Category Archives: General

Bluekeep Vulnerability Warning

Microsoft has issued a warning 1 to many Windows® users that a new vulnerability in Windows® Remote Desktop Services (RDS) (also known as Terminal Services) has been discovered for many Windows® Operating Systems which requires no user interaction to lead to a security breach . To clarify this means if you are running on one of these Operating Systems, it has Remote Desktop enabled, and it can be remotely logged into using Remote Desktop Protocol without first logging into a Virtual Private Network (VPN), it may mean it could become infected without the user doing anything at all. The affected Operating Systems are listed below:

  • Windows Server® 2003
  • Windows Server® 2008
  • Windows Server® 2008 R2
  • Windows® XP
  • Windows® Vista
  • Windows® 7

It has been reported that “potentially millions of machines are still vulnerable.” 2 This particular vulnerability is so widespread and potentially dangerous that Microsoft has released special Out of Band patches for Windows® XP and Windows Server® 2003.

Microsoft Windows® Patches for the BlueKeep Vulnerability

  • Windows® XP / Windows Server® 2003 – Security Patch KB4500331 (this patch must manually be downloaded from Microsoft and installed)
  • Windows® Vista / Windows Server® 2008 – Security Patch KB4499180 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499149 (this patch is available through Windows® Automatic Update)
  • Windows® 7 / Windows Server® 2008 R2 – Security Patch KB4499175 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499164 (this patch is available through Windows® Automatic Update)

Some IT administrators may respond that even though they may have a computer which has one of the affected Windows® Operating Systems, that it does not have Remote Desktop Services enabled, or it requires a VPN to connect to the network before the system can be connected to with RDS so the system is not vulnerable.

Securing the perimeter of your network is important but not installing the latest security patches on computers in the company’s network can produce devastating results if a malicious actor can defeat the perimeter security. We encourage you to run supported Operating Systems with the latest patches regardless of your current network topology. We recommend using a tiered security approach which secures not only your network perimeter but uses network segmentation, running supported Operating Systems, installing current security patches, deploying internal network monitoring and security controls, and employs Role Based Access Controls (RBAC) among other security best practices.

Other resources of information about BlueKeep include:

Windows® and Windows Server® are registered trademarks of the Microsoft Corporation

twitterredditlinkedinmailtwitterredditlinkedinmail

CyberSecurity & Online Shopping – A PSA

Introduction

The modern shopping center is a crowded experience with a lot of money exchanging hands. Unfortunately, with so many people out an about, identity theft becomes a real concern. Identity theft is a problem that shoppers seem to put off, many of them with the “it won’t happen to me mentality.”

THIS MENTALITY IS A TRAP.

Complacency is never an option when it comes to identity theft, and with online shopping becoming more and more popular, it’s easier than ever for the ethically loose to obtain personal information from unsuspecting victims.

How Do I Protect Myself from Identity Theft?

Identity and information theft preys upon the unprepared and uncaring, but can be made much less problematic with a few simple preventative measures we at Micro Systems urge people to take.

  • Never shop on an unsecured network. This is a simple one, but many people don’t realize the associated danger. Local shops and cafes that offer free public wifi are often unsecured networks. What this means is that anyone using a signal interceptor can obtain any information people on that network type in. Which  often includes banking information and email passwords.
  • Never use a Debit Card When Shopping Online. The problem with debit cards versus credit, is that debit cards are directly connected to your bank account, and are more difficult to dispute purchases on. If someone has your debit card, they have your bank account.
  • Keep your Information Close. Information attacks are going to increase during this season, so being a little more careful about who you give your information to is a reasonable precaution.
  • Invest in an RFID Blocker. These can be small cards or sleeves often inserted into your wallet. What these do is they block the scans taken by a skimmer; a device people use to obtain credit and debit card information simply by having it near your pocket. Having one of these can mean much more peace of mind when in busy shopping centers.
  • Keep Informed. Stay up to date about cyber attacks so you can avoid any websites or locales known for being identity theft hotspots.
  • Complex and Often Changing Passwords. This is something people should do year-round but if an excuse is needed, the holiday shopping season will do. A simple change like adding a numerical sequence and random capitalizations can make a password much more difficult to crack. (Ex. “password” -> “12pAsSwOrD34”). Changing your passwords even on a monthly basis can also increase your personal security.

