Posted on

For Whom the Bell Tolls: Microsoft Ending Support for XP in 2014

Microsoft announced in April 2012 that it will end support for Windows XP and Office 2003 in April 2014. This is certainly no surprise since the operating system will celebrate its eleventh birthday this October. By the time Microsoft ends support, it will have been on the market for almost 12.5 years — 2.5 years longer than the company typically supports an operating system (“OS”).

So what’s the big deal?  No one really uses XP anymore, do they?  As a matter of fact, XP has maintained strong market share despite the popularity and stability of Windows 7. According to StatCounter.com, Windows 7 finally overtook XP in the fall of 2011 – a full 2 years after Windows 7’s October, 2009 release. This is a pretty remarkable stat for a ten year old operating system that is 2 generations removed from Windows 7.  Windows 7 now holds a firm lead at 49% of the OS market with XP now trailing at about 31%, Vista at 8%, and Mac OSX at 7.5% .

Is it time to run out and spend $100+ for Windows 7?  Probably not, unless you have other compelling reasons (like Vista) to upgrade. You still have some time and there’s a good chance that you will decide to replace your aging computer between now and XP’s scheduled sunset in April, 2014.  After all, XP has not sold on retail shelves since late 2010, so your PC will be at least 4 years old by then.

For most people, migrating to a new operating system is a big hassle, but can be done over the course of a weekend.  An enterprise, however, can take 18 months or more to migrate to a new OS. About six months ago, an international law firm replaced all of their laptops and desktops across the firm.  Surprisingly, the IT staff decided to wipe Windows 7 from all of these new machines and replace it with Windows XP – quite a surprising move in light of XP’s advanced age.

In a world where online threats are constantly plaguing systems, and where hackers have successfully defeated Windows Updates digital certificates, it is critical to run an operating system that still receives updates – especially when that software company has a history of releasing operating systems with gaping security holes. You know those Windows Update notifications you receive several times a month?  Some of those make the system run a little better or tweak instability issues.  Most of the updates, though, patch security vulnerabilities that Microsoft has identified or that hackers have already exploited.  Thus, it’s pretty critical to abandon an operating system that is no longer supported.

If you decide to upgrade, should you wait for Windows 8, or choose Windows 7?  As much as Microsoft wants Win8 to set the new standard the way Windows 95 did, their track record is not so great. Most in the IT field will agree that every other major Microsoft OS release has been junk (Windows 95 [sure, it turned out to be decent after a challenging start], Windows ME, and Windows Vista were all stinkers).  Will Windows 8 break Microsoft’s trend of substandard operating systems?  I have a theory that they release bad operating systems to build demand for subsequent releases.  Plus, they buy time for hardware manufacturers to develop drivers for the new release and software developers to build compatible apps.

Think about Vista: I have seen plenty of Vista machines that became so corrupt or slow that it made more sense to simply erase the OS and reload.  In the likely event that the user lost their system installation disks or simply decided to pull the plug on a bad OS, they shelled out $100+ to purchase Windows 7.  Thus, Microsoft got paid when Dell, HP, and others sold the new computer, and MS got paid again when users became fed up with [insert crappy Windows release] and purchased a new retail copy.

Back to Windows 8, one major factor in Microsoft’s corner is their push to make a consistent user interface (UI) for desktop/laptop computers, tablets and phones the way that Apple has done.  One of Apple’s strengths is that the UI is consistent from their desktops/laptops to iPhones to iPads to iPods. No one else has mastered this yet:  Android’s UI on phones and tablets is consistent, but they don’t have significant market share in their ChromeBook category.  I don’t know if Microsoft’s UI is consistent from PCs to mobile devices because no one is buying them yet...  MS has only grabbed up about 2% of the U.S. smartphone market. They’re not winning any fans either, following recent announcements that the new Windows Phone 8 OS cannot be installed on existing Windows 7 phones… GASP!

If you listen to the Apple fanboys, the desktop/laptop era is dead and PCs will give way to tablets and handheld devices.  While reports on the death of the PC are greatly exaggerated, most industry experts believe that mobility is where the biggest innovations (and profitability) will be for the foreseeable future. Thus, Windows needs to get it right NOW with their mobile platform or cut bait. But I digress.

The bottom line on XP is that it’s time to start thinking about upgrading your business systems, especially if you have a large number of users still on XP.  It’s probably safe to hang on another year or two with your personal XP system(s) since you will likely replace those systems anyway. I certainly will!  To avoid major security issues, though, it’s critical to jump the XP ship when Microsoft pulls the plug in 2014.

I have no intentions of rushing out and upgrading to Windows 8 when it is released in late 2012.  If history teaches us anything, Windows 8 will be buggy out of the box and will emerge as yet another problematic OS that will ultimately be fixed by its successor, presumably Windows 9.  Windows 7 will become the new XP in that its solid performance, security and stability will make it a market leader for the next decade.

