In a recent article about ransomware and the affect it has on small businesses, the author states that “security experts say the first thing to do after a ransomware event is to upgrade security and backup processes.”

I had to read that twice before I realized how true it was and how erroneous the statement is.  If an IT consultant is taking these steps after the fact, then they have failed to adequately protect their client.  I cannot see working that way – it is backwards, last generation thinking.

You want to engage with an IT consultant who prepares an entire range of security measures for blocking the possibility of ransomware from affecting your small business in the first place.  Implementing heightened security and backup after the fact won’t cut it; security measures have to be implemented before a calamity occurs.

A new proverb in our industry states that “there’s at least one employee in the office that will click on anything.”  And because that is more often true than not, you need more than the standard list of preventative measures in place, which consist of:

  • Making sure you are running a robust security solution (Internet security, anti-virus, and anti-malware)
  • Keeping the operating system up-to-date
  • Avoiding the use of plug-ins (such as Java, Adobe Flash, and Silverlight) in your web browsers
  • Being careful with email attachments and links in emails from people you don’t know

While those steps are usually issued to help safeguard home users, a small business owner also needs to include the following elevated measures:

  • Employing an advanced Unified Threat Management device (firewall)
  • Enabling server and desktop back-up to a local device and the cloud

These additional factors should help obviate the statement made by the sources for the article’s author.

However, the most important step any security-conscious IT consultant must take is to ensure that appropriate employee education takes place on a regular basis.  This is because the ransomware threat landscape is constantly evolving. Cybercriminals have found a highly effective and lucrative approach to illegally making money.  As new forms of socially engineered threats appear, employees must be reminded and their awareness must be sharpened to distinguish between a valid email and a new phishing threat.

If you want this kind of training for your staff, contact me for further information.  Don’t be a victim to ransomware!

The last thing in the world I want to hear from a client is, “I did something really stupid,” because sometimes I am inclined to agree with them.  This was the case the other day.  I received a very distraught call in the middle of the afternoon. My client sputtered, “I should have known better, but I just wasn’t thinking.”  She went on to tell me that she received a phone call from someone who alerted her to the fact that something was wrong with her computer and that he had to remote in to fix it.

What makes this situation a bit puzzling is that she uses a Mac, and most of these fake callers say they are from Microsoft.  Now for the truly terrifying part:  She proceeded to let a complete stranger remotely access her computer for about an hour.

I won’t go into the recriminations she must be feeling.  While I tried to offer as much comfort as possible, I am quite embarrassed that one of my clients would not think to call me, or at least tell the person calling that “I already have a computer guy who takes care of this for me.”  But that is not the point of this security brief.  I need to concentrate your attention on what has to happen after this atrocious event.

Read More →

There is a reason I send out regular security bulletins explicitly warning about malicious email activity and instructing you, my clients, to call me before you do anything that could have serious repercussions.  That is because there is really bad stuff out there!

I received a voice mail from a client saying she received an email from her accountant and it contained instructions for using Dropbox.  (Dropbox is a file hosting service that offers cloud storage and file synchronization.)  When I listened to the recording, I wasn’t sure if she couldn’t follow the instructions or if she couldn’t get Dropbox to open.  Needless to say, she sent the email to her son, and he couldn’t get it to work either.

Then she called her accountant, who told her he didn’t send it, but that other clients also received the email.  After all of that, she ended her message asking me if her computer was OK.

Well, that was a tough question to answer.  Just the same I was able to conduct some forensics into what occurred with this email – and it was most certainly malicious.

Here is the text of the problematic email (unfortunately I couldn’t capture the header information).

apr1

Now, I don’t know how many times I have told you not to click on links from people you don’t know, but that wasn’t the case here. This sender (whose name has been erased) is known to the recipient. However, I strongly doubt that any business person she knows uses arbitrary capitalization like this. I also doubt a professional would ever send an invoice labeled as a “doc” file with a “jpg” file type.
Read More →

One day, you look in the Windows Task Scheduler and see the message:

The selected task “{0}” no longer exists.  To see the current tasks click Refresh

symNG2

Well after you click OK and then click Refresh, you are still missing that task.  And Windows is really great about not informing you of what that task is.

Other articles on the Internet suggest going through the actual Tasks folder to determine where the disconnect is.  I think I have an easier solution for anyone using a Symantec security product, particularly the Symantec Endpoint Protection Small Business Edition (also known as Symantec.cloud).

