Triona's Tech Tips

Ever type the wrong Web address by mistake? Did you know that cybercriminals snatch up typoed domains in order to create tempting lookalikes?

Typosquatting is the practice of registering a domain that is a typo of a common site, like goole.com instead of google.com. Most people don’t notice their typos, especially if they land on a site that looks similar to the one they expect. While some of these typoed sites are innocuous, others can contain everything from malware to password harvesters.

Security firm Sophos did an interesting study of typosquatting, and concluded that malware is actually the least of your problems if you wind up on a mistyped site. However, that’s not to say you shouldn’t be concerned about viruses.

More worrisome is the old bait-and-switch game. Sophos describes a situation in which you mistype apple.com and end up on a lookalike page that invites you to download iTunes. Except it’s not iTunes, it’s a site offering “unlimited music downloads.” And it doesn’t even give you that much, just access to some online forums of questionable value.

Another example of bait-and-switch is the brand ripoff. Many of the typos for search engine Google go to search engines that aren’t Google, but use the Google logo and serve up “results” that earn clickthrough cash for the squatters. Fake competitions and surveys also bring in the dough.

How can you avoid typosquatting?

• Be careful what you type.
• Check the address bar to confirm the site you’re on.
• If things don’t look right, quit your browser and try again.
• Hover over links without clicking and look at the status bar at the bottom to see where they go.
• Use bookmarks to avoid typos.
• Don’t rely on history instead of bookmarks, in case mistyped links linger there. (History shows where you’ve visited, bookmarks are shortcuts to links you visit frequently.)
• Don’t try to click through a mistyped site to get to the real page, even if you are offered a link to do so. Quit your browser and start again.

In February I’ll give you the inside secrets on How To Ditch Your Computer For An iPad. And if you’re not receiving Tech Tips by email, you’re missing out on bonus tips, tricks, and product reviews. Subscribe free to Tech Tips, and don’t forget to follow me on Twitter @trionaguidry for breaking computer news and other geeky stuff.

Is it possible to have a truly offline computer? As I described in my recent column in the Northwest Herald, the short answer is no. Even if you don’t need the Internet, your computer does. You can still be infected by viruses even if you’re not online. In fact, your computer will turn into a silent hotbed of virus activity just waiting for the opportunity to infect others. The older the computer, the worse the problem.

The article isn’t available online, so I’ll give you the gist of it:

Pretend you have a Windows 2000 computer that never goes on the Internet. Using it is like traveling through time, ten years into the past. There are plenty of old friends installed: Microsoft Office 2000, Acrobat 5, Internet Explorer 6, programs that were standards at the time but have long since been replaced with newer versions.

You might think you could continue to use this computer in isolation, maybe for basic word processing. It doesn’t matter as long as it doesn’t connect to anything, right?

But, let’s pretend your printer dies. No point in word processing if you can’t print. The new printer says that it’s not really Windows 2000 compatible, but you might be able to find some software on the Internet. You try to log on but poor Internet Explorer 6 can’t handle a modern web site. And, behind the scenes, a virus just snuck through holes in IE6 to infect your computer.

Unaware of the virus, you decide to use your Windows 7 laptop to download the printer software to a USB flash drive. Another virus hitches a ride from the laptop to the desktop, a virus that can’t run under Windows 7 but is more than happy to infect Windows 2000. The Windows 2000 computer is now a hotbed of virus activity, and the only symptom is that it’s increasingly slower.

Other viruses join the party, and pretty soon that Windows 2000 computer is spewing all sorts of junk that infects your Windows 7 laptop, your smartphone, your iPad… then your email and Facebook accounts get hijacked and suddenly your bank is calling about missing funds.

I’ve received a few responses from folks with older computers, disagreeing with my opinion. Most of the responses included the observation: “I’ve been running this version of Windows for umpteen years and I’ve never had a virus.” If I may add… that you know of.

In fairness to these folks, yes, I do know people who use Windows 98 or Windows 2000 without the world grinding to an earth-shattering halt. Most of them are retirees or others who don’t use their computers often. In such cases we try to keep the computer functional for as long as we can. But there are others who – in my opinion – are doing absolutely lunatic things with ancient computers. Like trying to run a business with them: payroll, marketing, the works. And that gives me the screaming heebie-jeebies because there are SO many ways it can go disastrously wrong for both you and your business.

