What’s Heartbleed and Why Do You Care?

Heartbleed LogoYou know how you’re told to put your private social security number or credit card information only into sites that are secure?  Their site address is https:// instead of just http:// .   Your browser will display a lock icon, turn something green, or give you another indication that what you send in cannot be stolen by third parties?

Well, it turns out these https:// sites are not secure at all.

Monday one of the biggest suppliers of encryption code said that their widely used library has a flaw in it which allows anyone to look at 64,000 characters that is in the host server’s memory. Your retirement account username and password and social security number might be part of the 64kB of information a passing bad guy looked at. Or, the username and password to Gmail account could have been scraped and sent to Bad Guy Central.

And, the theft of your information would leave no trace on the victimized computer server at Wells Fargo, Bank of America, Chase, or wherever.

The Ugly

This bug has been named “Heartbleed” in a nerdy reference to the communications heartbeat code that it lives in.  Cute name, but I’ve seen statements that the seriousness of Heartbleed on a scale of 1 to 10 is 11.

The geek world is uniformly saying that this problem is very awful.

On the Other Hand

I cannot find a report from anyone anywhere that says this bug is the apparent source of any loss of data, money, or privacy.  The bug was discovered by honest programmers who notified the people responsible for the faulty code. A patch was immediately released, and most larger sites have already updated their servers.

2 Actions You Must Take!

Still, the Heartbleed problem is real, and there is a potential that some bad guys have broken into systems and have used, or have stored for future use, the information they stole. They could have broken into your bank just as you logged on, which would give them your username and password.  They could have done the same with your investment firm, credit card company, or many other places you enter data you want to keep private and secure.

So, you need to change your passwords for every secure site. Today.

I suggest using LastPass for creating strong new passwords and tracking them. (See this post for more information on why.)  But, whether your use LastPass or manage your passwords manually, at the very least add or change one character for all of your current passwords.

But, first, make sure that your secure service has patched its software. If not, change the password now, do not use the site for secure transactions, and check again tomorrow. Now that the bug is well known and easy to exploit, your chances of having your data stolen on an unpatched server is much, much greater than it was last week.

C/net recommends http://filippo.io/Heartbleed as a place to test whether the Heartbleed patch has been installed.   Use it!

Heartbleed patch test screenshot

References To Read

Here are sites I used for this post.  Check them out for more information.

Posted in Tips and Resources | Tagged , , | Leave a comment

Amazon Joins (Suddenly Leads?) the Streaming Video Race

This afternoon I went to Amazon to buy dog dental treats (why else??) and was greeted with the slash page announcement that Amazon now has its TV-connecting box for streaming NetFlix, Amazon, Huluplus, etc., etc.
Announcement for Amazon fire TV
Amazon fire TV takes voice commands, which might be fun, if it works, and I’m intrigued by its claim to buffer programs it thinks you’ll want before you hit play.

We love our old Roku, but if you haven’t taken the plunge to streaming video this looks pretty good.  Check out more info at Amazon.

Posted in Computers and Hardware, Tips and Resources | Tagged , , , | Leave a comment

Why Upgrading a PC to Windows 8 is Not an Option

I saw your notice about Windows XP, both my laptop and my roommate’s desktop are running XP.  Can I buy one operating system with two licenses? Do you know if I can and where AND what will help me decide for Professional or Home Premium?

I wish I could give this client a simple, “Click Here to Buy new Windows” link.

The initial, huge problem is that Microsoft itself writes that, “Very few older computers will be able to run Windows 8.1, which is the latest version of Windows.” (see Microsoft’s page on upgrading from XP).

That Microsoft page gives lots of details and things to check.  One program will test your computers to see if they are beefy enough to run the new operating system.  (Download “Windows Upgrade Assistant” to see if your computer is physically able to be upgraded.)

Slaving over a computer upgradeMaking the upgrade of an existing machine more daunting, Microsoft’s upgrade instructions include buying an external hard drive and backing-up all of your files.  Your installation of the new operating system will be a “clean” one, meaning your current system drive will be wiped out and everything that’s there will be gone.

To upgrade your existing machine, you will have to save your data files to a removable drive, install the new operating system, restore your saved files, and reinstall all the programs you currently have installed on your PC.

But wait!  It gets worse!  Devices and programs you use now may not work under Windows 8.  You can check what Microsoft thinks will, and will not, work under Windows 8.1 by running a compatibility checker.

