Triona's Tech Tips

Ever type the wrong Web address by mistake? Did you know that cybercriminals snatch up typoed domains in order to create tempting lookalikes?

Typosquatting is the practice of registering a domain that is a typo of a common site, like goole.com instead of google.com. Most people don’t notice their typos, especially if they land on a site that looks similar to the one they expect. While some of these typoed sites are innocuous, others can contain everything from malware to password harvesters.

Security firm Sophos did an interesting study of typosquatting, and concluded that malware is actually the least of your problems if you wind up on a mistyped site. However, that’s not to say you shouldn’t be concerned about viruses.

More worrisome is the old bait-and-switch game. Sophos describes a situation in which you mistype apple.com and end up on a lookalike page that invites you to download iTunes. Except it’s not iTunes, it’s a site offering “unlimited music downloads.” And it doesn’t even give you that much, just access to some online forums of questionable value.

Another example of bait-and-switch is the brand ripoff. Many of the typos for search engine Google go to search engines that aren’t Google, but use the Google logo and serve up “results” that earn clickthrough cash for the squatters. Fake competitions and surveys also bring in the dough.

How can you avoid typosquatting?

• Be careful what you type.
• Check the address bar to confirm the site you’re on.
• If things don’t look right, quit your browser and try again.
• Hover over links without clicking and look at the status bar at the bottom to see where they go.
• Use bookmarks to avoid typos.
• Don’t rely on history instead of bookmarks, in case mistyped links linger there. (History shows where you’ve visited, bookmarks are shortcuts to links you visit frequently.)
• Don’t try to click through a mistyped site to get to the real page, even if you are offered a link to do so. Quit your browser and start again.

In February I’ll give you the inside secrets on How To Ditch Your Computer For An iPad. And if you’re not receiving Tech Tips by email, you’re missing out on bonus tips, tricks, and product reviews. Subscribe free to Tech Tips, and don’t forget to follow me on Twitter @trionaguidry for breaking computer news and other geeky stuff.

Is it possible to have a truly offline computer? As I described in my recent column in the Northwest Herald, the short answer is no. Even if you don’t need the Internet, your computer does. You can still be infected by viruses even if you’re not online. In fact, your computer will turn into a silent hotbed of virus activity just waiting for the opportunity to infect others. The older the computer, the worse the problem.

The article isn’t available online, so I’ll give you the gist of it:

Pretend you have a Windows 2000 computer that never goes on the Internet. Using it is like traveling through time, ten years into the past. There are plenty of old friends installed: Microsoft Office 2000, Acrobat 5, Internet Explorer 6, programs that were standards at the time but have long since been replaced with newer versions.

You might think you could continue to use this computer in isolation, maybe for basic word processing. It doesn’t matter as long as it doesn’t connect to anything, right?

But, let’s pretend your printer dies. No point in word processing if you can’t print. The new printer says that it’s not really Windows 2000 compatible, but you might be able to find some software on the Internet. You try to log on but poor Internet Explorer 6 can’t handle a modern web site. And, behind the scenes, a virus just snuck through holes in IE6 to infect your computer.

Unaware of the virus, you decide to use your Windows 7 laptop to download the printer software to a USB flash drive. Another virus hitches a ride from the laptop to the desktop, a virus that can’t run under Windows 7 but is more than happy to infect Windows 2000. The Windows 2000 computer is now a hotbed of virus activity, and the only symptom is that it’s increasingly slower.

Other viruses join the party, and pretty soon that Windows 2000 computer is spewing all sorts of junk that infects your Windows 7 laptop, your smartphone, your iPad… then your email and Facebook accounts get hijacked and suddenly your bank is calling about missing funds.

I’ve received a few responses from folks with older computers, disagreeing with my opinion. Most of the responses included the observation: “I’ve been running this version of Windows for umpteen years and I’ve never had a virus.” If I may add… that you know of.

