Are you receiving warnings that you are not connected to the internet? Or that you don’t have a valid IP address? Are you are currently using a Windows 10 computer and are you seeing either of these symbols in the bottom corner of your screen? If so then you are not connected to the internet and you will not be able to read this. 🙂 This problem has been going around for a few days, and I have had a number of calls and texts about the problem. The problem is your computer is not getting an IP address from your router or DHCP server. In short when you connect to a network there is a server that hands out addresses on the network. Your computer is not getting one for some reason. I have seen comments that it is due to a Microsoft update that went bad or was bad when they pushed it out. None of that really matters. All you really want is to get online. So the good news is there is a simple fix for this. Hopefully if this was a bad Microsoft update it will be fixed soon and the problem will be behind us.
Right click on the start button and you will get the pictured menu. Then select the Command Prompt. At the command prompt you will type the following commands followed by pressing enter. Don’t worry about what scrolls across the window. It’s just the command being processed.
After you have run these two commands you simply can close the command prompt window. Then open your browser and see if you can get to a web site. Your icon in the lower right should also lose the little yellow caution symbol. You should be up and running. If you lose connection again simply repeat these steps. If this doesn’t solve your connection problem then you are suffering from something else that will take further investigation. Feel free to grab this image and share if needed to get someone connected.
So much ransomware…
I recently had a rash of what appeared to be ransomware emails show up in my inbox. I ended up collecting 11 of them in one week. I decided a video was in order to show what ransomware does. For the video I created two virtual machines, one with Windows 10 Pro and one with Windows 7 Home. I thought I might be able to show how different anti-virus products fared, but I didn’t get to that. To show the effects, I placed a Word file, an Excel file, a simple text file, and several photos on the desktop so it would be easy to see when they were encrypted.
To summarize: Windows 10 was SAFE, Windows 7 got ENCRYPTED!!
I ran Windows 10 first, attempting to open all 11 of the files that had come via email. Windows 10’s built in Defender anti-virus caught each and every one of the attempts and nothing happened. The Windows 7 installation didn’t have any anti-virus protection because it doesn’t come with the package. (I did do another run with Windows Security Essentials installed, and it protected my machine.) I was only able to get one of the files to run and it encrypted the Windows 7 machine. Most ransomware requires various pieces of software for them to operate. It’s possible that the others didn’t work simply because I didn’t have the correct combination of software installed.
Does all ransomware show up in emails?
A lot of the current ransomware will show up as Word or Zip files attached to phishing emails; however, it can also show up when you are on the internet. It works by redirecting you to an infected web page. This type of ransomware is know as drive-by. It requires certain plugins (such as Flash) or vulnerable browsers (such as Internet Explorer) to launch, but they can happen simply by browsing the internet.
Keep your computer patched and up to date. Make sure you have anti-virus software and keep it up to date. Don’t open files sent by email unless you know for sure who they are from and what they are. If you have to, call the individual to be sure they sent you the file in question. Once your computer gets encrypted, there is a very slim chance you will recover your files without a good disconnected back-up or by paying the ransom. The ransomware that infected my machine in the video was in the Locky family. For more information about this type of ransomware, visit this site: http://www.tripwire.com/state-of-security/latest-security-news/the-newest-online-threat-zepto-ransomware/
Ready to see how ransomware encrypts a computer? Here’s my video:
Besides having a good anti-virus software installed, I highly recommend having a back-up system. If you need help setting one up or just an assessment of your current back-up strategy, contact me. 913-893-1123
The Adobe Flash plugin as long been the standard for internet video and interactive games. Many sites have used it to distribute video while maintaining some semblance of protection for content. Flash has enabled websites developers to produce beautiful and interactive websites, but that great power is also the problem. Flash can also be used to serve up malware due to its many exploits. Despite Adobe’s constant patching – sometimes weekly – the number of vulnerabilities keeps climbing. HTML5 is the new web standard being used to incorporate video content delivery instead of Flash. Since it is an industry standard instead of a proprietary system, security is placed on the browser and not on plugins.
CVE Details sums up the Flash Player Vulnerabilities:
2015 was a big year for vulnerabilities in Flash. We’re less than three months into 2016 and this year looks like it could be another big year too. If you look at the second graph the tallest line is the Execute Code type. That means that the vulnerability allowed remote code to be run on the victim’s computer. Not all of those were actually actively exploited, but the fact that there have been so many ways to exploit Flash is frightening.
