Saturday, December 1, 2012

Windows 8

Windows 8 was officially released by Microsoft on October 26th. This week we had our first Windows 8 machine come through the door for a service. This was the first time I've personally used the final release of Windows 8, and it was definitely a different experience.

The first thing you'll notice when you sit down at a Windows 8 computer is that it looks nothing like any Windows machine you've used before. The interface was designed to look more like Android or iOS than previous versions of Windows. What Microsoft has essentially done is replace the Start Menu with a Start Screen. This has caused quite a bit of confusion for people that aren't prepared for this new approach. Everybody is comfortable with the idea of booting into a blank desktop and having to click on a menu to bring up a list of programs. What Microsoft has done is to do away with that blank desktop and now you boot directly into a screen that is really just a redesigned Start Menu. All of your programs are represented with large square icons instead of written in list form, but other than that it's essentially the same. If you are completely uncomfortable with the new look there is an icon that will take you to a traditional Windows desktop view. However, there is no Start Menu on this desktop, and you'll have to go back to the Start Screen to open any programs or perform any functions that you haven't made desktop shortcuts for.

The second main difference I noticed with Windows 8 is what Microsoft is calling charms. There are now two types of Windows programs. There are the traditional programs that we're used to that open in a re-sizable window that we can move around the desktop. The second type are programs that are specifically designed for Windows 8. Instead of a plain square icon on the Start Screen, these programs have live tiles which give access to constantly updated information about that program. An example is Microsoft's email program, which will let you know how many new messages you have and alert you when new messages come in by displaying the information directly on the icon on the Start Screen. These Windows 8 programs also launch as a full screen. When you launch Internet Explorer, for example, there is no desktop behind it. It is the entire screen and it can't be resized. If you are browsing the web and want to check your email you have to exit back to the Start Screen and open the email application. To go back you then have to exit the email app and relaunch Internet Explorer. The experience was very similar to using a smart phone or tablet. There are quite a few programs that have already been put out specifically for Windows 8, and Microsoft has started an app store. This store is similar to Apple's and Google's app stores. There is an icon for the app store on the main Start Screen and you can purchase and download programs directly from their much as you do on an Android or iOS device.

Another thing that jumped out at me was that Microsoft definitely designed Windows 8 to be used with a touchscreen. Luckily, the laptop I was working on was equipped with a touchscreen. I was able to navigate using the touchpad, but it was very cumbersome and I couldn't imagine trying to put in a full day of work that way. If you are in the market for a new computer and are thinking about Windows 8 I would put a touchscreen on the top of the list of required features. If you are thinking of updating to Windows 8 and don't have a touchscreen I would probably advise you to hold onto Windows 7.

Windows 8 comes in three different flavors. In this area Microsoft has improved quite a bit and it's very simple to figure out which version you need. Standard Windows 8 is for home users, Windows 8 Pro is for small to medium sized businesses and Windows 8 Enterprise is for large businesses(more than 500 systems). If you're running a business out of your home and find it necessary to network multiple computers there are features in Windows 8 Pro that will make it worth the upgrade.

Thursday, November 22, 2012

Black Friday Deals

Happy Thanksgiving from all of us at UCC. We know that some of you are going to be heading out this weekend to stock up on the Thanksgiving weekend savings. We just wanted to give you a quick reminder of how to make sure that you're getting the most for your money when it comes to electronics.

The first thing to realize is that just because something is advertised as a Door Buster doesn't necessarily mean that it's a great deal. I have been researching the advertisements and have spotted several “deals” that are actually full priced. This is usually done by advertising an older model of a popular product knowing that people will become confused and buy it without realizing that they have last year's model. The products that I'm seeing this the most in is tablets. Companies often release new tablets every year with very similar model names in order to capitalize on brand recognition. I've seen last year's iPad, Kindle Fire, and Samsung Tab all marketed at their full retail price and labeled Black Friday Specials. Electronics always get less expensive as time goes on. A store is able to give an inflated retail price by going off of the manufacturer's original suggested price even though that price hasn't been used any time recently.

Another thing that many people don't realize is that while products may be marked down from last month's prices, those prices are often times marked up from where they are at other times of the year. For example, many electronics stores are advertising high definition televisions in their Black Friday ads. If you need that new TV for the holidays these can be great deals. However, research has shown that if you wait for the Super Bowl sales that happen in January you can save even more. The new models of TVs come out in the spring and the stores are looking to capitalize on the popularity of the Super Bowl to clear out last year's models. The same is true for digital cameras. The new cameras come out in spring, so shopping in January and February can lead to better deals than Black Friday has to offer.

The last thing that I want to mention is to watch for cheap imitations. Some stores will try to pass inferior electronics off because they can claim to have ridiculously low prices for items that common sense says should be way more expensive. The general rule of thumb is that if you don't recognize the name of the company that makes a product stay away. Tablets seem to be the hot item for this trick, though I have seen it with laptops and TVs. A store will advertise an “Android tablet” for $80. They don't make the specifics immediately obvious, and further research shows that that tablet is a cheap Chinese knockoff that's only worth $80 to start with.

The trick to getting great deals on electronics on Black Friday is to do your homework in advance. If you see a deal that looks too good to pass up make sure you get a specific model number. Then go online and check what that model is selling for at other stores, don't trust the regular price that's shown in the advertisements. Price tracking sites such as can be great as they will show you the current price of a product at multiple stores. They can also show you a history of what a particular item's price has been over the last year. This can give you an indication of how good of a deal you're actually getting.

There are definitely good deals to be had on Black Friday. Unfortunately, there are an equal amount of sales that are made by preying on people getting caught up in the hype. By following these tips and doing your research you can make sure that you're getting the most bang for your buck during this year's festivities.

Saturday, November 17, 2012

Too Much Power?

The least thought about computer component is the surge protector. Most people put careful consideration into how much processor power or how much memory they need in their system, but protecting those components is an afterthought. It's not uncommon for people to let us know that they can get power strips for their computers at Wal-Mart for five dollars, and they work just fine. Unfortunately, these are usually the same people who are coming in with hundreds of dollars in damage to their systems caused by power surges.

The first step to understanding why we need to invest in quality surge protectors is understanding why we need them at all. Everybody understands that if a bolt of electricity hits a power line near your house there will be a large electrical jolt. What most people don't realize is that there are smaller power fluctuations that occur in our electrical systems every day. These surges are usually small and short lived, so most electrical devices are unaffected. However, electronics such as computers and TVs have relatively small and delicate components that can easily be damaged by these fluctuations. When contemplating power fluctuations, it's usually easiest to compare electricity to something we have more experience with. I like to use plumbing as an example. Everybody is familiar with the idea that as you turn on more faucets in your house the water pressure to each individual faucet will drop because the pressure is being divided between the open faucets. We also know that if we shut off all of the faucets except for one that single faucet will have a sudden spike in pressure. The person that is using that faucet will recognize that they are all of a sudden getting a lot more water than they expected, and they will turn the water down. However, there is a short time between the water pressure jumping up and that person turning the water down where the water was gushing out of that faucet way faster than was needed. The same thing happens with electricity. When your refrigerator or air conditioner is running your electrical system will draw extra current from the power grid to compensate. When those appliances kick off there is a small delay where your system is suddenly getting more power than it needs. That electricity has to go somewhere, so everything that is still plugged in and turned on will experience a surge in electrical power.

A large power surge, like a lightning strike, can be dramatic and the effects immediately obvious. When you hear thunder and all of a sudden there is smoke pouring out of your computer, it's not too hard to guess what happened. However, smaller power fluctuations can have a cumulative effect on your system. While the effects are not immediately visible, over time they can do the same amount of damage. If we go back to the plumbing example, an average home system is designed to withstand 80 psi of water pressure. A large burst of 1000 psi of water pressure will produce immediate and dramatic results. Usually this would look like all of your pipes simultaneously bursting. However, having the water pressure spike to 100 psi several times during the day won't have any immediate noticeable effect. That doesn't mean that the damage isn't being done. Sooner or later all of your fixtures will start to fail, and if left enough time your pipes will begin leaking as well. Likewise, the circuits in your computer's components are designed to carry a certain amount of electricity. A lightning strike will cause many of them to burst dramatically and at the same time and routine but smaller fluctuations will cause them to fail one at a time.

