Tech for Thought

A must read article if you have ever wondered why people get infected by viruses and they didn’t “do anything”.

I firmly believe a fully patched machine with no antivirus software is safer than the opposite.

Here it is! by Corey Nachreiner – Director of Security Strategy at WatchGuard

How do hackers get me to malicious sites? You might exclaim, “I’m not naive enough to visit suspicious web sites on the Internet.”

However, any site on the Internet—even the ones you trust the most—may have been hijacked and could be hiding a drive-by download.

http://www.net-security.org/article.php?id=1946

In case you haven’t heard the term before, a drive-by download (DbD) is a class of cyber attack where you visit a booby-trapped web site and it automatically, and silently, downloads and executes malicious code on your computer.

article by Corey Nachreiner Description posted by Natasja de Groot

Bret Erickson

Passkey Computer Services – http://www.passkeyinc.com

Just saw the new Galaxy “Santa speech to the Elves” commercial for the first time.  It’s for the Galaxy Gear.  The new Smart Watch that connects to the Galaxy S4 phone and others.  I have to admit that is some cool technology!  I love the idea of being able to answer a call from my wrist. Or check my Fantasy Football scores.  Or quickly seeing texts or email as it comes in.  Not sure how much of that is possible now.  But I’m sure it will be. 

To not have to pull the phone out of my pocket,  How awesome.  But what about the flip side? 

Last night at dinner several of us pulled out our phones to check for babysitter related messages.  Can you imagine if we all had that on our wrist.  “Honey, take your watch off!”

Friday night I left my phone back in my bedroom.  We had company over.  About 10:30 that night when I got to my phone, I saw I had an urgent call/text.  It was something I would have broken away from my night for.  I would have called the client.  Interrupted my family Friday night. 

We are covered for that.  I have a tech on call at all times.  If someone from my family really needed me, they would call the house.  If it’s an urgent work call, they call the office, or are told to.

So what if someday, everyone had one of these smart phone connected smart watches.  And you knew if you sent someone a message and they didn’t reply right away, most likely they are ignoring you.

And, think of the distracted driving potential!

Or….

Is this going to do the opposite, long term.  One of the over the top, constantly connected, trends we see.  One that finally drives us crazy.  Makes it too much.  And it becomes more in fashion to turn off.  To not return calls and emails a texts on personal time.

Time will tell.  Pun intended.

Network virus

Time to talk to your employees about open email attachments and links again. We are seeing way to much of these lately. We along with most in IT support have been battling a wicked little virus for the past few months.

* It finds every shared folder on the network

* It makes tons of little infected programs named as every folder and file in the share.

* It hides the original files and folders

* It puts what’s called an “autorun” file inside the share so all a user has to do is open the network drive and they get infected.

* Or alternatively the end user opens the network drive and double click unknowingly on the file.

It doesn’t seem to matter what you have for security. We have seen machines with:

* Full security patching
* Latest antivirus
* A great filtering high end firewall
* Windows 7 Pro
* IE 9 or better

Today I really took a deep dive researching and everything I read says it is being installed by an American Express email/a UPS email/a Delta Airlines email or one of those tricky emails that tempt someone to open an attachment.

So as much I want to see every one on our patch maintenance. And I want to see everyone with a good firewall, antivirus, on and on… This email isn’t pushing you to purchase security. It’s asking you to stress to end users, not to open things unless they are sure. 100% sure. It’s costly, creates down time, and frankly it’s the last thing I want to have to bill for and spend your IT budget on. Please let me know if you have any questions.

Bret Erickson

Passkey Computer Services
763-546-8225
bret@passkeyinc.com

Microsoft released an update on Tuesday, March 12, 2013 that included an upgrade to Internet Explorer 10. While touted as much safer, faster, cleaner, you may want to think twice before you install it on your business computer. Many web sites simply won’t run on it. Many web based applications may have trouble as well.

This is especially true for all of our Insurance Agency clients. Many carrier web sites will not be able to function with this browser. At least not yet.

