Thursday, June 30, 2011

Don't Ignore "Updates are ready to install"!

Everybody has seen them. The pop-up balloon in the right hand corner of the screen, down near the clock: “Updates are ready to be installed”. And, every one of us has done the same thing at one point or another, click “Remind me later”.
You’re busy. This email needs to be sent out before 4. The spreadsheet needs to be updated before the next customer. The phone is ringing. I can’t restart my computer right now. The dog is barking. The sun’s rays are too dim during the vernal equinox. Delaying patches or updates to computer software can happen for any number of reasons. It is natural to delay it for a minute.
It is important to remember that those minute delays cannot turn in to days or weeks or months. Whether the patches are for Windows itself, or FireFox, or Anti-Virus definitions, or Adobe Reader, or any number of other software programs, it is imperative that everyone stays on top of them. New software updates can be introduced for a whole host of reasons, including:
- Closes and fixes security holes and exploits
- Fixes possible compatibility issues with new software and operating systems
- Introduces new features while removing outdated features
- Protects AV software against newest viruses and trojans
All of these reasons can improve your computer experience while helping to keep your computer safe and secure from threats, such as hackers and viruses.
Anyone that owns a car will recognize the importance of proactive maintenance. It would be insane to leave an oil change for 15,000 miles or to drive your car until the tires are completely bald. For the same reasons, it would be insanity to use a computer for months without downloading and installing software updates. The damage to your car could lead to catastrophic failure that may open yourself up to injury.
Now, I’m not going to say that failure to run Windows Update will cause injury, but the danger to your personal information or your important documents can be just as real as a broken wrist or a seized engine. And, the computer security community feels the same way. As can be seen in this article from netsecurity.com, keeping your computer up-to-date is no different from eating right and exercising.
When undertaking the process of updating all of your software, there are several steps that need to be taken. The most important step is to make sure Windows has its most up-to-date patches. Microsoft is constantly releasing security patches along with patches to improve compatibility and performance.
To keep Windows updated:
- Make sure Automatic updates is enabled. In Windows 7, this is done by going to Start >> Control Panel >> System and Security >> Turn Automatic Updating on or off. You can change the settings to download and install updates during the middle of the day or the middle of the night if there is a need to avoid peak usage times.
- Check Windows Update regularly. This can be done by clicking Start >> All Programs >> Windows Update. In later versions of Windows, this should help give you updates for the operating system itself along with updates for other Microsoft programs, like Microsoft Office.
After covering updates needed for just Windows or Microsoft, it is important to realize that there are dozens of programs on your computer that need updating. Many of these programs have features that you can select during the installation that allow for auto-updating. These can be quite a benefit in case you have trouble remembering to check for updates.
If you need to check for updates, many programs allow for a quick and easy way to do such things. Many programs, like FireFox and Adobe Reader, allow for a “Check for Updates” feature in their help or tools section. With Adobe Reader open, click on “Help” in the toolbar and then select “Check for Updates”. It only takes a few moments and, once it is done, your computer will be more secure than 15 minutes ago.
Outside of software updates and patches, the next most important updates are the definitions for your anti-virus software. I’m going to take a leap of faith and assume that you have an effective and current anti-virus subscription. However, even if you have that subscription, you need to keep the program up-to-date. For best results, make sure that the anti-virus program is setup for regular definition updates and regular scans.
Viruses, spy-ware, and Trojans are constantly being created. There are always security holes that people attempt to capitalize on with a new threat. For your installed Anti-virus program, constant definition updates are required for optimum performance. Without them, an anti-virus program is, essentially, worthless.
When investigating computer problems, one of the first issues to check on is whether the system is up-to-date. And, one of the very first things to do when ensuring computer security is to make sure all software is patched and updated. It can be considered just as important as password security. A little preventative maintenance from time to time will go a long way in keeping your computer operating securely and efficiently.