It’s Time to Remove Flash
The consensus among most IT professionals now is that if you haven’t already, it’s time to remove Flash player from your computer. There are several different versions of the Flash player and they all should be removed or disabled. Google Chrome and Microsoft Edge browsers have Flash built into them and so it can’t be removed, but it can be disabled or used selectively. Check out the screenshot tutorial videos below to learn how to uninstall Flash on your computers:
Go to the control panel and then uninstall programs. In the list look for Adobe Flash and uninstall it. That will remove it from all but Chrome and Edge if you are using Windows 10. Also look for
Disable in Edge:
Disable in Chrome
I missed one step in the video. When you first enter the settings screen you have to hit the “show advanced settings” at the bottom.
I personally leave Flash enabled in Chrome but use the “Let me choose when to run plugin content” that allows me to use when needed. By using the Chrome version of Flash I keep Flash as current as possible because it’s automatically updated with Chrome.
On a Mac:
Adobe has a uninstaller that will remove Flash. https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
If you are using Linux, then I will assume that you know how to remove Flash already. Different distros will handle this differently.
Contact me if you have questions or need assistance: Kent Warden, 913-593-8074.
After Six Months with Windows 10
February 1st 2016, Microsoft is stepping up their push to convert Win 7 and 8 PC’s. To that end Microsoft has changed the upgrade classification of Windows 10 to a “Recommended Update” instead of the prior “Optional Update.”
Message from Microsoft
“Early next year, we expect to be re-categorizing Windows 10 as a “Recommended Update”. Depending upon your Windows Update settings, this may cause the upgrade process to automatically initiate on your device. Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue. And of course, if you choose to upgrade (our recommendation!), then you will have 31 days to roll back to your previous Windows version if you don’t love it.”
What this means for anyone who is still running Windows 7 or 8: 1. If you are not ready to upgrade when it kicks off, be sure to tell it NOT to continue. 2. If you are ready to update and continue, it will start downloading the upgrade file which is around 3.5 GB. If you are on a slow connection this could tie up your bandwidth for hours to days. If you are on a metered connection then it will use that much of your bandwidth.
If you would prefer to wait a little longer and you don’t want the update to kick off automatically, go to the control panel, click on “windows update” and then “change settings”. Uncheck the box below Recommended updates. There is no word yet if or when they may change the upgrade to an Important update which will push it through even if you make this change.
What Are You Waiting For?
All that aside, if you are running a system on Windows 7, 8 or 8.1, what are you waiting for? It’s been six months since Windows 10 was released. The initial bugs have been worked out. Is everything perfect? No, and it never will be – that is why there are updates and upgrades to keep software moving forward, and hopefully ever improving. I do work with several businesses that use software that has not been approved for use with Windows 10 yet so they are holding on. If you are in that situation, then you will want to make the change in your control panel so that the upgrade is not initiated before you are ready. The Windows 10 conversion marches on. It has surpassed Windows XP, Windows 8 and 8.1 in market share.
|Operating System||Total Market Share|
|Mac OS X 10.11||3.44%|
|Mac OS X 10.10||2.33%|
|Mac OS X 10.9||0.86%|
|Mac OS X 10.6||0.37%|
|Mac OS X 10.7||0.30%|
|Mac OS X 10.8||0.30%|
|Mac OS X 10.5||0.06%|
|Mac OS X 10.4||0.02%|
|Mac OS X (no version reported)||0.00%|
Deadline Looming (Maybe)
According to Microsoft, they will stop the free upgrades in July of 2016 – one year after starting them. There is speculation, though, that they won’t follow through on that threat. Their goal is to get as many computers updated to Windows 10 as they can. Cutting off the free upgrades will not help with that goal. If they do follow through, then there is less than six months left to get it done for free. As always if you have any questions, concerns, or need help with any computer needs, please contact me.
Most malware doesn’t attack from the back door. Instead it comes right in the front door and creates back doors you don’t even know about. I received three emails today and one a few days later before I finished this blog post, that I am going to share because emails laced with malware is the primary method of gaining access to your computer. Two of the emails are virtually the same email just from a different person. Making mail appear on the surface to have come from someone else is not difficult.
- It comes from someone I don’t know.
- There is no salutation or greeting.
- This one says I filled out my taxes with FreeTaxUSA. I have never heard of them and I certainly didn’t send them any tax info.
- The items listed say Louisiana State Tax Return. I don’t live in Louisiana and certainly wouldn’t be filing a return there.
- The checking account listed is not mine.
- Finally the clincher for this one is the attached file in zip format.
