April 10th, 2014
Adware is the name for software that automatically generates advertisements. Usually it finds its way onto a computer by piggybacking on another program. Once on a user’s computer, ads can pop-up without warning either. Sometimes, these ads are displayed while using a web browser to disguise where they’re coming from and other times they pop-up seemingly from nowhere. As Lucian Constantin reports at Network World, however, Microsoft is implementing new guidelines for programs to discourage adware.
Starting July 1st, adware will be blocked by default, which seems like a move Microsoft would’ve taken ages ago. Up until now, it was up to users to decide what action to take when adware was detected by Microsoft’s security software.
The criteria for classifying adware is also becoming much more strict. Any program that displays ads of it’s own window or inside of another program like a web browser will risk being labeled as adware and blocked. Advertisements that stay within the program that displays them will be free of Microsoft’s wrath.
Those that do get flagged will have to pass the next level of tests. First, ads must have a clear way to be closed. This can be an “x” or the word “close” in the corner of the ad. Ads also must be clearly labeled to tell users what program they stem from. Microsoft suggests using language like “Ads by [blank]” or “Powered by [blank]”. Programs will also need to provide an uninstall method through Windows control panel to make it easy for users to remove them.
The idea behind the adware criteria is to give users more control over what is allowed to run on their own systems.
In the past, adware developers intentionally made it nearly impossible for average users to remove the entirety of the programs or reset changes made by them. The most popular forms of adware are browser toolbars, which are notoriously difficult to remove once installed.
These changes aren’t expected to put an end to what has become a lucrative business, but it will hopefully cut down on the amount of adware capable of penetrating computers with Windows operating systems.
If your computer is infected with adware, spyware or malware, bring it to Geek Rescue or call us at 918-369-4335.
April 10th, 2014
When you are entering sensitive information into a website, like credit card numbers, social security numbers or even just log-in information, you expect that the site will protect this data. Most sites use ‘HTTPS’, which stands for Hypertext Transfer Protocol Secure, to offer protection to users. Unfortunately, that means if a vulnerability is found in HTTPS, there are millions of websites that are suddenly putting valuable information at risk. As Doug Aamoth reports for Time, the Heartbleed bug is that worst case scenario realized.
Heartbleed exploits a flaw in OpenSSL, which is a common method used to encrypt data and implement HTTPS on a site. This bug allows attackers to steal data and listen in on communications between the user and the website. This isn’t a new development either. Researchers believe the flaw in OpenSSL has existed for at least two years.
The good news is that Heartbleed wasn’t discovered through an attack in the wild. Instead, it’s a proof of concept. This means that instead of attackers actually successfully exploiting the Heartbleed bug and victimizing actual users, the bug was discovered by researchers, who alerted the public. This doesn’t make your data any safer, but it means a permanent solution could be found before any large scale damage occurs.
If left unchecked, there’s certainly the possibility for large scale damage. As many as two-thirds of web servers could be affected by Heartbleed. There are potentially millions of other devices, such as Android smartphones and tablets, that could also be exploited by the Heartbleed bug.
The knee-jerk reaction to a bug capable of stealing log-in credentials would be to quickly change every password on every online account. But, it’s not that simple. If a website is still vulnerable to the bug, changing your password might just be giving the new information to eavesdropping criminals.
For users, the best option is to closely monitor accounts for suspect activity and wait for websites to update their infrastructure.
There are a couple of options you can use to check if a site has protected itself or not. First, this site allows you to enter the URL of a site you use and see if it’s vulnerable to Heartbleed. If it is, you should avoid it and don’t log-in until the problem is fixed. If you’re a LastPass user, you can also use the password management tool to check on which of your saved passwords could have been compromised.
Once important sites like your bank’s website, credit card sites, any site where you pay bills and social media and email are given the all clear, be sure to change your passwords. Just because the site is now safe doesn’t mean that your password couldn’t have been stolen at some point to be used later.
At Geek Rescue, we know security. Whether you need enhanced security for your website, office, or home network, call us at 918-369-4335.
April 9th, 2014
Recently, you may have noticed the scores of headlines reporting attacks on wireless routers. Major brands like Linksys and Asus have been plagued by attacks and experts are speculating that attacks on these devices are becoming a trend. Lucian Constantin at ComputerWorld reports on the details of why wireless routers have become such a popular target of cyber attacks.
The most obvious target of attacks is your computer. It contains a wealth of information that could be valuable for criminals to steal and processing power that attackers can harness. Because computers were being targeted by such a large volume of attacks, security began to improve. Not just in the form of antivirus programs, but even in the way operating systems and other applications were built and updated. Suddenly, it was much more difficult to attack a computer directly.
