There have been plenty of important inventions over the last 100 years among those is the computer. Unfortunately, they come with a downside: Destructive malware such as viruses have become a major problem for computer users because viruses have been built up to such mythical proportions that many users simply don’t know fact from fiction.

A virus is a computer program that infects a computer and can generally copy itself and infect other computers. Most viruses aim to cause havoc by either deleting important files or rendering a computer inoperable. Most viruses have to be installed by the user, and usually come hidden as programs, browser plugins, etc.

You may hear the term malware used interchangeably with virus. Malware is short for malicious software and is more of an umbrella term that covers any software that aims to cause harm. A virus is simply a type of malware.

Now that you know more about viruses and malware, here are five common myths about viruses that confuse people, and the truths associated with them.

Myth 1: Error messages = virus 

A common thought many have when their computer shows an error message is that they must have a virus. In truth, bugs in the software, a faulty hard drive, memory or even issues with your virus scanner are more likely the cause. The same goes if your computer crashes, it likely could be because of something other than a virus.

However, if you do see error messages, or your computer crashes while trying to run a program or open a file, you should scan for viruses, just to rule it out.

Myth 2: Computers can infect themselves
It’s not uncommon to have clients bring in their computers  and exclaim that a virus has “magically appeared” on the system all by itself. Despite what some may believe, viruses cannot infect computers by themselves. Users have to physically open an infected program, or visit a site that hosts the virus and download it.

To minimize the chance of being infected you should steer clear of any adult oriented sites – they are often loaded with viruses,. A good rule of thumb is: If the site has illegal or ‘adult’ content, it likely has viruses that can and will infect your system if visited, or if you download anything from there.

Myth 3: Only PCs can get viruses
If you read the news, you probably know that many of the big viruses and malware infect mostly systems running Windows. This has led users to believe that other systems like Apple’s OS X are virus free.

The truth of the matter is: All systems could be infected by a virus, it’s just that the vast majority of them are written to target Windows machines. This is because most business computers run Windows. That being said, there is an increasing number of threats to OS X and Linux, as these systems are becoming more popular. If this trend keeps up, we will see an exponential rise in the number of viruses infecting these systems, too.

Myth 4: If I reinstall Windows and copy all my old files over, I’ll be ok
Some believe that if their system has been infected, they can simply copy their files onto a hard drive, or backup solution, reinstall Windows and then copy their files back and the virus will be gone.

Wiping your hard drive and reinstalling Windows may get rid of any viruses. However, if the virus is in the files you backed up, your computer will be re-infected when you move the files back and open them. The key here is that if your system is infected, you need to scan the files and remove the virus before you put them back onto your system.

Myth 5: Firewalls protect networks from viruses
Windows comes with a firewall built into the OS, and many users have been somewhat misled as to what it actually does, and that firewalls can protect from viruses. That’s actually a half truth. Firewalls are actually for network traffic, their main job is to keep networks and computers connected to the network secure; they don’t scan for viruses.

If a virus is sending data to a computer outside of your network a firewall may pickup this traffic and alert you to it or stop the flow of data altogether. But some of the bigger viruses actually turn off the firewall, rendering your whole network open to malware attacks.

What can I do?
There are many things you can do to minimize the chances of infection. The most important is to install a virus scanner on all of your systems, keep it up to date and run it regularly. And, it’s just as important to be proactive by:

• Not installing programs from sources you don’t know or trust
• Being wary of any program that asks you for your password
• Not installing any browser add-ons or plugins suggested by websites. Instead, download them from the browser’s app store, or the developer’s website.

If you are worried about the security of your systems and network, call us today at 203.987.4566. Our team  can work with you to provide a plan that will meet your needs.

One of the more popular debates about the Internet is: who exactly owns your data and information when it goes online? Most of the information regarding this is held in the Terms of Service, which most people click and agree to without reading. The interesting thing about this is that web oriented companies usually update their policies on regular basis and often introduce changes you may not be aware of. With so many websites, it can be a chore to keep track of all these changes.  Luckily there is an online database that makes this easy.

