A lot of people are still perfectly happy with Windows 7. However, the time has come to let it go and upgrade to Windows 10. Read here:
ZDNet article on Windows 7 exit strategy
To some people, Windows 10 seems like a lot of trouble and you've heard that it's hard to use or troublesome in some other way. When Iowa PC Fixers upgrades your PC to Windows 10, you won't feel that way. Your PC will boot faster, be virus-free (and more likely to stay that way), be clean and snappy, and a pleasure to use. We'll install a super speedy solid state drive and use your current drive as a backup drive. In addition to making your PC fast, this has the added benefits of keeping your data safe during the upgrade, and giving you a better way to insure your data stays backed up in the future.
All for under $200. If your PC is 7 years old or less, give me call.
Thanks,
Kevin Kinneer
Iowa PC Fixers
515-978-1090
Tuesday, February 19, 2019
Friday, May 18, 2018
Once again... Be extra careful of email attachments and downloads. New attacks on Adobe software on Windows
I'd say that the newly reported vulnerabilities are particularly bad, but it's unfortunately not that unusual. See article here: SC Media Magazine article: PDF exploit built to combine zero-day Windows and Adobe Reader bugs
Note that this month 47 vulnerabilities were patched. If you use Adobe Reader, you absolutely must stay on top of software updates.
Adobe is continually fixing large numbers of vulnerabilities in their software. This is a good thing as they are clearly trying to stay on top of it. However, my recommendation is to avoid Adobe Reader if possible and use an alternate reader. Edge works in Windows 10 and would be somewhat of an improvement over Adobe Reader, but I would recommend Foxit or really any lesser known reputable reader. Until something else becomes more popular than Adobe, it will be targeted. Malicious PDF attachments sent via email and malicious PDF downloads from websites are typically expecting to take advantage of Adobe software and it is apparently a target rich environment.
The steps below are the summary of a previous article and are most important. Please see them in more detail here: Keep Your PC Safe.
- Change your DNS settings to use OpenDNS
- Install either Mozilla Firefox or Google Chrome and use it instead of Internet Explorer (Edge is ok but uBlock Origin by Gorhill is not available).
- Install uBlock Origin and Web of Trust add-ons in both Chrome and Firefox.
- Use Windows 10 and it's built-in antivirus software.
- Make sure your software is up-to-date (Foxit and Java are two that need updating. Uninstall Java if you don't need it).
- Uninstall Adobe Reader and install Foxit Reader instead.
- Make your Windows login a "standard" user instead of an administrator.
Friday, March 03, 2017
Keeping your files safe from ransomware
March 3, 2017
Ransomware is still on the rise. Many haven't heard about this type of malware and aren't aware that they could lose all of their valuable files in one unfortunate incident. It is as simple as opening an email attachment or downloading something from the web that isn't what it seems to be. Once bitten by this kind of malware, the only thing you can do is pay the ransom (and hopefully you will get your files back) or restore your files from a backup.
The one and potentially most important thing that I did not mention in my previous posts about "Keeping your PC Safe" is that regular back-ups are so critically important. And ideally you would have a backup that is not physically in the same location as your PC (i.e. an on-line backup). There are many ways to do this including Microsoft's OneDrive, Google Drive, Carbonite, Crashplan, SpiderOak, etc. See a review here: The Best Online Backup Services of 2017
The steps below are the summary of a previous article and are most important. Please see them in more detail here: Keep Your PC Safe. But if these fail, backup is your only hope against ransomware.
Ransomware is still on the rise. Many haven't heard about this type of malware and aren't aware that they could lose all of their valuable files in one unfortunate incident. It is as simple as opening an email attachment or downloading something from the web that isn't what it seems to be. Once bitten by this kind of malware, the only thing you can do is pay the ransom (and hopefully you will get your files back) or restore your files from a backup.
The one and potentially most important thing that I did not mention in my previous posts about "Keeping your PC Safe" is that regular back-ups are so critically important. And ideally you would have a backup that is not physically in the same location as your PC (i.e. an on-line backup). There are many ways to do this including Microsoft's OneDrive, Google Drive, Carbonite, Crashplan, SpiderOak, etc. See a review here: The Best Online Backup Services of 2017
The steps below are the summary of a previous article and are most important. Please see them in more detail here: Keep Your PC Safe. But if these fail, backup is your only hope against ransomware.
1. Change your DNS settings to use OpenDNS
2. Install either Firefox or Google Chrome and use it instead of Internet Explorer (Edge is ok).
3. Use Windows 10 and it's built-in antivirus software
4. Make sure your software is up-to-date
5. Uninstall Adobe Reader and install Foxit Reader instead.
6. Make your Windows login a "standard" user instead of an administrator.
Friday, September 30, 2016
Keep your PC Safe - 09/30/2016
Sept 30, 2016
We're losing the security war. More of our PC's than ever contain viruses and malware. The main rule you should abide by when using your computer is this: If you didn't go looking for it, don't open it, don't allow it, or reply to it. This rule applies to everything you see on the web, in your email, in a pop-up, or even from an unsolicited phone call.