These are just a handful of strategies to protect your personal information and prevent people from obtaining what is most important to you.

twitterredditlinkedinmailtwitterredditlinkedinmail

IT Shopping

Introduction

As we progress in our technological age, so too does the role of technology in our spending habits; and technology is becoming a rapidly larger part of the Holiday shopping season (Cyber Monday is an excellent example). Due to this, a very common question received by IT professionals is this:

What computer should I purchase?”

A daunting question for individuals and businesses alike, finding the right computer is an important step in a large investment. Computers fill an ever increasing role in our society, and (especially for businesses) can greatly influence the amount of accessibility a person has. This in mind, it is important to know how to decide effectively on a new machine.

What makes computers different?

Undoubtedly, you’ve heard of the “Mac V PC” argument when it comes to deciding on a computer purchase, when in reality you have many more options than this. Different machines built by different companies are made to do different things and there are many choices. This means (usually) computers aren’t objectively better or worse than their competitors, they just do different things. For instance, to use the Mac and PC example, Macs traditionally have powerful graphics processors, high-quality displays, and a more streamlined interface, making them excellent for roles amongst artists, musicians, and entertainment facets. PCs on the other hand will typically have excellent central processors, more efficient batteries, and are a little easier to code, making them the superior choice for technical work such as you might find in an IT environment or law firm. As stated earlier, you have much more than two choices, as there are hundreds of PC and Mac models alone.

Hardware isn’t everything though, so you’ll also need to consider software. This means considering things like “What programs can I run?”, and “Are my programs updated?” After all, not all computers can run the same software. You’d also be considering things like antivirus options, operating systems, word processors, and so on. These can drastically change the experience you have with said hardware, as a new OS can make or break the user experience for new devices.

What Machine Is Right for Me and My Company?

Only you can decide the machine that is right for you; for businesses, it is common for PCs to be recommended, we frequently suggest Dell Personal Computers to our clients. However, business clients should consider other technology as well to ensure the smoothest experience. Other devices common are telephone systems, web and email filters, and cameras. When attempting to locate the right solution for your personal or business use, context is truly everything, so remember to always consult with your IT professional prior to making any infrastructure changes.

twitterredditlinkedinmailtwitterredditlinkedinmail

CyberSecurity

Introduction

Information Technology companies and departments alike have always been plagued by a stigma; that if you need to call them, there is something seriously wrong with your network. It’s a bit like getting called to the principal’s office, and this feeling of trepidation is largely caused by a fear most technology companies experience, one that is quite validated.

No. Network. Is. Safe.

In the field of technology, it is an unpleasant and an inescapable fact. Security is of the utmost importance in modern technology and it is something often ignored because nobody wants to deal with it. But it is imperative that anyone working in this field not only understand how to safeguard their own network, but to understand the function and goals of malicious software (“malware”) that are designed to do harm to your network.

How Do Malicious Programs work?

An important step in understanding the function of these programs is to know that they are simply that-programs. On a conceptual level, a virus or malware program is not much different from any other program, except that it has outcomes that you do not want. Such software is designed to either damage, control, analyze, or influence the hardware or operating system that it targets. This can range from anything to encrypting files while awaiting a ransom to transmitting all the data from the target machine to a third party. These programs have a variety of sources, including but not limited to criminal corporations operating outside the purview of the law, single programmers attempting to make a quick buck, or the always infamous extremist group. When it comes to prevention, the source is not as important; what does matter is that attacks and infections on a network can be the single most costly issue a company will face. If a network suffers, for instance, a ransomware attack, no files, accounts, or data can be accessed on that network until the ransom is payed, and even then the data may still remain encrypted depending on the whim of the attacker.

How Can Malicious Programs affect my network?

There is an abundance of malicious software variations, due to the fact that these are as previously mentioned, simply programs, and thus can be unique in function and purpose, but for brevity’s sake we will cover some of the most important types of these programs. A relatively simple and common program is a trojan. A trojan’s purpose is reflective of its’ namesake, in that it pretends to be a legitimate or crucial piece of software to trick the user into downloading it, and upon installation hides itself inside the local files of the and then unleashes its’ “troops”. That is to say, it begins to do what it was designed to. This can mean everything from copying data, to deleting it. A new(er) type of malware that’s been making rounds lately is malvertising-(you can read our previous TechBits article on malvertising to get a much more in-depth description). Suffice it to say that malvertising uses internet ads to infect the target machine. Ransomware is software that encrypts all the data on a network and holds the de-encryption key for a ransom, though on occasion even paying the ransom will not coax the attacker into providing the de-encryption key. Though it’s important to know these types of malware, there are countless variants, and the variants are increasing at an alarming rate.

