This is my attempt to show the difference in speed between a regular spinning hard drive and a solid state hard drive. In a traditional hard drive there is a magnetic disk spinning and a head that swings across the disk. In order to read or write something the disk has to spin to the right location while the head moved across to the correct location. There is a coordination between the spin and the head. If the head doesn’t get in position when the disk location passes it had to wait for the next time around. While this happens very fast it’s no comparison to a solid state drive that simply requests a location and requires no motion. The solid state memory simply relays what’s been stored in the location and it can do this from any location on the device much faster than the spinning disk and head can move all over the disk. The result is a 5-10 times increase in disk access times. This means boots, shutdowns, launches etc are that much faster. In laptops this also means less power usage since there are no moving parts.
Prices of solid state drives have been coming down. They are not as low as a regular hard drive but they are getting very reasonable and life expectancy is also excellent. If you have a good computer that seems to take a long time to boot, or shutdown, or it just takes too long to launch a program, and you live in the Johnson County KS area, give me a call to discuss options. 913-893-1123
My new video to give a little overview of what we can do.
“Why Would Small Businesses Be a Target for Malware?”
Malware threats are everywhere. Working with various small businesses a statement I hear too frequently is “We don’t have anything anyone would want” or “I don’t care if we get hacked.” Both of these make me cringe. What they mean is “I don’t think anyone would want our stuff.” You hear about big businesses being hacked and may think they are the only ones who have a lot of information that they don’t want out in the public. In reality, most small businesses have computer data that should be guarded – even if it’s just client lists, or company financials. Imagine what would happen if that information was spread around the internet or if your financial data was emailed to your client list. As a small business owner, you may be using your computer for more than just business. Do you have family photos on your computer? Would you want all of them spread around the internet? Would you mind losing them all? Do you store passwords on your computer in text files, word files, spreadsheets, or just in the browser? If someone could gain access to your Facebook or Twitter account, could they get any of your friends to click on a link that supposedly you sent out? What if your computer were being used for illegal activity and you didn’t even know it? Chances are you can relate to one or more of the questions I have asked, and chances are you would prefer not to be hacked and not to have your information spread around the internet. The intent of most malware is to steal information or gain access to computer resources.
The Scrap Value of a Hacked Computer
Below is a list of tasks a “Hacked Computer” can be used for. This information was pulled from this article: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ Brian Kreb’s site is a gold mine of security information.
- Your computer could be turned into a Web Server for the following activities.
- Phishing Site
- Malware download site
- Warez / Piracy server
- Child Porn server
- Spam Site
- Your computer could be turned into an Email Server for sending out the following mail.
- Stranded abroad scams
- Harvesting email contacts
- Harvesting email accounts
- Access to corporate email
- Your computer could be used to sell Virtual Goods.
- Online gaming characters
- Online gaming goods/currency
- PC game license keys
- OS license keys
- Access to your computer and your credentials for Reputation Hacking.
- Linked In
- Google +
- Your computer could be used for Bot Activity.
- Spam zombie
- DDos extortion
- Click fraud
- Anonymization proxy
- CAPTCHA solving
- Your Account Credentials could be stolen and used for:
- eBay / Paypal fake auctions
- Online Gaming
- Web Site and FTP access
- Client Side Encryption keys
- Your Financial Credentials could be stolen giving access to:
- Bank account data
- Credit card data
- Stock trading data
- Mutual funds / 401K accounts
- Your computer or data can be held Hostage with the following attacks:
- Fake antivirus
- Ransom ware
- Email account ransom
- Webcam image extortion
How to Protect Your Information
1. Strong Passwords. With so many ways a computer can be utilized for dark reasons it’s important to be vigilant with your security. The reason to use different credentials on every site you visit is if one account is compromised it’s easier to contain the breach. If you have used the same password or a slight variation thereof on many sites, then you could have multiple accounts compromised and you may never get the genie back in the bottle. If you only access a few sites, you might be able to remember a few good passwords but if you have hundreds like I do, then you should be using a password manager. I will do another article on password managers later. Password Managers come in different flavors but they usually will have a master password that gives access to your vault of other passwords so that you only need to remember the one strong password.
2. Be vigilant. Passwords alone will not prevent all malware. You must be vigilant any time you are online. If your computer is on a broadband connection, and most are these days, you need to take precautions. You should have a properly set up router with firewall and secure WiFi. Your computer should have a firewall in place. You should always keep your software patched and updated. You should not have any software you don’t need on your computer. For example, if you loaded java for a job or something and you no longer use it, you should uninstall it when done. You should think about your exposure when uploading files to cloud services. You should have strong passwords protecting any online account where you store data. Think about the pictures you upload from your phone to a cloud somewhere. How safe are they? Do you have passwords stored on your phone or tablet? If those were stolen, what could someone gain access to? Email is one of the simplest ways to get a user to give access to their computer. Phishing emails tempt people to open an attachment that may look benign when in fact it’s malicious code waiting for access to your computer. Resist the urge to see that picture someone has of you. Resist the urge to reply to that guy in Nigeria just needing an account to transfer 6 million dollars to. Resist the urge to look at tracking information for a package you didn’t order. Some of them are very clever but they all have the goal of gaining access to your computer and your information.
