• Posted on March 27, 2017 2:45 pm
    Joseph Forbes
    1

    The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers that allow anonymous access. According to the law enforcement agency, attackers have targeted the FTP servers of medical and dental facilities in an effort to obtain access to protected health information (PHI) and personally identifiable information (PII), and use it to intimidate, blackmail and harass business owners. “The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server,” the FBI said. The agency cited research conducted in 2015 by the University of Michigan, which showed that more than one million FTP servers had been configured for anonymous access. These servers allow users to authenticate with only a username, such as “anonymous” or “ftp,” and either a generic password or no password at all. The FBI pointed out that vulnerable FTP servers can also be abused to store malicious tools or to launch cyberattacks. “In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI warned. In 2015, IBM named healthcare as the most attacked industry, with more than 100 million records compromised, after in the previous year this sector did not even make it to the top five. An IBM report for 2016 showed that the volume of compromised records was smaller, but the number of data breaches increased, causing operational, reputational and financial damage to healthcare organizations. A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016, including malware, ransomware, IPS events, exploit kits and botnets.

    Blog Entry, DATA, Hacking
  • Posted on March 19, 2017 11:16 am
    Joseph Forbes
    No comments

    Websites getting blacklisted is a very extensive problem faced by businesses. When it happens, web masters panic and the vendors face an interruption in their daily business as they struggle to assist their concerned consumers to clean their websites and return online. It can happen due to a variety of reasons. Even Google may blacklist a website, and on an average, it's been estimated that about 10,000+ websites get blacklisted on a daily basis.​ Getting to Know about the Mishap Many businesses cannot afford to install costly monitoring programs or employ security experts and often take time to realize that their site has been blacklisted. Almost 50% of the business owners are warned about the compromised site by a search engine, browser or other alert when they try to visit their own site. Time is the biggest enemy of blacklisted websites as every minute that the site remains blocked is precious and leads to revenue losses due to the bad impact on its marketing activities and eventually sales and loss of the organization’s reputation. Be Prepared to Deal with the Problem It might take several hours or even days to get rid of the malware and protect a website based on the infection’s severity; it also depends on whether or not the website is secured by an effective and frequent backup regimen. The foremost part of the fix is eradication of the malware and restoration of the website. Even after this process, the web masters have to request Google to review the site before getting the block removed. Dealing with Black-listed Websites Web hosts find it to be a nightmare to handle blacklisted client websites, straining their operations and possibly weakening their credibility. Clients generally fail to understand the reason behind the blacklisting of their site and tend to unjustly put the blame on their host. Smart hosting vendors should extend assistance to their customers and help them get over the trouble at the earliest. Hosts that provide robust tools to solve the problem of their clients will finally instil a sense of loyalty and confidence in them. Vendors that lack these tools may waste considerable resources on remediation and in the process, even lose their valuable clients. Blacklist remediation will not be an extensive ordeal if the affected site owners have smart automatic backup regimen in place as they can restore the functionality and files of the affected site easily with the right tools. To help their clients, hosting vendors should be aware of the following remediation steps so that it can be implemented efficiently and quickly as soon as a client finds out that his website has been blacklisted. Look for Malware Check for malware by running efficient antivirus programs on all the computers used by an admin for logging into the website. Also, scrutinize the server logs for any activity by the admin whose computer is infected. Change the logins and passwords for all accounts, including those of database access, FTP, CMS accounts, and system administrator. Ensure that strong passwords are set. A sophisticated hosting provider should let their customers to make these changes easily on a dashboard interface. Let customers know how important it’s to install the latest editions of Operating Systems, apps, blogging platform, CMS, and plug-ins. Delete any new or modified file that has been added to the server after detection of the problem and execute a complete system restore. The restoration can be completed through a single click if you provide a cloud-oriented auto backup and disaster recovery services to your clients. If not, the clients will have to find the latest clean editions of each modified file and manually download them. Request Google to Review the Site and Remove the Blacklist This is the best way for hosting vendors to handle the remediation as soon as possible; just ensure that the tools required for getting a customer’s website back online are ready with you always.

    Blog Entry, DATA, Internet
  • Posted on March 14, 2017 11:45 am
    Joseph Forbes
    No comments

