Triona's Tech Tips

We all know the risks of computer viruses, but what do you do if you think you have one?

First, follow Douglas Adams’ advice: Don’t Panic! Run your antivirus and anti-spyware software to see if they can remove the infection. Windows users might try the free online virus scanners from McAfee and Trend Micro. Malwarebytes is a good Windows resource for removing spyware and other kinds of virus-like intruders. Mac users should try the free programs Avast for Mac or ClamX AV.

Some viruses are easily removed, but others embed themselves deep within your computer. The worst-case scenario is having to format and reinstall your computer from scratch, which is why backups are a must.

There are some commonly-held misconceptions about how to prevent computer viruses.

• Adding “aaaa@aaaa” to your address book doesn’t work. It was a trick from years ago that only applied to one particular virus… for about five minutes, until the virus-writers wrote a workaround. These days it’s the equivalent of fighting a wildfire with a squirt gun.
• Booting into Safe Mode also doesn’t work. Safe Mode is used to diagnose computer problems by starting Windows into a minimal version where only the basics are loaded. Most of your software won’t function and the virus will remain in the background, chewing on your system.
• Fake antivirus software and computer cleaners will only add to your woes. Ads for these run rampant across the Internet, especially when you’re searching for legitimate tools like the ones I mentioned above.
• Fake security bulletins claim to be magic cure-alls, but they’re far from it. They are scams out to trick you into clicking on malicious links and further infecting your computer.
• Fake pop-up Web windows pretend to scan your computer, but they are also scams trying to trick you into clicking them.

Your best protection is prevention. Maintain good backups and stay tuned to Tech Tips for the latest computer news. Through November 1st, 2009, new subscribers to the free email version of Tech Tips will receive a special tip sheet on Four Easy Ways To Protect Your Computer. Just click here to sign up.

In November I’ll teach you about Do-It-Yourself Tech Support. If you have any computer questions, let me know.

Apparently the phishing scam that netted usernames and passwords for thousands of Hotmail accounts was wider than previously thought. The latest news indicates that Gmail, AOL, Comcast, and Yahoo! users, among others, may also be affected.

My advice to everyone is to make today Password Change Day. Get out there and change the passwords for all of your accounts. Use a combination of numbers, letters and symbols (where allowed) and be sure to use a different password on every system. Again, you can follow my password tip sheet (PDF) for guidelines on creating strong passwords.

I am often asked, “what does it matter?” accompanied by the protestation, “I don’t have anything important in my email anyway.” I would like to respond that you should care if:

• You want to avoid identity theft. Many people use the same password or set of passwords for all systems. If someone gains access to your email password, even an old one, they will try to use it to get into your other, juicier accounts, like your bank. And they will probably succeed.
• You hate viruses. Most viruses are distributed through compromised computers (called zombies).
• You hate spam. Most spam is sent from compromised computers. Your email address book is a gold mine for spammers because it’s a list of guaranteed good email addresses.
• You want your computer to work properly. Nothing slows a computer down like being zombied (see above).
• You don’t want someone else surfing the Internet on your dime. If you use an email account from your Internet provider, the same password is used both for email and to authenticate you to your provider’s network. If you use a common dictionary word without symbols as the password–shazam! instant access.
• You don’t want to go to jail for someone else’s crimes. Take the above scenario and imagine that the person who’s hijacked your Internet account is dealing in pirated software or child pornography. Unless you can prove it wasn’t you (and that may be difficult), you could be held liable. People committing crimes on the Internet use other people’s accounts for exactly this reason.

Although some people advocate that you not write your passwords down, I say it’s okay as long as you keep the written record somewhere secure, like a locked drawer or safe. (NOT on a sticky note on your monitor or under the keyboard, please!) Excel spreadsheets and other computerized means of tracking passwords are not good ideas, because the first thing a virus will do is check for convenient lists of the rest of your passwords. You might as well hand out your passwords on your business cards. And no, password-protecting the spreadsheet doesn’t work either; those are cake to crack. Properly encrypted password managers do work, but I favor the old-fashioned paper approach, as long as it’s kept out of sight.

It really isn’t that difficult to maintain different passwords on every system. I’ve done it for decades. If we would all follow the basic, simple practice of secure password management, we could cut down on the viruses, spam and other problems that plague us all.

You should also be aware of the kinds of scams that caused these breaches in the first place. Try the SonicWall Phishing Quiz to test your skills on identifying phishing attempts, when a hacker emulates the login page of a site to con you into entering your username and password.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Several of my readers have reported receiving fake Microsoft security bulletins via email. Like other scams, these are designed to deceive you into clicking links that will infect your computer with viruses.

This particular scam is quite clever. It uses the same terminology as a real Microsoft bulletin, down to a legitimate-sounding number for the purported patch, which in this case is supposedly for Outlook. But, note the provided link. The text of the link looks like it goes to Microsoft, but when you mouse over it, the actual link (see the status bar at the bottom) goes to the scammer’s site.

Fake links are easily created. Like so:

http://update.microsoft.com/realistic-sounding-link

What I did was type the realistic-sounding link, highlight it, and link it to a different address (in this case something innocuous: the address for this blog). Note that if you mouse over the linked text, you’ll see the actual address in the status bar at the bottom of your screen.

When it comes to fake security bulletins, bear in mind:

• Microsoft doesn’t email you security bulletins unless you have actively signed up for their security bulletin notification service. Which I wouldn’t expect most people to do: the bulletins are highly technical and not very helpful unless you know what to expect.
• If there are updates for your computer and you have Automatic Updates turned on (and there are reasons you might not want to), you’ll get them automatically without having to click on anything.
• Some of these scam emails come with attachments pretending to be the patch you need. Don’t click on them! It’s another way to infect you with viruses. Microsoft never sends updates by email.
• To find out if your Windows computer needs updates, go to update.microsoft.com and scan for them. Never click on a link in an email message.
• Scammers will say anything to get you to click on links, because it’s the easiest way for them to infect your computer.

In this case, you can see at the top of the screenshot that my email program, Mozilla Thunderbird, alerted me that this message might be a scam. Your email program may or may not do that, so caution is your best policy.

Thanks to everyone who sent this my way.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

A recent incident involving Google’s Gmail service and a Wyoming bank highlights the risks of business email and cloud computing.

A Wyoming bank accidentally sent information about 1,300 of its customers to the wrong Gmail address. The bank later sued Google for information concerning this wrong recipient. Google, rightfully, refused, and that’s where it gets ugly, because Google also suspended the account in question (an act that was quickly recinded).

As pointed out by Jim Rapoza of eWeek, among others, this could happen to anybody. How many of us have gotten phishing emails claiming to be some bank or other? We delete them and go about our business, because most of them are spam. Apparently just the act of receiving an email not intended for us is enough to get our email accounts suspended without notice.

This is a good reason not to rely upon free email accounts like Gmail for business purposes. But even using a paid-for email host, such as the one offered by your Internet provider, is no guarantee this won’t happen to you. I recommend you set up a custom domain for yourself (like me at mybusiness dot com). Then, if you do lose access to your email host, be it outage or any other reason, you can quickly establish a new email account elsewhere and forward your custom address to it without having to inform all of your contacts of the new address. Otherwise you could wind up losing business and reputation.

This also highlights the risk of sending confidential data via email. No email is secure, and especially not business email being sent to a freebie account. Confidential data is best encrypted and either transmitted via secured connections, if you have that capability, or sent the old-fashioned way: on a disk. Less convenient, perhaps, but ask Rocky Mountain Bank of Wyoming if the negative publicity was worth saving a few hours of time.