Aside from modifying your behavior, here are a few key things everyone can do to avoid most problems. An old article from PC World http://shar.es/mSJv5 gives you some of them especially on the second page of the article (ignore the scripting advice, as noscript isn't practical).
1. Change your DNS settings to use OpenDNS
This may be the most important thing you can do and for some people it will actually speed up your internet access. OpenDNS gives you a way to control what is allowed on your home network, including your mobile devices that use Wi-Fi, with the ability to block entire categories of web sites. In addition, OpenDNS prevents you from going to fraudulent web sites by maintaining a block list. It's a "set it and forget it" solution too. Be aware that savvy teens can figure out how to get around OpenDNS by manually changing their DNS settings on the computer or phone. If you want to prevent this, it is possible to configure your router.... but too much for this article.
In fact you might get rid of all of your obvious Internet Explorer icons so you're not tempted to use it. Currently, Chrome is my favorite. It's the fastest browser and it keeps itself up-to-date automatically without bothering you about it (Firefox is following suit).
The following is a list of common software that should be kept up-to-date if installed on your system (instructions not complete)
That's right - get rid of Adobe Reader. This is the software that your computer uses to display PDF files. It has had a continuing history of vulnerabilities (like all software) but to the level that it's just time to move to something that is less of a target. Even if your copy of Reader is totally up-to-date there are often unpatched problems that are being exploited by the bad guys. Further, the download to update it is so huge that some people avoid it.
We're losing the security war. More of our PC's than ever contain viruses and malware. The main rule you should abide by when using your computer is this: If you didn't go looking for it, don't open it, don't allow it, or reply to it. This rule applies to everything you see on the web, in your email, in a pop-up, or even from an unsolicited phone call.
Aside from modifying your behavior, here are a few key things everyone can do to avoid most problems. An old article from PC World http://shar.es/mSJv5 gives you some of them especially on the second page of the article (ignore the scripting advice, as noscript isn't practical).
1. Change your DNS settings to use OpenDNS
This may be the most important thing you can do and for some people it will actually speed up your internet access. OpenDNS gives you a way to control what is allowed on your home network, including your mobile devices that use Wi-Fi, with the ability to block entire categories of web sites. In addition, OpenDNS prevents you from going to fraudulent web sites by maintaining a block list. It's a "set it and forget it" solution too. Be aware that savvy teens can figure out how to get around OpenDNS by manually changing their DNS settings on the computer or phone. If you want to prevent this, it is possible to configure your router.... but too much for this article.
- Go here to get started: https://www.opendns.com/home-internet-security/
- Or just to protect the kids, simply set your router's DNS settings to OpenDNS's family DNS servers which are at 208.67.222.123 and 208.67.220.123. Here is what this is all about: https://blog.opendns.com/2010/06/23/introducing-familyshield-parental-controls/
In fact you might get rid of all of your obvious Internet Explorer icons so you're not tempted to use it. Currently, Chrome is my favorite. It's the fastest browser and it keeps itself up-to-date automatically without bothering you about it (Firefox is following suit).
- Download Firefox here: http://www.mozilla.com/en-US/firefox/upgrade.html
Download Chrome here: http://www.google.com/chrome - Install and Run Firefox or Chrome and make it your default web browser when it asks.
- Install an add-on called uBlock Origin by Raymond Gorhill. In Firefox, I like to unhide the menu. Click the little orange tab in the upper left corner and scroll down to Options, then put a check next to "Menu bar". ** Install add-ons by clicking "Tools" and "Ad-ons". In the "Get Add-ons" tab search for uBlock Origin. Click the "Add to Firefox" button and follow the prompts. In Chrome click the little 3-dot icon in the upper right, then click "More tools" then :Extensions". Click the "Get more extensions" link in the middle of the page and search for uBlock Origin, click the "Add" button and follow the prompts. Of course in either browser, if you see add-ons that you don't use or recognize, turn them off or uninstall them.
- Install another add-on called WOT or Web of Trust. Web of Trust gives you ratings beside your search results that tell you if the web site is reputable or not. Also, if you try to go to a web site that has questionable ratings, it will warn you and give you a chance to back out. It is community supported.
- If you're using Windows 8 or 10, Microsoft has included Windows Defender which is their Defender and Security Essentials products combined. Simply uninstall any and all antivirus software that you have installed, and Windows will do the rest by re-enabling Windows Defender.
- If you have a good antivirus and you're sure it's up-to-date you could skip this step but I haven't seen many in this condition. Many people are paying for solutions that bog down their PC or are only marginally better than Microsoft's free solution. Also, many people have multiple solutions installed and are unnecessarily bogging down their computer. If you are unsure or you are using a pay service, you should uninstall ALL security software on your pc and proceed with this step or reinstall the Antivirus software you are comfortable with and make sure it has the latest updates.
