Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

First Snow Leopard Update Plus Other Mac Security Updates
Friday, September 11, 2009

Apple has released the first update for Snow Leopard, Mac OS X 10.6.1, due to erroneously including an old and vulnerable version of Flash in the original release. This update also includes a few additional fixes.

Even if you're not running Snow Leopard yet, you'll want to use Software Updates under the Apple menu to get your copy of the latest Security Updates for Mac OS X 10.4.11 and 10.5.8.

Posted byTriona Guidry at 5:46 AM 0 comments  

Labels: , , , ,

Internet Safety For Kids
Friday, August 14, 2009

Each year I give you pointers on how to protect your kids from cyberbullies and other Internet dangers. We talked about "acceptable use" policies in 2007 and reviewed basic do's and don'ts in 2008. This year I'd like to introduce you to the Internet Safety Pledge, which I use in my Internet classes for kids.

You can find the Internet Safety Pledge on NetSmartz.org. What I like about the Safety Pledge is that it gives you age-appropriate bullet points you can use as a basis for discussion. No documentation can substitute for sitting down and talking with your kids about online safety, or anything else for that matter. I recommend you review the Safety Pledge with your children and reinforce that they should come to you with concerns or questions.

Of course, maintaining a secure computer is a must with kids in the house. You'll find my four steps to computer security and my security software recommendations here on my blog.

I'll be teaching more classes on Internet Safety For Kids this fall, so if you missed my summer sessions be sure to check my web site for registration details. I'm also happy to sit down with you and your kids during any regular tech support visit.

Don't forget to subscribe to Tech Tips (free!) for the latest computer news, plus bonus tips and product reviews. In September I'll show you how to use the Internet to find employment in Web 2.0 For Job Searches.

Posted byTriona Guidry at 12:30 PM 0 comments  

Labels: , , , , ,

Mac OS X 10.5.8 And Office 2008 For Mac Service Pack 2
Wednesday, August 5, 2009

Two major Macintosh updates of note. The first is that Apple has released the latest update for Leopard, Mac OS X 10.5.8, along with a slew of security updates for Leopard and other versions of the Mac OS. As always it's a good idea to back up your system before applying these updates. You will find them via Software Updates in your Apple Menu.

On a similar note, Microsoft has released an update for Office 2008 for Mac, and with this one I have to urge caution. Service Pack 2 (version 12.2.0) breaks compatibility with Word 2007 for Windows (.docx) files. You'll find the advisory and workarounds here. If you require the ability to open .docx files I recommend you hold off on this update until the problems are fixed.

Posted byTriona Guidry at 5:03 PM 0 comments  

Labels: , , , ,

Emergency Microsoft Patches Issued Tomorrow
Monday, July 27, 2009

Microsoft is releasing a pair of out-of-sequence security patches tomorrow, to fix vulnerabilities in Internet Explorer and Visual Studio. It's unusual for Microsoft to stray from their regular Patch Tuesday cycle (the second Tuesday of the month). While the Visual Studio patch will affect a small percentage of computers, the Internet Explorer patch applies to any computer running Windows.

To make sure you get these updates, either turn Automatic Updates on (bearing in mind the pros and cons of doing so) or visit update.microsoft.com to check for these latest patches.

Software patches (also called updates) are fixes for bugs that could allow malicious software to enter your computer. By staying current on these patches, you improve your computer's defense.

Don't forget to subscribe to Tech Tips (free!) for the latest computer news plus bonus tips, tricks and product reviews.

Posted byTriona Guidry at 8:28 AM 0 comments  

Labels: , , , , , , , , , , , , ,

Cloud Computing For Consumers Makes Me Cringe
Wednesday, July 22, 2009


The latest buzz in the IT world is all about "cloud computing" and "software as a service" (SaaS). These two related terms refer to doing all your computing via the Internet rather than software locally installed on your computer. But the idea of consumers relying solely on cloud computing makes me cringe. Why?

