Security Basics For Windows Users

Windows81With Windows malware on the rise, now seems like a good time for a refresher on basic security advice for Windows users.

First, the bad news. If you are using Windows XP or Windows Vista, you need to upgrade as soon as possible for your own safety. Your computer can no longer run current antivirus software, nor does it receive security updates. Even longstanding programs like Google Chrome now consider WinXP and Vista obsolete. Below you’ll find resources on how to plan your upgrade.

As with any computer, the best defense for Windows users is prevention, including reliable backups and solid security software. Equally important, you also need to know how to recognize and avoid common Internet threats.

If you’d like to know more about Windows security, stay tuned to Tech Tips via Facebook and RSS, or subscribe by email.

Windows Antivirus Programs
Good security starts with a quality antivirus program. You can use the freebies, but I strongly recommend that you invest in a commercial security suite. It’s money well spent.

Upgrading From Windows XP and Windows Vista

Tech Tips – Recommended Advice For Windows Users

 

Ransomware: A Dangerous Threat To Your Computer

Computer SecurityRansomware is a particularly nasty form of computer virus that encrypts your data, then demands an electronic ransom for the encryption key. Why is ransomware so hazardous, and how can you remove it?

Ransomware is vicious because it doesn’t just render your computer unusable. It encrypts all of your files, including those on networked computers, removable drives, and server volumes. To get the key to unlock the encryption, cyber-criminals demand that you pay. Ransomware has decimated businesses and consumers alike. It’s been around on Windows for ages (see my writeup of Cryptolocker from a few years ago), but recently the first Mac-based ransomware has appeared in the wild.

Should You Pay?
There’s some debate amongst computer security experts as to whether it is better to pay the ransom or not. Sophos’ Naked Security blog has a good overview of the discussion. They also have an excellent article on what you can do if you are infected by ransomware.

How To Avoid Ransomware
You are far better off avoiding ransomware in the first place. Start by making sure you have multiple sets of known good backups. A clean backup is one of your best protections against ransomware and other viruses. Below you’ll find my guide on backup options for Windows and Mac, including how to test your backups to make sure they work when you need them.

All of my usual security recommendations apply as well. Use a top-quality antivirus program, and keep your computer up to date. If you’re on an obsolete version of Windows or Mac, now’s the time to upgrade. Check your default security settings, and use strong, unique passwords on every site.

Here are some Tech Tips articles to help. You can also sign up to receive Tech Tips by email and follow Tech Tips on Facebook for the latest tech support advice for Windows and Mac.

How To Back Up Your Computer (For Windows And Mac)

How To Create Strong Passwords (2016 Edition)

How To Configure Security Settings For Windows, Mac, iOS, and Android

Security Basics For Mac Users

How To Protect Your Web Browser

How To Back Up Your Computer (For Windows And Mac)

backuprestoreWhen was the last time you backed up your computer? If you have automatic backups set, do you check them on a regular basis? Have you ever tested your backups by trying to restore some of your files?

It’s not enough to set your backups and forget them. You would not believe the number of times I’ve encountered backups that were “definitely” good, only to discover they were blank or missing or had never run in the first place. Don’t wait for an emergency to find out your backups don’t work!

I recommend that you make extra backup copies to keep in a secure offsite location. If you use a cloud-based backup, you should also keep a current local copy of your data in case of emergencies. The following resources will help you configure and maintain your backups.

Get computer help straight to your inbox! Sign up to receive Tech Tips by email, and follow Tech Tips on Facebook for more tech support advice for Windows and Mac.

What You Need To Know About Windows 10

win10Many people have asked me about Windows 10. They want to know if they should upgrade, and how they can reconfigure the settings to avoid Win10’s notorious privacy issues.

Windows 10’s default security settings are not conducive to consumer privacy, to put it mildly. (Microsoft isn’t alone in this; it’s become an increasing problem with modern operating systems.) You should research Win10 thoroughly before you upgrade and make your privacy configuration changes as soon as possible after installation. And, of course, always use good antivirus software and strong unique passwords, keep your software updated, and follow basic Internet security guidelines.

Unfortunately, as I have discussed before, Microsoft is forcing Windows 10 onto unsuspecting Win7 and Win8 users via Windows Update. Do NOT turn off Windows Update to solve this! Set it to notify but not download or install without your permission (instructions for Win7, instructions for Win8.1). Then make sure you install the rest of your security updates manually until you are ready to upgrade to Win10.