Most viruses and malware show absolutely no signs of their presence. It doesn’t matter if a Win98 or Win2000 computer has antivirus installed or not, because any antivirus capable of running under those versions of Windows is incapable of detecting new threats. It’s like taking a police officer from 1912, dropping him into 2012, and expecting him to cope with modern problems for which he has no frame of reference.

Friends, I’m saying these things to help, not to hinder. I think one reason many people are reluctant to change is because it truly is difficult to get used to a computer with a different interface. Like when we moved from DOS to Windows 95, or Windows XP to Windows Vista and 7. A new interface puts us on edge, even old salts like me. It’s annoying to spend half your morning trying to figure out how you used to do something, but that’s technology, and the only thing you can do is adapt.

You may find it easier if you keep in mind that computers haven’t really changed all that much since the 1980s. Saving a file, typing a document, finding a contact’s address, these things are still the same. It’s the look-and-feel of the computer that has changed, plus the ability to access more information faster. Even the Internet is pretty close to what it was when I started using it twenty years ago. Today I’m using RSS feeds and Facebook chat instead of Usenet news and UNIX talk, but the fundamentals remain.

What do you think? Is there life to be had in old computers, or are the security risks too great?

There’s a big debacle going on in the tech world. It seems that CNet aka download.com, purveyors of downloadable software, took a very popular geek tool called Nmap and wrapped their version of the free installer with the installer for some junky browser toolbar. Two of my favorite tech sites, The Register and Sophos Naked Security, have good descriptions of the situation.

The author of Nmap is a well-known Net.denizen named Fyodor, who is justifiably steamed. His response:

“The problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn’t put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!”

He has an excellent point. I can tell you that any customer I’ve ever worked with would be irate indeed to have their computer messed up by a stupid junky toolbar they never wanted. But what should you, as a consumer, do about good software that comes bundled with junk?

Go to the original download source
Don’t rely on aggregate sites like CNet for your software. Instead, go directly to the web site of the program’s developers. You’ll often find a more recent version there, as well as better support options. This also eliminates the problem of poisoned search engine results when searching for programs (links that look legit but lead to virus-laden sites).

Look at the window before you click
In the Nmap case, the installer for the Babylon browser bar makes it look like you have to install it before you can install Nmap. When installing software, look very carefully for obscure checkboxes and buttons. Most of these installers stealthily install their junk by either making the opt-out checkbox hard to find, or by making the junk look like a necessary part of the install.

In the Nmap case, if you click Accept you’re only accepting the junk because this is the wrapper; you haven’t even gotten to the real installer yet. As Fyodor said, most people will click this then wonder why their Web browser isn’t working. Then they’ll have to find somebody who knows how to remove this kind of junk, because you have to remove ALL of it or it will continue to mess up your computer.

Make your voice heard
If you spot software that is bundled with junk, let the manufacturer know how disgusted you are. Keep your friends and colleagues informed by sending them a link to this article and letting them know about the menace of stealthy junk software.

You should not ever have to install a piece of junk to install the program you want – and if the program you want won’t let you do it any other way, find a different program. Shame on you, CNet. And kudos to developers like Fyodor who actually care about the end users.

(Photo of awesome Tron “I Fight For The Users” shirt from ThinkGeek. And no, I’m not getting any affiliate rewards for telling you that. I just like both the shirt and the store.)

If you’re worried about your kids’ Internet safety, you’re not alone. The rapid pace of tech innovation often leaves parents feeling lost, but the latest parental control software gives you the ability to keep up with the trends.

One of my current favorites is a freebie from an old friend. Symantec’s Norton Online Family lets you protect all the computers in your house from one convenient web-based control panel. What’s nice about Norton Online Family is that it works with both PC and Mac. First, set up your initial account on the Online Family web site, then add accounts for each child based on age. You’ll receive emails notifying you of any blocked sites or unwanted activity, and as the parental administrator you can permit or deny sites as you prefer. The default settings work great for blocking popups and ads on the sites your kids visit. And did I mention, it’s free?