Written by Bret Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs facebook.com/passkeycs

Whenever we hear businesses talk about whether to allow users to work from home, one of the first things employers bring up is whether they are getting their monies worth. Whether people are actually working as much from home as they would be from the office. “Proof is in the pudding”, or ‘we’ll be able to tell” is heard often. Yahoo CEO Marissa Mayer decided to go to the VPN logs and see exactly how much those employees were connected and active. What she found was enough to terminate the entire program. Read this great article.

http://www.businessinsider.com/how-marissa-mayer-figured-out-work-at-home-yahoos-were-slacking-off-2013-3

I’m working at home as we speak. I allow our employees to work from home. I think it’s a great if not required option in today’s world. But if you do it, it’s prudent to have some kind of metrics to watch. Expectations need to be clearly lined out and have a way to keep a pulse on productivity.

Written by Bret Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs

Microsoft touts it as a success. Many others, a flop. www.scroogled.com Talk about being aggressive! I wonder if Google will ever counter? Or if they will respond in the way Microsoft did with “I’m a Mac”, which was to stay quiet and act like they didn’t really care.

Great summary article here.

http://blogs.kqed.org/newsfix/2013/03/01/microsoft-calls-off-scroogled-campaign-against-google

I do love the Gmail Man scene with the woman in the office. Hilarious!

Written by Bret Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs

Java security issue update

I spent the morning reading about this vulnerability. The products affected, options to defend against it and when we might see a fix.

Options for defense at this point are to disable the Java plug-in for all browsers. Anyone on our monitoring, I can accomplish that in one fell swoop with a simple script. Issue there, is how many websites need Java to function, especially an issue for our Independent Insurance Agencies. Next is to find your Java 7 installs and downgrade them to Java 6. I have seen a few articles with conflicting information, saying Java 6 can be affected as well. Last defense is to limit web browsing to essential sites. And that is what I am going to recommend.

Oracle, who bought Java in 2010, is saying they will have a patch out by Tuesday at the latest. The two solutions above involve a bit of effort at a larger business. Of course my official recommendation has to be to disable Java, but I understand that might not be feasible.

If you are unable to follow through with disabling Java, I would send out an email to all your users. No non-essential web sites. Limit any web sites that have advertisements that could have malicious code.

Until we have a patch.

Sites include:

News sites, yes even reputable ones, they all have ads.
Social Media sites, especially Facebook,
Web searches that involve visiting sites you are not familiar with or that contain advertisements.

If you need to visit these sites. Perhaps you use Firefox with no scripts allowed and Java disabled.

Remember, this is a zero-day vulnerability. As we found out the other day. A fully patched Windows 7 machine with antivirus and a powerful firewall didn’t stop an infection.
Your only real defense is user training and enforcing business only browsing.

Written by Bret Erickson or Passkey Computer Services
http://www.passkeyinc.com @passkeycs

Department of Homeland Security warns Businesses about a Java Vulnerability.

They go as far as saying to disable it as there is no security patch yet.

I’m always looking out for security alerts. But, it is such a standard to run all your security patches both Windows and third party, I often don’t send much out if it’s protected by a known security patch. Most of our clients either know to run them or they are on our monitoring and know that all these patches are in place.

When the Department of Homeland Security sends out an official recommendation to disable Java 7. Time to listen up.

Official DHS warning

This is important. We had two major infections last week. Both started from some kind of malicious code on an ad in Facebook and then once it infected the computer, the computer infected every mapped drive it could find. At that point anyone who executed a file off that drive go infected. And I am talking about fully patched machines, with antivirus, protected by a great firewall running gateway security services!! What more can you do? At that point the only thing left is user education, and if that doesn’t work, blocking non-business web sites.

More articles.

US Government advises users to disable Java

Feds warn users about disabling Java

If you are on our monitoring service, I will be querying all machines to find out who has Java 7 and will be in touch with you directly. If you are not on our patch management, PLEASE have someone at your business check machines to see who has Java version 7 using add/remove programs in XP, or Programs and Features in 7 and higher, and follow these instructions if possible; Disable Java? Here’s how. Or downgrade to Java 6.

I’m guessing Java will have a patch available very soon!

Written by Bret Erickson or Passkey Computer Services
http://www.passkeyinc.com @passkeycs

My good friend and I are coaching a girls’ basketball team for our kids. We are both rookies. I assistant coached last year. One thing I learned…if you don’t have a plan, the kids eat you alive. The parents give you that look of disappointment. You go home weathered and battered and resolve yourself to be better prepared next week.

