Tuesday, 3 June 2014

Viruses in the news again. What to do about CryptoLocker, GameOverZeus etc?

You may well have seen the recent news articles about the work of international law enforcement agencies in taking down the networks of computers that run some exceptionally malicious viruses, with names such as CryptoLocker, P2PZeuS, GameOverZeus, etc.

What does it all mean for you and what should you now do?

Here in the UK the National Crime Agency (NCA) have warned users that they have 2 weeks to protect themselves (see http://goo.gl/sPf39B). They don't seem to have made it very clear why you only have two weeks and they seem to only be suggesting that you should run good anti-virus software and to install any waiting Windows Updates. This is, of course, solid advice at any time and not just now.

It appears that the damage the NCA, along with the FBI, Interpol etc, have managed to inflict upon the main servers running these viruses is what has given us a "2 week window". The suggestion is that the "Command and Control" Servers which run these global virus operations are expected to be back up and running soon, i.e. within 2 weeks.

These Servers rely on millions of innocent computers doing the majority of their work, whilst also allowing the virus writers to hide behind many smokescreens.

Your computer may be one of those infected and running as part of this "BotNet" without you knowing about it. The point of updating anti-virus software and keeping Windows up to date is to reduce the chances of your own computer remaining infected in this way.

Internet Service Providers can spot when PCs are participating in a malicious BotNet, by the amount and type of internet traffic that is passed. To date, in the UK, they have never warned anyone that they may be infected, but there are suggestions that they may do so now.

CryptoLocker is a very effective virus which will encrypt and lock all of the data on your computer. You will then see a message on-screen, telling you that this has happened and explaining how to pay a ransom in order to buy a key that will decrypt the data. That ransom apparently varies between £250 and £400. There is no other way to decrypt the locked data.

Any data which can be seen on your network will become locked, once the virus has successfully infected any one computer on the network. This includes data held on Servers and backups held on external hard drives, which are left connected to the PC.

There are several steps that you should take to avoid infection:
1. Use off-site or online backup. This is very unlikely to become encrypted even if you do contract the virus. You simply clean the virus, restore the data from backup and continue.

2. Use a solid anti-virus. We recommend and resell WebRoot. Others are available, but some are less effective than others. Most of the "free" products are not licensed for business use.

3. Run "Windows Updates" regularly, and preferably automatically.

4. Ask us about our "CryptoPrevent" software, which attempts to stop or to disrupt such viruses from running in the first place. This is free to our own clients.

5. Most importantly. Use your own common sense! The vast majority of viruses come through Zip attachments in emails. Does anyone ever send you a Zip attachment? Probably not. If not then do not be tempted to open such an attachment, no matter who it appears to have come from.

Call us for free advice on avoiding virus infections. If you are based in Lancashire and you believe that your computer may be infected, switch it off and ask us to visit as soon as possible.


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Friday, 2 May 2014

Upgrading from Windows 8 to 8.1

Whenever we can we dissuade our business clients from using Windows 8. This is because it is designed with Home Users and social media at the very forefront of the entire operating system. It is clunky to use and difficult to navigate, and really needs a touch screen to get the most out of it. Windows 8 is also part of Microsoft's long-term intentions to move everyone to the "Cloud", which may not be the ideal scenario for business users.

The concept behind Windows 8 was to have the same operating system on your phone, tablet and computer. Except that all 3 devices are used for very different purposes. Oops.

We supply Windows 7 Pro as the operating system of choice for our computers. This is an excellent version of Windows, and by far the best yet offered by Microsoft. Many of our clients who buy their own computers will find that they have bought Windows 8, so they ask us to move them to Windows 7 instead. (Microsoft refers to this as a "downgrade", whereas we prefer to think of it as an "upgrade") 

This is a free upgrade if they bought Windows 8 Pro, but this is rarely offered unless requested. Most computers ship just with Windows 8 - which is different to Windows 8 Pro. Not very obvious, is it? Again, this is fine for home users, but not so for business users.

