Orphaned Server Accounts
Thursday, January 15, 2009
Pardon me, but you've left an orphan out there. Orphaned accounts are email or web usernames that are no longer used but haven't been deleted from the server. Small businesses and consumers alike would do well to clear their electronic trails of such wayward offspring.
For small businesses, orphaned server accounts can be an unseen hazard. Imagine you've let an employee go but haven't deleted their account. They could log in and grab sensitive data or rig the system to self-destruct; these days you don't need to be a computer whiz to do it. It's wise to make deleting accounts part of your standard personnel procedures. Avoid sharing accounts and passwords; set up individual IDs with specific access instead, and don't be tempted to leave post-its with passwords in your office. That deliveryperson could be a hacker in disguise.
Consumers should be aware of the orphans they may leave while visiting online sites. If you set up an email or web account somewhere but aren't using it, contact the site and ask them to delete it. Ironically, you may find some sites don't have a procedure for doing so. Talk to their tech people and request written confirmation that your account has been deleted. Otherwise you never know what someone else might be doing in your name.
Next month we'll talk about Alternate Web Browsers. Don't forget to subscribe to the email version of Tech Tips for the latest computer news.
Posted byTriona Guidry at 6:42 AM 0 comments
Labels: advanced users, consumers, Internet, passwords, security, small business
How To Protect From Cybercrime
Friday, August 15, 2008
If the cybercrime situation is so dire, what can an average person do about it? I present the four-legged chair of computer security. Without all four legs, your computer's defenses could collapse.
- Antivirus software
You know this; what you may not know is that antivirus alone does not catch every threat. - Anti-spyware software
Spyware is software you don't want, similar to viruses but using different tactics. Adware, malware, keyloggers, Trojan horses, they all fit into the category of spyware. - Firewall
Just like a fire door in a hospital, a firewall keeps out Internet nasties that try to sneak under the radar of antivirus and anti-spyware software. - Regular updates ("patches")
Every program has bugs, and these bugs can be used by viruses to manipulate your computer. Harden your security defenses by keeping your software up-to-date.
If you have a company-owned computer, talk to your IT department about the protections that are installed. Find out if your corporate network prevents laptops from logging on unless the laptop has updated security. You can also explore one-time password systems, or biometric options like the fingerprint scanners now built in to most laptops.
Do you have questions about protecting yourself from cybercrime? Ask them here (click Comments below any article), and be sure to sign up for the email version of Tech Tips for bonus tips and product reviews.
Posted byTriona Guidry at 8:49 AM 0 comments
Labels: alerts, antivirus, beginners, computer help, consumers, firewalls, Internet, keyloggers, mac, norton, passwords, phishing, security, small business, spyware, web, windows, zonealarm
Software Scams
Tuesday, August 5, 2008
[This article is reprinted from the May 2007 issue of Triona's Tech Tips. Software scams remain a nasty plague on consumers. Be wary of any programs that offers themselves to you via a popup window or flashy Web ad.]
I hate seeing my users scammed. And there are some nasty scams out there, including this tricky one involving the online upgrade of software.
Here's what happens. The user receives a legitimate renewal reminder from his Windows antivirus software. He searches the web for the upgrade, and that's where the scam begins. He clicks on what he thinks is the correct link, and is directed to a website that looks like the right place. He selects his upgrade, puts in his credit card number, and installs the provided program. He is left with a new icon that seems to be doing all the things antivirus software should do. Except it's not antivirus software at all, and that card number just got swiped.
The culprit is "Win AntiVirus," also known as the SmitFraud trojan. This pest mimics the styling of Norton AntiVirus, and it's slick enough to fool almost anyone. The first time I encountered it, I had to do some careful checking to determine it didn't belong.
Since it's not a real antivirus program, "Win AntiVirus" leaves you vulnerable to real viruses. Usually when I find it, it's because I've been called in to fix something seemingly unrelated, like being unable to print. That's just a symptom of the real issue, which is that your computer is now minus its protections and susceptible to whatever comes along. The way search engines like Google work only adds to the problem. The scammers purchase advertising keywords so that when you do a search, their scam link comes up near the top of the list.
Upgrading your antivirus software is an important thing to do, but keep an eye out for tricks like this. When in doubt, type web addresses manually instead of clicking on a link. If you're a Norton user, the place to go is Symantec. McAfee, Trend Micro, and the free AVG and ClamWin programs are all legitimate products as well. The links here on Triona's Tech Tips (see below right, under "Windows Help") will point you to the real deal.
Antivirus is not the only software spoofed. Spyware, the collective term for software you don't want, often has the hubris to masquerade as anti-spyware software. Those free "PC cleaners" you see advertised in spam emails are just trying to get you to install their junk so they can zombie your computer like we discussed a few months ago. I have actually seen such scams advertised on television, no less! Avoid using software that is advertised via spam or pop-ups, and be sure you know whose product you are using. Of course, purchasing from a store is a workaround against online scams.
If you've been victimized, it's time to pull out the big guns to protect your identity: FTC's Identity Theft website. In Illinois, the Attorney General has also set up an Identity Theft hotline at 1-866-999-5630. I don't know what happens to the credit card that was entered, but it can't be good. You also need to clean off your machine, and sadly in the case of "Win AntiVirus," usually the best choice is to reinstall from scratch. Otherwise you'll never know if it's really gone.
We talked before about how to create stronger passwords using my handy tipsheet (PDF). If you haven't had a chance, give it a try. Remembering passwords is much easier than trying to recover a stolen identity!
Posted byTriona Guidry at 9:30 AM 0 comments
Labels: alerts, antivirus, beginners, Internet, passwords, scams, windows