In fairness to these folks, yes, I do know people who use Windows 98 or Windows 2000 without the world grinding to an earth-shattering halt. Most of them are retirees or others who don’t use their computers often. In such cases we try to keep the computer functional for as long as we can. But there are others who – in my opinion – are doing absolutely lunatic things with ancient computers. Like trying to run a business with them: payroll, marketing, the works. And that gives me the screaming heebie-jeebies because there are SO many ways it can go disastrously wrong for both you and your business.

Most viruses and malware show absolutely no signs of their presence. It doesn’t matter if a Win98 or Win2000 computer has antivirus installed or not, because any antivirus capable of running under those versions of Windows is incapable of detecting new threats. It’s like taking a police officer from 1912, dropping him into 2012, and expecting him to cope with modern problems for which he has no frame of reference.

Friends, I’m saying these things to help, not to hinder. I think one reason many people are reluctant to change is because it truly is difficult to get used to a computer with a different interface. Like when we moved from DOS to Windows 95, or Windows XP to Windows Vista and 7. A new interface puts us on edge, even old salts like me. It’s annoying to spend half your morning trying to figure out how you used to do something, but that’s technology, and the only thing you can do is adapt.

You may find it easier if you keep in mind that computers haven’t really changed all that much since the 1980s. Saving a file, typing a document, finding a contact’s address, these things are still the same. It’s the look-and-feel of the computer that has changed, plus the ability to access more information faster. Even the Internet is pretty close to what it was when I started using it twenty years ago. Today I’m using RSS feeds and Facebook chat instead of Usenet news and UNIX talk, but the fundamentals remain.

What do you think? Is there life to be had in old computers, or are the security risks too great?

There’s a big debacle going on in the tech world. It seems that CNet aka download.com, purveyors of downloadable software, took a very popular geek tool called Nmap and wrapped their version of the free installer with the installer for some junky browser toolbar. Two of my favorite tech sites, The Register and Sophos Naked Security, have good descriptions of the situation.

The author of Nmap is a well-known Net.denizen named Fyodor, who is justifiably steamed. His response:

“The problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn’t put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!”

He has an excellent point. I can tell you that any customer I’ve ever worked with would be irate indeed to have their computer messed up by a stupid junky toolbar they never wanted. But what should you, as a consumer, do about good software that comes bundled with junk?

Go to the original download source
Don’t rely on aggregate sites like CNet for your software. Instead, go directly to the web site of the program’s developers. You’ll often find a more recent version there, as well as better support options. This also eliminates the problem of poisoned search engine results when searching for programs (links that look legit but lead to virus-laden sites).

Look at the window before you click
In the Nmap case, the installer for the Babylon browser bar makes it look like you have to install it before you can install Nmap. When installing software, look very carefully for obscure checkboxes and buttons. Most of these installers stealthily install their junk by either making the opt-out checkbox hard to find, or by making the junk look like a necessary part of the install.

In the Nmap case, if you click Accept you’re only accepting the junk because this is the wrapper; you haven’t even gotten to the real installer yet. As Fyodor said, most people will click this then wonder why their Web browser isn’t working. Then they’ll have to find somebody who knows how to remove this kind of junk, because you have to remove ALL of it or it will continue to mess up your computer.

Make your voice heard
If you spot software that is bundled with junk, let the manufacturer know how disgusted you are. Keep your friends and colleagues informed by sending them a link to this article and letting them know about the menace of stealthy junk software.

You should not ever have to install a piece of junk to install the program you want – and if the program you want won’t let you do it any other way, find a different program. Shame on you, CNet. And kudos to developers like Fyodor who actually care about the end users.

(Photo of awesome Tron “I Fight For The Users” shirt from ThinkGeek. And no, I’m not getting any affiliate rewards for telling you that. I just like both the shirt and the store.)

When we talk about “the cloud,” we simply mean the Internet. It’s a new name for something we’ve been doing for a long time: using the Internet to store and exchange data. Cloud computing, however, takes this concept to a new level. Pair that with the prevalence of Internet threats and you really have to start taking a look at where your data is going.