    Several small and midsize businesses are susceptible to Distributed Denial of Service (DDoS) attacks. What would be the best way for such businesses to handle this problem? Plan ahead – this is what security experts suggest based on their experiences in the past! A majority of the small businesses and start-ups have small teams with very little resources to defend DDoS attacks. As indicated by the name of the attack, it stops users from accessing the services and a site by hurling lot of data against the firm’s web and hosting services. If you are wondering if DDoS attacks are really so common that businesses need to be concerned about it, statistics indicate that around 2,000 such attacks happen on a daily basis costing a loss of revenue in the range of $5,000 - $40,000 per hour for businesses. Hackers can be fake vandalists, competitors, hactivists or extortionists. If your company isn’t equipped with professional network security experts, here are few things you can do to stay safe from DDoS attacks. Stay Prepared Every business should have a disaster recovery plan ready for DDoS attacks. Some of the best practices should include identifying the key employees who are given the responsibility. Establish the roles of every team member, their tasks and requirements. Give the team the needed practice on a mock basis so that those involved are aware of how to handle things when a disaster happens inevitably. Work with your internal PR and IT teams, ISP and hosting providers to recognize the susceptible aspects of failure, routes of escape and technical gaps. Understand DDoS Attack  There are many well-tested DDoS prevention programs that run advanced algorithms to identify various kinds of traffic. They try to sniff out, identify and filter different kinds of benign and malevolent bots and allow only legitimate traffic. It’s not easy to judge from just one instance if the hack is just amateurish or professional, though it’s fairly assumed that any network attack that crosses 50 Gbps is likely to be professional. Mostly multiplied under the inoffensive category of 'network security programs,' few of the very common hack devices are called stressors or booters. As implied by the name, these devices intensify and focus the payload of DDoS. Be Ready to Respond with Your Guns As in all cases of disaster reaction, stay calm without panicking. Ensure that your services are up and running; give your customers a brief. Your team can respond readily only if you’ve prepared properly. Co-ordinate with your team members and optimize the tactics for the disaster response. Once the attack is mitigated by your tech team, ensure that the communication team is ready to reveal the details to the press and legal team is prepared to handle the possible regulatory and compliance part. If you are asked to pay the attacker a ransom, don’t do it as this will only mark your organization and they may return for more. Once you are identified this way, other hackers may also sense it and come your way. Learn and Implement Once the attack subsides, try to learn things from the attack. Analyse strongly as to what went right and what went wrong.  Ensure that your legal and IT teams collect the required forensic information. Create a communication protocol to deal with the internal team queries, your clients and the press. Try to detect the network holdups from the attack and select an infrastructure with inherent resiliency. Analysis and communication are the two aspects that will go a long way in preparing for the next attack and enhance your team morale. And, you should be wary of the latest threats emerging in the cyber world such as the latest DDoS Extortion Attack.

    Blog Entry, DATA, Hacking
  • Posted on February 8, 2017 11:55 am
    Joseph Forbes
    No comments

    Do you suspect your email account has been hacked? Can't login to your email account? Are you getting undeliverable and bounce messages for email you never sent? Are friends and family complaining of receiving email you never sent? Is it malware? A hacker? Here's how to tell. Undeliverable and Bounce Messages Spammers frequently spoof the From sender on the email they send. They just substitute their real email address with a random email address found on a mailing list or one just randomly made up. Some poorly configured email gateway products don't distinguish between the manually editable "From" address and the actual sender origin, so they simply send any undeliverable messages to the spoofed From address. To better understand how this works, and help you track down the real origin of an email, see: Reading Email Headers. Best defense: Simply delete the undeliverable/bounce messages. In other cases, email worms will send themselves disguised as an undeliverable/bounce message. The bogus email contains either a link or an attachment. Clicking the link or opening the attachment leads directly to a copy of the worm. Your best course is to learn to overcome curiosity. Best defense: If you receive an undeliverable or bounce message for an email you know you did not send, resist the temptation to open the attachment or click the link. Just delete the email. Unable to login to your email account If you are unable to login to your email account due to an invalid password, it's possible that someone has gained access and changed the password. It's also possible that the email service is experiencing a system outage of some sort. Before you panic, make sure your email provider is functioning normally. Best defense: Prevention is key. Most email providers offer a password recovery option. If you have even a hint of concern that your email password has been compromised, change your password immediately. If you specified an alternate email address as part of the password recovery, make sure that address is active and be sure to monitor the account regularly. In some cases, you may need to call your email provider and request a reset. If you go that route, be sure to change your password from the one provided during the phone call. Be sure to use a strong password. Email appearing in Sent Items folder If copies of the sent email are appearing in your Sent Items folder, then it's likely that some type of email worm might be involved. Most modern-day malware won't leave such tell-tale signs behind, so it, fortunately, would be indicative of an older, more easily removed threat. Best defense: Update your existing antivirus software and run a full system scan. Email is sent to address book, does not appear in the Sent folder, and it's a webmail account The most likely cause is phishing. Chances are at some point in the past, you were tricked into divulging your email username and password. This enables the attacker to login to your webmail account and send spam and malicious email to everyone in your address book. Sometimes they also use the hijacked account to send to strangers. Generally, they remove any copies from the Sent folder to avoid easy detection. Best defense: Change your password. Make sure you've checked the validity of any alternate email addresses included in the password recovery settings first. Symptoms don't match the above Best defense: Make sure you do a thorough check for a malware infection. Fully scan your system with installed up-to-date antivirus software and then get a second opinion with one of these free online scanners. Receiving complaints from friends, family, or strangers One of the problems with spoofed, hijacked or hacked email is that it can also lead to responses from angry recipients. Stay calm - remember, the recipients are just as much a victim as you. Best defense: Explain what happened and use the experience as an educational opportunity to help others avoid the same plight.

