by Frank Schumacher

Back in June I wrote a bit about Viruses, Trojans and Phishing. Well, this fall I have been busy cleaning up infections caused by this breed of scam anti-virus programs called “Rogue Programs”

These new threats are generally “drive-by” infections. In other words, you visit a web site and a pop-up looking very much like a windows warning message indicates that a virus has been detected. At this point, almost anything you do will begin the download process. My current recommendation is to use Task Manager to kill your browser. (Make sure when you restart the browser that you do NOT restart the previous session if prompted to do so).  I have found these infections on PCs protected by McAfee, Symantec, and AVG.

To use Task Manager to stop your browser session, press Ctrl-Alt-Del, click on “Task Manager”, click the “Applications” tab, find your browser in the list (with most browsers, the text  at the top of the browser bar will be displayed next to the representative icon for your browser). Highlight the entry for your browser, then click “End Task”. If you were unfortunate enough to have clicked on this warning pop-up, you have probably installed the application.

Since these programs are “Rogue Programs”, and not specifically a virus or a Trojan, it appears the regular virus scanners don’t offer much protection. However, some of the anti-malware programs (such as Malwarebytes) do seem to offer some protection. Beyond the annoyance factor, the goal of these programs appears to be getting the user to click on the “Update” or “Upgrade” link where they attempt to get you to pay for an update to clear the false virus threats they claim to detect.

Following are some links to cleanup these “infections”. If you are not completely comfortable tooling around in the registry and file structure of your computer, call an expert.

Antivirus 2010:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

Personal Antivirus:

http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus

Security Tool:

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

You may contact Frank at:
F. Schumacher Business Solutions LLC

http://FS-BizSolutions.com

F.Schu@FS-BizSolutions.com

by Frank Schumacher

Last week I wrote about privacy settings in Internet Explorer 8, this week, I’ll look at the security settings. I’ll try and explain some of the “whats” and “whys” of the settings, and how you may wish to use the settings.

The first thing to do is to make sure that the “SmartScreen” filter is enabled. The SmartScreen Filter runs in the background, comparing the web addresses you visit to lists of known phishing and malware sites. If a match is detected, “blocking web page” will be displayed, and the address bar will appear in red. You can always choose to go to the blocked website, a pretty foolish decision.

What are these “blocked” sites?

Phishing, (pronounced fishing), is the practice of providing a link to a similar looking site in order to obtain password and pin # credentials. Frequently phishing originates with an email using images pulled, (linked), from legitimate sites, but click links that send you elsewhere. These are bad sites, but by simply paying attention to the address line of your browser you should never be scammed by a phisher. If you are so oblivious to where you are going on the Internet that you enter login and password credentials on a phishing site, you don’t get much of my sympathy.

Malware sites, on the other hand, are a bit more stealthy. If you are running an unpatched Windows XP computer with an older version of Internet Explorer, or you have SmartScreen Filter disabled, simply visiting a web site can result in an infection. These types of sites depend upon known flaws in how the browser processes scripts & controls, to install trojans, or botnet stubs that can turn your PC into a spammer’s tool, or even a weapon of foreign governments.

If you didn’t enable SmartScreen Filter when you first started Internet Explorer 8, do it now while you’re reading this post. To do so, click on “Tools”, and then click on “Internet Options”, then click on the tab labeled “Advanced”, and scroll to the end of the settings list. You should see an option “Enable SmartScreen Filter”; make sure there is a check mark in the check box.

Next, make sure that your security settings are in “Medium-high” or “High” mode. To do so, once again, click “Tools”, “Internet Options”, and then click the “Security” tab. Make sure the option “Internet” is highlighted, and that the security level is set to at least “Medium-high”. This setting should be adequate. However, a recent bug in security certificates was just uncovered that could still put you at risk in “Medium-high” mode. Hopefully this will be corrected within the next few weeks.

Finally, go into your “Control Panel” and make sure that your firewall is enabled. Ideally you should also be running an anti-virus program too. Consumers may download and install several free anti-virus programs. I have found Avast or AVG Free to be pretty good free solutions. In my opinion, failing to keep your PC from being infected is as irresponsible as yelling fire in a crowded room.