Open an elevated command prompt and issue the following commands:

cd \
cd program files\symantec.cloud\antivirus
avagent –SHOW_UI

The GUI will be displayed. (Norton Internet Security users simply open the product.)  Depending on your version, the screen’s appearance may differ from the one shown below (which is from NIS 21.5.0.19)

Click on Settings, and select the General tab.

symNG3

When you click the question mark to the right of the Idle Time Optimizer, you see the web page that explains that this “feature” automatically defragments the hard drive when the user is inactive for a period of time.

symNG4

I find this too pretentious for words.  If I have set a disk defragment schedule on my computer, or any of my clients’ computers, I fully expect those schedules will be maintained and adhered to.  I certainly don’t expect my security software to come along and interfere with them.  Even worse, is the error message that ends up being displayed as a result of Symantec’s change.

So, turn off the Idle Time Optimizer.  Click OK to apply.  Close the GUI, and the command prompt.

After you turn off this setting, click the Windows Start button, type “defrag” (without the quotes) in the Search bar to launch the Windows Defragmenter.  Change any one of your existing settings to force the entry back into the Task Scheduler.   You can reset the minor change immediately, and then close the Defragmenter.

Now, go back to the Task Schedule and see that there is no error message.

There you have it, an amazingly simple solution to a vexing (and stupidly annoying) error message.

Recently, Symantec updated the Endpoint Protection component of their cloud-based Internet Security offering. The Cloud Agent is a wrapper, while the base product – Endpoint Protection – is the Norton Internet Security product. The current version, NIS-22.5.2.15 has been updated to work with Windows 10 and has been given a new user interface. However, the problem with the update is in the number of settings that were added to this version and turned on by default.

Symantec partners access their clients’ portals via the Partner Management console (https://manage.symanteccloud.com). Most of the operations of the cloud product are controlled via policies and settings that are defined in each client’s web page (https://hostedendpoint.spn.com). From there you can control how the computers and servers will be protected, how USB devices will be controlled, the kind of web protection and network protection to be offered, as well as the scanning schedule. With the exception of providing Firewall rules and Program control rules, those are the only facets of the program that can be controlled via the web.

To control other elements of the product, you have to log in to the client’s computer, open up an elevated Command Prompt, access the C:\Program Files\Symantec.cloud\Antivirus folder and issue the Avagent.exe –SHOW_UI command. And that’s where we can find the latest problem. With the 22.5.2.15 update, the sheer number of settings that have been included – all without any option to control from the web – are startling.

Within the Firewall settings is the “Network Cost Awareness” setting.

SEPx1

This new policy allows you to configure the amount of bandwidth the agent will use. There is no equivalent setting in the cloud to manage this.

There is a completely new section for Tasks Scheduling.

SEPx2

Again, none of these settings are controlled via the policies on the web.

Last are the newly enhanced Administrative Settings which contain some of the more egregious changes.

There is now a 30-day report, which is gathering statistics that the end user will never even see.

SEPx3

And there is the “special offer notification” (what you and I would call advertising), which appeared on one of my client’s computers a few weeks ago. I had opened a case with Symantec Technical Support months ago about this specific setting and I was told that it would never happen again. Someone in the development group apparently didn’t get the message.

SEPx4

I am, quite frankly, horrified that these settings are on my clients’ computers. As a Managed Services Provider, I already use a Remote Monitoring and Management (RMM) software product to take care of scheduled Windows tasks, including the removal of temporary files. I don’t expect a third-party software product – ostensibly one designed for Internet Security – to be introducing a completely new and totally ungovernable set of tasks to my client base. I certainly don’t expect the software to adversely affect the performance of an end-user’s computer without my ability to control what does, and doesn’t, occur. And I absolutely want the software to respect my clients’ right to privacy from ANY kind of advertising – especially from Norton – because I sold my clients a Symantec product!

I don’t mind that I have to explain why the statistics in my RMM’s monthly reports show a nose dive with respect to performance and file clean-up. But what I do mind is that I cannot explain why Symantec did not inform its partners that they were going to be introducing these new “features” to the product. I have done some research since these settings appeared, and I have yet to find anything mentioned other than the fact that Windows 10 will be supported and that the screens have changed in appearance. It seems that all of the other items that were added did not deserve any mention whatsoever.

This product is marketed as a Symantec business product – and for years, I have sold it as a business-class product. And while I realize that it is built on the Norton consumer base, it must be completely managed; otherwise it is next to useless. There has to be a way to control ALL of these settings from the client’s web portal. Without that ability, it will be necessary log in to each of the affected computers (as they receive this update) and manually change the settings. That is going to take time, effort, and coordination. Plus, I am going to have to keep on checking to see if anything else like this occurs in the future.

