Stop Using Internet Explorer, Feds Say

The latest security alert is an official warning from the Feds!  There’s a flaw in Microsoft’s Internet Explorer that bad guys can use to get into your computer and have their way with it.

The technobabble US government warning is Brithish-like in its drollness.

US-CERT [United States Computer Emergency Readiness Team, Department of Homeland Security] recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.

If you click through to Microsoft’s site in the link, you’ll see there is a whole list of rather difficult technical work-arounds that will, at best, “mitagate” the potential problem. For example, Microsoft’s first of six suggested work-arounds is to “Deploy the Enhanced Mitigation Experience Toolkit 4.1″.  Others are equally daunting.

Remember, after you’ve done everything Microsoft says, you’ve simply lessened the possibility that the bad guys will get through.  The vulunerability is still in the Internet Explorer program. Plus, once you’ve implemented the work-arounds, you may discover that you can no longer do some things that you expect to.  Why did IE originally have the settings and permissions Microsoft is now saying to change? I am guessing that IE probably needs them for some functionality you expect in a browser.

Anyway, there is a much simplier way to avoid the problems in Internet Explorer.  Even the government suggests it: use a different web browser.

The two browsers I regularly use are:

Both are free and fast.  Just click on one of the links above, download and install the browser, and start it up.  Make sure that you make the new program your default Internet browser so that Internet Explorer doesn’t run when you click on a link.

Yes, if you switch away from Internet Explorer there will be some adjustment to a different look and feel. But, both Firefox and Chrome have a lot of free add-ons that make web surfing better.  My favorites are add-ons that block ads and the annoying Flash ads.

But, really, you have to switch for your own security.  Even the government thinks you should “consider” switching!

Posted in Browsers | Tagged , , , , | Leave a comment

What’s Heartbleed and Why Do You Care?

Heartbleed LogoYou know how you’re told to put your private social security number or credit card information only into sites that are secure?  Their site address is https:// instead of just http:// .   Your browser will display a lock icon, turn something green, or give you another indication that what you send in cannot be stolen by third parties?

Well, it turns out these https:// sites are not secure at all.

Monday one of the biggest suppliers of encryption code said that their widely used library has a flaw in it which allows anyone to look at 64,000 characters that is in the host server’s memory. Your retirement account username and password and social security number might be part of the 64kB of information a passing bad guy looked at. Or, the username and password to Gmail account could have been scraped and sent to Bad Guy Central.

And, the theft of your information would leave no trace on the victimized computer server at Wells Fargo, Bank of America, Chase, or wherever.

The Ugly

This bug has been named “Heartbleed” in a nerdy reference to the communications heartbeat code that it lives in.  Cute name, but I’ve seen statements that the seriousness of Heartbleed on a scale of 1 to 10 is 11.

The geek world is uniformly saying that this problem is very awful.

On the Other Hand

I cannot find a report from anyone anywhere that says this bug is the apparent source of any loss of data, money, or privacy.  The bug was discovered by honest programmers who notified the people responsible for the faulty code. A patch was immediately released, and most larger sites have already updated their servers.

2 Actions You Must Take!

Still, the Heartbleed problem is real, and there is a potential that some bad guys have broken into systems and have used, or have stored for future use, the information they stole. They could have broken into your bank just as you logged on, which would give them your username and password.  They could have done the same with your investment firm, credit card company, or many other places you enter data you want to keep private and secure.

So, you need to change your passwords for every secure site. Today.

I suggest using LastPass for creating strong new passwords and tracking them. (See this post for more information on why.)  But, whether your use LastPass or manage your passwords manually, at the very least add or change one character for all of your current passwords.

But, first, make sure that your secure service has patched its software. If not, change the password now, do not use the site for secure transactions, and check again tomorrow. Now that the bug is well known and easy to exploit, your chances of having your data stolen on an unpatched server is much, much greater than it was last week.

C/net recommends http://filippo.io/Heartbleed as a place to test whether the Heartbleed patch has been installed.   Use it!

Heartbleed patch test screenshot

References To Read

Here are sites I used for this post.  Check them out for more information.

Posted in Tips and Resources | Tagged , , | Leave a comment

Amazon Joins (Suddenly Leads?) the Streaming Video Race

This afternoon I went to Amazon to buy dog dental treats (why else??) and was greeted with the slash page announcement that Amazon now has its TV-connecting box for streaming NetFlix, Amazon, Huluplus, etc., etc.
Announcement for Amazon fire TV
Amazon fire TV takes voice commands, which might be fun, if it works, and I’m intrigued by its claim to buffer programs it thinks you’ll want before you hit play.

We love our old Roku, but if you haven’t taken the plunge to streaming video this looks pretty good.  Check out more info at Amazon.

Posted in Computers and Hardware, Tips and Resources | Tagged , , , | Leave a comment

Why Upgrading a PC to Windows 8 is Not an Option

I saw your notice about Windows XP, both my laptop and my roommate’s desktop are running XP.  Can I buy one operating system with two licenses? Do you know if I can and where AND what will help me decide for Professional or Home Premium?

I wish I could give this client a simple, “Click Here to Buy new Windows” link.

The initial, huge problem is that Microsoft itself writes that, “Very few older computers will be able to run Windows 8.1, which is the latest version of Windows.” (see Microsoft’s page on upgrading from XP).

That Microsoft page gives lots of details and things to check.  One program will test your computers to see if they are beefy enough to run the new operating system.  (Download “Windows Upgrade Assistant” to see if your computer is physically able to be upgraded.)

