Skip to content

Posts from the ‘Computer Security’ Category

PC Habits: Your New Year’s Computing Resolutions

January 12th, 2016

Martin

The start of the year is a good time to take stock of your PC, in the same way you might be doing in other parts of your life. Good habits can make or break your computing experiences.

But while you can’t take your PC to the gym to get it toned, there are plenty of good habits you can start doing now. Getting started is the hardest part, so here are some reminders of my top blog posts which will get you going. Read more

Free lunch: why that free thing is not free

December 8th, 2015

Martin

How many times do you see the word ‘Free’ plastered all over the internet?

Whether it’s free phone apps, free ebooks or free training courses, we’re bombarded with this word every day. It’s a marketer’s best friend, and a consumer’s greatest temptation.

But they say there’s no such thing as a free lunch. Does that apply here? Read more

Update your PC’s software to keep it secure

November 3rd, 2015

Martin

When is your computer completely safe? When it’s switched off. That’s an old geek truism to get started… 😉

But there are other factors reducing your security:

  • when viruses arrive;
  • when antivirus software is not installed or not up to date;
  • when your firewall software is not working;
  • when Windows Updates have not been applied;
  • when you don’t browse carefully;
  • when your programs are not kept up to date.

It’s that last one I’m going to discuss today (yes, that’s why it’s in bold there – I don’t just throw this together, you know!). Read more

Would you know if you’d had your email hacked?

October 19th, 2015

Martin

Yes, you would! Your friends would soon start telling you about how they’d received nonsensical emails from you, and people you’d never even heard of (possible businesses you’d once had email contact with) would be sending you confused messages and “I’m currently out of the Office” type mail. Read more

Cryptolocker: what is it and why is it so evil?

June 1st, 2015

Martin

Cryptolocker is bucking the trend. While most reports will tell you that viruses are no longer the dominant threat to home computer and laptop users, Cryptolocker comes along and shows just how dangerous viruses can be.

A computer infected with the Cryptolocker virus has all its important documents encrypted. This means that the information in them is scrambled, and hidden from anyone who does not have the key or password.

In Cryptolocker’s case, you are locked out of your own documents, photos and videos.

And who has the key to unlock the encrypted files? Why, Cryptolocker’s creator of course! And he or she is not giving it to you for free.

In essence, you’ll be asked to pay a fee for the release of what’s rightfully yours.

I can’t quite emphasise enough how mad this makes me. Cryptolocker is quite possibly the most evil of all computer infections. It doesn’t wreck your computer; it doesn’t steal anything; it just sits there smugly showing you all the thing you had just moments ago, and which the virus programmer could give you back if only you… hand over the cash.

It’s extortion, plain and simple.

How does Cryptolocker get onto my computer?

Corrupt DownloadCryptolocker uses the same sneaky ways of getting onto your PC or laptop as other viruses. You might download it from spam email (including email sent unintentionally by your friends). You might get it included with legal and not-so-legal downloaded files. It could come in Internet chat discussions or dodgy social media links. Another way is through Flash Player. Make sure you keep Flash Player (and other software) updated to minimise the risk. Go to Adobe’s website to check your Flash Player is up to date.

The only way to stop it is to be vigilant: watch what you’re doing online. Be paranoid. Keep everything updated (and keep reading).

How do I spot Cryptolocker?

I’m writing this post now because one of my customers became victim to it recently, so we know Cryptolocker, or a copy of it, is still doing the rounds out there.

In hindsight, it showed itself early on when the laptop it had infected became slow and unsteady. Downloads too became difficult. The whole computer was crawling to a halt.

This was because encrypting files is no easy task. Although the laptop was a pretty decent model, encrypting every file on the hard drive takes time and effort. The clever thing about Cryptolocker is that it does its evil deeds in the background, without telling you.

It makes encrypted copies of all your files in secret, and when it’s finished: bam – it deletes all the originals, with the encrypted copies put in their place.

