Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

10 top security threats of 2014

Folks, this really is a ‘must read’, even if you are not a techy.

10 top security threats of 2014 (so far)

One email spiked with innocuous-looking malware to a vendor cost Target an estimated 40 million credit cards and 70 million user accounts at the crest of 2014, beginning a year which made our own employees, coworkers, friends and family one of the biggest security threats of the year

Non-technical people were 2014’s favorite targets for malicious hackers, from data dealing crime rings to targeted corporate espionage attacks...

F-Secure’s Mobile Threat Report Q1 2014 was a bucket of cold water in terms of just how pervasive attacks on typical users are, and how they can spread through apps into businesses.” Read more (please) …

I hadn’t heard the term “the snappening”.. had you? (And I would move her #4 to #1.)

Today’s quote:Either you run the day or the day runs you.” ~ Jim Rohn

Copyright 2007-2014 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.
And please, never forget – one person can make a difference.
Find a way to make someone’s day today.
(Best advice I ever heard? Don’t sweat the small stuff.)

November 19, 2014 Posted by | advice, cloud computing, computers, consumer electronics, cyber crime, Cyberwarfare, hackers, Internet, Internet scam, mobile, Phishing, phraud, Portable Computing, privacy, ransomware, security, tech | Leave a comment

It Said I Was Infected

There is an epidemic of fake anti-malware software on the Internet– which is collectively called “rogue anti-malware

Marketed under hundreds of different names, such as VirusRemover 2008 and Antivirus XP 2009, this type of rogue software scares people by giving false alarms, and then tries to deceive them into paying for removal of non-existing malware.

This video (produced by the good folks at WOT*) shows what happens when a legitimate site gets infected and redirected to one of these bogus anti-malware scams.
Yes, folks, legitimate websites.

The people behind this scourge use many different ways to try to entice you to click– realistic pop-up windows appear, offers of “free trials” arrive in e-mail, and “free scan” buttons on legit-looking ‘fight malware’ websites, etc..

As this video shows, the user is tricked into (scared into, really) providing their credit card # (oops.. might want to cancel that card..) to clean infections that weren’t there before they clicked.
* The ‘false positives’ are not “cleaned” BUT, more adware and spyware is installed.
* A good percentage of my calls at Aplus Computer Aid are folks needing help with getting rid of these rogues. Because they use the latest techniques to combat removal, and it can be quite tough.. if not impossible.. to remove them without formatting your hard-drive.
* Is that anti-spyware program really spyware?
* A Website dedicated to combating this epidemic is Spyware Warrior. It has a pretty good list of known rogues, and much more detailed information.

Today’s free download:  WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.

  • Ratings for over 20 million websites
  • Downloaded 1 million times
  • The WOT browser addon is light and updates automatically
  • WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.
  • Settings can be customized to better protect your family
  • WOT Security Scorecard shows rating details and user comments

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

September 30, 2008 Posted by | advice, anti-spyware, antivirus, computers, cyber crime, Firefox, hackers, how to, Internet scam, PC, phraud, ransomware, security, software, spam and junk mail, tech | , , , , , , , , , , , , , , , , , | 2 Comments

Your hard drive held hostage– Ransomware*

You turn on your computer and see, “Your files have been encrypted–send me $500 for the key.”
An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
I haven’t talked about ransomware before because it has not been a very common, or rewarding attack.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the trojan wasn’t still lurking, (possibly as a rootkit)ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free link: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool, and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale — typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

Can I ask you a favor? I am a bit curious as to how Tech–for Everyone readers are feeling about the Olympic Games being held in China, and so I’ve created a very brief survey. Click Here to take survey

Update 8/16/07: There’s a report on Sunbelt of a new ransomware, and this one only demands $150. Click here for an interesting read.
Update 8/9/08: Bill Mullins discusses a newer, and meaner, type of ransomware in this article.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

August 9, 2008 Posted by | advice, Backups, computers, cyber crime, encrypting files, how to, PC, ransomware, security, tech, Windows | , , , , , , , , , , | 2 Comments

Geek+Spyware*

I want to apologize to you in advance for a word I will use in this blog from time to time, and that word is “geek.”

When I was a boy–many years ago now–“geek” was a completely pejorative and insulting word. A “geek” was typically a socially inept, small, quiet, know-it-all (who usually wore glasses) kid who couldn’t connect his bat with the softest-thrown baseball or catch a football to save his life…and he used big words all the time. Perhaps in your day you referred to ‘him’ as a Pointdexter, nerd, dork, or wimp. Back then there was no doubt or question about it–“geek” was a put-down: a derogatory statement. Period.