What Can I Do?

When people think of malware they often feel that they are safe with a single antivirus, firewall, or (and this will make your IT cringe) having a Mac because Apple products “don’t get viruses” (yes, they do). Whereas this can be enough for personal devices on a home network, the modern business cannot afford to use only a single source of malware protection. The most secure networks have layers upon layers of security and are very difficult to break through. On a more practical level, it is typically acceptable to have two layers: one passive one active. An “active” layer of protection would be like the anti-virus you are probably familiar with, something to actively scan files in your network to locate and quarantine dangerous programs until they can be properly disposed of. Passive protection is a little different. An example of passive technology would be a web filter.  The Web Filter doesn’t necessarily actively search and root out malicious programs, but rather acts like a sieve and prevents many malicious programs from coming into contact with your network in the first place. Another source of protection that should be mentioned is Web Application Filters. Web Application Filters, or WAFs, monitor attempts from outside your network to gain access through applications that are Internet Facing (Such as web-based email, or self-hosted websites.  It is not uncommon to see thousands of attempts per day of malicious actors attempting to gain access to a protected system through a web-based application.

A question anyone with an IT background has been asked at some point (and probably more than once) is this:

“What antivirus should I get?”

It’s an excellent question, there are many, many options for anti-virus/anti-malware software, some are free some are paid. An adage to consider is that “you get what you pay for” – we like to add the codicil, “if you are lucky” at the end. One option that we at Micro Systems currently suggest is WebRoot, which is a comprehensive anti-virus software that we often  combine with the added protection of the commercial version of MalwareBytes. However, at the end of the day the choice for antivirus and malware protection will largely depend on your unique network environment.

twitterredditlinkedinmailtwitterredditlinkedinmail

Computer Memory

Introduction

To forget things you’ve learned is natural for us illogical humans, but what about computers? How exactly does a computer remember? Many people don’t realize that there are actually multiple different types of computer memory and they all play a different role in data storage and retrieval. As a consumer/business owner, it is imperative to know the difference between these two, and when they might need replaced. When it comes to computer memory, there’s no real short answer, so best to view the topic as a whole.

How Does Computer Memory Work?

Computer memory is tricky because it works less like our own memory and more like writing something down. The type of computer memory in this analogy is the material you’re writing on-sand or paper. There is two kinds of memory in a computer: volatile and nonvolatile. Volatile memory is like writing in sand; it’s there to be easily and readily accessed by your computer to make things faster, but the information is lost as soon as power is lost, like waves washing it away. Nonvolatile memory is more what people encounter when speaking of memory – it’s like writing on paper, its permanent. So if we have nonvolatile memory that never erases unless deleted, why do we have volatile memory? The purpose of volatile memory on your computer memory is to keep it readily at hand if the information is needed. It contains information like browser cookies, auto-fill, and temporary files. This decreases processing time these items would usually take up, since the computer can access its’ volatile memory to access them instead of having to download them from their original source. No doubt you’ve heard the term “RAM” in reference to computer storage, most people know that the more RAM you have-the faster the computer right? This is partially true, as RAM is the source of the volatile memory that ceases to be when your computer is turned off, so the more information your computer can temporarily hold, the faster it can potentially run. You might notice that if you leave your computer running without shutting down or losing power for extended periods of time it runs slower; this is because your available RAM is lower than it should be, since its’ been accumulating data without shutting down. It should be mentioned, however, that RAM is only half the story when it comes to the speed of your device-you should always be sure to know how much RAM your device can support at maximum.

How Can Computer Memory Affect My Company?

