Do I need to encrypt my hard drive? Unless your hard drive contains lots of private information that you wouldnt want an identify thief to have, you could just manually encrypt some of your personal files. Let's say someone breaks into your house and steals your computer. What information on your computer would you be most afraid of if it got into the wrong hands? For myself, it would probably be my tax files as they contain SSN information and other sensitive information. So I just encrypt it using 7zip. 7zip is an open source archival tool (like Winzip) which I use all the time for creating zip files, but it conveniently has an encryption tool built in. For instructions on how to encrypt files using 7zip, read the article below.
http://www.medicalnerds.com/how-to-encrypt-zip-files-securely-using-7zip/
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Monday, December 10, 2012
Monday, November 19, 2012
Kill the Password
Great (and scary!) article on how passwords arent really secure anymore.
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
Using a password manager is the least you can do.
http://www.simpleist.com/2009/01/secure-password-management.html
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
Using a password manager is the least you can do.
http://www.simpleist.com/2009/01/secure-password-management.html
Saturday, July 31, 2010
A Guide on How to Get Rid of Spyware
Some things to keep in mind before starting. Disclaimer.
- Reboots galore - you will probably need to reboot at least 5 times if not more.
- Backup - You should already have a back up of all of your files just in case as your system might get to an inoperable state. Always hope for the best but prepare for the worst.
- Time - At least 2 hours, but it all depends on how badly infected you are.
- Newbie - If you are a newbie when it comes to computers, you really shouldnt be doing following these steps. I'd recommend having someone more computer savvy doing it for you.
1. Clean out your system
The first thing you need to do is to try to clean up your system. This will help you get rid of all the unnecessary garbage on your computer. CCleaner is very safe as by default it only cleans up files that you really dont need like temporary browser or system files that are harmless to remove.
2. Uninstall
You most likely have some bad software recently installed on your computer. Check the 2 places. Click on Start-->Programs then you will find the most recent applications installed on the bottom of the list. Look for unfamiliar items. The next place is to go to the Control panel-->Add/Remove Programs. Review the list of applications and see which ones may be unfamiliar to you as well. After compiling a list of unfamiliar or strange items, use Revo Uninstaller to uninstall those applications. Revo Uninstaller will completely remove all traces of the program.
3. Control your startup
Windows has a list of items to launch or auto start when Windows starts say from after a reboot or turning on your computer. Spyware is notorius for adding unwanted items there. So even if you remove spyware by using antispyware programs, you can easily get infected all over again after a reboot. Use Quick Startup to view and remove any unwanted items. Pay close attention to the items that have a strong red rating. Keep in mind that these ratings come from other users who have had the same program start up. They also provide viewable comments that specify why they gave that rating and tell you why you do or do not need it. Be careful not to remove a program that is necessary for Windows to start up. Also, if you are not sure, you can always google the item to see if its safe to remove or not.
4. Install Microsoft Security Essentials
Install Microsoft Security Essentials and then perform a scan to get rid of the bad stuff. Continue to use MSE as it will actively monitor your system for threats. More Info
5. System Restore
If none of the above seems to work, you can try to think back to the last time when you felt that your computer was stable and normal. Then you can system restore back to that point. More Info
6. Start Fresh
As a last resort and a 100% method to get rid of any virus or spyware is to reformat your hard drive and reinstall Windows.
Saturday, May 22, 2010
The 10 commandments of Safe Computing
This is probably one of my most important blog entries as I have consolidated all of my computer security tips into a single post. Please take the time to read through it all as it has valuable information that will help to prevent any harm to you and your computer.
1. Thou shall not visit any unwholesome websites.
Gambling, Porn, and Illegal sites are such a few examples. If you ignore this commandment alone, then there really is no use following the rest of the commandments as infection is almost inevitable. Visiting these sites is like strolling through the ghetto and hoping that nothing bad will happen to you. In other words, you are asking for it. I hate to break it to you but most of the Internet is not safe. And even sites that ought to be safe might not be because they themselves might have been unknowlingly compromised or hacked by some bad guys. Nowadays, your computer can get infected by merely visiting a site versus downloading and installing a malicious program.