Since Terms of Service for websites change on a fairly regular basis, it’s hard for us to know if and when such changes have been made, and what exactly has been changed. That’s why a group of lawyers and professionals started Docracy. According to the website, “Docracy is a home for contracts and other legal documents, socially curated by the communities that use them.” The company aims to make legal documents freely available.

Part of this site is the Terms of Service section which is a database of over 1,000 popular websites’ Terms of Service and Privacy policies. It tracks them and notes when changes are made, and highlights these changes so they are easily found.

If you visit the site here, you can see a list of changes that companies have recently made, and clicking on one should give you basic change information. Clicking on See Full Changes will bring up the full doc with the recent changes highlighted.

Selecting See Full Directory will bring up every policy that the website tracks, and allow you to read them.

Is this useful for my business?
Online law is very complicated, and many companies that run websites that you may have accounts with often don’t make it easy for you to find legal contracts or policies. A good example of where Docracy is helpful is if you want to know who exactly owns your content stored on a popular cloud service. You can go to Docracy’s database and quickly find the related Terms of Service. From there you can download the document and look through it, or view it on the site.

Basically this site can help you get a clearer picture on the various contracts you sign with websites, and how these websites plan to use your data. For many business owners, knowing exactly what other companies are going to do with your data can help you find a more secure solution. After all, being prepared with the correct knowledge is half the battle.

If you would like to learn more about Docracy, or how a change to a Terms of Service could affect your business please contact us today.

Imagine you’re at the airport waiting for a flight when you look down only to discover that your laptop is missing. This isn’t a great thought, especially since many of us have important files and programs that we can’t afford to lose. The problem is, if your device has gone missing, and your files aren’t safely synched to the Cloud,  the chances of you recovering it are slim. The good news is that there is a solution that makes it possible for you to track your device.

Prey is an Open Source – free – program that you can install on your computer or mobile device and track it when it’s missing, or been stolen.

How it works
First you have to download the software – from here – onto your computer (Windows, Mac or Linux are supported), and sign up for an account. Then, you’ll have a couple of options: You can either sign up for an account with Prey and access a control panel through the website, or install it as a standalone which is recommended for advanced users as it requires some server configuration.

If you chose to go with the Web option you sign up for an account and install the software then register your main device along with extra ones like an Android, or your iOS device. Once you have downloaded Prey and linked them together, you are ready.

For mobiles, you can send these a text (from the Web Control Panel) which will initiate the established options you have pre-set for when your phone goes missing.

How Prey finds your device’s location depends on the device. For laptops, it can turn-on your Wi-Fi connection and try to connect to the nearest access points. It can take the IP address of each Wi-Fi access point and from there get an approximate location – in some areas as close as 200 feet. On your phone, it turns on the GPS (if available) and tries to connect to Wi-Fi networks in range. These two combined can generate a fairly accurate location.

All this tracking information is sent to your inbox in the form of a report, which can be tailored to meet your needs.

What makes this program different from other similar ones is that it can be installed across multiple platforms and managed from one account. It’s also free, which makes it even more attractive. There is also a Pro version which allows you to track more devices, for a monthly fee (USD$5 for 3 devices up to USD$399 a month for 500 devices).

Prey is just one of the many device tracking programs, and installing one may be a good idea, to give you a greater chance of retrieval if your phone or computer is lost or stolen. Do you use one already? If so, which one? If you would like to learn more about Prey and the other device tracking programs please let us know, we may have a great solution for you.

For computer users everywhere the threat of a security breach is an ever-present one.  The thing is, many systems are secure enough from outside attacks, and many scammers know this. As a result, they’ve switched tactics and have taken to masquerading as Windows technicians, hoping to get users to give up their credit cards.

These deceptions generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft. The scammer usually tells you it’s time to renew the software protection licenses on your computer in order to to keep it running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails,  in order to gain your trust. Once trust is established, or the user seems interested enough, the scammer will offer a sweet deal: They will offer a service that will make your computer run like new, usually for a seemingly reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having. They will usually show you the Windows Event Viewer – a part of the operating system that shows errors, usually harmless, that your computer has generated. The scammer will then tell the user that these errors are harmful, and if you have already provided your credit card or other payment information, they will make it look like they are cleaning your computer.

What’s being done?