Do you know about cookies? Cookies were created to allow a web site to remember who you are and where on their site you last visited so that in future visits you could be taken right to the same spot. Unfortunately, unscrupulous web sites realized they could open a cookie, and as long as the session was open they could track everywhere you went after visiting their site. Since at least Internet Explorer 5 you have been able to control cookies.

In IE 8 simply click “Tools”, “Internet Options”, then the “Privacy” tab. By default the setting is at “Medium” if you bump up to “Medium-High” you block any cookie that keeps information that identifies you, however, you will probably have to click the “Sites” button and add your bank and bill-pay site to enable proper access.

If you just want to see who is creating cookies, click the “Advanced” button, check the “Override automatic cookie handling”, then click on “Prompt” for both types of cookies. Now visit all your regular web sites and you will be prompted each time a site attempts to create a cookie.

With Internet Explorer 8 there is a new option “InPrivate Browsing”. With this setting third party toolbars and Internet Explorer extensions are disabled by default. Additionally, all browsing history and temporary files are deleted on termination of the session. This setting is best used if you are using a “public” computer. However, don’t think your browsing trail is hidden, the ISP will still have records of your IP address, and sites you visit will still have this address information. Contrary to some public misinformation, the feds will still be able to find you if you are into bomb making or pornography.

Just turning on the “InPrivate” setting doesn’t eliminate all of the info that is passed to web sites you visit. To really clamp down, you must set “InPrivate” filtering to automatically block, and cookie security to high.

What is this filtering? From the help screen:

“When you visit a website that contains content from another provider, some information about your visit is automatically sent to that provider.

“As you visit additional websites that contain content from the same provider, the provider could build a profile of how you browse the web.”

If you set your cookie options to high, and enable InPrivate auto blocking, almost all features that make internet browsing an enjoyable dynamic process will be disabled, and many sites will be unavailable. However, the vast store of information that is being continuously collected as you browse will be almost eliminated.  To use this kind of restricted setting, you would have to use the “Sites” button on the “Privacy” tab to allow cookies on sites that require login, (ie banking, shopping and news sites).

Next week I’ll spend some time on the security settings of Internet Explorer 8.

Back in May the Wall Street Journal reported that Twitter had 32.1 million users, Facebook and MySpace each have about 70.3 million users, and Linkedin claims 35 million users. Statistically there have to be quite a few criminals on these social sites. And oh, your supervisor or H.R. manager may also be checking these sites to check out employees or potential employees. Have I made you nervous?

Facebook, Linkedin and Twitter all have security settings that allow you to limit who gets to see what you’re posting. MySpace does too, but since it is primarily populated by High School and College students I’m going to ignore security there. (After all, if the youthful users were going to use the security settings they would already be doing so).

In Facebook, place your cursor on Settings and then select Privacy Settings. This gives you the opportunity to limit options to Everyone, Friends of Friends, Friends and Networks. If you intend to post party photos, or family photos then you should probably limit security on Photos to just Friends, do the same with Wall posts, (your comments and observations may seem amusing, but think how you would feel if your grandmother was reading them…I thought you’d cringe).

In Twitter, go to Settings, Account and check the box “Protect my updates” this will restrict your tweets to just those followers you approve.

With Linkedin go to Edit Profile, then click “Edit Public Profile Settings”. This will allow you to uncheck items you do not want to share with anyone on Linkedin.

Coming soon to Facebook are new security settings which will allow even more granularity where you can limit individual items to only specific friends or groups of friends. You should also be careful when “accepting” application invitations from friends on Facebook. Many of these applications must be given the ability to access your Facebook account. In most cases this is completely innocuous, but, if the application is hacked then you may risk third party access to your Facebook account.

Of course I’ve already warned you about clicking one of these links on your wall, or your twitter home, and then entering your login name and password. This “phishing” is how many accounts have been accessed by unscrupulous web hackers.

Good luck, and I hope you don’t encounter any unscrupulous users on the web, however, a little caution goes a long way. In future articles I am going to address security settings in the browsers I use; Internet Explorer 8, FireFox 3.5 and Chrome 2.0.