Zip files are common around the internet as they are a container file with other files contained within. The problem with zip files from unknown sources is that they can be used to transport malware past email filters. Most email systems won’t allow you to send an .exe file (executable windows file). So by placing an .exe or other file that can contains malicious code in the zip file they are bypassing some email filtering. If you don’t know who sent the file, don’t open the zip file! The other thing this email is trying to do is get me concerned that I have been charged for something I didn’t order. Obviously I wouldn’t have ordered a tax return from Louisiana; in fact my taxes were done some time ago. The email looks like I am being charged for something, so naturally curiosity will want to see what it is. If you receive an email similar to this, you must fight the urge to look and just delete it. If you just can’t stand it contact your bank or credit card company and check your statement for any suspicious charges.
The next two emails are similar:
Flags to look for in these two emails:
- Someone I don’t know
- No salutation (This in and of itself wouldn’t necessarily be a flag, but taken with the others I would expect to see my name here.)
- They are vaguely requesting information, then referring to the attached document. These emails are usually sent to thousands of people and the goal is to pique curiosity so you will open the attachment.
- The attachment is a Microsoft word .doc file – yet another route to infiltrate malware into a computer. Microsoft Word is a very powerful program that is capable of scripting. Because of the scripting and other vulnerabilities in Word you shouldn’t open a .doc file from anyone you don’t know. Make sure all your software updates are done promptly to limit the possibility of infection, but understand there are constantly new vulnerabilities that are found – so again, just delete the email without opening any attachments!
The interesting thing about the last two emails is that I looked up the companies and they appear to be legit businesses. So either someone just copied their information for the email or their computers have been compromised.
One final email that is more obvious:
This one is typical of emails generally caught by spam filters. It appears to be written by someone for whom English is not their primary language. It’s vague and leaves a lot of questions. I also like that the email is from Country court, not County court. I am not sure if that’s a federal court or the Supreme Court. 🙂 Again this email has the attached zip file that you should avoid. The email is just supposed to entice you to try to open the attached documents, and that’s when you could get a virus or other malware launched on your system.
If you have had and used an email address for some time, you likely will receive mail like this. Various entities around the internet collect email addresses and then sell the lists. These emails are probably sent to thousands if not millions of addresses. It’s an odds game. If they send out 10,000 emails and they can get 1% of people curious enough to click on the link or zip file, then they have nabbed 100 people or computers. If they do this every day, all year – that’s 36,500 people or computers that they can do whatever they want since the person opened the document and let the bad guys in. There are enough back doors in computer systems to guard against without letting someone walk through the front door.
If you have accidentally opened an attachment that has caused a virus, please contact me for clean-up services.
Do You Believe This Myth?
There’s a common myth many people believe about WiFi. That myth is that WiFi is a separate network from that of hardwired devices. There’s a common misunderstanding that a phone using WiFi can’t access a hardwired computer or printer. While there are some environments where this may be the case, the majority of the time this is NOT true for most homes and small businesses. The fact is WiFi is just an extension of the same network that hardwired devices are on. Devices on WiFi can see and interact with hardwired devices and vise versa.
You will see how important this is to security when I tell you about my experience over the weekend. We were visiting family in another town, and in two different locations I was able to access the local WiFi of these small organizations because it was open and not secured. Being curious, I scanned to see what devices were on the network, and attempted to gain access to the router. In both cases I was able to use default login credentials and accessed the router. If I had nefarious reasons to gain access, I could have done any number of things to the network. I could have changed the default password thereby locking anyone else out of the router. Then I could have changed any number of other settings that could have wreaked havoc to others on the network or simply locked them out. I had no such intentions and brought this to the attention of my local hosts. In both cases these were older routers with default login credentials. Despite the fact most newer routers come with preset random WiFi passwords they seldom have random passwords for the router login. However, some of the newer cable modem/router combinations I have encountered use a serial number or a code printed on the router itself to access the router. This would have stopped me from gaining access as I didn’t have physical access to the router in either case. The other thing that would have stopped me would have been to lock down the WiFi itself and not allow me on in the first place. For more on WiFi security
Most newer routers provide for guest access, and this can be left open or encrypted with a simple password. I always suggest some kind of password. Otherwise anyone can connect and use your connection for anything. A guest area allows for access to the internet but not to the router settings or any other devices on your network. This is the best way, other than a separate router, to provide guest access. Guests should never be allowed on your private network. The WiFi password should be at least 8 characters and complex, as it is the only thing keeping people out of your network. See my post about passwords
If you have a small business in the Johnson County, Kansas area and would like assistance checking your network for problems please contact me @ 913 – 893 – 1123
I have done the Windows 10 upgrade on a number of systems now including my primary desktop, with very few issues. I have also been searching for reports of any problems. The only problems reported that I have found are similar to my own experiences. One system I upgraded and the advanced sound driver doesn’t work in Windows 10, so I can’t get Dolby Digital sound. I am hopeful that a manufacturer updated driver will fix this down the road. For now I have to get by with just stereo. One older laptop I upgraded had a WiFi driver issue and I had to add a USB dongle to get WiFi working. Driver issues are the only real problems I have encountered and heard about.
