Somebody’s Watching Me

Somebody’s Watching Me

If you listen to the 80s station on Sirius/XM, you’re undoubtedly getting tired of Rockwell’s sole hit, Somebody’s Watching Me.  Since Al Gore was still working out the kinks of the internet, I imagine that Rockwell was not singing about online security. Instead, he was probably more worried about paying off Michael Jackson for backup vocals on the song’s chorus, since there were no other hits on his debut album. 

On a completely different note, I recently attended a very informative presentation on social media in which the speaker discussed the risks and rewards of social media.  Since the audience consisted of parents of middle- and high school students, he focused on the risks facing children and teens and how to keep them safe online.

I walked away comforted that everyone in the room knew a little more about online risks and were better prepared to watch over their kids as they navigated the world of social media. However, I couldn’t help wondering who might be watching over the parents and their technology.  In other words, are folks taking appropriate precautions to protect their computers and networks?  So, I compiled a quick and dirty list of a few things you can do to stay safe on the world wide web.  Rather than going into detail on how to configure all of these options, I have tried to keep it brief. Feel free to post follow-up questions if you need further guidance. Look for follow-up articles in the future that address some of these options.

Secure your wireless network:

Without a secure wireless network, anyone within shouting distance of your house can access the internet using your connection to download whatever they want on *your* network IP address.  Further, with the right tools (which are widely available on the internet) they can “listen” in on your connection, and may even be able to access files on your computer(s).

Securing your wireless network is much easier than it used to be. Where it once required careful review of the Owners Manual, newer wireless routers can have you surfing securely with the push of a button. Always select the highest security offered by your router.  WEP can be quickly cracked by a determined intruder, so use WPA or WPA2 if your wireless router supports it.

Avoid Using Public Computers to Login to Your Secure Accounts:

Sure, we’ve all been in a pinch before and logged into email on a public computer. However, that was before I knew what I know now. There’s absolutely no way to tell if a public computer is infected with malware, has keyloggers installed or other methods which can steal your credentials.  Malware can grab user names & passwords and beam your information to the mother ship.  Likewise, keyloggers can track every keystroke you make and report back to a hacker. Thus, browse online news and weather on the hotel’s business center computer.  Save online shopping, banking, and even email until you get back to a safe connection.

Use Antivirus Software and Keep it Updated

This one is a no-brainer. If you have not been affected by viruses/malware in the past, you will eventually.  Fortunately, you don’t have to pull out your wallet to stay safe, as discussed in my post on free antivirus options. Use one of the packages that I recommend or choose one you like by reviewing AV-Test’s ratings.

Online Banking, Shopping and Secure Sites:

Ever notice how your address bar turns green, shows a padlock and/or the address changes from http:// to https:// when you login to your bank or shopping site?  This assures you that your connection is encrypted, that the identity of the website has been verified by a third party and that it’s safe to send sensitive information such as your username, password and credit card information over the internet.  In fact, if you click on the green portion in the address bar or the padlock, you will see that the website’s identity has been verified by VeriSign, Thawte or another certificate authority (“CA”).  So while it seems like you’re just connecting to a remote website, there’s actually a lot of stuff going on in the background to verify to your browser that the website is authentic, that your transmissions across the internet are encrypted and that it’s safe to do business.

But what if you attempt to log into a shopping or banking site that should be secure and it is not, in fact, safe?  If you don’t get the https://, the green bar/padlock or you receive warnings that the site’s certificate has problems, check the address that you typed.  If it’s correct, get out and try again later. It may be a temporary glitch with the site’s certificate or the CA.  It’s not worth compromising your security and identity to buy ABBA’s Greatest Hits on an unsafe connection.

Be Careful Using Public Wireless Networks

Free wireless offered by coffee shops and other retailers helps offset Starbucks’ exorbitant coffee prices, but be cautious with your browsing on public networks. This may seem a bit paranoid, but I never do online banking or shopping on a public wireless network, even from my own laptop. Yeah, I know that the connection to the bank or Amazon is encrypted, but I have no control over the coffee shop’s wireless security so I would rather be safe than sorry.

The kid in the corner booth with the AlienWare laptop may be listening in on your connection using a packet sniffer, which is freely available on the internet. Further, if your firewall is turned off, you have shared folders turned on, or your operating system has not been patched, a determined hacker can easily access the files on your PC.