2. Thou shall not click on pop ups.
Im sure you are familiar with those annoying pop up ads as they seem to pop up everywhere. Some pop ups are really sneaky and evil. There are pop ups that tell you that your computer is infected and you have to click on them to perform an emergency scan to get rid of it. You then proceed to install a software program that is more often than not a spyware program. No matter how convincing they are, do not click on them.
3. Thou shall not click on links...
in emails, IM clients or URL shorteners. (ie. Tinyurl.com)You have to be 100% sure that the link is legit and safe. Most people think that if the link is from someone you know, then you can assume that it will be safe to open. WRONG. The problem is that your friends computer could be infected with viruses. These viruses can use your computer to automatically send out harmful emails to everyone in your address book. Even the buddies on your instant messenger program can unknowingly send you instant messages that say "hey, check this out!" accompanied by a harmful link. And im sure you've seen urls created by url shorteners (ie tinyurl.com/adwtud) in which you have absolutely no idea where they will direct you to. Emails in html format might display the url address but dont be fooled. Just because it spells out the full url, it doesnt necessarily mean that you will visit that site by clicking on that link. However if you hover over the link, you will be able to see the true url address in the status bar located on the bottom left hand corner. If you dont see a status bar, make sure to enable it in the browser. Next try to examine the "true" url displayed in the status bar. Does it look fishy? Why doesnt it match the address displayed in the email? Why does it display an address that does not look familiar to me? Why does it contain a website that is familiar to me but has a bunch of unecessary characters preceding it?
4. Thou shall not open attachments.
This is probably the oldest trick in the book. If you fall for this one then shame on you. If you want to open an attachment from someone make sure that its one that you are expecting instead of receiving one out of the blue one day. In gmail, you can preview most files within the browser. So if you are not sure what the attachment is then previewing the contents would be a safe way to see whats inside. You can also use an antivirus program to scan the attachment before opening. Lastly, you should never open a file with a .exe extension. There arent too many cases whereby someone would send you a .exe file as an attachment.
5. Thou shall not commit a typo.
Be very careful as there are domain names out there dedicated to catch you. They take advantage of the most common mispellings. Most of these dummy sites take advantage of all the hits they get by putting up advertising that may be related to the correctly spelled website. For example, just imagine how many hits amazan.com (note the mispelling) gets if amazon.com get millions of hits per day. But there also can be malicious sites set up whereby you might get infected with a virus or spyware merely by visiting the site. All because you made a typo.So what can you do to prevent this? For one thing you can use open dns which filters out a large portion of bad sites from there database. Click here for more info. Another thing you can do is install a browser plugin which will help prevent you from visiting bad sites. Lastly, instead of typing the url directly, just type it into the google search engine. Google does a pretty good job of knowing which site you want to visit. And it will offer appropriate (Did you mean?) suggestions, if you happen to mispell a websites name.
6. Thou shall keep your software updated.
ie. Windows, Web browsers, Flash player, Acrobat Reader, etc. Make sure you enable the Windows automatic updates so you dont have to always remember to update Windows and Internet Explorer. Firefox auto downloads the update in the background when you are using it. You can tell because it will ask you if you want to update Firefox when you launch it. Flash player has its own standalone upgrader and should prompt you automatically when an upgrade is available. Acrobat Reader uses the general Adobe upgrader which is used for all Adobe products. No matter how annoying and obtrusive these upgraders are, just remember to let it do its thing. There is a software program that manages all software updates on your system, but I forgot what its called and never used it before.