Share your thoughts and stories on XP or other Windows releases.  I would also like to know your predictions for Windows 8.

As always, if PartnerTechs can help you with your small business technology needs, please contact Ken Carmack.

 

Posted on

6.5 Million LinkedIn Passwords Breached

This just in:  6.5 Million LinkedIn Passwords Were Breached

You may be thinking “what’s the risk?”  Big deal if some Russian hacker adds a Ph.D. to my name or a NASA internship to my resume.

But there might just be a big risk. If you’re one of those people that uses the same password for everything from online banking to your email account, then now is a great time to change your LinkedIn passwords.  If you haven’t changed passwords for other accounts containing sensitive data, there’s no time like the present to do so.

Take a look at the following article for details on the breach as well as some best practices for creating and managing passwords.

http://bits.blogs.nytimes.com/2012/06/06/linkedin-was-breached-now-what/

For more information on passwords, you can also take a look at my article on the topic.

https://partnertechs.com/2012/03/15/whats-the-password/

 

 

Posted on

Flame Malware Spreading Via Bogus Windows Updates

I frequently chastise people for ignoring Windows Update messages and prompts to apply patches to other applications such as Adobe products and Java. The response I frequently hear is “How do I know if the updates are real?” or “Yeah, I keep putting that off”.

I’ve always assumed that when Windows Update pops up in the system tray (the bottom right corner of your screen) that the messages are legitimate and safe since digital certificates are used by the operating system to verify authenticity.

You may not have heard about the newly publicized Flame malware since it has not made a splash in the U.S… yet.  However it’s all the rage in tech articles and blogs lately.  The Flame malware has created counterfeit security certificates that fool Microsoft Windows into thinking that bogus updates are real.  If these “updates” are applied, your computer is infected.

Fortunately, security companies and Microsoft have jumped up and issued (or will issue) updates to protect against these attacks.  However, they’re fearful that the malware may have other exploits that they have not yet discovered.

What to do? Unplug your computers from the internet!

HA! That’s not really an option.  However, it’s now more important than ever to make sure all operating system updates and patches are applied, that your antivirus software and definitions are updated, you’re running approved firewall software, and that you apply all updates and security patches to applications such as Microsoft Office, Adobe products and Java.  If you’re not running antivirus software, find one.  There are plenty of free (and very effective) options out there. 

For more information, take a look at this article from PCWorld:

http://www.pcworld.com/article/256862/flame_malware_spreading_itself_via_bogus_windows_updates.html#tk.nl_dnx_h_crawl

Stay safe out there!

Ken

P.S. If you want to “geek out” and read more, take a look at the next articles.  While security firms are still wrestling with the code, so far they have found that Flame can monitor email inboxes, take screen shots of what you’re working on and even record conversations you’re having near your computer. It also exploits BlueTooth to spread to other devices. What’s really interesting is that this malware does not appear to be the work of bored teen geeks or crime syndicates from the former Soviet Union.  Instead, because it has to date targeted computers in Iran, security experts believe it was created as a cyber weapon by a nation-state.  Enjoy!

http://security.blogs.cnn.com/2012/06/05/decoding-the-flame-virus/?iref=allsearch

http://www.pcworld.com/article/256644/flame_cyberweapon_lurked_for_years.html

Posted on

Case Study: First Presbyterian Church

Connecting a Disconnected Organization

From medical missions in Bolivia to projects serving the poor, hungry and uneducated all over the Triangle, Raleigh’s First Presbyterian Church has a full plate.

Dedicated pastors, staff and volunteers have little time to spare and none to waste.  Partner Technology Solutions was honored to help FPC regain precious hours previously squandered on a patchwork of inefficient technology.

We sat down with them, listened to how they use their technology resources, identified where the gaps and inefficiencies were and heard their frustrations with a mismatched system. The solution we designed for them involved migrating to Google Apps, which revolutionized their communications:  Email, Scheduling, Document Sharing  and more required no new hardware or software and is accessible from virtually any device with an Internet connection.

If you’ve ever missed an appointment because you looked at the wrong calendar or lost valuable time  trying to find a misfiled E-document, keep reading.

EMAIL

Challenges faced by the pastors, staff and members:

  • Lost emails
  • Spam problems
  • Limited mailbox capacity
  • Inconsistent platform
  • Inability to access emails away from the office
  • Incomplete group email lists

Staff accessed email through a patchwork of solutions including Microsoft Outlook, Mozilla Thunderbird, web mail and personal email accounts. Using “POP3” clients on the former system, once messages were downloaded in the office, they were no longer available remotely, causing difficulty for pastors and administrators working out of  the office.

As is standard with ISP-based email systems, mailbox limits were small, frequently forcing users to clean out their mailboxes to avoid rejected messages (called “bounces”). During a group training session,  I asked if anyone had ever cleaned out their full mail box to stop bounces.  The room resonated with “Yesses” and exasperated sighs.  Under the old system each user mailbox had a maximum capacity of 100MB.  That’s about 20-25 photos of your newborn niece.