- If you have Windows 7, I like Bitdefender Free because it does a decent job and stays out of your way. http://www.bitdefender.com/solutions/free.html
- Antivirus is like "suspenders". Your belt, your first and only real line of defense, is your behavior. i.e. Don't click on links in email or in other questionable web pages or ads. And question everything.
The following is a list of common software that should be kept up-to-date if installed on your system (instructions not complete)
- If using Windows 7: Adobe Flash Player http://get.adobe.com/flashplayer/ Note: Do NOT check the option to install McAfee Security Scan. We don't need to bog down our machines with multiple security solutions.
- In Windows 7 you should use the Windows Update link found by clicking on the Start button, then All Programs, then scroll up near the top to find Windows Update. You can also find it in the Control Panel.
- Java http://www.java.com/en/download/index.jsp but uninstall Java if you don't have programs that need it.
- Adobe Shockwave - This software is typically used in certain web games that run in your browser. You can and probably should uninstall it. When you or more likely your kids encounter a need for it, your browser will prompt you to install it and you will get the latest version.
- Many of you will have Microsoft Office - on Windows 7 Microsoft Update has probably already taken care of this for you, but if not read here: https://www.msoutlook.info/question/363. In Windows 10, there is an "Advanced options" option on the "Update and Security" screen where you will find the checkbox "Give me updates for other Microsoft products when I update Windows". Make sure this is turned on.
That's right - get rid of Adobe Reader. This is the software that your computer uses to display PDF files. It has had a continuing history of vulnerabilities (like all software) but to the level that it's just time to move to something that is less of a target. Even if your copy of Reader is totally up-to-date there are often unpatched problems that are being exploited by the bad guys. Further, the download to update it is so huge that some people avoid it.
- To uninstall it, click the Start button, select "Settings" then "Control Panel". In control panel select "Programs and Features" (You might first have to select "View by: small icons" in the upper right). Find Adobe Reader (older versions may have been called Acrobat Reader) and click on it, then select the "Remove" button. While you're in Add/Remove Programs you might want to look at the list and remove any other programs that you know you no longer have need for.
- To install Foxit Reader, browse here: www.foxitsoftware.com/downloads/index.php and you will find it in the right hand column. Once downloaded, run it to get it installed. Note: Uncheck the option to install Connected PDF and Phantom PDF and the option to make Ask.com your home page. Other than that, you can accept all of the default settings and acknowledge the Windows messages authorizing changes to your system.
- You will first want to create a new user account that will be an administrator. Perhaps you would call it Admin. Give this user account a decent password. Then log in to that new user account and from there you should be able to change your originals user account to a "standard" account.
- From now on, when some program wants to make a change on your PC, it will ask you for the Admin password, which is a little higher of a bar to clear as hopefully you will think before you provide the password.
- Here is an article that describes the process in Windows 10: http://www.windowscentral.com/how-change-user-account-type-windows-10
Labels:
anti-virus,
antivirus,
DNS,
OpenDNS,
security,
Windows 10
Thursday, June 09, 2016
Time to wipe all that junkware off your PC. Especially if you have a Lenovo PC, but other manufacturers too... 6/9/2016
People have been dealing with slow PC's unnecessarily for far too long. It's time to fix this. With the recent spate of articles and attention, hopefully vendors will respond, but I kind of doubt anything will change. Consider the following article entitled "Lenovo Tells Users to Uninstall Vulnerable Updater":
https://threatpost.com/lenovo-tells-users-to-uninstall-vulnerable-updater/118436/
Sounds bad. But really, the problem here is more universal and applies to all vendor-supplied software that comes pre-installed on almost every PC.
Besides the fact that much of this software is unnecessary an slows down your PC, check out this indictment by DUO Labs after they performed a security study:
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
The article cuts to the chase with this quote:
"Spoiler: we broke all of them (some worse than others). Every single vendor had at least one vulnerability that could allow for a man-in-the-middle (MITM) attacker to execute arbitrary code as SYSTEM."
What to do?
The easiest solution is to have an expert look at your PC and disable or uninstall unneeded vendor-supplied software.
The best solution is to do a clean install of Windows. And the best way to do that is to, at the same time, pull the original hard drive from your system and add a new solid state drive or SSD. This is actually killing four birds with one stone.
https://threatpost.com/lenovo-tells-users-to-uninstall-vulnerable-updater/118436/
Sounds bad. But really, the problem here is more universal and applies to all vendor-supplied software that comes pre-installed on almost every PC.
Besides the fact that much of this software is unnecessary an slows down your PC, check out this indictment by DUO Labs after they performed a security study:
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
The article cuts to the chase with this quote:
"Spoiler: we broke all of them (some worse than others). Every single vendor had at least one vulnerability that could allow for a man-in-the-middle (MITM) attacker to execute arbitrary code as SYSTEM."
What to do?
