Tag Archives: Virus

4 February 2012 · 07:45

Writing and Banking Do Not Belong Together

The mantra “writing time is for writing and only writing” is drilled into the mindset of anyone serious about succeeding as a author. But let’s take it one step further, “your writing laptop is for writing and only writing.”

Now you’re thinking why on earth would you limit the use of a computer to one task. In a word, security. Writers today are mobile. Working at coffee houses, favorite sandwich shop, waiting on flights at the airport, or sitting in the waiting room for a doctor’s appointment. All of these scenarios are opportunity for a thief to strike.

The obvious threat is that someone steals your laptop. If you use it for everything, you’ve lost everything. This includes any user IDs and passwords stored in your browser. A bad guy just needs to click on your banking bookmark and sit back while your browser automatically logs in. Presto they have full access to your accounts.

A hidden threat of using your laptop on a public network is getting hacked. The quiet guy in the corner could be scanning the coffee house’s public network. Even if you’re running a firewall, it has to allow your programs to interact with the Internet. The industry refers to this a punching a hole. If you punch a hole in a section of cardboard does it only allow you to see through it in one direction? This may be a bit  simplified, but you get the idea. If you let programs out through your firewall, data usually comes back through the same way. Given the right circumstances, a hacker and exploit this. Even if you update your computer’s OS and programs on a regular basis, hackers can also exploit known flaws. Years ago the Blaster Worm exploited an existing security hole affecting part of Microsoft’s Windows OS and impacted computers all over the world.

 

I’m not trying to scare anyone, but think about what would happen if your laptop disappeared. What information would go with it? Do you know all your IDs and passwords to every account you use your laptop to access? Do you have the phone numbers to these institutions to call and have your online account disabled?

What are some steps you can take? An easy one is do not store usernames, IDs, or passwords in your browser. Storing them in your browser creates a file on your computer containing this information. Hackers can access these files and thus your accounts. You can use password programs like LastPass to store your information. Programs like this remember your IDs and passwords, but do not store information locally. I’m partial to LastPass because it has the added benefit of working on multiple platforms. No matter what device I’m using, I can find the password I need.

The best thing to do is to separate your financial information from the laptop you carry with you. Today you can buy a basic laptop in the $300-$400 range. If you’re really thrifty and shop around, you can get something for around $200, but you’ll have to be dedicated to find these bargins. Think of it as insurance. A small investment to ensure that your information is safe. After all, you wouldn’t carry around your bank statements to the coffee shop and leave them on the table for all to see. Why do the electronic equivalent with your laptop?

Word processing files can be backed up with little effort and this topic will be explored in a future post. However, once money is drained from your checking or retirement account, it’s gone. You may be able to recover some of it, but in the short term you’ll have no cash and you’ll have the stress of dealing a complete preventable mess. And if you’re stressed and on the phone with your bank all day, you won’t be able to write. And if you don’t write you won’t sell anything. Then you’ll have even less money and more stress.

Leave a comment

Filed under Best Practices, Writing

Tagged as , , , , ,

23 December 2011 · 09:44

Attack of The 4K Polymorphic Virus

We left off with some basic rules you can follow to protect your computer. But what happens when you do everything right and computer bug sneaks past your prudent precautions? The answer, of course, is more programs. The military has several defensive weapons to ward off sea, land, air, and yes–space borne attacks, just as you need to have multiple programs to help defend against attacks coming from the Internet, email, and wireless connections.

You need protection against email attachments, phishing links, bots, hidden Visual Basic scripts, malware, viruses, worms, macro viruses, boot sector viruses, master boot record viruses, Trojan Horses, polymorphic viruses…It’s enough to make you want  to toss out the tech and go back to mailing in your manuscripts.

So just what should you buy? Fortunately there are software suites you can purchase that will protect your computer from the onslaught. Most likely you’ve heard of Norton and McAfee. How about Trend Micro and AVG?

All four of these software vendors offer a variety of protection products and each has an all-inclusive package. But do you really need everything? If you don’t use your computer to shop online or do banking and are not storing any account information, then you may not need identity protection. If you don’t have children, how important is the parental control and Internet monitoring features to you?

Most authors I know are budget conscious and only spend what the need to. Don’t let the plethora of program choices overwhelm you.  Before you purchase any software, write down exactly what your computer is used for. I suggest putting a legal pad or composition notebook next to your keyboard and log your computer usage for a week to ten days. This amount of time should allow you to capture all of your tasks. Once you have this information then you can research product offerings and buy only the protection suited to your needs.