Staff and members were even more frustrated because incoming emails were frequently lost or never delivered to their intended recipients.  The most daunting issue was spam; because staff email addresses are available on the web, most staff members had been inundated with junk mail.  Redundant spam filters made the problem worse. With filters at the ISP level, as well as through Postini and desktop mail applications such as Outlook and Thunderbird, every day staff had to:

  1. Log into the ISP’s website to clear spam from the ISP’s filter and deliver legitimate messages flagged as spam.
  2. Log into a Postini account to do the same.
  3. Look in their Outlook or Thunderbird spam/junk folders for legitimate messages.

These filters flagged many legitimate emails as spam and delayed delivery of time-sensitive communications. Lack of confidence in this cumbersome system led staff members to sometimes use their personal email addresses for church business, further compounding the confusion.

 Additionally, multiple committees and groups such as Deacons, Session (Elders), youth, choirs and others lacked effective group email tools. In order to communicate with a group, members and staff either created groups within their contacts or searched for a recent email to the group and hit “reply all.” The latter method frequently included contents of earlier unrelated emails and the absence of  “master” group lists meant new group members often didn’t get the message.

Solutions:

The switch to Google Apps provided each user with a 25GB mailbox – a box they will NEVER fill. That’s 250 times the size of most ISP mailboxes.  I hope I don’t have to eat my words, but I publicly offered to eat a Sunday bulletin if anyone fills their mailbox.

The migration to Google Apps eliminated the 5-10 minutes per day that staff spent searching spam folders for “real” messages. Google Apps employs excellent spam filtering and the spam folder is conveniently located on the left of your mailbox.  When it contains spam, the folder is bold. Otherwise, it blends in. No more logging into web mail, Postini  and other places to review spam.

 Remote users are enthusiastic about migration results. The old “POP3” email system deleted emails from the server once downloaded. Now an email is accessible from anywhere until the recipient deletes it, crucial to pastoral staff who spend much of their time out tending the flocks.

Because Google Apps is web-based, users may access their email (and all Google Apps!)  through any web-connected machine with a browser, whether on a PC, Mac or Linux box.  When they log in remotely, they now see a screen identical to what they see in the office.  Google Apps is tailor made for Android devices including mobile phones and tablets and works well on iPhones and iPads.  Windows Mobile 7 and 8?  Dunno. No one in the U.S. has bought one yet!

We have created several Google Groups for emailing various committees, boards and groups and their usage has taken off.  To address an email to an entire group, one simply enters the group name in front of the domain name:  Deacons@xyzchurch.org or Staff@xyzchurch.org. This is a much more efficient way to communicate with the various groups in the church.  Plus, administrators can log into the “Groups Control Panel” to determine whether any addresses are bouncing, as well as maintain “master” group lists, accessible to anyone authorized to communicate with the group.

Bonus Benefits

 A valuable feature of Google’s mail app is that it accommodates existing domain names and email addresses.  Thus, no one endured the hassle of changing and communicating a new email address.   Additionally, Partner Tech’s migration included importing all email archives, folders, contacts and contact groups, giving users the ability to search years of email archives using the power of Google Search in their inbox.

 

SCHEDULING

Challenges faced by the pastors, staff and members:

  • Calendaring/event scheduling
  • Resource scheduling
  • Inconsistent platforms
  • Limited remote access

The church’s master calendar had been maintained on an Excel spreadsheet for years by the office administrator. Maintenance of the calendar was time-consuming and the schedule could not be easily shared, especially with remote users. A critical component of church communication and management, the weekly bulletin and newsletter both rely on the information to be complete and accurate.

Located in downtown Raleigh and focused on multiple missions, FPC’s campus hosts a variety of classes, meetings and gatherings most days of every week. This presents a resource scheduling problem.  One example of a scheduling embarrassment occurred when the Deacons arrived for their April meeting and found their meeting room occupied by about 50 visitors attending a jobs workshop.

Solutions:

We created multiple shared calendars for the organization including the “master,” which will be embedded into the church’s new website once the new site is completed.  We also created calendars for the Children’s Ministry, Middle School Youth, High School Youth, Choir and Staff Vacations.  Everyone in the domain can view each of these shared calendars.  Only designated individuals may add / delete / modify events.  No one can view personal calendars of other staff members unless the staff member specifically grants permission.  Personnel responsible for specific activities will be responsible for the content of the sub-calendars.

The quality and accuracy of content is improving, the office administrator’s burden of maintaining and distributing multiple calendars has been alleviated, and parents are delighted that the calendars of their children’s activities can now be automatically shared with them.

 My presentation starts in 10 minutes. The projector was supposed to be here!  | Why are the Deacons meeting in the kindergarten classroom in those tiny chairs? | I’ve got 400 pounds of ice melting in the parking lot! Where’s the church van?

