Why new PCs? These are good enough!

The people that work in the IT field know about upgrading and updating computer equipment. The SMB owners.. not so much.

I’ve had a couple interesting experiences recently with clients. I was busy trying to tell them that Windows XP was no longer going to be supported and that they should get new PCs. One client wanted pricing also for upgrading their current Core2 Duo PCs. We got them quotes for both, showing a difference of $800 total between upgrading multiple PCs and just getting new ones. Now we wait to see if they make the right choice.

The other client flat out told me that his server and PCs should last them 10-15 years. Nothing I said changed that idea in his mind. I fear for this client as they already have been hacked (see my previous post about that), and of course are setting themselves up for more pain like that.

I let my clients know that every 3-5 years they should be getting new computer equipment. Not only will they get faster machines with newer OSes that should be more secure, but their efficiency will be as good if not better, and they will have machines that are back under warranty. Now I understand that in a world where big ticket purchase do tend to last a long time (Cars, TVs, Appliances, etc…), they feel that should be the same way with computers. Add on that leasing the equipment doesn’t make a lot of sense financially either. So what is one to do, outside of explain to them the reality of the situation.

First off, set a hard date for when you will stop supporting the older OSes, and let your clients know that date. This not only gives them a solid time frame for which to make the changes, but puts the pressure on them.

Second, explain how going to newer equipment makes sense. Touch on speed of the new machines, security, warranties, and that the competition won’t wait for them to catch up.

Finally, let them know that the cost to upkeep the old equipment is not worth it. In the long run they save more by staying current with their equipment, especially as parts become rare.

There is no way to force a company to purchase newer equipment. The bottom line on all of this is to get the higher ups to understand that old equipment hurts the company in the long run. Hopefully, they are willing to listen to you, after all they have brought you on as the expert.

Deck the Halls with Security advice

It is that time of year. Holiday shopping, Black Friday, Cyber Monday (that still sounds like a XXX movie), and the like. Special offers abound, and the bad guys are ready to get you. Some simple steps to stay safer during the holidays.

This is the time of year that the criminal digital underground loves. People rushing to get the best deals they can, be it online or offline. The odds of someone clicking on a malicious link, increases with desperation, and of course making the deals looks good. Nothing will 100% guarantee that your going to be free of malware, or that your identity will not be swiped, but there are some simple things to remember to keep the risks at more of a minimum.

1) If it looks to be too good of a deal, it probably is, especially online. Deals are the easiest thing to snag someone online with. Pair that with fake URLs that look legit, and you have a recipe for disaster. The trick here is to find out what the real URL is. In Outlook and most browsers out can hover over links to see what they are sending you to. Doing a right click and copy hyperlink then pasting into notepad is a good way to see the full link itself for a quick check. If it shows something that bothers you, don’t go to it, don’t click on it.

2) Keep up to date with your purchases. This is easy enough to do with online banking. Check at minimum once a week online with your bank and credit card companies. Look for anything out of the ordinary. the faster you see something that looks fraudulent the faster things can be taken care of, and the less hassle there is overall.

3) Single Click on the web! I see this all too often. We as a society have gotten so use to double clicking to open programs that we forget it is a single click on a link. This is important because that second click could hit a hijacked ad on the site you were going to and at that point it is game over. You are pwnd and let the malware flood gates open.

4) Backup Backup Backup. Get an external drive that you only connect to backup your files, Use Mozy or Carbonite, do something to backup your files. Especially with Cryptolocker out there, the clean backup is important so you don’t have to pay to recover your files and take the risk that the bad guys are not going to keep their end of the bargain.

5) If you do not have to enter your pin on a pad, DON’T! Most bank cards can be used as “Credit Cards” (They have the Mastercard or Visa logo on them) meaning you do not have to punch in your security pin. Who knows if that pin pad is secure. Yes it only stops the pin from being gotten but that can be enough to stop someone from emptying your account.

Yes, these are basics, and yes milli0ns of people each year tend to not think about them. They are simple and pretty effective, but remember not perfect. If someone hacks the store or bank, you have no control over that. If the credit card or ATM machine has been tampered with, you don’t have control over that. Just do what you can to keep a little safer, and have a great holiday season!

 

-Shecky

 

Can the DMCA Kill the Cloud?

The DMCA (Digital Millennium Copyright Act) is a powerful tool for copyright holders. Take down notices get served to many websites daily to remove infringing items, yet many are false positives. Will the DMCA harm cloud computing? I think its a good possibility.

I recently read an interesting article on SC Magazine about a security researcher who had her MediaFire account suspended for 36 hours because of a DCMA notification. The infringing files she had on the account for years, and were malware files that had been or were being researched by her and others. There is also the case of speeches from the recent political conventions been taken down off You Tube because of automated filters to prevent DMCA take down notices. The amount of false positives reported to the news outlets it a small portion of what actually is out there, but they tend to make big news.

So what does this all have to do with killing the cloud? The answer is quite a lot. If the filters and DMCA searches are conducted in a way that can breed a lot of false positives, such as just going by file names and sizes, then what is to prevent a DMCA notice and fight over a companies private files that have the same name as some other companies files? Better yet, what if something is named too similar to something from the entertainment industry? a presentation that uses music, hey there can be a DMCA takedown notice right there if a file scanner digs into it, or if you leave the name of the song in the filename.

The idea being that all these notices can help make people gun shy about moving or even using the cloud. Copyright is needed, yet has been blown way out of proportion in its longevity. Life of the artist plus 75 years is way to long, considering that copyrights were meant to foster innovation, not to allow someone to sit back on their laurels. Now we see that it can affect researchers which are reaching to the cloud to help analyze items in a file. This can affect not only the infosec area but other areas such as medicinal or other science research. All this because one is guilty until proven innocent. This can and will affect the future in more ways than we can see at this time.