The easiest solution is to have an expert look at your PC and disable or uninstall unneeded vendor-supplied software.
The best solution is to do a clean install of Windows. And the best way to do that is to, at the same time, pull the original hard drive from your system and add a new solid state drive or SSD. This is actually killing four birds with one stone.
- You'll have a much more secure PC.
- It will speed up by a factor of 1 to 4 times, literally.
- Any other junk or malware that may have crept into your PC will be gone.
- You are guaranteed to have all of your data intact as the original hard drive is untouched and you can then install it in a usb external case and use it for backup.
USB external case on Amazon: http://smile.amazon.com/dp/B00OFJ1UK6
Saturday, March 19, 2016
Major sites infected by ads that can take over your computer... 3/19/16
Major web sites have been targeted by criminals using malware in advertisements. Simply by browsing to a site your PC could become infected. And some of these criminals are intent on encrypting all of your files making them unreadable. If you don't have a good backup, you may have to pay a hefty ransom to get them unencrypted.
News articles:
http://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising
http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/
Don't be a victim. Install Chrome and one of these add-ons: AdBlock, AdBlock Plus, or uBlock Origin.
Also, please make sure you have a good back-up of your data. One easy way is to store all of your files in a folder that is backed up by an online storage service, like Google Drive, Jungledisk, or DropBox. There are many others as well but pick one that offers versioning on all of your files. (Note: do not use OneDrive as it currently only offers versioning on Microsoft format files.) Then log out of the service after it is done syncing, usually indicated by the tray icon, so the online files are protected.
If you have too much data to use an online solution or you don't trust the long term security of your online credentials, get an external USB Drive, connect it to your PC and turn on File History in the control panel and also run a complete Backup (Control Panel > Backup and Restore > Set up backup). Disconnect the drive after all files are backed up.
A periodic full backup to an external drive that is then disconnected is one of the best solutions for home users. However, if you connect your drive or log into your online service while an encryption malware is on the loose on your system, it will encrypt those files too. The advantage to the online services is that they keep older versions of your files and even if the most recent version is encrypted, you may be able to restore the previous version. For businesses or sophisticated home users, there are many other data redundancy solutions that can be employed.
If you need help please give Iowa PC Fixers a call.
News articles:
http://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising
http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/
Don't be a victim. Install Chrome and one of these add-ons: AdBlock, AdBlock Plus, or uBlock Origin.
Also, please make sure you have a good back-up of your data. One easy way is to store all of your files in a folder that is backed up by an online storage service, like Google Drive, Jungledisk, or DropBox. There are many others as well but pick one that offers versioning on all of your files. (Note: do not use OneDrive as it currently only offers versioning on Microsoft format files.) Then log out of the service after it is done syncing, usually indicated by the tray icon, so the online files are protected.
If you have too much data to use an online solution or you don't trust the long term security of your online credentials, get an external USB Drive, connect it to your PC and turn on File History in the control panel and also run a complete Backup (Control Panel > Backup and Restore > Set up backup). Disconnect the drive after all files are backed up.
A periodic full backup to an external drive that is then disconnected is one of the best solutions for home users. However, if you connect your drive or log into your online service while an encryption malware is on the loose on your system, it will encrypt those files too. The advantage to the online services is that they keep older versions of your files and even if the most recent version is encrypted, you may be able to restore the previous version. For businesses or sophisticated home users, there are many other data redundancy solutions that can be employed.
If you need help please give Iowa PC Fixers a call.
Tuesday, September 22, 2015
Ad blocking again - More reasons why you need to block, and some advice... 9-22-15
The tide is finally turning against the problems caused by ads, trackers, and ad networks. It's good to see some industry experts finally coming around to the reality of how bad this epidemic has been for your typical web consumer. My first post recommending an ad blocker was Nov 26 of 2011 titled "Keep Your PC Safe" and you can see all of my posts since. Definition of the problem came here: Safe Browsing - Use an ad blocker - 2-20-2014
Articles:
The Ethics of Adblocking
It's the End of the Line for the Ad-Supported Web
Security Now! show 523
Security Now! show 524
One thing I would disagree with Steve Gibson on - In my opinion, the average consumer unfortunately isn't concerned about "tracking" as he stated in show 524 (about 1/3 of the way through the transcript). People who bring their computer to my office for repair, simply want to make sure they don't get infected and of course they would love to speed up their web browsing. I think the typical pundits that Steve may be reading or hearing from are much more tech savvy than your average user.
What should you do today? Add one or more of the following blockers to your web browser:
1. Adblock Plus
2. uBlock Origin
3. Disconnect by Disconnect.me
4. Adblock
Currently I'm favoring uBlock Origin, although Adblock Plus does what most users would like to see, in that it gets rid of ads and has minimal interference with your normal browsing. If you are technically inclined, uBlock Origin may be for you.