All of these issues are resolved by a new feature recently rolled out in Google Apps: Resource Allocation.  On the Administrative Control Panel we created various shared resources, such as meeting rooms, church vehicles and projectors.  When someone creates a new appointment on any calendar in the domain, they are able to reserve a resource and immediately confirm its availability.

Bonus Benefits

 With email, calendars and documents on the same platform and sharing similar icons and keystrokes, new users are quickly learning to transition among different Google Apps. Also, administration and support is simplified.  Remote support is easier and staff may assist one another because all users are looking at identical screens, regardless of location. And imagine how excited that staff and new member users are to have one Google user name and password across the platform.

 

DOCUMENT SHARING

Challenges faced by the pastors, staff and members:

  • Document sharing among users with diverse software & platforms
  • Tracking system for building maintenance requests
  • Inconsistent platform
  • Inability to access documents while away from the office

Documents such as the Preaching Schedule, Pastor-on-Call Schedule and Speakers for Recurring Events List were emailed among staff and maintained in a 3-ring binder. The Pastoral Care List summarizing crucial information such as births, deaths and sick and hospitalized members was maintained on a white board in a secretary’s office.

Building maintenance requests for the sprawling campus were submitted by phone, email or paper message to the church administrator. A group of volunteers (mostly retirees) was ready, willing and able to assist with addressing minor maintenance requests. However, there was no readily available punch-list from which to work.

The staff had long shared documents on a file server, a solution with several shortcomings:

  • One must know where to find a particular document
  • Documents are not accessible remotely
  • It’s impossible to tell if you’re looking at the most recent version.

Solutions:

The staff and members are embracing document sharing via Google Docs: word-processing, spreadsheets, presentations and moreBecause this suite of apps is web-based and imports files from many other programs, one doesn’t need to be on a computer with a particular software to create, review and share documents.  Further, several users utilize Macs at home and the file compatibility issue disappears on Google Docs.

Now they are uploading frequently-shared documents, such as the Preaching Schedule, Pastor-on-Call Schedule, and Pastoral Concerns List into Google Docs.  Once these items are shared with the domain, they are available on any browser to anyone in the domain. Thus, if Reverend Bob visits someone in the hospital on Saturday night, he can immediately log the results into the Pastoral Concerns spreadsheet from his laptop or smart phone and Reverend Ed will be up-to-date when he announces Pastoral concerns in Sunday morning services.  Further, when preparing the newsletters and bulletins, no one has to visit the white board, or pray that it’s up-to-date. FPC is just scratching the surface with this powerful tool and they’re finding new ways to use it everyday.

To address campus maintenance concerns, we utilized the Google Docs Forms tool. When campus users encounter maintenance issues, they follow a link to an online form to report the issue, producing an alert to the office manager and Property and Insurance Committee. When new items are submitted through the form, a cloud-based spreadsheet is updated and notifications are sent to the office manager and members of the handyman group.  The form includes columns to report each task’s current status, resolution or needed follow-up.

 

COST

Although not the most important factor, initial and ongoing investments are crucial factors for all decision makers.  For non-profits, funding challenges are forcing many to reassess their operating budgets to ensure that they can keep their missions on track.

Google Apps charges businesses $50 per user per year, a cost easily recouped through gained efficiencies. Thus, with 14 users the cost of Google Apps for FPC would have been $700 per year.  However, Google provides Apps for nonprofits meeting certain criteria (including 501(c)3 tax status) for free. Organizations must apply, provide proof of their tax status and make a handful of statements to be approved for the program   http://www.google.com/nonprofits/eligibility.html.

Unlike a Microsoft Exchange deployment, migration to Google Apps required no new servers, hardware upgrades or networking equipment.  The only implementation cost was labor.

Further, there are no software licensing agreement fees to pay year after year, no security patches to apply and no weekly updates to install. All of the software interface and back-end technology is hosted on Google’s servers and managed by them.  Further, Google’s Service Level Agreement promises a 99.9% up-time guaranty.  While I do recall Gmail outages in the past, it has been a very long time since the last one.

As a small business owner and former CPA, Ken knows that every dollar matters to small businesses and non-profits. He works with them to find affordable hourly or package price solutions that meet their budget restrictions.

SECURITY

The Federal Information Security Management Act of 2002 (“FISMA”) is a U.S. federal law that covers the information security of federal agencies’ information systems.  Google Apps has received the authority to operate at the FISMA-Moderate level (the standard level for federal email systems) from the U.S. Government. Accordingly, the U.S. General Services Administration (“GSA”) moved email to the Google cloud in 2011 citing cost savings and efficiencies.

Data security is a very important consideration when moving sensitive information to the cloud. Google has received an unqualified SAS70 Type II certification from their independent third party auditor.  This provides administrators and users peace of mind knowing that their data is secure in the cloud.