Saturday, June 11, 2011

Cloud Computing: Google vs Apple

Pop Quiz: Do you need software installed on your local computer to create a sales proposal for your boss? In order to take the amazing presentation you created to your client's office, do you need to have saved it on a thumb drive? Or worse, should you lug your laptop with you to the client's office just to have access to your files?
Answer: Not any more... thanks to the concept of cloud computing.
Cloud computing is not a new concept, but has been creating a lot of buzz lately. Basically, it's the concept of having secure access to all your applications and files from any network device (i.e. desktop PC, laptop, tablet, netbook, smartphone, etc) without being tethered to a single device.
Sidebar: Interestingly enough, netbooks were created with cloud computing in mind.
All of your personal files such as pictures, videos, music, word processing files, spreadsheets, presentations, etc can be created and/or stored in the cloud. Cloud computing eliminates the aggravation of installing and upgrading software, not to mention the need for a high power PC. It provides access to your data instantly, whenever you want it, no matter where you are.
When we Geeks say "The Cloud", we typically mean a service provided over the Internet. Although, the Cloud could also be your company's network. This provided service could be data storage and backup services such as Dropbox, Mozy, or Carbonite where you have to manually copy files over for later retrieval.... or it could be a application service, a.k.a. "software as a service" (SaaS), allowing you to create a word processing document, spreadsheet, or presentation, host an online company meeting, or even play games... all without lugging around your laptop or CD/DVD or thumb drive. It is possible that your company may be using cloud services without you even knowing it. Using a web-based email service such as Gmail or Yahoo! is an example of a cloud service because your email is stored on servers across the Internet. Even your desktop email software, such as Microsoft Outlook, Outlook Express, or Mozilla Thunderbird, can use servers in the cloud to store your emails.
There are many perceived advantages to Cloud computing including device and location independence, security, agility, scalability, performance, and maintenance to name a few. Cost is claimed to be another advantage, although it seems to be one of those things where "it depends on how you look at it". Regardless of whether you use a Mac, Windows, or Linux powered device or a tablet, smartphone, or netbook - If you can connect to the Internet, you can utilize cloud services. This advantage alone can make cloud computing attractive to businesses who utilize mobile workers, have telecommuting needs, and outsourcing services.
Apple & Google
Two of the more prominent players in this Cloud computing game are Apple and Google. They both already dominate the smartphone and mobile device markets. Google already has a host of applications in the cloud, whereas Apple just recently acknowledged the cloud as the new center of the digital world. However, each company has taken a different approach to cloud computing.
Google...
Like most everything Google does, their cloud computing concept is Web-based. To access most of Google's services, all you have to have is a device with a web browser and an Internet connection. Google has 60+ products and services, many offered at no charge. Some services familiar to most, include Google Mail, Google Calendar, Google Docs, Google Maps, Google Chrome, and of course Google Search. Some maybe not so familiar are Google Bookmarks, Google Finance, Google Gears, YouTube, Google Analytics, Orkut, iGoogle, Google Health, and Blogger (in which this blog was created and posted). There are many more. So, to find out what these services are.... Google it! :)
Since Google designs it's services for simple web-based access, your Google hosted files and folders are not device dependent. You can access your Google Docs files from an Android device or from an iPad. You can create and update your blog from your Galaxy Tab or iPhone using Google's Blogger service. Essentially, with the Google cloud experience, you will create and update your documents in the cloud and those people you have access to your documents can see it using a web browser.
Apple...
Apple has taken an app-centric approach in it's new iCloud service. Apple noticed the problem with keeping your devices, whether a PC, laptop, tablet, or smartphone, up to date and in sync. Their solution is a series of services that syncs all your music, photos, email, contacts, apps, documents, etc and automatically pushing it out to all your devices. Unlike Google, iCloud's document syncing is not web-based. Instead, Apple created several APIs (application program interfaces) that developers can embed in their apps. These APIs will tie the documents created in an app to that app. This will allow you to use the same app you created the document with to edit it later, regardless of which device you choose to edit it from. And when you make any changes, your updated version is automatically synced to all your other devices, without having to use another app to move or upload your files.
Confused yet? Let me give you an example comparing the two approaches...
Say you created a document you plan to submit in the The Atlanta Journal-Constitution on how Kardon Technology swooped in and saved the day for your business in record time when your network crashed. While in a cab on your way to a meeting, far away from your PC in your office where you started creating this article, you decide you want to add to your article and give a shout out to Jason, the Kardon Tech Geek, who not only raised your crashed network from the ashes but also provided a plan to help prevent this from happening in the future.
Now if you drink the "Google approach to cloud computing" kool-aid, you realize all you need to do is access your article in the Google cloud from your iPhone and add your changes. You will use the web browser right there on your iPhone. There is no need for any special software or apps to do this.
But if you subscribe to "Apple's iCloud approach", you still are able to access your article on your iPhone as it was automatically sync'd there after you initially created it from your office PC. But, now you will use the same app to make your additions as you did to create the article. Once you finish, your updated version will be automatically sync'd to all your other devices, including the PC back at your office... you know, just in case you decide to nominate Jason for a Nobel Peace Prize or something. :)
Summary: Google provides services that allow you to access to your data, create and update documents and even share them with others. All you need is a web browser and Internet connection. Apple, on the other hand, syncs your data from say Google Docs to your Mac at home, your office PC and your Android smartphone all the while allowing the same editing experience independent of which device you created the document on to which one you are accessing it on now.
Suffice it to say, cloud computing considers your data to be the most important factor and all devices are just a means to access that data. The vision of cloud computing is evolving - I can't wait to see what they come up with next.
Sidebar: Apple's mostly free 5GB of storage iCloud approach will replace their costly MobileMe service, although you will be able to purchased more space. While Google's SaaS approach is free for those with personal accounts. Google does have a cost for some services such as Google Apps for Business.
So, which approach do you think is the best cloud computing solution? Apple's iCloud or Google's myriad of web services? After all, both companies have developed an approach that they feel is most important to users.
Check out this article Apple cloud vs. Google cloud: The philosophical differences for a look at two different approaches to cloud computing.

