Saturday, September 22, 2012

Internet Explorer Drama

A security hole was found in Internet Explorer early this week that allows cybercriminals to download and run programs onto your computer. How it works is that the program is uploaded to a web server and when a victim browses to a page on that server the server exploits the security breach in Internet Explorer to download the malware with no interaction from the user. A security analyst stumbled upon it while browsing the Internet. The hole is what's known as a zero-day exploit. What this means is that the security breach was found “in the wild” before anybody knew it even existed. So far, there have been three verified cases of web servers exploiting this security hole.

Microsoft has deemed this as a critical security flaw and hustled to create a patch to make their browser safe against such attacks in the future. The patch was released on Friday, September 21st. If you have Windows set to automatically install important updates your system will have installed this update for you. If not, go to To manually download the security patch. You will have to find the version of Internet Explorer you are using and then finding your version of Windows. The blue colored text that reads Internet Explorer X is a link to the appropriate download page for your patch. When you get to that page there will be an orange Download button. Click that button and your browser will download the patch. You can find what version of Windows you're running by clicking the Start Menu and right clicking on Computer or My Computer and selecting Properties from the drop-down menu. You can find your Internet Explorer version by opening Internet Explorer and clicking on Tools and then About Internet Explorer.

While Microsoft was quick to react to this threat it brings up a deeper issue with Internet Explorer. 10 years ago, Internet Explorer was synonymous with the Internet. In 2004 IE had an estimated 91% of the market share. It was simply the best browser you could find, and coming preloaded with Windows there wasn't a reason to look for alternatives. That is no longer the case. In the last 8 years IE's market share has plummeted to an estimated 23%. There is good reason for this fall. Other browsers have caught up to and surpassed IE in nearly every relevant metric. Compared to the competition, IE is slower, takes up more system resources, is less secure and strays farthest from web standards meaning it causes errors on more web pages. For these reasons IE has lost nearly 70% of the market share despite being preinstalled on 90% of desktop computers. While Microsoft did a good job of patching this security hole once it was found, the fact remains that it was a hole that simply didn't exist on any other browser. In light of this last security snafu, many security agencies and governments have urged people to switch away from IE.

By this point in the article you can probably tell that I would be one of those people urging you to drop IE in favor of one of it's competitors. What competitor would I recommend? That depends largely on personal tastes. I will give a brief rundown of the three most popular and well regarded alternatives and leave it to you to decide which is right for you.

Google Chrome – Chrome has become the new market leader in the web browser arena. There are two main reasons for this. Google's goals when it set out to create a browser were to make it faster and lighter than anything on the market and to make it quick and easy to keep up to date. It has succeeded in both areas. Chrome is lightening fast and takes up a small fraction of system resources compared to any of the others on this list. This leaves your computer free to perform other tasks while you have the browser open in the background. However, the upgrading is where Chrome has really separated itself from the competition. Chrome's default setting is to check for, and install, upgrades automatically in the background whenever you launch the browser. This means that if you use Chrome you never have to worry about upgrades or security patches as the browser will take care of this without you even knowing. If this security hole was found in Chrome instead of IE the patch could have been put out the same day and the next time you launched your browser it would have been installed.

Mozilla Firefox – Anybody that was using the Internet in the late 90s remembers the old Netscape browser that gave IE a run for it's money. Unfortunately, Netscape was a relatively small company and simply couldn't compete with Microsoft in the web browser arena. In the end they had to close the doors and stop producing their program. Instead of letting Netscape die, they gave the code to the open-source community known as Mozilla who had been struggling to get their own browser off the ground. Armed with the code from Netscape, Mozilla created Firefox. Since that time, Firefox has been the go-to alternative for people looking to ditch IE. Much of the market share that has been lost by IE over the last 8 years has been lost to Firefox, who now owns an estimated 19% of the market itself.

Opera – The last browser I'm going to mention is Opera. Opera is produced by a privately owned company in Norway. Opera is credited with being on the cutting edge of browser technology despite holding just 5% of the market share. Opera was the first browser to offer features such as tabbed browsing, mouse gestures, caching to RAM, webpage zooming, saving sessions so that you can start from where you left off when reopening the browser, integrated search, pop-up blocking, speed dial, and many others. As you can see, the browser you currently use wouldn't be what it is without copying features from Opera. The feature that I like most, which is now also included in Chrome, is the ability to log into the browser. This will save all of your settings to an Opera server. When you log in from multiple locations Opera will sync the settings so that your favorites and history will be the same where ever you log in from.

There are many other options to choose from, and the differences could be daunting. My suggestion would be to install a couple and decide for yourself what you prefer. If you decide to stick with Internet Explorer though, make sure to follow the link above to the security patch and download it. Even if you have automatic updates activated, you can never be too safe with your online security.

Monday, September 17, 2012

Social Engineering

It seems like once a week we get somebody walking into our store and telling us about a phone call that they received telling them that there's a problem with their computer and offering help to fix it. These calls are supposedly from antivirus companies, Microsoft or even the FBI. These calls are actually coming from criminals using a method known as social engineering to gain access to your computers. I call them criminals because what they're doing is known as pretexting and as of 2007 it is a federal felony.