Enjoy the holiday weekend, and have a safe July fourth celebration!

From all of the chatter on the Internet one might think the IRS just decided to declare employer provided cell phones as taxable benefits. Actually, they have been so designated since 1989.

If your employer provided you with a cell phone, you or your employer, should have kept a detailed log of all calls, and designated any personal call as a taxable employee benefit. From the 1989 law: “At a minimum, the employee should keep a record of each call and its business purpose. If calls are itemized on a monthly statement, they should be identifiable as personal or business, and the employee should retain any supporting evidence of the business calls. This information should be submitted to the employer, who must maintain these records to support the exclusion of the phone use from the employee’s wages.”

When I started to receive email notifications that the IRS was cracking down on the issue of cells phones as a benefit, I too was concerned. However, when I read the original request for comment, it was obvious that the IRS was attempting to make record keeping easier. I imagine it was the concept that the IRS was seeking to simplify something that caught everyone off-guard, and so they assumed it was a new way to tax income.

The original IRS request for comment contained three options for handling the existing regulation.  One is to deem 75 percent of work cell phone use as related to work and the remaining 25 percent for personal use. Employees would be taxed on the value of the personal minutes. Under a second option, employees would provide proof that they have a personal cell phone to use during work hours. A third would let employers use a statistical sampling to determine the average workers’ use of the cell phones for personal calls.  Fortunately, IRS Commissioner Doug Shulman posted this statement: http://www.irs.gov/newsroom/article/0,,id=209795,00.html which clearly calls for the revocation of the 1989 law.

Legislation that would have revoked this law passed the House in 2008, (H.R. 5719, the Taxpayer Assistance and Simplification Act of 2008). Representatives Earl Pomeroy and Sam Johnson (R-TX) re-introduced the legislation (the Modernize Our Bookkeeping In the Law for Employee’s Cell Phone Act of 2009, H.R. 690) to address this issue in the 111th Congress. In the Senate, Sens. John F. Kerry (D-Mass.) and John Ensign (R-Nev.) have introduced a similar bill. Write your Congressman and urge them to support the legislation to revoke this outdated law.

In the past, junk information came to us through email, forwarded by friends of friends, and full of misinformation and urban legends. Now it shows up on iGoogle in your breaking news widget. For all of the readers that thought this was a new way to extract taxes, it only took me thirty minutes to find excellent explanatory articles from the Washington Post, CCH, the IRS web site, The Long Island Business News and the Internet Business Law Services. In this age of instant misinformation, I urge everyone to checkout these breaking news feeds before reacting.

Going on vacation? Stop your mail, stop your newspaper … stop your tweets. Big brother’s not the only one looking.

Do you tweet? Post to Facebook? Do you know what those are? If you answered yes, keep reading.

Early in June an interesting news story started making the rounds of my technology publications. Thieves are not just cruising neighborhoods for deserted houses, now they just check Twitter, Facebook and other social networking sites. Even worse, some cameras, and camera phones, embed GPS information in the EXIF area of your photos.

Don’t know what the EXIF information is? Well, each photo you take has information about the camera model and the settings used to take the photo. What I didn’t know is that some images now contain the GPS information, and there are now GPS devices on the market that can open that image and map the route to the GPS destination. Even without that shortcut, anyone can open the extended information and simply manually input the GPS information into a GPS device.

You are now providing nice photos of what can be stolen, and detailed information on how to get to your house! All the thieves need to have now is the information of when you are going to be away from home. With so many people posting day by day, and painfully hour by hour, updates of everything they are doing, we all know when they’re not at home.

From USA Today, (http://www.usatoday.com/travel/news/2009-06-08-twitter-vacation_N.htm ) a story about Mr. Israel Hyman:

While they were on the road, their home in Mesa, Ariz., was burglarized. Hyman has an online video business called IzzyVideo.com, with 2,000 followers on Twitter. He thinks his Twitter updates tipped the burglars off.

“My wife thinks it could be a random thing, but I just have my suspicions,” he said. “They didn’t take any of our normal consumer electronics.” They took his video editing equipment.

He also admitted that photos posted on his Flickr page had GPS tags and showed computers, bicycle, and large flatscreen TV, all easily pinpointed on an online photo map.

Don’t panic, there are several things you can do to proactively protect yourself. First, if not always, then at least when planning to leave town, protect your tweets. Simply configure Twitter to only allow approved followers the ability to view your tweets. Don’t forget Facebook, or other social sites, they too should be set to allow “wall access” to only approved friends or followers. If you have already approved people you don’t know, then don’t post details that let anyone know you are out of town. Finally, check your camera phone settings and disable the GPS tags before you start snapping photos of your vacation. Alternatively, many photo editors allow you to modify the Exif information, and if not there are free Exif editors available online.

I just downloaded and tested a simple exif editor from Kiwi Software, (http://www.photo-freeware.net/quick-exif-editor.php), which allowed me to edit every available setting. This might be a good idea for editing and republishing any tagged photos that you may have already posted.

Enjoy your vacation, hope you know everyone watching. Find me on Twitter as fschu, or on LinkedIn .

If your primary use is to send photos via email, order standard 4×6 prints, or post on Facebook or Myspace; then you fit into the typical consumer profile, you should look for a basic 5 – 8 mega-pixel camera with full automatic settings. Most consumers will get all the camera they can use for $200 or less. My personal preferences at the upper end would be the Nikon Coolpix L100 ($200-$280) or the Coolpix P60 ($150-$250). The upper end camera you should look for will have preset Portrait, Landscape, Sports/Action, Beach/Snow, Sunset, Dusk/Dawn, Close Up, Panorama Assist, Back Light modes, image stabilization and facial recognition features. And, don’t forget the ergonomics, it is best to feel a camera in your hands, and see how the viewfinder and LCD display work before making a purchase. It is well worth the small premium you’ll pay to visit a camera store where you can get quality answers, and the opportunity to use the camera.

Zoom: 3x to 5x OPTICAL zoom is standard; I consider 5x optical zoom to be the benchmark. (Digital zoom is useless on any camera less than 12 mega-pixels, and even then, not that good). Optical zooms in the 10x to 20x range are great for sporting events, but generally require a camera with Sports/Action settings, or that allow you to adjust your aperture, exposure and focus. The more you zoom, the more image stabilization will be of value.
Batteries: For maximum flexibility look for a camera that uses standard size AA batteries. This allows you to use rechargeable batteries, but the ability to purchase standard batteries when you are away from your charger and the battery low light comes on. Pay close attention to battery life. I have a decent 7 mega-pixel camera that consumes batteries so fast I carry four extra batteries for a one-day trip. On the plus side the LCD display is bright and visible in sunlight. (“AA” Four battery cameras usually provide well over twice the photo count of “AA” two battery cameras).
Pixels: Size is not nearly as important as most people think; a 5 mega-pixel camera is capable of producing excellent quality 5×7 prints, or uncropped 8×10 prints. If you want to crop your photos and get a good 8×10 print, move up to 8-to-10 mega-pixels. If you are really into photography, then look at the 12 mega-pixel cameras, but by then you are probably looking at an SLR (Single Lens Reflex – your viewfinder uses the same optics as those used to produce the image) body with a range of lenses.
Memory: Cameras use various forms of digital storage. You should look for a camera that accepts Micro SD or Micro SDHC cards, although SD and Compact Flash are still available. Size is important, but speed will affect your photography. The higher your pixel count, the larger your image files, and consequently the more important it is to have fast storage.

Cool Features
Image Stabilization: Most upper end 8 – 12 mega-pixel cameras offer some form of image stabilization. Make sure you can enable or disable this feature as it can make action photography difficult, but it can be a big help for the occasional photographer.
Facial Recognition: Another cool feature that helps the occasional photographer, this is used by the camera to optimize focus and exposure for faces.
Manual Focus control: This can be helpful since auto-focus may not select the focal point you are trying to shoot. However, if the feature requires holding buttons and only limited control it will be too difficult to use. Look for this on a fixed lens SLR where it will be the most useful.
Exposure and Focal controls: Nice features, but they will require navigating through menus on the LCD display. Most day – to – day photographers will rarely use these features.