This is a topic many companies seem to brush to the sidelines and in reality, is something you as a business owner will want to pay close attention to. When it comes to your storage (that’s your non-volatile memory) running out of this means pretty effectively ending whatever functions your computers handle. With no space for new information, you will stop receiving email, lose the ability to save files, will be unable to download items from the internet, and you run the risk of having your main servers crash-one of the worst things that can happen to a business computer network. The importance of keeping track of your memory usage cannot be stressed enough in a business environment. It’s also important to keep an eye on RAM and volatile memory, which can cause decreased performance when low, though this is less often a problem. Luckily, there is a simple solution when it comes to remedying low memory: buy more. Memory is sold in all shapes and sizes and typically if, say, your servers are holding about all the information they can and need a memory upgrade, it’s just a matter of installing more RAM into the machine. That being said though, memory can be expensive to purchase in large quantities and many companies will want to avoid this entirely: don’t avoid this entirely. Whereas it can be expensive to upgrade a device’s memory banks, it’s more expensive to lose a server for extended periods of time because it ran out of space to write information.

Conclusion

Memory is an odd subject with computers, due to them storing information much differently than we do. As such, people often become confused when their computer develops a memory issue. Things likes low disk space are common and easily fixed, though there are some more obtuse issues that can crop up with memory, like what to do when a hard disk becomes physically damaged and writing to the disk becomes nearly impossible. Should something like this occur, you should immediately contact your IT professional.

twitterredditlinkedinmailtwitterredditlinkedinmail

Overheating

It’s common knowledge that laptops and PCs can overheat when improperly treated, but servers are possibly even more vulnerable. Servers are typically left continuously running in a confined space and overheating can seriously threaten your data and business continuity. But overheating is a multi-faceted issue, and numerous reasons can be the cause; everything from the temperature of the room, what programs are running, to CPU overclocking.

How Computers Handle Heat

As electricity is carried throughout your device, it inevitably generates heat that can potentially damage your device if not cooled properly. This is typically done with heat sinks and cooling fans inside your device. The cooling fan you’re probably familiar with; it creates the “whirring” sound associated with booting up a computer. The fan has variable speed settings, and will speed up or slow down depending on how much heat needs dissipating; you may notice when you boot up larger programs you can hear the fan speed up in response to this. Heat sinks you may not recognize if you weren’t looking for them; they are small metal fins standing perpendicular to their mount. Heat sinks work by simply providing a conductive surface for heat to transfer to; bigger surface area, means less heat. There are a few other less common cooling systems, even liquid cooled devices exist, though you won’t typically encounter these in an office or home setting.

What Exactly Does Overheating Do?

Overheating can be more of a problem than most people suspect, as it’s typically associated with simple crashing and rebooting. Computers are designed to avoid internal fires and melting points for obvious reasons. Because of this, most modern devices are built with fail-safes that will begin to shut down certain portions of the device if overheating begins-likely culminating in a crash. Best case scenario, you reboot your device and everything is fine, provided you’ve removed your device from the heat source if possible. But overheating can wreak havoc if the conditions are right. Simple physics tells us that when things heat up, they expand. This is very bad for computers; if the computer overheats to this point, it can physically warp your hard-drive making it inoperable.

Not only this, but small amounts of overheating can slow your device, and even shorten its’ lifespan by up to two years. Most computers are designed to have a maximum internal temperature of 80 degrees Fahrenheit, if you are consistently running that or above, you may be killing your device without even knowing it. All of this sounds bad, sure, but what does it mean to your business? An overheat of say, your host server, can mean a crash that will keep the system down until the server can be properly cooled and re-booted. This may take ten minutes, or it may take three hours-and time is money.

How Can I Prevent My Device from Overheating?