  1. It's not secure
    Microsoft's upcoming incarnation of Office is an example. Office Web will offer versions of Word, Excel and PowerPoint than run directly from the Web. But consumers don't know or care where their applications come from as long as they work. So let's say Jane Consumer wants to open financial data stored in an Excel file. She may not know she's trusting her entire fortune to the cloud (e.g. the Internet). What about a consumer who is working from a home computer, opening confidential documents that ought to be kept within the confines of the corporate network? When you use the Internet, you never know who might be intercepting your information. I wouldn't want my data trusted exclusively to the cloud. I wouldn't even be satisfied with regular local backups. I want my data where I can see it, smell it, touch it, and above all control it.

  2. Your environment can be changed at the whim of developers
    Many web mail users complain to me that they don't like it when their provider changes the look and feel of their email service without notice. Imagine if your word processor and spreadsheet did the same thing. There is something to be said for locally installed software that you can manage as you prefer. Apparently consumers feel the same way, given how many people are still using Windows XP so they don't have to deal with Vista's changed interface. You could also consider the huge number of complaints Microsoft received when they removed the tried-and-true Office menus in favor of Office 2007's (gack) ribbon toolbar.

  3. What if your Internet connection goes down?
    Purveyors of SaaS promise ways to work offline. But how well will it work in reality? Do you really want to count on having a reliable Internet connection just to open a document? What about people in areas who have no access to steady high-speed Internet?

  4. What if your SaaS provider pulls the plug?
    You could wake up one morning, turn on your computer and discover that the software you need to do your work is vanished, gone, kaput. You might even be at the mercy of vendors who change your license agreement, then demand a ransom to keep your software alive. We've already seen that happen with the way some antivirus software vendors gouge you for automatic payments. What if they offer a full-fledged product, then strip the features and start charging extra for them? Or what if your vendor goes under? With locally installed software, at least you still have the software. With SaaS, you might lose the software and your data, too. Worse, what if they decide they now own all your data and can do with it whatever they like?

  5. Advertising and fakes
    How would you like it if you were working on a document and an advertisement interrupted you? Or what if you received a phony popup pretending that your document is corrupt and you suddenly need to buy some nifty (fake) software that will solve the purported problem? This already happens with fake antivirus software. I don't need it in my word processor.

  6. The potential for censorship
    Look at China's attempts to firewall their entire country and crack down on social networking sites. Relying exclusively on cloud computing could, in theory, give a government the ability to silence what it doesn't like. This is the same reason I believe in net neutrality: freedom of expression.
Of course, there may be some advantages to consumer cloud computing.

  1. Ease of use
    Imagine not waiting for your computer to start up or load an application. This would appeal to many consumers. With cloud computing you could access your software as easily as opening a browser window.

  2. Your environment can be changed at the whim of developers
    Yes, I said that above, but it can be a good thing too. You could get new features without having to install new software. It might even be cheaper since you wouldn't have to pay for the CD or DVD. Perhaps you could buy features for short-term use, as you need them. I'll bet people who make casual use of super-expensive software like Adobe Photoshop would enjoy that ability.

  3. Less expensive hardware
    Google's Chrome OS will run at first on netbooks, inexpensive PCs that require only minimal hardware to operate. With cloud computing the vendor takes on the burden of processing power; all you need is a Web browser. Again, this might be highly appealing to consumers and could help bring computing power to those who currently cannot afford it.

  4. Convenience
    Many consumers enjoy being able to work on their documents anywhere, anytime, without the need to log into a home machine or fiddle with a USB drive. That's why Google Docs is popular. People are often willing to trade privacy for convenience.
In my opinion, cloud computing is too new and untested to be forced down consumers' throats just because it's the latest IT craze. But, as an option rather than a requirement, it may provide some advantages. For more, check out this op-ed from the WSJ. Be sure to read the comments, they're interesting!

Posted byTriona Guidry at 9:00 AM 0 comments  

Labels: , , , , , ,

Protect Yourself From Zombie Computers
Thursday, July 9, 2009

There's a lot of talk in the news about the recent cyber attacks on U.S. and South Korean servers. Computers in both countries were disrupted through what are called "denial of service" attacks, when hackers use infected computers called zombies to slow or crash target servers. Zombie computers are often owned by small businesses or consumers who are completely unaware they are infected. I've mentioned zombie computers before (here and here) but it's important to reiterate how you can protect yourself and others.