Social Engineering operates on a very simple premise. That premise is that it's much easier to trick someone into giving a password for a system than to spend the effort to crack into the system. Likewise, it's much easier to trick somebody into typing commands into their computer than it is to write a trojan or virus to run the commands. This is what we're hearing about from our customers. The scam involves somebody calling your house and claiming that they're from Microsoft and that they have reports that there's a problem with your computer or your copy of Windows. In order to avoid problems for you they'd like to verify your software. They direct you to open a command prompt and type in a series of commands. After you do so, they kindly tell you that everything appears fine and apologize for the inconvenience. This seems harmless enough, but what you've actually done is open a backdoor for the person on the other end of the phone to run code remotely on your computer. Your antivirus programs won't be triggered because you've physically typed the commands in yourself. Your computer is going to assume that you knew what you were doing.

A variation of this that we're seeing a lot of lately is a version of scareware that pops up a screen when you log onto the Internet that appears to be from the FBI. The screen will tell you that you've been logged as having downloaded illegal porn or pirated movies and/or music. It will advise you that your Internet services have been discontinued until you pay the fine for the illegal downloads. It will then prompt you to make a payment via credit card for several hundred dollars. If you fail to make the payment within a matter of hours a warrant will be issued for your arrest. This scam relies on the fact that a large percentage of people engage in behaviors that would bring them close to downloading illegal materials. Many aren't sure if they've done anything illegal when faced with an ultimatum like this. Due to the embarrassing nature of the supposed crimes, people are more likely to pay the money to make the problem go away. The problem is that these screens aren't put up by the FBI and the minute you enter your credit card or bank account information your accounts will be drained and your credit cards will be maxed out.

Both of these scams are becoming very common place. With malware protection becoming more complex and effective it is becoming harder and harder for criminals to gain access to your computers through technological means. This has caused them to revert to the simple act of preying on the trust of their victims. As of this time I am not aware of any company or agency that is going to contact you via phone or web browser to let you know that there is a problem with your computer. The FBI is not going to flash a screen on your computer to accuse you of crimes. They will knock on your door with a warrant. If you are contacted by somebody looking for information about your computer or asking you to run any commands on your computer, do your research. Ask them if you can call them back, then look up the number that they give you and see who it's registered to. If you have any lingering doubts, please call us at 262.767.3300. We will be happy to look into the situation for you.

Friday, September 7, 2012

More For Your Money

Everybody knows that technology becomes outdated and even obsolete at an alarming rate. The newest laptop or gadget can set you back a pretty penny, but in the blink of an eye you're told that it's not capable of performing the tasks that you require. Today I want to look at how to stretch your dollars in regards to your technology budget.

The best way to get the most bang for your buck is to make purchases near large release dates. There are two approaches to take, and which you go for depends on whether you need the latest and greatest or are looking for an upgrade without breaking the bank. You can take the early adapter route and buy new technology the moment that it becomes available. This way, you maximize on the time you have to work with your new device before it becomes yesterday's news. The flip-side to that coin is the option to purchase last year's model at extremely discounted prices. Using this method you get a device that is still very capable, though not cutting edge, at a price that allows you to upgrade more often.

Technology companies tend to clump their release dates together so that competing companies have competing devices coming out almost simultaneously. This is due to the companies trying to one up each other. When one company announces a news release for a new product there is a race for all the other companies to get their product to market faster. We are in the middle of one of these races right now. On September 5th, Microsoft & Nokia held a press conference to announce the new Nokia Cell Phones that will be running the Windows Phone 8 operating system. The same day, Motorola and Google announce a new line of cell phones running a new iteration of the Android operating system. On September 6th Amazon held a press conference announcing a new line of Kindle ereaders and tablets. Apple has a press conference scheduled for September 12th where they are expected to announce the new iPhones and iPods as well as updating their line of desktop and laptop computers. This is all coming to a head right before Microsoft releases the Windows 8 operating system for tablets and computers on October 26th.

What do all of these announcements mean to you? For starters it means that if you're interested in purchasing a new computer or gadget immediately you can get a great deal on what is considered the best on the market today. In anticipation of their new products Apple has already marked down their current products, discounting their current line of laptops up to $200 off of their price from just a month ago. Amazon has marked down their current Kindle line, although they have unfortunately already sold out of their current generation Kindle Fires. On the smart phone front, waiting until the Apple announcement to make a purchase should allow you to save significantly as carriers look to unload their current stock before the newest phones hit the shelves.

The release of the Windows 8 operating system should provide many deals on the home computer front. Windows 8 will take advantage of a new way to boot a computer. In the past BIOS was the preferred method of getting a computer to turn on and load an operating system. Windows 8 will be incompatible with BIOS and will instead rely on UEFI. What this means to consumers is that the vast majority of computers in use today will not be upgradeable to Windows 8. As the release date approaches we should see a similar markdown in computer prices as retailers look to clear out stock on items that aren't compatible with the newest operating system. If you don't mind using Windows 7 for the foreseeable future you can leverage this into huge savings. Keep in mind that as of this writing Windows 7 is the latest and greatest that is available. If you absolutely need a computer that will run Windows 8 purchasing one in November should allow you to select a computer whose hardware will give out before it's software becomes obsolete. Either way, the ideal time to buy is quickly approaching.

Technology is always going to be a money loser in the long run. The computer that costs you $1000 today will be a paperweight in a matter of years. There is no avoiding this. However, with a little bit of timing you can insure that your investment will last longer and have a higher return than the average. Hopefully I've given you some tools today to help make sure that that happens.