Sunday, April 13, 2014

Heartbleed Explanation and Advice

Yes.  Heartbleed is a complicated situation.  Basically, there is nothing you can do about it, as the exploit is on the website -- not your computer.  The exploit is that in many situations, if it is present, heartbleed can steal the password to the website you are logging in to.  Here's what you need to know to make decisions about what you should do.
1.)  Most Internet security applications cuurently will NOT detect heartbleed, because it does not reside on your computer. This may change -- but heartbleed is a "passive" exploit, and therefore difficult for your security app to detect.
2.) If you do not do any financial transactions over the Internet, and/or have no memberships with significant amounts of personal information about you on them, you really don't have much to worry about.
2.)  If heartbleed DOES give you a reason for concern -- you first need to find out if the website that concerns you is vulnerable to the exploit.  Here are two websites that claim to be able to check other websites to see if they are vulnerable to heartbleed...
If the website is vulnerable, that does NOT mean that they are infected with heartbleed -- only that they CAN be infected with it.  They will probably have instructions on what they prefer for you to do.  Most vulnerable sites are recommending that you NOT change your password until they have patched the vulnerability.
3.)  Because this vulnerability has existed for a while, the general advice on the Internet (and I strongly agree with it) is:
      a.) Change all of your passwords for all sites .
      b.) DO NOT use the same password twice.
Yes, this will be a major aggravation, but IMO, it is necessary for everyone for now and into the future.  This is not just because of the heartbleed virus, but because of major exploits that techies like me are seeing "coming down the road".  I am now working on a broad-range "Security Makeover" plan to offer my customers that will include how to manage multiple, non-duplicating passwords easily and safely.  I hope to be emailing you with details by mid-May.
Hopefully this will answer your most of your questions.  If not, just let me know...

Monday, April 7, 2014

XPocalypse! What Should You Do!?

Tomorrow, Microsoft will end security updates for the venerable Windows XP.   Here is what Your PC Tech has to say about it...

1.)    The “demise” is not going to be a “sudden death” for Windows XP.  It is only the end of security updates.  It will continue to function as normal.

2.)    “The Media” and Microsoft are making it sound like once the security updates end, your PC will be flooded with infections.  This will not happen.  XP will be more vulnerable to infections as time goes on, but it will probably be a gradual increase – not a sudden onslaught.

3.)    If you can afford a new PC – now is the time to get one.  That is the safest thing to do.  You can still get systems with Windows 7 installed, which is very much preferred over the new Windows 8.  While Windows 8 is not generally liked, Microsoft has finally “got it” and is making a number of improvements to make it more friendly.  So if you can only afford to buy a Windows 8 computer, it won’t be as bad as the early ones that you may have heard so many bad things about.

4.)    Upgrading your old XP system to a Windows 7 system *might* be an economical alternative.  It will depend on the components in it.  This will have to be checked by me, (or some other technician).  If your system happens to have a little