Wednesday, 28 June 2017

To protect against WannaCry, Petya or similar viruses

These viruses use the “SMB v1.0” protocol in Windows. This protocol is redundant in Windows 7, 8, 8.1 & 10 and can be disabled to limit the spread of these viruses.

The SMB v1.0 protocol is not redundant in Windows XP. If you are still using Windows XP you should seriously consider upgrading your PCs as soon as possible.

How to protect yourself:

If using Windows XP:
a.    Make plans to replace the PC as soon as possible

b.    Download and install this update from Microsoft - https://www.microsoft.com/en-us/download/details.aspx?id=55245


If using Windows 7, 8, 8.1 or 10:
a.    Run Windows Updates and install any required updates

b.    Remove SMB v1.0 from your computer, using "Programs & Features" from within Control Panel (See http://www.thewindowsclub.com/disable-smb1-windows for easy to follow instructions)

c.  Run this very small, and very quick, batch file which will create a small file on your computer. This tells the virus not to run. (Save the file to your PC, then right-click it and choose "Run as Administrator"
      https://download.bleepingcomputer.com/bats/nopetyavac.bat


If you have a Server and your PC is part of a Domain then the chances are high that you have an IT Dept to carry out this work. They can create “Group Policies” to automate these processes by following the instructions at https://support.microsoft.com/en-sg/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows


If you are at all unsure how to carry out these operations please call us on 01257 429216.

We can do this work remotely at a cost of £30.00 for the first PC and only £20.00 for each subsequent PC (all prices are ex-VAT). 
(Free of charge for clients with a Support Contract, of course.)

In addition, you should have a reputable anti-virus programme, which is updated regularly. No anti-virus software is 100% accurate, but some are better than others. We supply and install Webroot Endpoint Protection. Please call for details.

The best anti-virus is your own common sense. Don't click on links or open attachments from any email that looks even very slightly dodgy. You can always call us for free advice if you are unsure.


At the end of the day, if you have become infected, recovery is possible provided that you have a good backup of all data. The backups, once created, must be kept away from the PC, otherwise the virus may also infect your backup.


If you use a single hard drive for backup it's not going to work if that hard drive is permanently connected to the computer. It is better to use two, or more, hard drives which are swapped each day.

The same is true of tape backups. This is older technology but still extremely useful as several tapes will usually be used in rotation.

Cloud Backup remains the best option, as your backup data is held away from your computers, as well as being away from your premises. The cost depends on the amount of data that you need to backup, starting at £10.00 per month. Ask us for further details.



Call us now on 01257 42 92 16 
or see our website at https://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2017

Monday, 15 May 2017

What is the WannaCry RansomWare virus?

You may have read about the disruption caused to many computers across the world last week, that was caused by the WannaCry RansomWare virus. The NHS were amongst the organisations most badly affected. Here we try to explain what it is, how so many people were infected and how you can protect yourself.

What is WannaCry?
It is a “RansomWare” virus that almost certainly arrives as an email attachment, which a user is persuaded to open. They may believe the email to have come from a friend or colleague. Or the email may be suggesting that the attachment is an expected invoice, a problem with your bank, or an unexpected demand for payment. However it is presented, it would appear to have been crafted in such a way that many people have opened the attachment.

What is RansomWare?
“RansomWare” is the name given to a type of virus which infects your computer, encrypts most of your data and then demands a payment, or ransom, to provide a “Decryption Key”. Only with that key would you be able to recover your encrypted data back to a useable form.

Why didn’t Anti-Virus software stop it?
No anti-virus (AV) software is 100% effective. The way most AV works is by knowing each virus that exists. Any software that tries to install itself to your computer has a specific signature. That signature is matched against a database of known viruses and the AV blocks any malicious software.

However, whatever AV is in use by the NHS clearly wasn’t effective in this instance – in a big failure!

In the case of a new virus, most AV databases need to be updated with the new signature, and every computer then needs to download the updated database. This process is speedy, but inevitable time delays allow the virus to spread.

Some AV, such as WebRoot, (http://www.the-it-dept.uk/antivirus.php), works in a slightly different way by trying to spot the way viruses infect computers, as well as having a cloud based database of known viruses. WebRoot also sends back to base information on software that computers are installing, so any malicious virus can be spotted quickly, allowing the WebRoot database to be updated very fast, to block further infections.