And then you get the dreaded message, which looks a little like this:

Cryptolocker screenshot

Here’s one version of the message you’d see once your files have been encrypted (click for larger version)

What can I do when I get Cryptolocker?

If you suspect Cryptolocker

If you’re lucky enough to spot your laptop or PC slowing down, and you’re worried it’s Cryptolocker on the way, turn off your laptop now and call me. I will:

  1. Scan the drive with a suite of powerful antivirus products, and with my own two eyes, and remove Cryptolocker if it is there.
  2. Whether it is there or not, I will back up your files to an external hard drive or other source of your choosing, scan them and examine them again, and keep them safe.
  3. Reboot your computer and perform some final security measures to minimise the chances of Cryptolocker surviving, or getting in in the first place. You’ll get a security audit whether you had Cryptolocker or not.

Either way, I will have removed Cryptolocker or any other virus which was on your PC, and made your computer much more secure in the long run. You’ll also have a backup, in case something goes wrong in the future.

If your PC or laptop falls victim to Cryptolocker in the next 30 days, you’ll get your money back from me, and you’ll still have that data backup.

Once you see the dreaded Cryptolocker message

VirusAt this point, I’m afraid your prospects are much worse. Your files are encrypted, and there is little chance of getting them back unless you have a backup or you pay the criminals.

You may have seen the Fox IT Decryptolocker website, which promises to decrypt your files for free. While this is a legitimate site, it only has access to the decryption keys for the initial 500,000 victims as of August 2014, so there is little point in sending your files there if you’re infected today.

Whatever the outcome, and whether you pay up or not, once you’re ready to banish Cryptolocker (and your chances of recovering your files) once and for all, do a System Restore and a virus scan with the antivirus software that’s on your PC already.

Even better, reinstall Windows, because this is one virus you really do not want on your computer again.

Can I prevent Cryptolocker getting on my PC in the first place?

Yes, you can. Here are my top tips to prevent Cryptolocker:

  1. Keep all your software up to date. This includes Java, Flash, your web browser, its plugins and add-ons, your email software (if you use a desktop program) and your malware programs.
  2. Install an antivirus suite. I recommend Kaspersky Internet Security, which is affordable and passes comparison tests with flying colours. If you want something free, try Avast Free.
  3. Keep your Antivirus programme’s virus definition files up to date. These are the files which help it tell a virus from a friendly programme.
  4. Be vigilant. When you open an email, is there something suspicious about it? Even if it’s from a friend, do the contents sound like them? Scan all attachments for viruses if your antivirus software offers it.

With these simple steps, Cryptolocker and a lot of other nasties can be kept away from your computer, your laptop, your precious files and your bank account.

Break the chains which lead to security nightmares

October 13th, 2014

Martin

Update: You may have heard that Snapchat, the instant messaging service, and Dropbox, the extremely popular file sync company, have been in the news recently.

While initial claims were that millions of Snapchat and Dropbox passwords had been leaked, it now seems that the leak (or hack) was from another service (it’s unclear which service this was), and that the passwords and usernames simply worked with Dropbox and Snapchat because users were using the same usernames and passwords across different services.

The vulnerability lies with the user not taking enough care over their own security. So think about it: if I knew your email address and its password, how many of your other accounts could I get into if I was simply to try those details across Facebook, Twitter, Dropbox, etc etc…?

The lesson: use a different password on each service.

Anyhow, back to the original post:

PC and laptop security is not a set-it-and-forget-it affair. These days, the weakest element in computer security sits between the keyboard and the chair. And the experts are as vulnerable as the rest of us.

The problem can be seen as a chain, a trail we leave as we set up account after account on new web services. Here’s how to break that chain, and keep your privacy intact.

Same passwords across accounts

This is the basic one we’re all aware of: we shouldn’t use the same password on different accounts. If a hacker finds out what your password is for your laptop, or your email account, then that will be the first thing they try typing in when they attempt to unlock your Amazon account.

