May 19th, 2014
It’s a well-known concern that Android users are much more at risk for malware infections than iOS users. Just a month ago, a fake antivirus app made the rounds in the official Google Play store and victimized a number of users. Google has since offered refunds to those who mistakenly downloaded the malicious app, but it seems they haven’t sufficiently protected against a similar threat reappearing. Lucian Constantin reports at Network World that the Google Play store and the app store for Windows Phones have both recently had malware hidden behind recognizable brand names identified in their stores.
It’s a fairly recent development, but it seems criminal developers are launching malicious apps with well-known company names to further confuse users. This is a well-known tactic of email scams and phishing websites.
One developer account launched malicous apps under the names Avira Antivirus, Mozilla Firefox, Google Chrome, Opera Mobile, Internet Explorer and Safari. The same developer also has a Kaspersky Mobile antivirus app complete with the company’s logo. When downloaded, the app will even simulate a scan of the device’s files.
Making these fake apps more believable, and more costly to users, is that they aren’t free. The Kaspersky Mobile app costs about $4. Most users instinctively trust paid apps more than free ones. A number of free apps have been reported to be malicious, but there’s an implied value tied to something that costs money. It’s also much more believable to pay money for a high quality, big name security app than to get it for nothing.
Some of these apps have been downloaded more than 10-thousand times and even made it onto the “Top Paid” apps list that helps them be further distributed.
Because there has been no sufficient changes made to the Android and Windows Phone app stores, it’s likely that these fake apps will continue to pop-up. However, since many of them steal the exact name of legitimate apps from recognized industry leaders, there’s also likely to be more pressure put on both Google and Microsoft to enhance security.
If you’ve mistakenly downloaded a malicious app, or are having any other kind of trouble with one of your devices, call Geek Rescue at 918-369-4335.
May 16th, 2014
We’ve discussed before how data breaches lead to a loss in revenue for businesses. That’s not the only issues that stem from an exploit in a security vulnerability, however. At Dark Reading, Tim Wilson reports on a recent survey conducted by the Ponemon Institute that reveals how consumers react to a company’s data being compromised.
When it comes to a brand’s reputation, which influences how likely a consumer is to do business with that brand, there are three leading factors that have the greatest negative impact. Those factors are poor customer service, environmental disasters, like oil spills, and data breaches. That these are the most influential may not be that surprising until you realize what they beat out. Other factors that finished lower in the survey were publicized lawsuits, government fines and labor or union disputes.
It’s not surprising why consumers feel so strongly about avoiding businesses who have experienced a data breach. About a quarter of typical consumers are extremely concerned about being the victim of identity theft. That jumps to about half of consumers who are customers of a company who has experienced a data breach and many of those believe their identity and personal information will be at risk for years to come, or even for the rest of their lives. For these individuals, it’s better to sever ties with a company they’ve done business with for years than to risk their information falling into the wrong hands.
This report contains a clear message for businesses. A loss of customers is inevitable should you suffer an attack that results in the theft or exposure of important data. That’s why it’s important to invest in security now before a successful, and costly, attack occurs. The reality is that many small to medium businesses fail to ever recover from a severe attack. A lacking security infrastructure could actually lead to the loss of a business.
For help improving the security at your company, call Geek Rescue at 918-369-4335.
May 16th, 2014
It’s important to have proper security tools in place to protect your computer from attacks and malware. Tools like antivirus programs, firewalls and router security are essential. If you’re a Windows 8 user, you’ve even got some handy built-in security features to assist. At Window Security, Ricky and Monique Magalhaes list the various security features you’ll enjoy with any version of the Windows 8 operating system.
You may not ever notice, but Windows 8 has made a concentrated effort to improve the security associated with wireless internet connections. By extending support to Mobile Extensible Authentication Protocol standards they’ve done just that and made it easier to connect to secure networks.
There are a few different scenarios where you’d need to remotely remove data from your device. If a device is lost or stolen, or if your company allows employees to bring their own device and you need to remove data after an employee has left the organization are just a couple. Windows 8 includes a remote data removal feature to help protect both users and administrators.
Windows 8 offers Unified Extensible Firmware Interface, or UEFI, which probably doesn’t mean much to you. It’s an interface between the operating system and the firmware that’s a significant upgrade in security over previous operating systems. When attackers gain access to and manipulate the firmware, it’s extremely bad for the user. UEFI keeps this from happening.
Windows Defender comes with Windows 8 and while that isn’t a new feature, it does have enhanced performance and decreased memory usage. While Defender and other features of Microsoft Security Essentials are useful, they’ve never been meant as stand alone security solutions. Using them in addition to other antivirus and anti-malware programs creates a more secure environment.