If these fluctuations are happening constantly in most homes, how do we protect our computers from them? The answer is surge protectors. A surge protector is really just a power strip with an extra circuit that can absorb sudden bursts of electricity. This energy is then either released into a grounding wire or gradually released back into the main circuit depending on the design of the surge protector. These extra circuits have a rating of how much electricity they can handle. This rating is measured in joules. I would recommend purchasing a surge protector with a rating of at least 3000 joules. This will protect you from the small to medium power surges that are seen most often in people's homes.

The last point I want to make is that surge protectors work by sacrificing their own circuits in order to protect your electronics. Every surge that a power strip absorbs lowers it's performance rating for subsequent strikes. Over the course of four or five years, the protection of a surge protector can be completely exhausted even if you've never noticed a serious power surge. For this reason, most quality surge protectors on the market today will have an indicator light to let you know if they are still operating at an adequate level to protect your components. I would strongly recommend replacing your surge protectors every two to three years and making sure that any new surge protectors purchased have an indicator light so that you can visually see when they need replacing again.

Friday, October 19, 2012

$250 Laptop

There was another presidential debate this week, and it was clearly evident that no matter how different the views were on most issues there was one issue that both candidates could agree on. Our economy has gone through some rough times in recent years. While most people are willing to spend an ever-growing percentage of their budget on technology, the fact is that most people simply don't have a lot of money to spend on anything right now. In light of this fact, Samsung and Google have collaborated and announced Thursday that their new $250 laptop will begin shipping on Halloween.

The first question that comes to mind is “How good can this thing be for $250?” The answer may surprise you. While the new Chromebook is admittedly not going to replace your desktop computer anytime in the near future, it is surprisingly capable of handling most day to day tasks for the average user. As the name implies, the Chromebook is loaded with Google's Chrome OS. As one would expect from a Google product, this platform is geared towards web usage. However, it also comes with a variation of most of the applications that you'd expect to find on any other laptop. Web browsing is handled by the popular Google Chrome browser. Google Docs handles the text editing and spreadsheet functions. It also comes preloaded with calendar, notepad and media player applications. It has a webcam for video chatting and is available with WiFi and 3G chips installed for Internet connectivity.

The hardware is not what you'd find on a $1,200 MacBook Pro, but with Google's light weight applications it performs admirably at 17% of the price. Samsung used an ARM processor in place of an Intel chip. What this means is that the computer runs extremely efficiently allowing for 6.5 hours of battery life and does not need a fan. With no moving parts the computer is absolutely silent. While there is no optical drives for CDs or DVDs there are two USB ports to allow for external peripherals.

Of course there are always trade-offs. Otherwise every laptop would only cost $250. With the Chromebook you have the processing power to play 1080p high definition movies, but you can forget about playing the latest and greatest video games. Being a Linux based system, you also can't install most software that is made for Windows. However, you can download and install software from Google Play, the same app store that is used on Android devices.

While this new laptop isn't going to replace your desktop workhorse, if you are one of the 90% of people that spend 90% of their time online or on email this might be a great fit for you. At $250, it is also an option for families that want to get a second computer for their kids but don't have the income to spend on a Windows-based system. It could also be useful for people that aren't technologically inclined as the Chrome OS is wonderfully simple to use, and isn't vulnerable to malware and viruses that plague Windows and Apple products. Another group that could find value in this system would be students. At 2.5 lbs. and 8” across, the Chromebook will easily slide into a backpack for easy travel. Whether or not you fit into any of these categories, the Chromebook might be worth a look for you.

Saturday, October 6, 2012

Speed Up Your Start Up

One of the more common services that we perform is to optimize start-up programs. This is also one of the services that our customers seem to find the most surprising. However, when we look at a computer that is running slowly and bogging down under heavy loads unnecessary start-up programs are one of the most common culprits.

Start-up programs are exactly what they sound like. They are programs that start when you boot into Windows. They usually run in the background, and for the most part are not malicious. The most recognizable start-up programs are anti-viruses. Odds are you have an anti-virus running right now, and it started automatically when you booted into Windows. It's a background process, which means that there's no window that opens to tell you that you're running your anti-virus. There's usually just a little icon next to your clock that lets you know that you're being protected.

In the case of an anti-virus, we want that program to start every time we log onto the computer. It prevents incidents where we forget to protect ourselves before going online or checking our email. However, in many cases start-up programs only serve to draw off of system resources and bog down our system. Most of the times these programs are put out with good intentions by software developers, and individually they don't have much affect. The thing to remember is that your system has a limited amount of processing power and a limited amount of memory. Any program that is running pulls from that central pool and leaves less resources for you to use as you go about your tasks. Think of the water pressure in your home. If you're taking a shower and somebody decides to wash their hands in the kitchen, no problem. However, if every faucet on the house is turned on, the washing machine is running, and you're watering the garden you might be in some trouble when it comes time to rinse the shampoo out of your hair. The same is true of start-up programs. Having a couple programs constantly running in the background isn't going to be noticed, but when they start to add up you start to have problems.

I'm going to use the computer I'm on right now as an example of what I'm talking about when I say that start-up programs aren't malicious just unnecessary. I'm writing this article on my home computer that is used by my entire family. I have a smartphone that I plug in occasionally to load the pictures that I've taken so that I can back them up. We also connect our digital camera for the same reasons. We have a GPS that gets connected for map updates once every six months. My daughter has an electronic book reader that gets connected to download new material. Each of these actions requires us to download and install a program to let the device interact with the computer. Knowing that people don't want to try to find the proper application when they plug in a device, the manufacturers of these products have their programs start in the background when the computer is booted. That way, when we plug a device in it magically pops up the correct software. Because of this Samsung, Canon, Magellan, and Leapfrog all have programs that are set to constantly be running on this system. This doesn't even include the three different programs that HP has set to constantly run to keep track of my printer. You can see how this can quickly add up.

While the device manufacturers have good intentions, the thing to remember is that most of these devices are connected less than once a month each. In order to avoid the hassle of opening a program once a month I now have 7 unnecessary programs running constantly. This is in addition to the programs that I actually want to automatically run. Overall, on this machine I have 20 programs that are set by default to start on boot up. The other 13 are made up of software updaters, anti-malware, and utilities I use to track various metrics on my machine.

As you can imagine, having 20 programs running in the background may have some affect on the performance of my machine. When I have an email program, web browser and word processor open as I do now I've upped that number to 23. This is actually a pretty mild case, as it's not uncommon for us to see systems with 40 to 50 start-up programs. Therefore, it's not to surprising when the customer tells us that the computer is slow even though they only have a web browser open.

What we do when we perform a start-up optimization is to actually go through the start-up programs one by one and determine if it's something that needs to be run every time the computer is booted up. We can then deactivate the programs that are only used occasionally, thus freeing up your system resources. I have been able to cut my start-up programs down to 13 by eliminating the device helpers I mentioned earlier, thus freeing up nearly half of the resources drawn by my background processes.

I have to mention that some of the start-up programs are needed by Windows to operate properly. While it is possible for you to perform a start-up optimization yourself, deactivating the wrong programs can leave your system inoperable. A good example of this is Windows Explorer, which provides the taskbar and start menu. If you deactivate this you will have some trouble navigating your system. If you have any doubts about what a program does, play it safe and leave it activated.

Saturday, September 22, 2012

Internet Explorer Drama

A security hole was found in Internet Explorer early this week that allows cybercriminals to download and run programs onto your computer. How it works is that the program is uploaded to a web server and when a victim browses to a page on that server the server exploits the security breach in Internet Explorer to download the malware with no interaction from the user. A security analyst stumbled upon it while browsing the Internet. The hole is what's known as a zero-day exploit. What this means is that the security breach was found “in the wild” before anybody knew it even existed. So far, there have been three verified cases of web servers exploiting this security hole.