Increased use of mobile devices only makes matters worse. Vendors are embracing the cloud as a simple way to synchronize between devices of differing manufacturers and models. What is easier for them is not necessarily better for you. I’ll use Apple’s iCloud as an example, although the problem is industry-wide.

Until now, the way to sync a mobile device to a computer was to connect the two with a cord – in the old days it was a serial cable, now it’s traditionally USB. Connect the cable, run your software, and you’re synced. But there are drawbacks to this method, especially when you have to sync more than one device, and it’s not always an intuitive process.

Enter iCloud, which promises to let you sync all your iDevices with ease. Apple’s web site proudly states, in classic Steve Jobs style:

“iCloud stores your music, photos, documents, and more and wirelessly pushes them to all your devices. Automatic, effortless, and seamless — it just works.”

Yes, but what does that mean, exactly?

Where once your data went through a simple cable from your mobile device to your computer, now it traverses miles of network and resides in one or more data centers. Syncing one contact between two devices sitting less than an inch from each other now involves millions of dollars in IT infrastructure. Creepy, when you think about it, and not very environmentally friendly either.

Consumers seem willing to make the trade-off, if mobile and cloud revenues are any indication. To be honest, I don’t think most people think about it. This complacency can easily lead to increased security risks. Imagine the stuff on your phone: contacts, calendars, all sorts of information you’d never trust to a complete stranger. But that’s exactly what you’re doing when you using cloud services to sync. New services like iCloud let you sync even more information. Pretty soon everything you do on an electronic device will be on the Internet.

Or has that already happened? I described my recent experience evaluating iPad RSS apps and my realization that the only decent products, not to mention all the award-winners, required the use of Google Reader. This means that you have to put all your feeds – the blogs and web sites you subscribe to – on the Internet. Never mind the free speech issues and Big Brother implications that the government could watch and/or censor what you’re reading, what if I don’t want to put my feeds in the cloud? They only need to reside in two places: my computer and my iPad.

But the apps with the features I wanted required Reader, so I held my nose and accepted the inevitable. That is becoming the only option if you want the functionality these products promise. A few – a very few – vendors include options that allow you the same functionality without using the cloud, but the process often feels like a kludge. They don’t want you to do it that way. They want you where it’s easy (and cheap) for them to deal with you and your data.

I’m in IT, so I’ve got computer security on the brain. The average person doesn’t and that concerns me. For most people technology is a black box that they hope, as Jobs said, “just works.” The cloud makes that easier, but at what cost? I think it’s important that we think about the implications of technology before diving headlong into its use.

In today’s Northwest Herald I talk about how mobile security is a growing threat to businesses and consumers alike. Here are additional resources that can help.

First, the basics: recommendations on security software. These are all reliable vendors in the security arena and have mobile products available for a variety of platforms.

• Kapersky Mobile Security
  http://usa.kaspersky.com/products-services/home-computer-security/mobile-security
• ESET Mobile Security
  http://www.eset.com/us/products/mobileantivirus.php/
• Webroot Mobile Security For Consumers
  http://www.webroot.com/En_US/consumer-products-mobile-security.html
• Intego VirusBarrier iOS (Apple iOS only)
  http://www.intego.com/virusbarrierios/
• Trend Micro Mobile Security (Android only)
  http://us.trendmicro.com/us/products/personal/mobile-security-for-android/

Next, I wanted to expand on what I said about using mobile technology to keep up with the latest threats. One of the best ways to do this is to subscribe to technology-related RSS feeds. I’ve talked about RSS before. It’s like getting regular headlines automatically updated to your computer or mobile device. There are a wide variety of RSS apps, but you’ll find most of them will require you to use either Google Reader or their own cloud-based technology to sync your feeds. And speaking of feeds, here are some to try.