Windows 7 and Vista both make it easier to stay safe on public networks than XP. When you connect to a new wireless network, the Set Network Location provides 3 choices of network location types:  Home, Work and Public.  Always choose Public when out and about.  This sets your firewall at its highest security settings, turns off Network Discovery and file sharing options, providing higher security when on a public network.  

As a follow-up, make sure your mail connection is encrypted (see https:// discussion above).  Many webmail systems are not encrypted by default, but offer this option.  If your email provider offers secure browser connections (thanks, Gmail!) always turn it on.  If you trust the network you’re using, it may be safe to disable.

Windows Updates:

This one is extremely important and super easy to do.  Probably 75% of the computers I sit down with have pending security updates for Windows, Adobe, Java, etc.  Hackers are constantly identifying and exploiting security vulnerabilities in a variety of popular applications. In some cases, they are able to exploit these holes and take control of your computer.  Make sure that Windows Update is enabled and that you’re applying the critical and important updates on a regular basis.  Also, be sure to apply updates to other programs that notify you in the system tray.  Adobe and Java have been particularly susceptible to security issues over the last few years, so make sure you’re keeping the patches applied.

Use Strong Passwords

This one warrants its own post, so take a look at my discussion on passwords.

Other Stuff:

There are plenty of other precautions you can take to stay safe, such as demoting your user account to Standard instead of Administrator, avoiding suspicious links in emails and Facebook, and periodically backing up your data.  However, all this talk about security is making me hungry.  Think I’ll grab a double latte and a scone.  Can someone watch my laptop while I wash up?

Stay safe out there!

 

What’s the Password?

http://www.guitarplayerscenter.com/uncategorized/i-call-it-stealing/comment-page-1/#comment-213240

Used with permission: DANIEL R. LEHRMAN at www.guitarplayerscenter.com

I recently got a call from a friend whose Yahoo email account had been hacked.  He had just fielded several calls from friends, family and business associates that had received solicitations from him for Viagra and a variety of other goodies.  When we looked at the email account, his login history revealed that the account had been accessed from all over the world over the course of a few days. Somehow, his Yahoo mail password was compromised and someone or some ‘bot’ had logged into his account, taken indecent liberties with his address book and offered a variety of, err, “performance” enhancements to everyone he knew. We never determined when or how his password was compromised, but it was a frightening look at the importance of spending a little more brainpower to protect online accounts.

Security professionals recommend using different passwords for every site/application. You should also make a habit of changing your passwords periodically – best practices suggest every 40 days. Finally, make sure you’re creating strong passwords, especially for online accounts. I realize that you currently have a pile of passwords for various sites and there’s just no way that the name of your dearly beloved Fluffy will stop safeguarding your online banking, Amazon and Gmail accounts. If you read Paul Gilster’s article below and see some of the organizations, including the Department of Defense,  that have been hacked, you’ll want someone closer to Cujo protecting your sensitive data.

Here are some guidelines for creating strong passwords:

  1. Do not use your name, your user name, family names or familiar numbers, like your birthdate or home address.
  2. Avoid dictionary words.
  3. Use a passphrase instead of a password.
  4. Passwords should be at least 8 characters long.
  5. Employ characters from at least 3 of the 4 following groups:
    1. Uppercase letters;
    2. Lowercase letters;
    3. Numbers;
    4. Symbols;

While there’s no way to provide absolute protection over your account, employing these guidelines can certainly put up a few roadblocks.

I’m always surprised by the number of people that use simple ones like password123 or johnsmith. Even substituting numbers and symbols in dictionary words, such as Pa$$word is easily cracked. Simple passwords can be easily defeated by web bots and determined hackers.  In fact, there are widely available free tools on the web that will crack the login password on your computer.

If your brain cannot handle any more passwords or you’re constantly losing your password napkin, there are a variety of secure solutions, including KeePass.  Take a look at Paul Gilster’s 2011 article on this application. This is certainly not the only password manager available. LifeHacker recently reviewed 5 password managers in case you want other options.

If you need help evaluating the complexity of your password(s), plug it in at HowSecureIsMyPassword.net. This site evaluates your password strength by telling how long it would take a desktop PC to crack it. I evaluated one of my favorites on this site and it projected 423 million years to crack.  I think I can live with that!

