Fix Computer Problems Guide

Has spyware taken over your computer? Learn the 3 levels of spyware to know for sure…

“The only difference between the fool, and the criminal who attacks a system is that the fool attacks unpredictably and on a broader front.” (Tom Gilb)

It doesn’t matter if your computer is compromised by professional villains or just by the geeky kid across the street, once your sensitive files have been broken into your life may never be the same. Spyware is one of the most unrated forms of “espionage” occurring in the world today.

Most computer users think of this kind of program as a being just as an annoying or embarrassing kind of prank. But criminal-minded programmers know better.

In the past, spyware and its close cousin adware were simply wicked bits of “paid advertisements” for shady website publishers to attract customers. But soon, more malicious coders determined to use these programs to really “spy” on innocent people and dig out as many of their victim’s secrets to use or sell on the black market as possible.

These new programs are being crafted by “professional” development teams just like a “real” software company. The programs are sophisticated and slick.

At its most innocent level, these spy packages just track your browsing habits (where you go and what you do on the web). Your email addresses are also raided. This information is then sold to websites for advertising.

At an intermediate level, a “keystroke” logger (a program that observes and records what you type on your keyboard) can be used in combination with web-tracking software to dig out the keywords, passwords and usernames you use when visiting sites such as eBay, PayPal and your bank.

The final level is in which spyware has completely overwhelmed your computer and all your sensitive information is laid-bare to any prying eyes that want to view it. Your ID/SSN numbers, your home address, personal photographs, your banking or other financial information is dug out and sold to the highest bidder.

This is then used to create everything from fake driver’s licenses for teenagers, terrorists, and illegals to making dupe credit cards used to run up charges under your name. Your “identity” has been stolen and compromised for years to come.

Your computer can be turned into a “zombie” and thousands and thousands of fake emails could be sent through your connection to the Internet. This will result in your ISP (Internet Service Provider) taking action and limiting or shutting down your account. And with unpaid charges bouncing about your credit card report will soon be in a shambles as well.

What you should do now to lock down your PC…

• Download from the Net or buy a good anti-spyware software package. For free try Ad-Aware or SpyBot’s S&D. Or use SpySweeper if you need an industrial strength cleaner.
• Scan your hard drive and follow any instructions on removing items.
• Install a good personal firewall program to slow down pop-ups and other nastiness.
• Password protect any personal folders where sensitive documents, photos, etc are stored.
• Download and install a password storage program like “Password Safe” to securely store your usernames and passcodes.
• Use strong passwords.
• Change passwords every 6 months for your bank, eBay, PayPal and other financial institutions.

Are you sabotaging yourself with spyware?

“The Amish Virus
You have just received the Amish virus. As the Amish don’t have any technology or programming experience, this virus works on the honor system. 
Please delete all the files from your hard drive and manually forward this virus to everyone on your mailing list.  Thank you for your cooperation.”
 
As a computer technician, the first time I read this joke, I laughed out loud. Yep, I thought to myself, ain’t that the truth. I know from both personal and professional experience that spyware programmers can cause a lot of damage not only to a computer but also to your personal life if they have access to your sensitive files.

But all jokes aside, the most dangerous person who can access your machine is not some remote foreign hacker but you and your family. Often when I visit a client who is having spyware issues, I often find that the bulk of their problems are self inflicted.

Malicious programmers can only hide their products inside of innocent looking pop-ups, webpages or “freeware” programs hoping to lure some unwary computer user into downloading them. Like a fisherman on the river bank, they can only cast out appetizing bait hoping to hook you.

But it’s you, the computer user who can do whatever you like with your machine:

Like download files or programs from unknown sources…

Or turn off your firewall, because you find it annoying…

Forget to download and update security patches for operating system…

“Borrow” programs from your good buddy and install on your PC…

Visit high-risk websites catering to game “cheats”, offshore gambling or the “babe-of-the-day”…

Use weak passwords or don’t change them frequently enough…

Change the security and privacy settings on your web browser, so you don’t have to keep approving downloads…

Never look at the URL or address of website to make sure you haven’t been redirected to a spoof site…

Never read the EULA (end user license agreements), opt-in terms, privacy statements, and any notices with any software you download.