Google Apps provides the ability to connect to their servers using encrypted connections (look for https:// ) when connecting to Google. This assures users that login credentials, passwords and any sensitive information sent across the web is encrypted for the trip so that hackers cannot eavesdrop on transmissions – if you’re currently using a POP3 connection, you’re probably not using a secure connection.  The organization’s administrator can configure the requirement that all users connect using a secure connection.  Further, all data is securely stored on Google’s servers which include backups and redundant storage throughout their network of data centers. Thus, the days of losing all your emails, contacts and calendars in a hard drive crash are behind you.

 

IN CONCLUSION

A Legitimate Long-term Solution or Here Today and Gone Tomorrow?

If you think this sounds too good to be true, unfurrow your skeptical brow. Google Apps currently hosts 40 million users in 4 million businesses – that looks ideal for small organizations, right?  In addition to small businesses, Google has many major accounts such as Motorola, Land Rover, Genentech, the City of Los Angeles, and McClatchy Newspapers.  In North Carolina, Wake Forest University and NC State University have migrated all of their users from self-hosted platforms to Google Apps.

The Future

Are we finished?  Not a chance!  We’re just scratching the surface of what Google Apps can accomplish at First Presbyterian Church.  Yet to come:

  1. Incorporate YouTube Premium into the church website
  2. Embed Google Calendar into the new website
  3. Expand usage of Groups and Shared Documents
  4. Create an FPC intranet using Google Sites.

Will First Presbyterian’s office become paperless?  Absolutely not! However, it will reduce its reliance on hand distributed schedules, 3-ring binders and white boards hanging on the wall.

We will post follow-ups on Partner Tech’s Blog as the organization climbs up the learning curve with core Apps and we start deploying new features.

What is your organization doing to manage work flow and communications?  Let us know if we can help migrate you to the cloud to realize the benefits discussed here.

 

Posted on

And Now for Something Completely Different

Check out this photography blog from Karl Greeson, one of my best friends from Wake Forest University.

After graduation, every time I saw Karl he had a camera in his hand.  Where I have become a decent point-and-shoot “hack” over the years, Karl has developed a keen eye for capturing great shots. Plus, I really enjoy his commentary on the site.

Take a look and share your thoughts.

http://karlgreeson.com/

Posted on

Backups Made Easy (even your mother-in-law can do it)

I realize that people like discussing computer backups about as much as they enjoy preparing for a colonoscopy (hey, at my age that’s a reality of life!).  Stay with me on this one because it’s a lot easier than it used to be and might even be free!

I frequently work with home users and small businesses that either have no backup policy or an ineffective one. Thus, their important photos, music and business documents are at risk in the event of a severe virus, hard drive crash or natural catastrophe.

I recently assisted the parents of a high school student whose PC had been infected by a nasty virus.  The infection’s bark was far worse than its bite:  To a casual user it appeared that all files and most programs had been deleted.  A look at the Start menu showed virtually no programs listed.  When the aspiring law student looked in her documents folders, years of academic writing were gone as were a variety of photos and other media. In a desperate attempt to rid the computer of malware, they restored the computer to factory settings.  In other words, the operating system was reinstalled and all user files were deleted.

The good news:  The malware was eliminated.

The bad news:  None of her data was backed up.

Fortunately, I was able to recover a majority of her documents and media files using a file recovery utility.  However, due to the destructive nature of a factory reset, many of her files were either overwritten or corrupted… A loss which could have been avoided by an automated backup.

Power supplies and hard drives are the two most common PC components to fail and are relatively inexpensive to replace:  A power supply runs about $30.  A hard drive costs about $65.  The photos, music, tax returns and other important documents on that same hard drive are often priceless.  Many users often don’t think about backing up until it’s too late.

Businesses have a lot more at stake.  According to a DTI/PriceWaterhouseCoopers study, 7 of 10 small businesses that suffer a major data loss go belly-up within one year of the crash. This is a sobering reminder of the need for some sort of backup strategy. That could be an automated tape or hard drive backup, a cloud-based backup or an employee that brings an external drive or tape into the office on a weekly basis.

The right backup solution for you or your organization depends on the amount of data you need to protect, the frequency of backups (how much data loss your home or business can tolerate) and how long you can be without your information following a meltdown.


For smaller data needs, my favorite solution is Dropbox.  Designed as a way to sync data across multiple computers, tablets and mobile devices, this app is a great solution for backing up your data. Once you create your DropBox folder and get in the habit of saving your files and folders there, you really don’t have to think about it.  Plus, if you regularly access your information on multiple devices (say, a home PC + a work PC) your Dropbox folder will automatically sync your files & folders on multiple machines, eliminating the need to email files to yourself. This last point was a life changer for me.  During the normal course of a day, I might work on one of about 3 computers.  I often grab one of two laptops as I run out the door to meetings.  Before Dropbox, I always had to pause for a second to make sure this particular laptop had all the files I needed. With Dropbox installed on all three PCs, the important files are always synced across all 3 machines. Plus, those files are accessible on other computers via Dropbox’s web interface. There are also Android and iPhone apps so that you can access your files on smart phones and tablets.