Your best protection is prevention. Be sure to run a reliable antivirus program like those below (beware of the fakes!) as well as anti-spyware software. Security suites offer a way to combine those protections with a firewall to block unwanted network probes. Regular software updates are also key to keeping your computer protected. You can learn more about these techniques in my article on cybercrime. I am teaching a class on How To Protect Yourself From Cybercrime on Monday July 20th from 9:30am-11:30am in Cary, Illinois (click here for more details and registration information).

Antivirus software for PCs:

Antispyware software for PCs:

Antivirus and anti-spyware software for Macs:

For bonus tips, tricks, and other computer help, subscribe to the free email version of Tech Tips.

Posted byTriona Guidry at 11:01 AM 0 comments  

Labels: , , , , , , , , , , , ,

Summer Computer Classes
Monday, July 6, 2009

Guidry Consulting, Inc. is offering summer computer classes through the Cary Park District. Don't miss How To Protect Yourself From Cybercrime on July 20, and two classes on Internet Safety For Kids and Internet Safety For Tweens and Teens on August 17. For more information, please visit the Guidry Consulting web site at http://www.guidryconsulting.com/news.html.

Posted byTriona Guidry at 5:14 PM 0 comments  

Labels: , , , , ,

Sears Settles Over Spyware On Consumer Computers
Monday, June 22, 2009

We all have to be careful what we install on our computers, even if it's from a reputable company. Sears has agreed to settle FTC charges concerning spyware on consumer computers.

The concern is over a research project Sears conducted in 2007 and 2008 called "My SHC Community." Select visitors to the sears.com and kmart.com sites were offered $10 to install a program that supposedly monitored online browsing. But, as reported by the FTC:

The FTC charges that the software would also monitor consumers’ online secure sessions – including sessions on third parties’ Web sites – and collect information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails. The software would also track some computer activities that were not related to the Internet. The proposed settlement calls for Sears to stop collecting data from the consumers who downloaded the software and to destroy all data it had previously collected.
Personally I think burying the real intent of software like this at the bottom of some license agreement is a nasty trick, and the FTC seems to agree. The settlement is subject to public comment through July 6, 2009, so if you'd like to speak your piece you can download this PDF from the FTC.

Posted byTriona Guidry at 11:30 AM 0 comments  

Labels: , ,

Symantec, McAfee Penalized For Antivirus Auto-Renewals
Thursday, June 11, 2009

If you've ever wondered if you're being forced into antivirus auto-renewals, you're not alone. New York Attorney General Andrew Cuomo's office has reached a settlement with Symantec and McAfee over their automatic software renewal practices.

I think this is great news for consumers and businesses. There has been too much confusion over auto-renewals. Some people are not aware that purchasing antivirus software via credit card typically signs you up for auto-renewal. Others have struggled to cancel their auto-renewals thanks to aggressive policies on the part of vendors like Symantec and McAfee. When purchasing antivirus products online, I frequently find myself disabling the auto-renew option only to find it re-enabled before I reach the checkout. While I applaud Symantec and McAfee's attempts to make sure people are up-to-date on their antivirus, forced auto-renewal is not the solution.

This is also a good time to remind folks that it's better to upgrade your antivirus software each year instead of simply paying for another year's subscription. While I'm still recommending other antivirus programs over Norton, those of you who do use Symantec and McAfee products can hope that your next auto-renew process will be more user-friendly.

From the press release:

Attorney General Andrew M. Cuomo today announced a settlement with computer security software vendors Symantec (NYSE: SYMC) and McAfee (NYSE: MFE) after the companies renewed customers’ software subscriptions without the customers’ knowledge or authorization. Under the Attorney General’s settlement, both companies will make detailed disclosures to consumers about subscription terms and renewal, and each will pay $375,000 in penalties and costs.

