Archive for the ‘Home Computer’ Category

I don’t often have good things to say about Microsoft but they just announced a new change to their help site that might actually work.

When something’s wrong with your computer, sooner or later, you’ll try to google the problem. If it’s a technical problem, there’s a reasonable chance that Microsoft has a write-up of both the problem and the steps you need to take to fix it. If you’ve ever tried to follow one of those writeups though, you know that the detailed steps are very technical and the explanations often assume that the reader has a high degree of prior expertise.

Someone at Microsoft realized that the repair steps are pretty mechanical and wrote a script to execute it for you. They call it the just ‘Fix It’ button. (The icon shows a little guy in blue overalls holding a wrench.) The fixes work for simple problems like restoring a missing Internet Explorer icon to the desktop or enabling numlock during logon. For more examples, check out the Microsoft FixIt page.

The downside of all this, of course, is that you’re giving someone else permission to run applications on your computer. As a general principle, that’s a bad idea. It’s especially bad given the number of microsoft-spoof sites out there – hacker sites designed to look and feel just like the real thing. There are no known cases of spoofs of the FixIt button yet but it’s only a matter of time.

Before you click a ‘FixIt’ button, take a couple steps.

  • Be very sure that you are on a legitimate site. If necessary, close your browser and type in support.microsoft.com yourself.
  • Be sure that the problem you are about to ‘fix’ is really the problem you have. Take the time to troubleshoot thoroughly and to read the description carefully before you start.
  • Keep your antivirus and antispyware software turned on and completely up-to-date. If someone tells you that as part of the fix you need to turn off your antivirus… Well, there actually are a few rare conflicts where you do have to disable some of your security functions in order to perform some maintenance steps on the computer but 99.99999% of the time, it will be a scam.
  • And finally, back up all your important data before you ‘FixIt’. Microsoft created the problem in the first place. Are you sure you trust them to fix it? I might but not without a backup.

We’ve talked time and again about the need to keep your applications fully patched. Patches fix the holes and vulnerabilities that are specific to the programs that run on your computer.

If you already have an IT department that takes care of tracking your versions and pushing out patches to your computer, you can skip the rest of this tip. For the rest of us who have to be our own IT departments, read on.

Patching your operating system (i.e. Windows) is fairly straightforward if you use the Microsoft update features. If you don’t have Automatic Update turned on, do it immediately. You can set the updates through Control Panel/Automatic Updates. For most users, you should probably let the updates automatically install.

Patching everything else on your computer is more difficult. The average home user has 60 applications on the computer, each with its own holes and unique instructions for getting the patches. Keeping track of the applications and the needed patches is very difficult.

A friend recently forwarded me a link to an application from a Danish security company called Secunia PSI. This program (free for home users) inventories all the other programs on your computer and records the version numbers, then compares them with its own database of the most recent versions available for each program type. It gives you a report of the programs that are out-of-date and need patching or updating. For some programs, Secunia will give you a one-click icon to automatically update the software. For others, it doesn’t have a one-click option but they do their best to provide instructions and links to the application’s website.

I’ve been playing with the program for a few weeks now. When I started, I thought that I’d been doing a reasonable job keeping my computer up to date. Secunia found over a dozen applications that were out of date and quite a few that I’d thought were deleted from the computer but that were still hanging around. (Those were mostly the demo versions that came with the computer. I never used them – but the vulnerabilities and unpatched software was still there.) While none of the holes I had were life-threatening, a few were somewhat serious.

Secunia has a “simple” and an “advanced” mode. The simple mode only reported about six of the holes but they were the six that were easiest to fix. One click each took care of them. The advanced mode had a lot more information about more applications that needed fixing. It took a couple of very late nights to work all those off. But even if you only remediate the ones that show up in simple mode, you’ll be better off that you were before.

Despite the effort it’s taken to get my computer cleaned up, I’m glad that I have this new application. If you don’t use something like Secunia to keep track of your programs, make very sure you’re updating all your programs manually. Keeping your applications patched is important.

This Tip was first run in Dec 2006 when forecasters were predicting the biggest online holiday shopping season ever. Amazingly, that forecast is still true – the volume of online shopping continues to rise (though perhaps not quite as dramatically as in previous years). This “encore tip” is a reminder to shop safely during the holiday season.

Last year was the busiest online shopping year in history – and this year looks like it will be even busier. Shopping online is a convenience that we are quickly learning to take for granted. At the same time, identity theft is a steadily more serious threat. There are some risks you should consider, especially when making purchases over the Internet.

