Monday, November 17, 2014

Trust Your Instincts

You know what your computer feels like when it's working properly - trust yourself when you get a feeling that something isn't right.

A change in your browser - from a mysterious home page shift, to an extra toolbar or a search engine that doesn't look the same as it did before... these are all indicators that something malicious has gotten into your computer.  Malware - as we call it - can wreak havoc in small ways that can seriously compromise the security of your computer and everything you do on it.

At the first sign or symptom of a problem, trust your instinct and run a scan (or ask for help).  Some of my favourite tools are available for free and are pretty easy to use.

If you find your computer is prone to problems - perhaps you experiment with random free programs from the Internet or you are a fearless browser who is happy to click on links and ads no matter their source - you might benefit from purchasing an active scanner subscription which targets malware like MalwareBytes.

Wednesday, October 15, 2014

Java Updating

There are some sneaky things lurking on the Internet - a lot of them will try to take advantage of security flaws in older versions of Java so it is important to run the updates when they pop up.  

Lately, however, there have been some "fakers".  You might be surfing a website, maybe even one you have been at before, but - for whatever reason - that site was compromised and is now infected with a "malware dropper" which tries to fool people by popping up a very legitimate-looking warning - letting you know that you need to update your Java and kindly inviting you to "click here" to proceed.  

If you happen to fall victim to this ruse - you will be inundated with pop-ups and junk as you have agreed, albeit unwittingly, to install a whole lot of junk onto your computer.  This junk or malware will interfere with the operation of your web browsers (Internet Explorer, Chrome, Firefox) - changing your home pages and your default search engines among other things.  

Malware infections can lead to more problems the longer you leave it on your system - as it invites more and more junk to join the party.  It is important to get the mess cleaned up as soon as you realize there is a problem!  And be sure you have up-to-date Antivirus Software as well as Windows Updates.  If you are unsure about the legitimacy of an update notification for Java - the best option is to say "no" then go to www.java.com directly and install the latest version from there.  Be sure to follow through with the verification process which will assist in removing old versions from your computer as even with the newest version, you will still be at risk if you also have older versions.

If you are unsure about pop-ups and notifications - it is better to ask and be confident that your system is clean and safe, than to ignore it and risk escalating problems that could compromise your privacy and data.

Tamara is an I.T. consultant with itGurl computer services inc. - specializing in work with non-profit organizations and assisting users (at home and at work) to get the most from their technology.

Wednesday, April 9, 2014

Heartbleed

With the latest news about the Heartbleed vulnerability in what we thought were safe sites - now is a good time to update your passwords.  ALL your passwords.

The first thing you want to make sure of, though, is that the site you are updating for is safe.  I recommend you test the site - if is all good, then change your passwords.

If you are like most of us... you probably have a ton of accounts out there that need updating.  This is also a good opportunity to make sure each account is unique and secure - and a tool to manage your passwords can help you get that in order.  I use 1Password by Agilebits to manage my own passwords. There are similar tools available including LastPass; Roboform; and KeePass among others.

The Heartbleed vulnerability has been at large for about two years - so any servers that were using this version of SSL to encrypt their websites will have been vulnerable ... what isn't known is whether any hackers out there were actually taking advantage of the vulnerability.  And, since the "listening in" doesn't leave any tracks, we may never know.  It is important to do what you can to keep your digital self safe - secure your passwords; monitor your credit card transactions to be sure your card doesn't become compromised; don't email private information including passwords, PINs and credit card numbers... This is good advice to follow all the time - not just in the face of a found vulnerability.

UPDATE: Here's a list of sites from Mashable of passwords to change right away.
(Google doesn't think you need to worry about changing your password - but better to do it anyway... especially if you haven't done it in a while.)

UPDATE 2:  Here's a summary of the issue courtesy of Business Insider.

Wednesday, December 11, 2013

Psst. Your password may be out there!

We all have those moments when we think, how am I going to remember one more password!?  And each one has to be longer and more complicated than the last one...?  Why can't I just use the same password for everything - it sure would make my life easier.

Easier - maybe.  But only until one of those sites you have signed onto gets hacked.  It happened to Adobe - and they are a fairly substantial company in the software world!  38 million accounts were exposed -- were you one of those people?  What does it all mean for you?

I'm glad you asked!

Your Adobe account may have been pretty insignificant - maybe you signed up for a free trial of Photoshop, just to see if you could put your brother-in-law's head on Batman's body (I know, it was just a lark).  You might have had to fill in some personal information - your address, perhaps?  But you certainly didn't give them your credit card number!  So you must be safe.  But wait, they used your email address as your user account name - like so many sites do. (It's just easier than having people try to come up - and remember - that unique user name: itG100013url.21).  The risk for you now, comes from the password that is in the hands of who-knows-who!  That password - that you use elsewhere - with that same email username... What if those hacker-people decide to visit some other site and try your login info over there?  Maybe you used the same password at Amazon or for iTunes?  Those sites have significantly more personal information about you.  Even worse: what if that password, that you use so frequently, is also the password to access your email?  -- This is becoming a very REAL problem now because every account you have signed up for can be reset through your email!

Steps you should take to protect your digital identity:

First:  Your email password should be completely unique - and STRONG.

This means your dog's name and your Mother's maiden name are not the best choices.  These could be guessable with a little research.  Just like your Bank or Credit Card PIN shouldn't be your birthdate - think about it... what if you lose your wallet.  It contains your bank card or credit card - but it probably also has your ID which shows your birthdate.  This is likely the first thing a thief will try - in order to drain your bank account or charge up a storm on your credit card.

...and don't post your passwords where someone walking by - or breaking into your home - might see them...

~more password advice to come... stay tuned - as they say on tv!



Tuesday, December 10, 2013

Java Update... Again??

So many users have gotten complacent about that pesky Java update that seems to always want to run... it feels like every day: there it is again!  Users tell me they often ignore it and my response - please don't!

So why does it always need to be updated?

Many websites use Java as part of the visitor experience on their websites - it is a programming language that works on multiple platforms (types of computers: Mac, Windows etc).  Without Java (or rather the Java Runtime Environment) running on your computer - those website components would not work for you when you access those certain websites.  The catch is that Java is an environment to run programs - those programs could be written with malicious intent.  So Java is constantly being updated to fix security issues as they are discovered which could allow malicious programs to run on your computer if you browse to an infected site.

Java updates should be installed as soon as they are available to lower the risk of malicious content infection.  They are safe to update - but they do sometime included options with them like the Ask Toolbar or the McAfee Scanner.  During the installation of the updates you have the option to uncheck the installation for those add-on programs.  I recommend doing so as the fewer programs you have vying for system resources, the better!  And don't even get me started on Toolbars!

Hopefully, this helps you understand Java a little better - or, at least, enlightens you on the importance of running the Java updates!