What about security? Dropbox uses the same encryption and security techniques used by banks.  All data is encrypted for transit across the web and it is also encrypted while parked on their servers.  However, it’s up to you to make sure your password is complex and difficult to guess. Accordingly, you should go to great links to come up with a long password or pass phrase that includes all of the elements discussed in my blog about passwords.

The entry-level Dropbox account provides 2GB of free storage.  Not enough?  Invite your friends through the website.  For every friend that accepts your invitation you each get an additional 500MB of space, up to a max of 16GB – that’s not too shabby!  If your storage needs are greater than a free account offers, you can purchase 50GB of cloud storage for $100/year or 100GB for $200/year.

So if you have not set up a backup strategy yet because it’s too much trouble, give Dropbox a try.  If it’s remote file access you want, you get that too. Dropbox brings you the best of both worlds in an easy-to-use application.  For most users it’s free too!

If you want to start off with an extra 500MB of storage space, leave a message here and I will send you an invite.

Need a little help understanding how it works?  Check out the tutorial videos on the Dropbox website. If you need even more assistance, drop me a note and I will help you set it up, create your folders and launch your space in the cloud.

Posted on

Somebody’s Watching Me

Somebody’s Watching Me

If you listen to the 80s station on Sirius/XM, you’re undoubtedly getting tired of Rockwell’s sole hit, Somebody’s Watching Me.  Since Al Gore was still working out the kinks of the internet, I imagine that Rockwell was not singing about online security. Instead, he was probably more worried about paying off Michael Jackson for backup vocals on the song’s chorus, since there were no other hits on his debut album. 

On a completely different note, I recently attended a very informative presentation on social media in which the speaker discussed the risks and rewards of social media.  Since the audience consisted of parents of middle- and high school students, he focused on the risks facing children and teens and how to keep them safe online.

I walked away comforted that everyone in the room knew a little more about online risks and were better prepared to watch over their kids as they navigated the world of social media. However, I couldn’t help wondering who might be watching over the parents and their technology.  In other words, are folks taking appropriate precautions to protect their computers and networks?  So, I compiled a quick and dirty list of a few things you can do to stay safe on the world wide web.  Rather than going into detail on how to configure all of these options, I have tried to keep it brief. Feel free to post follow-up questions if you need further guidance. Look for follow-up articles in the future that address some of these options.

Secure your wireless network:

Without a secure wireless network, anyone within shouting distance of your house can access the internet using your connection to download whatever they want on *your* network IP address.  Further, with the right tools (which are widely available on the internet) they can “listen” in on your connection, and may even be able to access files on your computer(s).

Securing your wireless network is much easier than it used to be. Where it once required careful review of the Owners Manual, newer wireless routers can have you surfing securely with the push of a button. Always select the highest security offered by your router.  WEP can be quickly cracked by a determined intruder, so use WPA or WPA2 if your wireless router supports it.

Avoid Using Public Computers to Login to Your Secure Accounts:

Sure, we’ve all been in a pinch before and logged into email on a public computer. However, that was before I knew what I know now. There’s absolutely no way to tell if a public computer is infected with malware, has keyloggers installed or other methods which can steal your credentials.  Malware can grab user names & passwords and beam your information to the mother ship.  Likewise, keyloggers can track every keystroke you make and report back to a hacker. Thus, browse online news and weather on the hotel’s business center computer.  Save online shopping, banking, and even email until you get back to a safe connection.

Use Antivirus Software and Keep it Updated

This one is a no-brainer. If you have not been affected by viruses/malware in the past, you will eventually.  Fortunately, you don’t have to pull out your wallet to stay safe, as discussed in my post on free antivirus options. Use one of the packages that I recommend or choose one you like by reviewing AV-Test’s ratings.

Online Banking, Shopping and Secure Sites:

Ever notice how your address bar turns green, shows a padlock and/or the address changes from http:// to https:// when you login to your bank or shopping site?  This assures you that your connection is encrypted, that the identity of the website has been verified by a third party and that it’s safe to send sensitive information such as your username, password and credit card information over the internet.  In fact, if you click on the green portion in the address bar or the padlock, you will see that the website’s identity has been verified by VeriSign, Thawte or another certificate authority (“CA”).  So while it seems like you’re just connecting to a remote website, there’s actually a lot of stuff going on in the background to verify to your browser that the website is authentic, that your transmissions across the internet are encrypted and that it’s safe to do business.

But what if you attempt to log into a shopping or banking site that should be secure and it is not, in fact, safe?  If you don’t get the https://, the green bar/padlock or you receive warnings that the site’s certificate has problems, check the address that you typed.  If it’s correct, get out and try again later. It may be a temporary glitch with the site’s certificate or the CA.  It’s not worth compromising your security and identity to buy ABBA’s Greatest Hits on an unsafe connection.