There’s a few different common causes from overheating that most people (especially those handling important data) should know about. For personal computer or laptops, always make sure the heating vents are unobstructed. If you have vents on the bottom of a laptop, for instance, be sure to rest the device on a hard surface while operating, soft surfaces like your carpet and cotton will insulate the vents and can cause an overheat. Another way to prevent heating issues is to simply clean your device every now and again. Dust built up on the inside of a device acts as an insulator and will lead to higher running temperatures, as well as being able to clog and stop the cooling fan. Another common one is that if you’re using a PC-do not operate the device with an open case! There’s a rumor or two floating about that cracking open the side of your PC casing can give it a better airflow and help it cool-what this actually does is it serves to disrupt the airflow of the device’s cooling fan and it presents your computer internals to external debris and dust which can eventually cause an overheat, or even damage from outside debris getting into the box. Another important aspect to look at it your devices’ location, try to stay away from tight isolated spaces like desk drawers; compact and seemingly convenient as it might sound, the ultimate result is that tight spaces means poor air circulation, and higher running temperatures. A popular trend amongst gamers and people wanting more out of their PC is overclocking. Overclocking is at its base form, forcing the CPU to run faster than recommended. This won’t cause instant death; however, should you choose to overlock your CPU be aware of your operating temperature-it will increase. PCs and laptops aren’t the only devices susceptible to overheating, though. Your servers are just as, if not, more vulnerable to heating issues. Location is one of the largest issues to look out for when it comes to server heating; when placing your server, you want to make sure the location is well-ventilated, large enough to allow cool air to circulate, and you want it to be void of open windows. When placing your servers in racks, you also want to make sure they are arranged the same direction, so one server is not blowing hot air into the intake vent of another. Also, one last note for proper server care, make sure your server room’s A/C is set for optimum device cooling and not people cooling-remember computers shouldn’t run above 80 degrees so they have to stay much cooler than we do.

twitterredditlinkedinmailtwitterredditlinkedinmail

Network Connectivity

Computers and other devices can talk to each other, but computers on their own can only handle so much information; if you tried to host all of, say, Google on a single server, it’s simply not possible without a server bigger than your average house. Computers can talk to each other in networks through various means of connection. This connection can be crucial to your operations as a company, or to how fast you can get that cat video to buffer at home. Firstly, for those people unfamiliar with the basic concepts of connectivity and networking; we offer a little primer.

Connectivity basics

Computers are intelligent things, insofar as they can handle a great deal of information, but they’re limited by the amount of information a hard drive can hold. This is where networks come in, the concept to get two (or more) devices to share the information they hold. When these computers are connected, they can share information, but the method of connection itself dictates how fast information can be transferred and how far that information can be transferred. A common type of connection you may have heard of is Ethernet. Ethernet is a type of cable (usually a thick, white or blue cable with a white/clear jack) that runs from the back of most devices into whatever provides your network capabilities (likely a router). An Ethernet cable works very much like a highway; you have one centralized avenue for information to travel (that’s the cable itself) with multiple small “driveways” so information can leave its host device to travel on this “highway” (the “driveways” are the Ethernet ports). Information can then flow more or less freely between devices.  Once that occurs, you have your network. Another common connection for computers is one you most likely experience everyday: Wi-Fi. Wi-Fi, at its’ core, is data transfer via radio waves. Wi-Fi is different than Ethernet insofar as the data transfer is typically slower, but the lack of cables and maintenance means more reliability and ease of use, though it is less secure. Trading ability for convenience, though certain advancements in Wi-Fi have recently allowed for transmission speeds approaching (but not matching) Ethernet cables. Fiber optics are a newer transmission type with incredible transmission speed, though they are very fragile due to their glass cables, and much more expensive than other options. The basics of how they work is: in lieu of radio waves to transmit data, fiber optics use light, allowing incredibly fast transmission speed.

Why does connection matter?

It seems like a silly question, but for many people how they have a connection is irrelevant as long as they have one. Largely, people are satisfied to be connected and don’t think about things like network speed. Sometimes your Wi-Fi signal may be blocked by a wall (older buildings may have block walls or cement ceilings which can result in poor signal), or your Ethernet cable might not be connected on both ends. This all seems trivial until you’re attempting to pull a crucial document off a networked server and it won’t download. Or consider a skype meeting across continents to ensure a deal goes smoothly and the video keeps failing. Most modern companies use computer networking in some way; advertisement via website, grouped workstations, usage of cloud servers; these all require an internet connection, and it can make a real, monetary difference to know the difference between your provider having an issue or a poor signal because someone installed your router behind a brick wall. You should also be careful when accessing public wireless. Typically places like Starbucks will have an unencrypted free public Wi-Fi; you should be careful on these networks and avoid using anything that requires a password: email, banking, and shopping to name a few. These networks are easy prey for people looking to intercept personal information. The internet is not the quiet, gentle place it once was.

What can I do about my connection?