Windows 8 Pro comes with the upgrade rights to use Windows 7 Pro instead. Windows 8 does not, so you would have to buy an additional Windows 7 licence, at approx £100. Officially, since Oct 2013, this is no longer possible.

With Windows 7 we have always, as per best practice, moved the User Data from the C: drive of the computer to a secondary D: drive. The C: drive is then used exclusively for Windows and other programmes, (such as Office, etc.) This helps to protect the user's data in the event of failure of the Windows operating system and is a much more efficient use of the hard drive in a computer. It also makes data backup much simpler.

Microsoft's own take on this practice is, 
"For Windows, the most common reasons are as follows:

  • It is easier to back up data from a single drive & from a drive that contains only user files.
  • It is easier to rebuild the operating system drive on a user’s computer if user data is located on a separate volume. In this case, the drive that contains the Windows directory can be formatted, and Windows can be reinstalled without having to worry about how to remove user data."

However, it will eventually be the case that we will no longer be able to supply Windows 7. Microsoft originally said this would be in late 2014, but have since changed this to a date "to be determined". They have already stopped selling Windows 7 as an off-the-shelf product, as mentioned above.

So we will be forced to supply Windows 8, or its successor, whether or not that is good for our business clients. Which is all in the name of progress, of course. Or is it?

A Windows 8 computer will still allow us to move the User Data folders to the secondary partition, or D: drive. Indeed, this is becoming a vital necessity as we are starting to see relatively small SSD (Solid State Drives) being used for the operating system, (as they are very fast indeed), with more normal, larger hard drives used for the User Data, (as they are very cheap).

All well and good. Until we decide that we wish to upgrade the awful Windows 8 to the slightly less appalling Windows 8.1. In that case we can spend many hours downloading the Windows 8.1 upgrade, only to then see a message on screen saying, "Sorry, it looks like this PC can't run Windows 8.1. This might be because the Users or Program Files folder is being redirected to another partition.."

The reasoning behind this is very unclear indeed and is very much a backward step by Microsoft, especially in the face of SSD drives becoming more widely used.

The way around this problem is to manually move each user's data folders, one at a time, to the D: drive, but to leave that user's "profile" on the C: drive. This is a poor compromise which goes against Microsoft's own reasoning for moving the user profile completely, as shown above.

Microsoft says, "By changing the default location of the user profile directories or program data folders to a volume other than the system volume, you cannot service your Windows installation. Any updates, fixes, or service packs cannot be applied to the installation. We recommend that you do not change the location of the user profile directories or program data folders."

This means that, in one Microsoft article on this very issue, they recommend keeping the operating system and user data separate, and then tell us that we cannot do this! (see http://support.microsoft.com/kb/949977)


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Tuesday, 15 April 2014

HeartBleed - what do I need to do?

The HeartBleed "Bug" is not a virus which may infect your computer. It is a flaw, or vulnerability, in the software which protects some "Secure" websites.

If you see HTTPS at the start of a web address, the letter "S" stands for Secure, which gives you peace of mind when sharing sensitive information with that website.

Except that some sites may not have been so secure as we'd once thought!

Effectively this bug could have allowed attackers to read the memory of affected web servers. That memory may have included information such as your username and password, etc. 

No-one knows for sure whether, or not, this flaw was ever exploited by any hackers. It has been present in the affected software for about 2 years and the world has yet to stop, so my own suspicion is that it hasn't been used against any Web Servers so far.

A fix for the flaw has been issued and almost all affected web servers will have been patched by now.

So, that's OK, panic over then. Phew!

But, and there's always a but, because we don't know too much about whether or not this flaw was ever exploited, the recommendation now is to change all of your internet passwords anyway.

Why bother? Because it is very good safe-surfing practice to change your passwords every 6 months or so, and why not do it now?

You should use complex passwords, which are different for every web site that you visit. A complex password is built up with CAPITAL letters, lower-case letters, numb3rs and pun&tuat!on marks, such as P4ssw0rD!  But, how would you ever remember several such passwords?

Here's a simple solution. Decide on a random word which will form the basis of all of your passwords. But that word shouldn't be a real word or name which is associated with you in any way, or able to be guessed. Let's put that into practice.