I have real problems with Microsoft’s aggressive auto-upgrading to Win10. It goes against longstanding IT procedures to do, not to mention alienating your customers. Believe me, after 25 years of tech support I can tell you that one thing users do NOT like is an unexpected system upgrade. It’s easier for technology companies to ignore security in favor of pushing out products, but the customer is the one who pays the price.

Here’s more information on Windows 10’s privacy problems.

Here’s some info on Microsoft’s aggressive auto-upgrading to Win10.

Don’t forget to sign up to receive Tech Tips by email and get the latest computer news straight to your inbox. You can also follow Tech Tips on Facebook for more computer help for Windows and Mac.

How To Create Strong Passwords (2016 Edition)

Computer SecurityTime once again for my updated guidelines on creating passwords. The short version: use passphrases that are at least 12 characters long and different on every site, plus two-factor authentication where possible. And for pity’s sake, stop using weak passwords!

Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

Strong passwords must be:

  • Not in use on any other system
    This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.
  • Changed regularly
    Yes, you have to change your passwords. And yes, they still have to be different everywhere. In fact this is one of the best things you can do to secure your passwords. Use a password management tool if you need help keeping track of everything (see below).
  • 12 characters or longer
    Think passphrase rather than password. The longer and more complex a password is, the less likely it can be cracked.
  • A mix of upper- and lowercase letters, numbers, and symbols
    Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.
  • Not common words or proper nouns found in a dictionary
    Here’s a list of the 25 worst passwords of 2015. If your passwords sound like these, change them now.
  • Not the names of your spouse, kids, pets, or other personally identifying information
    Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions. For example, if you have pictures of your dog Fido on Facebook, and you also answer your bank’s security question “What’s your dog’s name?” with “Fido,” guess what? You have just given a hacker potential access to your bank account.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via sites like email, Facebook, Twitter. Use another means like text message, which goes directly to the recipient. Or even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

With a password management tool such as 1PasswordLastPass, or KeePass, all you have to remember is one master password and the software takes care of the rest. You can use the same password management tool on your computer and on your mobile devices.

But there’s a catch. Unfortunately any company can be breached by hackers and password management firms are no exception, as was demonstrated by a recent LastPass breach. In other words, passwords stored in management tools can be swept up in data breaches just like any other kind of data.

The good news is that most password managers encrypt your data, so even if hackers get hold of it, they will hopefully be hard-pressed to recover your actual passwords. That being said, you need to safeguard your master password with more vigilance than any other password you use. Please do NOT re-use your master password anywhere else! And be sure to keep another copy of your passwords somewhere safe in case you lose access to your password management tool.

Two-factor authentication

Two-factor authentication (2FA) uses a password plus another unique identifier, like a passcode messaged to your phone. This is much safer than a password alone because the second identifier is constantly changing, making it much harder to break into an account. If a site offers 2FA, you should consider using it.

However, 2FA does not make a weak password safe. Your best bet is 2FA plus an excellent password. As with a password manager’s master password, you need to make absolutely sure you have copies of your 2FA backup codes, because that’s what’s going to get you into your account if you have trouble.

Password harvesting scams

Password harvesters are everywhere. For example, you might get a spam email saying you need to update your account. This message contains links to a page that looks like the real login, but it’s really just a fake designed to steal your credentials. Similarly, password-harvesting scams can be distributed via Facebook, Twitter, and other social media sites. When in doubt, type the address for the site into your Web browser manually rather than clicking on a link.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

Security Basics For Mac Users

appleIf you’re not protecting your Mac from Internet threats, your computer can easily be overcome by viruses and malware. But running antivirus isn’t enough. Mac users also need to be just as aware of scams, fake apps, and other Internet dangers as their Windows counterparts. Here are some resources to get you started.

If you’d like to know more about Mac security, stay tuned to Tech Tips via Facebook, Twitter, and RSS, or subscribe by email.

Mac Antivirus Programs

Mac Security Help

Tech Tips – Recommended Advice For Mac Users

Microsoft Alienates Customers With Forced Windows 10 Upgrades

win10Microsoft is facing public backlash for automatically upgrading the computers of unsuspecting customers to Windows 10.