I feel, that to a certain extent, lack of proper knowledge on how to prevent spyware is a problem but still a good many clients just don’t care enough to stop their bad browsing habits. They like doing what they want on the Net and they just figure that spyware is the “cost” of doing business as usual.

But this “it can’t happen here” mindset is exactly what the bad guys are looking for. They have created the best “lures” they possibly can but you still have to “take the nibble” to get caught.

Spyware like the “Amish Virus” relies on people to make their own selves victims.

If you want to prevent having your personal files exposed then you should read what to do when you get hacked…

Hey, it could happen to you. I know. I am professional PC technician and it happened to me. Yes, I write how-to articles and tell all my clients the same things: be careful of “freeware” programs, watch where you download stuff, change password frequently, etc. All the rest but despite my best efforts I got jacked!

It happened innocently enough. I was doing some work for a client and was trying to convert some music and video files into a more portable format. But all the good software was only had “paid” versions and I wanted to save myself some money. So I logged into some geek forums and started nosing around.

One guy recommended this little “freeware” program he had used to good success. So I clicked on his link and surfed over to a software directory I had never used before and downloaded it. The program was running fine, when I noticed that my hard drive was being hit really hard, with its activity light going nuts.

So I quickly stopped the program and uninstalled it. But within a few days I got emails from eBay complaining that I was sending out “spam” emails to other users all across the eBay system. When I logged in, I realized that “someone” had used my user name and password to fraudulently send messages selling some kind electronic gear from a seller in Poland!

Dang! I had been hacked!

What Not to Do…

Don’t panic. You have to remain calm so you access the damage and take the appreciate action. Running around downloading this and that “fix-it” software program can only make worst. Take a breath and get a grip…
…What To Do

I immediately took my PC off the Internet (I turned off my cable modem), then restarted and entered Safe Mode (hit F8 after the PC logo). I ran both of my anti-spyware and anti-virus programs for a deep scan of my PC. I found several Trojan Horse programs, which I removed.
Then I manually searched the “Program Files” folder to see if I could find any strange programs (don’t do this unless you know what to look out for). I then used the Windows “Add/Remove Programs” module and got rid of thing suspicious.

After I was sure had scrubbed down my computer and was clean, I logged back online and entered my eBay account. I changed by password and then changed the password for PayPal also. I tried to remember every online account I had visited over the last several days. Oops, my bank!

So I contacted my local bank and changed the password for their account too. Was this strictly necessary…hmmm, I wasn’t sure, but I could recovered from a shut-down eBay account a heck of alot faster than I could from empty checking account!

So after changing passwords for any websites I was working on and any other accounts, I could settle down and figure out what I had done wrong. I routinely use anti-virus and spyware killer software. I have a good firewall installed and I seldom download “freeware” from unknown sites, but I got in a hurry and I overrode my own rules. Being cheap was alot more than the few bucks the software would have cost once I tallied the “price” downtime and lost productivity.

But it could have been worse. I didn’t lose any money or my identity!

Is your computer infected with spyware? Check out these 10 warning signs to take action today…

It’s been estimated that over 60% of all computers have some kind of spyware installed and most of their owners are unaware! If you are tired of your PC running slow and filling your screen with those nasty pop-up then you will want to read the 10 warning signs listed below. Afterwards check out my “action plan” and what you can do to rid yourself of your spyware infestation.

1. Browser Hijacks - When I used to get a call from a customer saying that their homepage had suddenly changed, without them doing anything, I knew to bring my anti-spyware fighting software. Malicious programmers love to change your browser settings to transfer your homepage to their “client’s” websites.

2. PC is Crashing - Without warning, your PC starts crashing, freezing or locking up, but you haven’t added any new software or updated anything recently.

