Now, think about poor Windows XP. Itʼs 10 years old, so the criminals have had ample opportunity to discover and exploit its weaknesses. Antivirus programs arenʼt as effective as their counterparts for Windows Vista and 7 because Windows XP canʼt run the newer features.

Vital new versions of programs such as Internet Explorer arenʼt available for Windows XP, and to make matters worse, just having the old version of the program on your computer renders you even more vulnerable to viruses.

Yet weʼre using this ancient, bug-riddled system to share all sorts of personal information. Itʼs like leaving your brand-new iPhone on the seat of a beat-up car with broken locks. The forced upgrade cycle is true for any computer system, including Macs, tablets, smart phones and other devices. Technological advances result in new security risks, which in turn result in eventual obsolescence.

When you don’t plan your computer expenses, you end up buying whatever’s on the shelf and paying more than you might have otherwise. Usually it’s because your existing computer has crashed and you’re in a crisis, which is not the best time to be making decisions about big expenditures. What if you watched the sales, waiting for the right computer at the right price? What if you planned your computer upgrade instead of having it forced on you when you least expect it? We all get into firefighting mode when it comes to our computers and sometimes it doesn’t occur to us that there might be an easier, less stressful way.

I think the best time to do an upgrade is during your least busy season. If it’s a big upgrade you might even want to consider telling your customers your office is closed for a short time. It’s far easier to focus on your computer infrastructure if you’re not fielding calls, and the time saved in reduced computer problems will more than make up for any lost productivity.

If you’re a consumer, the most important message to take home is this: An old computer is a dangerous computer. Don’t let cybercriminals ruin your life by stealing your identity, and make it harder for them to hurt others by keeping your own computer protections in place.

Subject: Hello

Dear friend,

i would like to introduce a good company who trades mainly in electronic products, They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you!

The web address: (removed for safety)

If you check online you’ll find reports of this coming from users of Hotmail, Gmail and other email services. There are variations in the scam. Some may cite a different web site, or may have a different subject or message in the email.

If you receive a message like this, the important thing is NOT to click on any links because it will infect your computer with viruses. The same goes for messages you may receive via instant messaging (IM), Facebook, Twitter, or other means. Inform the person who sent it to you by another means (like the good old fashioned telephone) to let them know they have been hijacked.

How can you tell if a message is real or not? If it seems generic, contains no subject or a bland subject like “hi” or “hello,” doesn’t mention you by name, contains spelling, grammar or punctuation errors, or has been sent en masse to a large number of people, those are indications it may be a scam. Ask yourself: Is this the sort of message I would expect this person to send?

If your account has been hijacked, it’s vital to change your password immediately. Here’s some information on how to create strong passwords:

• Triona’s Tech Tips: How To Create Secure Passwords

And here is some more information on what to do if your email account is hijacked:

• Triona’s Tech Tips: What To Do If Your Email Account Is Hijacked

Be sure to scan your computer with your security software. If you’re using free software you should consider purchasing a security software suite. You should also check your email signature and any autoresponders you may have set, as they may have been modified to send malicious links to your contacts. Inform your contacts that your account was hacked and that they should not respond to any scam messages they have received. And you should report the incident to your provider.

These hacks are becoming more and more prevalent. It is absolutely vital that you protect yourself by using strong passwords that are unique for every account, and that you stay vigilant about your computer’s security.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My two favorite tools are CCleaner for Windows and Snow Leopard Cache Cleaner for Mac (which, despite the name, also works on previous versions of the Mac OS as well). I’m particularly fond of these programs because they work by giving you a convenient way to run the tools already built into your Windows or Mac computer. That makes them safe and reliable.

Of course, before you run any utility that might change your computer system, you should always make at least one backup (preferably two or three to different backup devices). These cleaning programs don’t run all the time like your antivirus software, but you can run them whenever you think your computer might be getting a little slow.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Here are some things you can do to protect yourself, not just from hijacked accounts but also from viruses, spyware and other Internet threats:

• Use strong passwords that are unique on every system, and change them every few months. Earlier this week I posted an article about how to create secure passwords. This is the number-one thing you can do to prevent your accounts from being hijacked.

• Use a high-quality security software suite. I used to recommend free solutions for Windows like AVG combined with Spybot or AdAware, but these days I’m finding the freebies aren’t enough to protect you. Norton and McAfee will do the job, but Norton in particular tends to take up a lot of memory which may make older machines run more slowly. I prefer AVG’s paid Internet Security Suite or Trend Micro’s Titanium Internet Security or Titanium Maximum Security. If you’re using free AVG, you can get a discount on the full AVG suite if you buy through the “upgrade from free version” option.

Whatever solution you choose, be sure it is a full suite—containing antivirus, anti-spyware, and firewall—and not just antivirus. And be sure it’s real software and not one of the many rogue security programs that are actually viruses in disguise.

Mac users, you need security software too. My personal favorite is Intego VirusBarrier or Internet Security Barrier. If you run Windows on your Mac through Apple’s Boot Camp or a program like VMWare or Parallels, try Intego’s Dual Protection options: VirusBarrier DP or Internet Security Barrier DP. These include BitDefender for Windows to protect the Windows half of your computer.

