Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

The Trojan Horse was a tale from the Trojan War…

The Trojan Horse was a tale from the Trojan War. It was the stratagem that allowed the Greeks finally to enter the city of Troy. But the term “Trojan Horse” has come to mean any trick that causes a target to invite a foe into a securely protected bastion or place, and is now often associated with “malware” computer programs presented as useful or harmless in order to induce the user¹ to install and run them.

¹ “the user” = you

662px-Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo

The best part about the Trojan method (from the cybercriminal’s perspective) is that the user¹ willingly clicks the “Install” (or “Run”) which bypasses any protections they may have — firewall, antivirus, “security suite”.
(That’s a very important concept to grasp: antivirus does not protect you from yourself, it helps protect you from the Internet.)

So where do you run into software downloads that contain Trojans?
A: Sadly, in the current state of our un-policed Internet, just about anywhere.. but some places to download are safer than others (and some even strive to be 100% safe).
* If you use a peer-to-peer (“torrents”) file-sharing approach to getting free programs, movies, and music – such as LimeWire or BitTorrent – it is not a question of “if”, it is a question of “when”. (Please don’t write and tell me how you’ve stolen property with file sharing for years and never been infected..)

* Reputable download sites (aka “trustworthy”): there are several, but when I need to download something, I generally go to download.com, majorgeeks, or filehippo.

Also – I never click “Run” on a download, but click “Save”, and save the file to my desktop. Then I scan it with my antivirus. And then I double-click it to launch the setup/install.

Copyright 2007-2010 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

January 27, 2010 Posted by | advice, computers, cyber crime, hackers | , , , , | 4 Comments

Tech Paul’s Friend of the Internet Surfer Award for December

C/Net’s Download.com & Seth Rosenblatt Win For Best Safe & Free Downloads

FOTISAFolks, not too long ago, I started a brand new feature on Tech – for Everyone and I called it the Friend Of The Internet Surfer Award. My intention with this was to bring to your attention, Dear Reader, people and their websites who are worthy of special mention due to the fact that they are looking out for us — the “average computer user” — and helping us to have a better, safer, online experience.

I have been a fan of Download.com for many, many years, and it is one of the first places I go when I need to download the latest version of my favorite freeware. Why? Because I trust the Editor’s Reviews and I know that my download will not contain a Trojan — Download.com is a safe (and legal) place to download.CNET_Logo_WEB And their collection of titles is ginormous (read: “huge!”)

Let’s face it, downloading free programs is fun.

(And I’ve been a fan of CNet since I first started tinkering with PC’s. CNET is the premier destination for tech product reviews, news and price comparisons, free software downloads, daily videos, and podcasts, tutorials, and more.)

 Which is why I am awarding the 3rd Tech Paul’s Friend Of The Internet Surfer to CNet’s Download.com, specifically, but also I would like to ‘co-honor’ editor Seth Rosenblatt. Seth is a regular author on the “Download Blog”, and his “area” is the Microsoft Windows software: I have not disagreed with anything of his that I’ve read.srosenblatt_100

One thing I would like to especially point out to you, Dear Reader, is that Seth has assembled what are called ‘Starter Kits‘. “The Windows Starter Kit is a collection of some of the best and most essential freeware to get your new PC going. From browsers to productivity to utilities, we cover all the bases. If you’re looking for the best in security freeware, check out our Security Starter Kit for all your antivirus needs. Essential utilities have earned their own kit, too: the Windows Utilities Starter Kit.”

So, congratulations to Seth Rosenblatt and Download.com. You’ve earned a big tip of my Geek hat.

Related links:
First-ever Tech Paul’s Friend Of The Internet Surfer Award
Tech Paul’s Friend of the Internet Surfer Award for October

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 30, 2009 Posted by | computers, Internet, software, tech | , , , , , , , , , | Leave a comment

Cyber-safe Resume Gets Noticed

Identity Thieves Targeting Job Seekers

As the joblessness rate climbs, scammers are setting up fake Websites to trick job seekers into giving up sensitive personal information. A lot of unemployed people are eager to divulge information they believe will land them a job, and so become the target of scams. (From: Identity Thieves Want Your Resume.)

Yesterday, a loyal reader wrote me a note which told me of their recent unemployment, and how an increased awareness of Identity Theft had caused them to alter their resume into what they referred to as a “cyber-secure resume” .. and how that alteration had paid a dividend. They have graciously allowed me to share the message with all of you.

“Hello Tech Paul,
First I would like to say how much I really enjoy and appreciate your newsletter. It is very helpful and informative.  You mention and instruct us about malware and online security tips.  Like many others, I have recently become unemployed and found that by posting my resume online, I had left myself vulnerable to identity theft.

It came to my attention through the job section of Craigslist. A friend had told me that he became recently employed through a job posting from Craigslist, so I thought I would give it a try. I replied to a posting by emailing my (non-cyber-secure) resume and cover letter. Now, of course, I do not have my SS No., birth date, drivers license number and other such details on my resume. However, I did have my real full name, home address, home phone, and email on it.