3. Pop-Ups - You open your browser to visit your favorite blog site then “WHAM!” You are suddenly drowning in pop-ups! Your screen is full of brightly colored lures to porn, gambling or gaming websites. You click on the “Close” or the “X” to shut it down…uh, oh something is downloading to your machine!

4. Strange Favorites - You notice that there is a strange looking icon in your favorites. You click on it out of curiosity. You are caught in a webring of girly webpages…drat it, you’re at work!

5. Strange Icon on Desktop or in Systray - You know notice a “winking” red light on the bottom-right in your Systray display. It says you have been infected. You hurriedly click on it to see what is wrong. Then a pop-up appears that says it is downloading an “anti-virus killer”…uh, oh.

6. Strange New Files Appear - You are poking about in your files and you notice that some odd, spyware-killer software has a folder on your hard drive. Where did that one come from?

7. Strange Emails - While searching for a note you dropped to the boss, you notice that you have lots of strange emails in your “Send” folder. You didn’t send them, especially the ones in a foreign language.

8. Strange Toolbars - You open up your browser and now you have 3 toolbars instead of just one. What gives? When you try to remove, or change the settings, they keep coming back no matter what you do.

9. PC runs sluggish or slow - Granted your computer may not be the newest kid on the block but lately it has been moving slower than the Street Dept fixing a pothole. It takes several minutes for it logon and go out on the web. And it takes forever for you do to the simplest things anymore.

10. Hard Drive is running all the time - You have noticed that your hard drive is running all the time now. Even when nobody is on the machine! You can see the activity light blinking away and you can also hear the drive being accessed. Huh?

Action Plan - What to do next…

Download from the Net or buy a good anti-spyware software package. For free try Ad-Aware or SpyBot’s S&D. Or use SpySweeper if you need an industrial strength cleaner.
Scan your hard drive and follow any instructions on removing items.
Install a good personal firewall program to slow down pop-ups and other nastiness.

If you want to avoid being overrun with spyware then read and avoid the five mistakes most everyone makes…

You have already heard enough about spyware to last you for a lifetime. So why is your machine acting so strange lately? The crashes, the sluggish behavior and the pop-ups are driving you mad.

Continue Reading »

Five Practices for a Strong Password

Fact: no password is unbreakable. In theory, any password can be cracked given the right software; enough computing time and the money to pay for them. If someone REALLY wants to break into your accounts, they can.

But most of the bad guys you will encounter (hackers, nosy employees, distrustful business partners and curious kids) are not that hard to keep out.

1. Mix’em Up! When creating a password use mixture of characters like upper-case, lower-case letters(A-Z or a-z), numbers and special symbols such as: !,@,#,$,%,^,&,*,= , etc.

2. Psst…can you keep it a secret? Your passwords must be kept a secret. So MEMORIZE them! Don’t write them down on the back of your bank card, credit card or on a note stuck on your computer monitor. Tips for properly storing your passwords are covered more thoroughly later on in this article.

3. The more the merrier. Use multiple passwords. You should have one for each individual account. Yes, I know it’s a drag but you use the same over and over, you run the risk of a bad guy (a hacker or a jealous former lover) discovering it and running amok through all your accounts. Also take special care to use your strongest passwords on your more critical or valuable applications and accounts.

4. Size does matter… Bigger is better, for passwords anyway. For minimum security, the experts recommend a password be at least six characters long. For business use or financial accounts I would go up to seven or eight for more bangs for the buck. One or two extra keystrokes add a few million more combinations a cracking program has to work through.

5. Do it frequently. Change your passwords often. You should alter all critical passwords every six months or once a year at a minimum or non critical things. More every 90 days if it is critical.

So what is critical? Your money market accounts should be more critical to you then your membership to Critters Online! Some systems prompt you when change; others you have to remember and manually change it. Either way, do it frequently.

