Cisco Systems earlier this week released a report from its Talos cyber intelligence unit. It contained a warning of 500,000 routers and storage devices in 54 countries that have been infected with malware. Their findings (https://blog.talosintelligence.com/2018/05/VPNFilter.html) pointed to the Russian government as having sponsored the hack, calling it “VPNFilter,” and that the software was simply waiting for activation. With a high preponderance of these devices in the Ukraine, it seems that an attack might be pending, or at least imminent.

I won’t bore you with the details (and they are voluminous), but the recommendations for how to thwart the hackers are quite interesting. End users are instructed to reboot their routers, modems, and network attached storage (NAS) devices to the factory default state and then to install the latest firmware. Internet Service Providers (ISPs) are instructed to reboot routers and cable modems for their customers and to ensure the devices are patched. Those two steps should, for all intents and purposes, knock out any of the malware that may have infected the devices.

Here’s my question: How many home users – or business owners – know how to perform those two steps? I do, because it is something I learned a long time ago as part of my job. But I can’t see asking any of my clients to do that. For one thing, the recommendations didn’t take into account the main task of saving existing settings – or at least writing them down – so they could be recreated after the device was flashed and rebooted.

In a “best case scenario” I can imagine someone was using a Linksys modem they purchased from a big box store and they didn’t configure anything; they simply followed the installation instructions. But in all likelihood, the SSID (i.e., the broadcast name) of their Wi-Fi is going to change. That means all of their wireless devices – computers, printers, tablets, and phones – will also need to be reset.

The report acknowledges that most of these devices are what we frequently call “set it and forget it,” meaning that they are expected to simply do their job once they’ve been installed. My concern about the recommendations centers on the fact that most individuals have no idea how to obtain the current firmware for these network attached devices. It isn’t very obvious from any of the manufacturers’ literature (and these include Linksys, TP-Link, and Netgear) that this is a task anyone should ever consider doing.

Granted a half-million devices is only a small drop in the bucket in terms of world-wide network device distribution. Yet it seems we have entered into a new “normal” for what people need to do – and learn – in order to better protect themselves from cyber security threats.

Thanks and safe computing!

Microsoft issues its monthly updates on “Patch Tuesday,” the second Tuesday of the month. Since the beginning of this year it has tried to fix the critical issues associated with the Spectre and Meltdown problems. But in a totally unexpected turn, the March 2018 monthly update knocked Windows 7 and Windows Server 2008 R2 systems offline because the network drivers get clobbered after the computers were restarted.

As a result, for the past two months I have blacklisted the updates; meaning I prevented them from being installed. In cases where I missed that phase and the computer had not been rebooted, I ran a script to uninstall the update. And in some cases, I was altogether too late and had to manually reinstall the network drivers.

Unfortunately, the May 2018 monthly update was wrapped up with a critical security patch, so it was inevitable that I had to release it. And I regret it, because this last episode has pretty much worn me out – and I’m not done with it yet.

Of all the vaunted software tools I have at my disposal, the most valuable one is remote access. However, when a client’s computer cannot connect to the internet that tool becomes useless; and I am forced into “break/fix” mode.

So the second Thursday of the month has now become a day of running around to client sites and manually reinstalling drivers, getting internet access again, updating the drivers and fixing other elements that are listed as “Unknown” in the Windows Device Manager.

Knowing that I’m shouting into the wind, I’m going to make this plea anyway. “Hey Microsoft! Could you please figure out a way to get this update to work properly without any extraordinary measures on my part?” I would thank you, and my clients would thank you.

I received a phone call from a major distributor earlier this week asking me if I knew about a new line of laptops issued by the electronics giant LG. I admitted that I was a Lenovo partner, and was partial to their offerings, but I was interested in seeing what the competition had available.

A short while later I received the email, the bulk of which is shown below.

 

At first I was intrigued, because it looked like it was going to be a light-weight model that could be useful for some road warriors. That is until I got to the last word of the text, and I stopped short. In my head I heard the cartoon sound of tires screeching to a stop.

I then re-read the title, “Professional Redefined.” At that point I was horrified because of the dissonance in the ad copy.

It starts with the word “professional” in the first line and ends with the words “Windows 10 Home” in the last.

If “professional redefined” means using consumer-based products in a business environment, I am absolutely and totally against it.

I am a managed services provider (MSP), and I sell IT support services to small businesses.

One of the main points I make as an MSP is that a business must use business-class (or even enterprise-class) products, because they are designed to be properly managed, provide greater security, and offer additional features used by businesses.

Windows 10 Home does not fit in those categories at all.

I cannot, in good conscience, even consider these devices for my clients.  But now I’m wondering how much grief this LG marketing campaign is going to cause other MSPs who will have to tell their clients, “No, I’m sorry, it looks nice and shiny, but it isn’t suitable for your office.”