Next thing I receive is an email telling me that I am fully qualified for the position, but before they would consider me further I must click on the link and complete the application and click on another link to complete the online credit check.  Funny, the email said nothing about the company, mission statement, details about the position, who specifically was interested in me, their name, or telephone number, etc. But, I clicked on the link for the application anyway and noticed that WOT did not like the site and I clicked the back button immediately.  Then I noticed that the URL for the credit check website was flagged with the red dot from WOT too. Since I only recently installed WOT , based on your recommendation, I hadn’t really noticed the green and red circles that WOT uses to flag sites until that moment where I said to myself (duh) pay attention dummy.

Anyway, I have since created a cyber-safe resume and cover letter which does not include full name, address, home phone, work locations, and educational institutions. The resume states that this information is not provided for security purposes. I also include a statement in my resume that a more detailed resume will be provided at time of interview.  My Cyber-secure resume includes an overview of prior job responsibilities, job titles and educational degrees and relevant dates, but not locations. For contact information, I include my first initial and last name, my cell number (which cannot be traced to my address through google) and my gmail email address.

Yesterday, I had an appointment with the Workforce Connection representative (unemployment compensation authority). I am required to post my resume on their job site, which I did (my cyber-secure resume). During our meeting, she told me that prospective employers will find my cyber-secure resume suspicious because it leaves out certain details. I explained to her my reasons for posting it that way (experience with Craigslist, fear of Phishing, and ID Theft, etc.). Turns out she had her identity stolen a year ago by posting her resume and she finally concurred it may be a wise idea.  Later that evening when I returned home, I checked my email and found she had sent an email to her distribution list warning her clients about the importance of posting cyber-secure resumes. This is what she said: One of my customers caught my attention with her cyber-safe resume.

Here’s additional information, courtesy of http://www.rileyguide.com/scams.html, http://www.job-hunt.org, and http://www.worldprivacyforum.org/

Kay E.”

[update: The article on creating a “cyber-safe resume” is http://www.job-hunt.org/resumecybersafe.shtml]

Other related links:
In These Tough Times, Could You Use Some Extra $$$’s ?

Looking For Work? Caution

***Make $6,513 a day doing this***

A lot of good information here, people. Do yourself a favor, click some links. And thank you, Kay, for sharing this with us.

The byword for the rest of the year is use (Ultra-strength) paranoid common sense while online. The Internet is not Disneyland, folks.

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 16, 2009 Posted by | advice, cyber crime, Internet, Internet scam, Phishing, phraud, privacy, security | , , , , , , | 6 Comments

Reader Questions Deleting

I have posted a few articles on “shredding” the files on your hard drive to truly delete them, (and making it safe to donate/dispose of your computer) as well as articles on how to recover accidentally deleted files.

Just last week I posted How to REALLY delete – or recover – a file. And How to recover your lost files has proven rather popular over time too. (Just to name a couple.)

Last night I received a question posted as a comment on last week’s article from a reader that basically asked, “is it REALLY possible for people to see files that I’ve deleted?
skeptical-face

A: Yes. It’s true. I didn’t make it up. Download Recuva and try it for yourself. Also, I commend you for using your intelligence to question what you see on the Internet. Just because someone has posted something does not make it true. Even if they have included a graph. Or a picture (see, Photoshopping).

I have a leprechaun in my pocket.

See?

Folks, Going to cut it short as I’m still in “vacation mode”. Hope you all are getting the chance to enjoy some of the nice summer weather. Please click the links for the prior article if you need a file shredder.

Today’s free link: Windows 7, Server 2008, Released to Manufacturers

Today’s free download: Recuva file recovery program (install it before you need it).

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

July 23, 2009 Posted by | advice, computers, file system | , , , , , , , , , | Leave a comment

Tips For Safe Online Shopping*

I think it is a pretty safe bet that quite a few of you are doing some last minute holiday shopping.. and that some of you are going to use the Internet to do some of that shopping.

I would like to remind you that there is a healthy, active, and well-financed underworld of cyber-criminals who are well-aware of the fact that the next few days are prime credit card and “identity” theft opportunities, and are going to be particularly active in trying to GET YOU.

You will see an increase in spam, and bogus pop-opens that tell you you are infected when you’re not. (Note: The phraudulent Skype alert is active again, too. see Skype — “Windows Requires Immediate Attention”.. Not! )

I am posting the following Basic Internet Shopping Tips in the hopes that Tech–for Everyone readers will not join the 9 million Americans who had their identities stolen last year.

  • Download Software Updates — Regularly!
  • Use Complex Passwords (include numerals and @#$%^&*[])
  • Use Onetime Credit Cards
  • Verify Secure Connections See that little padlock symbol at the bottom of your screen, and in the URL address bar?
  • Check Your Credit
  • Enter Your Shopping Site’s Web Address Manually (embedded links=no!)
  • Shop From Your Own computer (not a public ‘hotspot’)
  • Enable your browser’s phishing filter, or install a add-on. (such as the super-easy WOT toolbar)
  • Don’t Send Credit Card Information Over E-mail. Even if you think it’s secure. Don’t send it over IM either. If you feel uncomfortable about sending personal information online, call up the business.