Symantec, this is simply unacceptable behavior. In an effort to improve the consumer product, you’ve thrown garbage into the workings of a business product. The only way that you can reconcile this oversight is by providing discrete controls in the client web portal. Until you do that, I cannot, as a Symantec partner, continue to advise clients to purchase this product.

I have been working with the Windows 10 Technical Preview for several weeks now. It is slowly starting to stabilize, and I am becoming slightly more proficient in working with and around it.

Just the same I have some concerns that lead to questions for which I have not found answers.

I am concerned about support for vendor-specific device drivers from the likes of Dell, HP, and Lenovo. In many cases these manufacturers did not provide new or updated drivers for Windows 8 / 8.1 for “recently released” Windows 7 computers.

What’s going to happen when someone thinks they can update to Windows 10 because Microsoft said it was possible – and they no longer have network access because there are no Windows 10 drivers for their network card? The only option at present is to roll back the upgrade and hope that the computer still operates properly.

I am also concerned about what is going to happen after the first “free” year of Windows 10 as a service. What is Microsoft going to charge consumers and small businesses to continue using the operating system on their computers, laptops, and tablets? Will there be a “buy one – get two free” offering? Will each device require a subscription? How much money does Microsoft think consumers will be willing to spend monthly or annually?

I am patiently waiting for some answers to come from Redmond…

On December 1, 2014, Mozilla released Firefox 34. The major change with this release was the deal the organization struck with Yahoo to place that search companies’ product as the default search engine, displacing Google, which had been the search engine for years.

If you use Google as your home page, and you conduct searches from there, you will not see any difference. However, if you search using either the Address bar or the Search bar (located to the right of the Address bar), you are now using Yahoo to perform your search. That is, unless you change your search providers.

Here’s how to do just that. Click to the immediate right of the magnifying glass in the Search bar. You should see a menu option appear underneath titled, “Change Search Settings.” Click that option and the following window appears:

FFSearchOpts

In the search preferences window, select a default search engine in the drop-down menu.

Then, add or remove the check mark next to “Provide search suggestions” to turn them on or off.

In the lower half of the window, remove the check mark next to each search engine you don’t want to use. This will keep them in the list of available search engines if you decide later that you want to use them. But, if you simply don’t want to use any one of the listed entries, check each one and click the Remove button.

When you are finished, click OK.

If, at any point, you think you may have made a mistake, you can click the Restore Default Search Engines button to bring the list back. It will still be up to you to select the search engines you want to use.

To find out more, click the Help button.

I had purchased software earlier that day, so when an email from American Express Customer Service appeared, I wasn’t surprised.  What astonished me though, was the message:  “For your security, new charges on the accounts listed above may be declined.”  Hmm, there was a minor problem processing the transaction, maybe that’s it.

Looks real, doesn’t it?

AmexSpoof

Nope, this is fake.  What’s missing from this email?  My name, the last four digits of my card, and a phone number…  The link goes to http://american-progrecs.com/americanexpress/.  Investigation shows this to be a web site registered in China, but operating out of Romania!

This is very dangerous, so it bears repeating:  Do NOT click on a link from any email you get regarding “security,” because it is — more than likely — a phishing attempt.

Any questions?  Send me an email.

I have seen it time and time again. A client has a Windows desktop that is completely covered with dozens of icons — a veritable sea of Word, Excel, and Adobe reader files. I often ask, “How do you find what you need?” And the response I get is that it takes a while, but they know where something is (eventually).

Would you like to be a little more organized than that? If so, then I suggest you try these two built-in features of Windows 7 to help you:

  • Jump Lists
  • Pin program to Start Menu

Read More →

As many of you know, I started using Lenovo as a vendor of choice for both desktops and laptops earlier in 2012.  There are several reasons for this change.  One is because I think the design and build of Lenovo’s products is compatible or better than other computer manufacturers.  Now, most people use (and some even like) Dell, and I am a Registered Dell Partner.  Nevertheless, I have always believed in offering an option for my price-conscious clients, and Lenovo frequently beats Dell’s pricing.

Granted, Dell offers a wider array of customization options, but then you have to wait for the factory to build it for you.  Lenovo, on the other hand, has determined a decent core set of options that appeal to a wide segment of my client base.  There has been, so far, very little need to alter the basic hardware configurations.  I discovered long ago that most of you keep your computers far longer than their normal life spans.  I find it comforting to know that Lenovo computers will let me upgrade the memory one or two times to keep it performing like a newer computer.

So what is the headache?  Well, that came during installation.

Read More →