Since public outcry Microsoft has reversed course, claiming that the forced installations were due to their accidentally making the Windows 10 upgrade checked by default. In theory, this means that there should be no more forced upgrades.

But the antagonism Microsoft is generating through such aggressive marketing methods is eroding customer goodwill. Microsoft has certainly been pushy about those “Get Windows 10” messages on Windows 7 and Windows 8 computers. And they’ve demonstrated aggressive Windows 10 tactics in the past, when they downloaded the Win10 installers onto computers without the user’s knowledge. So it didn’t come as much of a surprise to the IT community when reports began to trickle in that Microsoft had taken it one step further and actually performed system upgrades without user consent.

Microsoft Alienates And Frustrates Their Customers
Who wants to do business with a company that dictates when and how you upgrade your computer? Microsoft’s tactics show a vast disregard for the people who actually have to rely on their computers in real-world situations.

If you’ve ever upgraded your computer, you know things fail. Programs stop working. Devices stop working. Things are hectic until you’ve tested and re-tested everything. Even then, weeks later, you’ll stumble across something else to fix. I never upgrade without making several backups first. Microsoft didn’t even give people that chance before plunking Windows 10 in their laps.

Not only is this going to alienate their customer base, it makes people not want the software. People may start associating “Windows 10” with “aggressive marketing tactics” and steer clear. How are consumers supposed to believe tech security experts when we tell them to upgrade for their own safety? They’ll think we’re doing it for the same reasons Microsoft is foisting Win10 onto their computers: to keep them in the Windows ecosystem so they’ll buy more MicroStuff.

Upgrades Are Necessary, But Not Like This
Now, I’m all for upgrading, in certain circumstances. If you’re on Windows XP, for example, it’s long past time you did. Older software can’t run current antivirus, can’t run a modern Web browser, can’t receive security updates. Even Windows 7 is fairly long in the tooth at this point. From a security standpoint you really should be running Windows 8 or Windows 10. But I don’t want people to upgrade to cost them money or to make their lives difficult. I want them to upgrade because I don’t want them to suffer the financial loss and identity theft that comes with a severely infected computer. Trust me. I’ve seen it and it’s not pretty.

But forcing system software onto unwitting end users is unheard-of. You don’t pester users to upgrade. You don’t stealthily download installers onto their computers, taking up pricey bandwidth and drive space. And you certainly don’t upgrade somebody’s computer to an entirely new operating system without at least giving them the chance to opt out!

What Could Microsoft Do Instead?
Instead of aggressive marketing tactics, MS should spend their time and money educating users on why they need to upgrade older computers for security’s sake. But Microsoft would rather spend their time and money on ridiculous ads like “PC Does Whaaat?”, a collaborative effort between Microsoft, Intel, HP, Dell, and Lenovo geared towards encouraging more PC sales. According to the AP, this ad campaign cost $70 million.

I wonder how far $70 million would go towards helping consumers understand the necessity of upgrading — on their own terms.

Don’t forget to sign up to receive Tech Tips by email and get the latest computer news straight to your inbox. You can also follow Tech Tips on Facebook and @trionaguidry on Twitter for more computer help for PC and Mac.

How To Protect Your Web Browser

browserYour Web browser lets you access Internet sites, but it can also be a gateway for viruses, malware, and more. Here’s how to keep your browser protected and secure.

(Don’t miss my latest article for The Northwest Herald – Protect Your Window To The Internet by Triona Guidry)

Remember that it’s vital to keep your browser up to date. If you can’t run an updated browser, you may need to consider an alternate browser or even a computer upgrade. Old computers running outdated browsers are holy grails to hackers and virus-writers because they’re so easy to infect. The US-CERT web site has detailed information about how and why you need to protect your Web browser.

Your computer’s default Web browser is Internet Explorer for Windows, and Safari for Mac. Here’s some information about how to secure them. Bear in mind that software manufacturers don’t provide security updates for outdated versions of their browsers, which may be why you don’t see yours here.

Internet Explorer (Microsoft)

Safari (Apple)

Alternate browsers include Mozilla Firefox, Google Chrome, and Opera, among others.

Do you have questions about securing your Web browser? Ask in the comments, and don’t forget to follow Tech Tips on Facebook and @trionaguidry on Twitter.

Windows XP Is Dead. Now What?