Microsoft has deemed this as a critical security flaw and hustled to create a patch to make their browser safe against such attacks in the future. The patch was released on Friday, September 21st. If you have Windows set to automatically install important updates your system will have installed this update for you. If not, go to To manually download the security patch. You will have to find the version of Internet Explorer you are using and then finding your version of Windows. The blue colored text that reads Internet Explorer X is a link to the appropriate download page for your patch. When you get to that page there will be an orange Download button. Click that button and your browser will download the patch. You can find what version of Windows you're running by clicking the Start Menu and right clicking on Computer or My Computer and selecting Properties from the drop-down menu. You can find your Internet Explorer version by opening Internet Explorer and clicking on Tools and then About Internet Explorer.

While Microsoft was quick to react to this threat it brings up a deeper issue with Internet Explorer. 10 years ago, Internet Explorer was synonymous with the Internet. In 2004 IE had an estimated 91% of the market share. It was simply the best browser you could find, and coming preloaded with Windows there wasn't a reason to look for alternatives. That is no longer the case. In the last 8 years IE's market share has plummeted to an estimated 23%. There is good reason for this fall. Other browsers have caught up to and surpassed IE in nearly every relevant metric. Compared to the competition, IE is slower, takes up more system resources, is less secure and strays farthest from web standards meaning it causes errors on more web pages. For these reasons IE has lost nearly 70% of the market share despite being preinstalled on 90% of desktop computers. While Microsoft did a good job of patching this security hole once it was found, the fact remains that it was a hole that simply didn't exist on any other browser. In light of this last security snafu, many security agencies and governments have urged people to switch away from IE.

By this point in the article you can probably tell that I would be one of those people urging you to drop IE in favor of one of it's competitors. What competitor would I recommend? That depends largely on personal tastes. I will give a brief rundown of the three most popular and well regarded alternatives and leave it to you to decide which is right for you.

Google Chrome – Chrome has become the new market leader in the web browser arena. There are two main reasons for this. Google's goals when it set out to create a browser were to make it faster and lighter than anything on the market and to make it quick and easy to keep up to date. It has succeeded in both areas. Chrome is lightening fast and takes up a small fraction of system resources compared to any of the others on this list. This leaves your computer free to perform other tasks while you have the browser open in the background. However, the upgrading is where Chrome has really separated itself from the competition. Chrome's default setting is to check for, and install, upgrades automatically in the background whenever you launch the browser. This means that if you use Chrome you never have to worry about upgrades or security patches as the browser will take care of this without you even knowing. If this security hole was found in Chrome instead of IE the patch could have been put out the same day and the next time you launched your browser it would have been installed.

Mozilla Firefox – Anybody that was using the Internet in the late 90s remembers the old Netscape browser that gave IE a run for it's money. Unfortunately, Netscape was a relatively small company and simply couldn't compete with Microsoft in the web browser arena. In the end they had to close the doors and stop producing their program. Instead of letting Netscape die, they gave the code to the open-source community known as Mozilla who had been struggling to get their own browser off the ground. Armed with the code from Netscape, Mozilla created Firefox. Since that time, Firefox has been the go-to alternative for people looking to ditch IE. Much of the market share that has been lost by IE over the last 8 years has been lost to Firefox, who now owns an estimated 19% of the market itself.

Opera – The last browser I'm going to mention is Opera. Opera is produced by a privately owned company in Norway. Opera is credited with being on the cutting edge of browser technology despite holding just 5% of the market share. Opera was the first browser to offer features such as tabbed browsing, mouse gestures, caching to RAM, webpage zooming, saving sessions so that you can start from where you left off when reopening the browser, integrated search, pop-up blocking, speed dial, and many others. As you can see, the browser you currently use wouldn't be what it is without copying features from Opera. The feature that I like most, which is now also included in Chrome, is the ability to log into the browser. This will save all of your settings to an Opera server. When you log in from multiple locations Opera will sync the settings so that your favorites and history will be the same where ever you log in from.

There are many other options to choose from, and the differences could be daunting. My suggestion would be to install a couple and decide for yourself what you prefer. If you decide to stick with Internet Explorer though, make sure to follow the link above to the security patch and download it. Even if you have automatic updates activated, you can never be too safe with your online security.

Monday, September 17, 2012

Social Engineering

It seems like once a week we get somebody walking into our store and telling us about a phone call that they received telling them that there's a problem with their computer and offering help to fix it. These calls are supposedly from antivirus companies, Microsoft or even the FBI. These calls are actually coming from criminals using a method known as social engineering to gain access to your computers. I call them criminals because what they're doing is known as pretexting and as of 2007 it is a federal felony.

Social Engineering operates on a very simple premise. That premise is that it's much easier to trick someone into giving a password for a system than to spend the effort to crack into the system. Likewise, it's much easier to trick somebody into typing commands into their computer than it is to write a trojan or virus to run the commands. This is what we're hearing about from our customers. The scam involves somebody calling your house and claiming that they're from Microsoft and that they have reports that there's a problem with your computer or your copy of Windows. In order to avoid problems for you they'd like to verify your software. They direct you to open a command prompt and type in a series of commands. After you do so, they kindly tell you that everything appears fine and apologize for the inconvenience. This seems harmless enough, but what you've actually done is open a backdoor for the person on the other end of the phone to run code remotely on your computer. Your antivirus programs won't be triggered because you've physically typed the commands in yourself. Your computer is going to assume that you knew what you were doing.

A variation of this that we're seeing a lot of lately is a version of scareware that pops up a screen when you log onto the Internet that appears to be from the FBI. The screen will tell you that you've been logged as having downloaded illegal porn or pirated movies and/or music. It will advise you that your Internet services have been discontinued until you pay the fine for the illegal downloads. It will then prompt you to make a payment via credit card for several hundred dollars. If you fail to make the payment within a matter of hours a warrant will be issued for your arrest. This scam relies on the fact that a large percentage of people engage in behaviors that would bring them close to downloading illegal materials. Many aren't sure if they've done anything illegal when faced with an ultimatum like this. Due to the embarrassing nature of the supposed crimes, people are more likely to pay the money to make the problem go away. The problem is that these screens aren't put up by the FBI and the minute you enter your credit card or bank account information your accounts will be drained and your credit cards will be maxed out.

Both of these scams are becoming very common place. With malware protection becoming more complex and effective it is becoming harder and harder for criminals to gain access to your computers through technological means. This has caused them to revert to the simple act of preying on the trust of their victims. As of this time I am not aware of any company or agency that is going to contact you via phone or web browser to let you know that there is a problem with your computer. The FBI is not going to flash a screen on your computer to accuse you of crimes. They will knock on your door with a warrant. If you are contacted by somebody looking for information about your computer or asking you to run any commands on your computer, do your research. Ask them if you can call them back, then look up the number that they give you and see who it's registered to. If you have any lingering doubts, please call us at 262.767.3300. We will be happy to look into the situation for you.

Friday, September 7, 2012

More For Your Money

Everybody knows that technology becomes outdated and even obsolete at an alarming rate. The newest laptop or gadget can set you back a pretty penny, but in the blink of an eye you're told that it's not capable of performing the tasks that you require. Today I want to look at how to stretch your dollars in regards to your technology budget.

The best way to get the most bang for your buck is to make purchases near large release dates. There are two approaches to take, and which you go for depends on whether you need the latest and greatest or are looking for an upgrade without breaking the bank. You can take the early adapter route and buy new technology the moment that it becomes available. This way, you maximize on the time you have to work with your new device before it becomes yesterday's news. The flip-side to that coin is the option to purchase last year's model at extremely discounted prices. Using this method you get a device that is still very capable, though not cutting edge, at a price that allows you to upgrade more often.

Technology companies tend to clump their release dates together so that competing companies have competing devices coming out almost simultaneously. This is due to the companies trying to one up each other. When one company announces a news release for a new product there is a race for all the other companies to get their product to market faster. We are in the middle of one of these races right now. On September 5th, Microsoft & Nokia held a press conference to announce the new Nokia Cell Phones that will be running the Windows Phone 8 operating system. The same day, Motorola and Google announce a new line of cell phones running a new iteration of the Android operating system. On September 6th Amazon held a press conference announcing a new line of Kindle ereaders and tablets. Apple has a press conference scheduled for September 12th where they are expected to announce the new iPhones and iPods as well as updating their line of desktop and laptop computers. This is all coming to a head right before Microsoft releases the Windows 8 operating system for tablets and computers on October 26th.