To begin, let’s define the common terms.
Virus – a malicious program designed to either cause harm to PC data, steal data, or to display a message on an infected PC, (the old innocent days of viruses), indicating the presence of the program.

Trojan Horse – programs named for the fabled “Trojan Horse” of Greek mythology, the program creates a “back door” for illicit access when the PC is infected. Once infected, the program grants access to the PC for a person, or program to take over certain aspects of the PC, usually for the purpose of stealing data, attacking, exploiting or spamming other PCs on the Internet.

Malware/Adware – is a class of program that, although not necessarily malicious, is extremely annoying. It generally is linked to a browser, (Internet Explorer, FireFox, Safari, Chrome, Opera, etc), for the purpose of gathering information and facilitating advertising and browser pop-ups. Some of the worst of these can cause dozens of windows displaying adult sites to open every time a user opens their browser.

Phishing – a method of gathering private information by creating a similar looking site to capture login names and passwords for fraudulent purposes. Usually the user is directed to the fraudulent site through a “link” on a web site or within an email that imitates the actual web site.

Worm – self replicating program, which can act as a virus, or a Trojan Horse. These programs use either unpatched “holes” in browsers and operating systems, or they take advantage of browser features designed to provide dynamic interactive web sites. (ActiveX, Java, and Flash are the typical sources of these exploits).

The idea behind this product is quite simple. Add a NAS (Network Attached Storage) device to your network, create a first level folder, let’s say \DSM, and then share this folder. Install the document storage/management software, and follow the instructions to create up to four additional folders, (called drawers). The next step is to use the management software to create the content folders (think hanging files containing additional tabbed folders). For example, if the first drawer is labeled “Client”, then each sub-folder would be created using your assigned client numbers, or in the case of the install example, the client name. As each “client” file folder is created the system automatically creates the sub-folders, (as you listed at installation), within each client folder.

In this example, we have a four drawer file cabinet with one drawer labeled “Client” inside that drawer are hanging files with a client name or number tab on each, then within each hanging file there are numerous tabbed folders with names such as Invoices, Contracts, Correspondence, etc.

Recently I was reading an article about typical IT mistakes businesses make, and realized it was nothing more than a sales pitch for expensive products and service. Have you ever had an IT consulting or services company present a system design that seemed outrageous? Unfortunately, that is frequently the normal mode of operation. After all, vendors that have the ever-increasing sales of product as their prime directive train the sales and marketing staffs of these IT companies.

The complexity of integrating technical hardware and software into specific business processes is beyond the skills of most small business owners, as well it should be. Entrepreneurs start businesses in fields where they have specific skills and knowledge, they should not be expected to learn IT management as well. What they must do is partner with a professional that understands the basics of their business processes, and can integrate the appropriate hardware and software into this environment.

Unfortunately, many businesses fall prey to a market that is designed to keep pushing businesses out on the edge of developing technology. This “bleeding edge” concept places the small business in a precarious position where a minor misstep can be catastrophic. Typically, a small business goes down one of two paths. The first path businesses take, the hiring of inexperienced personnel to manage the IT department, (or dumping that function on the employee that exhibits a moderate level of IT knowledge). Path two, allowing an outside IT organization, that is motivated by increasing levels of product sales, to design and implement a system. This second approach tends to work like feeding a snake, huge cash outlays every five or six years, and major personnel stress while making these big step conversions.

Fortunately, it doesn’t have to be like this. After 27 years in the IT sector, I have found the ideal relationship is that of a partnership between the business and the IT provider. Following are some of the techniques I have used over the years to keep software and systems optimized for productivity while maintaining a tight budget to maximize ROI.

Mistake #1: Falling prey to the hype of new technology
Forget the hardware until you have the right software, determine the business process to be automated, identify the software to automate those functions, and then shop for the hardware. What most businesses will find is that the vast majority of their functions do not require state of the art hardware technology. Graphic applications, or very complicated financial spreadsheets may require the newest, fastest hardware, but don’t overspend on unnecessary features.

