Triona's Tech Tips

The real Microsoft Security Essentials is a free tool that helps protect your computer from viruses and other threats. A fake antivirus program is using the Security Essentials name to spread its infections.

Fake antivirus programs are viruses that purport to be legitimate security software. It can be very difficult to tell the tricksters from the real deal. In this case, if you run across something claiming to be “Security Essentials 2010“, stay far away.

Like other fake antivirus programs, this particular rogue hijacks your computer and prevents you from accessing the web sites of legitimate antivirus vendors. It uses hyperbole to convince you that your computer is infected, then tries to con you into paying for removal. Such tricks are becoming more common. I’ve previously written about the odious Win Antivirus 2010, a rogue that really raised the bar on how far these con artists will go in order to make money at your expense.

By itself, Microsoft Security Essentials (the real one) is not adequate security software. You need something more robust like the free or paid versions of AVG, or Trend Micro or McAfee. I’m still not recommending Norton because it’s such a memory hog, but use it if you must. Also be careful if you look for for antivirus programs via a search engine, as the con artists hijack search results to spread their dangerous look-alikes.

My tech column in today’s Northwest Herald is about how to protect your passwords and your privacy on the Internet. Remember, to create strong passwords:

• 6 to 12 characters in length
• Mix of lower- and uppercase letters and numbers
• Symbols if allowed
• Not easily identifiable (your spouse, your kids, your dog)
• Create a passphrase
  • fourscore and seven years ago = 4Score&7Yrs (don’t use this one!)
• Different password for every account
• Change your passwords regularly, at least every 3 months
• Don’t re-use or cycle through the same set of passwords
• You can write them down, but keep them in a safe place

No one is immune to having their accounts compromised, and weak passwords are often the method. So take some time this weekend to secure your world by setting strong, unique passwords for all of your accounts.

Here are links to the resources I mentioned in the article (they’re all free):

• About the Twitter worm
• KeePass password manager, available for Windows, Mac, and smart phones
• ExpandURL for expanding shortened links
• McAfee SiteAdvisor
  • and, in a similar vein, LinkExtend for Firefox

If you found this information helpful, sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

I am seeing a rash of people whose Twitter accounts have been hacked. If you receive a DM (direct message) to your Twitter account saying “is this you???” with a shortened URL, DO NOT CLICK on the URL. Notify your friend via another means and encourage him or her to change Twitter passwords.

Note that it’s the person sending the DM who is the one hacked. But if you receive a message like this, it doesn’t hurt to visit twitter.com directly (DON’T click the DM link!) and change your password anyway.

It is vital to use strong passwords (mix of letters, numbers, upper and lower case, symbols where permitted; no plain dictionary words or easily identifiable names like your spouse, your kids, or your dog). You also need to use a different password on every system, even if you think it’s a pain to do so. If you use the same password in more than one place, the hacker then has entry into the rest of your accounts, like email, web sites and–heaven forbid–bank accounts. In fact, you might want to make an afternoon of it and change all of your passwords everywhere, which is a good thing to do on a regular basis. And don’t cycle passwords between accounts, you never know if one might be compromised. New passwords, strong passwords, different passwords for every system.

This particular worm has been around for a while but like all viruses tends to keep propagating. Be wary of suspicious links and use a site like ExpandURL to investigate shortened links before you click on them. When in doubt you are always better off manually typing in a Web address instead of clicking on a link. These scams are not limited to Twitter but can encompass any type of computer login.

The next time you do an online search for something, pause before you click. Some of the results you receive are poisoned links to malicious sites that may infect your computer with viruses and malware.

Search engines don’t verify that keywords match results, nor that sites are free from infection. Sponsored ads are particularly notorious. If you do a search for “Windows antivirus”, the paid results are often links to fake antivirus programs just waiting to lure you in.