Articles:
The Ethics of Adblocking
It's the End of the Line for the Ad-Supported Web
Security Now! show 523
Security Now! show 524
One thing I would disagree with Steve Gibson on - In my opinion, the average consumer unfortunately isn't concerned about "tracking" as he stated in show 524 (about 1/3 of the way through the transcript). People who bring their computer to my office for repair, simply want to make sure they don't get infected and of course they would love to speed up their web browsing. I think the typical pundits that Steve may be reading or hearing from are much more tech savvy than your average user.
What should you do today? Add one or more of the following blockers to your web browser:
1. Adblock Plus
2. uBlock Origin
3. Disconnect by Disconnect.me
4. Adblock
Currently I'm favoring uBlock Origin, although Adblock Plus does what most users would like to see, in that it gets rid of ads and has minimal interference with your normal browsing. If you are technically inclined, uBlock Origin may be for you.
Tuesday, July 21, 2015
Restart your PC today - Big Windows flaw can allow your PC to be taken over 7-21-15
Read more information from this ZDNet article:
Microsoft releases emergency patch for all versions of Windows
If you haven't updated yet, your PC could be taken over simply by visiting an infected web page. So here's what to do:
To make sure you are up-to-date, close all your open windows, then click the start button and see if there is an update indicated on the Shut Down button. If you hover your mouse over it, it will say "Update and shut down" or "Update and restart". If so click it and get it done and you won't have to worry.
If no update seems to be present, go into the Control Panel (hold the Windows key and tap I to find the control panel) and open the item called "Windows Update" found under the System and Security section. If there are updates present, click the "Install Now" button. If not, click the link in the left column that says "Check for updates". It will take a few minutes then if updates are will provide you with the "Install Now" button.
There have been a few of these types of flaws in the past, but they're really not that common.
Microsoft releases emergency patch for all versions of Windows
If you haven't updated yet, your PC could be taken over simply by visiting an infected web page. So here's what to do:
To make sure you are up-to-date, close all your open windows, then click the start button and see if there is an update indicated on the Shut Down button. If you hover your mouse over it, it will say "Update and shut down" or "Update and restart". If so click it and get it done and you won't have to worry.
If no update seems to be present, go into the Control Panel (hold the Windows key and tap I to find the control panel) and open the item called "Windows Update" found under the System and Security section. If there are updates present, click the "Install Now" button. If not, click the link in the left column that says "Check for updates". It will take a few minutes then if updates are will provide you with the "Install Now" button.
There have been a few of these types of flaws in the past, but they're really not that common.
Monday, April 20, 2015
Still using an ad blocker - 4-20-15
We're not out of the woods yet. Continuing to use an ad blocker...
PCWorld's article "Google's push to encrypt ads will improve security, but won't kill malicious advertising"
PCWorld's article "Google's push to encrypt ads will improve security, but won't kill malicious advertising"
Thursday, January 15, 2015
Use an ad blocker - 01-15-2015
PC World Article: Google squashes widespread AdSense malvertising attack
PC World Article: Malicious ads distributed 'on a large scale' by Zedo, Google's DoubleClick ad networks
If you are using Chrome, check your add-ons by selecting the menu icon in the upper right, then "Settings" then click on "Extensions" in the left column. If you don't have AdBlock or Adblock Plus here, then do the following:
1. Scroll to the bottom and click "Get more extensions"
2. Under "chrome web store" in the upper left you will see a search box. Enter "adblock" here and press the enter key.
3. Under the extensions section, choose either AdBlock or Adblock Plus (both are good) and click the blue "Free" button on the right.
4. A new tab will pop up when it is installed. You may close this tab or feel free to donate to these efforts. They provide a valuable service.
As I've stated before, it isn't ideal to block ads because much of the free content we view today is financed by them. However, self protection is our first priority and the methods used to sell ads, verify the ad purchaser's identity, and verify ad content are not up to the task and can't prevent malware.
PC World Article: Malicious ads distributed 'on a large scale' by Zedo, Google's DoubleClick ad networks
If you are using Chrome, check your add-ons by selecting the menu icon in the upper right, then "Settings" then click on "Extensions" in the left column. If you don't have AdBlock or Adblock Plus here, then do the following:
1. Scroll to the bottom and click "Get more extensions"
2. Under "chrome web store" in the upper left you will see a search box. Enter "adblock" here and press the enter key.
3. Under the extensions section, choose either AdBlock or Adblock Plus (both are good) and click the blue "Free" button on the right.
4. A new tab will pop up when it is installed. You may close this tab or feel free to donate to these efforts. They provide a valuable service.
As I've stated before, it isn't ideal to block ads because much of the free content we view today is financed by them. However, self protection is our first priority and the methods used to sell ads, verify the ad purchaser's identity, and verify ad content are not up to the task and can't prevent malware.
Friday, December 12, 2014
A couple good articles on keeping your PC safe - 12-12-2014
A couple good articles from PC World
These are still very good advice.
These are still very good advice.