Tonight we got together for an hour. Put together what we wanted to talk to the parents about and then a step by step plan for practice. I feel good about going in tomorrow night, confident. I know there will be curve balls, chaos and stress. But we have a plan, something to swim back to and hang on. Catch our breath. Regroup.

When it comes to IT, having no 3 year plan is pretty close to walking into a gym with ten, 9-12 year olds with no practice plan or anything. You are reacting. You are not in charge.

Kids are like staff that does whatever they want, and parents, are the supervisors and managers that talk about how you don’t know what the heck you are doing, and have no direction.

Running a successful business is parallel to running any organization or team for that matter. Preparation. Planning. Forecasting.

Lifecycle and budget. It really needs to be a cost of doing business. Like rent. Salaries. Office furniture.

Sure, many people get away on a song. But many times they are the ones who end up chasing after major problems at inopportune times and have customers sitting on hold as a customer service rep waits for their information to “pull up”.

Even if you have almost no budget for IT, get a plan. Where and when will you spend it? How old is your equipment. Is every purchase a surprise?

Like tomorrow night for my friend and I, sure I’m nervous, but at least we have some kind of a plan before it all turns to chaos. Sounds a lot like IT huh?

Written by Bret Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs

We often get calls from prospective clients looking for the best deal they can get for IT support for their businesses. They interview several IT shops, and either we are the best match for them because they are looking for that smaller IT shop who can provided personalized service where they are not a number or they go with the larger IT shops because for a certain price they get “all you can eat” for each workstation and server per month and think in the end they will save a lot of time and money.

There is only one way to make this work financially. Don’t spend too much on your front line techs.

I had an experience today after an hour and a half of frustration and I thought… “This is why, we will never change our model to one that requires all support calls to filter through low wage, 1st tier support.”

We recently purchased new Windows 8 phones. Figuring with our move to Office 365, Windows 8 and Office 2013 and our moving a ton of data to OneNote. Now is the time to try the new phone platform. We’ve been very pleased!

After the 3rd week of getting used to the phone, getting all my setting where I want them, downloading all the apps I wanted (except for my beloved Kagloom which is not available on this new phone). My new phone goes kaput. So after an hour of tech support from our un-named cell service provider they decide they need to send me a new phone. So I wait three days because of course, it dies over a holiday (just my luck) and I finally get my new phone.

Today, less than a week later, I have no sound on my phone. I can’t hear a ring, a vibrate is not felt and I can’t retrieve any voicemail. I check my settings. Everything is turned on. So I call our un-named cell service provider and get level one support. She has no clue about this new phone!! After struggling through this with her, she send me to level 2, While a little smarter with this HTC phone, he still has very little training on the OS admittedly, decides it is a software problem, and they need to send me a new phone.

What???? Days of waiting, hours of resetting? No!! I want to speak to someone in management! If I have to keep getting new phones sent to me, this phone is obviously not for me. This is unacceptable! So I get someone in a supervisor role on the phone. Another 15 minutes of explaining what is going on to the supervisor, all she offers is to send me a new phone. Then I want to speak to someone else who can do something other than send me another defective phone! So I get someone in retail services. Again – 20 minutes, no options from her. So I get sent to customer loyalty. Another 15 minute conversation. This one offers me the higher tiered support. She just wants me to try this. At this point I have been on the phone with this un-named cell service provider company for an hour and a half. I have ignored my kids, ignored the work I could have been doing while they did their homework and now dinner will be late on the table. FINE! I say – one last chance.

I get the 3rd tier support guy after my hour and a half wait. He is fantastic, completely knowledgeable. I explain to him what was happening. Guess what he had me do? A hard reboot. A basic hard reboot. All of a sudden my phone came back to life. It had sound, it had vibrate, and I could retrieve my voicemail. Halleluiah!!

But here is the thing. I asked my wonderful person on the phone. Why? Why did the 1st or level 2nd tiered support person not ask me to do this or ask if I had tried this before calling? His answer? Well the 1st and 2nd tiered support people have different steps and suggestions to follow then we do up here at 3rd level. Really???? A basic trouble shooting solution had to take an hour and a half and a lot of frustration on my part to get to because level one and two had different steps to offer? This was basic stuff and I needed level 3 and an hour and a half of my time. Wow.

This is why, we will never do this model. Simple as that. Our clients don’t have time for it. They want someone trained and familiar with their account off the bat. Time is money.

Written by Rachel Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs