Small Business Tech

In this business climate it is important that your employees are as productive as possible. It is also no secret that a limited number of employees might spend a lot of time surfing the web. Many businesses are not in a position to setup a web monitoring system, and most do not want to become an electronic nanny. A quick solution to view employees surfing history if they have not deleted it is to use a couple of great utilities.

These utilities come from NirSoft which offer a multitude of computer utilities in addition to these two. Any of the utilities that I have used do not need to be installed so you can run them from a network share or a USB flash drive.

The utilities for listing browsing history are IEHistoryView and MozillaHistoryView. Each are downloaded as a small ZIP file. Uncompress the folders and then take them to the machine of the employee. You will not need to install either application, and you will be able to view the browsing history even if you are not logged in as the user.

The way that you switch user views does differ for each utility. In IEHistoryView for Internet Explorer you simply click on the head icon in the upper left hand corner. You can then choose the profile of your computer user. The MozillaHistoryView for the Firefox browser is not so straightforward. You will need to drill down to the history file location. The easiest way to do this is that when you change the history file location under the File menu be sure to note the original location. Your target location is probably the same except for the different user name.

Labels: browser, Firefox, Internet Explorer, security

Microsoft has released their list of security patches for July 2009. Fortunately the list is far smaller than June's record-setting list.

Windows 2000 and Windows XP are the most affected with three critical problems. Two of those are subject to exploits that are in the wild on the Internet. These would need to be patched quickly. Windows Vista is affected by one critical update and there is an exploit in the wild for that one.

The only Office component affected this month is Publisher. The remaining patches are for Microsoft Server and Virtualization Software.

Labels: Microsoft, security

People frequently complain that their computer is slow or it is infected. Nothing is %100, but there are steps that you can take that will prevent problems for you or your computer users.

1. AntiVirus software. Whether you pay for it or download it for free, every computer and server should have antivirus software. The smaller the better. I like AVG Free (free for home users) and McAfee ASAP for multiple computer businesses. McAfee ASAP is very lightweight, centrally managed, and affordable with prices in the low $20 per year per desktop.
2. Firewall. Windows XP includes a built-in software firewall, but I do not necessarily mandate that it is used. For desktop computers with just about any router on the market connecting you to the Internet I consider it an option. Keep it on until it breaks something. Some multi-function printers and server-centric software do not play well with firewalls. If you have a notebook that travels in the wilds of coffee shops and airports, then it is a must to enable the firewall.
3. Wireless network. Be sure that you have your wireless network at least secured with WAP and a good secure passcode. If you do not then turn on the computer firewall, and avoid doing sensitive things such as banking or shopping.
4. Do not run your computer as administrator. In our travels across the Internet these days we can run into all sorts of dangers such as malware. One way to stem the problem is to ran with less than administrative rights on your computer. Create an Administrator account for installing software and applying patches. Then create limited user accounts. That includes for yourself. Only use the administrator account for installing software or updates. Never surf the web while in the administrative account.
   
5. User education. Educate users on not opening attachments unless they know the sender, and they were expecting the attachment. Also teach them about opening files provided though other means including thumb drives and DVD-ROM. Do not make them too paranoid, but let them know the real dangers.
6. Patches. At a minimum you should install Microsoft's security patches as soon as possible after their release which is typically on the second Tuesday of a month. You should try to keep other software up to date as much as possible. If nothing else the Microsoft patches are the most important.
7. Testing. It is time-consuming, but it is very valuable. You should setup a computer that is very similar to most of the computers in your organization. Try to include as much of the same software and features as most of your other computers. That includes connecting it to your network and the Internet. When you are considering adding or upgrading software try it on your test station first. It is a lot more fun to find a problem on one computer then every workstation in the building. Once you install the software run through some typical work flows of opening programs, printing, etc to check for potential conflicts. This test station can also be squeezed into emergency duty if someone's hardware fails. It is a two-for-one bonus.
8. Defrag hard drives. This simple step is not nearly noticeable as it once was, but it does help to keep the fragmentation of the data down on the hard drives.
9. Hard drive maintenance. This is going to be a plug for a product that I love - SpinRite by GRC. This program is expensive, but it is not if you consider the amount of time and effort saved. I have used it for several years, and I have not had a hard drive failure in many years. I run it every three to six months on every computer with a spinning hard drive.

The bad news is that in spite of all of these precautions you will still need to reinstall Windows occasionally. Hardware failure or just plain bad luck with a virus or malware can happen to anyone. Windows just breaks down over time, but these steps will greatly extend your time between format-installs. When you do that reinstall be sure to blow out the computer case. Dust and dirt buildup can shorten a computer's life and make it run more slowly.

Labels: Secure Computing, security, Windows

So you test and install the latest patches from Microsoft every month. You also ensure that everyone's virus protection is up-to-date and working correctly. You are protected right? Maybe not. Each of the software applications on your computer and others probably also need to be patched or updated. Everyday software makers issue security warnings about their software. Chances are that you do not have the time to keep up with all of these warnings.

Fortunately, Secunia has taken care of job for you with three different versions of vulnerability scanning.

1. Online This online tool will scan your computer in 5 to 40 seconds using a small Java application.
2. Personal Desktop This downloaded application installs on your home computer and monitors your software installations.
3. Full Infrastructure This paid version scans your entire network of computers looking for vulnerabilities.

The first two options are free. The third is geared towards business networks and runs on your server.

Once the scanner has scanned your computer it then not only lists unsecured applications, but it also lets you know which version you should install to protect yourself. Secunia does not cover every application in existence, but they do handle the most common computer applications.

Labels: Patches, Secure Computing, security

McAfee and Secure Computing has reached an agreement to merge. I follow McAfee because I strongly recommend their hosted security package, Total Protection Service. I and McAfee believe that this acquisition will enhance their product offerings and base. Secure Computing has developed appliances and hosted services for filtering email and limiting Internet access.

A controversial portion of the company's business is providing software to the countries of Iran and Saudi Arabia. They use the software to block Internet access to pornography, political dissent, and religious dissent. The Dallas Morning News has a great story about the struggle between censoring Internet access and circumventing those roadblocks in tyrannical regimes.

Limiting Internet access has become paramount for nearly every business large or small. With the amount of entertainment and distractions available on the Internet it is a valid concern. A couple of years ago it was concerns about pornography and shopping. Today with the quick adoption of online applications the distractions could range from banking to paying bills to catching up on TV shows.

Labels: mcafee, Secure Computing, security

That's right. I wrote 10,000 laptops every week. Engadget has a story about the recent study. That is a lot of data. All I can see is really strong passwords and whole disk encryption.

Labels: laptop, passwords, portable, security

There is very little reason to pay for virus protection for your home computer. Some of the options include AVG Free and Blink and possibly a free suite from your Internet Service Provider.

My ISP, RoadRunner, is now offering a free Internet security suite from Computer Associates. I do not have personal experience with CA security software, but they do make good backup solutions that I have used extensively.

There you go. You have no excuse for not installing a good anti-virus protection if you are using a Windows computer. If you do not have RoadRunner check with your ISP to see if they do offer a free package.

Why would an ISP do this? Two reasons. The first is a little more to talk about in the marketing message. The second and most important reason is that Internet Service Providers have a financial interest in keeping your computer clear of malware and trojan horses. If any computer on the network that is pushing out SPAM or other unwanted traffic, they are footing the bill for the bandwidth. It is low-cost insurance to protect customers than it is to purchase more bandwidth and to increase their network capacity.

Labels: AVG Free, Blink, ISP, security, virus, Windows

Web site password management is more critical than ever. We are storing and accessing more of our information online and theives are getting evermore creative in how to steal that information. It is critical to have a good password management system for all of your financial-related web sites.

First it is very important to one a unique password for each web site that you use. Though not optimal it is probably all right to use a shared password for your myspace and NY Times web site access. Passwords for your bank, bill payment service, credit cards, and other financial sites should be unique to each site. Be sure to create a password that does not contain any personal information such as your birthday, age, address, social security number, or a dictionary word. A good password should be a random string of characters that meet the following criteria.

• Be sure that a word is not spelled in the password. i.e. rutabaga25
• Include at least two numbers
• Capitalize at least one letter

The problem is that with so many unique passwords it is impossible to remember them all, but various forms of recording them can be dangerous. Web browsers such as Internet Explorer and Firefox will offer to store your passwords, but this is not a good practice. You can fall prey to a trojan horse program on your computer that can read these passwords or someone could simply steal your computer. It is also not portable which is important today. The option of keeping them written on paper also has its obvious drawbacks.

I have discovered a program that I have used since version 0.5 that has served all of these criteria very well. The best features of the software are that it is free, portable, and very secure.

The program is the open-source Password Safe which is available at http://passwordsafe.sourceforge.net. Bruce Schneier originally developed the program and then turned the code open source which allowed to develop the software. They have versions for JAVA, Windows, Mac OS, Linux, and even Pocket PC. The most developed version is for Windows.