And no offense to LG, but if you are going to redefine the word “professional,” I would hope – very sincerely – that you would aim for something higher up on the scale, instead of lower.

Thanks and safe computing!

A security-based newsletter entered my Inbox Tuesday afternoon and, like a gerbil, I immediately clicked it open to see what kind of shenanigans were going on in the world of cybersecurity.  You can imagine how intrigued I was at the following title:  “Chrome Is Scanning Files on Your Computer, and People Are Freaking Out.”

Well, that certainly got my attention, and I clicked on the link to read the article at Motherboard, and a lot of the associated links, and those associated stories and their links, and before I knew it, more than 30 minutes had gone by – and my jaw was just as slack at the end of that adventure as it was at the start.

Here’s the original article:  https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool

I’m going to give you the “Reader’s Digest” version because I don’t know if many of you are going to read that.

Let’s start with the basics.  Google Chrome is a browser, just like Microsoft’s Internet Explorer, and Mozilla’s Firefox, and Apple’s Safari.  The browser lets you explore the pages on the World Wide Web.

The focus of this article is that deep within the Google Chrome settings, there is a ‘clean up’ option that uses a third-party product (from antivirus vendor ESET) to scan for malware that could, potentially, harm the Chrome browser itself.

One of the parameters associated with this option, “Report details to Google,” is defined as follows: “Includes information about harmful software, system settings, and processes on your computer.”  And the default for this setting is to ALWAYS SEND the data to Google!  Obviously, this setting lets Google’s developers know how to handle any problems that may have been encountered during the scan.

Now that’d be great if Chrome simply scanned a few known locations in which malware frequently appears and then closed down.

Unfortunately, as the reporter describes it, the scanner reached further into the computer than anyone would have suspected, and it was going through the My Documents folder.  I can’t imagine that any malicious software would reside there that could cause any harm to the browser.  So that’s just overkill.  The exaggerated claim is that Google is spying on you, your files, and your computer.

According to a leading Google developer, the scanner “only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click” on a box if anything is detected.

Like I said, this is the first time I’m hearing about this.  But the text of the “agreement” you have with Google when using Chrome can be found here: https://www.google.com/chrome/browser/privacy/whitepaper.html#unwantedsoftware

I looked into this, and it seems that this clean up “feature” has been in existence for more than a year, and is only now getting any reaction.  But that’s the wonderful nature of the Twitter universe.  Someone makes a discovery; some of her followers take a closer look and get agitated; a reporter asks a few questions, and then everyone gets all riled up about the intrusive nature of a global corporation.

I doubt that any of my clients who have Chrome have EVER seen a pop-up that malware was found.  And I know that many of you use Chrome and that some of you have encountered instances of malware.  It’s simply that the software I have installed on your computers scans more frequently than once a week, is constantly updated, and – most importantly –I monitor the results (not Google!).

While I would want everyone to turn off the setting that sends data to Google, the steps I have followed do not work for more than the logged on session.  If you close your browser and then re-open it, the setting turns itself on again.  I have checked, and it seems that this setting simply cannot be eliminated.

What’s my recommendation:  If you don’t mind having your machine bogged down every now and then by a scanner over which you (and I) have no control, you can continue to use Chrome.  But I would really like to know if you ever get a pop-up from Google about malware.  Otherwise, if you’d prefer a less intrusive browser, send me an email or give me a call and I’ll install Firefox and transfer your favorites.

Thanks and safe computing!

Read More →

“Beware the Ides of March” is a well-known phrase for this time of year. Who knew that it would apply on Wednesday March 14, 2018? That was the day after Microsoft released KB4088875, which had the uncanny ability to remove the network card drivers from Windows 7 Professional and create ghost network cards in Windows Server 2008 R2.

Clients called to tell me they could not connect to the Internet, and asked if I could remote in to fix the problem? Seriously? (Sometimes there is a little bit of humor in IT support.)

No, I am sorry, but I cannot remote in to your computer if you can’t get a network connection. I had to tell a number of clients that I was going to deputize them as “special assistant junior level 1 technicians” for the life of the phone call. In some cases it was a mere 15 minutes; whereas in others it clocked in at closer to 45.

The major saving grace in all of this is that I deploy Lenovo computers to my clients. Fortunately the factory-installed network drivers are available for detection and installation directly from Windows (Device Manager > Unknown Device > Update drivers > Browse my computer), or indirectly via the C:\SWTOOLS\DRIVERS\NETWORK\INTEL folder (requires the user to click on the appropriate EXE file).