    Blog Entry, Data Recovery, Hacking
  • Posted on January 31, 2017 11:22 am
    Joseph Forbes
    No comments

    The Advanced Startup Options menu, available in Windows 10 and Windows 8, is the central fix-it location for the entire operating system. From here you can access Windows diagnostic and repair tools like Reset This PC, System Restore, Command Prompt, Startup Repair, and much more. Advanced Startup Options is also where you access Startup Settings, the menu that includes Safe Mode, among other startup methods that could help you access Windows 10 or Windows 8 if it is having problems starting. The Advanced Startup Options menu should appear automatically after two consecutive startup errors. However, if you need to open it manually, there are six different ways to do so. The best way to decide which method to use to open Advanced Startup Options is to base your decision on what level of access you have to Windows right now: If Windows 10/8 starts normally: Use any method, but 1, 2, or 3 will be easiest. If Windows 10/8 does not start: Use method 4, 5, or 6. Method 1 will also work if you can at least get to the Windows 10 or Windows 8 logon screen. Time Required: Accessing Advanced Startup Options is easy and can take anywhere from a few seconds to a few minutes, depending on which method you use. Applies To: All of these means of getting to the Advanced Startup Options menu work equally well in any edition of Windows 10, Windows 8, or Windows 8.1 unless I note otherwise. Method 1: SHIFT + Restart Hold down either SHIFT key while tapping or clicking on Restart, available from any Power icon.​ Tip: Power icons are available throughout Windows 10 and Windows 8 as well as from the sign-in/lock screen. Note: This method does not seem to work with the on-screen keyboard. You'll need to have a physical keyboard connected to your computer or device to open the Advanced Startup Options menu this way. Wait while the Advanced Startup Options menu opens. Method 2: Settings Menu Tap or click on the Start button.Note: In Windows 8, Swipe from the right to open the charms bar. Tap or click Change PC settings. Choose Update and recovery from the list on the left (or General prior to Windows 8.1), then choose Recovery. Skip down to Step 5. Tap or click on Settings. Tap or click on the Update & security icon, near the bottom of the window. Choose Recovery from the list of options on the left of the UPDATE & SECURITY window. Locate Advanced startup, at the bottom of the list of options on your right. Tap or click on Restart now. Wait through the Please wait message until Advanced Startup Options opens. Method 3: Shutdown Command Open Command Prompt in Windows 10 or Windows 8.Tip: Another option is to open Run if you can't get Command Prompt started for some reason, probably related to the issue you're having that has you here in the first place! Execute the shutdown command in the following way: shutdown /r /o Note: Save any open files before executing this command or you'll lose any changes you've made since your last save. To the You're about to be signed off message that appears a few seconds later, tap or click on the Close button. After several seconds, during which nothing seems to be happening, Windows 10/8 will then close and you'll see a Please wait message. Wait just a few seconds more until the Advanced Startup Options menu opens. Method 4: Boot From Your Windows 10/8 Installation Media Insert a Windows 10 or Windows 8 DVD or a flash drive with the Windows installation files on it into your computer.Tip: You can borrow someone else's Windows 10 or Windows 8 disc (or other media) if you need to. You're not installing or reinstalling Windows, you're just accessing Advanced Startup Options - no product key or license breaking required. Boot from the disc or boot from the USB device, whatever your situation calls for. From the Windows Setup screen, tap or click Next. Tap or click on the Repair your computer link at the bottom of the window. Advanced Startup Options will start, almost immediately. Method 5: Boot From a Windows 10/8 Recovery Drive Insert your Windows 10 or Windows 8 Recovery Drive into a free USB port.Tip: Don't worry if you weren't proactive and never got around to creating a Recovery Drive. If you have another computer with the same version of Windows or a friend's computer with Windows 10/8, see How To Create a Windows 10 or Windows 8 Recovery Drive for instructions. Boot your computer from the flash drive. On the Choose your keyboard layout screen, tap or click on U.S. or whatever keyboard layout you'd like to use. Advanced Startup Options will begin instantly. Method 6: Boot Directly to Advanced Startup Options Start or restart your computer or device. Choose the boot option for System Recovery, Advanced Startup, Recovery, etc.On some Windows 10 and Windows 8 computers, for example, pressing F11 starts System Recovery. Note: What this boot option is called is configurable by your hardware maker so the options I mentioned are just some that I've seen or heard. Whatever the name, it should be clear that what you're about to do is a boot to Windows's advanced recovery features. Important: The ability to boot directly to Advanced Startup Options isn't one that's available with a traditional BIOS. Your computer will need to support UEFI and then also be configured properly to boot directly to the ASO menu. Wait for Advanced Startup Options to begin. What About F8 and SHIFT+F8? Neither F8 nor SHIFT+F8 is a reliable option for booting to the Advanced Startup Options menu. If you need to access Advanced Startup Options, you can do so with any of the several methods listed above. How To Exit Advanced Startup Options Whenever you're finished using the Advanced Startup Options menu, you can choose Continue to restart your computer. Assuming it's working properly now, this will boot you back into Windows 10/8. Your other option is to choose Turn off your PC, which will do just that.

    Blog Entry, Security, Technical Support
  • Posted on January 26, 2017 11:55 am
    Joseph Forbes
    No comments