While hackers began developing more intelligent threats, most attacks will target the path of least resistance. That is no longer a user’s computer. Now, that’s a user’s router.
Wireless routers haven’t been the target of many attacks in the past, so manufacturers and users have not made security a priority. This has made attacking them now relatively easy. In fact, security flaws that haven’t been available to attackers for more than a decade are often still open on wireless routers.
In addition to the relative ease of access, attacking wireless routers allows criminals to access every device connected to them. Now, instead of using a targeted attack to infect one computer, a single attack targeting a router can infect every device in the home, which could include laptops, smartphones, tablets and even TVs, DVRs and other internet ready appliances.
Adding to the problem is the fact that routers aren’t updated automatically, which leads to many of them being extremely outdated from a security standpoint. They aren’t being made securely in the first place, but when a vulnerability becomes public, the patches and updates that are released aren’t being widely implemented. This is true of most applications that require users to actively search out an update and manually install it. In the case of routers, it requires some technical expertise to change settings and update. Many users fail to even change their router’s name and password from the factory default.
The first things for users to understand is that their router is vulnerable. It does need to be updated periodically and needs to have a strong password associated with it. For those who are capable, it’s a good idea your router’s admin interface unavailable from the internet.
Creating an effective security infrastructure requires securing a number of potential attack points. For help improving security for your home or business, or for help recovering from an attack or malware infection, call Geek Rescue at 918-369-4335.
April 7th, 2014
Wireless networks have come a long way in the past decade. While you enjoy speeds faster than ever and enhanced security, there’s still an ever-present threat of someone stealing WiFi. More devices connected to your network means slower connection speeds and more bandwidth being used. Andy O’Donnell of About recently explained how to tell if someone is freeloading on your wireless network.
- Check Your Router’s Admin Interface
Every router has a way to log-in and change settings. If you’re not sure how to do this, check the user guide or search for information online. Once you’ve logged in, look for a ‘wireless configuration’ page or ‘wireless status’ page. Here you’ll find a list of the devices connected to your network. In one column, you’ll see the MAC address, which can be used to determine what type of device is being used. In the next column, you’ll see the IP address. These two numbers help you tell the trusted users from the freeloaders.
Take a moment to think about every device in your home that should be connected to your network. That’s every smartphone, laptop, tablet and desktop that’s using the internet. Remember that even a video game console and some cameras might be using WiFi. Now, compare that number to the number of devices listed in the router’s admin interface. If they don’t match up, then you’ve got someone else connected that shouldn’t be. This is where the MAC addresses will come in handy. By using a MAC Vendor look-up site, you’ll be able to determine the manufacturer of each device on your network. If there’s a device found that you don’t own, you can be certain that a stranger is using your internet connection.
Having unwanted guests on your wireless network is a sign that your security isn’t tight enough. To remedy this situation, start by enabling WPA2 encryption. Then, change the network’s name and the password required to log-in. Don’t use commonly known words like the names of children or pets. Treat your WiFi password like your bank’s website password. Don’t use full words and mix in numbers and symbols.
Properly securing your wireless network not only helps keep unwanted devices from connecting to it, it also ensures that data you send through your router isn’t monitored or stolen.
For help improving the security of your home network or the one at your office, call Geek Rescue at 918-369-4335.
April 3rd, 2014
Not all malware finds its way onto your computer in the same way. Some relies on tricking users into downloading malicious files disguised as something else. This is often referred to as socially engineered malware. The key to for protecting yourself is avoiding downloading it in the first place. As Antone Gonsalves reports at Network World, Internet Explorer users are at a distinct advantage in that sense.
NSS Labs recently tested the four most popular web browsers against common forms of socially engineered malware stemming from links found in an email, instant messages and other vehicles. Email attachments were excluded from this test. In those tests, IE was found to block 99.9-percent of malware.
The success of Microsoft’s browser is being attributed to a combination of “application reputation technology and URL filtering”. The next best browser, Google Chrome, was able to block only about 70-percent of malware. Mozilla Firefox and Apple Safari each failed to block more than 95-percent of the malware used in the test.
Application reputation technology is able to scan downloads for recognizable characteristics commonly found in malware. Chrome relies heavily on it to protect users, but Firefox and Safari use it at all.