What do all of these announcements mean to you? For starters it means that if you're interested in purchasing a new computer or gadget immediately you can get a great deal on what is considered the best on the market today. In anticipation of their new products Apple has already marked down their current products, discounting their current line of laptops up to $200 off of their price from just a month ago. Amazon has marked down their current Kindle line, although they have unfortunately already sold out of their current generation Kindle Fires. On the smart phone front, waiting until the Apple announcement to make a purchase should allow you to save significantly as carriers look to unload their current stock before the newest phones hit the shelves.

The release of the Windows 8 operating system should provide many deals on the home computer front. Windows 8 will take advantage of a new way to boot a computer. In the past BIOS was the preferred method of getting a computer to turn on and load an operating system. Windows 8 will be incompatible with BIOS and will instead rely on UEFI. What this means to consumers is that the vast majority of computers in use today will not be upgradeable to Windows 8. As the release date approaches we should see a similar markdown in computer prices as retailers look to clear out stock on items that aren't compatible with the newest operating system. If you don't mind using Windows 7 for the foreseeable future you can leverage this into huge savings. Keep in mind that as of this writing Windows 7 is the latest and greatest that is available. If you absolutely need a computer that will run Windows 8 purchasing one in November should allow you to select a computer whose hardware will give out before it's software becomes obsolete. Either way, the ideal time to buy is quickly approaching.

Technology is always going to be a money loser in the long run. The computer that costs you $1000 today will be a paperweight in a matter of years. There is no avoiding this. However, with a little bit of timing you can insure that your investment will last longer and have a higher return than the average. Hopefully I've given you some tools today to help make sure that that happens.

Friday, August 10, 2012

Patch Tuesday

Next Tuesday, August 14th, is the second Tuesday of the month. Every month on the second Tuesday Microsoft releases it's latest batch of updates. The vast majority of these are what is known as security patches. As an illustration, think of your computer as an air mattress. All of your personal information is the compressed air inside of the mattress, and the mattress keeps that compressed air separate from the rest of the world. Along comes a computer hacker, and he starts poking holes in that air mattress releasing your information, and possibly control of your system, to the outside world. Once a month, on Patch Tuesday, Microsoft comes along with security patches to fill those holes and make your system safe again. This month's batch of updates is particularly interesting. Microsoft has announced that it will be releasing nine security patches, five of which it considers critical.

In order to understand why next week's updates are so important we have to understand what Microsoft's criteria is to deem an update critical. Microsoft's definition of critical is an exploit that "could allow code execution without user interaction". This means that somebody could access your computer and run commands without you having done anything at all to allow it. You also wouldn't necessarily be notified in any way that this is happening. In other words, these security holes allow hackers and malware access to your system, without your knowledge, whenever they feel like causing some damage. One of these flaws even allows for elevation of privileges, meaning that malicious code can operate with administrative authority even if your user account doesn't have admin privileges. This allows hackers and malware to access parts of your system that you can't even access, which makes it extremely difficult to correct the problems that they cause.

So now that you know what a critical update is we need to make sure that you install them as soon as they become available. Microsoft suggests that all critical updates are installed within three days of being released. This is because once they release a patch the hackers and malware writers will be able to analyze that patch and determine how to exploit the holes that the patch is trying to fill. In other words, by putting out a fix Microsoft is making it easier for the bad guys to exploit the security flaw on any systems that haven't yet been patched. This is why the day after Patch Tuesday is commonly referred to as Exploit Wednesday. In order to ensure that your system is not vulnerable you have to make sure you check for and install critical updates on Tuesday. For Windows XP users this means going to the Start Menu, clicking on All Programs, and then selecting Windows Update at the top of the left hand column. For Vista and Windows 7 users you can simply click the Start Menu and type “windows update” in the instant search box. For all three operating systems make sure that you check for updates and then select all critical updates before clicking Install Updates. Windows Updates has a cache and it doesn't always look for the latest batch of updates before presenting you with your update options. Adobe also has two critical updates that they're releasing Tuesday, so if you have Adobe Reader or Adobe Acrobat installed make sure that you're checking for updates for those two programs as well.

Many systems are set up to automatically install critical updates every night. However, when this many large security flaws are being patched at once you know that the hackers and malware writers are going to take notice. In instances such as this it is good practice to manually check to ensure that your critical updates are in fact up-to-date. This batch of updates affects Microsoft Windows, Internet Explorer, Microsoft Office, Adobe Reader and Adobe Acrobat, so if you're missing your updates there are a lot of opportunities for criminals to take advantage. Hopefully we've given you the knowledge you need to protect yourselves against these attacks.

Friday, July 20, 2012

Is Your Sidebar Safe?

This week Microsoft revealed that security flaws have been found in the sidebar and gadgets found in Windows 7 and Windows Vista. Microsoft is saying that gadgets “can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.” They are recommending that all Windows 7 and Vista users disable their sidebars and all gadgets immediately.

What exactly is the threat? Apparently, a person with the right now-how can access your running gadgets and use them to run malicious code. This would allow them to download and install viruses, transmit your personal information or conduct attacks on other systems. All of these actions would be performed without your knowing.

This appears to be a very serious threat, and a fundamental flaw in the sidebar and gadget coding. Microsoft is not releasing a patch to make the programs more secure, they are simply telling you to turn them off altogether. Microsoft has also dropped gadgets from the upcoming Windows 8.

What do you need to do? I am attaching a link to the bottom of this post that will download a Microsoft Fix It program that will automatically disable your sidebar and gadgets. If you are running Windows 7 or Vista and still have not deactivated your gadgets and sidebar, I would strongly recommend that you download and run this program.

 Microsoft Fix-It to disable gadgets and sidebars:

Friday, July 13, 2012

Software Special: 100% Off

In today's economic climate it is more important than ever to squeeze every ounce of value out of every dime that we spend. For the average computer user, software is a significant portion of their computing expenses. Let's take a look at the software costs for a typical PC user:

Microsoft Windows 7: $100 - $250
Microsoft Office 2010: $100 - $300
Norton Antivirus Software: $40 - $80 per year
Adobe Photoshop: $100 - $1,000

So, after you have already paid for your hardware and Internet connection your software will cost you an additional $340 to $1,630. Considering that the cost of the hardware for a new system is usually between $400 and $1,500, depending on what it will be used for, you can see that software will account for about half of the total cost of a new system.

I'm using the most popular products in each category to come up with these figures. Now, I want to take a look at some alternatives that will cost you exactly nothing. However, we are not going to waste our time considering any and all free software. We are going to focus on programs that are considered by most people to be as good as, or better than, their paid counterparts.

The easiest, and most beneficial, program to switch out for a free version is your antivirus. Norton consistently scores very well on independent lab reviews for antivirus programs. However, it does not blow the competition out of the water. In fact, most reviews rate some of the free alternatives as good, or better, than any of the paid offerings out there. The three highest rated free antivirus programs are Avast, Avira, and AVG in that order. This is a great place to start seeing savings as your paid antivirus programs are subscription, meaning that you pay every year.

Next on the list in terms of ease of transition is your office suite. LibreOffice offers features and designs similar to Microsoft Office, but without the charge. LibreOffice is actively developed, and many reviewers are rating it more feature-rich than Microsoft Office for the casual user. LibreOffice provides programs for Text, Spreadsheet, Database, Presentation and Graphic documents. You don't have to worry about compatibility, as LibreOffice will both open from and save to Microsoft formats. This means that you can still share documents with people using Microsoft Office. If you are looking for replacements for Publisher and Outlook, Scribus and Thunderbird are their free counterparts. It should be noted however that Scribus is not able to use Publisher's formats, so you won't be able to migrate over existing projects.

For touching up your photos, GIMP would be the Photoshop replacement. As with the previous programs, GIMP is more than capable for the casual user. If you do graphic design or photography for a living Photoshop is a bit more robust, but for the rest of us GIMP is all we'll ever need. It also allows you to use your Photoshop brushes, though some filters won't transfer over.

The last free option I'm going to discuss is Linux. If there is one piece of software that you're going to pay for, I suggest paying for Windows. There is a substantial learning curve in moving to the Linux operating system. That being said, people that have made the leap find that though different, it is just as robust as Windows. If you are interested in migrating to Linux, I suggest that you speak with somebody that is experienced with it. Please feel free to contact me, as I have been using Linux almost exclusively for 6 years and am always interested in sharing the benefits that it has offered me with others.