Governments are aware of this increasingly common trend, and have taken measures to shut down scammers. This article from ars technica gives a good overview of what exactly the FTC is doing, while another article provides a first-hand account of how the scammers operate.

What can you do?
To ensure you don’t fall prey to this trickery, these five tips should help you identify a potential scam:

1. Microsoft doesn’t call people.
2. Windows Event Manager is a log of errors for ALL programs.
3. Microsoft employees will never ask for your passwords.
4. Most of these scammers operate out of call centers in India, but bill from the US.
5. Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine.

If you have any questions about computer security email us at sales@virtualdensity.com.  We’ll answer all your questions and promise not to call during dinner.

Security of technical systems and devices used in the office environment is an issue that is important to many companies. Businesses often go to great lengths to ensure that their systems are secure from external threats, yet often fail to take into account inner threats. One of the most common inner security threats is that employees have too much access to systems. A recent survey’s findings have highlighted this problem too.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don’t know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it’s highly likely that many managers don’t know who has what access rights to computers.

The survey also found that 20% of all respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don’t.

Is this a big deal?
One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won’t spread to other systems in the network without direct transmission. Similarly, if a user can’t install programs because they lack the administration privileges, malware, for the most part, won’t be downloaded and installed.

If a user with full administrative privileges and downloads a piece of malware, chances are high that they won’t even notice it’s been installed and it will be transmitted to other systems with ease. In fact, one of the main ways hackers gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it and then follow the chain up to more vital network systems.

What can you do?
While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don’t need administrative access privileges.

If you want help determining who has admin access or want to know about the general health and safety of your network, let us know.  We’ll perform a free (yes, free) network assessment for you and review the results with you.  That way you can make informed decisions about your network.

Call us 203.987.4566 or email us sales@virtualdensity.com to schedule your free (yep, still free) network assessment.

This morning’s crop of junk mail (properly sorted by SmarterMail into my junk email folder!) includes the email I copied below.

According to ehackingnews.com clicking on any of the links included in the original email (but redacted here for your safety) would bring you to a malicious website. “The site hosts the BlackHole Exploit v2.0.  If victim’s system has vulnerable software, the page will exploit the vulnerability and drops the virus.”

So, remember!  Never, ever click on a link that you’re not sure about – not even once!  If you think an email might be legitimate, go to the page in question yourself the way you usually do, not by clicking the link in the suspicious email.

If you have any questions about email that you received you can call us at 203.987.4566 or forward a copy to me jenn@virtualdensity.com and let me know how I can help.

From: “BERTA THOMSON” <ArthurErne@lt-v.de>
Sent: Thursday, December 20, 2012 9:15 AM
To: jmorandi@virtualdensity.com
Subject: You have been sent a file (Filename: Jmorandi-916621.pdf)

Sendspace File Delivery Notification:

You’ve got a file called Jmorandi-81934.pdf, (995.6 KB) waiting to be downloaded at sendspace.(It was sent by BERTA THOMSON)

You can use the following link to retrieve your file:
Download Link

The file may be available for a limited time only.
Thank you,
sendspace – The best free file sharing service.
———————————————————————-

Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.

It seems that the spammers of the world are using the holiday season to gift the world over with more and more virus-ridden spam email. This morning in my spam filter, I found this little gem.  It came to me and eight others in the company, which is the first tip-off that it’s spam. Why would my credit card company tell everyone in the company about a potential problem?  That’s not right!

The one thing that the last few spam posts have had in common is that they all have a .zip file attached.  That’s the key.  If there’s a .zip file  attached and you aren’t 100% sure of it’s origination DO NOT OPEN or download it.  It’s really that simple.

Here’s the email I received, though I did edit out the recipient email addresses.

From: “American Express” <Allison_Ballard@americanexpress.com>
Sent: Thursday, December 13, 2012 11:09 AM
To: myname@virtualdensity.com
Subject: Recent Activity Report – Incident #F9MN6YNR

As part of our security measures, we deliver appropriate monitoring of transactions and customers to identify potentially unusual or suspicious activity and transactions in the American Express online system.

Please review the “Suspicious Activity Report” document attached to this email.