In a previous test, Chrome performed better and blocked more than 83-percent of tested malware. Where IE relies more on URL filtering than application reputation, Chrome does the opposite. One potential reason for the drop in performance is a change in how strict the application reputation system is. Another possible reason is that attackers have been able to devise tactics that avoid detection.
While IE offers more initial security for this type of malware, your browser shouldn’t be your sole security tool. It’s advisable to have antivirus software and firewalls in place, working in tandem with your browser and other tools.
If your computer is infected with malware, or you’d like to explore better options for security, call Geek Rescue at 918-369-4335.
April 3rd, 2014
The “Find My iPhone” feature is a valuable security tool and the last hope for users who have had their smartphone stolen or have lost it. Previously, reports surfaced pointing to vulnerabilities in Apple’s “Lost Mode”, which allows users of iPhones, iPods and Macs to lock their device remotely. As Ashley Feinberg reports for Gizmodo, a security flaw has also been found in “Find My iPhone”, which allows strangers to completely unlock a stolen device.
“Find My iPhone” allows users to log in to their iTunes account and find the location of their smartphone as long as the device is still turned on. Not only does this help users recover lost phones, but it also ensures that criminals can’t steal and sell iPhones. As long as the original user’s iCloud account information is still on the device, it can be tracked down.
Erasing the iCloud account requires an Apple ID password. While breaking that password is possible, it would usually require a minimum of a few hours to do so, which would provide the rightful owner plenty of time to find their missing device.
A video recently posted to YouTube, however, demonstrates how criminals can by-pass the need for a user’s Apple ID password and delete their iCloud account. Doing so doesn’t even require a great deal of technical expertise. All that’s needed is for the “Delete Account” button to be pressed at the same time as the “Find My iPhone” switch from the iCloud settings menu. That brings up the password prompt and the delete window at the same time, which freezes the device.
From there, after restarting the device, you’ll find that you’re able to delete the iCloud account without a password and have free reign.
While no fix for this issue exists yet, Apple has likely been working on one since this exploit was made public. Users who have a PIN in place to lock their iPhone are already partially protected from this bug. Even if their device is stolen, the PIN has to be broken before anyone would even have access to this exploit.
While Geek Rescue can’t find your missing smartphone, we do fix it when it breaks. For any issues with your device, call us at 918-369-4335.
April 1st, 2014
Ransomware is a particularly troubling form of malware. It’s capable of encrypting your files and preventing you from accessing them until you pay a fee. In many cases, the encryption used in these attacks is so strong that users are forced to decide whether to pay or lose the affected files forever. As Jeremy Kirk reports at Network World, one ransomware program makes a mistake that allows users an out.
Late last month, a ransomware program called CryptoDefense began victimizing users. It features the same characteristics as other ransomware. For example, it encrypts your files, specifically using a 2048-bit RSA key. It then takes the key needed to decrypt the files and sends it to the attacker’s server. The difference is that, while CryptoDefense asks for a ransom payment, you don’t need to make one to get access to the key.
The makers of CryptoDefense designed the malware with a critical hole. The key needed to decrypt the files is sent to the attacker’s server, but it’s also stored on the victim’s computer in a file folder. Users with some know-how are able to find the key and unlock their files without making any payments.
Most commonly, CryptoDefense finds its way onto computers via spam email messages. Those that mistakenly open the messages and download the attachment, usually a file disguised as a .PDF, are actually installing the ransomware.
The attackers behind CryptoDefense have collected more than $34-thousand in payments with victims in dozens of countries. With this news, users need to understand that they hold the information they need to defeat the ransomware.
If you’re infected with CryptoDefense, don’t pay the ransom.
If your computer is infected with any type of malware, bring your infected device to Geek Rescue or call us at 918-369-4335.
March 31st, 2014
Email has become a tool that most of us check and use multiple times per day. Businesses run on email and it’s vital for many users to have constant access and an ability to quickly respond. Accessibility is one of the primary reasons that webmail has surged in popularity. Services like Gmail allow users to have access from virtually anywhere with very little downtime. As Alan Henry of LifeHacker explains, however, there are still some benefits to using desktop email clients like Microsoft Outlook.
While webmail is portable and mobile, it requires an internet connection even to read emails stored in your inbox. While there are fewer and fewer environments where you have to be without an internet connection, there are situations where you’re required to work without one. When that happens, desktop email has the advantage. With a platform like Outlook, you’ll be able to read old messages, organize your inbox and queue up responses to send once a connection is available. This helps you be productive in an otherwise unproductive environment or ensures that an email with valuable information is always available even when your internet connection is having issues.