Passwords are everywhere today, seemingly guarding every aspect of our lives. It’s time to give passwords a little more respect and thought.  Otherwise, you’ll spend a week on the phone with your bank and online retailers cleaning up a big mess that could’ve been easily avoided.

Stay safe out there!

Lions, Tigers and Malware – Oh My!

How may times have you stood in a checkout line, looked in the basket ahead of you and wanted to tell the person that they were overpaying for one or more items?  What if they could get comparable stuff for FREE without compromising quality?

This happened to me recently at my local office superstore. Earlier I had watched a lady poring over the antivirus (“AV”) software. She selected Norton Internet Security just like she probably had the last several years.  At $40+ per year, Symantec, McAfee and the other AV providers have built a massive revenue stream for folks that don’t know about free options that provide excellent protection.

I like free as much as the next guy  – my favorite brand of beer is Free… and Cold.  So why pay big bucks for something that you don’t have to pay for?

And it’s legal, too!

But if it’s free, then it must not be effective, right?

If you’re skeptical about protecting your important data, photos and music with free software, take a look at AV-Test’s website.  AV-Test is an independent lab that performs thousands of tests each year on a long list of AV software, and publishes quarterly rankings of these products.  Additionally, PCWorld and several other tech publications review commercial and free AV packages each year.  In all of these tests, many of the free options consistently perform as well as or better than their costly counterparts.  Maximum PC reviewed 10 software packages and ranked them in their 2011Holiday guide.

My personal favorite for the last several years is AVG.  A few things I like about AVG, compared to its competitors:

  1. It’s lightweight – AVG doesn’t bog down your system, which is especially important if you’re running old equipment;
  2. AVG runs quietly in the background unlike some of the pricey commercial alternatives that constantly generate pop ups to tell you all the great things they’re doing (yeah, Norton, I’m talking about you!)
  3. AVG consistently gets great reviews in independent lab tests as well as in commercial publications.  In fact, AVG outranked several expensive competitors, including McAfee, Symantec/Norton and Trend Micro in AV-Test’s 3rd quarter 2011 tests.
  4. AVG keeps itself updated with current definitions and allows you to set scanning schedules. Keeping the software and signature files updated is of utmost importance. Accordingly, make sure your software does this at least daily without your intervention.
  5. It’s FREE – you can download it right now, save a trip to your local office supply store and keep your wallet in your back pocket.

I hope I’m not jinxing myself by saying this, but I have been running free antivirus software on multiple personal and business machines for years without any type of infection.  This is partly due to judicious selection of the sites that I visit, the email attachments I open (or simply delete) and the 3rd party Facebook apps I choose to ignore.

In mostcases, keeping your computer free of viruses, spyware, malware and other undesirables is more about where you go and what you open than which security software you’re using.

Virus

Even if you’re running military-strength security software, once you click on a link and knowingly or inadvertently give it administrative permission to run, NO protection can prevent an infection. So if you receive an email from American Airlines with an itinerary for a flight you never booked, DO NOT click on the attachment or the link, John. If your preacher’s Facebook page has a link to “Shocking Photos” with a risqué photo, resist the urge to click the link – his or her Facebook account got hacked.  For a few “Best Practices” take a another look at the Maximum PC article linked above.  And don’t forget to apply all Windows Updates and patch applications such as Adobe and Java.  These simple practices are extremely important to keeping your system secure.

Finally, always make sure you’re buying the real thing.  There are a pile of fake/rogue antivirus scams out there.  Many of these arrive as pop-ups on web pages or on your desktop.  These “scareware” programs typically warn you that they have found hundreds of infections on your computer and offer to clean them off if you purchase the software. Clicking on the link will likely land your PC in the hospital or the morgue.  Worse yet, if you do enter your credit card info like a client recently did (TWICE) you will not only have a badly infected machine, but will have to cancel your credit card to avoid buying a 90 inch plasma 3D TV for Vladmir in Siberia.

I will cover these scams in a later topic.  For now, find free legitimate solutions at one of the following links:

AVG:     http://www.free.avg.com/

Avast:     http://www.avast.com/

Avira:     http://www.avira.com/free

Let me know about your experiences with free and paid software. I’m always looking for the next great find!

Back to the lady in the checkout line, I didn’t say anything and let her walk away with a shiny new $53.86 charge on her Visa.  Be on the lookout for her at Staples this time next year.

Ken