“Companies cannot play hide the ball when it comes to the fees consumers are being charged. Consumers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months. Symantec and McAfee - two of the nation’s largest vendors of computer security software - will now have to be clear and up-front with their customers when it comes to renewal fees. In other words, no more hide the ball with renewal fees.”

Posted byTriona Guidry at 9:42 AM 1 comments  

Labels: , , , , , ,

How To Spot Bad Web Links
Friday, May 15, 2009

Computer security specialists, myself included, recommend that you avoid clicking on bad web links. But how can you tell a bad link from a good one? Even if you're going after legitimate software it may be difficult to tell the difference. To demonstrate, I've pulled screenshots from the downloads for two of my most-recommended security tools, the free AVG anti-virus program and the free Spybot anti-spyware program.

The first hurdle comes when you search for these products. As you can see from this screenshot of a search for Spybot, it's hard to tell which link to click.

The key is to look for the words "sponsored links" or "sponsored ads". These are links, often phony, which come up when certain keywords are typed. There are plenty of bad or questionable links associated with the keyword "Spybot." This is the same vicious technique hackers use to get you to click on bad links when you're searching for hot topics like "swine flu" or "virus removal." It's black-hat search optimization, and the big search engines like Google and Yahoo aren't going to protect you. They don't care if the keywords link to malicious sites as long as they're getting paid for the ads.

Let's assume you've navigated yourself to the correct page to download Spybot. Even here, there's a catch. Most software is downloaded from aggregate "mirror" sites, in this case CNet. These sites have keyword-based advertisements too, not all of them good. In this screenshot I've highlighted the ads in red, the correct Spybot download links in green. It's like an obstacle course!

The AVG examples demonstrate the same thing. Assuming you've gotten yourself to the correct download page, you've got more bad links to avoid. Sometimes the positioning is such that the bad link looks like the good one. In this case, the words in blue, "Ad Feedback," show you which parts of the page are ads. If you mentally divide the page up into regions you can see where the ads are versus where the content is.


For more tech tips, tricks and techniques, subscribe to Tech Tips.

Posted byTriona Guidry at 5:27 AM 0 comments  

Labels: , , , , ,

Profiting From Cybercrime

How much money is actually made from computer crime? Do companies lose money fighting against it? I've gathered some numbers to illustrate the burgeoning black market of cybercrime.

According to a recent report from security firm Finjan, fake antivirus software can bring in an average of $10,800 a day in profits. At $50 per user that's a lot of people being scammed, not to mention left vulnerable to viruses. Respondents to the Computer Security Institute's 2008 security assessment report that the removal of zombie or "bot" computers from their networks cost an average of $345,600 last year. The Business Software Alliance reports that piracy cost the software industry $50 billion in 2008.

Researchers investigating the Storm worm found that spam remains highly profitable. Storm advertises, among other things, pharmaceuticals, netting a potential $7,000 to $9,500 during the height of its spam campaign. This extrapolates to $3.5 million a year in revenue, with 3,500 to 8,500 newly infected computers every day.

Don't be part of these statistics. Keep your protections up to date, and subscribe to Tech Tips for the latest computer news.

Posted byTriona Guidry at 5:24 AM 0 comments  

Labels: , , , ,

Windows XP Attacks Abound: Time To Upgrade To Vista
Thursday, May 14, 2009

I'm seeing a rash of seriously infected Windows XP computers. The technical term for these computers would be toasty. Fake antivirus, insidious spyware, you name it, these computers have it, and the vast majority of them are quite well protected from a Windows XP standpoint.

It's sad to say, but our decisions to upgrade have become less about whether we need it for productivity and more about whether our computers can remain functional against the continual onslaught of cyber-attacks. Remember, Windows XP is 8 years old. These attacks are sneaking through despite our best defenses. Windows Vista is no panacea, but its improvements in security offer better protection.

If your computer doesn't meet the system recommendations for Vista--the real recs, not Microsoft's bare-minimum--an upgrade to Vista equals either an upgrade in hardware or possibly a new computer. Bearing in mind that Windows 7 is slated to come out around the 2009 holiday season, this means your Windows XP days are numbered. The good news is that your software should, for the most part, be compatible. The bad news, if you don't care for the Vista interface, is that you'll finally have to bite that bullet. If you're not sure what to do, I'm always happy to evaluate your computers at my next service visit.

