A1 Computer Repair

Computer Services

Tech Support Blog

Windows XP Will No Longer Be Supported After April 8, 2014

by

Windows-XpWindows XP SP3 and Office 2003 will go out of support on April 8, 2014. If your organization has not started the migration to a modern desktop, you are late. Based on historical customer deployment data, the average enterprise deployment can take 18 to 32 months from business case through full deployment. To ensure you remain on supported versions of Windows and Office, you should begin your planning and application testing immediately to ensure you deploy before the end of support.

It means you should take action. After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.

Running Windows XP SP3 and Office 2003 in your environment after their end of support date may expose your company to potential risks, such as:

  • Security & Compliance Risks: Unsupported and unpatched environments are vulnerable to security risks. This may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information.
  • Lack of Independent Software Vendor (ISV) & Hardware Manufacturers support: A recent industry report from Gartner Research suggests “many independent software vendors (ISVs) are unlikely to support new versions of applications on Windows XP in 2011; in 2012, it will become common.” And it may stifle access to hardware innovation: Gartner Research further notes that in 2012, most PC hardware manufacturers will stop supporting Windows XP on the majority of their new PC models.

Get current with Windows and Office. This option has upside well beyond keeping you supported. It offers more flexibility to empower employees to be more productive while increasing operational efficiency through improved PC security and management. It also enables your organization to take advantage of the latest technology trends such as virtualization and the cloud.

Enterprise Customers: Microsoft offers large organizations in-depth technical resources, tools, and expert guidance to ease the deployment and management of Windows, Office and Internet Explorer products and technologies. To learn more about migration and deployment programs, please contact your Microsoft sales representative or Certified Microsoft Partner. Learn how to pilot and deploy a modern desktop yourself, download the free Microsoft Deployment Toolkit and begin your deployment today.

Small to Medium Business: There are many options for small and medium businesses considering moving to a modern PC with the latest productivity and collaboration tools. Small to mid-size organizations should locate a Microsoft Certified Partner to understand the best options to meet their business needs. If your current PC meets the system requirements for Windows 7 or Windows 8.1, you can buy Windows 7 Professional or Windows 8.1 Pro from a local retailer or Microsoft Certified Partner. If your PC does not meet system requirements, consider purchasing a new business PC with Windows 8.1 Pro.

Keyloggers – Keystroke Logging Software Threats

by

A keylogger is a program that runs in your computer’s background secretly recording all your keystrokes. Once your keystrokes are logged, they are hidden away for later retrieval by the attacker. The attacker then carefully reviews the information in hopes of finding passwords or other information that would prove useful to them.

Keyloggers---Keystroke-Logging-Software-and-Hardware

For example, a keylogger can easily obtain confidential emails and reveal them to any interested outside party willing to pay for the information.

Keyloggers can be either software or hardware-based. Software-based keyloggers are easy to distribute and infect, but at the same time are more easily detectable. Hardware-based keyloggers are more complex and harder to detect. For all that you know, your keyboard could have a keylogger chip attached and anything being typed is recorded into a flash memory sitting inside your keyboard. Keyloggers have become one of the most powerful applications used for gathering information in a world where encrypted traffic is becoming more and more common.

Keyloggers - Keystroke Logging Software and Hardware 3

As keyloggers become more advanced, the ability to detect them becomes more difficult. They can violate a user’s privacy for months, or even years, without being noticed. During that time frame, a keylogger can collect a lot of information about the user it is monitoring. A keylogger can potentially obtain not only passwords and log-in names, but credit card numbers, bank account details, contacts, interests, web browsing habits, and much more. All this collected information can be used to steal users’ personal documents, money, or even their identity.