Now, imagine you’re using cloud computing and ALL of your programs and data are on the Internet. Can you afford to lose access to them because of something beyond your control? Is it worth the tradeoff for convenience and a less expensive computer? I’m not sure it is.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Social networking sites such as Twitter, LinkedIn, FaceBook, and MySpace have become wildly popular for both personal and business use. But whether you use Windows or Mac, there are some risks. Social networking sites do not guarantee your safety, so it’s up to you to protect yourself.

Fake profiles are often used to deliver viruses and scareware. They lure you in with a realistic-looking personal profile in order to get you to click links to malicious sites. Don’t accept “friend” invitations unless you actually know the person or can verify who he or she is, and restrict your profile so that only your friends can see it.

Scammers also break into social networking accounts to steal personal information and send spam to your contacts. Use strong passwords (see my PDF tip sheet), encourage your friends to do the same, and check your security protections to make sure they are current and working properly.

Similarly, phishing scams may use information from your social networking profile to send you spam emails. By targeting you with specific information, such emails are harder to detect. Again, use good security practices and practice your anti-phishing skills with tests like this one from SonicWall.

Fake advertising, or malvertizing, uses realistic-looking ads to get you to click on sites that will infect you with viruses. These ads are often served by third parties and not necessarily by the social networking site. We’ve seen this before where news sites are infected with bad ads. Be wary of any advertisement offered to you, even if it’s on a legitimate site.

Real-life criminals are also using social networking sites to their advantage. Burglars are using them to find out more about who you are and where you live, and even when you’ll be on vacation. Be cautious about sharing pictures or information about yourself and your family online.

Another way to avoid problems is to expand short addresses before clicking. Twitter users often abbreviate using services like tinyurl.com or bit.ly, but such abbreviations can hide malicious sites. Use a program like ExpandMyURL or UnTiny to expand those abbreviations, plus McAfee SiteAdvisor or LinkExtend for Firefox to check out the expanded sites before you click on them.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Your computer, like your house, needs to be cleaned regularly. These tips will help you get better performance out of your PC or Mac.

The number-one rule of tech support is: When in doubt, reboot! Turning your computer off and back on will give better results than simply restarting. I also recommend you shut down your computer overnight, unless you need to leave it on for backups. This gives your computer a cool-down period and less opportunity to confuse itself.

Keeping your desktop clean will help maximize memory. The more files you store on the desktop, the more memory they will consume. Maintaining your computer’s security protections and junking spam are other ways you can reduce the possibility of computer problems.

SPECIAL GIFT: If you subscribe to the Tech Tips email list between now and October 14th, 2009, I’ll send you a free tip sheet (PDF) offering more details on how to keep your computer in shape.

And if you’re interested, I’ll be teaching a class on Computer Housekeeping for the Cary (Illinois) Park District on Wednesday, October 21, 2009 from 9:30am-11:30am. You can find registration details on my web site. I hope to see you there!

In October we’ll talk about What To Do If You Get A Computer Virus. If you have any computer questions, let me know.

Do you despair over your email? Many of us store everything in one great big Inbox, but that’s not very efficient. You can use a combination of folders, rules, and spam filters to pare your email down to manageable size.

Folders let you sort email any way you like. You might want to create one folder for business and another for personal correspondence. Create subfolders for each person and voila! organized email.

Rules redirect messages to folders, keeping your Inbox clear for the most important emails. I subscribe to many mailing lists, but don’t have time to read them every day. I use my email program’s Rules option to direct these messages into subfolders. I can see when these subfolders have new unread messages, but I don’t have to weed through them until I’m ready.

Spam filters, like puppies, behave best when trained. Check your email program or provider’s Help for your settings. Once your spam filter knows what you consider spam, it’ll do its best to redirect to a Junk or Spam folder. You’ll still get the occasional spam sneaking through, but if you keep marking as spam your filter will continue to improve.

Next month I’ll answer a frequently asked question: What Is Java? If you have any computer questions click Comments below this article, and don’t forget to subscribe to the email version of Tech Tips for bonus tips and product reviews.