Since most of the upgrades have happened event-free, I am recommending that if you have a newer system and want to upgrade, then go ahead. If you have a system that is 5 or so years old, you may want to check the manufacturer’s website and see if they have a recommendation. As always I recommend you have a good back-up of your data and any software install disks just in case – but you should have these anyway.
How to start the upgrade process: If you have gone through the “reserve” process and are now getting pop-ups asking if you want to upgrade, then simply follow the steps provided. Close out of all programs and make sure you have an hour or so to allow the upgrade to process. Once it’s begun, you will not be able to use the computer until it is completed. If you have a fairly slow machine, allow an hour and a half to two. It will ask you a few questions up front, so don’t walk away too soon.
If you want to upgrade but haven’t received the notice yet that you are ready to go, then you can go here: https://www.microsoft.com/en-us/software-download/windows10 Downloading this program and running it will start the process for you. It can also be used to create a DVD install disk so if you have several machines and a slow internet connection you can burn a copy and use the disk to upgrade machines. Note that there are 32-bit and 64-bit versions, and you need to match up with what’s on your machine. Other than start the process, using this program or clicking on the upgrade notice both do the same thing.
Once the upgrade is complete you can verify things are working correctly. You may need to check some settings and your default programs may have changed. So you may not be quite as fast initially with the new version of Windows. Overall Windows 10 has a very familiar feel and yet some differences, depending on whether you are moving from Windows 7 or Windows 8.1.
You may have heard there are some security fears with Windows 10. Here is a write up detailing some settings you may want to change from the default. To me, most of these issues just bring Windows more in line with what Apple and Google already do for information collection. Some of the settings allow for the new Cortana digital assistant to do her thing. You can’t have an assistant that knows nothing about you. With the predictive typing and voice recognition there is the fear that keystrokes are being sent to someone else. The article does mention that there could be a HIPPA violation if you use this service and are in health insurance and/or a medical practitioner. The biggest issue I have seen is the ability to share your WiFi access with friends on Facebook or Skype. How exactly this works is a bit of a mystery and so far there doesn’t seem to be a way to only share with certain friends, so for now I recommend disabling this feature. Windows 10 also introduces a new concept in constant upgrading and I am sure this feature will be one that is adjusted based on negative feedback.
Not all facets of Windows 10 are completely polished yet. There are still some areas that open screens like the control panel that have the old look and feel. With Microsoft’s new philosophy on maintaining Windows as a perpetual service instead of a stand alone product I am sure these old vestiges of Windows 7 and earlier will eventually disappear and be replaced by newer more friendly screens.
At least it will be tomorrow.
Microsoft has been hard at work for some time now on the next edition of Windows. If you are currently using a Windows 7 or 8.1 version, you will be eligible for a free upgrade to Windows 10. You may have already seen the little Windows symbol in the right hand tray of your system, clicked on it, and reserved your copy. If you have done that, tomorrow you should be prompted to process the update.
Patience is a Virtue
As with all big upgrades I would caution against jumping into this one too fast. There will be bugs to work out in the first week or so, especially as people begin to install this new software in droves. If you have a computer that is not your primary device and you want to try it out right away go ahead. If on the other hand, you have a single computer and you rely on it for work or other communications I would suggest waiting for a week or two at least. We will know pretty quickly if installs are going smoothly or not. It doesn’t seem to matter if it’s Microsoft or Apple or even Google, whenever they release a whole new operating system there are problems. They all usually get right on them and fix them but it can be a few days to weeks depending on the problem. Personally I will update a few boxes I have around that are not critical to my daily work. If all goes well and the dust settles, I will update my primary computers as well, and will post again when that happens.
I have been looking at and following the progress on the preview version. I will say that I am excited about this update. I liken this to the polish of Windows 7 when it came out. Vista had been problematic and clunky but 7 ironed those things out. Likewise Windows 8 and 8.1 have some good underlying technology but the user interface and implementation was clunky. Windows 10 appears to have streamlined the user interface well, including putting back a good start button.