Once the network card was re-installed and activated, it was a simple matter of gaining remote control to do two important tasks. The first was to uninstall KB4088875; that absolutely had to go. The second was to run Lenovo’s System Update utility to update the network driver to the current version, and to reinstall (or update) any other software that was removed.

The most worrisome aspect of this little escapade: I’m not sure that all of my clients rebooted following Tuesday’s patch. So this issue is going to crop up again and again over the next few weeks as clients shut down and restart their computers.

I have already run a script to uninstall the patch from those computers, but I may not have caught all of them in time. Similarly, I have blocked the patch from being distributed to the rest of my client base to prevent an onslaught of phone calls and irate clients.

Ubuntu doesn’t seem to have these horrific issues on a regular basis.  Although January’s attempt to fix the Meltdown issue did qualify as truly awful. So if a client only needs to browse the internet and obtain mail via a web browser, I am now, more than ever, inclined to move them to an easier to manage desktop operating system.

Therefore, let me offer “Thanks!” to Microsoft for enabling me to break out of the Windows-only rut and consider an alternative desktop experience for my clients. Ubuntu puts a nice glossy coat on Linux, virtually eliminating the mystery of using a different operating system.

Thanks and safe computing!

It is Black History Month, but it also contains Groundhog Day, Valentine’s Day, President’s Day (remind me, why did we decide to smoosh all of those birthdays into only one day?), and let’s not forget my favorite: National Margarita Day (2/22). For a short month, this is chock full of “days.”

What’s all that have to do with computers and security?

Quite a lot!

Every day, there is another announcement of some form of threat to your security: a data breach here, a ransomware attack there, new forms of malware, some other scheme for mining cyber-currency from your computer or smart phone, and even more sinister, the ever-present phone calls from “flaming idjits” that tell you about a problem with your computer that they have detected and called to help you fix. Please! That one just makes me angry. (Although you might be amused at the sheer number of individuals whom I’ve told to engage in physical acts that would require contortions beyond the ability of most…)

I know that no one can be kept on “high alert” day after day without getting weary of it. It is tough for me, and it is a major aspect of my job. I am always pleased when one of my clients gets an email and forwards it to me to ask, “Is this legitimate?” or “What should I do about this?” That means you’re staying on your toes and looking out for your own safety. That’s what I want you to do; that’s what I need you to do.

However I don’t know how many others are getting emails and continuing down the path of – there’s no other word for it – ignorance, and clicking on that link. Because, despite all of the protections that I’ve put in place on your computers, there is still the risk that if you click on a link in an email something bad could happen.

So what should you do if you are attacked?

1. First of all don’t panic, although that’s what most people do.

2a.  Simply pull the Ethernet cord from the back of the computer (there’s a little hitch to squeeze in before you unplug it).

2b.  Business owners, you need to make sure the affected computer is no longer communicating with the server.

3.  Do NOT turn off the computer! You will lose any forensic information that is available. I’m going to need that data to help remediate the problem.

4.  Call me immediately, and use your phone to send me an email with a photo of what’s on your screen so that I can identify the exact nature of the problem.

5.  Let me handle this for you – it is not a “DIY” (do it yourself) project! Don’t start “Googling” for the fix! Some Russian firm with 500 employees wrote the malware and will charge $79.95 to your credit card to fix the solution they created in the first place. And it won’t get fixed – you’ll simply be scammed…

6a.  After I have assessed the damage, and if it is necessary, you can reach out to the local police and to your insurance company.

6b.  For business owners, this is a reminder to make sure you get, or review, your cyber-liability insurance policy.

There, some “tough love” on Valentine’s Day. I hope that you don’t have to go through any of this, and can simply relax and enjoy National Margarita Day with me.

Thanks and safe computing!

Look, I know that as a business owner, office administrator, or practice manager you get emails from people that you don’t necessarily immediately recognize. It happens to everyone.

By the same token, you’d be hard pressed to ignore an email that was sent in response to one of yours.

That is unless, of course, you didn’t send the original email.

I was quite surprised to see an email from Ronald Perez telling me about an invoice. More so because he included my text regarding a call I was going to make to him.

Unfortunately, the “original” email is fake.

I always close with the word “Thanks!” and have a closing email signature. Neither of which appear in this email.

Looking very closely at the link, it goes to some confabulated address that I’m sure would attempt to ask for a user ID and a password – if it didn’t first attempt to download a key logger to track my future movements over the internet.

It is the very start of the holiday season, so please look carefully at the emails that you receive – BEFORE you click on the link.

And if someone is asking you to pay for something you didn’t order, simply delete it.

I thought that when Mozilla released Firefox 57, code named Quantum, it would live up to the recent hype about how fast it would be.

I did not find that to be the case.  My home page is www.google.com and it would take almost 10 seconds to load it.  That is ridiculously too slow.