- How to protect your PC against devious security traps
- How to build the ultimate PC security suite for free
Thursday, February 20, 2014
Safe Browsing - Use an ad blocker - 2-20-2014
Malware infections via malicious ads are on the rise.
Using an ad blocking software in your browser is somewhat controversial. As consumers we are often receiving the benefit of web site content for free because the web site is able to pay its bills by selling advertising. If everyone blocked the advertising, that model would go away and nobody wants that. However, until the ad purveyors can be held to a higher standard, I highly recommend using an ad blocker such as Adblock https://www.getadblock.com/ or Adblock Plus https://adblockplus.org/
In my home we have avoided virus/malware infections quite effectively using the methods I have blogged about in the past which include ad blocking. See here: http://blog.iowapcfixers.com/2010/04/keep-your-pc-safe.html In addition to ad blocking, we have added WOT (Web of Trust) to our arsenal. It is also a browser add-on that is installed in all browsers on all PC's in our home that helps to warn of potentially usafe links and search results.
Articles:
- "Google in 2012 disabled ads from more than 123,000 sites. But a year later, across 2013, disabled ads from more than 400,000 sites"
quoted from https://www.grc.com/sn/sn-441.htm - Wall Street Journal http://online.wsj.com/news/articles/SB10001424052702303743604579350654103483462
Thursday, January 12, 2012
Easy ways to make and remember secure passwords
Ok, so you're one of those people who uses something like "dogdog", "qwerty", "password", or part of your name for your password and you use it for absolutely every site you log into. And nothing bad has ever happened - at least that you know of -, right? Well, you're playing with fire folks and it's just a matter of time. Thanks to some new ideas about password security, it's not all that hard to make secure yet memorable passwords.
You may have heard advice like this: "In order to be truly secure, your password should resemble random gibberish and be very long." Well that is true but the problem is we can't realistically remember a random gibberish password like "Jd5=-Wds1`XC[iu". And then to complicate things, we need to use a different password at every web site (also true).
As it turns out, length of the password is much more important than complexity. If you want to truly understand this, there is an article at Gibson Research (grc.com) that explains why. You have to skip about two thirds of the way down to get to the relevant portion (it's here: http://www.grc.com/sn/sn-303.htm) so to save you time, here's a quote from Steve Gibson:
The simple answer: "padding"
Add memorable "junk" characters to the beginning and/or middle and/or end of your passwords. Another way to put it: For raw, let's call it "crackability", you would be better off with a long password like *(*(*(*(dog--dog than total gibberish like Jd5=# that is very short.
The complex answer:
Well, it's not quite that easy. You still have to follow the rule of not using the same password at different sites. And if someone were to discover one of your passwords, you don't want them to be able to figure out all of them. So one idea is this:
1) Have a password that is somewhat random like J3dx5=-
2) Pad it with some characters of your choosing: zxzxzxJ3dx5=-
3) Make one or more of the letters an abstraction from the web site's name.
example: web site address is "mybank.com". Your rule could be that the 3rd letter in the "gibberish" part of your password is 4 letters in alphabet after the third letter of the web site address. So the third letter of the web site address in this case is "b". The 3rd letter of my password would be "f", so my password would be zxzxzxJ3fx5=-
Instead of a complex base password like the example above, you could do something simple like zxzxzxm.ybaNk . While this is not easily crackable by brute force, someone looking at the password might easily guess your scheme: Your passwords are zxzxzx plus the web site name with a dot after the first character and the 5th (or second to last) letter in caps.
You may have heard advice like this: "In order to be truly secure, your password should resemble random gibberish and be very long." Well that is true but the problem is we can't realistically remember a random gibberish password like "Jd5=-Wds1`XC[iu". And then to complicate things, we need to use a different password at every web site (also true).
As it turns out, length of the password is much more important than complexity. If you want to truly understand this, there is an article at Gibson Research (grc.com) that explains why. You have to skip about two thirds of the way down to get to the relevant portion (it's here: http://www.grc.com/sn/sn-303.htm) so to save you time, here's a quote from Steve Gibson:
"The problem has always been that we've assumed that user-friendly passwords, things we could remember, were probably also weak. And what I hit on is that's not necessarily true. What matters when, as soon as the attacker has exhausted all of his lists, common password lists, maybe site-specific likely passwords based on the site they're trying to hack, or the specific user. You don't want to use your own name as a password because that might be your username also, so it might be that the bad guy knows something about you. Then they'll fall back to dictionaries. Then maybe dictionaries with a digit tacked on the end because we know now that some password policies require at least one digit.
So users who don't really, I don't know what it is, they don't think it's ever going to happen to them, or they're just trying to create a throwaway login because they want to post a comment on a blog and this dumb site requires them to create an account in order to do so, whatever, they'll just tack a zero on the end, or a one, or whatever their favorite digit is. So the bad guys who want to get in will try those tricks, too. So you can imagine there are things that bad guys could do, attackers, to try to figure out something that the lazy user has done.