There’s a variety of ways to improve your internet connection on your own without rousing the beast in your office that is the IT department. These methods can be situational though, and vary depending on the problem and type of connection. First, you need to determine that it is in fact a problem with your network connection; what type of computer do you own? Some models come with radio switches that can turn the radio inside of your computer on or off – if it’s off, you’re not going to be connected to the internet anytime soon. Also check to make sure you’re connected to the correct network – Wi-Fi has a limited range so if you’re trying to connect to a network some distance away you might encounter difficulty. On that note you should always know whether you have a wired or wireless internet setup; you can tell this by the connection icon in the lower right of most PCs.

shutterstock_161319536
A few examples of common symbols used to express your devices’ Internet connection

Another question to ask: are you the only one having issues? Ask around, see if anyone else can connect with the Internet – if they can’t, it’s probably not an isolated problem to you. So how do you determine where the problem is when it’s not just you? Go to adjacent office, ask your neighbor if they are having any trouble. If they are (and they use the same service provider) there is likely nothing much you can do, since it’s on the provider’s end. If they’re not having issues, it’s most likely a problem with your network. So what’s the issue exactly now that we’ve determined it’s your network? If everyone is still connected but has a weak or sporadic signal (1-2 bars for Wi-Fi), check your router. It may be that your router is placed far away from the machines it’s connecting, or it may be obstructed.  Radio waves can travel through walls but thick walls like concrete can severely weaken or block them. Resetting your router can often help, but you should never do this without checking with your boss/notifying your employees; the Internet might stay down and that can hurt everyone. Also before handling a router be careful! Some routers are more complex than others and it has the capability to do damage and loss of company productivity if you just start flipping switches. Beyond these basic solutions, it becomes a good idea to contact your IT professional.

twitterredditlinkedinmailtwitterredditlinkedinmail

Little-known ways to get more out of Outlook

Microsoft Outlook is a little bit like cooking: everyone knows at least a little about it, and many people depend on it in their day-to-day lives. Most Outlook users only touch the tip of the iceberg when it comes to all the different things Outlook can do. So, without further ado, here are a few effort-saving Outlook tricks to have up your sleeve. (Note: these tips were written with Outlook 2013 in mind. Certain functions may be different in older Outlook versions.)

Keep track of your billable hours, phone calls, tasks, meetings, etc. with the Journal tool.

It’s hard to believe so few people know about or use this tool, since it’s so versatile. It even has a built-in timer so that you’ll accurately know exactly how long that meeting took. (Your billing department is going to LOVE you.) To find it, select the Folders option on the taskbar at the bottom of the screen. In the navigation pane to the left of your inbox, select Journal. You can add a new entry by clicking on Journal Entry under the Home tab, and a dropdown box allows you to choose categories for phone calls, faxes, meetings, tasks, and others. You can add notes to yourself, details, you can color-code your entries, view them different ways…you get the idea. The Timer option (under the Journal Entry tab) will let you start or stop timekeeping for a task.

Create email templates and reusable text blocks without copy-and-pasting.

To create an email template: This is a good option if you need “form letters” of any kind. Write out the “master” version of the email (you don’t have to send it) and then, under the blue File tab, click Save As. In the Save as type bar, below the File name bar, click the dropdown arrow and select Outlook Template. Give it a descriptive title (e.g. “Sales Form Letter”) and save it. When you want to create a new message using the template, either double-click on the file you saved itself, or, under the Home tab, go to New Items > More Items > Choose Form…. Click the dropdown arrow for the Look In bar and select User Templates in File System. Your template should show up there.

To create reusable text blocks: This can save you time if you frequently use the same paragraphs, images, or links in your emails. Type the text you want to reuse into a new email message and highlight it with your cursor. Then, from the Insert tab, click Quick Parts and then Save Selection to Quick Part Gallery. Give the block a name (e.g. “Greeting,” “Disclaimer”). The next time you want to include the text block in your email, select the Quick Part you created from the Insert > Quick Parts menu.

twitterredditlinkedinmailtwitterredditlinkedinmail

Malvertising

Maybe you do everything right: you only go to websites you trust, you have updated antivirus and anti-malware programs, you use complex passwords, but you still deal with the occasional Internet annoyance, like pop-up or banner ads. Unavoidable and pesky, but part of the web-surfing territory, right? They’re annoying, but they don’t really get in your way. Why should you worry about them?

Even if you never click on them – I REPEAT – even if you don’t interact with them at all, they can infect your computer with malware – just by being displayed on your screen.

Here’s the problem.