At school I really liked a girl called Carol, (although I never dared tell her so!) So the basis of my randomly generated passwords shall be "arol".

I'll now add both punctuation and a number  - arol9!

That is the core of all my new passwords.


To make it unique, wherever I may need a password, I shall add the first 2 letters of the name of the company I am dealing with to the front of my new password in Capital Letters.

So, if I am dealing with Amazon, I would create the unique password of AMarol9!
Ebay is given EBarol9!
Marks and Spencer gets MAarol9!
The IT Dept = THarol9!

I have quickly and simply created an infinite number of exceptionally strong passwords which are extremely memorable.



____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Tuesday, 25 March 2014

Windows XP goes “End of Life” on 8th April 2014

Q. End of Life? What does that mean? 

A. Microsoft’s most popular operating system ever, Windows XP has been with us since Oct 2001. It is still installed on almost 30% of computers. Microsoft bring out newer, more secure, operating systems every 3 years or so and they are now retiring Windows XP, so that they can stop having to support it.

Q. How does that affect me?

A. After 8th April Microsoft will no longer release security patches for Windows XP. Hackers are forever attempting to discover new vulnerabilities in the operating system of your computer, which could allow them to gain control. If you are still using Windows XP then the chances of a successful hack, or virus infection, of your system will quickly grow over the next few weeks.

Q. How do I know if I have Windows XP?

A. Click the “Start” button. You should see either “Run” or a blank white box. Type “winver” and hit the Enter key. This should bring up a box showing information on the version of Windows that you have. Also, if you do have Windows XP you’ve probably had annoying pop-up messages from Microsoft, warning you of its end-of-life status.

Q. Why should I care? There’s nothing worth stealing on my computer!

A. Don’t be so sure. All of your banking details? All of those photos you’d rather keep private? All of your friends email addresses? Your Facebook log-in details? Also, any new hardware or software will probably not work with Windows XP.

Q. What do I need to do then?

A. You need to upgrade from Windows XP to a newer operating system, with the choice currently being either Windows 7 or Windows 8.

Q. Is this a free upgrade?

A. No. Microsoft isn’t one of the world’s most profitable companies for nothing. You either need to buy a new computer, which will come with a new operating system, or you could buy a Windows 7 or 8 licence and upgrade your PC from DVD.

Q. So, what will it cost?

A. A new computer can cost anywhere from £350, but for a decent spec, business-grade PC, expect to pay more like £450. A copy of Windows 7 or 8 on DVD can be bought for £85 or so.

Q. The new licence sounds a cheaper option. Is that best?

A. Probably not. A computer running Windows XP is almost certainly too “old” in computer terms anyway. You would not find that upgrading it would suddenly make it run any better. In fact, the reverse may well be true; and it is possible that the computer simply won’t accept the upgrade. This isn’t for the faint-hearted though, so seek advice first!

Q. Will Microsoft offer any advice or support on upgrading?

A. The effective answer is “no”. You can find material on Microsoft’s websites, but this tends to be factual information regarding the cut-off dates and why they are doing this. You should contact your IT Support Company or a local, independent computer shop for serious advice.

Q. April 8th? That doesn’t leave me much time, does it?

A. No, but “Don’t Panic”. We recommend upgrading as soon as possible, not only because your computer will become more vulnerable, but because the very fact that it is running on Windows XP means that an upgrade is well overdue anyway. We would definitely advise making the move before May 31st 2014, which gives you some planning time without taking too many risks with your PC.

Q. OK, I’m willing to upgrade, but should I go with Windows 7 or Windows 8?

A. This really depends on what you use the computer for. The two operating systems are much the same “under the bonnet”, but they look very different in use. (Microsoft would tell us that Windows 8 has much greater security built in, which is true, but not of great importance to businesses with good IT support). In our opinion, Windows 7 is more suited to business users, whereas Windows 8 is better for home users, especially those with a touch screen computer.

Windows 7 looks more like Windows XP, so the inevitable learning curve is much less onerous for a normal computer user than is the case with Windows 8.