• Make sure ALL of the software on your computer is regularly updated. In one of my previous Northwest Herald columns, I talked about the dangers of old software. Here on my blog I’ve also talked specifically about the risks posed by old versions of Adobe (Acrobat) Reader and Flash.

• If you’re on Windows, use a browser other than Internet Explorer. Using Firefox or Opera instead of Internet Explorer offers you that much more protection. If you must use Internet Explorer, find out why older versions of Internet Explorer pose a greater risk of virus infection.

• Watch out for poisoned search engine results and learn how to spot bad web links.

• Never click on links or open attachments in email. Always visit the site directly. For example, if you get an email saying you have a new Facebook message, go directly to facebook.com from your Web browser instead of clicking the link in the email.

• Learn about social engineering and how hackers will do anything and everything to trick you into letting them in.

• And, finally, subscribe to the free email version of Triona’s Tech Tips for easy-to-understand tips you can use to protect yourself from the latest Internet threats. You can click this link or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe.”

Let me teach you how to be a hacker’s worst nightmare by using strong passwords that are:

• At least 6-12 characters in length
• A mix of upper- and lowercase letters, numbers, and symbols if allowed
• Not common words or proper nouns found in a dictionary
• Not in use on any other system
• Changed regularly (at least once every few months)

The most common password mistakes I see are:

• Using no password at all (e.g. hitting Enter)
• Using common passwords like “password,” “123456,” spouse’s name, or pet’s name
• Using a common dictionary word with an exclamation point at the end
• Using the same password for everything
• Rotating through the same two or three passwords for everything
• Sharing passwords with others
• Sending passwords via email
• Sticking passwords on Post-It notes on monitors or under keyboards

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

It’s typical that the viruses that get the most attention are those that happen to infect big-name organizations. (Note that ABC News reports that ABC/Disney itself was infected by the virus.) In this case, the virus itself is not that scary. Sure, it’ll infect your computer, disable your security protections, spread through removable drives and network shares, and send itself to everyone in your contacts list. But a lot of viruses do that. And yes, it’ll overwhelm your network if you allow it to run rampant, which is what appears to have happened at some of these large companies. But, the thing about Here You Have is that it’s avoidable if you follow some simple precautions:

• Never click on email links.
• Run a good-quality security suite that includes antivirus and anti-spyware protections. The major security programs have already been updated with protections against Here You Have.

And, if you’re in a corporate setting:

• Filter spam at your network perimeter.
• Block unnecessary attachment types, like the .SCR file type used by Here You Have.

Want to know the viruses that scare me? The ones no one hears about because they are too sneaky. The ones that work silently, slipping into your computer without any interaction from you. The ones that can’t be removed with standard security tools. The ones that secretly record your keystrokes and quietly commandeer your computer. The ones that only infect a few computers at a time so as not to be detected.

That’s not to say you shouldn’t be wary of Here You Have, especially since it appears new variants of the virus are arising. But remember, the viruses that do the most damage don’t always make the headlines.

Like the Facebook update scam I dissected for you a few months ago, this latest scam tries to trick you into clicking a potentially malicious link by mimicking a legitimate Facebook message. Take a look at this screenshot and compare it to the Facebook update scam. You’ll see similarities, including the use of Facebook formatting and logo as well as a legitimate-looking link. However, the link actually redirects you to a malicious site. The site on this particular message has already been blocked as being harmful; it probably belongs to some innocent victim whose web site was hacked to deliver viruses or harvest passwords a la the Twitter DM worm. But there are plenty of other phony sites out there that may not have been blocked.

In my case I was alerted to the scam because I’d never heard of the people from whom the messages were purportedly sent, but that’s not a foolproof way to tell if a message is fake or not. Facebook accounts can be hacked, and false messages sent. This grants the fake messages an undeserved level of trust because they come from someone you know–and that’s the point. Cybercriminals know people are unlikely to click on unsolicited links and far more likely to click on something sent by someone they know. The best way, as I said, is to distrust all email links no matter who they’re from. You are far safer visiting the Facebook site directly and checking your messages from there.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The tactics used here are the same as the ones used by the fake Microsoft security bulletins I mentioned before. Again, the idea is to make you think the message is real when you are really being redirected to a bogus and potentially dangerous site.

First, note the use of the Facebook logo, fonts, and colors. The scam message looks almost identical to a real Facebook announcement, down to the mailing address at the bottom of the message. The trick is to mouse over the link WITHOUT clicking on it, and look in the status bar at the address to which you are being directed. In this case you can see you’re being sent, not to facebook.com, but to a scam site that may be waiting to harvest your login credentials or infect your computer.

If you receive a Facebook update, go directly to the Facebook site by typing www.facebook.com in your Web browser. You’ll be able to see your updates there and respond to them.

Remember, these scams are not limited to Facebook. Every social networking site, including LinkedIn, Twitter, and all the rest, are vulnerable to these sorts of tricks.

A final note of caution: Don’t friend anyone on a social networking site unless you’re certain you know who they are. A good rule of thumb is to view their profile to see if you have any friends in common, or to Google the person to see if they’re real. There are fake profiles out there which exist only to friend you and thus have access to your privately-posted information.

If you enjoyed this article, subscribe to the email version of Tech Tips for bonus tips, tricks and product reviews. Through December 1st, 2009, new subscribers will receive a special gift: my Ten-Step Computer Troubleshooter (PDF). Just click here to sign up.