If you only use your computer for writing and submitting drafts, social networking, and occasional web surfing, then you may only need to purchase basic virus protection and a firewall. If you live on your computer and your entire financial, social, and professional life is stored on your hard drive, then you may need to buy the all-inclusive suite. If you have a laptop that you connect to various networks while you’re moving around town, you’ll need to have a good software firewall. (Soapbox Alert) Never, under any circumstances, connect your laptop to a publicly accessible network–this includes hotels, coffee shops, libraries, restaurants, and even the wireless at your friend’s house–without having an active firewall running. It only takes seconds to infect your computer and it is far more inconvenient to have to reload everything than it is to not connect. (End Soapbox Alert)

A couple of cool things. Trend Micro offers a web-based scanner called HouseCall. It downloads a little app and then scans your PC. This can be very handy if you think you have a virus, but your antivirus software doesn’t find anything. If two complete computer scans, by two different software companies, don’t find anything, chances are you’re not infected. This handy tool gives you a sanity check. AVG offers a free version for basic file protection. Be sure to read the license agreement for any free software. Most free software is for home and nonprofit use only. So if you use your computer as a tool to write for profit, then you may not qualify for the free license and will have to pay. For software developers the software license is akin to a copyright. They expect to get paid for what the write, just like we do.

Another source of antivirus software is your Internet provider. It’s in their best interest to keep infected computers off their networks. Infected computers can generate a great deal of network traffic and impact overall performance. To keep from having cranky customers they have taken a preventative approach. You can check your provider’s Internet Services page or call their customer service and ask.

A note about pricing. This is not the type of software you buy once and never pay for again. Unfortunately new threats are being cranked out every day and you’ll need to have an updated antivirus database to defend against them. When you buy the software, you typically get updates for one year. Meaning in twelve months you’ll have to buy a renewal agreement (usually less than the cost of the software) in order to continue receiving updates. Updates to these databases come out daily and the local copy on your computer needs to be updated at least once every 24 hours.

And warning about performance. You will notice a performance hit when you install antivirus software. Any program is going to require CPU cycles and memory. This is another reason to only purchase and install what you need. Be sure to read the system requirements very carefully. The performance hit should not be that great and after a while you’ll no longer notice it. If you install antivirus software and have to wait three seconds after every mouse click then something is wrong. Check your settings and contact your computer guru if necessary.

A properly protected computer will allow for uninterrupted writing day after day. Now stop reading blogs and get back to that work in progress.

 

2 Comments

Filed under Writing

Tagged as , , ,

16 December 2011 · 11:34

Cold & Flu Season

Did you get your flu shot yet? It’s that time of year when nasty little microscopic critters try to invade your body and assault you with aches, pains, and mucus. It’s not fun writing when your sick but somehow writers push through to meet deadlines. But what about your computer?

For your computer the cold and flu season is 24/7/365. That’s right, every second that ticks by could be the last healthy one your computer experiences. Even seasoned computer professionals can fall victim to an unwanted infection. I know of two technical professionals who experienced a virus in the last month. Even with corporate firewalls, restrictive Window policies, and some of the most expensive antivirus software money can buy, they were still infected.

For the purposes of brevity I am not going to get into the definitions of worms, Trojan horses, virus, root kits, bots…and the list goes one. If you are interested in the differences, please visit www.us-cert.gov/reading_room/virus.html or read this white paper at the www.sans.org website.

Now do not think since you own a MAC product or use Linux, or have an Android device, or a Blackberry, or Windows Mobile, or a phone using Symbian OS, you are safe. Oh no. Some individuals are so bored they will hack into anything they can access. For you mobile users, this means never leave Bluetooth or WiFi connection running when you are not using it. Nasty things can happen. Just this year I was at a tradeshow and my Android phone started spontaneously dialing numbers. After I turned off WiFi and Bluetooth, it stopped.

You must remember that your technology is always under assault. Always. People earn a living by finding illegal ways to infiltrate your devices. However, there is a lot you can do to prevent and limit a breach.

Let’s cover the no-tech required rules first. Here are some guidelines:

If you receive an email or IM out of the blue stating you have won money or a valuable prize, delete it immediately. At best it’s a scam to steal your identity. At worst clicking on the link will install a virus, bot, or some other nasty program you don’t want.