Have you ever considered what would happen if your email account was suddenly deleted? If most users lose access to their account, they likely lose access to many contacts and vital information. That’s why it’s important to regularly back-up everything stored in your email and back-ups are much easier to create and manage yourself with desktop clients. You’re able to back-up messages stored in your inbox and sent folder, all of your contacts and even your folder structure. This way, if you need to change email provider’s or the unthinkable happens to your account, you’ll have everything you need to pick up where you left off.
To be clear, it’s certainly possible to encrypt webmail, but it usually requires handing at least some control over to a third party app or add-on. For the most secure encryption, you’ll want to store keys and generation tools yourself. To do that, you need a desktop email client. Email is constantly at risk to be hacked or messages intercepted. If you’re sending valuable information via email, you should at least be encrypting it. Effective encryption for desktop mail can be implemented quickly.
There are pros and cons to both webmail and desktop email so you’ll want to carefully diagnose how you regularly use email to help you decide which option is best for you.
Geek Rescue has all the email solutions you need. From hosting email, to setting up your office with Microsoft Exchange, to improving email security and fixing issues, we have the answers you need. Call us at 918-369-4335.
March 28th, 2014
A recent study found that many businesses are falling short on basic security measures. While many use antivirus programs and similar tools, they fail to implement them or monitor them correctly, or fail to keep them sufficiently updated. This leads to vulnerabilities that could allow for costly attacks. Brian Prince of Security Week reports on the common vulnerabilities contained in most companies’ security.
Managed security provides, Solutionary, recently released a report about common threats and vulnerabilities they’ve observed with their clients. In it, they find that while nearly all companies understand that using an antivirus program is a necessity, many of them fail to properly maintain it. Because malware and attacks are constantly evolving, it’s already incredibly difficult for security tools to detect threats. When those tools aren’t kept up to date with the latest definitions, it becomes almost impossible for them to provide any real security.
Solutionary found that less than half of the malware that they captured in honeypots was detected by their clients antivirus programs. Compounding that problem is that many of these malicious items downloaded more malware to infected networks, which also weren’t detected by the antivirus program in use.
Many of the vulnerabilities found in a company’s security resides in internal systems. Generally, this happens because external facing systems are a known attack point. Businesses usually spend the majority of their security budget on protecting them. Internal systems, like operating systems and applications like Microsoft Office are regarded as less important. Failing to properly update Windows, or applications leaves known vulnerabilities exposed. A vulnerability in Microsoft Word could lead to a network wide infection.
Missed updates for antivirus programs, operating systems and other applications happen because of a lack of asset management and because the IT security team doesn’t fully understand key pieces of the company’s infrastructure.
For help creating an effective security infrastructure for your business, call Geek Rescue at 918-369-4335.
March 27th, 2014
In a previous post, false positives were listed as a factor in ranking the best available security tools. Even for an individual user, false positives can hinder the effectiveness of your security infrastructure but they become significantly more costly when applied to an entire company’s network. Ken Westin of The State of Security explains how false positives and an over-emphasis of security contributes to an insecure environment.
When’s the last time you heard a car alarm and reacted like there was a car in the area being broken into? The car alarm is a perfect example of false positives causing a lack of security. They go off constantly, which has made people ignore them in every situation. They’re now just noise.
In the case of security tools, antivirus programs that flag every download as a potential virus or even those that constantly warn you about a new application running with access to the internet turn into noise. If nine out of ten of the alerts you get from your antivirus program are safe to ignore, the one legitimate warning will likely be ignored also.
In a corporate environment, when the different security tools running don’t communicate with each other, they all flag the same perceived threat. Again, this puts IT professionals in a situation where it’s habitual to ignore security alerts, rather than investigating them.
The gut reaction to a breach of security is to add to the number of tools protecting a network. While that may help protect previously uncovered endpoints, it also creates an overlap of the existing tools. Without an infrastructure that works together, you’re just creating more noise and no more protection. In the case of many more complex security resources, staff will spend an exorbitant amount of time debugging and integrating these tools, which significantly decreases the amount of time available to monitor and mitigate threats.
The tactics of attacks evolve quickly and there are more highly targeted attacks victimizing businesses than ever before. Since most security tools work by recognizing known characteristics and patterns of previous attacks, these tools are less effective at spotting and preventing threats to a network. That’s why it’s increasingly important to have a team in place to review data and activity so a breach can be detected early.
Effective network security requires and investment, but it needs to be made intelligently. For help creating a security infrastructure for your business, contact Geek Rescue at 918-369-4335.