Improved and added security features in Windows 8 aren’t limited to what’s listed here. Microsoft clearly concentrated on improving security for their users with the latest version of their operating system, but that doesn’t mean that using Windows 8 security features alone will keep you safe from malware. These features are only a part of an effective security infrastructure.
For help with security for your PC or business, or to recover from an attack or malware infection, call Geek Rescue at 918-369-4335.
May 15th, 2014
Everyone experiences computer issues from time to time. PCs have issues, as does the internet and web browsers. Some of these are complicated problems that only experts are capable of fixing. Other times, however, the problem needs only a simple solution that anyone can perform. At LifeHacker, Eric Ravenscraft compiled a list of simple fixes for the next time your computer is acting up.
It’s cliched but restarting your computer really does solve a lot of problems. When your computer freezes or is being sluggish, sometimes the best solution is to restart. It’s also helpful to discover whether you’ve encountered a recurring issue or a one time thing. If you restart and the same application causes the same problem, you know more going forward.
It’s also a good idea to close applications you aren’t currently using. Having too many programs open at once could be too much for your machine and cause it to run slowly or even crash. Your PC only has so much RAM and when you’ve used most of it, problems arise. Closing applications also helps you narrow down where the problem is actually coming from.
If your hard drive is close to full, that causes more problems. Ideally, you’ll go through and delete old files and applications before there are signs of trouble, but if you haven’t, do so when you’re having issues to potentially fix the problem.
Just like restarting your PC is a good first step, unplugging your router should be your first step to fixing internet issues. Be sure you keep it unplugged for at least 10 seconds to completely restart it. Many times, when you plug it back in your internet connection will be back to normal.
A speed test is another great option if you are connected but things are running slower than usual. If your getting the right amount of speed according to the test, the problem is likely a bandwidth hog, which is either someone else using your network or having too many downloads currently running.
So, the logical next step is to pause or cancel downloads to see if that fixes your internet speed. If it doesn’t, it’s probably time to contact your service provider.
You guessed it. The first step is to close the browser and restart it. This actually fixes the problem more often than not. If you’re having trouble with a particular website loading, there are services available that will tell you if the website is down, or if the problem is on your end.
Extensions can also cause plenty of issues. If your browser is acting up, disable your extensions to see if that fixes things. You can even disable them one at a time to narrow down the root of the problem. Using a private, or incognito, mode is also helpful to determine if extensions or cookies is the cause of the issues.
Finally, clear your cache and cookies as a final effort to fixing browser problems. Tech support will suggest this first, so you might as well get it out of the way before you call in the experts.
If these simple fixes aren’t enough to fix your computer’s issues, call Geek Rescue at 918-369-4335.
May 15th, 2014
The hard truth is that it’s extremely difficult to effectively secure a business from cyber attacks, malware and data breaches. It’s also vital to managing a successful business, however. At Dark Reading, Mark Goldstein and Arun Sood published a list of common security myths that hinder both the understanding and the effectiveness of a company’s security infrastructure.
What is adequate in the context of data security? The truth is that no system is 100-percent effective. Successful attacks are unavoidable because it’s impossible to secure every endpoint while simultaneously dealing with thousands of new pieces of malware each day. The key is to minimize the risk and the damage and have a plan in place to recover and mitigate attacks.
Many business owners believe that server and security management is as simple as getting everything online, then dealing with problems as they arise. That’s one way, but that introduces a number of potential problems. First, by not being proactive and looking ahead for issues that could happen in the future, you’re actually likely to have more problems and more downtime. Similarly, while static systems cost less and require fewer man hours, they also create an unchanging target for attackers.
- All Threats Demand Action
Common sense suggests that any time there’s an intrusion or a vulnerability, your IT team needs to take action. In reality, however, reacting the same to every threat only means that you’re unable to react sufficiently to the most dire of threats. IT professionals understand that there are minor attacks that can’t do any real damage. It’s unwise for these threats to trigger the same alarms as large scale attacks because it increases the chances that one of these serious threats gets missed or overlooked.
- Patch All Vulnerabilities
In the same vein, don’t expect to be able to patch and close all security vulnerabilities that exist on your network. New vulnerabilities are added every day, or even every hour. With tens of thousands of vulnerabilities, it’s impossible and a waste of time to try to secure each of them. Instead, good IT professionals know how to spot the most dangerous vulnerabilities and patch them immediately. This is a more efficient use of time and keeps the most dangerous threats out while protecting your most valuable assets.
If you need to improve the security at your business, call Geek Rescue for help at 918-369-4335.