• Triona’s Tech Tips RSS Feed
  • You can also subscribe via email by clicking here or sending a message to techtips-request@guidryconsulting.com, subject subscribe.
• Security Feeds For Microsoft, Apple, Adobe, and US-CERT. Note that these might change as this post ages.
  • http://technet.microsoft.com/en-us/security/rss/bulletin
  • http://rss.lists.apple.com/security-announce.rss
  • http://blogs.adobe.com/psirt/feed/atom
  • http://www.us-cert.gov/channels/alerts.rdf
• Sophos Naked Security
  • http://feeds.feedburner.com/NakedSecurity

One last piece of advice. Go into the settings of your mobile device and turn off any sharing that you’re not using. Periodically monitor your privacy settings on mobile devices and online sites, because they won’t necessarily stay the way you set them (thanks a lot, Facebook).

If you’re worried about your kids’ Internet safety, you’re not alone. The rapid pace of tech innovation often leaves parents feeling lost, but the latest parental control software gives you the ability to keep up with the trends.

One of my current favorites is a freebie from an old friend. Symantec’s Norton Online Family lets you protect all the computers in your house from one convenient web-based control panel. What’s nice about Norton Online Family is that it works with both PC and Mac. First, set up your initial account on the Online Family web site, then add accounts for each child based on age. You’ll receive emails notifying you of any blocked sites or unwanted activity, and as the parental administrator you can permit or deny sites as you prefer. The default settings work great for blocking popups and ads on the sites your kids visit. And did I mention, it’s free?

There are some other freebies available to you if you have Windows 7 or Mac OS X Snow Leopard or Lion. The latest versions of these systems include improved parental control features.

I’m often asked if kids can get past parental controls. Of course they can, if they try hard enough. Using your computer’s built-in features offers resistance to “accidental” attempts to disarm the safeties, but I think a better deterrent is good old-fashioned communication. Even using the term “parental control software” can put your teen into a combative stance. Instead, call it what it is: part of your Internet safety arsenal. There are good reasons to protect kids’ computers that have nothing to do with parental trust. Stuff you don’t want will appear on even the most innocuous sites, or the sites themselves can be redirected somewhere unsavory. With parental control software you have an added level of protection on top of your antivirus software.

In my column in today’s Northwest Herald I talk about the risks of using older systems like Windows XP:

Now, think about poor Windows XP. Itʼs 10 years old, so the criminals have had ample opportunity to discover and exploit its weaknesses. Antivirus programs arenʼt as effective as their counterparts for Windows Vista and 7 because Windows XP canʼt run the newer features.

Vital new versions of programs such as Internet Explorer arenʼt available for Windows XP, and to make matters worse, just having the old version of the program on your computer renders you even more vulnerable to viruses.

Yet weʼre using this ancient, bug-riddled system to share all sorts of personal information. Itʼs like leaving your brand-new iPhone on the seat of a beat-up car with broken locks. The forced upgrade cycle is true for any computer system, including Macs, tablets, smart phones and other devices. Technological advances result in new security risks, which in turn result in eventual obsolescence.

When you don’t plan your computer expenses, you end up buying whatever’s on the shelf and paying more than you might have otherwise. Usually it’s because your existing computer has crashed and you’re in a crisis, which is not the best time to be making decisions about big expenditures. What if you watched the sales, waiting for the right computer at the right price? What if you planned your computer upgrade instead of having it forced on you when you least expect it? We all get into firefighting mode when it comes to our computers and sometimes it doesn’t occur to us that there might be an easier, less stressful way.

I think the best time to do an upgrade is during your least busy season. If it’s a big upgrade you might even want to consider telling your customers your office is closed for a short time. It’s far easier to focus on your computer infrastructure if you’re not fielding calls, and the time saved in reduced computer problems will more than make up for any lost productivity.

If you’re a consumer, the most important message to take home is this: An old computer is a dangerous computer. Don’t let cybercriminals ruin your life by stealing your identity, and make it harder for them to hurt others by keeping your own computer protections in place.

You may think you’re using your computer to read yet another fabulous Tech Tips article, but in reality you are fighting a war in which the cybercriminals are the winners and the rest of us are the losers.

Cybercriminals, as I’ve discussed before, use innocent victims to do their dirty work. They write viruses that commandeer your computer, create malicious lookalike Web sites that harvest your passwords, and hijack your accounts so they can send crud to all your contacts. It’s one area of the economy that’s, sadly, thriving. And the only person who can protect you is you. (Well, I’ll help, but you have to do your part.)

