Time to pick on Apple

Microsoft gets a lot of bad press.  They’re easily picked on.  They produce the most widely used software in the world.  Their operating system is the most widely used operating system in the world (source: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0). Don’t get me wrong, in so many respects they deserve it.  I will reserve my opinion of Windows 8 for another post (need I really say more?); for now, I’ll simply remind readers of Windows Vista and Windows Me; Office 2007 and 2010.

Most aggravating, in my opinion, is the way the user interface is changed so drastically.  Microsoft seems to get some sort of perverse satisfaction from changing even some of the most commonly used features of its software and OS, seemingly hiding things on purpose.  So you search and hunt, perhaps resorting to a quick Google search, only to finally locate what you were looking for and, alas, it looks and feels and performs exactly as you’ve known it for years!

I cannot count how many times the above scenario happens to me on a daily basis.  My computer usage is all over the place. It is hard enough to learn the locations of the many apps, utilities and features I use, let alone relearn them!

But wait, you say! This article’s title implies a rant against Apple.  I’ll get to that now!

Apple is no different!  As I mentioned, my computer use is incredibly diverse.  I use many software applications, utilities and operating systems on a daily basis.  Apple flies under the criticism radar partly because their fans are so loyal, one dare not criticize the underdog and partly because of what seems to be a cultural phenomenon: if you have trouble using an Apple device, there is something wrong with you, not the device, because they are so easy to use!

I recently upgraded my MacBook Pro to the newest OS X, Mavericks.  It has been no less a frustrating experience than any update or upgrade that Microsoft has provided.  My machine runs slower, applications suddenly broke and things have been changed to the point of frustration.  Case in point: this evening, I was looking for the Network Utility app. It is a great tool that Apple includes with OS X, but it is not the kind of application that I have cause to use on a daily basis.  It has always been in the Applications > Utilities folder.  Not any longer!  Now where is it?  In the /System/Library/CoreServices/Applications folder!  Now why didn’t I think to look there?!

Microsoft Word Vulnerability

Microsoft released a security bulletin yesterday warning of a vulnerability in Microsoft Word.  A user is exposed when opening a malicious document created in ‘rich text format’ (RTF extension).

Microsoft’s fix is to disable the automatic opening of RTF documents; no patch has been issued.

Although Microsoft leads one to believe that the vulnerability exists in Word 2010, Outlook 2007, Outlook 2010 and Outlook 2013, I wouldn’t trust any version!

So folks, if you receive an email attachment in RTF format, for the foreseeable future, don’t open it!

New, dangerous, malware threat: ransomware

I don’t want to sound alarmist, but I have a responsibility to you and your data safety.

There is a new and dangerous outbreak of computer virus going around.  I ask that you continue to be extra vigilant so that your data and files are not affected.  Not only would data on your computer be affected, but data on any “shares” would also be affected.

Ransomware, has been around for a while.  Most of what I’ve seen is accompanied by an FBI warning.  The screen indicates that you are infected, or that you’ve been logged in participation of some illegal activity.  Further, you are prompted to submit a sum of money to get yourself out of the situation, hence the name, ransomware.  This particular threat takes the idea further.  It encrypts your files so that they are inaccessible until you pay the sum, at which time the software will decrypt your files and return them to you.  The consensus of opinion in the field is that, barring being able to restore a usable recent backup, there is no way of recovering your data without paying the ransom.

Remember this: the most common method of infection is by way of the computer user.

The best preventative method is user education.  Here are the best tips to avoid infection:

1) Please make sure that “Hide extensions for known file types” is disabled in Windows Explorer on your computer.  Instructions are below.  I’ve posted here on that topic before!

2) Please do NOT open email attachments with the file extension “ZIP” or “EXE”, most importantly.  Other file extensions, including PDF can contain threats.  Know the sender and if in doubt ask for assistance.

3) Be aware that people try to trick you into thinking files are safe by trying to hide the extension.  For example: filename.pdf.zip  is a ZIP file and immediately suspect and dangerous.  (This is especially dangerous if “Hide extensions for known file types” is enabled because the previous example would appear as a pdf: “filename.pdf” – note: the hidden extension is “.zip”)

4) Please be suspect of PDF files you receive by email.  If you don’t know the sender, ignore it.  If it looks suspect or something doesn’t seem right, it probably isn’t.  I see many fictitious emails sent from “Administrator”, or even my own email address or domain, with subject lines such as “invoice attached”, “Payroll reports”, “purchase order” – all sorts of ways to trick you into thinking the attachment is not only legitimate, but important.  BEWARE!

5) Install all updates – to Windows, to Adobe Acrobat, to your anti-virus application.

6) Back up, back up, back up – back up your files!!

