Enhancing Your Digital Security

Your digital security is becoming more important and complex every day. This can be seen by these two recent events:

Over the holidays, hackers stole about 40 million debit and credit card numbers from Target customers and took personal information, including email addresses, phone numbers, names and home addresses, from about 70 million others. The investigation into the security breach continues. This week for example some debit and credit card numbers of Target customers from South Texas turned up in conjunction with the arrest of a pair of Mexican citizens this week.

Also this past week, Neiman Marcus said 1.1 million debit and credit cards used at its stores may have been compromised in a security breach last year. The good news here is that social security numbers and birth dates were not stolen and customers who shopped online were not affected.

There are a couple of things I recommend that can help in cases like above to protect yourself.

  1. Go “old school” and write “See ID” or “Check ID,” on the back of a credit card in place of a signature, as a cue to merchants to ask for identification before they process a transaction.
  2. Another “old school” trick is to use cash as much as possible in order to prevent credit card fraud.
  3. When shopping online only use reputable and established websites. Also you should confirm the online seller’s physical address and phone number in case there are questions or problems. If there is an email or pop-up message that asks for financial information while browsing, don’t reply or follow the link.
  4. Frequently change passwords on accounts that have personal information. The more complex the password, the better.
  5. Do not keep all of your cards together in your wallet or purse. Instead, only take with you what you need, especially when travelling.

These are just some tips to help protect your digital life.

Say Goodbye to IE 11 Woes

 

I have written about this problem before and I wanted to take a moment to touch on it again. For some reason, Microsoft has decided with their two most recent versions of Internet Explorer (IE) to make a change on how their internet browser is deployed. Prior to IE 10 (9 and prior) version upgrades were listed as “recommended updates” which meant that users had to manually approve the upgrade. However as of IE 10 Microsoft has for some unknown reason made the decision to mark these major upgrades to IE as “critical”. This change results in IE being upgraded very often whenever your have your computer scheduled to download and install critical updates.

This change by Microsoft often causes havoc to those who run applications through their browser and can result in applications no longer running correctly or crashing.

So what should you do if your IE has been upgraded and you are experiencing problems? Well the only thing you really can do is downgrade IE. This can be a little tricky so just follow these steps if you are having problems with IE 11 or 10.

ie11

 

1) Click the “Start” button & type “Programs and Features” in the search box.

2) Click “View installed updates” in the left pane.

3) Scroll down to the “Microsoft Windows” section.

4) Select “Internet Explorer 11 or 10” and click “Uninstall”.

5) Leave your PC alone until it asks you to reboot.

6) If you are downgrading from 11 and want to go to 9 you will probably have to follow these steps twice.

If you are not experiencing any problems with IE 11 these steps are of course not necessary.

Oh – by the way if you are using Windows 8 this is not possible. You are stuck with IE 11.

SkyDrive Becomes OneDrive

Microsoft’s cloud storage service is about to have a name change and although the change was somewhat forced on Microsoft I believe the new name actually makes sense and in the end works better then SkyDrive.I have been a big fan of SkyDrive since late 2011 and although I have been calling for better built in music integration, that aside Microsoft’s cloud storage service is one of the best available today, especially if you are a Microsoft Office user.

Microsoft’s cloud storage service will be rebranded ”One Drive”. Last year the British Sky Broadcasting Group PLC files suit against Microsoft stating that they owned the “SkyDrive” name.  Microsoft deciding not to fight this one reached an agreement last July for an undisclosed sum, after the British Sky Broadcasting Group PLC won an initial case in a British court against Microsoft’s usage of SkyDrive as Sky Broadcasting Group holds a trademark for the name in Britain.

Under the terms of the agreement, Microsoft was given “a reasonable period of time to allow for an orderly transition to a new brand”. Microsoft, though has not said when exactly OneDrive would fully replace SkyDrive as the name of the service, but currently maintains that OneDrive brand is “coming soon”. 

Microsoft’s cloud storage service will be rebranded ”One Drive” after British broadcaster BSkyB objected to the earlier name “SkyDrive.”

A settlement was reached by the two sides last July for an undisclosed sum, after the British Sky Broadcasting Group PLC won an initial case in a British court against Microsoft’s usage of SkyDrive as Sky Broadcasting Group holds a trademark for the name in Britain.

Microsoft, though has not said when exactly OneDrive would fully replace SkyDrive as the name of the service, but currently maintains that OneDrive brand was “coming soon”.

According to commentators, while the rebranding would not change the service’s logo – two blue clouds on a white background – it would align the name with other company brands. Microsoft also reports that other then the name change existing users should see no change or interruption as a result of this.