    Keeping track of passwords can seem like a hassle. Most of us have multiple sites we visit which require password logins. So many, in fact, that it's tempting to use the same username/password combo for all of them. Don't. Otherwise, it takes only the compromise of a single site's credentials to have a toppling domino affect on the security of all your online assets. Fortunately, there is a fairly straightforward way to have different passwords for each site you use but still make the passwords easy enough to remember. Creating Unique Passwords Before you begin creating strong passwords, you need to consider the use of those passwords. The intent is to create strong passwords unique to each account, but easy enough to memorize. To do this, first begin by splitting the sites you frequently login to into categories. For example, your category list might read as follows: social networking sites auction sites ecommerce sites email accounts banking sites forums A word of note here about forums. Never use the same password for a site's forum as you would for logging into the site itself. Generally speaking, the security on forums is not as strong as it is (or should be) for the regular site and thus the forum becomes the weakest link in your security. This is why, in the example above, forums are split into a separate category. Now that you have your categories, under each appropriate category, list the sites to which you must log in. For example, if you have a Hotmail, gmail, and Yahoo account, list these under the category 'email accounts'. After you've completed the list, you're ready to begin creating the strong, unique, and easy-to-remember passwords for each. Creating Strong Passwords A strong password should be 14 characters. Each character less than that makes it a little easier to compromise. If a site absolutely won't allow a password that long, then adapt these instructions accordingly. Using the 14 character password rule, use the first 8 characters as the common portion to all passwords, the next 3 to customize by category, and the last 3 to customize by site. So the end result ends up like this: common(8)|category(3)|site(3) Following this simple rule, when you change your passwords in the future - which, remember, you should do often - you'll only need to change the first common 8 characters of each. One of the commonly recommended means of remembering a password is to first create a passphrase, modify it to the character limit, then begin swapping characters for symbols. So to do that: Come up with an 8 letter passphrase that is easy to remember. Take the first letter of each word to form the password. Substitute some of the letters in the word with keyboard symbols and caps (symbols are better than caps). Tack on a three letter abbreviation for the category, also replacing one of the letters with a symbol. Tack on a site specific three letter abbreviation, again replacing a single letter with a symbol. As an example: In step 1 we might use the pass phrase: my favorite uncle was an air force pilot Using the first letters of each word, we end up with: mfuwaafp Then we swap some of those characters with symbols and caps: Mf{w&A5p Then we tack on the category, (i.e. ema for email, and swap out one character of ema: e#a Finally, we add the site abbreviation (i.e. gma for gmail) and swap out one character: gm% We now have a password for our gmail account of Mf{w&A5pe#agm% Repeat for each email site, so perhaps you end up with: Mf{w&A5pe#agm% Mf{w&A5pe#aY%h Mf{w&A5pe#aH0t Now repeat these steps for the additional categories and sites within those categories. While this may look hard to remember, here's a tip to simplify - decide in advance what symbol you will equate with each letter. Be sure to check out these other tips for remembering passwords. You may be surprised to learn that some of the oldest advice may just be the wrong advice.

    Blog Entry, DATA, Internet
  • Posted on January 14, 2017 11:45 am
    Joseph Forbes
    No comments

    Do you have a wireless router that has been quietly serving Wi-Fi to your household for many years? Does it have a thick layer of dust on it? Chances are, if you answered yes to either question, you may not have upgraded your router’s firmware in quite some time. If you have, congratulations, you can stop reading this article right now, if not, read on. What the Heck is This Firmware Stuff? Your router’s firmware is basically the operating system that is specifically designed to run on your specific make and model of router (unless you are using a multi-router compatible open source firmware such as DD-WRT). Usually, your router manufacturer will provide firmware updates for your specific make and model of router, via their website, or via a tool within the administrative console of your router (typically accessible via a web browser.) Why do I Need To Upgrade My Wireless Router’s Firmware? There are many reasons you may want to consider updating your router’s firmware, here are several of them. Security Features and Fixes: One good reason why your router manufacturer may put out a firmware update is because they are trying to fix a vulnerability that was detected in the current firmware, updated firmware is similar to system updates (as in Microsoft’s Windows Update). As bugs are found and corrected, updated firmware is released. Router manufacturers may also issue a firmware update to upgrade fwatures such as outdated encryption modules or they might add entirely new security mechanisms that weren’t in previous versions of the firmware. Performance Enhancements Besides security fixes, your router manufacturer may have found a way to enhance your router’s overall performance, which is always a good thing. If you don’t update your firmware then you won’t be able to take advantage of any speed boosting upgrades that your router manufacturer might release in an update. How do I Perform a Firmware Upgrade? Every router is different, but usually they have a similar process for upgrading the router’s firmware. Here are the basic steps for performing a firmware upgrade, check your router manufacturer’s website for specific instructions for your make and model. Step 1: Login to Your Router’s Administrator Console: Most modern routers use web browser based administration which means you basically type in the IP address of your router in order to access it’s administrative functions. This IP address is almost always a Private IP address which is usually accessed from inside your home network. This helps prevent outsiders from attempting to administer your router. Each router manufacturer uses different default addresses so check your specific router manufacturer’s website for details on which one your router may be using. Here are some common default addresses fro some of the more popular wireless router brands. Apple – 10.0.1.1 Asus – 192,168,1,1 Buffalo Tech – 192.168.1.1 Dlink – 192.168.0.1 or 10.0.0.1 Cisco/Linksys – 192.168.1.1 or 192.168.0.1 Netgear – 192.168.0.1 or 192.168.0.227 After you enter the IP address of your router in your browser's address bar, you will likely be prompted for the administrator name (typically “admin” or “administrator”) and the default administrator password. These credentials can likely be obtained from your router manufacturer’s website or they might be located on a label on the bottom or back of your router, typically located near the serial number of the router. Step 2. Locate The Firmware Upgrade Section of the Administrator Console: Usually there is a dedicated firmware upgrade section within the router administration site. It may be located under the Router Setup page, the "About This Router" page, or perhaps under a “Maintenance” or "Firmware Update" heading. Step 3. Download and Install The Router Firmware (from a trusted source) Newer routers will likely make it very easy to download and install the firmware directly from within the router administrative console. Some routers may require that you first save the file to your computer and then select the firmware file via the administration console. Regardless of the method, make sure you are downloading directly from the macnufacturer or from another trusted source (if using open source router firmware). If possible, scan the file for malware before performing the firmware upgrade. IMPORTANT NOTE: Don’t interrupt a firmware upgrade that is in progress or you could potentially damage (brick) your router. Try to avoid doing an upgrade during a lightning storm as firmware upgrades and power outages don’t mix well.