How to disable “Hide extensions for known file types”

Windows XP users: Double click on My Computer.  Choose the Tools menu, then Folder Options.  Click on the View tab, and in the box labeled Advanced settings, scroll down until you see “Hide extensions for known file types” and make sure that there is no check in the check box.  Lastly, click OK.

Windows 7 users: Click the Start button, then Computer. Press Alt + T on your keyboard then click Folder Options.  Click on the View tab, and in the box labeled Advanced settings, scroll down until you see “Hide extensions for known file types” and make sure that there is no check in the check box.  Lastly, click OK.

Article:  http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/

Windows

Interesting tidbits in the news:

According to a netmarketshare,com Desktop Operating System Market Share report, 31.41% of all PCs still utilize Windows XP.  That’s estimated at over 500 million!

Guess what?  In April of next year, Microsoft is discontinuing support for Windows XP.  That means that in excess of 500 million computers will no longer be patched against latest hacks and malware techniques.

In other news:  According to ZDNet.com citing another report at netmarketshare.com, Windows 7 sales seemed to have outpaced Windows 8 sales over the last quarter.

Hide extensions for known file types – NOOOOOOO!

Hide File TypesWhy Microsoft?  Why?

By default, Microsoft Windows (all versions since XP to my knowledge) have the “Hide extensions for known file types” option on by default in Windows Explorer.  This can be a huge security risk, I am left to wonder why Microsoft set it that way.

How is it a security risk?  The problem exists with both downloads and email attachments.

Because file extensions are hidden, all a nefarious soul must do is add a familiar “extension” before the actual, hidden extension to potentially fool the user into thinking the file is safe.  For example a file that appears to be named “personal.pdf”, could actually be “personal.pdf.zip”, or worse, “personal.pdf.exe”.

Do you see the problem?  Because the file extension is hidden, malicious spammer can hide the true file type by adding another “.” (dot or period) and three familiar character sequences to disguise the actual file type.

Someone who is in a hurry, or not paying full attention, not on guard, may think they are opening a Word file, when in actuality, they are executing a malicious program, such as a trojan or virus.

Do yourself a favor: right now, open a Windows Explorer window (simply double click on My Computer, or Computer) and choose the Tools menu.  In the newer versions of Windows, Microsoft hid the menus too (thanks Microsoft! – sarcasm off), hit the “Alt” key, then the “T” key while holding “Alt”, then choose “Folder options…”, then click the “View” tab and scroll until you see “Hide extensions for known file types”.  Remove the check from that option and click the “OK” button.  Now the actual file type will be evident in the file name.  You’ve just eliminated one more vulnerability.

 

Passwords

KeePass password database manager

KeePass main screen shot

I read a great deal about computer security.  It is a topic that concerns me and interests me greatly. All too often the breaking news stories concern hacking and data breaches and electronic theft.

I recently read an article that suggested passwords are becoming obsolete.  With the continuous advancement of processing power and speed, the time it takes for passwords to be ‘cracked’ (guessed by trial and error) decreases and the technology required to do so becomes more accessible.  Future security measures will involve biometrics and/or embedded chips rather than passwords.  Until then, passwords are what we have and use.

Recommended in almost every article I read about security and passwords is that passwords should be ‘strong’ (not easily guessed).  In 2012, however, the three top passwords, unchanged from 2011, are still:  “password”, “123456″ and ‘12345678″.  Almost every article I read about passwords and security also recommend that people use different passwords for each site and account.  That way, if someone does manage to obtain your password, at least they won’t be able to access all of your data or accounts.  Doing so would limit the damage that could be done.

That leads to the dilemma, of course, how can one possibly remember each password for each website or account that one has?

The answer, of course, is: you can’t. To address that problem, I have seen people who use post-it notes, a journal or notebook, or even a single Word document or spreadsheet.  Even a protected Office file is not very secure.  Many people allow their web browser to store this information – very high risk!

I access a multitude of password protected sites.  I have multiple email accounts.  I have many computer log in credentials.  The number of credentials I use make it impossible for me to remember them all while maintaining an acceptable level of security.

I use and recommend KeePass.  KeePass is a password management database that uses an AES encrypted database for storing all of your access credentials and passwords securely.  AES (Advanced Encryption Standard) is NSA approved for top secret information. KeePass is fully portable, it can be installed on and run from a USB drive.  KeePass notifies you automatically of password strength. KeePass even has a random password generator built in that will make up passwords for you.  In short, KeePass is an easy to use, encryption protected password management database that requires one master password for access.

Finally, KeePass is open source and, as with many of the programs I recommend, free.