When all else fails, when all of that fails, they fall back to the traditional, often spoken of, brute-force attack. Because we understand how it's possible to create every possible password, first you start with A, then B, then C, then D and so forth, up through Z. Then AA, AB, AC, AD and so forth up to AZ. Then BA, BB, BC, BD and so on. So it's possible, given time, to run through every possible password. That's why, in the past, we have chosen passwords that are nonmemorable, these horrors like what you get from the Perfect Passwords page at GRC, because they are just absolutely off the map. They're ultra-high entropy, and there is no way to guess what they are.
So what this means is that the only vulnerability after your password isn't going to be quickly found in a list is the bad guy trying them all. Trying them all, since they don't know how long your password is, and the only feedback they get back is yes, that was a match, or no, that wasn't. One of the most often seen lies told by Hollywood is when the cracker uses some algorithm, and one by one determines what the digits of the combination is."So what to do?
The simple answer: "padding"
Add memorable "junk" characters to the beginning and/or middle and/or end of your passwords. Another way to put it: For raw, let's call it "crackability", you would be better off with a long password like *(*(*(*(dog--dog than total gibberish like Jd5=# that is very short.
The complex answer:
Well, it's not quite that easy. You still have to follow the rule of not using the same password at different sites. And if someone were to discover one of your passwords, you don't want them to be able to figure out all of them. So one idea is this:
1) Have a password that is somewhat random like J3dx5=-
2) Pad it with some characters of your choosing: zxzxzxJ3dx5=-
3) Make one or more of the letters an abstraction from the web site's name.
example: web site address is "mybank.com". Your rule could be that the 3rd letter in the "gibberish" part of your password is 4 letters in alphabet after the third letter of the web site address. So the third letter of the web site address in this case is "b". The 3rd letter of my password would be "f", so my password would be zxzxzxJ3fx5=-
Instead of a complex base password like the example above, you could do something simple like zxzxzxm.ybaNk . While this is not easily crackable by brute force, someone looking at the password might easily guess your scheme: Your passwords are zxzxzx plus the web site name with a dot after the first character and the 5th (or second to last) letter in caps.
Wednesday, April 21, 2010
Keep your PC Safe
November 26, 2011
We're losing the security war. More of our PC's than ever contain viruses and malware. The main rule you should abide by when using your computer is this: If you didn't go looking for it, don't open it, don't allow it, or reply to it. This rule applies to everything you see on the web, in your email, in a pop-up, or even from an unsolicited phone call (check this out Microsoft technician scam). Aside from modifying your behavior, here are a few key things everyone can do to avoid most problems.
An article from PC World http://shar.es/mSJv5
1. Change your DNS settings to use OpenDNS
This may be the most important thing you can do and for some people it will actually speed up your internet access. OpenDNS gives you a way to control what is allowed on your home network, including your mobile devices that use Wi-Fi, with the ability to block entire categories of web sites. In addition, OpenDNS prevents you from going to fraudulent web sites by maintaining a block list. It's a "set it and forget it" solution too. Be aware that savvy teens can figure out how to get around OpenDNS by manually changing their DNS settings on the computer or phone. If you want to prevent this, it is possible to configure your router.... but too much for this article.
a. Go here to get started: https://www.opendns.com/home-internet-security/
2. Install either Firefox or Google Chrome and use it instead of Internet Explorer.
In fact you might get rid of all of your obvious Internet Explorer icons so you're not tempted to use it. Currently, Chrome is my favorite. It's the fastest browser and it keeps itself up-to-date automatically without bothering you about it (Firefox is following suit).
a. Download Firefox here: http://www.mozilla.com/en-US/firefox/upgrade.html
Download Chrome here: http://www.google.com/chrome
b. Install and Run Firefox or Chrome and make it your default web browser when it asks.
c. Install an add-on called Adblock Plus. In Firefox, I like to unhide the menu. Click the little orange tab in the upper left corner and scroll down to Options, then put a check next to "Menu bar". ** Install add-ons by clicking "Tools" and "Ad-ons". In the "Get Add-ons" tab search for Adblock Plus. Click the "Add to Firefox" button and follow the prompts. After you restart Firefox, subscribe the "Easylist (USA)". In Chrome click the little 3-line icon in the upper right, then click Tools then Extensions. Click the "Get more extensions" link in the middle of the page and search for Adblock Plus. It'll do the rest for you.
3. Install Microsoft Security Essentials. (update - this is not necessary on Windows 8 or later)
If you have a good anti-virus and you're sure it's up-to-date you could skip this step but I haven't seen many in this condition. Many people are paying for solutions that bog down their PC or are only marginally better than Microsoft's free solution. Also, many people have multiple solutions installed and are unnecessarily bogging down their computer. If you are unsure or you are using a pay service, you should uninstall ALL security software on your pc and proceed with this step or reinstall the Anti-virus software you are comfortable with and make sure it has the latest updates. Anti-virus is like "suspenders" - your first and only real line of defense is your behavior, i.e. don't click on links in email or in other questionable web pages or ads, and question everything.
a. Open Firefox or Chrome and enter www.microsoft.com/Security_Essentials/ in the address bar. Click the "Download Now" button, select your language and operating system, then choose to save the file. Pick a folder to save it in where you can find it, or just save it on the desktop. Once downloaded, open it and follower the prompts to get it installed. The first update will take a long time, but after that it will just do it's thing.