 

Microsoft unveiled the new name yesterday in the US, saying OneDrive conveyed the mission of the service, which was to let users access their important files from many devices by storing them all in one location. “We know that increasingly you will have many devices in your life, but you really want only one place for your most important stuff,” the company wrote in a blog post. “We believe the new OneDrive name conveys the value we can deliver for you and best represents our vision for the future.”

The Changing Web Landscape

2014 is going to be a challenging and exciting year for CIOs in local government. Although there are several high stake considerations for CIOs I believe that 2014 and 2015 will for many of us focus on the quickly changing web services landscape.

Web Services, Social Media and Mobile Platforms

Websites have been around a long time. The world wide web (www) was created 24 years ago (1990). I know that’s hard to believe – but it is true. Then in 1993 the world wide web went public and websites were born, which means they have been around for a very long time indeed. Since then websites continued to develop from what had been static text only pages to the dynamic sites online today. Fast forward to 2010 when something very exciting was introduced that changed the tech world forever. On April 3, 2010 the first iPad was released and people began using the web in ways never consider.

It is because of this radical change in how people use the internet – and what they expect from it that new ways of providing web services are simply necessary. I believe that organization’s websites, although remaining very important now only play one part in reaching out to their stakeholders. Web services must be available easily and effectively on mobile devices, either through “apps” or “responsive design”.  This will be challenging for organizations because technology services are complex and often expensive. However without adapting to these very real trends organizations will fall behind as consumers will simply go elsewhere for their information and products.

The challenge here for CIOs will be to reach out into these new unexplored directions to find the best mix of solutions while at the same time remaining financially responsible to their organization.

Microsoft’s Free Security Solutions

One of the recurring topics of this fine blog is of course cyber security. Today it seems as there are more cyber risks for all of us then every before. However ironically it is actually quite simple to avoid these security pitfalls.

  1. Think before you click. What I mean here is that only go to reputable websites and do not click on links or attachments in solicited email messages. We have discussed this many time so I won’t go much further here.
  2. Install, update and pay attention to the security protection software on your computer. Now what is unusual here is that for most consumers free security software is more then enough to protect you and this is what I want to cover here.

There is actually a wide ranging suite of Microsoft security tools and most users are unaware that they are offered for free, by Microsoft, some as part of Windows (out of the box) others available by download.

So here we go…

Malware, as Microsoft defines it

Microsoft divides malware into two broad loosely defined terms: malicious software and potentially unwanted software.The first category covers mostly self-replicating Trojans, viruses, worms, and similar code that infects your PC (typically for some evil purpose) and then seeks to infect other PCs.

The second category — potentially unwanted software — includes undesirable (and often hidden) apps such as spyware that surreptitiously tracks you, keyloggers that capture everything you type, and adware that force-feeds you popup ads. The somewhat clumsy phrase “potentially unwanted” is meant to suggest that you might not want the software if you knew what it really did.

These two categories aren’t precisely mutually exclusive. For example, some potentially unwanted spyware is also self-propagating, like a virus. What’s more, Microsoft sometimes uses the terms interchangeably. Still, these two categories will help you understand the main purposes of Microsoft’s security tools.

The Microsoft Malicious Software Removal Tool

What it is: Microsoft’s Malicious Software Removal Tool (MSRT; more info) is a basic antivirus program. It comes in all current versions of Windows — XP, Vista, Windows 7, and Windows 8. When you install Windows, MSRT is enabled by default.

What it does: MSRT automatically removes malicious software (viruses, worms, etc.) that, based on Microsoft’s internal research, is considered especially prevalent and dangerous to Windows users. MSRT currently targets about 200 of the most common malware types. You’ll find a list of them on the MSRT download page.

How it works: Windows Update automatically refreshes MSRT once a month (it’s always KB 890830), usually on the second Tuesday (aka Patch Tuesday). After updating, MSRT automatically runs, scanning your PC once and removing any active malware infections it finds. No user intervention is required.

One scan a month isn’t especially good malware protection, but you can also run MSRT manually any time you wish (see Figure 1). Simply enter mrt.exe in the XP/Vista/Win7 Start menu Search box or Win8′s Search window and press Enter. Once open, MSRT gives you a choice of quick, full, or custom scans. As you’d expect, the full scan is the most thorough.

Microsoft's Malicious Software Removal Tool

Figure 1. The Malicious Software Removal Tool is built into your copy of Windows, and provides basic protection against a selection of common malware threats.

If you want or need a fresh copy of MSRT, it’s available via download pages for the 32-bit or 64-bit versions.

Important to know: MSRT is a strictly post-infection tool. It detects and removes malicious software from already-infected computers — and only if the malware is active and running at the time of the scan. But as MSRT Support article 890830 clearly states, the list of malware it detects represents only “a small subset of all the malicious software that exists today.”

MSRT can’t prevent new malware infections. It also doesn’t target potentially unwanted software (again: spyware, adware, etc.).