    Blog Entry, Hardware, Patches
  • Posted on January 13, 2017 12:48 pm
    Joseph Forbes
    No comments

    So, you just bought a shiny new wireless router. Maybe you got it as a gift, or you just decided it was time to upgrade to a new one. Whatever the case may be, there are a few things you should do to make it more secure as soon as you get it out of the box. Here Are Some Tips on How to Secure Your Brand New Wireless Router: 1. Set a Strong Router Admin Password As soon as your prompted by your new router's setup routine, make sure you change your router's admin password and make it a strong one. Using the default password is a horrible idea because hackers and pretty much anyone else can look it up on the router manufacturer's website or on a site that lists default password information. 2. Upgrade Your Router's Firmware When you bought your new router, chances are, it may have been sitting in a warehouse for months, then on a store shelf for quite some time. During this time the manufacturer may have found some bugs or vulnerabilities in the firmware (software/OS that it built into the router). They may have also added new features and other upgrades that may improve the security or functionality of the router. In order to make sure that you have the latest and greatest version of the router's firmware, you'll need to check your router's firmware version to see if it is current or if there is a newer version available. Follow the manufacturer's instructions on how to check the firmware version and how to perform a firmware upgrade. 3. Turn on WPA2 Wireless Encryption When you set up your new router, you may be prompted to choose a form of wireless encryption. You should avoid the outdated WEP encryption, as well as the original WPA. You should opt for WPA2 (or whatever the most current form of wireless encryption is). Choosing WPA2 will help protect you from wireless hacking attempts. Check out our article on how to enable wireless encryption for full details. 4. Set a Strong SSID (Wireless Network Name) and Pre-Shared Key (Wireless Network Password) A strong wireless network name (SSID) and a strong wireless password is just as important as a strong router admin password. What is a strong network name you ask? A strong network name is a name that is not a default set by the manufacturer and is also not something that is commonly found on a list of most common wireless network names. If you use a common network name, you may be leaving yourself open to Rainbow Table-based encryption attacks that might allow hackers to crack your wireless network password. A strong wireless network password is also a crucial part of your wireless network's security. Check out our article on how to change your wireless network's password for details on why you need to make this password a complex one. 5. Turn on Your Router's Firewall And Configure it Odds are pretty good that your new wireless router features a built-in firewall. You should take advantage of this feature and enable and configure it to protect your network. Make sure to test your firewall to ensure that it's working after you have set it up. 6. Enable Your Router's 'Stealth Mode' (if available) Some Router's have a 'Stealth Mode' that helps to make your router, and the network devices behind it, less conspicuous to hackers on the Internet. Stealth mode helps to hide the status of open ports by not responding to requests sent by hackers to check for the presence of open ports that might be vulnerable to attacks. 7. Disable Your Router's 'Admin Via Wireless' Feature To help prevent hackers from doing a 'drive by' wireless attack where they pull up nearby and attempt to gain access to your router's admin console, disable the "Admin via Wireless" option on your router. Turning this off makes your router only accept administration via one of the Ethernet ports, meaning that unless you have a physical connection to the router then you can't administer it.

    Blog Entry, Internet, Security
  • Posted on January 11, 2017 2:04 pm
    Joseph Forbes
    No comments