You see, most websites innocently use ad services to create revenue – even websites you trust, like your favorite news site. The ad service will set up a certain number of ads in a rotation on the website. While many of the ads are harmless, sometimes an ad in the rotation will have invisible, malicious code embedded in it (without either the ad service or the website knowing about it). When your computer displays the ad, the evil, embedded code gets run on your computer, looks for any security “holes” it knows how to exploit, and downloads the right kind of malware for your particular vulnerability.

You won’t even know what hit you until, say, you find that your browser homepage has changed to a porn site or ransom page. And you were just trying to update your fantasy football league stats! Thankfully, there are some simple steps you can take which will greatly reduce your chances of falling prey to this type of attack.

Step 1: Update your web browser(s).

You’re probably reading this right now using an internet browser like Internet Explorer (or the new Microsoft Edge), Firefox, Safari, or Chrome. If you don’t know if you have the most current version of your browser, here are some directions for finding out. (It never hurts to double check!)

Step 2: Update your web browser plugins.

Javascript and Flash are the two biggest security concerns. Click here to check your version of Java and here to update Flash. You can also change your browser’s default plugin settings so your computer must “ask to activate” them. Disable unnecessary plugins entirely.

Step 3: Download good web browser protection programs.

If you’re using Firefox, Adblock Plus and NoScript are great browser extensions that will prevent most ads from displaying and will prevent a lot of “invisible” browser activity from happening. Malwarebytes also offers a good free version of its Anti-Exploit Kit (for personal use) that specifically defends against malvertising attacks.

twitterredditlinkedinmailtwitterredditlinkedinmail

Is being AWARE enough?

ncsam

October is National Cyber Security Awareness Month.  Now you are aware.

The question, however, that remains is “what does that mean to me?”  I’m glad you asked.  In 2014 companies such as Chase, Target, KMart, Home Depot, Neiman Marcus, and yes, even the hallowed Dairy Queen were all breached.  It is safe to say that warfare has evolved –  That is not to say that spears no longer work, however the reach of a computer with an Internet connection is much greater than anything we could have ever imagined.

But again, “what does that mean to me?”. With any weapon, comes responsibility – we are not going to teach you how to make your computer a threat – far from it – we want to show you how to be a little safer FROM those threats. The truth is, it is all the same things you have heard before – but let’s take a look at WHY these steps are important.

KEEP YOUR COMPUTER CURRENT

Most of the time, exploits are targeted at “weak” systems.  By keeping your operating system current, you are taking advantage of the diligence of the creator of those operating systems to make your computer safe.  There are always stories of “that update killed my computer” … and a lot of them are true.  Our advice is to update your computer on the first day of the month.  Almost nobody releases their updates during the last week of a month – this will give time for the bugs to be worked out.

USE A GOOD ANTI-VIRUS PRODUCT

Would you get a flu shot from your convenient store? How about an anti-biotic from a guy on Craigs List?  No?  Then don’t get a third-world free anti-virus product.  This is your first line of defense.  Consider it the cost of doing business.

BE CAREFUL WHERE YOU GO

Just like you wouldn’t walk down dark alleys with twenty dollar bills hanging out of your pockets yelling “I’m unarmed and wealthy ..”, don’t hang out in places that are prone to be frequented by hackers.  If you are given to adult sites and gambling, consider getting a throw-away computer for that activity.

DON’T LET YOURSELF BE USED

You wouldn’t let your computer be used by a stranger would you?  (please say “no”)  There are some programs in the wild called a RAT.  RAT means Remote Access Trojan; it is a program designed to let a stranger use your computer to perform whatever act that they would like.  RATS are considered malware and are the preferred weapon of ne’er-do-wells who would seek to do your harm.  It is important that you understand that a RAT is not a virus, and as a result MAY NOT BE DETECTED by your anti-virus.  Please make certain that you have an anti-malware product installed, or that your anti-virus software contains an anti-malware component.

WHEW!

So, now your protection is current, you are only going to pure and holy websites, and you refuse to participate in bad things.  Now what ?
The word of the day is INFORMED.  Remain informed from your trusted advisors as to new and unusual threats and how to deal with them.  We know that the tool at your hand can be your best friend – we just want to make certain that it isn’t your enemy’s best friend too. As always, consult with your local technical consultant.

twitterredditlinkedinmailtwitterredditlinkedinmail