Windows 8 is also targeted more at “social” use, rather than business use.

Q. What if my business critical software will only run on Windows XP?

A. You could run a “virtual” instance of Windows XP within your new computer. Or, could you keep one or two PCs separate from the rest of the network, just for running that software? But, your best option is to accept that the time has come to also upgrade that software, which has to happen sooner or later.

Q. Wow. This is more involved than I thought. What do I do next?


A. Speak to The IT Dept about your best options, as there may be different solutions for different people. As Microsoft Partners we are very well placed to offer you the right advice, with the minimum of confusion.

____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Wednesday, 26 February 2014

Unable to send emails through a BT Broadband account

Almost all of our clients have their own domain names, which they use for their own websites and email addresses. Many of those clients have set up their email system at home to check their work email accounts. 

Those who have a residential BT Broadband line, as opposed to a business line, may find that they are suddenly unable to send emails from their own domain from home. This may be the case even though they have successfully used their own domain to do just this for some time.

You may see an error message pointing you to a web address similar to http://www.spamhaus.org/query/bl?ip=xx.xx.xx.xx (where xx.xx.xx.xx shows your computers "IP Address". Going to that link shows that your IP Address is blocked. Going further into the SpamHaus pages gives an explanation (See http://www.spamhaus.org/pbl/query/PBL231589)

That page explains that BT Retail do not allow unauthenticated emails through their system. That is different to refusing to allow emails sent from authenticated domains other than BT Internet, of course, but let's skip over that issue.

Why they do not allow you to send emails from your own, authenticated, domain is hard to fathom, although BT claim this is an anti-spam measure.

The way round this would appear to be that you need to add your own domain email address as an additional account within your BT Mail system. 

When I sought help on this issue from BT, 3 different Techies spent some time telling me that they had no idea what I was talking about, but one of them did eventually send me a Help Document - see http://bt.custhelp.com/app/answers/detail/a_id/10903 - which shows the solution, (although this is for their email system when it was linked with Yahoo!, so the pictures are different, but the principle is the same.)

I then discovered that you do not get a BT email address by default when you sign up to their broadband system. Why not, when you aren't allowed to use any other email addresses? (They obviously expect everyone to use a Web based email service, which would work.)

So, you have to contact BT Sales to ask for an email address to be set up on your account.

You then have to log on to your BT Portal, at http://www.bt.com, and choose the Email tab. Once in there look for Settings, Accounts and add a new account.

You need to know the settings for your own domain's email accounts, but once configured everything works again! Magic.

I have no idea why this is such a difficult proposition for BT, or why their Techies have never before encountered the problem. Even my old Dad has his own domain and unique email address!


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Tuesday, 18 February 2014

Costs of an old, slow computer

Many of our clients, when faced with the prospect of upgrading their old computers, tell us, "We can't afford it right now". But, can they afford not to?

Just as older cars start to become more expensive to run than a newer car, the same is true of computers. However, the costs of slow computers are more hidden.

We believe that most decent spec, business grade computers should last about 4 to 5 years. After that they become less efficient for many technical reasons and the cost of upgrading becomes greater than the cost of replacement.

As a very rough guide, the computers we sell generally cost around the £400 mark. Add £100 for the configuration, installation, delivery and set up in your office. Then add another £100 for a nice new monitor, if you need one, to get an estimated overall price of £600 (+ VAT).

If that computer lasts only 4 years then the annual cost is around £150.

If an employee earning £10 an hour has a slow computer, which loses them only 20 minutes per day, that is costing your business £3.33 per day purely in staff costs, (ignoring the higher power costs of old equipment). That is equivalent to £765.90 per year (of 230 working days).

Upgrading your computers can save you money, as well as reducing frustration and annoyance, giving you a much happier and more productive workforce.
____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Saturday, 18 January 2014

Emails from "ICANN" asking to verify the WHOIS contact information

The organisation responsible for domain names across the internet is called ICANN (Internet Corporation for Assigned Names and Numbers).

They have determined that many people who have registered domain names have used false email addresses to do so. The reasoning behind people wishing to do this is likely to be in order to reduce spam, as ICANN happily publish those email addresses to all and sundry.