Posted byTriona Guidry at 6:59 AM 0 comments  

Labels: , , ,

Mac OS X 10.5.7 Problems, Plus PowerPoint Pettiness

If you're using Mac OS X 10.5 (Leopard), avoid the latest update, 10.5.7. It's buggier than a mosquito zapper in August.

Also watch out for malicious PowerPoint presentations on Macs, or on PCs using Microsoft Works. Microsoft's Patch Tuesday this month released bug fixes for PowerPoint, but only if you use Office for Windows. No indication as to if or when Microsoft might fix the problem for Works for Windows or Microsoft Office for Mac.

Posted byTriona Guidry at 6:43 AM 0 comments  

Labels: , , ,

Securing Gmail
Wednesday, May 6, 2009

Gmail, Google's email service, has some vulnerabilities that could allow unauthorized access to your email. To beef up security, make sure you are using a secure HTTPS connection to Gmail by checking your browser's address bar. The address should begin with "https://" if you are using a secure connection. While HTTPS is not without its own vulnerabilities, it's better than naked surfing.

You can configure Gmail to always use HTTP by clicking Settings from the main Gmail window. In the General tab under Browser Connection (at the bottom), select "Always use https."

Other email services like Yahoo and Hotmail don't allow this option. Your most secure option is to download your email using a program like Mozilla Thunderbird instead of viewing it on the Web. (In my opinion Outlook and Outlook Express won't do anything to enhance your security because they have their own problems.)

Posted byTriona Guidry at 9:47 AM 0 comments  

Labels: , , , ,

The Admin Account
Wednesday, April 15, 2009

One of the great mysteries of computers is the admin account. In the past computers were standalone; that is, used by only one person. Today's computers assume multiple people will be using them, even PCs with a single owner. This means having an overriding account to manage the others. Referred to as administrator, owner or root, it has complete control over your computer.

In reality your computer has two account types, administrator and standard (or limited). Limited users don't have full control; they can't alter system settings or make other changes. Unfortunately, in a holdover from the standalone days, that often means they can't do real-world tasks like burning CDs or updating antivirus either. For this reason most folks simply use their computers under the admin account. Indeed, computer stores configure consumers to use the admin account by default. When folks do use multiple accounts (say for themselves and their kids), those accounts often have full administrative rights.

Why is this important? Because every virus and Trojan horse wants admin access. It's why they will do anything to get you to click on bad links, including trick you into thinking your computer won't work properly if you don't. (We're going to talk more about how to spot fake links in May's Tech Tip Of The Month.) And some viruses don't require you to do anything at all. If you browse the wrong Web page and are using an admin account, your computer is, in the vernacular, pwned.

Your best bet is to use limited accounts when you can, administrative ones if you must, and security software to keep tabs on what your computer is doing at all times. To create limited accounts, go to Start, Control Panel, Users and Groups (Windows), or Apple menu, System Preferences, Accounts on a Mac. In my experience Windows Vista limited accounts work better than those in Windows XP, and Mac limited accounts work better than PC ones.

In May we're going to talk about the dollar figures behind Profiting From Cybercrime. If you have any computer questions click Comments below this article, and don't forget to subscribe to the email version of Tech Tips for bonus tips and product reviews.

Posted byTriona Guidry at 10:49 AM 0 comments  

Labels: , , , , ,

What Is Java?

What on earth is that Java thing that keeps wanting us to update?

Java is a programming language for the Web. Like ActiveX, its powers can be used for good or evil. Mostly good, if you like interactive Web sites with lots of menus and options. Evil, when Java is exploited by viruses seeking to take advantage of its versatility.

You can check your version of Java in Windows by going to Start, Control Panel, Add/Remove Programs. On Macs, Java is built into your operating system, so you will receive updates through Software Updates under the Apple menu. In general you want to use the latest non-beta version. While you may not run Java directly, the web sites you use may want it, and outdated versions are a pathway for viruses and spyware.