The fact of the matter is that software is a multibillion dollar a year industry. The top technology companies these days are all software companies. This is despite the fact that there are perfectly good free alternatives to most of their products. The free alternatives that I have shared today are just that, they are alternatives. They will not look and behave exactly the same as their paid counterparts. However, they can perform just as well. I have been successfully moving people to free software for over 10 years now and rarely have I gotten a complaint. If you have any questions about any of the programs discussed today or the process of migrating to them please feel free to email me at I will be happy to help you determine if free software can be a fit for you.

Links to mentioned software:
List of various versions of Linux

Saturday, July 7, 2012

The DNSChanger Danger

On November 9, 2011 the FBI and Estonian authorities conspired to bring down a ring of computer hackers and as a result thousands of people will lose their Internet connections on Monday, July 9th. While on the surface this statement makes no sense at all, I assure you that it's true. A Trojan that was distributed by a company called Rove Digital from 2007 to 2011 is interfering with infected systems and affecting how they connect to the Internet. This is going to come to a head on Monday, July 9th with all infected systems effectively being cut off from Internet access. The FBI and various non-profit organizations have been doing all that they can to let people know if they've been infected, but they estimate that around 500,000 computers in the U.S. are still infected.

In 2007 an Estonian company called Rove Digital started distributing a Trojan called DNSChanger. This was accomplished by what is known as “drive-by downloading”. Victims would visit websites and get a message saying that a video codec was needed to view content on that site. Hidden within the video codec was a seperate program that would infect the victim's computer. This is called a Trojan after the fabled Trojan Horse because it operates in much the same way. You appear to be getting a free gift, not knowing that disaster hides inside. The Trojan installed itself into the system, then attempted to infect other systems on the same network.

Once DNSChanger was installed it did exactly what it sounds like it would do, it changed the system's DNS configurations. DNS, or Domain Name System, is the Internet equivalent to a phone book. Every website has an address, as you probably know. What you may not know is that a web address has no letters in it, it is just a string of numbers. The address for UCC's website for example is If you type this number into a browser you will reach UCC's website. This number is not exactly easy to remember however, so a system was devised that allowed for easily remembered web addresses. How this works is that there are servers all over the world that act as large directories. You type in an address that you can remember, such as This request is sent to a DNS server, which looks up and finds that it's address is and sends you there. It's no different than looking up UCC in a Yellow Pages and finding our phone number so that you know how to reach us by telephone.

Rove Digital set up their own DNS server and created DNSChanger to force victims to use only their servers. This allowed them to inject addresses of their choosing in place of the addresses that people were actually looking for. For example, somebody trying to look up the IRS website might instead be taken to a website of a tax preparation company. This tax preparation company would be one that had signed up for an advertising program in which it would pay to post it's advertisements on other websites. Every time an advertisement got clicked on, the hosting website would be paid a small fee. Rove Digital was taking advantage of these programs with it's servers by appearing to be a website that was referring people to advertisers. The tax preparation company would have no idea that people had been duped into visiting their site. Though the fee for a referral is very small, usually fractions of a penny, the numbers quickly add up. DNSChanger infected over 4 million computers and as a result Rove Digital profited at least 14 million dollars from advertisement referral fees.

After four years of profiting from this scam, the FBI finally caught up with Rove Digital. However, when they seized the rogue servers they realized that since the infected systems were programmed to only use Rove Digital's DNS services they had a problem. If they simply took the servers offline then all 4 million infected systems would immediately lose Internet connectivity. This included systems at over half of Fortune 500 companies as well as over half of U.S. Government agencies. Instead of crippling the world's ability to connect to the Internet, the FBI decided to bring in their own servers and put them up in place of the Rove Digital servers. Like Indiana Jones swiping an idol for a bag of sand, the switch happened so fast that nobody noticed the change. Now they had a new problem. The FBI is simply not set up to be a DNS host, and they have no desire to be. They set up a system of non-profit organizations that were designed to run the servers until people could have ample time to repair their systems. The FBI and these organizations have done all they could to make people aware of the situation, however at last count there were still more than 500,000 systems in the U.S. alone that were infected and the cut off date for these servers is Monday, July 9th.

This is your last warning. If you haven't yet checked your system to find out if you've been infected visit . This site has been set up to check systems to detect whether or not they are being redirected through the FBI servers by DNSChanger. If the picture comes up with a green background you're clean. If you get a red background you're infected. Removal is very tricky, and no tools are 100% guaranteed. The FBI is recommending that infected systems have their data backed up and the Operating System reinstalled.  Any systems that have not been disinfected by Monday, July 9th will find themselves unable to connect to the Internet.

Friday, June 29, 2012

Windows XP is Dying

Windows XP was originally launched on October 25th, 2001. Despite it's age it's believed that around 25% of desktop and laptop computers are still running Windows XP. Unfortunately, like all good things this must eventually end. As of April 8th, 2014 Microsoft will no longer provide automatic fixes, updates, or online technical assistance for Windows XP. “So bottom line, PC’s running Windows XP will be vulnerable to security threats.” revealed Microsoft’s Stephen L Rose. “Furthermore, many third party software providers are not planning to extend support for their applications running on Windows XP, which translates to even more complexity and security risks.”
One question that is often asked is “Why is Microsoft doing this?”. The simple answer is that Microsoft hasn't been selling XP since 2009. This means that every update that they put out gets paid for by Microsoft with no return on investment. They haven't made money off of XP in over three years. Added to that is the fact that Microsoft is on the verge of launching Windows 8. This means that by the end of the year they will be supporting four separate operating systems. Supporting each of these operating systems requires a huge investment in time and money. Eventually they have to pull the plug. Realistically, thirteen and a half years is an amazingly long time to support an operating system. To put this into perspective, Apple typically supports versions of Mac OS with security patches for three to four years.
What does this mean for you if you're currently running Windows XP on your computer? It means that once that April 8th, 2014 date passes your system will no longer be safe to connect to the Internet. In fact, just having an XP system on your network after that date will put your other devices at risk. This effectively kills XP as a viable operating system in most cases, and it will be time to upgrade.
What does an upgrade entail? Because of the age of Windows XP, most computers that are still running it will not be able to handle Windows 7. Usually a hardware upgrade will be needed to upgrade your operating system. This is not always the case however, and many machines that were made for XP can comfortably run Windows 7. My laptop at home was designed for XP, and it actually runs better with Windows 7 installed. You can check to see if your computer will run Windows 7 with Microsoft’s Windows 7 Upgrade Advisor. You can download the tool from: As always, if you have any doubts consult a professional. Even if you don't plan to transition to Windows 7 until XP is abandoned, checking to see if your hardware can handle the upgrade will enable you to plan for the cost of whatever new hardware you require.
Once you find that your hardware can handle the upgrade the next step is to backup your documents. Because the infrastructure of Windows 7 is fundamentally different than XP the installation of Windows 7 will wipe your hard drive. Make sure that you have a second copy of anything that you want to keep.
Another thing to be aware of is the fact that many programs that were written for Windows XP will not work with Windows 7. Many of these will have an updated version but some will not, and the ones that do may charge you to upgrade. Usually, a quick visit to the software supplier's website will tell you what to expect.
Upgrading your operating system can be a daunting task. Unfortunately, if you are still using Windows XP the time is quickly approaching when you simply won't have a choice if you want to keep your system secure. With the approach of Windows 8 Microsoft is changing the look and feel of the desktop, so Windows 7 may be your last chance if you want to keep the familiar Windows look. On the upside Windows 7 is scheduled to be supported until 2020, so you won't have to make this transition again any time soon.

Monday, June 25, 2012

Can I Have Your Bank Account Information?