Slaving over a computer upgradeMaking the upgrade of an existing machine more daunting, Microsoft’s upgrade instructions include buying an external hard drive and backing-up all of your files.  Your installation of the new operating system will be a “clean” one, meaning your current system drive will be wiped out and everything that’s there will be gone.

To upgrade your existing machine, you will have to save your data files to a removable drive, install the new operating system, restore your saved files, and reinstall all the programs you currently have installed on your PC.

But wait!  It gets worse!  Devices and programs you use now may not work under Windows 8.  You can check what Microsoft thinks will, and will not, work under Windows 8.1 by running a compatibility checker.

And, worser! You’ll have to pay a lot to upgrade.  Microsoft is charging $119 per machine to upgrade to Windows 8.1.  It’s $199 if you want Windows 8.1 Professional.  I think most people will need only the base version, but you can decide yourself by checking  this feature comparison chart.

So, to make an older computer safe to use on the Internet after April 8, you will spend money for an external hard drive (maybe $75?) and give Microsoft at least $119 for their latest software.  Your old computer will still be old and probably even slower than it is with XP.  You will also have to spend a lot of time backing up, installing, updating, restoring, and re-installing software.

Family unwrapping a new computerMost people will be better off buying a new computer.  You can find a low-end modern computer that probably will be faster than your old computer for not too much more than the cost of upgrading your old machine. When you start your new computer you can run an included program that will transfer all of your data to the new machine.

I admit there are potential extra costs for going to a new computer. Your existing word processing program, spreadsheet, email, and other productivity programs may not install on your new machine.  You’re especially likely have to buy new software if the old modules were bundled with your XP machine.

OpenOffice LogoBut, you can mitigate the cost of new software by changing to OpenOffice for word processing, spreadsheets, and presentations.  OpenOffice is free and its word processing program reads and writes documents that are compatible with Microsoft’s Word.

Of course, you can choose to continue to use Microsoft’s Office products (Word, Excel, etc.). If you stick with Microsoft  you can now subscribe to the Office suite for $9.99/month.  A subscription will entitle you to use all the office suite modules.  Or, you can buy  — the one-time payment, traditional method of getting software — the office product you want.  See the purchasing options for Office.

The Bad Bottom Line

The situation Microsoft has created by discontinuing XP support is unlike any other in the scope of people affected and poor alternatives available.  I wish the solution was easier — or cheaper — than buying a new PC.  But, I truly see no better alternatives.

I understand you don’t want to be pushed, forced, or bullied into buying a replacement for your older, Man holding gun on a messengerperfectly functional computer.

But, you have to stop using XP machines online once Microsoft pulls its support.  The upgrade path for your existing hardware is uncertain, expensive, and not cost-effective.

Sorry.  Really.  And, please don’t shoot this messenger!

Posted in Windows | Tagged , , , | Leave a comment

More on the Death of XP

My opinion posted yesterday that people running Windows XP should either upgrade or unplug from the Internet has resulted in some excellent challenges.  I’ve been told that there is a reputable article published here or there that says that if you take some precautions you can keep running XP.

Windows XP SP3

The most common rebuttal has been that the writer is running an antivirus program and they say that will protect them.  And, the idea that an anti-virus program should keep you safe is very reasonable.

There are steps you can take that a consensus of experts say will give you good protection. However, I have not run across any expert that says simply using an anti-virus program is sufficient. I don’t understand the technical details, but apparently some holes in the operating system allow evil access in places/times  that anti-virus programs cannot guard.

Unfortunately, I think that most people are not tech savvy enough to follow the recommended safety steps.  Therefore, I believe the only solutions for most people are to upgrade or unplug.

The Tech Guy

Leo Laporte, the Tech Guy

If you’re feeling stampeded into upgrading and do not want to, here is a clear description of what you should do to protect your computer from The Tech Guy, Leo Laporte .

I don’t think the recommendations are easy enough for most non-IT folk to follow. I see people having problems running their computer without Administrator privileges which is Laporte’s top safety tip. You need to follow the recommendations to operate without Admin privileges so that any evil program you stumble into does not have the authority to actually plant itself in your PC.  Of course, when YOU want to install a new program or get an update for a program, you will need to re-logon your computer using a privileged account.  While this is not a difficult procedure, I think most non-nerds will find these procedures difficult to comply with.

Many non-geeks also use Internet Explorer (IE) as their browser.  IE is reknown for security problems, and older versions of IE — like those that came with Windows XP — are the worst of the worst. Changing to the more secure Chrome or Firefox can be done by downloading the browser (click on the link in this sentence to get the browser you want), installing it, starting it up, and making it your machine’s default browser (the browsers will ask if you want them to be the default).

I think people can switch browsers, but I worry that some won’t follow all the steps and Internet Explorer will still be used on the Internet some times. And, yes most people I know will run up-to-date antivirus programs.  They also know better than to open attachments in emails or to click on links in those emails.  But, almost everyone, me included, sometimes slips up and lets antivirus subscriptons expire and clicks when they shouldn’t.

You’re going to have to be perfect when you surf with XP after April 8th.  That’s an awful lot to ask!

Even the people who say it’s safe to keep using XP with protection don’t impress me with their confidence. USA Today’s reassurance that XP can be safe starts off in an unsettling way, … their first step in assuring safe operations is to make sure you have a complete backup of all your files.  That tells me that the author is not hugely confident that the recommended steps will actually protect you!

So, as disruptive and costly as it is, my best recommendation for non-techy folks with XP systems remains for them to upgrade or unplug come April 8th.

Posted in Tips and Resources, Windows | Tagged , , , , , , | Leave a comment