If you want to be geeky like me you can tune into the US-CERT news bulletin service, which provides information on new patch versions for Java and other software from major vendors including Microsoft and Apple. I keep an RSS feed to US-CERT at the bottom of the Tech Tips blog. Or, if you want your computer news less geeky, subscribe to Triona's Tech Tips to receive email bulletins about security warnings that pertain to small businesses and consumers.

Next month I'll explain the fine art of How To Spot Bad Web Links. If you have any computer questions click Comments below this article, and don't forget to subscribe to the email version of Tech Tips for bonus tips and product reviews.

Posted byTriona Guidry at 10:43 AM 0 comments  

Labels: , , ,

Spring 2009 Computer Classes
Friday, March 27, 2009

This spring I'm offering several new computer classes as well as a reprise of my Blogs For Business seminar. For full information on class times and registration, please visit the Guidry Consulting web site.

To receive updates on these and future classes, click here.

  • Blogs For Business
    Sponsored by the Cary Grove Chamber Of Commerce
    Thursday, May 21, 2009

  • Protecting Yourself From Cybercrime
    Sponsored by the Cary Park District
    April-August 2009

  • Computer Housekeeping
    Sponsored by the Cary Park District
    April-August 2009

  • Internet Safety For Kids (ages 5-10 years)
    Sponsored by the Cary Park District
    April-August 2009

  • Internet Safety For Teens And Tweens (ages 11 years-adult)
    Sponsored by the Cary Park District
    April-August 2009

Posted byTriona Guidry at 10:53 AM 0 comments  

Labels: , , , , , ,

Shame On Linksys For Plain-Text Passwords
Wednesday, March 11, 2009

I was minding my own business, installing a wireless router for a client, when Linksys gave me the screaming heebie-jeebies.

At first I was pleased with the latest Linksys/Cisco installer. It's become common knowledge that wireless routers aren't secure out of the box, but what isn't widely known is how to configure them correctly. So the wireless makers have been improving the install process to help folks secure their wireless networks. The installer for the Linksys WRT110 walks you through password-protecting first the router itself, then the wireless network. Nice, I thought, until I got to the last screen...


Heebie-jeebies! Bad enough to display those passwords right there on the screen, but saving them by default to a text file on the desktop?! Text files are like candy to viruses, easy to devour. How soon before some malcontent writes a virus that searches for those text files? Hackers already scan the wireless networks of hapless users, hoping to get in with a default password. Saving plain text files of passwords is like leaving the code to the burglar alarm on the front door. The Linksys installer gives people a false sense of security, helping to change the passwords then revealing them in plain sight.

Shame on Linksys for such an obvious security gaffe, and let's hope they eliminate it in their next installer version.

Posted byTriona Guidry at 9:49 AM 0 comments  

Labels: , ,

Update Adobe Flash Player
Monday, March 2, 2009

Another day, another exploit for your computer. Today it's Adobe (formerly Macromedia) Flash Player, used by just about everyone to view video on Web pages. You may have it without realizing, as it is often automatically installed by various sites and programs.

Why is this update important? If you don't have the latest version, your computer could be attacked by viruses simply by viewing an infected Web page. "Trustworthy" sites are often infected, so your only protection is updated software, good antivirus, and a little computer security savvy.

Download the latest Flash Player today, and stay tuned to Tech Tips for the latest computer news.

Posted byTriona Guidry at 4:43 AM 0 comments  

Labels: , , , , , , , ,

Update Adobe Acrobat, Again
Friday, February 20, 2009

Bugs in PDF files have always been a problem, which is why it's a good idea to use the latest version of Acrobat. Now is a good time for a reminder because a recently discovered flaw provides a new way for viruses to infect you via PDFs.

Click here to download the latest version of the Acrobat Reader software, but there's no fix for this particular flaw yet. To protect yourself in the meantime, disable JavaScript in Acrobat for Windows by selecting Edit, Preferences, JavaScript and unchecking the Enable Acrobat JavaScript box.

Posted byTriona Guidry at 4:18 PM 0 comments  

Labels: , , , , ,

Subscribe to: Posts (Atom)