7. Thou shall use wireless security.
Always use the highest encryption possible (ie. WPA2) in your wireless router settings along with a password Never leave your wireless network open. Leaving your wireless network unsecured is like leaving the front door of your house open. Anyone willing can easily get access to all of your files. Also, remember to change your default router password. More info
8. Thou shall not memorize passwords.
Use a password manager. Dont store your passwords in some text or Word file on your computer as anyone can easily steal them.Dont create unsecure passwords.Dont use the same password for all of your sites. More Info
9. Thou shall turn off your computer.
If your computer is off (ie. Standby, Hibernate, Shutdown), then it is essentially unplugged from the Internet. Therefore, it would be impossible to get infected or hacked. More info
10. Thou shall use a antispyware/antivirus software.
You might be wondering why I placed this commandment last. Most people use this as their first line of defense, however it should really be your last. I highly recommend Microsoft Security Essentials.
Tuesday, November 10, 2009
Microsoft Security Essentials
Microsoft Security Essentials is a free Anti-virus and Anti-Spyware/Malware software program that is surprisingly receiving great reviews. Surprising because it comes from Microsoft, but if you think about it, who knows more about viruses and spyware infections more than Microsoft itself? The program not only monitors your computer but can also perform scans to remove viruses or spyware.
I've been trying it out for the past couple of months and its been pretty quiet. What I mean is that, I dont notice it even though its always running in the background. Many other virus programs may bother you or bog down your system's performance. Sometimes, I dont even know if its even working, but I guess thats a good thing. Not to brag or anything ;), but I take so many preventive measures on my computer that I rarely ever get any viruses or spyware. So for me, a virus/spyware monitoring program is my last line of defense whereas for most people, it is the first line of defense.
I've been trying it out for the past couple of months and its been pretty quiet. What I mean is that, I dont notice it even though its always running in the background. Many other virus programs may bother you or bog down your system's performance. Sometimes, I dont even know if its even working, but I guess thats a good thing. Not to brag or anything ;), but I take so many preventive measures on my computer that I rarely ever get any viruses or spyware. So for me, a virus/spyware monitoring program is my last line of defense whereas for most people, it is the first line of defense.
Bottom Line
There are 2 things I look at in an antivirus/antispyware program. Number 1 - It doesnt bother me. Number 2 - It has to work. Microsoft Security Essentials seems to cover both quite nicely.
Monday, July 13, 2009
OpenDNS
Do you want a boost in your Internet speed? Do you want a safer way to surf the Internet? Read on...
Each ISP (ie. AT&T DSL, Comcast High Speed Internet) has its own set of DNS servers. The DNS server will contain a huge list domain names and their corresponding IP addresses. The IP address specifies the exact location of the website's server. A DNS server is like the yellow pages phone book which contains the names and addresses of local businesses. When you type in a URL (ie. google.com), that request is first handled by the DNS server. The DNS server will perform a look up for that domain name and send your browser the ip address. All of this happens in a fraction of a second.
Unfortunately, each ISP maintains their own DNS server for their users. Therefore, if it goes down or gets corrupted or is slow, the user will be directly affected. So thats where OpenDNS comes into play. OpenDNS is a central DNS server system that is reliable, fast, and safe. What exactly does that mean for the end user?
- Reliable - its highly available and more stable than the ISP DNS servers.
- Fast - You are more likely to receive a faster response from OpenDNS, therefore, you will get to the website you want to go faster.
- Safe - They have a large database of bad or malicious sites. Therefore, they will help to filter those sites in order to protect you. For example, if you accidently made a typo in the URL (ie. gooogle.com) it will catch it and warn you before allowing you to enter that website. This is a good thing as there are many bad people out there who register mispelled domain names on purpose in order to attract many visitors or potential victims by bombarding them with ads or spyware.
For those of you who are using routers, the instructions are simple. Just login to your router and look for DNS settings. Instead of "Get Automatically from ISP", specify the Primary DNS and Secondary DNS with the following IP addresses:
Primary - 208.67.222.222
Secondary - 208.67.220.220
Secondary - 208.67.220.220
That's it, you're done. I told you it was easy. For more specific instructions, visit the OpenDNS website.