4. Make sure your software is up-to-date
The following is a list of common software that should be kept up-to-date if installed on your system (instructions not complete)
a. Adobe Flash Player http://get.adobe.com/flashplayer/ Note: Do NOT check the option to install McAfee Security Scan. We don't need to bog down our machines with multiple security solutions.
b. In Windows XP use your browser (unfortunately you have to use Internet Explorer) to go to Windows Update update.microsoft.com and click the "Express" button to check for the latest updates. If you have Win7 or Vista you should use the Windows Update link found by clicking on the Start button, then All Programs, then scroll up near the top to find Windows Update.
c. Java http://www.java.com/en/download/index.jsp
d. Adobe Shockwave - This software is typically used in certain web games that run in your browser. You can and probably should uninstall it. When you or more likely your kids encounter a need for it, your browser will prompt you to install it and you will get the latest version.
e. Some of you may have Microsoft Office - office.microsoft.com/officeupdate/ (unless you have Vista or Windows 7 in which case Windows Update has probably already taken care of this for you.)
5. Uninstall Adobe Reader and install Foxit Reader instead.
That's right - get rid of Adobe Reader. This is the software that your computer uses to display PDF files. It has had a continuing history of vulnerabilities (like all software) but to the level that it's just time to move to something that is less of a target. Even if your copy of Reader is totally up-to-date there are often unpatched problems that are being exploited by the bad guys. Further, the download to update it is so huge that some people avoid it.
a. To uninstall it, click the Start button, select "Settings" then "Control Panel". In control panel select "Add/Remove Programs" or if you have Vista or Win7 select "Programs and Features". In either case, find Adobe Reader (older versions may have been called Acrobat Reader) and click on it, then select the "Remove" button. While you're in Add/Remove Programs you might want to look at the list and remove any other programs that you know you no longer have need for.
b. To install Foxit Reader, browse here: www.foxitsoftware.com/downloads/index.php and download the latest version (it may take you to CNet to do the download). Once downloaded, run it to get it installed. Note: Uncheck the option to install the Foxit PDF Creator Toolbar and the option to make Ask.com your home page. Other than that, you can accept all of the default settings and acknowledge the Windows messages authorizing changes to your system.
Thursday, April 27, 2006
Audio learning
This is real geek stuff...
Encryption (www.grc.com/securitynow.htm)
Listen to shows 30 through 35
Security (please listen to this one)
http://www.itconversations.com/shows/detail966.html
Trends (SOA, Open Source, Ajax, work, etc)
http://www.itconversations.com/shows/detail999.html
http://www.itconversations.com/shows/detail973.html
http://www.itconversations.com/shows/detail868.html
http://www.itconversations.com/shows/detail638.html
http://www.itconversations.com/shows/detail50.html
http://www.itconversations.com/shows/detail866.html
http://www.itconversations.com/shows/detail659.html
http://www.itconversations.com/series/oscon2005.html
AJAX
http://www.itconversations.com/shows/detail1010.html
http://javapodcast.com/media/mahemoff/SASDAjaxBasics3of3EventsAndMore.mp3
http://javapodcast.com/media/mahemoff/SASD_AjaxDisplay_Basics1Of3.mp3
http://javapodcast.com/media/mahemoff/SASD_AjaxRemotingBasics2Of3.mp3
http://ajaxmatters.com/r/welcome
Encryption (www.grc.com/securitynow.htm)
Listen to shows 30 through 35
Security (please listen to this one)
http://www.itconversations.com/shows/detail966.html
Trends (SOA, Open Source, Ajax, work, etc)
http://www.itconversations.com/shows/detail999.html
http://www.itconversations.com/shows/detail973.html
http://www.itconversations.com/shows/detail868.html
http://www.itconversations.com/shows/detail638.html
http://www.itconversations.com/shows/detail50.html
http://www.itconversations.com/shows/detail866.html
http://www.itconversations.com/shows/detail659.html
http://www.itconversations.com/series/oscon2005.html
AJAX
http://www.itconversations.com/shows/detail1010.html
http://javapodcast.com/media/mahemoff/SASDAjaxBasics3of3EventsAndMore.mp3
http://javapodcast.com/media/mahemoff/SASD_AjaxDisplay_Basics1Of3.mp3
http://javapodcast.com/media/mahemoff/SASD_AjaxRemotingBasics2Of3.mp3
http://ajaxmatters.com/r/welcome
Subscribe to:
Posts (Atom)