I did some research and found others had complained about slow response and freezing web browsers.  The net result is a simple fix:  turn off the Accessibility Services (if you don’t need it).

  1. Click the menu button Fx57Menu and choose Options.
  2. Select the Privacy and Security panel.
  3. Go to the “Permissions” section.
  4. Check the Prevent accessibility services from accessing your browser checkbox.
  5. Restart Firefox.

Simple and sweet – and it works!

Here is the KB article if you want to read the entire description of these services and how you might be affected if you disable them: https://support.mozilla.org/en-US/kb/accessibility-services

Hope that helps!

 

Think back to the first time you ordered a book on Amazon.com. Wasn’t that a miraculous experience?

Just the thought of not having to sit in traffic to drive to the mall, and the ability to avoid the crowds while you sat at your desk and browsed through thousands of books without screaming kids or having someone looking over your shoulder as you decided between two authors. All of that was achieved with cloud technology. Of course, back then you used dial-up technology to connect to the internet. Things were slow, but you didn’t care – you thought that it was wonderful.

My, what a difference a decade has made!

The simple fact is, cloud computing is NOT a good fit for every company, and if you don’t get all the facts or fully understand the pros and cons, you can end up making some VERY poor and expensive decisions that you’ll deeply regret later.

First, you’ve got to review the standard features of any cloud-based software product. These include flexibility in terms of migrating your existing data to the software vendor’s product, thus obviating the need for hardware expenditures. You’ll be in a position to give your employees the ability to collaborate on the same information at the same time even if they are in diverse locations. And lastly, you will be able to scale up (or ramp down) the number of software licenses to match the speed of growth within your organization.

So if you are interested in using cloud technology for your business, you must start with your internet connection; in this case, the faster the better – as long as it fits within your budget. And, as a successful business owner, you know that something can go wrong at the most in opportune time and you know that you want to avoid that. Therefore, you should ask your IT professional about a cellular failover device to provide redundant back-up service for your internet service provider’s service.

When you work with any cloud software vendor you must understand that they will be keeping YOUR data on THEIR servers. You should find out from the software vendor how they will protect your data from any form of breach, and what actions they will take on your behalf if such an event occurs.

And, because your data is an integral part of your business, you have to ensure that it is backed-up as well as protected. By moving to the cloud you do not get to forego standard data-related housekeeping chores; you simply offload the responsibility to another party. But you should ascertain that they are going to be good stewards of your information by asking them how often data is backed up, and what their retention scheme is.

You will also want to review any and all mechanisms available to you if you decide to terminate your arrangement with the cloud provider. Reasons for this can be varied: They may be going out of business; you may feel you can no longer work within the constraints of the product because it has not evolved over time; or your organization has grown to the point that the product no longer suits your needs. At the very least, you don’t want your data to be held hostage. It is, after all your data. Know beforehand about the means to download it or how you could perform a data migration to another vendor.

All of this means that you should carefully review all of the terms and conditions associated with your account. If you are unsure of anything, or how you would be affected, print it out and have your lawyer review the document.

Because you’ve read this post, I’d like to offer you a FREE Cloud Readiness Assessment to show you there IS a better way to upgrade your computer network AND to demonstrate how a truly competent IT professional (not just a “computer guy”) can guide your company to greater profits and efficiencies, help you be more strategic, and give you the tools and systems to fuel growth.

To respond, please call our office at 866-912-8808 and ask for me, Larry. I personally want to take your call to answer any questions about this blog post, my company, and how we might be able to help you.

I think that I know my client base well enough to know that the majority of you don’t use Twitter, although you probably do know someone who does (no, I don’t mean that guy who seems to be in the news every day for his posts). Unfortunately, what is happening now with that venue is getting out of control.

In the past few weeks if someone in politics, or in the news media, tweets something that is antithetical to another group’s beliefs, that person’s inbox will be filled to the brim immediately with targeted opposition posts. There are these things called “bots” (short for robots) that are now spewing out antagonist tweets at an unprecedented rate. And they are using Twitter to attempt to change the course of political and social discussions.

We all realize now that the 2016 presidential race was subject to Russian cyber-meddling. Some analysts say that the recent ferocity of the latest assaults is but a mere preview of what could be coming in the 2018 elections. The purpose of these bots is to sow discord, and so far, they are succeeding. While top Russian officials have repeatedly rejected accusations of meddling, the top U.S. intelligence agencies are telling us otherwise.

I’ll certainly bet you never thought the information you got on your mobile device came from a robot programmed to serve up garbage, but it is happening. And now, more than ever before, you now have to question the integrity of the information that you receive. On the one hand, ever since the election Twitter has taken steps to counter false news and kill off fake accounts. On the other, unfortunately, the bots are also getting savvier at dodging detection.