Ekaru Small Business Technology Advisor

AntiVirus - Full Disk Scan - Just Do It!

noreply@blogger.com (Ann Westerheim, PhD) — Fri, 18 Dec 2009 16:39:00 +0000

My Antivirus software kicks in to annoy me periodically for a full system scan. It slows me down, and like a lot of people, I'll admit that I often stop the scan because it takes to long, and it slows my system down! I know it's important, but if I'm working on five different things, it's an inconvenience. My Antivirus is always checking incoming and outgoing emails, and all the files I open, but the full system scan on top of that what bothers me.

With a laptop, it's tough to make sure you're doing everything you need do do to protect your system. When my system is on, I'm working and I'm busy! When I'm not working, my system is off and in my computer bag.

Last night - PANIC - I had a warning about a Virus. I quickly checked to make sure it wasn't one of those spoofed threats (that are actually viruses, and if you click on ANYTHING it just makes it work). This was a REAL warning, but my Antivirus software caught it (I was on the web, and going through a lot of emails so it could have been anything).

So... time for a full system scan. I left my computer on overnight. It took 5 hours and 45 minutes for the scan to complete, but two threats were discovered and healed by the end. Bottom line, make the time to run those full scans!

New Years Resolution for your Domain Registration

noreply@blogger.com (Ann Westerheim, PhD) — Fri, 11 Dec 2009 20:04:00 +0000

Do you know when your domain name expires? Is your contact information up to date? Make a resolution today that you will check on your renewal date and make sure your contact information is up to date.

If you haven't made your registration private, all the information is readily available (you don't even have to remember any logins!): http://www.networksolutions.com/whois/index.jsp

Make sure your registration isn't expiring in the next few months. If if is expiring, renew it right away so you don't forget?

Is your contact information correct? A common pitfall is that people register a domain name with a generic email (like hotmail or yahoo) because they haven't set up their "real" email yet (because the domain wasn't even registered yet!). You may have stopped using this address years ago. If your email address isn't up to date, you won't get the renewal warnings!

If your domain name expires, and you haven't trademarked it, you could have a tough time getting it back. Also, the domain registration should ALWAYS be in your full control. It should NOT be registered to an employee or a webmaster or anyone else. Make sure you protect it.

Unfortunately, over the years we've gotten panic calls from folks with expired domain names... one day, your email stops working, and your web site is gone... DON'T let it happen - check your registration status TODAY!

Swine Flu (H1N1): Prepare workers to work from home

noreply@blogger.com (Ann Westerheim, PhD) — Fri, 25 Sep 2009 20:59:00 +0000

It's in the papers every day. Updates and instructions are being sent home from school. This will be a BAD flu season! During the week of September 13-19, indicators show that flu activity is increasing. Check out the CDC web site for detailed information: http://www.cdc.gov/h1n1flu/

Wash your hands frequently, cough and sneeze into your arm or a tissue (not your hand), and get prepared NOW to be able to work from home with remote network access in case you need to. The CDC is advising everyone who gets sick to STAY home. Maybe it won't be you, but your children may be sent home for a week.

There are MANY great options to work remotely, so just pick one and don't make it a last minute panic. LogMeIn, Remote Desktop, GoToMyPC, VPN (Virtual Private Network) -- all are great options that don't cost a lot. A small effort today to configure remote access will mean less down time when/if schools are closed or you get sick. Pick a solution, get it configured, and you will have one less thing to worry about.

MA Data Protection Law Extended AGAIN (Really!)

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 19 Aug 2009 13:48:00 +0000

Massachusetts Governor Duval Patrick announced yesterday that the Massachusetts Data Protection Law deadline has been extended once again to March 1, 2010 - http://www.mass.gov/?pageID=ocatopic&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca

One of the big considerations in the latest extension is to take into account the need to balance consumer protection and business expenses, especially for small businesses who don't have the resources for an extensive network overhaul (in the midst of a bad recession).