There are some other freebies available to you if you have Windows 7 or Mac OS X Snow Leopard or Lion. The latest versions of these systems include improved parental control features.

I’m often asked if kids can get past parental controls. Of course they can, if they try hard enough. Using your computer’s built-in features offers resistance to “accidental” attempts to disarm the safeties, but I think a better deterrent is good old-fashioned communication. Even using the term “parental control software” can put your teen into a combative stance. Instead, call it what it is: part of your Internet safety arsenal. There are good reasons to protect kids’ computers that have nothing to do with parental trust. Stuff you don’t want will appear on even the most innocuous sites, or the sites themselves can be redirected somewhere unsavory. With parental control software you have an added level of protection on top of your antivirus software.

In my column in today’s Northwest Herald I talk about the risks of using older systems like Windows XP:

Now, think about poor Windows XP. Itʼs 10 years old, so the criminals have had ample opportunity to discover and exploit its weaknesses. Antivirus programs arenʼt as effective as their counterparts for Windows Vista and 7 because Windows XP canʼt run the newer features.

Vital new versions of programs such as Internet Explorer arenʼt available for Windows XP, and to make matters worse, just having the old version of the program on your computer renders you even more vulnerable to viruses.

Yet weʼre using this ancient, bug-riddled system to share all sorts of personal information. Itʼs like leaving your brand-new iPhone on the seat of a beat-up car with broken locks. The forced upgrade cycle is true for any computer system, including Macs, tablets, smart phones and other devices. Technological advances result in new security risks, which in turn result in eventual obsolescence.

When you don’t plan your computer expenses, you end up buying whatever’s on the shelf and paying more than you might have otherwise. Usually it’s because your existing computer has crashed and you’re in a crisis, which is not the best time to be making decisions about big expenditures. What if you watched the sales, waiting for the right computer at the right price? What if you planned your computer upgrade instead of having it forced on you when you least expect it? We all get into firefighting mode when it comes to our computers and sometimes it doesn’t occur to us that there might be an easier, less stressful way.

I think the best time to do an upgrade is during your least busy season. If it’s a big upgrade you might even want to consider telling your customers your office is closed for a short time. It’s far easier to focus on your computer infrastructure if you’re not fielding calls, and the time saved in reduced computer problems will more than make up for any lost productivity.

If you’re a consumer, the most important message to take home is this: An old computer is a dangerous computer. Don’t let cybercriminals ruin your life by stealing your identity, and make it harder for them to hurt others by keeping your own computer protections in place.

The words “Mac” and “virus” in the same sentence? Yes, folks, Macs get viruses. In fact, Mac malware attacks are escalating to a level I haven’t seen in over a decade. Let’s talk about what you can do to protect yourself.

First, don’t assume that you can’t get a virus just because you have a Mac. All computers can get viruses, and threats like phishing scams and password harvesting affect everyone regardless of the type of computer they use. Pay attention to the advice Windows users receive on how to deal with viruses and Internet threats, because much of the same information applies to you.

Every Mac should be running antivirus software. My personal favorite is Intego VirusBarrier, but a good free alternative is ClamX AV. You also need to make sure your Mac has the latest software patches. Use Software Updates under the Apple menu, but don’t neglect to update your other software, especially Acrobat, Flash, and Microsoft Office.

Be aware that fake antivirus software has infiltrated the Mac universe just as it has the world of Windows. If your Mac displays a message saying that you are infected and need to buy some super-special software, assume it’s snakeoil. Run a bona fide tool like the ones mentioned above, and never, ever click on anything you are not certain is legitimate. When in doubt, use Force-Quit (option-command-escape) instead of the red X to quit.

The world of Internet threats is ever-evolving, so stay tuned to Tech Tips for the latest Mac security help.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews, plus notice of upcoming seminars and other events. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Last month thousands of Droid smartphone users discovered they’d gotten an information-stealing virus alongside programs from the official Droid Market. This generated speculation in the IT world: Just how safe are our smartphones? Gone are the days when a phone was just a phone. Today your phone has valuable information on it and precious little protection.

Antivirus for smartphones is where antivirus for personal computers was back in the mid-1990s: most offerings are rudimentary and most people don’t worry about it. I predict mobile security is going to become more and more of a headache for small businesses and consumers.