And, worser! You’ll have to pay a lot to upgrade.  Microsoft is charging $119 per machine to upgrade to Windows 8.1.  It’s $199 if you want Windows 8.1 Professional.  I think most people will need only the base version, but you can decide yourself by checking  this feature comparison chart.

So, to make an older computer safe to use on the Internet after April 8, you will spend money for an external hard drive (maybe $75?) and give Microsoft at least $119 for their latest software.  Your old computer will still be old and probably even slower than it is with XP.  You will also have to spend a lot of time backing up, installing, updating, restoring, and re-installing software.

Family unwrapping a new computerMost people will be better off buying a new computer.  You can find a low-end modern computer that probably will be faster than your old computer for not too much more than the cost of upgrading your old machine. When you start your new computer you can run an included program that will transfer all of your data to the new machine.

I admit there are potential extra costs for going to a new computer. Your existing word processing program, spreadsheet, email, and other productivity programs may not install on your new machine.  You’re especially likely have to buy new software if the old modules were bundled with your XP machine.

OpenOffice LogoBut, you can mitigate the cost of new software by changing to OpenOffice for word processing, spreadsheets, and presentations.  OpenOffice is free and its word processing program reads and writes documents that are compatible with Microsoft’s Word.

Of course, you can choose to continue to use Microsoft’s Office products (Word, Excel, etc.). If you stick with Microsoft  you can now subscribe to the Office suite for $9.99/month.  A subscription will entitle you to use all the office suite modules.  Or, you can buy  – the one-time payment, traditional method of getting software — the office product you want.  See the purchasing options for Office.

The Bad Bottom Line

The situation Microsoft has created by discontinuing XP support is unlike any other in the scope of people affected and poor alternatives available.  I wish the solution was easier — or cheaper — than buying a new PC.  But, I truly see no better alternatives.

I understand you don’t want to be pushed, forced, or bullied into buying a replacement for your older, Man holding gun on a messengerperfectly functional computer.

But, you have to stop using XP machines online once Microsoft pulls its support.  The upgrade path for your existing hardware is uncertain, expensive, and not cost-effective.

Sorry.  Really.  And, please don’t shoot this messenger!

Posted in Windows | Tagged , , , | Leave a comment

More on the Death of XP

My opinion posted yesterday that people running Windows XP should either upgrade or unplug from the Internet has resulted in some excellent challenges.  I’ve been told that there is a reputable article published here or there that says that if you take some precautions you can keep running XP.

Windows XP SP3

The most common rebuttal has been that the writer is running an antivirus program and they say that will protect them.  And, the idea that an anti-virus program should keep you safe is very reasonable.

There are steps you can take that a consensus of experts say will give you good protection. However, I have not run across any expert that says simply using an anti-virus program is sufficient. I don’t understand the technical details, but apparently some holes in the operating system allow evil access in places/times  that anti-virus programs cannot guard.

Unfortunately, I think that most people are not tech savvy enough to follow the recommended safety steps.  Therefore, I believe the only solutions for most people are to upgrade or unplug.

The Tech Guy

Leo Laporte, the Tech Guy

If you’re feeling stampeded into upgrading and do not want to, here is a clear description of what you should do to protect your computer from The Tech Guy, Leo Laporte .

I don’t think the recommendations are easy enough for most non-IT folk to follow. I see people having problems running their computer without Administrator privileges which is Laporte’s top safety tip. You need to follow the recommendations to operate without Admin privileges so that any evil program you stumble into does not have the authority to actually plant itself in your PC.  Of course, when YOU want to install a new program or get an update for a program, you will need to re-logon your computer using a privileged account.  While this is not a difficult procedure, I think most non-nerds will find these procedures difficult to comply with.

Many non-geeks also use Internet Explorer (IE) as their browser.  IE is reknown for security problems, and older versions of IE — like those that came with Windows XP — are the worst of the worst. Changing to the more secure Chrome or Firefox can be done by downloading the browser (click on the link in this sentence to get the browser you want), installing it, starting it up, and making it your machine’s default browser (the browsers will ask if you want them to be the default).

I think people can switch browsers, but I worry that some won’t follow all the steps and Internet Explorer will still be used on the Internet some times. And, yes most people I know will run up-to-date antivirus programs.  They also know better than to open attachments in emails or to click on links in those emails.  But, almost everyone, me included, sometimes slips up and lets antivirus subscriptons expire and clicks when they shouldn’t.