Which computers are at risk?
The WannaCry virus exploited a vulnerability in older versions of Microsoft Windows. A “vulnerability” is, effectively, a mistake in the coding of Windows, which allows a malicious virus writer to exploit the poor coding. There are very many vulnerabilities within Windows, which is why Microsoft releases “Windows Updates” every month. These Updates are used to patch the holes in the software to make it more secure.

There is a governmental organisation in the USA, called the National Security Agency (NSA), which is tasked with keeping the computers of the USA, and presumably other friendly nations, as secure as possible. The NSA discovered a new vulnerability within Windows some time ago. But, they kept this information to themselves, in the hope of using the security flaw in an attack on their enemies.

Instead of this happening, the NSA themselves were hacked and the information that they held on the vulnerability was stolen. This meant that nefarious elements now had some very dangerous knowledge.

At this point the NSA had to fess up to Microsoft, who soon released a patch against the vulnerability. So, any computers which were running Windows Updates automatically, or whose users were installing such patches manually, were secure.

There are, of course, questions about the ethics of the NSA. “NSA's mission is to help protect national security” (from https://www.nsa.gov/news-features/press-room/statements/2013-08-09-the-nsa-story.shtml). Quite how the best interests of national security are addressed by keeping quiet about such a major flaw in Microsoft Windows is debatable.

But, surely the NHS were patching their computers?
Not necessarily. Many IT staff do not allow automatic updating of Windows. Historically this could cause more problems than it was worth, as some of the patches would create more serious issues than they fixed. (This hasn’t been the case for many years now. We recommend users run Windows Updates automatically on PCs, but not on Servers.)

In addition, Microsoft only publicly releases patches for what they call “supported” versions of Windows. This only includes newer versions, such as Windows 7 or Windows 10. It does not include Windows XP.

Many government departments, and particularly the NHS, operate annual budgets which mitigate against longer term investment. They therefore do not see the cost benefit of upgrading older computers. Or they have certain devices attached to a computer which will not work on newer versions of Windows. The NHS has many computers running Windows XP.

For some time the UK government was paying Microsoft to continue providing patches for Windows XP. Last year the government decided that this was a false economy and stopped paying this money from central funds. The NHS chose not to make a new agreement with Microsoft, and so their Windows XP computers have not had the benefit of any patches. I also suspect that many of their newer computers are not set to automatically update.

Why was WannaCry able to infect so many computers?
WannaCry is different to most other RansomWare as the exploit that the NSA had discovered allowed malicious software to spread from computer to computer, over the network. Previously most viruses would only infect the one computer that they had been installed to. So, if one user in an office opened a malicious email attachment, only their computer was infected. WannaCry infects all of the other computers that it can find on the same network.

Why can’t I decrypt the data myself?
The encryption methods used by this type of virus are extremely powerful. Without the Decryption Key it is almost impossible to recover your data. 

The virus writers wish to be paid in “Bit Coins”, which are an untraceable, electronic currency. The WannaCry virus demands payment within 3 days, or the price doubles. Don’t pay within a week and your data is gone forever. But, setting up a Bit Coin account is neither straightforward nor fast. And, once you have paid the ransom, what guarantee do you have that the Decryption Key, if sent to you at all, will work?

Law enforcement agencies cannot, in this case “follow the money”. Bit Coin accounts have been designed to be untraceable and anonymous.

So, what can I do to protect myself?
There are several steps we can take to protect against viruses.

Use a backup system where most copies of the backed up data are not held on your network.
Cloud, or online, based backup is ideal. RansomWare viruses cannot infect the data in the cloud, so you can clean the virus and recover the data from backup very quickly.

Tape based backup, or backup to more than one external hard drive, allows the backed up data to be removed from site each night, offering some protection.

Backup. Backup. Backup

Keep Windows Updates running automatically and check that they are installing occasionally.

Install a good anti-virus system and keep it updated.

Install CryptoPrevent and pay the $15 annual fee to keep it updated. This is a small piece of software aimed only at preventing RansomWare style viruses (https://www.foolishit.com/cryptoprevent-malware-prevention/)

Don’t visit websites that your mother wouldn’t approve of. And don’t click links in emails to websites. Especially if an email consists only of a link.

But, most importantly, be wary of any email attachments.   
Do you know the person who just sent an email to you with an attachment?

Do you really know them? Anyone can fake an email address, so does the email read correctly, as if your friend or work colleague that appears to have sent it actually did so?

Were you expecting the email attachment? Not just, were you expecting an email attachment. Were you expecting this specific one?

Is the attachment a Zip file? No-one sends Zip files very much, apart from virus writers!