Windows XPAs you may have heard, Microsoft has ceased support for Windows XP. Many people assume it’s okay to keep using it. They’re dead wrong.

WinXP is already vulnerable to viruses because it’s been out so long. Now we have the nightmare scenario in which bugs are discovered but not fixed. Here’s how it goes: Microsoft announces a security vulnerability and offers patches for Win7 and Win8. The hackers rub their hands with glee and start testing to see if WinXP has the same vulnerability. Lo and behold it does, and they have an easy way to sneak into your computer.

Like the recently discovered Internet Explorer bug, which gives hackers a way to take over your entire system. It’s the first major vulnerability since XP’s demise. We know the bug exists in IE under XP. At first Microsoft said they weren’t going to patch it for XP, but now they’ve changed their minds. The question is, what about the next big bug? Using WinXP is like leaving your front door keys in the lock with a sign that says “Come on in, the best valuables are right over there!”

This isn’t a marketing gimmick or a way to increase PC sales, though I’m sure tech vendors don’t mind if you give them money. This is about you and the real-world repercussions of a hacked computer. Do you want your bank accounts wiped out? Do you want your identity stolen? Do you want your online identities hijacked? If not, then get off Windows XP.

Some of you will decide you don’t want to upgrade. That’s up to you, but I strongly recommend you reconsider. A very few of you – less than you think – will have some business-critical function that requires XP. Unless you are in that infinitesimal group, upgrade now.

What are your choices? Windows 7, Windows 8, or Mac. I did a rundown on them a while back based on a question from a reader. At this time, my recommendation stands at Windows 7 or Mac depending on your preference, with Windows 8 a distant runner-up due to its unfamiliar interface and lack of apps. Or, you could go pure mobile with tablet and smart phone.

For those of you who really, truly, honestly cannot upgrade from Windows XP, you have my condolences and some advice:

  • Use a browser other than Internet Explorer. Never use IE even for a moment.
  • Make sure you have the last round of updates Microsoft offered for XP. You can still use Automatic Updates to install them.
  • Run a good antivirus program.
  • Double-check regularly with Malwarebytes and CCleaner.
  • Don’t use Windows XP for finances or online purchasing. Ever. Your smart phone is safer at this point and I don’t advocate using smart phones for finances.
  • Don’t use WinXP to access social media sites (Facebook, Twitter, etc). Social media is a virus cesspool and you don’t have a lifejacket.
  • Plan your upgrade. This is not a permanent solution. Eventually your PC will fail and you will have to replace it.

Do you have questions about Windows XP’s end of support? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

How To Protect Your Privacy On Social Media Sites Like Facebook And Twitter

socialmediaWhen was the last time you checked the privacy settings on your social media accounts? Once? Twice? Never? If you don’t check periodically, you run the risk of having your account hijacked by hackers.

Related article: Strong passwords key to social media privacy by Triona Guidry (The Northwest Herald)

What do you mean by “social media”?

Sites primarily used as a means of mass communication: Facebook, Twitter, LinkedIn, Pinterest, Instagram, Tumblr… You could also think of them as virtual communities, each with different rules and tendencies.

Why should I bother securing my social media accounts?

Because having your account hijacked stinks. At best, it’s inconvenient to reset your passwords and notify your friends. At worst, it results in data loss, identity theft, and financial ruin.

But aren’t these sites private?

Nope. They have privacy settings, most of which aren’t on by default. But anyone can sign up on these sites, and anyone can pretend to be anyone else on them. They’re designed to share information, not keep it private. Which is why the idea of people sharing their entire life stories and that of their kids gives me the screaming heebie-jeebies. Social media sites aren’t private photo albums and diaries. They’re publicly-accessible news sites (and data aggregators for advertisers).

Why do hackers want to hijack me?

In short: money. Cybercrime is a multi-billion dollar global industry. With economies tanking and people out of work, the idea of making tons of cash through Internet scams is hard to resist. Through commandeering your account, cybercriminals sell everything from Internet pharmaceuticals to fake antivirus programs to Twitter followers using your hijacked identity. It’s the go-to crime of the 21st Century.

Should everyone protect their social media accounts?

Yes. Absolutely. There’s no excuse not to.

How can I protect my social media accounts?

Use strong passwords that are unique on every site

Double-check your privacy settings

Report fake followers and inappropriate content

Verify links before sharing

Do you have questions about securing your social media account? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.