    Plan Your Windows 7 Clean Install Windows 7 Clean Install - Step 1 of 34. Most of the time, a Windows 7 clean install means to remove an existing operating system(like Windows XP, Linux, Windows 7, Windows 10, Windows 8, ... doesn't matter) and replace it with a fresh or "clean" installation of Windows 7. In other words, it's the "erase everything and start from scratch" process for Windows 7, a procedure referred to as a "clean install" or sometimes as a "custom install." It's the ultimate "reinstall Windows 7" process. A clean install is often the best way to solve very serious Windows 7 problems, like a virus infection you can't get rid of completely or maybe some kind of Windows issues that you can't seem to solve with normal troubleshooting. Performing a clean install of Windows 7 is usually a better idea than upgrading from older version of Windows as well. Since a clean install is a true start over from scratch, you don't risk inheriting any buggy situations from your previous installation. To be 100% clear, this is the right procedure to follow if: you want to erase whatever you have have and install Windows 7 you want to reinstall Windows 7 you want to install windows 7 on a new hard drive This guide is broken into a total of 34 steps and will walk you through every part of the Windows 7 clean install process. Let's get started... Backup & Locate Your Product Key The most important thing to realize before performing a clean install of Windows 7 is thatall of the information on the drive that your current operating system is installed on (probably your C: drive) will be destroyed during this process. That means that if there's anything you want to keep you should back it up to a disc or another drive prior to beginning this process. You should also locate the Windows 7 product key, a 25-digit alphanumeric code unique to your copy of Windows 7. If you can't locate it, there is a fairly easy way to find the Windows 7 product key code from your existing Windows 7 installation, but this must be done before you reinstall Windows 7. Note: If Windows originally came preinstalled on your computer (i.e. you did not install it yourself), your product key is probably located on a sticker attached to the side, back, or bottom of your computer's case. This is the product key you should use when installing Windows 7. Start the Windows 7 Clean Install Process When you're absolutely sure sure that everything from your computer that you want to keep is backed up, proceed to the next step. Keep in mind that once you delete all of the information from this drive (as we'll do in a future step), the action is not reversible! Note: The steps and screen shots shown in these 34 steps refer specifically to Windows 7 Ultimate edition but will also serve perfectly well as a guide to reinstalling any Windows 7 edition you may have including Windows 7 Professional or Windows 7 Home Premium. Important: Microsoft has changed the clean install process for every new Windows release. 2 of 34 Boot From the Windows 7 DVD or USB Device Windows 7 Clean Install - Step 2 of 34. To begin the Windows 7 clean install process, you'll need to boot from the Windows 7 DVD if you're using a Windows 7 DVD, or boot from a USB device if your Windows 7 installation files are located on a flash drive or other external USB drive. Tip: See my Windows Installation FAQ if you you have Windows 7 as an ISO image that you need on a  flash drive or disc, or a Windows 7 DVD you need on a flash drive. Restart your computer with the Windows 7 DVD in your optical drive, or with the properly configured Windows 7 USB flash drive plugged in. Watch for a Press any key to boot from CD or DVD... message similar to the one shown in the screenshot above. If you're booting from a flash drive, the message may be phrased differently, like Press any key to boot from external device.... Press a key to force the computer to boot from the Windows 7 DVD or USB storage device. If you do not press a key, your computer will attempt to boot to the next device in the boot order, which is probably your hard drive. If this happens, chances are your current operating system will boot. Note: If you existing Windows installation begins to boot or you see a "No Operating System Found" or "NTLDR is Missing" error here instead of the screen above, the most probable reason is that your computer is not setup to boot first from the correct source. To correct this problem, you'll need to change the boot order in BIOS to list the CD/DVD/BD drive, or External Device, first. Note: It's perfectly fine if, instead of the screen above, the Windows 7 setup process begins automatically (see the next step). If this happens, consider this step complete and move on. 3 of 34 Wait for Windows 7 Installation Files to Load Windows 7 Clean Install - Step 3 of 34. You don't need to do anything at this point but wait for Windows 7 to finishing loading files in preparation for the setup process. Note: No changes are being made to your computer at this time. Windows 7 is just temporarily "loading files" into memory for the setup process. You'll be removing everything on your computer as part of the Windows 7 clean install in a future step. 4 of 34 Wait for Windows 7 Setup to Finish Loading Windows 7 Clean Install - Step 4 of 34. After the Windows 7 install files are loaded into memory, you'll see the Windows 7 splash screen, indicating that the setup process is about to begin. You don't need to do anything at this point. 5 of 34 Choose Language and Other Preferences Windows 7 Clean Install - Step 5 of 34. Choose the Language to install, Time and currency format, and Keyboard or input method that you'd like to use in your new Windows 7 installation. Click Next. 6 of 34 Click the Install Now Button Windows 7 Clean Install - Step 6 of 34. Click on the Install now button in the center of the screen, under the Windows 7 logo. This will officially begin the Windows 7 clean install process. Note: Do not click the Repair your computer link at the bottom of the window even if you're completing this clean install of Windows 7 as part of some larger repair project for your computer. The Repair your computer link is used to start a Windows 7 Startup Repair or perform another recovery or repair task from System Recovery Options. Important: If you're performing a clean install of Windows 7 as a solution to a major problem but have not yet tried a Startup Repair, do that first. It could save you the trouble of completing this clean install process. 7 of 34 Wait for Windows 7 Setup to Begin Windows 7 Clean Install - Step 7 of 34. The Windows 7 setup process is now beginning. No need to press any keys here. 8 of 34 Accept the Windows 7 License Terms Windows 7 Clean Install - Step 8 of 34. The next screen that appears is a textbox containing the Windows 7 Software License. Read through the agreement, check the I accept the license terms checkbox under the agreement text and then click Next to confirm that you agree with the terms. Note: You should always read "small print" especially when it comes to operating systems and other software. Most programs, Windows 7 included, have legally binding limits on how many computers the application can be installed on, among other limitations. Important: You are not breaking any laws or contracts by reinstalling Windows 7 via this clean install. As long as this particular copy of Windows 7 is only being operated on one computer, you're OK. 9 of 34 Choose the Type of Windows 7 Installation to Complete Windows 7 Clean Install - Step 9 of 34. In the Which type of installation do you want? window that appears next, you're offered the choice of Upgrade and Custom (advanced). Click on the Custom (advanced) button. Important: Even if you are upgrading from a previous operating system to Windows 7, I highly recommend that you do not follow the Upgrade installation. You'll get better performance with less chance of issues if you follow these clean install steps. 