When you run the installation program it will ask if you want to install it to your computer or to an external disk drive. This is where portability is available. I have run all versions of Password Safe from an inexpensive USB flash drive that I almost always wear. You could enhance security if you stored the program and database on a secure, encrypted USB flash drive. The price of these is coming down significantly as more enter the market. Just choose the disk drive that is your USB flash drive and it will install there.

Once you have installed the software, go to your USB flash drive and start the program. It will walk you through creating a password database. You can have more than one password database in case you wanted a work-related database that you could share with coworkers. Yes, the password database has a password referred to as a safe combination. Be sure to create a good password for your database. The software will even prompt you if you create a password that is not sufficiently secure.

Once all of your usernames and passwords are entered, you simply need to click the proper database entry and then choose to copy the user name or password into your computer's clipboard. You can then paste it into a web site or other password-protected software.

You now have a portable and safe password solution. The software can moved from one computer to another and it does not leave any evidence of its usage on your friend's or work computer. The original version of the software did leave a small text file on the host computer, but their was no revealing information left behind. The newest version has eliminated that problem. The software even goes so far as to clear the computer clipboard when you close it in case you have copied a password or username there.

Labels: passwords, productivity, security, software

I consider myself to be a careful computer user. I have do not remember ever catching a trojan or virus in at least the last seven years. I carefully surf the web on any of my production computers. Well, I got caught in a simple and easily-contrived phishing scam recently.

An email arrived indicating that the credit card used in my Yahoo pay-per-click advertising account was about to expire. I knew this event was going to happen soon, so I clicked the link and entered my user name and password in the very official Yahoo Marketing login page. The remainder of the process was odd, though. I was not taken to a page with my credit or account information. I chalked it up to a web oddity and made a note to check it out later.

Well later did not come soon enough. When I went back to log into Yahoo I was unable to do so. It all came together in my head - I had been scammed. A call to customer support at Yahoo quickly resolved the issue. The culprit had charged $500 to my credit card and proceeded to setup his keywords and such. Yahoo refunded the $500 and restored my account in just a couple of hours.

How to you prevent this. I now have a habit of not opening any notice directly from an email. I will open a link if a friend sends me a Youtube video or such, but I do not click on a link if it involves my bank, credit card, or any account with monetary value. If any link leads to a login page or any form that asks a personal question then I just close the browser.

Obviously we need to follow up on certain notices, though. The best method is to open a browser and enter the usual address that we use to access the service. Then look in the area of interest pointed out in the email.

This brings up a another valuable point. DO NOT use the same password for every web site. Using a unique password for each web site will minimize your exposure if you do get caught in a phishing scam. I do use the same password for non consequential web sites, but I use a different password for each and every financially related web site. I will follow up with more information about how to manage passwords easily and safely.

Labels: email, passwords, phishing, security

Blink by eEye Security

Blink is a complete computer security product by eEye Security. eEye Security is a corporate security company that is well-known for researching and reporting vulnerabilities in Microsoft products. For some time they have build security appliances and software geared towards corporate customers. They are now pursuing the small business and home user market with their Blink product. I initially heard about the product on Leo Laporte and Steve Gibson's Security Now podcast interview with Marc Maiffret.

I signed up for the free version that is available for personal use. I installed it on a Windows XP Service Pack 2 computer and registered the product as required. This program follows the convention of other home use security products from McAfee and Norton. This is a not a good thing. Once the program is installed it immediately locks down any access into and out of the computer. It then asks what should have access. It then continues to ask and ask again. This behavior is frustrating and I think counter-productive. Most people get concerned or frustrated and begin to just begin clicking yes or no repeatedly. That does not enhance security and ultimately leaves the computer broken in the eyes of the user.

I could recommend this software for some computer users. Most namely those that do "typical" things with their computer such as kids or casual home users. This software is not intended and should not be used on business computers. Business and power users are going to quickly become frustrated with the many broken abilities when this software locks down the firewall and shared access. I should note that this software is intended by eEye for home users.

The software did uninstall without any caveats. That is more than what can be said for other competing products.

My initial reason for being interested in this software is the way that it uniquely observes behavior of software on your computer. Instead of just having a list of known viruses and spyware, Blink also looks for offending behavior that would not be performed by normal software. I was unable to keep the software long enough to find out how well this worked, because I became frustrated too quickly in trying to use it.

My recommendations for malware and virus protection software remain the same. For home users I recommend AVG anti-virus which is available for free. For protection again malware such as spyware I recommend the free Microsoft Defender. For business users I recommend the McAfee Managed Total Protection.

Labels: eEye, mcafee, norton, security, spyware, virus