And remember, with most of these accounts – Twitter, emails, and more – your username is open to all, so they don’t even need to snoop to find that.

Solve it: Use a different password on each account, of course! But I know, that’s difficult, especially if I’m also about to advise that you make each password a hard to remember one. Which I am, right now.

There are many ways to get over this issue, but one tip is to use a system. For example, make each password a numerical representation of the website it logs into: 4M420N for Amazon, F4C3b00k for Facebook, and the like. Of course, don’t do exactly this, because everyone know about this system now.

What I’m saying is that you can use the site itself as a clue to the password. Try basing it on colours, text, or something else. Then add some standard extra characters, or a standard arrangement of upper and lower case letters. Stick to that method and Bob’s your uncle!

Security Chain

Break the chain of vulnerability

Email addresses used to unlock other email addresses

When you forget the password to your email account – let’s call it Account A – how do you get it back, or reset it? You usually get Account A to send an email to another email address – Account B – then click a link in that email to reset Account A’s password.

This can be risky: if someone manages to hack into either one of these accounts, the other account becomes vulnerable.

And if you use Account C to reset Account B, and Account D to reset Account C, then it only takes one hack to put all your accounts at risk.

Solve it: don’t use a ‘chain’ of email accounts to protect each other. Instead, isolate pairs of accounts, so that A unlocks B, and C unlocks D. This also applies to online services and other personal details. If your Amazon account leads to your Apple iCloud ID and your iCloud ID gives access to your Twitter account, then hackers are going to have a field day once they crack just one.

Signing into Apps with Facebook or Google

A lot of online services allow you to ‘sign in with Google’ or ‘sign in with Facebook’. I won’t go into the security implications of letting Facebook know which bookmarks you’re saving in Pocket, nor in fact of letting Google know any more about you than it already does. These functions are useful, so make the most of them while keeping in mind what you’re exchanging in return. However…

Solve it: once you stop using the sites, such as Pocket, into which you sign with your Google account, make sure you go into your Google Account settings and remove permissions. That way, Google will never have more access to your private life than is needed at any one time. Who knows when they might change its terms of service? Keep your accounts tidy.

Cookies

These are old friends, aren’t they?

Cookies are essential to the World Wide Web. Without them you’d be unable to log in to a website, or buy anything, or comment on a cat video. And where would civilisation be without that?

However, as with all good things, marketers have taken them and twisted them to evil ends. Cookies track you as you move from page to page (that’s how 4chan knows you’re logged in), but they can also track you from website to website, for no one’s benefit except those people who would monitor your every move. There’s money to be made in knowing how you behave online, but there’s no reason for you to play along.

Solve it: You don’t want to block all cookies from your browsers, except in extreme circumstances (and if you’re in those circumstances, try the Tor Browser). But something that anyone can do is make sure cookies are cleared every now and again. If you’re using one of the main browsers, there are decent instructions on clearing cookies on the PC World website.

Break the chain

Every action you take on your PC, online or offline, builds a chain which can link one action with the next. Every lock you put on your privacy has a key hidden behind another locked door. But access to the first key can lead to the opening of every other door in your online life.

With these tips, hopefully you can break that chain, and browse safe in the knowledge that you’re not leaving yourself open.

Stop yourself getting hacked – secure your data

September 5th, 2014

Martin

A big news story like the recent iCloud hack, and leaking of naked celebrity photos can result in:

  • titillation
  • tittering
  • entertitainment
  • concerns over your own security arrangements (e.g. “Are my naked photos of enough interest to hackers for them to get me in the news?”)

Read more

Stop software hijacking your computer

April 28th, 2014

Martin

Every week, I get calls from people who’s computer has been hijacked. Their favourite search engine is covered in adverts, or there are pop-ups stopping them browsing. Many of these problems are caused by software sneaking onto your computer when you’re trying to install something useful.

I’m going to show you how to stop yourself being a victim. Read more