When was the last time you handed your house keys to a total stranger? Have you ever displayed a sign in your window listing all of your banking information? Most of us are going to think that these questions are pretty silly, but you may be doing the digital equivalent right now. If you are running an open wireless network any information that travels over that network is free for the taking. You also run the risk of somebody gaining access to your network and forcing their way into the computers connected to that network. As unlikely as these risks may seem, the number of cases of these things occurring is growing rapidly. You could go shopping and leave the keys in the ignition of your car while you're in the store, and your car would probably still be parked where you left it when you come back out. The question becomes, why risk it?
Putting a password on your network does more than just prevent people from getting on the Internet using your bandwidth. It also encrypts all of the information that travels over that network. This means that nobody can access that information without knowing the code, and they don't have access to the code without knowing the password. Of course there are differing levels of encryption, which will protect your information to different degrees. In the early days of wireless WEP was the standard. Unfortunately, it proved easy to defeat. There was a scramble to find a better encryption standard, but a patch was needed to give people protection in the mean time. WPA was released to be that patch. Once the new standard was decided upon it was released as WPA2. Any equipment built from 2005 on should be able to handle all three standards. The question is, how much security is needed? Well, let's put this all in perspective. WEP would be the equivalent of a lock on a screen door, it will keep out people that are just looking to steal some bandwidth but anybody with malicious intentions won't even be slowed down. WPA would be like closing and locking out all of your doors and windows, it should be enough of a deterrent to stop most small time crooks. WPA2 would be like adding an alarm system, some closed circuit cameras and maybe a guard dog or two. Is it possible to defeat? Sure, but somebody would have to really know what they're doing and really want to get in. They're more likely to move along and look for easier prey.
All of this may seem like a lot of bother, and besides how likely is it that somebody is going to come along and try to steal your information? There are a couple of recent cases which indicate that not only is this possibility plausible, but the consequences can be pretty extreme.
There was a case in Buffalo, NY in which federal agents stormed a family's home with assault weapons drawn and seized all of their computer equipment. The husband in this case was accused of downloading and distributing child pornography. The agents had traced the files to the family's Internet Provider, who provided them with an address. It was later found out that there was actually a neighbor tapping into their unprotected wireless network in order to commit these crimes. This information wasn't found out for three days however. In the meantime, the family was being barraged with questions and accusations, not to mention the embarrassment of being arrested for child pornography. In another case in Sarasota, FL a man parked his boat in a marina and scanned for unencrypted wireless networks. He found one in a nearby building, logged on and proceeded to download over 10 million images of child pornography. The results were the same, with the owner of the network having his home stormed by the police. There is a case currently pending in New York in which a man running an unencrypted network is being sued for illegally downloading movies. He claims that somebody must have logged onto his open network and downloaded the movies. The problem is, nobody else has been caught. While he is not being charged criminally, the movie studios are pursuing a lawsuit against him. The common thread in all of these cases is that the criminals knew that what they were doing was illegal and they didn't want the police knocking on their doors, so they simply found an unsuspecting neighbor and used their network to perform their criminal acts.
Another problem that is created with open networks is the practice of packet sniffing. As we discussed earlier, password protecting your network encrypts all of the data that is sent over that network. The flip side of this is that if you don't password protect your network, your data is being sent unencrypted. Packet sniffing is the practice of watching a network and intercepting messages that are being sent and received. Google is in the middle of a scandal in which it was revealed that their Street View vehicles engaged in packet sniffing. Google has admitted to grabbing log-in names, passwords, even entire emails while driving past unencrypted networks. Unfortunately, you don't need an advanced vehicle set up to steal information off of wireless networks. A quick YouTube search will reveal videos explaining how to get all of the equipment needed to sniff wireless networks into a backpack that can be worn while walking down the street. There is also a group of people that engage in “Wardriving”, which is driving around looking for wireless networks to infiltrate. Wardrivers will log the GPS coordinates of these networks and post them online, even going so far as to spray paint markers in front of houses that are vulnerable. While this is perceived by these groups as innocent fun, a marked network would definitely be seen as an opportunity for somebody looking to steal data.
Are any of the attacks mentioned today likely to happen? Maybe not, but just like taking your keys out of the ignition when parking your car, prevention is easy enough that there's no real reason not to protect yourself. Encrypting your network can take as little as five minutes, and it's a one-time procedure. As always, if you aren't familiar with how to configure your router seek professional help. An incorrectly configured router will leave you unable to connect to the internet to look for possible fixes. Taking these steps won't guarantee that you won't be targeted, but like locking your front door they will make you that much less appealing to somebody looking for an easy victim.

Friday, June 15, 2012

How Secure Is Your Smartphone?

Just a couple of years ago the biggest software concern you had about your cellphone was whether or not it could play Snakes. Today, smartphones have become a popular target among hackers and malware producers. It is a high-reward business because most people are unaware that their cellphone is just as vulnerable to cyberattacks as their desktop computer. Think about all of the things that you do on your cellphone, and then imagine a worst case scenario if somebody had access to all of the information that these tasks contain. At the least this would usually contain emails, online accounts, and your cell phone provider's accounts. At the worst it may contain online banking information or medical information. Either way, this is more than enough for a would-be identity thief to take advantage of. Luckily, with a few simple precautions we can keep our cellphones, and our data, safe.
The most obvious threat to the security of our smartphones is simply for the device to fall into the wrong hands. As silly as this sounds, most cases of smartphone data theft begins with a lost or stolen phone. The first line of defense is common sense. Don't put your phone down in a public place, and don't leave it where it is easily grabbed. In short, treat your phone as you would your wallet. In case your phone does get snatched by a passing evildoer, the next step is to make sure that you have a secure screen lock. For Blackberry, iOS and Windows phones use a secure password. Something that's easily remembered, but not easily guessed. If it includes personal information such as your name, birthday or address it is not safe. For Android users, make sure that your unlock pattern is relatively complex and crosses over itself. If not, somebody can deduce your pattern from the repeated smudge marks on your screen.
As with every computer, a good password alone is not enough to protect you. If your phone does get lost or stolen there is a line of software that will help you recover it, or wipe the data if you are unable to do so. The first step is a piece of software that will lock your phone down. This software will turn off the phone's screen and disable it, preventing an attacker from being able to easily access your information through the phone's operating system. Most of these programs will also be able to lock down the phone's communication ports stopping people from simply plugging your phone into a computer and downloading the information that way.
The next piece of software will turn on the GPS on your phone and lock it on. This way, as long as your phone has a battery with some life in it your phone will continuously broadcast it's location. This can be a huge help in a situation where you have simply lost your phone. Activate this feature and your phone will pop up on a map making it a simple matter to locate it. In the case of a theft, you can provide the location to the police department, vastly increasing the odds of recovering your phone.
The last ditch effort in the case of a lost or stolen phone is software that will completely wipe the memory. This is useful when other means of recovery have failed, and you have given up on hopes of recovering your phone. This software will remove all traces of personal information.
In addition to the threat of losing physical control of your phone, there is the threat of malware. Smartphone malware is similar to the viruses and trojans found on your home computers. Recently, Google had to remove 50 apps from their app store that they found to be malicious. These apps had already been downloaded to thousands of phones apiece. Apple and Amazon have also experienced malicious apps infiltrating their app stores. People get a false sense of security downloading programs from these large companies. They assume that these corporations have already weeded out all of the bad apples, and only post the good. While this is certainly the goal, it is impossible to be 100% certain 100% of the time. Oftentimes, a software programmer's account will get hacked. The culprit will take down their legitimate app and replace it with a copy that contains malicious code. This is usually discovered within hours, but by then the app has already been distributed to enough people to make the attack worthwhile. Another attack that has become popular is one in which a developer submits a legitimate program in order to get it approved for the app store. Once the app has been approved and downloaded by a sufficient number of people, the developer releases an update which contains malicious code. These attacks are much harder to control, as the updates will go out immediately to every person that has downloaded the app. For these attacks you need a good anti-malware program running on your phone.
Most of the major players in the PC malware game have mobile security suites as well. Familiar names such as AVG, Avast, Avira, Kaspersky, Norton, and McAfee all have mobile suites. Most of these suites include all of the protections that were mentioned earlier. However, the interface can vary greatly from provider to provider. Some will allow you to engage and interact with the anti-theft features via text messages to your phone, while others will use an internet browser. Some suites will be free and others will have to be paid for. You will still have to do your homework to determine which security suite will best fulfill your needs. Hopefully I've armed you today with the information you'll need to make an informed decision.  As always, if you are still unsure whether or not you're phone is safe consult a professional for their opinion.