Keyloggers - Keystroke Logging Software and Hardware 2

A keylogger might be as simple as an .exe and a .dll that is placed in a computer and activated upon boot-up via an entry in the registry. Or, the more sophisticated keyloggers, such as the Perfect Keylogger or ProBot Activity Monitor have developed a full line of nasty abilities including:

· Undetectable in the process list and invisible in operation

· A kernel keylogger driver that captures keystrokes even when the user is logged off

· A remote deployment wizard

· The ability to create text snapshots of active applications

· The ability to capture http post data (including log-ins/passwords)

· The ability to timestamp record workstation usage

· HTML and text log file export

· Automatic e-mail log file delivery

All keyloggers are not used for illegal purposes. A variety of other uses have surfaced. Keyloggers have been used to monitor websites visited as a means of parental control over children. They have been actively used to prevent child pornography and avoid children coming in contact with dangerous elements on the web. Additionally, in December 2001, a federal court ruled that the FBI did not need a special wiretap order to place a keystroke logging device on a suspect’s computer. The judge allowed the FBI to keep details of its keylogging device secret (citing national security concerns). The defendant in the case, Nicodemo Scarfo Jr., indicted for gambling and loan-sharking, used encryption to protect a file on his computer. The FBI used the keystroke logging device to capture Scarfo’s password and gain access to the needed file.

A1 Computer Repair – Malicious Software Removal Experts

What is Phishing? Phishing and Identity Theft

by

Scammers and Hackers are Phishing For Your Identity

what is phishingWho hasn’t received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you’ve conducted business with in the past. So, you click on the convenient “take me there” link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been “phished”.

Phishing (pronounced as “fishing”) is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.

It is not as easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The “From” field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company’s website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the “From Field” can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information.

A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

Personal Computer Security, The Threats and Solutions

by

personalcomputersecurityWhen it comes to computer security, many of us live in a bubble of blissful ignorance. We might be vigilant and never open email attachments from people we don’t know, we might take care to make sure an eCommerce site is secure before entering our credit card information, or we might even go so far as to install a standard firewall on our computers. Unfortunately, much of the common sense advice we follow when it comes to Internet security does little to combat the cybercrime that is rampant.

Federal Trade Commission

Even the U.S. Federal Trade Commission, a governmental agency that is designed to help consumers, had to issue a press release stating that “consumers, including corporate and banking executives, appear to be targets of a bogus e-mail supposedly sent by the Federal Trade Commission but actually sent by third parties hoping to install spyware on computers.”

There’s little doubt that spyware, malware, and insidious virus attacks make any computer with Internet access vulnerable. But, because not all Internet security breaches are immediately apparent, people are often unaware that their seemingly hassle-free computing is anything but. The Federal Trade Commission offers seven guidelines to help consumers surf the Web safely:

1. Protect your personal information. For example, when shopping on an eCommerce site, make sure that the page where you enter your personal information is secure, as designated by “https” before the URL. It’s important to stop identity theft before it starts.

2. Know before you click. For instance, many cyber-criminals impersonate legitimate businesses or send “phishing” email that asks you to click a hyperlink. Check out the online merchants and never click on emailed hyperlinks unless you’re certain of the source.

3. Update anti-virus, anti-spyware, and firewall software often. Hackers and others who engage in cybercrime seem to always be a step ahead of the good guys. If your computer protection is outdated, you’re vulnerable.

4. Use a Web browser and operating system security features. Make sure your browser settings give you optimal privacy and security and ensure that you update your operating system regularly to take advantage of security patches.

5. Safeguard your passwords. For example, create a unique password for each site you visit, and keep them in a secure place. Use letter, number and symbol combinations that can outsmart automated password detection programs.

6. Always do backups. If your computer does get a virus or a worm, your files may be goners. Make sure to regularly back up any important files and store them in a secure place.

7. Prepare for emergencies. If something does go wrong, such as your computer being hacked or infected, or if you accidentally divulge personal information, know what courses of action you should take to remedy the situation and prevent further problems.

A1 Computer Repair Services Can Help

Protecting your computer from all of the threats in cyberspace can seem like a full-time job. Our computer repair service provides full system optimization, problem diagnosis and repair, installation assistance, and a full complement of security services for your home or business like backup and cloud computing. You pay a small monthly subscription fee and in turn can surf the Web knowing that your computer is locked down and that you’ll never again have to stay abreast of the latest security software or lug your computer down to a high-priced repair center. Contact us for more information on securing your personal or business computer today.