For reasons which remain unclear, and without any publicity that we are aware of,  ICANN now wish any Registrant of a domain name with suffixes such as ".com", ".org" and ".net" to verify that they actually have access to the email address held on the ICANN database. I couldn't find any definitive information on this unexpected move on ICANN's own website at http://www.icann.org/ 

However, we have clients who have reported to us that their domain has been suspended, following receipt of an email from ICANN asking them to click a link to verify their email address. That this email has every appearance of a phishing scam seems to have passed ICANN by in their rush to enforce the rule that domain names must be registered to people with legitimate email addresses.

Had I received this email I would have deleted it without a second thought as it screams "SCAM!"

The body of the email being sent out reads:

Please be advised that as of the 1st January 2014 it has now become a mandatory requirement from the Internet Corporation for Assigned Name and Numbers (ICANN) that all ICANN accredited registrars verify the WHOIS contact information for all new domain registrations, domain transfers and registrant contact modifications.

You have received this email as you have recently transferred one or more domains to Your domain services provider with the following registrant details:

Name: Xxxxx Xxxxxxx
Email Address: xxxx@xxxxxxx.com

Under the changes requested by ICANN you need to verify your registrant email address. Please click on the link below to verify this email address.

https://www.verify-whois.com/?DW%2bXxjsfv7sldjfvsdnfv;kjsd6bsadcflkj7slkdjfcv

You have 15 days from the time the transfer completed to verify your email address.  If your email address is not verified within these 15 days the domain name(s) will be suspended until the email address is verified.

Once the link above is clicked this email address and the domains listed below will be instantly verified.

Please note this email is not a phishing email and is being sent to you following the change outlined above from the 1st January 2014 by ICANN.

Whilst this email is genuine, and clicking on the link did indeed verify the email address with ICANN, you can expect to see similarly worded emails being sent out by malicious scammers.

How do you tell the difference between the real email and a scam?

If your domain is registered through us then you will be the "Registrant", or legal holder, of the domain name and so you will receive the email from ICANN. We won't be aware of this as, unlike many domain registration companies, we do not register the domain name in our own name, as it is your domain and not ours.


You can forward any such emails to us for checking if you wish. This service is free of charge if the domain name has been registered through ourselves, of course.

UPDATED: 05 March 2014

As we said above, "you can expect to see similarly worded emails being sent out by malicious scammers". Today we saw the first such email, which was pretending to be from Microsoft, starting with the line, "New Regulations from Microsoft Corporation and your email host, now require that email account holders must verify their email account information."

As suspected that email isn't genuine and clicking the "Verification Link" would take you to a malicious website which would install viruses on to your computer.

____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Wednesday, 27 November 2013

No computers are shown in Remote Web Workplace (RWW)


If you regularly use RWW to access your computer on a Windows Domain then you may notice the website now only gives you the option to access your email system.

The button that used to give you access to the list of computers available has gone.

The screen looks similar to this:



This could be the result of an “upgrade” pushed out by Microsoft to their Internet Explorer (IE). IE11, the latest version, seems to be incompatible with RWW.

However, you have to use IE in order to access RWW, as it won’t work correctly with other browsers.

To resolve the issue:

1.    Ensure that you are using Internet Explorer

2.    Browse to the RWW website as usual, but don’t sign in yet.

3.    Press the “Alt” button on your keyboard (usually to the left of the Space Bar), which should show a menu at the top of the browser screen

4.    Click Tools / Compatibility View Settings to see this box:


5. Click the “Add” button. Click Close.

6.    Sign in to RWW again to see the button has reappeared:


7.    You must now add this website to your “Trusted Sites” in IE. On the menu click Tools/Internet Options. On the screen that appears click the Security tab, highlight the Trusted Sites icon and click the “Sites” button.


8.    You should see this screen, click the “Add” button:

  
9.    Click “Close” then “OK” and you can use the “Connect to a Computer” button.

10. You may then see this screen, to which you need to click “Connect”
 __________________________

__________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013

Wednesday, 20 November 2013

Blocking Zip attachments in Outlook

The majority of viruses reach users as "Zip" attachments in emails. How many people ever receive Zip attachments that are of any use to them? Very few, I would suggest. 