Have a regular IT Support visit to report on the health of your computers. You may wish to have a monthly contract, or just the occasional one-off visit. 

Just as you service your car to keep it running smoothly, so you should service your computers.


Please get in touch if you have any questions or concerns. Or if you'd like further advice.



Call us now on 01257 42 92 16 
or see our website at https://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2017

Saturday, 13 May 2017

Have you been affected by the WannaCry Ransomware virus?

If you have been affected by the Ransomware virus get in touch for advice. 
01257 42 92 16 
https://www.the-it-dept.uk

To protect yourself from this or future attacks there are 4 simple steps:

1. Train all computer users to be very wary of email attachments or links in emails that you are not absolutely convinced have come from a trusted source. This doesn't just mean knowing the email address that the message appears to have come from, but does the email read as if that person actually sent it to you?

Are you expecting that email attachment?

Does the email only contain one link to a website?


2. A decent anti-virus programme. Yes, you do need to pay for this, but it is invaluable. (Most of the free programmes aren't licensed for business use anyway.) Whatever anti-virus software the NHS or Nissan have been using clearly isn't up to the job!

3. Update Windows. Most systems are set to automatically update, but even then many will still wait for your input before actually installing the updates. Learn how to check that Windows has been updated. It's very simple to do.

4. Backup. Backup. Backup.
Backing up your data is by far the most important thing you have to do on a computer. If you're not backing up the computer then you may as well switch it off and not bother switching it on again!

These Ransomware viruses attack not just the data on the computer, but will also search for any data on the network. So, if you use some form of backup which remains attached to the network that will also be affected and rendered pointless.

You need a backup system whereby a tape or drive is removed from site each night, (to protect against fire, flood or theft as well as Ransomware.) Or, use cloud based backup.

Online, cloud based backup is not as vulnerable to Ransomware attack as it is held remotely and you can generally rescue any data from any day up to 30 days old.

Backup. Backup. Backup.
Please :)


Call us now on 01257 42 92 16 
or see our website at https://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2017

Thursday, 4 May 2017

It's World Password Day!

Secure, Complex, but Easy Passwords

4th May is World Password Day!

There are many different ideas on passwords; whether you should change them regularly; that you should have a different password for every website you visit and every app you use; how difficult to guess your password should be, (and therefore how hard to remember it is?)


One of the most sensible approaches to security is to use "complex" passwords of at least 8 characters, and to have a different password for each situation. A complex password is built up with at least 3 of the 4 elements of CAPITAL letters, lower-case letters, numb3rs and pun&tuat!on marks - such as P4ssw0rD!  Some websites like some punctuation, some don't. They will all accept the other 3 elements.

But, how can you easily create dozens of acceptable passwords, that are difficult to guess, and how would you ever remember several such passwords?

Here's a simple solution. 


Decide on a random word which will form the basis of all of your passwords. But that word shouldn't be a real word or name which is associated with you in any way, or able to be guessed. So, let's put that into practice.

At school I really liked a girl called Carol, (although I never dared tell her so!) So the basis of my randomly generated passwords shall be "arol". This isn't a real word and who would be able to guess it?

I'll now add 2 numbers, to the front and end of the base  - 1arol9

To make it unique, to each and every website or app that I use, I shall add the first 2 letters of the name of the company operating that website or app to the end of my new password in Capital Letters.

So, if I am dealing with Amazon, I would create the unique password of 1arol9AM
Ebay is given 1arol9EB
Marks and Spencer gets 1arol9MA
The IT Dept = 1arol9TH

I have quickly and simply created an infinite number of exceptionally strong passwords which are extremely memorable.



(4th May is also Star War's Day. May the Fourth be with you!)


Call us now on 01257 42 92 16 
or see our website at https://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2017

Sunday, 9 August 2015

Should I upgrade to Windows 10?

UPDATE: This blog no longer applies. Windows 10 has improved immeasurably since this blog was first written and we do now recommend upgrading to Windows 10. Call us for advice on 01257 429216

Windows 10 has been flagged up for a while as an upgrade for legitimately licensed users of Windows 7 or 8.1. Some time ago Microsoft started adding a small flag to the System Tray of such PCs with the title, "Get Windows 10".


As this is a free upgrade to the operating system, why not? It is free for the first year for Windows 7 users, (from 29th July 2015), and for all time for Windows 8.1 users.