Your Cardmember information is included in the upper-right corner of this document to help you recognize this as a customer service e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at http://www.americanexpress.com/phishing

Thank you for your Cardmembership.

Sincerely,
Allison_Ballard
Tier III Support
American Express Account Security
Fraud Prevention and Detection Network

Copyright 2012 American Express Company. All rights reserved.

You wouldn’t believe it if a stranger walked up to you and said they’d just deposited money into your account, would you?  So, why on earth would you fall for the email below?

Instead of opening that attachment you should check with your bank directly to see if a wire transfer has been credited to your account.  Never, ever, ever open an attachment from a sender you don’t know and trust. Ever.

I’ve copied the email I received yesterday morning below so you can see it. If you get an email like this just delete it.  There is no such thing as free money.

Not sure if what you got is spam? Call me at 203.987.4566 or email me your question jenn@virtualdensity.com

From: “support@digitalinsight.com” <support@digitalinsight.com>
Sent: Wednesday, December 12, 2012 11:23 AM
To: newsletter@virtualdensity.com
Subject: Incoming Wire Notification

Incoming Wire Notification.

An incoming wire transfer has been received by your financial institution and the funds deposited to your account on 12-12-2012.

Please review the transaction details in attached report.

Security is an internet issue that has never really gone away and with all the security related incidents in the recent past, it’s clearly not going away any time soon.  The vast majority of breaches target user’s personal information, which could lead to identity theft.

In the first quarter of 2012, nearly 12 million pieces of online identification and personal information were stolen by thieves. This represents a nearly threefold increase over the same time period in 2010. A staggering number for just three months, and the number will likely increase in the years to come.

With this large amount of information being stolen, the question many are asking is why is this increasing? There are a number of reasons, the biggest being that people are signing up for more online accounts. Take a moment to try and count the number of accounts you have online (personal and business email and banking, online shopping, auction sites and so on). On average people have 26 online accounts. Now, think how many passwords you use for these online accounts. An overwhelming majority use five or fewer. If thieves get a hold of one password, chances are nearly 80% that they will be able to gain access to other accounts.

If you are one of the many users who use the same email for a number of different accounts, the chances of having vital private information stolen from an account breach is nearly 100%. If you’ve connected or stored copies of identification or credit cards using an account that gets hacked, there’s no stopping someone from stealing your identity.

A recent study conducted by Experian, a credit-checking company, found that 14% of identity theft victims experience refusal of loans and credit-cards, 9% have debt racked up in their name, 7% are refused phone contracts and 7% are chased by debt collectors. While potentially scary stuff, most theft can luckily be prevented. You should ensure that you use a different password for every online account, that no important information (e.g., credit card, Social Insurance, Passport, etc.) is stored online and you use a password that is hard to guess.

A lot of sites now use security questions as a means to double check your identity when a password is lost or forgotten.  You should make note the answers to these questions so you don’t end up locking yourself out of an account by giving the wrong ones.  If you’re concerned about possibly leaking out pertinent personal information by answering these questions, then make up some answers!  But be sure to write down the answers so you don’t forget them if you need them.

If you’ve got any questions about online security and identity theft, just give us a call at (203) 987.4566 or email us at sales@virtualdensity.com and we’ll be glad to help.

I sent a client an email the other day asking her to update the credit card that her company uses to pay for services.  In the email I offered two options:  call me or fill out the form I’d attached and fax it back to me.  A few moments later I got an email from her.  She sent me her credit card number, expiration date and CVV code in a reply email.  She might as well have written that information on a postcard and dropped it in the local mailbox.

Sounds like I’m over-reacting, right?  I’m not. You know that a postcard travels from one postal worker to another until it arrives at it’s destination.  Email travels from one user to another over the internet by being copied over and over again from one server to another until it reaches it’s destination.  If it’s not traveling in an encrypted format, there’s plenty of opportunity for the email to be copied by an unintended recipient during it’s trip.

So, don’t send your credit card or other personal identifying information via plain, unencrypted email.  Take a few extra moments and call the person or company requesting the information.  That way you can verify the need for the information and you can ask how the information is handled and protected on their end.  If you need encryption for your business’s email let us know.