your computer and then holds them for ransom.  There is currently no known way to remove the encryption.  The software will encrypt everything it can find on connected drives, etc.  

US-Cert and others have more information on protecting your self from this bad software:

http://www.us-cert.gov/ncas/alerts/TA13-309A

 

Wikipedia entry:

http://en.wikipedia.org/wiki/CryptoLocker

 

 

 

Email IN-Security and LinkedIn "Intro"

LinkedIn released a new tool called “Intro” that is a significant security risk. LinkedIn wants to add their profile information to email for you, thus they need to interact with all your email.   The tool reconfigures your iOS device to pass all your email through LinkIn’s servers.  All of your sent and received mail from your device now goes through their servers to allow them to add their “linkedIn profile” data to your emails.  This  means that they directly have access to ALL of your email sent and received. This creates a significant security risk.  Please pass this on to the other members of your organizations.  Here is a reference story that talks about the tool:

http://www.bishopfox.com/blog/2013/10/linkedin-intro/

RJF

 

NOTE:

Using free email services such as gmail or yahoo for your business email puts you at risk for these same kinds of issues as they use your email to track you for advertising purposes. Facebook messages are also subject to the same issues.    These services are "ok" for personal, non-sensitive email, but not for commercial use unless you are on a business account where you are paying for the service and have the proper terms of service. Purchasing and using commercial email service for your business is a best practice for all three legs of the C.I.A. triad of security as well as good professional practices.

 

Improve your PC security for free!

We are seeing a growing number  of instances of bad software called crime-ware.  This software pretends to do things like prevent virus or network attacks; but really does not.  The software then tries to extort money from the user to “fix” the problems that are not there.  This software sometimes installs other bad software and can stop you from using your computer normally. Here is how to prevent or greatly reduce  most of these threats from infecting your computer.

Modern operating systems for home computers have the ability to separate data for users by having multiple accounts.  This allows each user to have their own “private” space on the computer.  You can use this ability to improve computer security.

Setup an administrator account with a good password and have that password written down in a safe place so you do not forget it.  Make sure you can log in and out of this account before going any further!  NOTE: Do not use this password for anything else!

Create accounts for every user on the computer making those accounts “standard user” accounts.  Ensure that each account has a password.  Change any existing accounts from administrator to “standard user” and ensure they have passwords set

These accounts will not be able to install software without the administrator password. As a side benefit most bad software (mal-ware) cannot install either as the operating system will require an administrator to install!

It really is OK to write that password down and keep it in a safe place!

 

Microsoft Security Essentials: Windows Anti-virus without the $$$

Many of my clients running Windows Operating Systems have questions around Anti-Virus software.  The question of which AV is best or how much should I pay for AV come up a lot.  Here are a couple of solutions that may help you.

What is most important in this part of the world of computer security is to make sure that your system is up-to-date with the latest security patches for your Operating System and Applications.  This is critical to ensure that you avoid being trapped by any broken software.  Microsoft supplies automatic updates for their OS and Applications using Microsoft Update.  Make sure that you are set to automatically get updated!.  Many other applications will check for updates on startup.  In addition there are tools to check you system for software that is out of date. One example is Secunia PSI.  IT can help and it is free!

Speaking of free; Anti-virus software can be expensive to purchase and some of my clients cannot do that.  Check with your internet service provider to see if they offer AV software as part of their service, many do.  If not, I would like to suggest that you use Microsoft Security Essentials for your Windows PC.  It performs well and does a credible job of protecting your computer.

 

-RJF

 

OH.... You are keeping your data backed up also.  Please review my post about CrashPlan for some backup ideas.