Be Careful Using Public Wireless Networks

Free wireless offered by coffee shops and other retailers helps offset Starbucks’ exorbitant coffee prices, but be cautious with your browsing on public networks. This may seem a bit paranoid, but I never do online banking or shopping on a public wireless network, even from my own laptop. Yeah, I know that the connection to the bank or Amazon is encrypted, but I have no control over the coffee shop’s wireless security so I would rather be safe than sorry.

The kid in the corner booth with the AlienWare laptop may be listening in on your connection using a packet sniffer, which is freely available on the internet. Further, if your firewall is turned off, you have shared folders turned on, or your operating system has not been patched, a determined hacker can easily access the files on your PC.

Windows 7 and Vista both make it easier to stay safe on public networks than XP. When you connect to a new wireless network, the Set Network Location provides 3 choices of network location types:  Home, Work and Public.  Always choose Public when out and about.  This sets your firewall at its highest security settings, turns off Network Discovery and file sharing options, providing higher security when on a public network.  

As a follow-up, make sure your mail connection is encrypted (see https:// discussion above).  Many webmail systems are not encrypted by default, but offer this option.  If your email provider offers secure browser connections (thanks, Gmail!) always turn it on.  If you trust the network you’re using, it may be safe to disable.

Windows Updates:

This one is extremely important and super easy to do.  Probably 75% of the computers I sit down with have pending security updates for Windows, Adobe, Java, etc.  Hackers are constantly identifying and exploiting security vulnerabilities in a variety of popular applications. In some cases, they are able to exploit these holes and take control of your computer.  Make sure that Windows Update is enabled and that you’re applying the critical and important updates on a regular basis.  Also, be sure to apply updates to other programs that notify you in the system tray.  Adobe and Java have been particularly susceptible to security issues over the last few years, so make sure you’re keeping the patches applied.

Use Strong Passwords

This one warrants its own post, so take a look at my discussion on passwords.

Other Stuff:

There are plenty of other precautions you can take to stay safe, such as demoting your user account to Standard instead of Administrator, avoiding suspicious links in emails and Facebook, and periodically backing up your data.  However, all this talk about security is making me hungry.  Think I’ll grab a double latte and a scone.  Can someone watch my laptop while I wash up?

Stay safe out there!

 

Posted on

Browser Wars Heat Up

Which browser should you use? Over the last several years, the field has become increasingly crowded, giving users a variety of choices.  Ten years ago, the answer was simple:  With a few exceptions, everyone used Internet Exploder (IE). In fact, according to WikiPedia, IE commanded 95% of the market share as recently as 2003. Since then, a variety of new players have entered the market:  Mozilla Firefox, Google Chrome, Apple Safari and Opera are the most popular alternatives to IE.

Firefox entered the scene in late 2004. Many users, fed up with IE’s performance and security issues, jumped on the Firefox bandwagon, driving its market share as high as 31% in 2010.  In fact, IBM asked all 400,000 employees to switch to Firefox as their default browser in 2010.

Google entered the fray with its Chrome browser four years later in 2008. Citing faster performance, better security and tabs that run independently, Chrome has rapidly gobbled up market share from IE and Firefox.

Safari, the default browser on Apple devices, holds fourth place in market share.

Market Share

Several organizations track market share, and the fine details differ from firm to firm.  For trends and updated metrics, take a look at NetMarketshare.

Firefox

IE has gotten hammered over the last few years, sliding from 68% of the market in 2008 to 49% in February, 2012. Firefox, which had a lock on the #2 spot, with 31% in 2010, is now going toe-to-toe with Chrome. The most recent report from NetMarketShare has Chrome jumping from 12% in April, 2011 to 17.5% in February, 2012 while Firefox slid from 22% to just over 19% during the same time period.

The Best

So which browser is best?  It depends on whom you ask.  They’re all freely downloadable on the internet, so cost is not an issue.  Factors to consider when evaluating a new browser include:

Performance – how fast do websites load?  This measure is heavily affected by the sites you’re browsing, your hardware, operating system, etc.  Speed is constantly assessed by many companies and rankings vary from shop to shop.

  1. Security – which browser keeps your information safe when shopping/banking online?  And which browsers protect you against malware?  A variety of features are available in each browser, including sandboxing, instant updates/patches, pop-up blockers, and private browsing.
  2. Add-ons are features that improve your web-browsing experience. Currently, Firefox boasts the most generous library of add-ons. While add-ons can customize your web browsing and make your browser far more useful, they can also slow down your browser’s performance.
  3. Stability – how often does the browser lock up or crash?  Chrome’s tabs all run independently. Thus, if a web page locks up, a plug-in crashes, or the tab otherwise becomes unresponsive, that tab can be closed without affecting your other tabs. Some browsers must be restarted when a single tab crashes.
  4. Ease of use – this one comes down to personal preference.  You should download 2 or 3 browsers and try each one for a few days to determine which one suits you best.  Most browsers have hidden toolbars and menus to maximize your viewing area. This is extremely helpful on small monitors.
  5. Other features include the ability to sync bookmarks with other computers, custom themes, RSS reader, etc.