I advocate the use of link-checkers such as McAfee SiteAdvisor or LinkExtend for Firefox. These free add-ons indicate through red, yellow or green icons whether links are safe to visit. Even so, you should always be cautious. Make sure your security software is up to date and that you have the latest versions of programs like Adobe Reader and Flash (here’s why). You can also run Secunia’s Online Software Inspector to check the status of your security protections.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

After a well-publicized incident in which Internet Explorer 6 was implicated in the hacks against Google and other high-tech firms in China, Microsoft is releasing an emergency fix for Internet Explorer, and begging users to upgrade to newer versions.

Today’s emergency fix is for Internet Explorer 6, 7 and 8, particularly under Windows XP although Vista and Windows 7 are also affected. This chart shows the risk potential and illustrates why upgrading to the latest version of Internet Explorer is vital to protecting your computer against viruses.

It also illustrates what I mentioned in my recent Northwest Herald column: that the older a program is, the more vulnerable it is to viruses and other Internet threats. The hack on Google involved “spear phishing”, a targeted campaign in which fake emails appeared to be from people the victims knew. The victims were therefore lured into clicking on infected PDF and Microsoft Office documents they might not otherwise have opened. These documents infected the computers with malware using holes in Internet Explorer 6 and other programs. There is some question as to why these companies were using a version of IE well-known to be vulnerable.

This incident is a good reminder for businesses and consumers to monitor their software versions and consider switching to an alternate web browser. It’s also a reminder to be wary of opening attachments even if they appear to be from someone you know.

Your free email subscription to Tech Tips includes bonus tips, tricks and product reviews. Through January 31, 2010, new subscibers will also receive a special gift: my IT Business Continuity Checklist. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Starting in 2010, I’m writing a monthly technology column for The Northwest Herald. In January’s column, Old Software Poses Risk Of Viruses, I talk about how outdated versions of your software can open the floodgates. Here are some previous Tech Tips articles on how you can protect yourself:

• Old Versions Of Internet Explorer Vulnerable To Viruses
• Fall In Love With Secunia Personal Software Inspector
• Mozilla Firefox Expands Check For Unsafe Plug-Ins
• No Click Required: Malware Via Infected Ads

Below you’ll find links to related resources including those mentioned in the column.

• Adobe Acrobat Reader updates
• Flash updates
• Mozilla Firefox plug-in check
• Microsoft Update for Windows, Office, Internet Explorer
• Apple Software Updates for Mac OS, iTunes, Safari, iPhone and iPod
• Secunia Online Software Inspector for Windows

Your free email subscription to Tech Tips includes bonus tips, tricks and product reviews. Through January 31, 2010, new subscibers will also receive a special gift: my IT Business Continuity Checklist. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

You’ve bitten the social networking bullet, and now you’re on sites like LinkedIn, Facebook, and Twitter. Concerned about security? You should be.

Social networking sites are designed to share information, not keep it private. Even with changes such as the much-touted Facebook privacy settings, anything you put on the Internet can potentially be seen.

But this can be to your advantage, especially if you’re marketing your business. News about services or products is information you want to share. Be sure that your posts are timely, concise and above all, relevant. Nobody cares if you had cornflakes for breakfast or that you just put your socks on. The more topical and informative your message, the more followers (and business!) you’ll receive.

I strongly recommend that you avoid posting personal information, no matter what your security settings are. That includes pictures of your children or vacation plans. But by all means, post information that you want disseminated. Why not let the Internet’s viral tendencies work for you?

For more information, join me for my class on Social Networking on Wednesday, January 20th, 2010, from 9:30am-11:30am at the Cary Park District.

Your free email subscription to Tech Tips includes bonus tips, tricks and product reviews. Through January 31, 2010, new subscibers will also receive a special gift: my IT Business Continuity Checklist. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The Internet is abuzz with talk of the new Facebook privacy settings. But what does this mean to you, the average Facebook user?

It means you’d better go through your profile and make sure that everything is set the way you want it to be. While Facebook says the new rules increase privacy, you may find more of your settings exposed.