Bottom line: MSRT is a “better than nothing” anti-malware tool. There’s no real downside to keeping it on your system — its footprint is small, its impact on system operations is negligible, and it can serve as a kind of last-ditch defense against some very common malware types, should they somehow make it into your system.

But you certainly shouldn’t depend on MSRT as your only or primary defense against malicious software; it’s an incomplete anti-malware solution.

Windows Defender (XP, Vista, Win7 version)

What it is: Windows Defender is a basic tool for guarding against potentially unwanted software. Windows Defender is installed by default in Vista and Win7, and it’s a free download for XP.

What it does: Windows Defender provides always-on, real-time protection against spyware, adware, keyloggers, and so on. It self-updates and runs automatically.

How it works: Windows Defender continually monitors your PC’s files and browsing activity. When it detects potentially unwanted software, it opens a dialog box and lets you decide whether to proceed with the installation. (For more information, see the related Microsoft support article or TechNet’s Windows Defender Guide.)

You can also trigger Windows Defender (shown in Figure 2) manually whenever you want to scan your PC for spyware and other potentially unwanted software, as a Defender support article explains.

Windows Defender

Figure 2. Windows Defender for XP, Vista, and Win7 offers real-time protection against adware, spyware, and similar potentially unwanted software.

XP users can download either 32-bit or 64-bit versions.

Important to know: Windows Defender doesn’t detect or remove viruses, worms, and similar malicious software.

Bottom line: Windows Defender complements Microsoft’s Malicious Software Removal Tool. And just like MSRT, it’s better than nothing. Together, MSRT and Defender are a sort of last line of defense — potentially helpful if no other anti-malware tools are active. Fortunately, superior tools are readily available (see next sections).

The all-in-one Microsoft Security Essentials

What it is: Microsoft Security Essentials is Microsoft’s all-in-one, consumer-security tool. It targets both types of malware — malicious software and potentially unwanted software. It’s a free download (site) for XP, Vista, and Windows 7.

What it does: MSE provides always-on, real-time protection for your PC. It detects and removes a wide range of malware. It’s also highly automated, operating with little or no user intervention (see Figure 3).

Microsoft Security Essentials

Figure 3. Operating almost entirely automatically, Microsoft Security Essentials (MSE) provides real-time protection against malware and potentially unwanted software.

How it works: By default, MSE runs continuously in the background whenever your system is on. It updates itself every day. Along with its real-time protection, it also runs scheduled scans of your PC’s memory and files. If you use its default settings, MSE requires almost no user input. But it’s also highly configurable, should you want to change its standard routines.

Important to know: MSE must be manually installed; it’s not built into any version of Windows. On MSE’s MS Download Center page, you’ll find 32- and 64-bit versions for XP, Vista, and Win7.

Typically, to avoid conflicts between AV products, a PC should run only one real-time, anti-malware/anti-spyware tool at a time. In other words, you can run MSE or Windows Defender, but not both at the same time. In fact, when MSE is installed, it disables Windows Defender.

In a similar vein, if you’re running some other always-on, anti-malware tool, you should disable or uninstall that tool before installing MSE. (MSE can’t disable non-Microsoft AV scanners.)

MSE’s principal weakness? It’s not especially adept at guarding against user error, as detailed in the April 7, 2011, Top Story, “LizaM*n infection: a blow-by-blow account.” If you click past security warnings raised by Windows, your browser, and/or MSE itself, MSE will step aside and let malware install. Moreover, based on recent antivirus testing, MSE is currently not among the top-performing AV products.

All of which means that MSE is not the ideal choice for casual or inexperienced Windows users, who are often more easily tricked into installing malware.

Bottom Line: In the right hands — primarily experienced Windows users — MSE is a fine, free security tool. I use it on my XP, Vista, and Win7 machines, and I’ve never run into trouble with an infection.

Windows Defender: Win8′s built-in security tool

What it is: Microsoft has a long history of confusing product names. In this case, the Win8 version of Windows Defender is nothing like the original Windows Defender for XP, Vista, and Win7. It is, in fact, effectively a renamed version of Microsoft Security Essentials.

What it does: In Microsoft’s own words, the Win8 version of “Windows Defender provides the same level of protection against malware as Microsoft Security Essentials.”

How it works: Win8 Defender is virtually identical to MSE in both appearance (see Figure 4) and function.

Windows 8 Defender

Figure 4. Despite its name, Win8’s built-in Windows Defender is really just a renamed and minimally altered version of Microsoft Security Essentials.

Important to know: Unlike MSE, Win8 Defender is built into the OS — so there’s nothing to download or install.