Friday, June 8, 2012

Are You Scared Yet?

We have recently seen an increase in scareware incidents. Scareware is a tool that is being used to trick people into giving away money, control of their computers or personal information. This particular method exploits people's fear that there may be something wrong with their system. The culprit offers to help, thus duping the victim into allowing access to their system. Because these attacks are initiated by user input, they are very difficult for anti-virus programs to detect. Anti-virus programs are looking for other programs that are behaving suspiciously. In these attacks, it usually isn't a program that is performing the suspicious actions, but a user, so they fall outside of the scope of a traditional anti-virus.
The most common action scareware takes is to simulate real problems on your computer and then offer to fix them. The culprits will write a program that will change settings on your computer to cause problems and then pop up an advertisement offering a solution to these new problems. This advertisement will often be disguised as a Windows alert to try to trick people into thinking that this is a solution that is being offered by Microsoft, which makes it appear more authentic. This “fix” is usually something that you have to pay for, but sometimes is offered for free. Once they convince you to download their “fix” they have complete control of your system.
There are several different options for them to take at this point. Sometimes the “fix” will simply restore your settings and you'll think that it must have worked because everything is back to normal. This is usually done after you've paid for the “fix”, and is a method that allows the culprit to get positive online reviews from victims that have been tricked. This way future victims are more likely to fall prey, as a quick Google search will return results that would indicate that this program is legitimate.
Another option is for the “fix” to schedule periodic problems. Each time a problem comes up, you'll be asked to pay for another solution. This way people are duped into giving away money multiple times for a single infection.
The most common occurrence though, is for the “fix” to simply embed itself into your system and systematically send all of your data back to the culprits who created the program. Anything that you have on your computer or enter into your computer can be compromised. This includes not only your documents, but any online accounts, including banking and email accounts. They can also use your computer as a stage to launch attacks against other systems. This way, when the attacks get detected they're traced back to you instead of the perpetrators.
Another attack that we've been seeing lately involves a phone call. Somebody will call the victim and inform them that either there is a problem with their computer, or that there is an upgrade that they must do. They will convince the victim to punch some commands into the system, which will open a communication port. They are then able to load in whatever programs they want, and perform the same attacks mentioned above as if the victim had installed the program themselves.
Sometimes the culprits use a blended attack. In one incident we recently saw involved a pop up advertisement asking the victim to purchase software, and once purchased the victim was directed to call a number to register the software. When the number was called the victim was told to punch a code into the computer, which allowed the culprits to remotely access the computer.
The key to protecting yourself from these attacks is to do your research. If a warning pops up telling you that there's a problem with your computer, hop online and research the problem. Then, make sure that the download is coming from a trusted source, such as Malware will sometimes try to confuse you by using a Microsoft subdomain, which would look like This is actually connecting to, and not Microsoft. As always, if you still have doubts seek out a professional opinion.
There are people out there that are going to try to trick you into giving away your information. Don't allow access to your computer to anybody you don't know. That would be like handing your house or car keys to a stranger. You never know what they're going to do.

Thursday, May 24, 2012

Have You Started Your Spring Cleaning?

The birds are chirping, the plants are budding, and the sun is shining. It's spring cleaning time. Everybody is familiar with the yearly tradition of opening the windows to air out the house and finally getting started on that garage. What many people don't realize is that this is also an excellent time to perform maintenance on your computers as well. People tend to be inside, on their computers, more during the cold winter months. There is also more dust blowing around due to the decreased humidity in the winter. This is the time of year your system is most in need of a cleaning, both to Windows and the physical computer itself.
The first step to a good spring cleaning is to remove unnecessary temporary files. As you perform daily tasks, your system accumulates temp files. These can range from automatic backups of documents you're working on to saved images from websites you've visited. Many people don't realize that even though these files are called temporary files, Windows will store them indefinitely unless you clean them out. Some of these files serve a purpose, for example a website that you visit often will load faster because all of the pictures have already been downloaded and stored in temp files for easy access. On the other hand, many activities automatically check the temp files before taking any other action. This means that if you allow your temp files to accumulate it will take longer for your machine to boot up, print and load some programs. There are utilities that will do intelligent scans to determine which temp files are likely to be reused and which are safe to delete.
The next step is to remove unnecessary startup programs. Every program that you have running takes up system resources, causing the entire system to slow down. These days, many vendors will automatically set their programs to start running in the background during your system's boot sequence. Some of these programs you want to have running all the time, such as an anti-virus that provides real-time protection. However, there are many programs that probably aren't used every time you use your computer. Larger programs will load “helpers”, which are smaller programs that constantly run and help larger programs open more quickly when you choose to use them. Some examples of this are GPS and camera companies that run programs that allow you to access your devices quickly when you plug them in to a USB port. If you're on your computer daily, but only plug your camera in once a month you are probably better off waiting a couple of extra seconds to access your pictures rather than having your system's performance be sluggish every time you log on. You have to be very careful when removing programs from the automatic startup list, as removing the wrong programs can cause your system to become unstable or even prevent Windows from booting up properly. We recommend that you research each program if you're unsure of what it does. It's always safer to leave a program on the list until you can consult with an expert if you're unable to determine whether or not it's safe to remove.
The next thing to do is to check for updates to both your anti-malware programs and Windows. Any reputable malware/virus protection program will publish regular updates to their virus definitions. These are to protect you from newly discovered threats. Most programs that perform real-time protection will update at least once a day, sometimes multiple times a day. If you aren't up to date you aren't protected, it's that simple. Additionally, software providers are constantly looking for ways that their programs might be compromised in order to allow hackers to gain access to your system. When they find holes in their security they will release updates to patch these holes. Adobe, Java and Windows are the most commonly patched programs. If these updates are not performed you are running the risk of leaving yourself vulnerable. Most programs will offer a feature to either check for available updates or allow you to see when the last update was applied. While these updates should be happening automatically, it is good practice to periodically check to ensure that you are protected.
The final digital maintenance to perform is to defragment your hard drives. Let's imagine your hard drive as a library. Instead of using the Dewey Decimal System to organize books, this library simply fills the shelves from front to back. As books are checked out, they leave gaps in the shelves which are filled by other books that are being returned. If a gap isn't wide enough to hold a particularly large book, the librarian simply moves on to the next gap that is large enough, that way she doesn't have to constantly be shifting the books back and forth in order to make everything fit. This is essentially how hard drives are utilized by Windows. The problem comes in when you get volumes that take up multiple books. Let's imagine that our library contains a copy of Encyclopedia Britannica. When the encyclopedia is first acquired it is placed in alphabetical order on the shelf. Let's imagine that somebody takes the M book off of the shelf and checks it out. Later that day, a librarian sees that large gap and fills it with another book. When the M gets returned it no longer has a home and is placed on a different shelf. This process is repeated hundreds and thousands of times until the books are randomly scattered throughout the library. This is called fragmentation. Now let's imagine that you are researching a topic and take the time to scour the library and find that M volume. You sit down and look up your topic, only to find that the volume in front of you refers you to another book in the encyclopedia. Your search starts all over again. It would not take you long to decide that this is not a very efficient way to perform your research. Likewise, when your computer is searching for data a fragmented hard drive can slow the process considerably. This will cause programs to load more slowly and Windows to take longer to boot. When you defragment your hard drive you are essentially reorganizing the books in that library, putting all of the books in the encyclopedia together again so that they are easily and quickly found.
Once you've finished with your system maintenance, it's time to shut down the computer and open the case. The first thing that we want to do is to clean out any dust that's accumulated. Dust can cause two problems for your computer. It can lay across electrical circuits and cause shorts, which can damage or destroy your hardware. It also naturally gathers in areas of high airflow. Your system needs airflow in order to keep itself cool. Dust will clog filters and block fans to the point where your system has to work harder to keep itself cool, or run hotter than it's designed to. Either of these scenarios will significantly shorten the life of your system. Once the system is cleaned out check your hardware for loose connections and make sure that everything appears to be functioning properly.
Preventative maintenance is often overlooked when people are considering the performance of their computers. Many times people are looking to purchase a new system without realizing that with proper maintenance their current system can perform all of the tasks that they require. Hopefully, we've given you some tools to ensure that you can keep your systems running efficiently for years to come.