The answers to many of these questions are available online.  PC World recently evaluated six browsers and crowned Chrome as the best overall in their April, 2012 issue. This, of course, can change over night with a new release from a competitor.

My personal favorite for the last few years has been Chrome.  I use Firefox on occasion, especially on my Linux computer.  When I run Firefox in Windows, it takes forever to open and crashes a lot, even when using the most recent version.  I use IE primarily when running Windows Update (since Microsoft doesn’t play well with others) and when I’m using someone else’s machine that has not seen the light.  Even Microsoft admits that IE (used to) stink(s) in this newly created Microsoft website.  I have used Safari on the rare occasion that I hop on my daughter’s school-issued MacBook, but have found no compelling reason to load it on my Windows machines.

I find that Chrome runs fast… really fast.  A good way to eek out even more speed from your web browser is to optimize your DNS settings, using NameBench.  Chrome is also more stable than the others, in my opinion.  On the rare occasion that a tab locks up or crashes, you can close the offending tab and preserve all other sessions.  Other cool features include ‘Pinned tabs’ and the ability to re-open the same tabs you were viewing in your last session.  For example, if you always have a half dozen web pages open on different tabs, you can set those to reopen every time you restart your computer and run Chrome.  I also like the fact that there’s no separate web search box, as in IE and Firefox.  Searches are entered in the address bar.  Further, the address bar turns green when you navigate to secure websites, assuring you that it’s safe to transmit sensitive information such as passwords and credit card data.

But this is just my opinion.  For another opinion, check out PC World’s assessment in their April, 2012 issue.  Alternatively, if you’re more enterprising and have a lot of time on your hands, run your own tests and let us know the results.

Posted on

What’s the Password?

http://www.guitarplayerscenter.com/uncategorized/i-call-it-stealing/comment-page-1/#comment-213240
Used with permission: DANIEL R. LEHRMAN at www.guitarplayerscenter.com

I recently got a call from a friend whose Yahoo email account had been hacked.  He had just fielded several calls from friends, family and business associates that had received solicitations from him for Viagra and a variety of other goodies.  When we looked at the email account, his login history revealed that the account had been accessed from all over the world over the course of a few days. Somehow, his Yahoo mail password was compromised and someone or some ‘bot’ had logged into his account, taken indecent liberties with his address book and offered a variety of, err, “performance” enhancements to everyone he knew. We never determined when or how his password was compromised, but it was a frightening look at the importance of spending a little more brainpower to protect online accounts.

Security professionals recommend using different passwords for every site/application. You should also make a habit of changing your passwords periodically – best practices suggest every 40 days. Finally, make sure you’re creating strong passwords, especially for online accounts. I realize that you currently have a pile of passwords for various sites and there’s just no way that the name of your dearly beloved Fluffy will stop safeguarding your online banking, Amazon and Gmail accounts. If you read Paul Gilster’s article below and see some of the organizations, including the Department of Defense,  that have been hacked, you’ll want someone closer to Cujo protecting your sensitive data.

Here are some guidelines for creating strong passwords:

  1. Do not use your name, your user name, family names or familiar numbers, like your birthdate or home address.
  2. Avoid dictionary words.
  3. Use a passphrase instead of a password.
  4. Passwords should be at least 8 characters long.
  5. Employ characters from at least 3 of the 4 following groups:
  • Uppercase letters;
  • Lowercase letters;
  • Numbers;
  • Symbols;

While there’s no way to provide absolute protection over your account, employing these guidelines can certainly put up a few roadblocks.

I’m always surprised by the number of people that use simple ones like password123 or johnsmith. Even substituting numbers and symbols in dictionary words, such as Pa$$word is easily cracked. Simple passwords can be easily defeated by web bots and determined hackers.  In fact, there are widely available free tools on the web that will crack the login password on your computer.

If your brain cannot handle any more passwords or you’re constantly losing your password napkin, there are a variety of secure solutions, including KeePass.  Take a look at Paul Gilster’s 2011 article on this application. This is certainly not the only password manager available. LifeHacker recently reviewed 5 password managers in case you want other options.

If you need help evaluating the complexity of your password(s), plug it in at HowSecureIsMyPassword.net. This site evaluates your password strength by telling how long it would take a desktop PC to crack it. I evaluated one of my favorites on this site and it projected 423 million years to crack.  I think I can live with that!

Passwords are everywhere today, seemingly guarding every aspect of our lives. It’s time to give passwords a little more respect and thought.  Otherwise, you’ll spend a week on the phone with your bank and online retailers cleaning up a big mess that could’ve been easily avoided.

Stay safe out there!