Additional Strong Password Tips

The science of creating strong passwords or any secret code for that matter has always been plagued with this problem: how to make it easy to remember (and decode) but difficult break.

A common way to design a strong password is to use a phrase cipher. For example, take the phrase, “Girls who wear glasses don’t get passes.” To create a password from this, use the first letter from each word. Then change one or more characters into an upper or lower case letter.

For added security you can add a numbers and/or special symbol. A few sample passwords could be: “gwwgdgp”, “gWWgdgp1″, “GwwGdGp!”

Another way is to use a substitution code and change a common word like “password” into “Pa55wo4d”. But bear in mind the more common substitutions are like “5″ for “S” are checked by most password cracking software. Use your imagination.

The best way to remember a password to use something memorable but don’t make it obvious. People love to use birthdays, anniversaries, street addresses, Social Security Numbers, their pets’ names, family member names, etc.

Your password should mean something to you but should not be so easily guessed or quickly discovered like your personal information. Use memorable things only you would know or would have meaning only to you.

Protecting Your Privacy With Passwords!

Your cash, your personal history and your private identity information is stored in computers all across the Internet. And you control the access to all of these with a simple password.

So you think your password is unbreakable, huh? No one would ever guess what it is right? Let’s face it. Your password is probably not as good as you think. Strong passwords are seldom used even by people who should know better.

The story goes that in the 50’s then President Harry Truman boasted to a security specialist that no one could break his password. Rather quickly the specialist broke the code: it was based on the date of Truman’s inauguration: 1-20-1949

People create and use “weak” or easy to break passwords for two simple reasons:

1. They don’t know much about the password system in the first place.

2. They don’t understand how to make a strong password, i.e. one that would be tough to crack.

The Password System

A “password” is secret combination of characters that is actually half of a two part “key” that computers require for someone to login into a locked or “password-protected” account or network.

The first part of this “key” is your Username. A username can either be assigned by the organization that controls or administers the account or made up by you.

Since most usernames are created from readily discovered items like your email addresses, nicknames, etc. security experts tell us that the “password” half, has become the most the important part of the key.

A password is almost always created by the end-user…that means you! As such, you control just how “weak” or “strong” it will be. A weak or poorly thought out password can be cracked in less than one second with software any ten year old can download for free.

A “weak” password is an easily cracked password. And No Password; No Privacy!

Step 5 - No Physical Location

Due to fears of, (I don’t know what) some people never list their business’s street address on their websites. Bad sign, folks. I always look for an address. No “addy”, no “moola”.

Now the street address could be as fake as “1313 Mockingbird Lane” (the Munsters home address) for all I know, but human nature being what it is, most are probably mailbox deliverable.

Instead of a street address, some people use a Post Office or private mailbox address. No problem but they had better have a working phone number to act as backup.

Have I ever called a number posted online just to see who picked up? You bet ya. Called this one guy once at o’dark in the morning and got a very groggy solopreneur (wrong number, don’t ya know). But hey he sold me a book, because after the call, I knew he was “real” person.

Called another and got a “this number has been temporary disconnected”. Hmmm….can we say “bugged out”?

Step 6 - Try WHOIS

Who’s on first…? Huh? What’s a WHOIS?

WHOIS is a domain name lookup tool. It can be found all over the web but I use www.whois.net or www.networksolutions.com

The idea is the surf to www.whois.net, plug in “Technoweasel” in the “WHOIS Lookup” you will find my website’s Registrant (that would be me) the address I used when I created my domain name, and the domain (website) host that I am using.

Now all of this could be bogus…but since you have to pay for a domain name with a working credit card, the address and name were legit at the time of registration.

Check out the age of the site. I created my domain in 2001. If a site has only been in “business” for a few months…do a real gut check before passing out any credit card info.

Step 7 - Are they are a Blacklist?

Check out www.spamhaus.org and squidguard to see if their domain names are listed. If their name is on a well-respected blacklist, then you are probably better off blacklisting them too.