Friday, May 18, 2012

Do You Want To Allow Changes?

If you've used Windows for any length of time, you're familiar with the pop-up box that asks: Do you want to allow this program to make changes to your computer? One of the most commonly asked questions is: How do I know when to click Yes and when to click No? The first step to determining the answer to this question is to understand why this box is popping up in the first place.
The simplest answer as to why that box keeps popping up is that is attempting to stop your computer from installing malware without you knowing. Traditionally, viruses and other malware would piggyback on a file that you wanted to download in order to get into your computer. Once downloaded, the malware would begin running processes in the background to embed itself deep within your system. Microsoft has attempted to stop this by building a protection into Windows called User Account Control (UAC). UAC is designed to force any program that is trying to change how your system runs to ask your permission before it's allowed access. This limits the amount of damage that a virus can do without alerting you that it's there. The trick is to know when that box pops up if it's something that you made happen, or if a background program made it pop up. Once we determine that it's a background program, we can figure out if it's something that is malicious, or if there's a legitimate reason for that program to change your system.
First, let's rule out the possibility that you triggered the UAC box to pop up with something that you're doing. Here's a list of actions that will cause that box to pop up:

  • Running an Application as an Administrator
  • Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
  • Installing and uninstalling applications
  • Installing device drivers
  • Installing ActiveX controls
  • Changing settings for Windows Firewall
  • Changing UAC settings
  • Configuring Windows Update
  • Adding or removing user accounts
  • Changing a user’s account type
  • Configuring Parental Controls
  • Running Task Scheduler
  • Restoring backed-up system files
  • Viewing or changing another user’s folders and files
  • Running Disk Defragmenter

Running any utilities such as Ccleaner or Defraggler will trigger the box because these programs are designed to perform one or more of these actions. Were you running any utilities immediately before seeing that box pop up? If so, there's a good chance that you triggered the UAC. In this case, the system is just checking to make sure that you're aware of what you're doing.
If you didn't try to perform any of the listed actions and weren't opening a utility program, then we know that a background process caused the box to pop up. Now we have to determine if that process is malicious. The easiest check to do is to check the program name and publisher listed in the pop-up box. Is it something that you recognize and know is safe such as Adobe, Java or Firefox? Is your antivirus trying to update itself to keep you safe from new threats? If it's a name that you know and trust, it's probably OK to go ahead and allow the action. If you don't recognize the name and publisher, or if the publisher is listed as Unknown then we may have an issue. If you've recently downloaded or installed a program that you wouldn't expect to change your Windows settings and it pops up a box, this is an indication that it may be malicious. This is an instance where you probably want to deny access.
Once you've decided that the program listed in the box is suspicious, the easiest action is to run a simple Google search. In most cases, you aren't the first person to encounter this issue. Other people have taken to the Internet to find out what this program is and why it's trying to access your computer. If it's something malicious, you'll see immediately see red flags in your Google search such as pages titled Virus, Spyware or Adware. One of the most common malware programs that we encounter is a toolbar called CouponBar. When I type CouponBar into Google, in the first page of results I see: Virus Warning!, an adware program..., (adware. couponbar), How do i remove the coupon bar adware from my computer?, and pages on and In all, 6 out of the first 10 pages listed refer to some form of malware, either in the title, the description, or the page's address. The other 4 are offers to download CouponBar. This tells me that even if I installed CouponBar on purpose I probably shouldn't grant it access to my system. Other searches, such as a search for msiexec.exe will not be so obvious. Some sites indicate that it may be malware, while other sites indicate that it may be part of the Windows operating system. In cases like this, it's safest to deny the program access and consult somebody that's more familiar with computers. Let them know what you were doing when the box popped up, what exactly the box said, and what programs were running. This way they'll have the tools to diagnose your system and tell whether your system was performing scheduled maintenance, or if you have malware masquerading as a benign system process.
As always, the safest bet is to have an up-to-date version of an anti-malware program running at all times. That way most threats should be neutralized before that pop-up window ever appears. UAC is a system that was developed by Microsoft to make it harder to invade your system, but it's not a catch all. Malware developers have come up with ways to circumvent this feature. The easiest way for them to do that is to trick you into clicking Yes on that pop-up box. Hopefully, we've given you some tools that will allow you to know when it's safe to say Yes, and when you need to dig a little deeper.

Friday, May 11, 2012

The Dangers Of Downloading Free Software

We have all been bombarded with advertisements that offer free products in exchange for an additional purchase. We immediately become skeptical when we hear “Sign up today and get a free umbrella.”, but we don't carry this skepticism over to the digital world. When we are offered a free screen saver or weather updater we jump at the offer without ever considering the motivations that are driving this free offer. There are instances where somebody writes a piece of software because they genuinely want to help other people. The sad news is that most people aren't giving these programs away out of the goodness of their hearts. There is an ulterior motive. Hidden deep within the code of that screen saver or weather updater there's usually a secondary program that you never see. It runs in the background, and it can do anything from slowing your computer down, crashing your computer altogether, stealing your information, or using you as a relay to send spam.
We have all heard stories about people opening dubious emails and getting a virus. This is the most well documented way to get an infection, simply because it is the easiest to identify. The fact of the matter is that viruses are getting less common as time goes on. There simply isn't enough money in viruses to make it worth somebody's time to create them. People that have the skills to create viruses are capable of higher returns on their time through other forms of malware.
Adware is now a much more common form of what we would consider malware. Adware is a program that displays advertisements on your screen, which the developer of the program collects profits from. Adware takes several forms. The most obvious is a program that periodically pops up a window with an ad banner. Another way that adware may work is to hijack your web browser. They are capable of replacing the advertisements that are displayed on legitimate web sites with their own ads. There is a group of adware that will even redirect your web browser to the sites of their advertisers. You can visit Google to perform a web search, and instead of displaying the results that Google publishes you would see a list of sites paid for by advertisers. Each link that you click on, the creator of the adware gets paid.
Another way to profit from malware is a scheme known as scareware. Scareware preys on people's fears of infections. A common scareware tactic is to pop up a window that looks like a system message telling you that there is a problem with your computer and directing you to a legitimate looking site, where they try to sell you a program to “fix” the problem. This program will usually just load more infections onto your system. The most common ploys that scareware uses are messages stating that your computer is not running at maximum speed, your hard drive is failing, or that you have a virus infection. The program will mimic the behavior of these problems by hiding files, hogging system resources to slow performance, or crashing your computer. These infections can be hard to combat, as the malware will often times hijack your system in an attempt to make you feel that you have no choice but to buy and install their software. In this case it's best to seek professional assistance, as there are tools specifically designed to overcome these tactics. Never, under any circumstances, download and install a package that is suggested if you observe any of this behavior, as doing so would open your system to much more serious infections.
The last form of malware we're going to discuss is spyware. Spyware, as the name implies, is used to steal your information. A common tactic is keylogging. Keylogging records every keystroke that is entered into your system and then sends that information back to the developer of the program. This can allow them access to all of your passwords, online account information, banking information, or anything else that has been entered into your system.
All of this can cause the internet to be a scary place. How can you tell what's safe to download and what's not? An easy way to determine this is through a little research. A simple Google search will often times pull up results of people having problems after downloading a program, if it is in fact malicious. Another way to keep yourself safe is to only download programs from sources that you know to be safe. Downloading a driver from HP is probably safe, whereas downloading the same driver from a file sharing site may not be. It is relatively simple to download a program, alter it to include malware, and upload it back to a file sharing site. This way people can add vicious programs to seemingly safe files.
The most important step you can take to protect yourself is to make sure that your system and software is updated with the most recent security patches. Legitimate software vendors are constantly searching their programs for security holes that malware can exploit. They then send out “patches” to fill those holes. This is only effective if you download and install these patches.
There is a lot of good, free programming online for download. However, as with everything else, there is a lot of bad out there too. Hopefully with this guide we've armed you with some tools to protect yourself. Make sure that you have an up-to-date anti-malware program running, and follow the tips described above and you shouldn't have any problems. By knowing what to look for we make the job of attacking us much more daunting.