The guidelines in the new law - firewall protection, antivirus protection, anti-spyware protection, and encryption all make business sense right now. Getting a new law into effect is a complicated process, but this should NOT be a signal to businesses to be lax about security measures. The budgetary estimates on the Mass web site are WAY over-stated. A few simple measures right now could vastly improve small business data security, and it doesn't need to be complicated! We are continuing to urge all clients to evaluate their security loopholes NOW and take the simple strategic actions that don't need to cost a lot.

Alt+F4 – First Line of Defense Against a Virus

noreply@blogger.com (Ann Westerheim, PhD) — Fri, 14 Aug 2009 13:35:00 +0000

Do you have a computer virus? Big trend these days is that a pop-up appears that looks like a real Windows dialog box, but it's actually just a disguised web pop-up trying to trick you into clicking on some message like "update my AntiVirus now". Sometimes, even if you hit the "x" to close the window you get into trouble (becuase its NOT a real Windows dialog box).

What can you do? Use the keyboard short-cut "Alt+F4"– to close windows without touching them – the first line of virus defense once it has hit the desktop

HP Notebook Battery Recall

noreply@blogger.com (Ann Westerheim, PhD) — Mon, 01 Jun 2009 14:52:00 +0000

HP is voluntarily recalling about 70,000 Lithium-Ion notebook batteries which pose a fire and burn risk for consumers.

The affected models include:

HP Pavilion: dv2000, dv2500, dv2700, dv6000, dv6500, dv6700, dv9000, dv9500, dv9700
Compaq Presario: A900, C700, F700, V3000, V3500, V3700, V6000, V6500, V6700
HP: G6000, G7000
HP Compaq: 6720s

Visit the Consumer Product and Safety website for more details:
http://www.cpsc.gov/cpscpub/prerel/prhtml09/09221.html

Windows Genuine Advantage Notifications - Installation Wizard

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 13 May 2009 17:12:00 +0000

Many users have asked us about this, and perhaps it's happened to you... Have you turned on your computer recently to find a pop-up from Microsoft on your screen for Windows Genuine Advange Notifications - Installation Wizard?

We advise all clients to be VERY cautious when they see something they don't recognize on their system. This recent deployment by Microsoft is unfortunate, because the window that pops up looks just like all the bogus AntiVirus 2009 and other malware threats that have circulated around recently. Many users have been alarmed by it.

The Window Genuine Advantage program is Microsoft's Anti-Piracy program. The sofware detects if you have a legal license, and will warn you if you don't. If your software is not legal, then you won't be eligible for automatic updates (except for Critical updates). The problem is that if you are an honest customer, you've already paid and this is a real nuisance. If your system is set to get Automatic Updates with Automatic Installation, then this would have been automatically installed. Typically, we recommend selectively installing updates to avoid things like this.

Microsoft is getting some angry feedback from customers, so I would hope they'd change this in the future.

An Easy Way to Send Photos to Non-Techies

noreply@blogger.com (Ann Westerheim, PhD) — Thu, 07 May 2009 19:36:00 +0000

As much as I love technology, I haven't been able to get my parents to fully embrace the digital age. A while back, I was talking to my parents about some pictures I had emailed them.... I was disappointed to hear that they hadn't seen them yet! My parents just aren't on their computer all the time. Then my mom complained that the pictures are hard to print and they never come out right.... too big, no ink...

I figured I could go back to the old-fashioned way of mailing pictures of the grandkids, but that doesn't have the immediate gratification effect (for me, anyway). I searched on line and found a really great solution. At www.walgreens.com, you can upload digital photos and submit them for 1 hour processing to be picked up anywhere (over 6,000 locations). For a stack of pictures, you may expect to pay just a few dollars. The prints are excellent, and my parents actually enjoy the trip out to get the photos. It doesn't cost any more than printing them locally (because its all electronic anyway!). Now I just upload the photos, order prints to be picked up in Florida, and then my Dad gets them in an hour!