May 14th, 2014
If you’re a Mac user running OS X as your operating system, you’ve probably already figured out that there are plenty of handy features and tools available. It’s likely that there are even more features that you haven’t even found yet. At LifeHacker, Thorin Klosowski published a list of relatively unknown OS X features that prove to be incredibly useful for many users.
Regardless of where you are and what network you’re using, WiFi can be a fickle thing. That’s why OS X includes a diagnostic tool to help you improve your connection or find the best available network. To get to it, option-click the WiFi signal icon in your menu bar and choose ‘Open WiFi Diagnostics’. That will bring up a help wizard, which more experienced users may want to bypass. Hit Command and ‘N’, or Command and ‘2’ for Mavericks users, to get straight to the diagnostics tool.
Not every user will need to record what’s happening on their screen, but sometimes a screen shot isn’t enough. With the version of QuickTime included in OS X 10.6 and newer, you can start a screencast any time. Just go to the ‘File’ menu in QuickTime and select ‘New Screen Recording’. You’ll even be able to include audio and do some editing after the fact.
Most OS X users are already aware of the Dictionary tool, but did you know that it’s available any time with just one keyboard command? Mouse over a word, then press Command and Control-‘D’ and you’ll get a pop-up with the definition, synonyms and more. You can also achieve through a three finger click on the trackpad.
The default PDF viewer in OS X is Preview, which is actually a great tool to have. In addition to reading PDF documents, you can also use Preview to fill out forms, annotate files, insert new pages or even digitally sign a document using your webcam. Preview also has some image editing capabilities, which makes it an invaluable tool.
These tips should help you be more productive with your Mac. If you’re having trouble, from software issues to broken hardware, call Geek Rescue at 918-369-4335.
May 13th, 2014
You may already know that effectively implementing security into your IT infrastructure is a vital step towards protecting your business, but unfortunately you likely aren’t working with a limitless budget. Anyone can secure their business with an endless flow of cash, but it becomes much more difficult when you’re having to decide what’s worth the money and what isn’t. At Network World, George V. Hulme gives some tips for how best to use your security budget to get the most out of your investment.
As time marches on, you’re business will need new security tools. This is either because the tools you had in place are no longer effective against current threats, or because your infrastructure has changed enough to warrant a change in security. When that happens, adding new tools is great, but decommissioning the now obsolete tools is just as important. Too many business owners have no process for removing security applications from their infrastructure when they’re no longer needed. Many aren’t able to recognize which tools have become redundant and won’t hurt to be decommissioned. Trimming out these old security tools also trims the budget.
All of that said, before you invest in a new application or new equipment, be sure you actually need it and will be able to effectively use it. A chief security officer suggests asking yourself three questions:
Are their people on staff who know how to use this?
Do they have the time to install, use, maintain and manage it?
Will it have an effect?
Investing in new technology that won’t benefit your business is obviously foolish. But, many don’t recognize that even technology that will positively affect their business shouldn’t be implemented without the proper staff in place.
When it comes to effectively staffing your IT department, you aren’t always saving money when you think you are. Many business owners believe they can cut corners and staff fewer professionals in order to save money. But, this often leads to more downtime and less security in place, which can lead to successful attacks, malware infections and data theft. All of these cost you money and productivity. There’s likely to be a shortage of qualified IT professionals in the coming years so investing in IT now can save you from being dangerously under-staffed later.
Properly using your IT budget can be difficult. At Geek Rescue, we provide IT solutions for businesses on any scale. Our clients receive the benefit of an entire IT staff without having to deal with the headaches of actually hiring and maintaining an IT department.
To learn more, call us at 918-369-4335.
May 13th, 2014
Microsoft ended support for Windows XP a few weeks ago, which means security patches for known exploits aren’t being released for users still using the old operating system. That means those users are vulnerable, and will stay vulnerable, to attacks that have proven to be successful. Surprisingly, this situation still isn’t enough to make XP Microsoft’s most often infected operating system. At Digital Trends, Konrad Krawczyk reports on Microsoft’s latest Security Intelligence Report that details which versions of Windows put users most at risk.
According to the report, Windows Vista, not XP, is the most vulnerable to attacks of any operating system Microsoft has released since 2001. Vista, which was released in 2007, is the only monitored operating system with an infection rate over 3-percent. Windows 7 was the next highest at 2.59-percent and then XP at 2.42.
The safest operating system is also Microsoft’s newest. Windows 8.1 has an infection rate of only .08 percent. Windows 8, however, is infected at a rate of 1.73-percent.