What to Expect
The user interface is a blend of Windows 7 and 8; I would say the best of both. The new icons are minimalist but it’s nice to have a refresh. One of the big changes is that Internet Explorer, while still available, is being put out to pasture. A new browser “Edge” is taking its place. Edge looks to be a lot lighter, faster and all around better. IE will still be available and will be patched if it’s needed for some business applications but it’s not prominently displayed for use. One of the big additions to Windows 10 is Cortana. Cortana is the digital assistant similar to “Suri” or “OK Google”. You can ask Cortana to look things up, to add events to your calendar, or set alarms, send email, play music, get directions and much more. Of course you need a microphone to make this work. I won’t try to list all the new features but if you want here is a link to Microsoft and their list of what Windows 10 will have.
As always if you have questions about upgrading or if you need assistance please contact me.
I work with a wide variety of people, from home users to various sizes of small businesses. A common issue I see is poor password security. Passwords have been used since some of the earliest computer systems in order to keep people out of areas they shouldn’t be in. They are in essence a padlock on your stuff. The problem is a lot of people use a master key for all their padlocks and their padlocks are about as strong as a little luggage padlock. Perhaps you are also guilty of re-using variations on the same password like your dog’s name, the town you were born in, or even your phone number. The problem with these passwords is that they are fairly easy to guess for a hacker.
Don’t think it’s a big deal? Check this out: as a small business owner or even an employee at a business, you probably have an email address @businessname.com so any mail from you is official business communication. If someone could guess your password, they could access your address list, your sent mail, and all your mail in your inbox. Is there any information in those emails you wouldn’t want getting out? Like profit margin information, price list info, buyout or merger info? There could be a lot of damaging information stored in your email. Now suppose the person who guessed your password decided to send mail to your customers as you because they can do that now. What if they sent out an offensive email to your entire address book? While they’re at it, they go ahead and change your password so you can’t get into your own mail. Depending on how your mail is set up, an admin might be able to reset the password for you but it may take awhile and you may have to do a lot of damage control before you can get the hacker out. They could access your Facebook page and reset the password because they have access to your mail. How many other online sites would they now have the ability to access and change passwords because they have access to your email and can hit that “send me a new password button” on sites? With several of your sites in hand what kind of havoc could a hacker cause and how much trouble could they cause? How much work will it take to recover from the hack and do you have the time?
One of the worst places I see poor passwords used is on a registrar like GoDaddy.com. If you have a domain for your business, then you have it registered somewhere. If your password isn’t extremely secure, a hacker could gain access to your domain, take over your website, your email and anything about your domain. They can redirect your traffic to other sites or just stay quiet and glean as much from your information as they can. It all depends on the intents of the hacker as to how much damage they can do.
I completely understand why people want to use the same password and make it simple to remember. The problem with this is that hackers have automated tools that can run through dictionary searches against your passwords. This is basically trying every word in the dictionary, then trying words with 1 or 01 or 02 and so on at the end, or capitalizing the first letter. All of this can be done on a pretty simple computer in minutes. This is why a good password 1. doesn’t contain any words, 2. has upper and lower case letters, with the first letter not being the only one capitalized, and 3. has numbers and symbols interjected. Something like this: vU5ZQ85u7E is a good, strong password and would survive any dictionary attempts.
Just changing your passwords to make them strong won’t fully solve the problem if you use a spread sheet to keep track of them or they are on sticky notes on the side of your computer. Case in point: the recent Sony hack was made much worse because a spread sheet with a number of online account information was found sitting on a server. This allowed the hackers to go even further with ease. Most of us humans can’t remember passwords like vU5ZQ85u7E unless we use it a lot. So what’s the solution? Use a password manager. A password manager uses encryption to securely store all your passwords under the lock of one good password. So you use one good password to open your password vault and then pull passwords for other sites as needed. There are a number of products out there. Some encrypt your data then upload them to cloud storage making them available to any of your devices. Others are for use on a single computer and don’t leave that machine unless you backup the vault. I have used LastPass which is an online service and also KeyPass that is a local only program. There are other options and I may do a review at a later date, but if you have your business locked down with a luggage lock, I highly recommend that you fix it soon!
Plastic Easter eggs gave me an idea of another fun example of the speed difference. We even included some spinning in this one. 🙂 Once you have tried a solid state drive you won’t want to go back.
I have created another video for those of you that want to see a side by side comparison. Here it is.
With the time savings a solid state drive can yield it can be paid for in the first year.