What can you do? If you think your phone may be infected, the surest way to deal with it is to wipe your phone and restore from backup. But viruses are very fast at swiping your information and sending it who knows where, so the damage may have already been done.

It’s better to secure your phone so it’s harder for viruses to get in. Follow manufacturer’s instructions to lock down your phone’s security. Firms like Symantec, Kaspersky and Eset have smartphone security programs available. You should also make sure you are running the latest version of your phone’s software.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Microsoft provides free antivirus by way of its Security Essentials program (MSE). But MSE is no substitute for a third-party security software suite.

MSE includes basic antivirus and antispyware tools plus a firewall. It was originally designed for consumer use in the USA and as a way to cut down on rampant virus problems overseas. As such, while it’s better than nothing, it doesn’t provide the features or functionality of a genuine security suite.

One of the problems with MSE is that too many fake security programs try to emulate it. Just because something looks vaguely Microsoft-y doesn’t necessarily mean it’s genuine. Also, Microsoft is primarily an operating system and productivity software company that does not specialize in security. They may have inadvertent blinders on when it comes to securing their own products, whereas the third party vendors may have more innovation in that area because they are thinking outside the Redmond box.

There is also the danger of homogeneity. When everything on your network uses the same software, you are more susceptible to viruses and malware that exploit the vulnerabilities of that software. In other words, if you live in an XYZ Brand world protected by XYZ Brand tools and along comes a virus that exploits XYZ Brand weaknesses, you’re a sitting duck. That’s true whether XYZ Brand is Microsoft, Apple, or anyone else. Diversifying affords you more protection.

Therefore, I’m sticking with my usual recommendations: AVG, Trend Micro, Avast, Kapersky, and many of the other great security programs out there.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

While social media can be beneficial for businesses, some companies have chosen to ban their employees from using it at work. But company computers aren’t the only way to access social media. If you ban your employees from using Facebook, aren’t they just going to whip out their smart phones? Is there a way to balance employee social media use with the needs of your business?

Years ago people asked this same question about computer games, specifically Windows Solitaire. Some businesses found that access to the game actually helped employee performance by allowing them to blow off steam or entertain themselves while on break. Others made it standard policy to remove all games from corporate computers.

In the case of social media, there are other dangers besides lost productivity. Sites like Facebook and Twitter are some of the hottest entryways for viruses and malware. And, as a business, you want to make sure that those who speak for you online are presenting a consistent marketing message and refraining from inappropriate comments.

However, you may be stifling your business if you don’t permit your employees to interact with customers and business contacts via social media. A presence on LinkedIn, Facebook and/or Twitter is becoming as necessary for businesses as a Web site or an email address.

There really is no one right answer. Whether you permit social media sites at work depends on whether the business use outweighs the risks, and whether you consider reasonable personal usage a benefit you want to extend. If you do choose to allow it, make sure you educate your employees on how to use it in a safe, secure, and effective fashion.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My column in today’s Northwest Herald talks about the four steps you need to take to minimize computer security risks: a security software suite, a hardware firewall, strong and unique passwords, and a method for keeping your software updated.

Here are some recommendations on security software suites.

• Triona’s Tech Tips: New AVG 2011 And How To Choose Security Software

You’ll notice I didn’t mention Norton. While Norton is adequate, it doesn’t have the best detection rates, and it takes up a significant amount of memory especially on older computers. I wrote several years ago about the reasons why I started recommending alternatives to Norton. Although recent versions of Norton have fixed some of these issues, I still prefer the alternatives.

Here’s my guide to creating secure passwords:

• Triona’s Tech Tips: How To Create Secure Passwords

Plus, an article on what to do if your account is hijacked.

• Triona’s Tech Tips: What To Do If Your Email Account Is Hijacked

I mentioned several utilities that can help you keep your software up to date. For Windows, try Secunia’s Personal Software Inspector. Two possibilities for Mac users are AppFresh and Mac Informer.

If you’re interested I have a number of upcoming seminars including Blogs For Business, Leveraging LinkedIn, Social Networking, Expanding Your Online Presence and more. You can find my upcoming events schedule on my web site, or watch examples of my previous seminars.