You won't have the option to upgrade if you have Windows XP or Vista. Microsoft isn't keen for people to still be using such old operating systems, and hasn't provided an upgrade path for them. Also, if your PC is old enough to have XP or Vista, it is very unlikely that it would work with Windows 10 anyway.

If you have Windows 7 you almost certainly don't wish to upgrade. It is quite possible that Windows 10 would work on the PC, but why change from the excellent Windows 7 to a much clunkier user experience with 10?

If you have Windows 8 then you will have to upgrade to Windows 8.1 before you can try to install 10. And, if you have Windows 8.1 then you may as well upgrade to 10. The user experience is very similar, but marginally less difficult to navigate than 8.1.

Having said that, you may be unlucky enough to find that some components may not work, such as sound, graphics or network cards. The correct drivers, (which tell the hardware how to integrate with the operating system), should be available from your PC manufacturer but it may be best to check first.

Windows 10, in common with Windows 8.1, is clunky to use. Finding the programmes that you use most can be time consuming and frustrating. There has been lots of talk about the Start Menu coming back, after Microsoft received so many complaints at the loss of this most useful feature of Windows 7.

The Start Menu is back, after a fashion, but it can be confusing to find what you need. If you realise that you can quite easily remove items that have been added to the Start Screen by default (by right-clicking and choosing "Unpin from Start" or "Remove from this list") then you can clean this up. You then need to find the programmes (or Apps as they are now called) that you wish to add to the Start Menu. (Right click and choose "Pin to Start".)

Under the hood Windows 10 is much more secure and even faster than Windows 7, but just as awkard and clunky to use as Windows 8.1, negating the enhanced speed of the operating system, which is lost in the overall speed of use.

The default installation of Windows 10 will send a huge amount of information about you, your contacts, and the way that you use the computer and the internet, to Microsoft and to many of their advertisers. To avoid this you need to be careful when installing to avoid "Express Settings" and to look for the small link to "Customise settings". Choose "No" to all of the default settings to secure your own computer.

Once you have installed Windows 10 you should then look for "Privacy Settings" by typing this into the large Search box on the task bar. You'll need to wade through these to turn off any settings that you are uncomfortable with. Very few of them are for your benefit.

Our strong recommendation, should you choose to upgrade, is to wait at least 6 months, until early 2016, while the bugs are ironed out and the PC manufacturers get up to speed and release updated drivers.

Otherwise, if you have Windows 7 stick with it. If you have Windows 8.1 then upgrade to 10.




Call us now on 01257 42 92 16 
or see our website at http://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2015

Tuesday, 16 June 2015

Windows SBS 2011 is denying users access to shared folders and services are stopping

Last week we installed the May 2015 Windows Updates to a Small Business Server 2011 for a client. We usually wait 2 or 3 weeks from release before installing such patches, to see if anyone else has problems when doing so.

The day after the patches were installed the users reported that they were being refused access to their Shared Drives. We logged on to the Server to find that the User Profile wouldn't load and it was very, very slow in operation, eventually hanging and requiring a forced reboot.

It would boot to Safe Mode, suggesting that the problem was less likely to be hardware related. The Windows patches of the day before were the most likely culprit, but once it had rebooted it would work well for anywhere from 1 to 4 hours.

We saw a lot of SharePoint errors in the Event Logs, and we discovered that the SharePoint  2010 VSS Writer service was being stopped and set to "Disabled", rather than "Automatic". There had been a number of SharePoint updates installed the day before, but these didn't have an uninstall option. This led us down a blind alley for some time and we discovered that running psconfig.exe made no difference.

No issues were reported by a Best Practices Analyser scan. Running the "Fix My Network" wizard suggested minor errors in IPv6 and DNS settings, but resolving these saw no change. Updating the network card drivers didn't do anything either.

The problem appeared to be getting worse as reboots now led to the Server waiting a long time after entering a password on “Applying Group Policy Drive Maps Policy”. 

A slow process of fault finding made us realise that the following services were among those being stopped:

a.    Group Policy Client
b.    IKE and AuthIP IPsec Keying Modules
c.    IP Helper
d.    Server
e.    Shell Hardware Detection
f.     System Event Notification Service
g.    Task Scheduler

All of these would allow themselves to be restarted, with the exception of the Group Policy Client service.

Cutting a very long story short, the problems were eventually tracked to the Windows Updates service and the WSUS Role on the Server, which controls how Windows Updates are rolled out to client PCs. Disabled the "Update Service" service and the "Windows Update" service, as well as removing the WSUS role from the Server has made everything stable again.