I would like to direct your attention to the first bulletpoint. The programs on your computer need to be fully “patched” with the latest updates, as exploiting weaknesses is the primary method hackers use to infect your machines. (You visit a website that they’ve ‘poisoned’, and if you have an unpatched ‘hole’, bingo – you’re infected.)

How do you know if you have the latest updates? For all your installed programs? Do you think you are patched? Don’t guess. Be sure!

Today’s free link+download: Secunia offers a tool that I highly recommend. The online scanner (which you should bookmark, btw) will scan your machine for roughly 100 programs and tell you if there is a patch/update you need. If you go this route, you will need to visit once or twice a week.)
Better yet, they offer a download, a Personal Edition, which will scan your system against a database of over 7,000 programs.
Even better yet, it includes direct download links to the missing patches it finds.

I just ran it and it found an old ActiveX plug in, and told me that my Java Runtime Environment was out of date.. and I didn’t think I had installed JRE on this machine!
vulnerabilities1

Further reading:
Computer Security – Time to Think About It

A Teen Texting Trend All Parents Should Be Aware Of

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

December 20, 2008 Posted by | advice, browsers, computers, cyber crime, hackers, how to, Internet scam, News, PC, Phishing, phraud, security, shopping for, software, tech | , , , , , , , , , , , , , , , , , , , , , | 5 Comments

A Vast Criminal Enterprise Aimed At You

– Five Defensive Strategies

“Today’s Internet attacks are organized and designed to steal information and resources¹ from consumers and corporations. The web is now the primary route by which cybercriminals infect computers. Cybercriminals are planting malicious code on innocent websites. This code then simply lies in wait and silently infects visiting computers.

The scale of this global criminal operation has reached such proportions that Sophos discovers one new infected webpage every 4.5 seconds – 24 hours a day, 365 days a year. In addition, SophosLabs, our global network of threat analysis centers, is sent some 20,000 new samples of suspect code² every single day.

2008 at a glance

  • Biggest malware threats – SQL injection attacks against (legitimate) websites and the rise of scareware (aka “rogue” anti-malware programs)
  • New web infections – one new infected webpage discovered by Sophos every 4.5 seconds (24/7 x 365)
  • Malicious email attachments – five times more at the end of 2008 than at the beginning
  • Spam-related webpages – one new webpage discovered by Sophos every 15 seconds
  • New scareware websites – five identified every day
  • Top malware-hosting country – US with 37 percent
  • Top spam-relaying continent – Asia with 36.6 percent
  • Amount of business email that is spam – 97 percent

Injection attack? coming to get you By exploiting poorly secured legitimate websites, hackers have been able to implant malicious code onto them, which then attempts to infect every visitor. One of the reasons the web is so popular is that legitimate websites can attract large numbers of visitors, all of whom are a potential victim.
(This as also known as “poisoning”.)

Many well known organizations and brands have fallen victim to this kind of attack during 2008. Both large and small organizations have been targeted.
January 2008: Thousands of websites belonging to Fortune 500 companies, government agencies and schools/universities were infected with malicious code. more..

¹ read “money”
² read “malware”

Folks, this is taken from a whitepaper titled “Security Threat Report 2009” and produced by the IT Security firm Sophos. Some of the emphasis is mine. You can download the document here.
I want to take a moment to thank them for publishing this, and saluting their effort to combat malware and the criminals behind it. In fact, let me go a step further and salute all you whitehats out there. Thank you.

What you can do

1: please read Top 10 things you should do to your computer–updated. It is a checklist, and provides you with the How To’s for a (more) secure computer, as well as providing links to important (free) security downloads.
2: enable an anti-phishing filter, which can help alert you to poisoned websites before you go there. All modern browsers have a filter built in, and all you have to do is turn it on; or, you can add a toolbar/plug-in such as McAfee’s Site Advisor or the excellent WOT.
3: make sure ALL the programs on your computer are patched and up-to-date. The easiest and most effective way to do this (IMHO) is to download and install the PSI (Personal Software Inspector) from Secunia.
4: Never respond to e-mails asking for personal information. Legitimate businesses never contact you about “important issues” via e-mail. But criminals love to go phishing!
5: Be PARANOID on the Internet. (Use common sense) Think someone can’t trace back to you? Guess again; your browser reveals a wealth of information by default. Sound too good to be true? It is. There’s no such thing as a “free iPod”… and, no, you did not win the Irish Lottery. Is looking at sexually explicit material simply irresistible? Go to one of those video rental shops that has a back room instead of clicking links and images — a malware infection can cost you all your data and/or several hundred dollars in cleanup.. and/or many hours of your time..

Folks, the Internet is not Disneyland. Most knowledgeable people refer to it as the “wild, wild, West” (a reference to sheer lawlessness) but I like a different analogy better.. think of it as going into the Big City, and going down to the docks/warehouse district, alone, and at night.
You can do it, but you best be careful.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 12, 2008 Posted by | advice, anti-spyware, antivirus, computers, cyber crime, e-mail, hackers, how to, Internet, PC, Phishing, phraud, security, software, tech | , , , , , , , , , , , , , , , , , , | 3 Comments