If you need help securing data, I can help. With an analysis of your network infrastructure and verifying that credentials are not factory defaults. I provide guidance setting up backup solutions and data protection. I can assist in selecting a password manager and helping you use it correctly. If you have security questions I can help. Call 913-893-1123 and ask for Kent.
What is Malware and How do I Avoid It?
Malware: (short for malicious software) is an all encompassing word for undesirable software used to disrupt computer operation, gather sensitive information, or gain illegal access to computer systems. Malware includes computer viruses, ransomware, trojan horses, adware, and other malicious programs.
Computer Virus: The key to a virus is that it attempts to replicate itself. It is a form of malware that “infects” a host computer with any number payloads. The activities vary from harmless political statements to destructive commands that can wipe out data.
Trojan: A Trojan is a non-self replicating program that may do similar things to a virus. The name Trojan is a reference to a wooden horse used to trick the army of Troy. A Trojan typically requires the user to start the program. This is done by appearing to be something it’s not and then when the program is run, its malicious functions begin.
Ransomware: A form of malware, usually a Trojan that in some form blocks access to files on a computer. Demands are given to send money for the key to unlock the computer or files.
Adware: A form of malware that seeks to display advertisements to the user and or gather search history on the user. The simplest adware may just change the default search page in browsers. Typically browser windows will pop up or program windows pop up after you search for something. Add-on browser tool bars often fall into this category.
Being vigilant regarding Malware is the only protection. The route taken to infect a system is often called an attack vector. There are many attack vectors and new ones are being found every day. We all are familiar with software updates. Most of them are not to bring new functionality but to patch vulnerabilities that have been found within the code. When vulnerabilities are found in software they are usually kept quiet until an update can be issued to fix the vulnerability. This is why it’s so important to keep up with software updates. If your computer or device is always connected to the internet, it should be updated ASAP. Computers that are not updated are vulnerable and someone with malicious intent can go phishing with emails or a hacked website to try to catch anyone with a vulnerability. Emails promising free money or pictures of celebrities or warning that you might get an IRS audit all garner a few clicks and if the person who clicks has not updated their software, then they can become infected. With so many pieces of software operating in relative harmony on any given computer there are many opportunities for security holes. This is where anti virus and malware protection programs come in. Having these programs running will act as a shield if the user does encounter a virus or malware. The problem with these is that a threat has to be documented and added to the definition list then sent to the computer running the protection program. Some threats are unknown or it can take a while to get the definition updated so there are always times when a system is vulnerable. For the best protection against malware:
- Do not open emails that promise free money or anything else that sounds too good to be true.
- Do not open zip attachments from anyone unless you verify that they sent you a file.
- Beware of screen saver files either in emails or from less than stellar web sites.
- Be very cautious of any program you download from the internet.
- Keep your browsers updated (Chrome, Firefox, Safari, Opera, IE).
- If you have Java on your computer, be sure to keep it updated.
- Adobe Reader, Flash, and Shockwave should always be kept up to date.
- Email clients should be updated if they are not part of the operating system updates.
- When installing updates or any software be sure to read through the installation screens. Even many good software titles will try to load additional software during an install. Java, and all the free Adobe products try to bring along some other title when you install or update them.
- Using an AdBlock program in your browser can also help block some of the phishing advertisements.
Coming soon more information on why you should be concerned with malware, and why would someone want your information.
I thought we would have to wait for Google to get their fiber in the ground, then wait for their promotional period and then hope enough people in the neighborhood would sign up for service. I was wrong, Consolidated Communication is now offering gigabit internet connections. Consolidated wired my neighborhood here in Olathe, KS about two years ago with fiber optic cables. There were crews all over the place, digging holes and running cables. The initial offerings by then SureWest was not that great, there was no reason to jump ship. About a year ago though they offered some really tantalizing deals and I singed up for a 30/30 Mbit connection. Having that speed available for uploads was and still is pretty good. Today though I ran across the page shown to the left. Punched in my address and got the Congrats message that I could upgrade. After about five minutes of pondering I called them and set up a date to have them come upgrade my equipment. If you are interested in checking to see if you can upgrade here is the site: http://www.surewest.com/1gig/index.php
Fun facts…From Googles info page:
- With a gig, you can:
- Stream—without buffering—at least 5 high-definition videos (1080p) at the same time and still have enough bandwidth to email and surf the web.
- Transfer data over the Internet faster than you can write data to a thumb drive.
- Download data as fast as many computers can save the data to a hard drive.
- Download an entire digital movie (14 GB) in a little under 2 minutes.
I have been using gigabit networking components in my home office for some time so I am use to what can be transmitted over a gigabit connection. I am anxious to see what I can do online with that speed.