Removing the WSUS role and stopping the Updates services means that the client PCs needed to be reset to go direct to Microsoft for their own Windows Updates. This is achieved through tweaking the relevant Group Policy.


We adjusted the GPO  "Update Services Common Settings" - Computer Configuration – Policies - Administrative Templates - Windows Components - Windows Update:

“Specify intranet Microsoft update service location” - Set this to disabled

The SharePoint issues seem to be a completely separate red herring and we are willing to ignore them as we don't use SharePoint anyway and these failures are having no impact on the users or the Server.

____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2015

Tuesday, 23 September 2014

Has my email address been stolen?

We hear about email addresses and passwords being lost all of the time. Quite often they are stolen by hackers who have managed to breach the lax security of some of the larger, and possibly more trusted, companies in the online world.

Personal and financial details, such as names, addresses, dates of birth and credit card information, are often lost along with website usernames and passwords.

One of the more infamous such breaches was of the Sony PlayStation databases, back in April 2011, in which 77 million user accounts were stolen, (http://en.wikipedia.org/wiki/PlayStation_Network_outage)

In a more recent hack the huge software company Adobe are reported to have lost data on 150 million accounts! To discover if your email address was one of those lost by Adobe go to the website https://lastpass.com/adobe/ and enter your email address(es).

Even if your email address hasn't ended up in the hands of the hackers you should take the opportunity to change all of your passwords for more secure and complex pa$3-WOrd!

There is another website at https://haveibeenpwned.com/ which can check against a lot of other hacked databases to see if your email address may have been compromised.

But, you should also ensure that you use different passwords on each and every website where you open an account, so if one is hacked you do not risk having all of your website accounts hacked. Not so easy though! Or is it?


Ideally you need to use "complex" passwords of about 8 characters, and have a different password for each website that you deal with. A complex password is built up with CAPITAL letters, lower-case letters, numb3rs and pun&tuat!on marks, such as P4s$w0rD!  But, how would you ever remember several such passwords?

Here's a simple solution. Decide on a random word which will form the basis of all of your passwords. But that word shouldn't be a real word or name which is associated with you in any way, or able to be guessed. So, let's put that into practise.

At school I really liked a girl called Carol, (although I never dared to tell her so!) So the basis of my randomly generated passwords shall be "arol".

I'll now add both punctuation and a number  - arol9!

To make it unique, to each and every web site that I use, I shall add the first 2 letters of the name of the company operating that web site to the front of my new password in Capital Letters.

So, if I am dealing with Amazon, I would create the unique password of AMarol9!
Ebay is given EBarol9!
Marks and Spencer gets MAarol9!
The IT Dept = THarol9!

I have quickly and simply created an infinite number of exceptionally strong passwords which are extremely memorable.


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014

Friday, 5 September 2014

Cost - Quality - Time - A Business Challenge

This Blog isn't about IT, or computers, which may make it more palatable to most folks! (Although we try to write our IT Blogs in English, we do realise that we don't always fully succeed.)

I had a 1-2-1 meeting with Amanda Jackson of TigerFish PR earlier today. They're a great PR company for the logistics market. If you make it or move it, let TigerFish PR it!

During a wide ranging and fun discussion Amanda mentioned an issue that many businesses will come across, based on a triangle of often competing business staples. 

Here at The IT Dept we are always striving to offer a quality service, within a declared time frame, at a known cost. As Amanda put it, a client can have any 2 of the 3, but achieving all 3 can be impossible.




We regularly have competing factors at play, especially when scoping work within the IT sector for clients. We often don't know exactly how long a job will take, but we do know that the client will expect a high quality job, and we need to charge for the work. 

The client, of course, wants to know how much the job is likely to cost, as well as how long it will take. They may well assume that a high quality service is to be taken for granted.

We try very hard not to skimp on the quality of our services. Which can lead to us taking longer to carry out work than some of our competitors. Obviously this may clash with the budget that a client has set for the work.

Fortunately, my meeting with Amanda followed directly on from a seminar run by Michael Finnigan, of i2i (Impossible to Inevitable).

Michael is great at explaining to his clients how they must believe that they can achieve the impossible. With such beliefs the dream becomes inevitable.

We shall endeavour to marry all three of the factors above into our proposals for clients in the future: To spend sufficient time on the work; To offer the highest quality; At a cost acceptable to both parties. The results should be inevitable.

And, on the subject of marriage - Congratulations and Good Luck to Andy and Ruth of Eat My Logo on todays nuptials! 


____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014