Setting Up Your Wireless Router Securely

by

wireless router setupSetting up a wireless router is easy. Essentially you turn your cable or DSL modem off and your wireless router on. Then, you connect the router to the modem with a cable and turn the modem back on. You are more or less done. The wireless network wizard on your computer will pick up the router and, if your ISP does not have any special requirements, away you go, you are on the Internet.

For ease of setup and configuration, manufacturers ship wireless routers with all security disabled. Therein lies the problem. If you do not take any further steps to secure your router, and a surprising number of people don’t, your network will be wide open to all passersby and strangers. It’s like you’ve hung out a sign, “The door is open. Please come in and help yourself.”

The problem is not that strangers will be able to use your router to access the Internet but that, without further protection, would-be intruders will be able to monitor and sniff out the information you send and receive on your network. Malicious intruders can even hop onto your internal network; access your hard drives; and, steal, edit, or delete files on your computer.

The good news is that it is relatively easy to secure your wireless router. Here are three basic steps you should take.

1. Password protects the access to your router’s internal configuration

To access your router’s internal setup, open a browser and enter the router setup URL. The URL will be specified in the manual. The URLs for D-Link and Linksys routers, two major manufacturers of wireless routers, are http://192.168.0.1 and http://192.168.1.1, respectively.

For Linksys routers, leave the user name blank and type “admin” (without the quotes) in the password field, and press enter. To change the password, simply click on the Password tab and enter your new password.

For other routers, please consult your manual. Alternatively, you can search on the Internet with the term “default login for ”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.

2. Change the default SSID (Service Set IDentifier)

The SSID is the name of a WLAN (Wireless Local Area Network). All wireless devices on a WLAN use SSIDs to communicate with each other.

Routers ship with standard default SSIDs. For example, the default SSID for Linksys routers is, not unsurprisingly, “Linksys”. As you can see, if you don’t change the default SSID of your router a would-be intruder armed with a few common SSIDs from major manufacturers will be able to find your wireless network quite easily.

To change the SSID, click on the Wireless tab. Look for an input item labeled SSID. It will be near the top. Enter a new name for the network. Don’t use something like “My Network”. Use a name that has been hard to guess.

3. Disable SSID broadcast

Wireless enabled computers to use network discovery software to automatically search for nearby SSIDs. Some of the more advanced software will query the SSIDs of nearby networks and even display their names. Therefore, changing the network name only helps partially to secure your network. To prevent your network name from being discovered, you must disable SSID broadcast.

On the same screen that you changed the name of your network, you will see options for SSID broadcast. Choose “Disable SSID” to make your network invisible. Now save all your settings and log out.

Since your wireless network is now invisible, you will have to configure your computers to connect to your wireless network using the new name. On Windows XP, start by clicking on the wireless icon in the Notification Area and proceed from there.

With these three steps, your network now has basic security. However, if you keep sensitive information on your computers, you may want to secure your wireless network even further. For example, you can

– Change the channel your router uses to transmit and receive data on a regular basis.
– Restrict devices that can connect to the router by filtering out MAC (Media Access Control) addresses.
– Use encryption such as WEP and WPA.

As with most things in life, security is a trade-off between cost (time, money, inconvenience) and benefit (ease of use). It is a personal decision you make. However, for the majority of home uses, the three basic steps plus WEP/WPA encryption provides reasonably strong security.

Turning on encryption is a two-step process. First, you configure your router to use encryption using an encryption key of your choice. And then, you configure your computer to use the encryption key. The actual process of configuring your router for encryption varies from router to router. Please consult the router’s manual.

There are even stronger methods for ensuring security. A strong and robust security method is RADIUS (Remote Authentication Dial In User Service). Using RADIUS requires additional hardware and software. However, there are companies that offer RADIUS security as a subscription-based service. The fees are reasonable and dropping.

Therefore for example, if you run a business on your wireless network, have sensitive data on your computers such as credit card information, and have a number of users who access your network, you should consider using RADIUS. Since the service sector for RADIUS is dynamic and growing, a search on the Internet with terms like “RADIUS subscription” or “RADIUS service” is probably the best way to locate one.