Major Wave of Computer Viruses

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 22 Apr 2009 14:12:00 +0000

Be aware! Over the past few weeks we have seen a big increase in viruses. We're seeing rootkits that are doing a lot of damage. A rootkit is a collection of programs that enable administrative access to a computer. A rootkit can consist of spyware that monitors keystrokes or web traffic, and it can also create a "backdoor" for altering log files, and altering existing system tools to escape detection.

If you are running a free version of Antivirus protection on your system, be aware that you may not have rootkit protection.

Things to watch for:

Check your antivirus program. Make sure it has rootkit protection. Also make sure that its up to date - some viruses disable Antivirus software and you may not even notice it.
Take care when you take your work laptop home. Are all the systems on your home network up to date with with patches and Antivirus protection? Typically, people take good care of their "work" systems, but you may be risking your system when you put it on your home network.
Watch for a slow system, or things like web site re-directs. These are signs that you may be infected.

Here are a few tools we've found useful for viruses that aren’t removed by the installed AV software:

Root Kit Revealer – Shows you what is starting up (Saves a lot of time of checking the registry, also scans the hard drive).
HiJackThis – More in depth than rootkit revealer (BHOs). I’ve found it missed rootkits most of the time I’ve encountered them.
ComboFix – Good tool to use after running HiJackThis. Also has some built in rootkit removers for common rootkits. I typically use it just for the rootkit removal.

Another helpful thing for badly damaged systems is to remove the hard drive from the system and then run the tools.

I actually had a virus on my own system for the first time ever a few weeks ago, so I know this problem is bad. I am extremely careful with my systems - up to date patches and regular AV system scans, so don't think you're system is safe! The good news is I noticed a problem immediately and was able to remove the malware in "safe mode". Don't panic, take action immediately to solve the problem. If you catch the problem before a re-boot, you may avoid over-writing system files which would cause a lot of damage.

Economic Recovery Package - Funding for Electronic Medical Records

noreply@blogger.com (Ann Westerheim, PhD) — Tue, 03 Mar 2009 22:02:00 +0000

As part of the Obama administration's economic recovery package, $19B will be spent to help accelerate the implemention electronic medical records in physician offices. The goal is to curb costs and provide better care through the efficiency of electronic medical records.

A recent New York Times article http://www.nytimes.com/2009/03/01/business/01unbox.html?_r=1) cites a study in the New England Journal of Medicine indicating that currently only 17% of all medical practices use computerized medical records. In larger practices, use of electronic medical records is widespread, but over 75% of physicians practice in small offices with 10 or fewer providers. The new funds are good news for the smaller practices who may be eligible for up to $40,000 in funding to help implement electronic records.

For more information regarding the economic recovery program, go to http://www.recovery.gov/.

MA Data Protection Law Extended AGAIN!

noreply@blogger.com (Ann Westerheim, PhD) — Mon, 23 Feb 2009 22:32:00 +0000

The deadline for compliance to the new Massachusetts Data Privacy legislation has been extended AGAIN to January 1, 2010. The original deadline was January 1, 2009. Last November, the deadline was extended to May 1, 2009, and just recently the deadline was extended again to January 1, 2010: http://www.mass.gov/?pageID=ocapressrelease&L=1&L0=Home&sid=Eoca&b=pressrelease&f=20090212_idtheft&csid=Eoca

There are no specific penalties for non compliance, but the door is opened for legal action by the state's attorney general. http://www.networkworld.com/news/2009/021209-mass-data-privacy.html?page=1

We are advising our clients that if they are running an up to date computer infrastructure they are probably already in compliance for most items, and regardless of what the State does, these are good business practices to follow. In many cases only a few relatively small and inexpensive changes will needed for compliance. Its a bit frustrating that the news keeps changing from the State government, but protecting your critical business information makes business sense right now. What would you do if your laptop were stolen and someone had access to all your information? Encrypt your portable devices NOW and don't get caught up with all the political changes!