Tuesday, June 7, 2011

Password Security

        The first line of defense in protecting computers is password security. Maintaining, updating, and strictly controlling the use and complexity of a password is one of the most integral pieces in securing computers and data. It is an important roadblock to prevent intruders from accessing your most important files. And, despite repeated warnings, it is often the most neglected area of security for computer systems.
        Take a moment to think back on the passwords that you use on a daily basis. Passwords that you use for logging in to your computer, to check your email, to post to Facebook, to log in to company programs, to check your bank statement, to order an item from Amazon. Review them quickly and determine if you are doing a good job of password management.
        - Do you repeat passwords for multiple websites? Is the password for your Facebook the same as the answer to the security question on your banking website? Is your email account password the same as the one you use to log in to your company’s web portal?
        - Do you have a blank password for your Windows/OS login?
        - Do you use your first name as a password?
        - Do you use regular words that can be found in a dictionary as a password?
        - Do you use only letters or only numbers as a password?
        - Do you use your anniversary or a birthday as a password?
        - Do you use a child’s name or a pet’s name as a password?
        - Do you use default passwords like “12345” or “password”?
        - Do you use passwords that contain readily available personal information that could be found on MySpace or another social site?
- Is there an Excel spreadsheet named “Password” stored on your computer that contains a list of all important passwords?
        I am willing to bet that, while reading the above list, you thought more than once that Carnac the Magnificent was writing this blog entry. Without much luck, any person with nefarious ideas has guessed or determined one or more of the passwords you use on a daily basis.
        In addition to passwords that are easily guessed, many people make it even easier for their information to be compromised through poor password control. A person wouldn’t leave their car keys on the roof of their car while they went shopping and they wouldn’t provide copies of their house keys for everyone in the office. However, there is a good chance one of your passwords is written on a sticky note attached to the monitor or under the keyboard. You’ve probably told a friend or coworker the password that you use for Amazon or Facebook or your email or one of a dozen other uses.
        There is also the threat of outside attack from malware or phishing scams. And, such attacks can victimize anyone, including senior government officials. Even with all the security in the world, a momentary lapse in judgment can cause devastating problems.
        Protecting your password, protecting your computer, and protecting your life is an ongoing process that requires persistence, planning, and a little dedication.
        The first step to keeping passwords safe is the creation of complex and secure passwords. This can be a daunting process, but it can be simplified in to a repeatable procedure. Below is a 5-step process that creates very secure passwords.
Select a recognizable, but lengthy word (7-10 characters)
rushmore
Spell the word backwards
eromhsur
Convert letters to numbers or symbols
3r*mhsur
Capitalize 2 letters (first and middle or middle and last)
3r*MhsuR
Append 4 digit number to the end
3r*MhsuR1234

        When looking at the above steps, there are a few notes:
        - To convert the letters, look for letters like E, O, L, and S. These letters can become 3, * or 0, !, and $. The addition of symbols and numbers make passwords noticeably harder to crack through the use of hacking programs
        - The 4-digit number does not have to be a random set of numbers, if the worded password is sufficiently complex through the first 4 steps. IF you create a difficult beginning, the 4-digit number can be easily remembered. And, considering most company password creators, changing the last 4 numbers provides sufficient change if password changes are required every 6-8 weeks.
       
I know that the above steps can be scary or unsettling when you first read them, but a memorable and repeatable procedure for password creation is the best way to create and store passwords over a long period of time. I do not use a program designed to store and protect passwords. If you are interested in researching them, remember that this program will end up holding the keys to your entire personal or professional life. Any password used for the security of that program should be unique and monumentally difficult (10+ characters of random alphanumeric).
        By taking the above steps, you are well on your way to creating protected and safe passwords. However, you must remember that this is only the first step in a continuing process. There are a few additional steps that you must remember to protect those passwords that you spent some time creating.
- Do not use one repeated password for all access that you need. Split them up to separate your data. Use one password for the Windows login, one password for company logins, and one password for social websites like Facebook or email.
Doing this will prevent a widespread loss of security should one of your passwords be compromised. The most dangerous situation for a stolen password is when that password is used for multiple logins allowing the thief unfettered access to all areas of your life.
- Change or modify your passwords on a regular basis. Even with strict security, over time, passwords become stale or less secure. Many browsers have password remember options or auto-fill options and one instance of that on a public computer could compromise your password.
It is suggested that passwords be changed every 6 to 8 weeks for best security practice.
- Remember to keep anti-virus and anti-spyware programs up-to-date and on a regular scan schedule. Most malware (malicious software) designed today is created to log or find passwords and use them to steal personal data.
MalwareBytes AntiMalware and Spybot S&D scans on a regular basis will keep your computer secure and protected from outside attacks.
- Last, but not least, be smart about password security. Do not keep passwords written down in open places. Do not talk publicly about passwords. Do not freely provide passwords through open communication like email correspondence. All of the above work can be undone through one sticky note left on a co-worker’s desk.
Remember, criminals spend hours working on methods and strategies for cracking passwords and stealing data. Every day, they are improving their ability to attack systems and compromise personal information. To combat this, everyone needs to take the time to improve their passwords and data security in an effort to keep their personal data safe and secure.