Forget the Transition Tool and go straight to the source. From Facebook, click on Settings in the upper right-hand corner, then Privacy from the pop-up menu. Then go through each section to check your settings. I recommend you set everything to Friends Only unless there are specific things you want to share with the entire Internet, like perhaps your web site if you run a business. You can preview your profile to see how it looks to others. Sophos has some good advice about Facebook security you should take to heart.

This is even more important now that major search engines like Google and Bing are scrambling to include updates from social networking sites including Facebook, MySpace and Twitter. What that means is that anything you put online could end up in a search engine and plastered across the Internet.

If I were you, I would consider social networking sites like cocktail parties. Anybody might overhear what you say, and it could easily end up front-page news tomorrow.

And while you’re at it, for heaven’s sake use different, secure passwords for each of your online profiles. If you don’t, you’re practically begging for someone to compromise your account. Through December 31st, new subscribers to my Tech Tips email list will receive my tip sheet on Creating Strong Passwords. Click here to sign up.

If you are using an old version of Internet Explorer, your PC is more vulnerable to viruses and spyware.

The current version of Internet Explorer (IE) is version 8, but I routinely encounter computers running version 7 or–heaven help us–version 6. Upgrading isn’t a matter of wanting all the bells and whistles. It’s a security necessity.

The longer a piece of software is publicly available, the easier it is for hackers to design viruses or spyware to exploit its weaknesses. Also, newer software benefits from advances in security research. By running the most current version, you boost your protections.

I advocate that you break the Internet Explorer habit by using an alternate web browser like Firefox. But you still need to keep up to date on your Internet Explorer patches. Because IE is a component of Windows, you are vulnerable even if you don’t use it. One rare reason you might not want to upgrade to IE8 is if you have software that isn’t compatible. Unless this applies to you, you should consider the upgrade.

You can check your version of Internet Explorer within the program by selecting About Internet Explorer from the Help menu. To upgrade, visit update.microsoft.com or click here to go directly to the download. After you’ve installed, be sure to visit update.microsoft.com again to seek out the most recent security fixes for IE8. This will provide you maximum protection.

If you enjoyed this article, subscribe to the email version of Tech Tips for bonus tips, tricks and product reviews. Through December 31st, 2009, new subscribers will receive a special gift: my tip sheet on Creating Strong Passwords (PDF). Just click here to sign up.

A lot of “Facebook update” scams are going around. These are emails designed to entice you into clicking links to malicious sites, thus divulging your login credentials and possibly infecting your computer with viruses and malware. I received several of these scams in a batch of legitimate Facebook emails, so I thought I’d dissect one for you so you can tell the difference.

The tactics used here are the same as the ones used by the fake Microsoft security bulletins I mentioned before. Again, the idea is to make you think the message is real when you are really being redirected to a bogus and potentially dangerous site.

First, note the use of the Facebook logo, fonts, and colors. The scam message looks almost identical to a real Facebook announcement, down to the mailing address at the bottom of the message. The trick is to mouse over the link WITHOUT clicking on it, and look in the status bar at the address to which you are being directed. In this case you can see you’re being sent, not to facebook.com, but to a scam site that may be waiting to harvest your login credentials or infect your computer.

If you receive a Facebook update, go directly to the Facebook site by typing www.facebook.com in your Web browser. You’ll be able to see your updates there and respond to them.

Remember, these scams are not limited to Facebook. Every social networking site, including LinkedIn, Twitter, and all the rest, are vulnerable to these sorts of tricks.

A final note of caution: Don’t friend anyone on a social networking site unless you’re certain you know who they are. A good rule of thumb is to view their profile to see if you have any friends in common, or to Google the person to see if they’re real. There are fake profiles out there which exist only to friend you and thus have access to your privately-posted information.

If you enjoyed this article, subscribe to the email version of Tech Tips for bonus tips, tricks and product reviews. Through December 1st, 2009, new subscribers will receive a special gift: my Ten-Step Computer Troubleshooter (PDF). Just click here to sign up.