Backup, backup, backup

“Save and save often” used to be the computing mantra.  These days computers are so much more reliable, you don’t hear that phrase repeated as often.  Power outages, bugs and crashes could send people into a fury who had been working diligently on a file or document only to have time and productivity lost when the screen went black or blue.  Although not as often, it does still happen – though this post is about backups, I thought I’d remind you to save and save often…

You do back up your files, don’t you?  Hard drives fail.  They do.  I see it all the time.  There are instances when you do receive some kind of warning and you have time to create a final backup before replacing the failing hard drive.  Other times, there is no warning.

Time was, when it required a fairly good bit of misfortune to lose everything: precious photos of relatives who’ve passed, of your son or daughter’s first day of school, video of baby’s first steps, graduations, you get the point, misfortune like a house fire or a leaky roof, or flooded basement. In this digital world, all that is required is a hard drive failure.

You have to back up your files and data!  It is not only personal photos and video at stake.  I have experienced people who’ve lost hundreds of dollars in music purchases. We never really had much to worry about with albums, cassettes or CDs, but now with music and video downloads there is much at stake.  All of your email communication could also be lost.  Not to mention data files and documents.  With hours of labor involved, it is hard to attach a monetary cost to such items.

Put in perspective, spending $150 to $200 for an external USB backup hard drive is cheap insurance to protect your digital valuables.

Personally, I use a Synology server, which I mentioned in a previous post.  It was much more expensive than a simple external back up device, but still when compared to the value I would stand to lose, it really is cheap insurance.

Why I don’t like “Cloud computing”

It was announced that on July 1st, 2013, Google will shut down Google Reader, an application for organizing and reading favorite web sites and blogs via RSS feeds.

Google’s decision is as a result of declining membership: “While the product has a loyal following, over the years usage has declined. So, on July 1, 2013, we will retire Google Reader.” as indicated on their Google’s blog.

One of the benefits that developers of cloud based applications claim is that you do not have to purchase and install updates or upgrades. Because the application is cloud based, when updates and upgrades are applied, all users instantly benefit.

I do use cloud based services. I’ve used QuickBooks Online, Dropbox, and Gmail among them.

I’ll never embrace them fully. What happens when an update applied is something you neither want nor need nor like? Applications that are actually installed on my own machine allow me to decide for myself whether I want to upgrade or not. What happens if a service is sold or shutdown? As recently happened to me with an anti-spam filter, and now with Google Reader. What if the provider determines that the service is no longer for their benefit, what about your benefit? Finally, although some amount of privacy protection is written into most services Terms of Service, some more than others, how private is your information when transferred over the internet and stored on someone else’s machine? Couple that with the fact that, as any Facebook user knows, terms tend to change. Here’s another relevant article about cloud storage privacy.

I like the “old way”, LOL!

I store my own files and data on my own computer and back up accordingly. I use Dropbox merely for convenience and the ability to share files with others. My primary email accounts reside on my machine and I back up my email boxes. When away from the office, I check via web based email or on my mobile. I buy a software license and install the application to my computer. I have the freedom to decide whether I update and upgrade or not.

Proper (data) disposal of your old computers

What do you use your computer for?  Do you use it to file your taxes?  Do you purchase items online?  Do you perform financial transactions?  At the bare minimum you have personal information, including communications, that you’d probably rather remain private. Have you ever considered whose hands your data might fall into?

How do you dispose of your old computers?  Do you recycle them?  Do you throw them in the trash? Do you pass them along to someone who might make use of it?  What happens when that person is finished with it?  Where your personal data may end up can be anyone’s guess.

But you deleted your data before you disposed of the computer, you say…  Are you aware that using recovery software, even deleted files, if not properly overwritten, can be retrieved.

If you’d like to ensure that your data is properly removed from an old computer, or old hard drives, please contact me.  I can help.  My disposal techniques adhere to D.O.D. (Department of Defense) standard 5220.22-M.

Consider the contents of your USB drive, should you lose it

What do you carry on your usb drive?  You know, the little device, sometimes referred to as a thumb drive or flash drive.  If you are like me, the contents change constantly.

Have you ever considered your reaction should you lose it, or it gets stolen?  Perhaps you have private information, tax forms, client information – most certainly your home address and contact information can be found on your drive.  Perhaps you even have more sensitive information like accounts and passwords.

I’ve never lost one (knocking on wood!).  I have, however, misplaced one for a time, unsure of exactly its whereabouts. Immediate note to clients: none of your data was ever at risk.  I was reassured and had peace of mind because I use disk encryption software to protect data on my thumb drive.  Easy to use, my disk encryption software utilizes 256 bit AES encryption (NIST-certified AES 256-bit encryption).  With that level of encryption, depending on the number and type of characters in your password, it would take years to brute force attack the file to open it.

By the way, the same thought applies to laptops (even desktops in the case of home theft).  Have you considered what might be lost should your laptop be stolen?

If you carry files and data on your portable drive that you would rather keep private, speak with me about encryption options.  There’s no need to lose sleep over not knowing where your data will end up.