Is the web host in China, Eastern Europe, South America or South East Asia? Fifty percent of all spammers are Americans but they like to host their “ugly American” email and websites overseas.

Step 8 - The last one…

Yeah, I know I only promised seven, but it’s an oldie but a goodie…”If it’s too good to be true…” Just remember that bogus sites, email scams and all internet fraud in general rely on your human nature to want pick the sweetest berries without the thorns.

Honor your feelings. Your best defense is often your own intuition. If something about a website or email gives you that itchy-scratchy on the back of the neck or that sinking in the belly then don’t buy from them. The only times I have regretted buying something on line has been from violating this last rule! Honor your feelings.

Take five minutes and check out a site using the above steps before you just jump in and plop down your hard earned cash.

Recently a friend emailed me a link to a software website. On the site they proclaimed to be selling OEM (Original equipment manufacturer) software at a very steep discount.
OEM software is typically the software that is bundled with or installed on a new PC. OEM software also has different “licenses” than regular “boxed” software sold through a retail outlet. Most the time the license is tagged to the hardware it was sold with.

The computer hardware is actually the “license owner” in a weird kind of way. That’s why on eBay, when I buy software, most of the time, I get a piece of hardware (part of the PC the OEM software came with.) along with the CD.

Now there is nothing wrong getting OEM software. Lots of times, vendors who buy off-lease equipment (computers, etc. whose rental leases have expired) and will split off the software that came with the computer and resell it elsewhere.

BUT….ah, you knew I would stop yakking and get to it!

How the heck do you tell if a website is on the up and up and selling legit products software?

Or is it just some scummy Internet con artist with a slick website crammed full of pirated crap-ola, poised to capture and fence off your precious credit card number?

To check out a website to see if its legit follow these 7 simple steps:

Step 1 - Just how slick is it?

Look at the web page design. You can buy some very professional cool and slick looking website templates very cheaply. Is if full of picture of people with “clear-skinned smiles”, or lots of bouncing, hopping, graphics?

Even if they use a professionally designed template or website, most small businesses do some type of customizing to their websites. They add pictures of themselves, their storefront, their offices, etc. They change and mismatch colors, add clip art, etc.

Professional fraudsters don’t. There is no need. They have their good buddy Ivan or Sam create a very nice vanilla site, where they throw up stock photos and get on with the business of robbing you of your identity and credit card info. No need to customize any for that. .

Now amateurs (baby crackers/hackers) tend to like LOTS of customization. Dark, broody backgrounds with neon fonts in hard to read styles and as many annoying banner ads or animated graphics/cartoons as possible. They like to offer “free” stuff, i.e. software, music, etc. so they can also download their little Trojans along with them.

Step 2 - Search for “Reviews” or “Comments” on the web

I always “google” the actual web address of a site to see what folks are saying about it. If something is hot or popular, someone has either written a review, a blog or posted a comment on it somewhere in a public forum. These could be from satisfied users or from paid affiliates.

You can also add the words: “sucks”, “ripped off”, etc. to the list. Granted you will only find the negative people posting these but they act as a balance for any over hyped items you find.

Step 3 - Icons and links are dead

Bogus sites seldom take the time to keep links live to other sites. If they have icons that proclaim them members of a “Better Business” this or that, click on the icon or link shown. If it is dead or just goes somewhere else on the website, get your “suspicious” antenna up.

Legitimate sponsoring organizations usually require their members keep a “live” (clickable) link back to them. Or you can open another browser window and visit the sponsoring group’s membership list on your own. Are they listed or reviewed there as promised?

Step 4 - No way to keep in contact

Most folks install ways for you to keep in contact with them and their company. Newsletters, ezines, blogs, sales letters, phone numbers or just posted emails for “feedback”, “support”, “customer service”, etc.

Also, be leery of the “online comment” form. Many people use these “fill in the blank” forms. However, if this is the only way you find to reach them, this is not good. No contact information is a very bad sign.