Today, I proudly declare: I am a geek. When I do, I am not broadcasting my pride in my inability to catch a football. (I can catch; and, even throw a tight spiral.) I am saying that I’m “into” computers and electronic gadgets, and I know a little about how they work.

At some point and time our common usage of the word “geek” has changed. It is no longer used strictly as a ‘slam’ and a put-down (however, if that is your intent, I believe the other words I listed above are still 100% negative…although Bill Gates may have softened the word “nerd” some…). If, in the course of reading this blog, you see me use the word “geek”–please rest assured that I am always using it with the nicest of meanings. I even use “geek” as a compliment. Really.

Tip of the day: A reader mentioned in a comment to yesterday’s post on defragmention that spyware, if it gets onto and runs on your machine, will cause it to (amongst other unpleasant things!) suffer performance degradation and make it run slower. I intend to spend a fair amount of time discussing malware, and spyware in particular, and how you can combat and remove it. I will return to this topic in the future. But for today I just want to make this point: If you connect to the Web, you need to run anti-spyware programs. Notice I that I wrote programs. Plural.

That fact is, no one anti-spyware application is 100% effective at stopping and removing spyware. There are many anti-spyware programs available and some are more effective than others. Some are great at stopping keylogger’s but fall down when it comes to Trojan Horses, and others are visa-versa…as an example. So I strongly recommend running two anti-spyware’s, in the hopes that one will catch what the other missed. (There are many free anti-spyware applications [and some are adware disguised as anti-spyware, (called “rogue apps“)] available. For my more detailed descriptions and a fuller listing of free anti-spyware tools, click here.) I cannot stress to you strongly enough to install and run some kind of anti-spyware program…and preferably, two. In that vein, today I will provide not one, but two, Today’s free links.

Today’s free link #1: AdAware SE Personal from Lavasoft. “Ad-Aware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week. Our free anti-spyware version provides you with advanced protection against spyware…”

Today’s free link #2: SpyCatcher Express from Tenebril. From site: “Allows novice PC users to remove aggressive spyware . Stops next-generation, mutating spyware. Blocks reinstallation of aggressive spyware. Removes spyware safely and automatically.”

*Original posting 6/13/07

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

 

May 2, 2008 Posted by | advice, anti-spyware, computers, how to, Internet, PC, ransomware, rootkits, security, tech, Windows | , , , , , , , , , , , , , , , , , , , | 5 Comments

Repost: ransomware

 Dear Reader–today, unexpected personal obligations makes it unlikely that I will be able to post my article in a timely fashion.. if at all. So in the interim I am reposting an article about a fiendish method of digital extortion. Please check back later, as I may get the new one up. This post appeared 8/14/07.

“Your files have been encrypted–send me $500 for the key.”
An item in the news has spurred me to interrupt the series on ‘when it’s time for a new computer’, which I’ll resume tomorrow. An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
I haven’t talked about ransomware before because it has not been a very common, or rewarding attack.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s, and a second drive.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the trojan wasn’t still lurking, (possibly as a rootkit) ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free link: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool, and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale — typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

Can I ask you a favor? Would you be willing to “grade” me and Tech–for Everyone? I have a brief, 5-question survey I’m asking all my readers to take. Click Here to take survey I would appreciate your input. Thanks.

Update 8/16/07: There’s a report on Sunbelt of a new ransomware, and this one only demands $150. Click here for an interesting read.

Copyright © 2007 Tech Paul. All rights reserved.

Share this post :

September 7, 2007 Posted by | advice, anti-spyware, antivirus, Backups, computers, encrypting files, file system, how to, PC, Phishing, privacy, ransomware, rootkits, security, tech, Vista, Windows, XP | Leave a comment

We interrupt this program for a special bulletin

“Your files have been encrypted–send me $500 for the key.”
An item in the news has spurred me to interrupt the series on ‘when it’s time for a new computer’, which I’ll resume tomorrow. An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
I haven’t talked about ransomware before because it has not been a very common, or rewarding attack.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the trojan wasn’t still lurking, (possibly as a rootkit)ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free link: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool, and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale — typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

Can I ask you a favor? Would you be willing to “grade” me and Tech–for Everyone? I have a brief, 5-question survey I’m asking all my readers to take. Click Here to take survey I would appreciate your input. Thanks.

Update 8/16/07: There’s a report on Sunbelt of a new ransomware, and this one only demands $150. Click here for an interesting read.

Copyright © 2007 Tech Paul. All rights reserved.

Share this post :

August 14, 2007 Posted by | advice, anti-spyware, antivirus, Backups, computers, encrypting files, how to, PC, ransomware, security, tech, Vista, Windows, XP | Leave a comment