Bottom Line
OpenDNS is easy to use and will make your surfing faster and safer.
Friday, March 20, 2009
Secure Password Management
So how do you manage all of your passwords? Do you write them down on a post it note? Memorize them? Store them on your computer?
Here's a better question. How secure are your passwords? Do they contain words in a dictionary? Do they contain a mixture of numbers and letters and symbols?
Im afraid to say it, but Im willing to bet that none of you securely manage your passwords. But dont fret as I will show you how. But before that, here are some password tips.
Here's a better question. How secure are your passwords? Do they contain words in a dictionary? Do they contain a mixture of numbers and letters and symbols?
Im afraid to say it, but Im willing to bet that none of you securely manage your passwords. But dont fret as I will show you how. But before that, here are some password tips.
- Passwords should not be a word in the dictionary.
- Passwords should use a random mixture of lowercase and uppercase letters plus numbers plus symbols. ie. Ws4d!y1d#
- Use a password manager to manage your passwords.
- Do not enter passwords on unsecure public computers. For example, I wouldnt dare to check my online banking balance at the library.
- Make sure your browsers are up to date with the most recent patches and updates.
- Dont use the same password across different accounts.
- Do not use browsers to store your passwords.
- Do not write down your passwords on paper.
- Do not store passwords in a Word or text file.
- If you memorized all of your passwords, then most likely they are not that secure.
Here's how I do it which was taken from this Lifehacker article using Keepass to manage my passwords and Dropbox to sync my passwords across multiple computers. Basically it goes down like this. I store all of my passwords and account info in Keepass. Keepass will not only encrypt my data, but will only open my list of passwords with a master password(in which I initially set). Therefore, I only need to memorize 1 password to unlock all of my passwords. I store my Keepass password file in a Dropbox folder. This special folder gets synced to all Dropbox folders that I install on any other computer. For example, if I add a new password to Keepass on my home computer, Dropbox will automatically detect the change and perform a sync to my other Dropbox folder on my work computer. That means not matter which computer I am currently on, I will always have my most recent passwords available to me. The only caveat is that I must have both Keepass and Dropbox installed on each computer.
The Bottom Line
You might say thats a bit troublesome and probably not worth the hassle. I agree, its a bit inconvenient. But did you know that there are bad guys out there who's full time job is to steal your information? How many of you had your identity stolen or even had credit card/banking information fall into the wrong hands?
Friday, March 9, 2007
Securing your wireless network
If you use a wireless router, I have some suggestions on keeping your network more safe and secure. It will also prevent others from "smooching" off your internet connection. A year or two ago, I went anywhere with my laptop and was able to get a wireless internet connection from a neighboring, unsecured wireless router. It was so easy, I didnt even have to configure anything since Windows XP automatically connected to the strongest signal. All I did was turn on my laptop and voila...I was online. Today, to my surprise, wireless routers are actually being locked down and secured. Is your's secured? Here are some simple tips that can be done in your router configuration.
- Change the default username/password - If someone gets on your wireless network, it would be easy for them to log into your router using the default username/password and then they can mess with your DNS settings. That would potentially give them full control over the sites you visit.
- Dont broadcast SSID - That way people cant even see your router.
- Use maximum encryption - I think the most secure now is WPA2. WEP is not that secure.
- Filter by MAC address - This takes a little more work and management, but is probably the best thing you can do to secure your network. Even if someone knows your SSID and password, they still wont be able to get in. By specifying this option, the router will only allow access to laptops that you specify. To find the MAC address on your laptop, just go into your command prompt and type in "ipconfig". Make sure you choose the MAC address of your wireless card and not your ethernet. Yes, that means everytime, you have a new laptop or your friend/family brings their laptop over, you will need to add their MAC address to the router's allowed list.
Subscribe to:
Posts (Atom)