Keyboard shortcuts that are available in Windows XP

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 28 Jan 2009 19:29:00 +0000

Do you ever need work on your PC in two different windows and its a pain to switch back and forth? For example, you may have an instructional document in Microsoft Word, and you need to follow the instructions to do some work in a browser window or another application. Switching back and forth is easy if you know the keyboard shortcut: ALT+TAB (Switch between the open items). For a full list of keyboard shortcuts that will save you time, go to: http://support.microsoft.com/kb/301583. Take a few minutes to identify the shortcuts that will help you and memorize the ones that will save you time. You'll be glad you did!

New Internet Worm Infects over 9 million PCs!

noreply@blogger.com (Ann Westerheim, PhD) — Tue, 20 Jan 2009 21:25:00 +0000

It took a while for hackers to get their attack ready, but now a new Internet Worm has infected an estimated 9 million PCs! Downadup -- which also goes by the name "Conficker" -- exploits a bug in the Windows Server service used by all the common Microsoft operating systems: Windows 2000, XP, Vista, Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare "out of cycle" patch releases on October 23, 2008, an estimated 1/3 of all PCs have not yet been patched, according to Qualys, an Internet security company.

The Microsoft patch is available at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx.

Symantec has a removal tool posted on their web site: http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Computer Slow? - Defragment Your Disk Drive

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 14 Jan 2009 20:15:00 +0000

Is your computer slow? One thing to you can do yourself that's free and easy is to degragment the hard drive.

After a while, the hard drive on your computer starts to get full and cluttered. Without even being aware of it, we are constantly adding things to our systems - eMail keeps coming in, we install new programs, we try trial-versions of programs, and we keep creating documents and drafts. When the storage space on your system starts to get full, your drive will actually be quite cluttered. Sure, there is free space, but its in bits and pieces and very inefficient.

To degragment your drive (in Windows XP):

1. Go to "Start" and select "My Computer"
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click "Defragment Now"

If you haven't done this in a long time, it will take hours, so choose a time when you don't need your system. When the process is complete, you'll see a graphical display of how much space was re-organized. This will really help your system work more efficiently, and its free!

MA Data Protection Law - Deadline Extended to May 1, 2009

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 07 Jan 2009 15:12:00 +0000

The new law will affect just about all businesses in Massachusetts: 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. The good news is that the General Compliance Deadline has been extended from January 1, 2009 to May 1, 2009.

The regulation states that "Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information. Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records".

"Personal information" is defined as: "(a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number."

"Person," is defined as: "a natural person, corporation, association, partnership or other legal entity, other than an agency, executive office, department, board, commission, bureau, division or authority of the Commonwealth, or any of its branches, or any political subdivision thereof."
Basically, this regulation applies to every business in Massachusetts.

In November, the Office of Consumer Affairs and Business Regulation issued a press release announcing an extension of the deadline:

The general compliance deadline has been extended from January 1, 2009 to May 1, 2009
The deadline for requiring written certification from third-party providers will be further extended to January 1, 2010
The deadline for ensuring encryption of portable devices (other than laptops) has been further extended to January 1, 2010.

This gives all businesses some more time to comply.

New Protection of Information Law goes into effect January 1, 2009

noreply@blogger.com (Ann Westerheim, PhD) — Wed, 29 Oct 2008 14:38:00 +0000

New Protection of Information Law goes into effect January 1, 2009:

A new law is going into effect January 1, 2009 that will affect just about all businesses in Massachusetts.: 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. http://www.mass.gov/?pageID=ocamodulechunk&L=1&L0=Home&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca

Basically, every business with employees and every business that accepts credit card payments will be effected (this essentially includes ALL businesses). The regulation states that “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information. Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records”. We’ll be working with clients over the next two months to help as needed. For technology, the general things businesses need is to have a network firewall, encryption of wireless networks, strong password protection of networks and systems, and encryption of personal identifiable information.