You’re going to have to be perfect when you surf with XP after April 8th.  That’s an awful lot to ask!

Even the people who say it’s safe to keep using XP with protection don’t impress me with their confidence. USA Today’s reassurance that XP can be safe starts off in an unsettling way, … their first step in assuring safe operations is to make sure you have a complete backup of all your files.  That tells me that the author is not hugely confident that the recommended steps will actually protect you!

So, as disruptive and costly as it is, my best recommendation for non-techy folks with XP systems remains for them to upgrade or unplug come April 8th.

Posted in Tips and Resources, Windows | Tagged , , , , , , | Leave a comment

You Have Two Weeks to Replace Your Windows XP PC

Windows XP LogoIf you are running Windows XP on your computer you absolutely must upgrade it by April 8th or stay completely off the Internet.

If you use a Mac or have a PC running Windows 7 or Windows 8, you can click back to Facebook or Google yak breeding in New Zealand. This post doesn’t concern you.

For Windows XP users: This is not a drill!

Here’s why.

Microsoft has announced that it is discontinuing support for the Windows XP operating system on April 8th.  Computers with XP will continue to run, but Microsoft won’t write any more code or offer any more fixes for that operating system.

That doesn’t sound very alarming.  Your old computer will still work.  The operating system has been around for a long time, it’s stable, and it’s unlikely that suddenly some function will break.

The problem is that the bad guys of the world are waiting for Microsoft to stop updating XP so they can unleash code on websites and in emails that will exploit security holes in the XP operating system.

Every week since XP came out in October, 2001, Microsoft has responded to discovered security problems by issuing patches through Windows Update.  Bad guys kept finding new obscure security holes to attack your system, and Microsoft has kept filling the holes.

On April 8th, those weekly security patches will stop.  But, the bad guys won’t quit searching for new flaws. And, they will find them.  In fact, most IT gurus suspect that hackers are not acting on the flaws they have discovered recently;  they are waiting until after April 8th to unleash them on the Internet where they will flourish unchallenged.

Worse, many flaws deep in the Windows code are in routines written originally for Windows XP which also have been used by the newer Windows 7 and 8.  Windows 7 and 8 will continue to be updated, and hackers are going to watch carefully for what is patched by Microsoft.  These evil coders will see if routines fixed in Windows 7 and 8 are also present in Windows XP.  In effect, the weekly updates to the recent operating systems will point out to bad guys where they should attack XP systems.

Microsoft UpgradeAnti-virus and anti-malware programs won’t be able to protect you against all of the attacks which are based on exploiting flaws in the operating system.

The attacks typically come from email attachments and scripts embedded on sleazy web pages you’re tricked into going to or which you’ve gotten to because you’ve mistyped the web address.  It’s hard to never typo www.ammazon.com instead of www.amazon.com! It’s easy to get fooled into clicking to open an email attachment or to visit a site that’s supposed to let you download a video but instead tries to send you a malicious program.

Once on your computer, the evil applications can monitor your keystrokes to get your bank username and password and then send off the information to the program’s authors in Russia.  Or, the program can encrypt everything on your disk and demand that you send cash to a blackmailer if you want the key to decrypt your photos, financial information, and documents. Or, … whatever!

In my opinion, you should not use a Windows XP computer on the Internet after April 8th.  It’s just too dangerous.

If you’re running XP now, you have two choices.

One is to update the computer’s operating system to Windows 7 or 8.  However, many old computers do not have the minimum resources required for these new operating systems.  And, even if they can run a newer version of Windows, they will do so very slowly.

Microsoft PC Discount DealTherefore,  I recommend that you purchase a new computer. Hardware prices are less than 1/3 of what they were in 2002, according to Microsoft (1). Plus, Microsoft is offering a $100 “instant savings” on computers you buy through them to replace an XP box.

Whether you go through Microsoft, pick up a new PC at Costco, or switch to a Mac, you’ll be okay. But, please, do not keep running XP!  I really don’t want to spend the rest of 2014 helping people who kept using XP thinking that they’d be okay because they don’t view porn, shop online, or do anything stupid.

No matter how careful you are, your XP computer will be vulnerable after April 8th.  Please, update!

Posted in Tips and Resources | Tagged , , , , , , , | 1 Comment