  • When shopping online, type the merchant’s URL in by hand instead of following any “convenient” link in an email or instant message. Those links can be spoofed in a phishing attack which looks like legitimate advertising.
  • Look for the prefix https in the address line. This indicates that you are on an encrypted connection to the merchant’s website. You can also look for the little yellow padlock icon in the bottom right of the browser. Be careful, however. Sophisticated hackers can spoof these signs.
  • Read the site’s privacy policy carefully and use common sense about the offer. If it sounds too good to be true, it probably is. If you don’t trust the company to protect your personal information, shop somewhere else.
  • Make sure your own protections (anti-virus, firewall, patches) are up-to-date and running.
  • Use a credit card, not a debit card. If your credit card is stolen or the number misused, federal law limits your liability to $50 (as long as you comply with the notification requirements). If a debit card number is compromised, you could lose the entire amount in the account to which the debit card is linked.
  • Check your statement carefully for charges you don’t recognize. Report any anomalies to your bank and report a lost or stolen card immediately.
  • Consider keeping a separate credit card with a low credit limit just for internet purchases.

Remember that these rules apply when you are paying by telephone, too. You should always call the merchant (or utility, charity, etc). Never give someone your financial information if they called you. No matter who they say they are, you don’t really know who’s on the other end of that line.

Shopping online can be as safe as shopping in a physical store or through a catalog as long as you shop responsibly.

As the holidays get closer, many of us will turn to online shopping. Done right, online shopping is about as safe as catalog shopping – and much more convenient. If you don’t take basic precautions, though, you could lose your shirt. Take the time to learn about the kinds of scams and cons that are used online.

The Federal Trade Commission hosts a terrific site with lots of content on identifying and deflecting these kinds of scams. If you haven’t already been out to visit www.onguardonline.gov, I strongly recommend the site. It has some excellent overview material on security at the personal and small business level. The site also has a set of games covering a variety of topics like spyware, online auctioneering, peer-to-peer, phishing and spam. Test your knowledge of internet security and safe shopping. It’s well worth the time to visit the site.

The site’s material comes from a number of public and private sources but is all released for public use. If you run your own personal website, you can post their games, videos and handouts to your own site and help spread the word. (Instructions are here.)

Addendum:
This tip has inspired me to create a more permanent set of links to some of the better games and awareness quizzes that I’ve run across. I’ll try to get them posted in a permanent sidebar on the blog but in the meantime, here are a few good links.

All the kids are doing it. And depending on which news reports you read, it’s either the inevitable wave of the future or another sign of the collapse of our society – or both. But what is filesharing really?

Filesharing is the term for software designed to make it easier for you to share stuff through your computer with other people. (I use the technical term “stuff” here because you can share literally any electronic file through these tools but the most common shared files are documents, music files and videos – and viruses. More on that in a minute.) The most common form of filesharing is “peer-to-peer” (P2P) sharing, a way to share files directly from your computer to someone else’s computer without needing to store it on a server somewhere. If I want to download a file that you’ve offered up for sharing, I reach through the internet and grab it directly off your computer.

This kind of filesharing requires special software such as Limewire, BitTorrent or Kazaa. These applications create an index of the files that you’ve offered for sharing and publish the index to the Internet so others can find your files. They also let you access the index and download the files you want. Filesharing is an easy way to publish documents widely and can get you access to all kinds of free content. Music is especially easy to find.

The problem with filesharing is that it exposes you and your computer to all sorts of risks that are not disclosed by the filesharing network or those “friends” who are pressuring your kids.

  • When you use P2P, it is essentially impossible to verify that the file is trustworthy. Hackers hide spyware, viruses, worms and trojan horses and other malicious code into the files. When you download the file, you infect your own computer.
  • P2P also opens up your computer to outsiders. The applications claim to only expose certain directories but 1) you don’t know if the application is locking the folders down properly and 2) it’s too easy to misfile a confidential document in a shared folder. Any little mistake opens up your confidential information to the world.
  • Most P2P applications require you to open up certain ports on your firewall so it can send or receive the files. Hackers exploit those open ports to attack your computer directly anytime it is connected to the internet.
  • And, of course, the big risk that got so much press when Napster was being sued into bankruptcy is the phenomenally high proportion of copyrighted material being illegally offered for “sharing”. If you download pirated content, even unknowingly, you could face fines or other legal action. The Recording Industry Association of America (RIAA) is especially aggressive about finding and suing individual users who have illegally copied content on their computers.

If you run a network, either at a business or at home, I strongly recommend that you block filesharing sites. Remember, you go to jail or pay the fine whether they downloaded the illegal software with your knowledge or not. If you have kids, turn on your computer’s parental controls and block those sites. Teach your kids to buy their music legitimately.