10 of 34 Show the Windows 7 Advanced Drive Options Windows 7 Clean Install - Step 10 of 34. In this screen, you'll see each partition that Windows 7 recognizes. Since a clean install involves the removal of all operating system related partitions, if they exist, we'll do this now. Important: If, and only if, you're installing Windows 7 on a new hard drive, which of course does not have an operating system on it to remove, you can skip directly to Step 15! Windows 7 setup considers partition management as an advanced task so you'll need to click the Drive options (advanced) link to make those options available. In the next few steps you'll delete the partitions containing the operating system you're replacing with Windows 7, be it Windows Vista, Windows XP, a previous installation of Windows 7, etc. 11 of 34 Delete the Partition Windows is Installed On Windows 7 Clean Install - Step 11 of 34. Now that all available drive options are listed, you can delete any operating system related partitions from your existing hard drive(s). Important: Before continuing, please be aware that deleting a partition will permanently erase all data from that drive. By all data I mean the operating system installed, all programs, all data saved by those programs, all music, all video, all documents, etc. that might be on that particular drive. Highlight the partition you want to delete and then click the Delete link. Note: Your list of partitions may differ considerably from mine shown above. On my computer, I am performing a clean install of Windows 7 on a computer with a small 30GB hard drive that has previously had Windows 7 installed. If you have multiple hard drives and/or multiple partitions on those drive(s), take great care in confirming that you're deleting the correct partition(s). Many people, for example, have second hard drives or partitions that act as backup drives. That's certainly not a drive you want to be deleting. 12 of 34 Confirm the Partition Deletion Windows 7 Clean Install - Step 12 of 34. After deleting the partition, Windows 7 setup will prompt you to confirm the deletion. The message says "The partition might contain recovery files, system files, or important software from your computer manufacturer. If you delete this partition, any data stored on it will be lost." Click the OK button. Important: As I spelled out in the last step, please be aware that all the data stored on that drive will be lost. If you have not backed up everything you want to keep, click Cancel, end the Windows 7 clean install process, restart your computer to boot back into whatever operating system you have installed, and backup everything you want to keep. To be clear: This is the point of no return! There's no reason to be scared, I just want it to be very clear that you can't undo the deletion of the drive you selected after you click this OK button. 13 of 34 Delete Other Operating System Related Partitions Windows 7 Clean Install - Step 13 of 34. If there are any other partitions that need to be deleted, you can do so at this time. For example, the Windows 7 installation I had on my PC previously created this special 100MB (very small) partition to store system data in. This is most definitely related to the operating system that I'm trying to completely remove from my computer so I'll delete this as well. Highlight the partition and click the Delete link. Note: As you can see, the partition we deleted in the last step is gone. It may appear like it's still there but if you look closely, you'll see that that same 29.9GB space is now described as Unallocated Space, not as a partition. 14 of 34 Confirm Additional Partition Deletions Windows 7 Clean Install - Step 14 of 34. Just as in Step 12, Windows 7 setup will prompt you to confirm the deletion of this partition. Click the OK button to confirm. Important: Just as before, please be aware that all the data stored on this particular drive will be lost. 15 of 34 Choose a Physical Location to Install Windows 7 On Windows 7 Clean Install - Step 15 of 34. As you can now see, all the space on the installed hard drive is unallocated. No partitions exist on this computer. Note: The number of partitions displayed and whether those partitions are unallocated portions of a hard drive, previously partitioned spaces, or previously formatted and blank partitions will depend on your specific system and which partitions you deleted in the last several steps. If you're installing Windows 7 on a computer with a single hard drive on which you've just deleted all the partitions from, your screen should look like the one above, aside from your hard drive being a different size. Choose the appropriate unallocated space to install Windows 7 on and then click Next. Note: You do not need to manually create a new partition nor are you required to manually format a new partition. Windows 7 Setup will do this automatically. 16 of 34 Wait While Windows 7 is Installed Clean Install Windows 7 - Step 16 of 34. Windows 7 Setup will now install a clean copy of Windows 7 to the location you chose in the previous step. You don't need to do anything here but wait. This is the most time consuming of any of the 34 steps. Depending on the speed of your computer, this process could take anywhere from 5 to 30 minutes. 17 of 34 Restart Your Computer Windows 7 Clean Install - Step 17 of 34. Now that the Windows 7 clean install process is nearly complete, you need to restart your computer. If you do nothing, your computer will reset automatically after 10 seconds or so. If you'd rather not wait, you can click the Restart now button at the bottom of the Windows needs to restart to continue screen. 18 of 34 Wait for Windows 7 Setup to Begin Again Windows 7 Clean Install - Step 18 of 34. The Windows 7 clean install is now continuing. You don't need to do anything here. There are a few more automatic Windows 7 setup steps to come. 19 of 34 Wait for Windows 7 Setup to Update Registry Settings Windows 7 Clean Install - Step 19 of 34. Windows 7 Setup is now updating registry settings in preparation for the final stages of the operating system clean install. 20 of 34 Wait for Windows 7 Setup to Start Services Windows 7 Clean Install - Step 20 of 34. Wait while Windows 7 Setup starts various necessary services. This starting of services will occur during every Windows 7 boot as well but you won't see it like this again. Services start in the background during a normal Windows 7 startup. 