I have been working on a series of articles about malware that I hope to publish soon. Today I get a perfect example in the form of an email that looked legitimate at first. I look a little further and see that the from address is not KCPL who is my electricity provider. I have pulled a few lines from the header shown below. The email contained an attachment Energy_bill_april.zip This was the final confirmation that this was in fact a scam. First of all my electric company usually doesn’t send me a file, they direct me to their site to view my bill. But the fact that this was a zip file means I won’t know what’s inside until I open it. That may be too late to stop any possible payload. This is a perfect example of an email you should simply delete.
Don’t be curious and open an attachment like this!
From: “Lottie Hollingsworth” <email@example.com>
Subject: Electric Usage Statement
A Dear customer!
Your latest energy account is now available to view.
Account #: LL/12354216
Bill date: 26/04/2014
To view your most recent account, please revise the attached archive.
Our monthly bill inserts you energy-saving tips, regulatory updates and more.
To unsubscribe this announcement – please change your account notifications settings.
Should It Stay or Should It Go
A frequent computer question I help people with is, “should I fix my old computer or buy a new one?” If you are reading this, you may be at that point and trying to make a decision. You may have paid quite a bit for your current computer and feel like you should be able to get a few more good years out of it before casting it aside. With so many different systems out there it’s difficult to have a hard and fast rule as to when to replace a system. Not everyone needs high performance. However, “Do Not Resuscitate” should be the guideline for any system that was originally purchased with windows XP installed. Pulling your data off should be the limit of any work done on this old of a model. If you are currently using a system like this be sure to have a backup of your data because the hard drive is likely the first thing to go.
Here’s an example of a common machine that I see: the Intel Core 2 Duo. Many versions of this processor were made starting in 2006 and ending about 2011 so there are a lot of them out there. Early on systems utilizing this processor had Windows XP, then Windows Vista, and some at the tail end even got Windows 7. The processor has been out of production for nearly three years now. Benchmarks between an inexpensive ($300) Lenovo desktop computer utilizing a current Intel Pentium G3220 processor, and the old Core 2 Duo E4200 show 170% better performance. The new computer is able to do this while using only 65% of the power. A more detailed comparison can be found here: cpu-world.com. The new system comes with a new 500 gb hard drive, gigabit network port, far superior graphics, and the ability to run multiple monitors. So if you are poking along with a Core 2 duo, then an up-to-date low-end system could really surprise you performance wise. The upgrade is certainly worth considering before spending anything on maintenance for your current computer.
A Few Simple ways To Personalize Firefox Settings
Personalized Firefox Settings Begin Here
As always if you need more help or you have tool bars and or software taking over your browser experience 12 Stones Tech can help get you back to normal. For help call 913-893-1123
What is a Zero Day Exploit?
Simply put a zero day exploit is a software vulnerability that is found by hackers before the software creator. They can be the worst kind of security hole as they can be exploited until the software creator is made aware and can fix the problem.
Two On The Same Day
This morning I have run across two articles about zero day exploits and the patches that are available. The first is a security flaw in Microsoft Internet Explorer. There is temporary fix for this available from Microsoft until they can get a permanent patch distributed. When available the patch will be pushed out through the normal update channels for Microsoft software.
The second zero day exploit and fix I ran across is Adobe Flash. They have a technical bulletin out describing which versions are vulnerable and which are not. This is the Detail from that bulletin:
Adobe has released security updates for Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Macintosh and Adobe Flash Player 22.214.171.1246 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
Update Your Software
I work with many people on their computers. One of the comments that I cringe at is “That update window keeps popping up and I just close it.” Most legitimate software vendors out there provide a mechanism to update the software they create. The reason they do is not only for improvements but also to patch vulnerabilities. When a software program you have pops up and says there is a update would you like to install it you should do so. Software producers are not doing this to pester you, they don’t want to be responsible for a breach of your computer.
Why are there so many updates
Most software we use is very complex as are the computers and operating systems we use. Our computers unlike 20 years ago that occasionally got online are on all the time. Surfing the web is commonplace and because of that attacks are primarily going to come from the web. Software creators try to create a good usable and secure program that you can use for some purpose. There are people out there that are constantly looking for holes in software to gain access to computers. You may be one who says I don’t have anything on my computer of any importance so if someone gained access it would be no big deal. You may not have anything to steal but with the right exploit a hacker could commandeer your computer for their own purposes. They could use it for sending out spam, which will end up getting you in trouble with your
and probably blacklisted so you can’t send out your own email. They could use it to host websites of all sorts including for illegal activities. Which will of course get your into trouble with law enforcement at some level. They could just use it as a bot in a bonnet for attacking other computers. There are many reasons and none of them do you want to be a part of.
So the more software titles you use the more you will need to keep updated. Some occur automatically others require you to do some action. Take a few minutes and get them done. As always if you need help with any of these issues I am available to assist.
A Few Simple Settings To Personalize Chrome
Personalization Begins Here
|All settings in Chrome are accessed by clicking the button in the upper right hand corner with the three horizontal lines.|
|When the menu pops up scroll down to the settings line and click.|
Default Pages to Load