The infection rate numbers don’t tell the whole story, however. Windows 8.1 has a low infection rate, but that doesn’t necessarily mean it’s the safest operating system. It is certainly the least used of all Microsoft’s products so there are fewer targeted attacks. Conversely, nearly half of PCs use Windows 7 and XP still accounts for more than a quarter of desktops. Windows 8 and 8.1 combined are installed on about 12-percent of PCs.
The takeaway from these statistics is that no operating system is truly safe. Even users of Windows 8.1 need to have additional security tools in place to avoid attacks and malware infections.
Regardless of your operating system, if your computer has been the victim of an attack and is infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.
May 12th, 2014
When it comes to setting up and effectively managing your company’s IT infrastructure, there are a number of decisions to be made. Unfortunately, there’s also plenty of bad information being peddled by so-called experts and vendors. At Tech World, Roger A. Grimes published a list of “promises that don’t deliver” concerning specifically IT security. Avoiding these misconceptions helps you create a more effective infrastructure.
- Invulnerable Applications
The idea of software that is unbreakable, unhackable and totally secure is naturally attractive, but it’s a myth. Even the most painstakingly crafted applications contain flaws that eventually allow them to be hacked. A popular cry from vendors is to tout software as unbreakable, but in reality this only invites more trouble. Publicly claiming that software contains no vulnerabilities only places a target on that software. Many times, this software ends up being routinely attacked and being one of the least trusted applications available.
Encryption is a valuable security tool, but it’s incredibly difficult to create strong encryption. There are many who claim to offer unbreakable encryption, but with few exceptions encryption is hard to break, but not impossible. One characteristic that suggests a vendor’s encryption is not worth your money is the promise of thousands to millions of bits for the key. Typically, strong encryption tops out at 2048-bit keys. Anything larger is unnecessary and actually gives intelligent attackers more opportunities to find flaws and break the code. Million-bit encryption would also require a large amount of data and be difficult to send anywhere thanks to prohibitive file sizes.
This myth is a little more well-known than the others but it also leads to a large portion of successful attacks. The truth is that no one is ever truly, full secure. No antivirus is capable of catching ever possible attack and malware before it happens. Most won’t even be able to spot every piece of malware already installed on a device. The belief that a perfect antivirus program is possible, however, leads to irresponsible actions. Users put themselves in harms way because they believe their antivirus program will protect them from anything that comes along. If you want a perfect antivirus program, don’t rely on it. The better the user’s behavior and habits, the more fewer problems you’ll encounter. To get the truth about what’s needed for your company’s IT infrastructure, call Geek Rescue at 918-369-4335.
May 12th, 2014
It’s been more than a month since news broke of the Heartbleed bug, which potentially compromised the security of millions of websites. In the immediate aftermath, users and website owners alike scrambled to fix the problem and restore security. Unfortunately, a rush to fix an issue that wasn’t fully understood may have further complicated matters for many websites. At Network World, Peter Sayer explains how thousands of sites made a bad situation worse in their attempts to patch vulnerabilities tied to the Heartbleed bug.
Heartbleed is a bug in OpenSSL that potentially can lead to compromised SSL certificates being issued, which would completely undermine the perceived security of a website. Ideally, after news of Heartbleed broke, website owners and those operating their servers should have carefully diagnosed whether or not their site and servers were at risk and act accordingly. In many cases, this happened and the vulnerability was patched and certificates revoked.
According to internet services company Netcraft, however, more than half of vulnerable sites have failed to revoke compromised security certificates and also haven’t reissued new certificates. Nearly a quarter of sites have reissued certificates, but haven’t revoked the compromised ones.
Meanwhile, 30-thousand vulnerable websites revoked certificates then reissued new ones. Unfortunately, they did so using the same private key that was compromised originally. This means that not only are these sites still vulnerable to a known attack, but they’re operating under the assumption that they, and their users, are secure.
Still more sites have seemingly taken no action whatsoever. They’ve continued to use the same private key with their certificates and haven’t revoked old certificates. While these sites are no better or worse off than they were before Heartbleed, at least they have no illusions about the state of their security.
By far the worst situation, however, is the roughly 20-percent of vulnerable servers that were initially immune from the Heartbleed vulnerability. Those servers had versions of OpenSSL that couldn’t be exploited by Heartbleed, but reacted to the breaking news like everyone else and replaced their safe versions with flawed versions.
In each of these cases, a failure to truly understand one’s own infrastructure and the threat at hand led to illogical decisions that either didn’t help improve the situation, or made it much worse.
At Geek Rescue, we offer managed services and other IT solutions to help your organization avoid these types of situations. To find out more, call us at 918-369-4335.