Bottom Line: Because Win8 Defender is really a rebranded version of MSE, I don’t recommend it for novices and inexperienced users. But it’s probably fine for anyone who takes the entire process of PC security seriously. I use it on my Win8 systems.

Two special-purpose cleanup tools

No software is perfect — that includes all anti-malware tools, from all vendors. Should your AV product fail and your system become infected, you need a powerful cleanup tool to find and remove the malware.

It’s also good practice to verify that Windows is truly free of malware — even if your full-time scanner appears to be working — by periodically running an AV tool that operates completely on its own.

Microsoft offers two such special-purpose, cleanup/verification tools. Microsoft Safety Scanner is exceptionally simple to use — just click and run. Windows Defender Offline is harder to use, but it employs the best possible techniques for detecting malware hidden at even the deepest levels of your system.

Microsoft Safety Scanner is a Windows security utility that thoroughly scans your PC (see Figure 5) to find and remove both malicious and potentially unwanted software. A standalone application, it’s active only when it’s actually running a system scan. (It’s not constantly on in the background.) That lets it coexist peacefully with whatever full-time anti-malware software you’re using.

Microsoft Safety Scanner

Figure 5. Microsoft Safety Scanner works independently of your other security tools and can clean an infected system — or verify that no malware is present.

Microsoft Safety Scanner is compatible with all current Windows versions: XP, Vista, Win7, and Win8. Its info/download page includes 32- and 64-bit versions.

Safety Scanner is extremely easy to use; simply download and launch it, and then select whether you want a quick, full, or custom scan. At the end of the scanning process, you’ll get a report of what Safety Scanner found and removed.

Windows Defender Offline (WDO) is Microsoft’s most powerful anti-malware tool for consumers. It’s a self-contained, downloadable utility that operates completely outside Windows. After you’ve downloaded and launched WDO, it steps you through the process of creating bootable media (CD, DVD, flash drive, etc.) and installing the WDO files. You then restart the PC with the bootable disc/drive.

Because WDO is both operating system and AV scanner, neither the Windows installed on the system hard drive nor any other software is active. Everything on the hard drive is effectively inert. This lets WDO detect malware that is in one way or another well hidden in the Windows system. Because it’s completely standalone, WDO can’t conflict with other security tools you normally use.

WDO targets a wide range of malicious and potentially unwanted software. In operation, it looks and functions almost exactly like Microsoft Security Essentials or the Win8 version of Windows Defender.

If WDO has a weakness, it’s in the task of creating the WDO media. If your system is having difficulty running because of an infection, you’ll need either a working system to build the WDO media or you’ll need to have media you created before the infection (in which case you might not have the latest virus signatures). If you have only one PC, I recommend putting the latest version of WDO on a flash drive once a month or so.

You’ll find both 32- and 64-bit versions of WDO for all current Windows versions (XP through Win8) on its info/download page.

Putting it all together

The following table (Figure 6) is your one-stop reference for Microsoft’s six desktop security tools. It concisely summarizes which Windows versions they’re for, which kinds of malware they target, and whether they’re for prevention or cleanup/verification.

Take your pick: they’re all free!

Desktop Security Tool Chart

Figure 6. Microsoft’s six desktop-PC security tools

Now if you made it through this entire article I am very proud off you.

Improving Smartwatches

Ok here we are half way through the first month of the 2014 and one of the technology trends I am most looking forward to keeping my eye on is wearable technology.

I have been using, fairly regularly Samsung’s Galaxy Gear smartwatch since last October and I have some thoughts about what Samsung needs to do with this to find more success with consumers, and I will get to my ideas after the following quick overview.

The Samsung Galaxy Gear is one of the most popular smartwatches in the world right now thanks to Samsung’s extensive marketing. Despite only working the Galaxy Note 2 &3 and a few other Android devices, the Gear continues to be a strong seller. One of the biggest problems here is that it is priced a bit higher than it should be at $299.  The Galaxy Gear  comes in a variety of colors and features a color AMOLED display, built-in 1.9MP camera and allows for notifications from your phone as well as voice calls. The Galaxy Gear runs various applications for email, SMS and social networks while giving you access to S-Voice, camera functions, music control and more.

OK so Samsung if you are reading this – this is what you should do in the rumored upcoming next version.

  1. Remove the camera all together. This will allow the band to be smaller and more comfortable and will probably also allow you to make the watch itself slightly smaller.
  2. Reduce the cost of the smartwatch. Obviously removing the camera alone will allow for this.
  3. Social networking interrogation which was almost non-existent when the watch was first released in October 2012 has been improved with a couple firmware updates and third party apps but further seamless interrogation is needed here.

There you go Samsung, see it’s really not that hard. Most users do not need or want a camera on their smartwatch. At 1.9MP and the odd angle you must use it as a camera simply makes the additional size of both the band and price a serious hurdle to success.