How do I know if my system has the right Microsoft Security Patch installed?

noreply@blogger.com (Ann Westerheim, PhD) — Tue, 28 Oct 2008 13:05:00 +0000

Several people have asked us how they would know if their system is patched or not for Microsoft Security Bulletin MS08-067 (KB958644) (or any other patch for that matter).

Its easy! Go to “Control Panel” / “Add or Remove Programs” / Click the box for “Show Updates” / Sort by date (makes it easier to find).

You should see a reference to KB958644 with a date after 10/23/2008 if the new patch was installed.

CRITICAL Microsoft Security Bulletin

noreply@blogger.com (Ann Westerheim, PhD) — Tue, 28 Oct 2008 12:58:00 +0000

If your system isn't already patched for Microsoft Security Bulletin MS08-067 (KB958644), do it now! Its rare for Microsoft to release security updates outside of the normal Tuesday schedule, but for the first time I know of, Microsoft called 1000s of partners, and held conference calls to ask us to warn our clients and make sure they were patched. This is truly a critical threat.

The Critical Security Bulletin (MS08-067) is for a vulnerability in Server Service that could allow Remote Code Execution. Note that this affects all operating systems (even though it relates to "Server" Service - the vulnerability affects just about all desktop systems). If you run automatic updates, this update should be picked up, but we are advising clients to run the update NOW!

For more information and detailed information relating to your specific operating system, please go to http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
File information details can be found in Microsoft Knowledge Base Article 958644

Note that there is always a risk when you install new updates, but initial testing by Microsoft is not showing problems and the patch can be uninstalled if necessary (there are no reported problems with commercially available software). However, in the case of this CRITICAL update, there is a greater risk of NOT installing the update.

An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.

Money tight, computer slow? - Get more RAM!

noreply@blogger.com (Ann Westerheim, PhD) — Fri, 24 Oct 2008 13:32:00 +0000

If your computer is driving you crazy because it's too slow, and your budget is tight, consider getting more RAM to see a drastic improvement in your system. If your computer is slow, and you hear your hard drive working over-time, its likely that you could see a significant improvement by just adding around $50 worth of RAM. The first step is to see how much RAM you currently have: Go to "Start" / "My Computer" / "View System Information". On the "General" Tab, you'll see a summary of your general system information. If you have less than 1G of RAM, you will definitely benefit from more RAM.

Yesterday's Boston Globe had a good article outlining a bunch of measures to revitalize your old computer: http://www.boston.com/business/technology/articles/2008/10/23/stretch_your_money_by_stretching_your_pcs_life_span/

Don't be disappointed if you can't afford a new computer right now, because there is a good chance you don't need one. In our experience, adding RAM is the highest-impact, lowest cost way to boost performance. If your computer can support 2G of RAM, you will see a BIG difference

Note that there are many different types of RAM, and there are specifications for the amount of RAM that can be added based on specific system models. If you want to go the "do it yourself" route, we recommend going to the manufacturer's web site (Dell, HP, etc) and entering your system information, or use the "RAM Finder" function that all of the major RAM manufactures have, such as at http://www.crucial.com/.

Clocks move BACK November 2 - Check your BACK-UP

noreply@blogger.com (Ann Westerheim, PhD) — Thu, 16 Oct 2008 19:13:00 +0000

Remember that Daylight Saving Time ends on November 2 this year so clocks move BACK one hour. When the clocks change, we often hear reminders to change batteries in the smoke detectors in our homes. This is a great way to remember.

We'd like to start a new tradition to check your data BACK-up at this time as well.

Are you backing up ALL your critical files?
Are you taking your backup off site?
Are you backing up often enough (hourly, daily, weekly?)
Are you meting regulatory requirements?
Do you have a business continuity plan?

Checking your data backup on a regular basis can save you a lot of time an money in the event of a computer crisis! So we want to get everyone focused on checking their backup AT LEAST twice per year when the clocks change. (Please also change those batteries!)