Mistake #2: Not testing backup systems
Many small business owners assume that just because backup hardware or software is present, data itself is protected. Big mistake! Just because a server has an internal or external tape drive doesn’t mean that tape drive is actually working, or that the backup process has been properly defined. Small businesses should perform testing on backup software 2-4 times per year. These tests need to confirm that the data is being written to the drive, and that once restored the data can still be used by the applications. It is far more costly to recover lost data than to perform the proper testing of backup systems.

Mistake #3: Not understanding technology life cycles
Manufacturers call this life cycle MTBF, or mean time before failure, (typically 5+ years). What this means is that once the MTBF time has been reached half of the hardware has experienced a failure. After this point any hardware that is in a critical function should be replaced; however, non-critical use can continue as long as the technology continues to support the software. PCs can serve in most functions for 4-6 years; servers should have replacements planned at 3-4 years.

Mistake #4: The install and ignore mentality
A common error made by small businesses; however, making this mistake with IT hardware and software is ill advised. IT hardware and software requires routine regular maintenance, upgrades and adjustments. As with any mechanical device used in production, ignoring maintenance frequently results in catastrophic failures at the most inopportune times. PCs, servers and software need continual care so they can perform at optimal levels. A small business, should hire someone who can see the “big picture”, updates to one component frequently impact every other component of the network. If you don’t take care of the periodic maintenance, the question becomes not if you’ll have a problem, but when and how big.

Mistake #5: Not budgeting software and hardware upgrades
The nature of software marketing has conditioned most people to the concept of annual or bi-annual updates. In fact, to help businesses budget, many software vendors now market maintenance agreements with monthly, quarterly or annual payments that insure up-to-date software and support. Unfortunately, many businesses don’t plan to upgrade their hardware until it is either in failure, or no longer supports the software. This results in severe cash restraints that might come at inopportune times in the business cycle. Ideally, hardware purchases should be planned 2-4 times per year with a goal of complete PC and server turnover after 4-5 years of operational life. Planned upgrades result in fewer business interruptions, and can be scheduled based on your specific business cycle. Planned upgrades also allow businesses to match their technology needs with their operating plans and business cycles.

Mistake #6: Not matching the technology with the use
Everyone knows that IT–from new software to hardware implementation–is expensive. But what most vendors don’t tell you is that not every user has to have the newest technology. With typical office applications and users, you can use PC and server equipment coming off corporate leases. A business can acquire two-year-old hardware for as little as 25% of original cost with 60%-75% of operational life remaining.

Mistake #7: Skipping user training
This is a problem that’s less about equipment and more about human nature. Training is an absolute must for small businesses. Without the proper training on software or hardware, well-intentioned equipment purchases are useless. Small business owners should train their employees on all IT elements whenever possible. A well-trained staff and a solid set of IT equipment will save your company time, money and plenty of headaches. Preserve your investment by keeping staffers up to speed.

Mistake #8: Skimping on anti-virus, firewall and login security
Many small businesses cannot imagine why someone would want to access their systems, or steal their data. Security is one the biggest concerns for IT professionals, and is one of the fastest growing software and hardware segments. Installation of solid malware, spyware, and anti-virus systems are a requirement. Improperly protected systems can be compromised simply be visiting a web site or opening an email. Data theft is not the only problem presented by these insidious programs; I have found PCs and servers running hundreds of processes spawned by malware, spyware and viruses. The result is poor performance, hardware lock-ups, and data corruption, in addition, employee and customer data may be stolen and sold for the purposes of identity theft or fraud.

Mistake #9: Using pirated software
Software licensing, it may not seem right to have to pay hundreds of dollars for each user on your network, but as with pharmaceuticals, software requires a long and expensive development process. Software is a protected intellectual property falling under the control of federal laws and international treaties, and the penalties for ignoring this can be disastrous to your business. With older software, you could probably get away with this, but with modern software that periodically checks and downloads updates, your usage is no longer anonymous. If you use it, buy it, if you install on multiple PCs or servers make sure you comply with the license agreement.