You know the drill: use good security software, keep your passwords strong and your software updated. But there’s something else you can do: educate your family, friends, neighbors, casual acquaintances, even complete strangers about the need for computer security.

The biggest problem consumers and small businesses face is not lack of information about computer security, but lack of usable information. You’ll hear plenty of news stories about viruses or cyber attacks. Some of them even include a few tidbits about what you can do to protect yourself, but few explain that computer security is a mindset. Just as you have to be aware of your surroundings when you walk down the street, you have to be aware of Internet threats and take action to avoid them.

Why not start today by asking a friend to join you in a conscious effort to become more security-aware? You’ll appreciate the results.

I often mention the importance of strong, unique passwords. Let’s practice those skills with a pop quiz. Watch out for multiple answers and trick questions!

1. Which of the following are strong passwords?

A. iloveyou

B. 123456

C. I’m2Cool

D. 654321

2. Why should your password be unique on every site?

A. Otherwise you can’t log in.

B. It’s an Internet law.

C. To make using the computer even more annoying.

D. If your password for one account is breached, the others won’t be affected.

3. A secure way to manage your passwords is:

A. To write them down on a piece of paper.

B. To write them down on a piece of paper kept in a locked drawer.

C. To keep them in a Word or Excel file.

D. To use a password management program.

4. You receive a call from someone saying they’re from tech support and need your password so they can fix the problems you reported with your computer. Do you give it to them?

A. No. It’s probably a hacker in disguise.

B. Yes. Tech support needs your password to fix your computer.

5. You should change your passwords:

A. Once a week

B. Once a month

C. Once a quarter

D. Once a year

And here are your answers:

1. C. According to a study by Imperva, the others are all commonly used passwords (and if you use any of these you should change them immediately). “I’m2Cool” is a decent password. It has a mix of upper- and lower-case letters plus numbers and symbols.

2. D. Making your passwords unique for every account and site protects you because even if hackers gain access to one of them, they won’t be able to get into the others. (Although C may also apply!)

3. B and D. Sticking a written password reminder on your wall is both common and dangerous. Similarly, keeping your passwords in a Word or Excel file isn’t a good idea because it’s ridiculously easy to gain access to the content of these files even if they’re password-protected.

4. A. You should never give out your password via phone, email or any other method. Tech support doesn’t need your password to fix problems, and gaining information via the old-fashioned telephone is a common hacker tactic.

5. I usually recommend C (once a quarter), but if you want to do it once a week or once a month I certainly won’t stop you. Once a year is not often enough. And remember not to rotate between the same two or three passwords, another common trend that renders your passwords less than useless.

The words “Mac” and “virus” in the same sentence? Yes, folks, Macs get viruses. In fact, Mac malware attacks are escalating to a level I haven’t seen in over a decade. Let’s talk about what you can do to protect yourself.

First, don’t assume that you can’t get a virus just because you have a Mac. All computers can get viruses, and threats like phishing scams and password harvesting affect everyone regardless of the type of computer they use. Pay attention to the advice Windows users receive on how to deal with viruses and Internet threats, because much of the same information applies to you.

Every Mac should be running antivirus software. My personal favorite is Intego VirusBarrier, but a good free alternative is ClamX AV. You also need to make sure your Mac has the latest software patches. Use Software Updates under the Apple menu, but don’t neglect to update your other software, especially Acrobat, Flash, and Microsoft Office.

Be aware that fake antivirus software has infiltrated the Mac universe just as it has the world of Windows. If your Mac displays a message saying that you are infected and need to buy some super-special software, assume it’s snakeoil. Run a bona fide tool like the ones mentioned above, and never, ever click on anything you are not certain is legitimate. When in doubt, use Force-Quit (option-command-escape) instead of the red X to quit.

The world of Internet threats is ever-evolving, so stay tuned to Tech Tips for the latest Mac security help.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews, plus notice of upcoming seminars and other events. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.