In my experience most users don't know, or care, what Zip attachments are. Yet so many emails come in every day with such files attached, virtually all of which are malicious.

So, how do we block Zip files from getting through to Outlook? There is a simple procedure, although it does involve messing with the "Registry". If you don't know exactly how to do this then you should ask for professional help.

1. Close Outlook

2. Open the Registry using Regedit (If you don't know how to do this you may wish to consider whether you should be doing this yourself.) Click Start, click Run, type regedit, and then click OK

3. Backup the Registry, just in case

4. Browse to the relevant Key for your copy of Outlook, i.e.
     a. For Outlook 2000 use HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security

     b. For Outlook 2002 use
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security

     c. For Outlook 2003 use HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security

     d. For Outlook 2007 use
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security

     e. For Outlook 2010 use HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
     
5. Check for any other instances of this key, such as       HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security and make the necessary changes to those keys as well.

6. Right-click a blank piece of white space in the right hand side of the screen and choose to create a new "String Value". 

7. Name the String Value "Level1Add" (Without the quotes and it is Case SenSitiVe)

8. Double-click the newly created String Value and add to the Value Data the type of attachment you wish to block - e.g. .zip. (You need the full stop at the start of the name)

9. If you wish to block more than one type of attachment use a semi-colon between each type, e.g. .zip; .exe; .bat

10. Close the Registry Editor and reboot the PC.
____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013

Friday, 15 November 2013

CryptoLocker Ransomware virus

This week we've come across a couple of instances of clients who have been infected by the "CryptoLocker" virus.

This virus has changed their desktop wallpaper to become a message from CryptoLocker, which explains that the data on the computer has been encrypted and that the user has 96 hours to pay a ransom in order to have the data unencrypted again.

This type of virus is known as "Ransomware", because you must pay a ransom in order to have your data returned to you.

The virus runs when you click an infected attachment in an email, or if you visit a rogue website. It isn't immediately apparent that you have been infected, as it slowly encrypts all of your data in the background, before announcing itself with the desktop message. Sneaky, huh?

In the case of the first client to report this issue we were able to successfully remove the virus and to then restore all of their data from the Online Backup service that we provide them with.

Sadly, the second client didn't subscribe to this service, in favour of holding their backup on an external hard drive. As this was attached to the computer when the virus did its work, the external drive was also encrypted. Oops.

Whilst we could clean the virus itself off the computer, we weren't able to get any of their data back. The ransom requested is £200, so they are deciding whether or not to trust that paying out this money will actually lead to the data becoming usable again.

There are a number of lessons to take from this problem:

1. Always keep a backup copy of your data away from the computer. This may be through an Online or "Cloud" based backup system, or simply backing up to two separate hard drives, keeping one of them off-site at all times, (in the car for instance).

2. Take a backup copy on a very regular basis. It isn't enough to do this job weekly if you can't afford to lose the last week's worth of data.

3. Test your backup on a regular basis. Can you restore data if you have to? Rename a file and try to restore that file from backup. Do the two files match?

4. Viruses almost invariably come in emails these days. By far the most common method is via a "Zip" attachment. Who ever sends Zip attachments to you? Certainly not the banks, PayPal, the Government, or any parcel delivery companies! Don't trust any Zip attachment.

5. Never believe that the Sender address of an email is where it has actually come from, as this is easily spoofed. Emails which appear to have come from someone that you know and trust are an easy way for virus writers to fool you into opening their attachments. Read the text first and wonder, "Does that sound like this particular Sender, and why would they have sent me this attachment?"  If the attachment is a Zip file, don't trust it!

6. If there is no attachment then the email may be trying to trick you into visiting a rogue website. Never click a link held within an email, but instead open your internet browser and go directly to the required website. (Keep your most used websites - such as online banking or PayPal etc. - in the "Favourites" or "Bookmarks" of your internet browser).