  • If the email is from someone you’ve never heard of and has the phrase “Check this out” or some other wording to get you to click on a link. Delete it immediately. Do not click on any links.
  • Official looking emails from your bank or credit card company asking you to verify your information are bogus. No exceptions to this rule. Never, never, and I say never click on a link to update our account information. Financial institutions will send you a postal letter. These sites may look identical to what you are used to seeing by they are not legit.
  • You receive an email from a person you know with an odd-looking link embedded. Such as http://10.97.203.58/AdfiEfU5.zz7.php. Delete it immediately and contact your friend. Chances are they have been infected. On the odd chance that it was a legitimate email, they can send it again. Remember, virus can infect a computer and then email itself to everyone included in the local contact list.
  • Do not insert a CD, DVD, or USB drive of unknown origin into your computer. Older versions of Windows and even Windows 7 can be set to automatically run programs stored on media. There was a case where a product sold in retail stores, that had software preloaded on it, installed a virus on customer’ computers. The PC used to create the software image was infected, thereby infecting the software stored on the product. Always scan the contents of these media types before running applications.
  • If you get a pop up on your screen, read it. What did I say? That’s right, read it. All of it. Do not just automatically click OK. These pop ups can install bad mojo. They can also install Adware, advertising software that doesn’t do any harm, but can slow down your PC. These pop ups can also install a custom toolbar for your web browsers. Again, no harm, but it impacts your performance. Always read the text. If you don’t understand what it’s saying write it down and click the little ‘X’ in the upper right corner or cancel. If something goes wrong you have a record to give to your computer guru. Believe me when I say, a record of the exact text displayed can be a huge help in diagnosing a problem.

To illustrate the points above, here is a copy of an email that was sent to a group distribution list at my day job. This is a type of email is called phishing. The instigators of this type of attack are betting on your ignorance. The embedded link could be used to install software on your computer or display a form that asks for personal information.

Here is the email in its original form. However I replaced the To: address with a fictitious group name.

From: William Rowe [mailto:violenta37@zilkha.com]
Sent: Thursday, December 15, 2011 9:05 AM
To: One Gullible Group
Subject: Bank of America: Bill payment issue

To: Dear Bank of America customer
Account: CHECKING
Date: 12/14/2011

The most recent ALERTS for your account are now available to
download online.

Please follow the link to read URGENT ALERT message here:
http://iranconsulate.net/irsgov/reports/complaint/Q27K4XFO2MTM

Set up Alerts to be notified 5 days before your payment is due
to help avoid late payments. Sign in to Online Banking and select
the Alerts tab to activate the Credit Card Payment Due Alert.

Want to confirm this email is from Bank of America? Sign in to
Online Banking and go to Alerts. The Alerts History lists the
Alerts sent to you in the past 60 days.

William Rowe

—————————————————————————
—————————————————————————

Email preferences
This is a service email from Bank of America. Please note that
you may receive service email in accordance with your Bank of
America service agreements, whether or not you elect to receive
promotional email.

Contact us about this email
Please do not reply to this email with sensitive information,
such as an account number, PIN, password, or Online ID. The security
and confidentiality of your personal information is important
to us. If you have any questions, please either call the toll-free
customer service phone number on your account statement or visit
the Bank of America website to access the Contact Us page, so
we can properly verify your identity.

Privacy and security
Keeping your financial information secure is one of our most
important responsibilities. For an explanation of how we manage
customer information, please visit the Bank of America website
to read our Privacy Policy. You can also learn how Bank of America
keeps your personal information secure and how you can help protect
yourself.

Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon
St., Charlotte, NC 28255-0001

Bank of America, N.A. Member FDIC. Equal Housing Lender
A¿ 2011 Bank of America Corporation. All rights reserved.

Now lets dissect it.

At first glance it looks very official, even has a company disclaimer at the end. However I know it’s fake because:

  • I do not have a Bank of America account. Surprisingly, some people will click on the link anyway.
  • The link displayed is not the BoA’s website, www.bankofamerica.com. Even if it did show the correct address that does not mean it will take you there. The real link can be hidden, much like you do when embedding a link in a blog post. Just click on the BoA link and see where it takes you.
  • The email was sent to a group distribution. What if it was sent to a single email address? Remember the guidelines above? Banks do not and out these types of emails. If you still have doubt then call the customer service number listed on your monthly statement.
  • The From: address is not from BoA’s registered web domain. In other words does not end with @bankofamerica.com.
  • At the end of the disclaimer, on the last line, there is a funky upside down question mark. This means they scrapped the disclaimer off a website or this was drafted in a foreign language and translated to English using translation software.

In the next post we’ll look at various types of software you can use to protect your computer.

Do you have a favorite anti-virus software suite? Please leave a comment listing the name and why you like it.

Leave a comment

Filed under Writing

Tagged as , ,