If you're worried about your backup method and whether or not it is suitable then call us for a free check up. 01257 42 92 16
____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013

Friday, 13 September 2013

BYOD? What's That Then?

The latest buzzword coming from the world of IT is "BYOD", which stands for "Bring Your Own Device".

Nowhere near as much fun as a BYOB restaurant, the practice has a number of advantages as well as drawbacks.

Essentially it relies on employees using their own computer devices for the benefit of the business that they are employed by. Why have two smartphones, two tablets, two laptops, etc. At work an employee only needs one and it may as well be their choice as to which one, right?


After all, the majority of employees already bring their own devices into the workplace and attach them to the business network. 60%, or more, of mobile phones are now smartphones and staff will usually expect to connect them to an available wireless network. How does the business protect itself against what should be seen as a "threat" to their network security? How many businesses have ever thought about this issue?

So, what are the implications of BYOD?

Pros:
The business could save on computer costs.
The business may share the costs of the device with the employee.
The employee gets to use a device that they have chosen.
Employee productivity could increase if they feel happier and more trusted.

Cons:
Whose responsibilities are any necessary repairs?
Who is expected to fund the replacement of the device when something newer appears on the market?
Surely the employee is able to spend more time on non-business activities while at work?
Corporate governance of policies and standards (e.g. anti-virus) is harder to police

The most important thing for any business to do is to have an IT Policy in place, whether BYOD is encouraged or not. If it is not allowed then employees must know where they stand if, for instance, their mobile phone were to introduce a virus to the business network. If BYOD is a part of your strategy then clear guidelines on the use of each device, and the cost of buying, using and insuring the devices, should be documented.

There is a good blog at http://www.ukmdm.com/byod-explained/ which tries to explain BYOD in greater depth. Or you can call us in for a cuppa and a chat, and we'll give you some IT Policy guidelines.

____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013

Friday, 19 April 2013

Windows Updates failing to install

It used to be reasonably common for some Windows Updates to fail to install on PCs, but not an issue we've come across for some time now. Until this week, that is, when we've suddenly seen quite a few PCs failing to install the required updates.

This can be very frustrating as you've waited for some time for the large amount of updates to be downloaded, then installed. You reboot the computer to see "
Failure configuring Windows updates. Reverting changes. Do not turn off your computer."

This can happen if you turn off the computer while it is updating, or it can happen quite randomly. Why it happens isn't so important to you as the way to get round the issue, as it is likely to keep happening every time you try the operation.

To get round the problem there are a couple of things to try before taking the PC to the repair man;

1. Use Internet Explorer to browse to http://support.microsoft.com/kb/949358 (You may not get the right results if you try using an Internet Browser other than Internet Explorer.). 

This will offer you a "Fix-It" where a Microsoft programme will try to resolve the issue automatically. Run through the wizard to see if this will work.

2. If Step 1 hasn't solved the issue then try these steps:

a. Open Command Prompt as Administrator (In Windows 7, click the Start Button, type cmd.exe into the Search Box immediately above the Start Button, wait for the programme to appear in the box above, right-click and choose "Run As Administrator")


b. In the Command Prompt black box type (without the quote marks)
"Net stop WuAuServ"

c. Wait until the service is reported to have stopped successfully.

d. Browse through My Computer to find C:\Windows\SoftwareDistribution

e. Rename C:\Windows\SoftwareDistribution to C:\Windows\SoftwareDistribution-old
(If the system reports it is unable to rename the folder then try step b again.)

f. Back in the Command Prompt window type "Net Start WuAuServ"

g. Click the Start Button again and type "MSConfig.exe" in the search box, then double-click the programme that appears in the list.

h. In the General Tab, choose "Selective Startup", un-check "Load Startup Items"

i. In the Services Tab, check “Hide all Microsoft Services”, then click “Disable All”. 

j. Click OK and you'll be prompted to restart the PC. 

k. Once the PC has restarted try adding Windows Updates in small batches of 5 at a time, rebooting the computer between installations.

l. Assuming all has worked OK, open MSConfig again to ensure it is set to "Normal Startup" with all services set to run.


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013