21 of 34 Wait for Windows 7 Setup to Complete Windows 7 Clean Install - Step 21 of 34. This last Windows 7 Setup screen says "Completing installation" and may take several minutes. All you need to do is wait - everything is automatic. If the Windows 7 Setup process is complete, why are we only on step 21 of 34? The remainder of the steps in this clean install process include several easy but important configurations that need to take place before you can use Windows 7. 22 of 34 Wait for Your PC to Automatically Restart Windows 7 Clean Install - Step 22 of 34. Wait while the Windows 7 setup process automatically restarts your computer. Important: Do not restart your computer manually at this point. Windows 7 Setup will restart your PC for you. If you interrupt the setup process by restarting manually, the clean install process may fail. You may then need to start the Windows 7 setup over again from the beginning. 23 of 34 Wait for Windows 7 to Start Windows 7 Clean Install - Step 23 of 34. Wait while Windows 7 starts. No user intervention is required here. 24 of 34 Wait for Windows 7 to Prepare Your PC for First Use Windows 7 Clean Install - Step 24 of 34. Windows 7 Setup is now preparing your computer for "first use." Windows 7 is now loading drivers, checking to make sure everything has been setup properly, removing temporary files, etc. You don't need to do anything here. Note: Remember, this clean install of Windows 7 has completely removed your old operating system. Windows 7 is being installed and configured just as it would on a brand new computer. 25 of 34 Wait for Windows 7 to Check Your PC's Video Performance Windows 7 Clean Install - Step 25 of 34. Wait while Windows 7 checks the video performance of your computer. Windows 7 needs to know how well your video card and related hardware works so it can properly adjust performance options for your computer. For example, if your video system is too slow, Windows 7 may disable features like Aero Peek, translucent windows, and other graphically intense features of the operating system. 26 of 34 Choose a User Name and a Computer Name Windows 7 Clean Install - Step 26 of 34. Windows 7 needs to know what use name you'd like to use and how you'd like your computer to be identified on your local network. In the Type a user name (for example, John): text box, enter your name. You can enter a single name, your first and last name, or any other identifiable text you like. This is the name you'll be identified by in Windows 7. Note: You're more than welcome to use the same user name that you used in your old operating system installation. In the Type a computer name: text box, enter the name you'd like your computer to have when being viewed by other computers on your network. Note: If it makes sense in your specific situation, I recommend using the same computer name you used in the operating system installation you've deleted as part of this clean install, especially if any other computers on your network connect to resources on your PC. Otherwise, a good computer name might be Office-PC, Windows-7-Test-PC, Bob-Dell, etc. You get the idea. Anything identifiable that makes sense to you will work. Click Next when you're done entering both the user name and computer name. Note: Planning on having more than one user on your computer? Don't worry - you can set up more users inside Windows 7 later. 27 of 34 Choose a Password to Access Windows 7 Windows 7 Clean Install - Step 27 of 34. Microsoft recommends that you choose a password that will be required when starting Windows 7 before access to your user account will be allowed. Don't treat this as a recommendation - consider it a requirement. In the Type a password (recommended): text box, enter a complicated but easy-for-YOU-to-remember password. Retype the same password in the Retype your password: text box. Type a hint to give yourself in the Type a password hint (required): text box. This hint will display if you enter the wrong password when logging on to Windows 7. As you can see in the example above, the hint I entered was What is my favorite food?. The password I entered (which you can't see above) was applesauce. Note: Feel free to use the same password as you used in the operating system you've just removed from your computer as part of this Windows 7 clean install. However, this is as good a time as any to choose a stronger password than you might have used before. 28 of 34 Enter the Windows 7 Product Key Windows 7 Clean Install - Step 28 of 34. Enter the product key that came with your retail purchase or legal download of Windows 7. If Windows 7 came as part of your complete computer system, enter the product key you were given as part of that purchase. Note: If Windows originally came preinstalled on your computer, your product key is probably located on a sticker attached to the side, back, or bottom of your computer's case. Important: You may be able to avoid entering a product key at this point but you will eventually need to do so in order to continue using Windows 7. I highly advise that you enter your product key here and choose to Automatically activate Windows when I'm online. 29 of 34 Choose a Windows Update Option Windows 7 Clean Install - Step 29 of 34. On this Help protect your computer and improve Windows automatically screen, Windows 7 is asking you do choose how you want to automatically install updates from Microsoft's Windows Update service. I recommend that you choose Install important updates only. This option is the safest because it restricts Windows 7 from doing anything with your data or to your computer automatically except when important security and stability updates are available. You are more than welcome to choose Use recommended settings but I do not recommend that you choose Ask me later. Note: These settings can easily be changed within Windows 7 after you're done stepping through these configuration questions. 30 of 34 Choose the Correct Time Zone, Date, and Time Windows 7 Clean Install - Step 30 of 34. On the Review your time and date settings screen, choose the correct Time zone, Date, and Time. The time and date is likely already correct but be sure to verify the time zone and change if necessary. If your area observes Daylight Saving Time be sure to check that box here. Note: If the date and/or time of Daylight Saving Time changes, Microsoft will issue an update via Windows Update to change the automatic time change so don't avoid checking this box assuming that DST changes won't occur correctly. 31 of 34 Choose a Network Location Windows 7 Clean Install - Step 31 of 34. In the Select your computer's current location window you see now, Windows 7 is asking where your computer is located at so it can setup the proper network security - tighter security for public areas and lighter for private ones like home and work. Choose Home network or Work network if that applies to you. Most of you reading this will choose Home network. Choose Public network if you use a mobile computer and you connect to the Internet or other computers away from home. Also, be sure to choose Public network if you access the internet via a mobile broadband network - no matter if you're at home or not. 32 of 34 Wait for Windows 7 to Connect to the Network Windows 7 Clean Install - Step 32 of 34. Windows 7 is now connecting your computer to the network. You don't need to do anything here. Everything is automatic. Note: If Windows 7 detects another computer on your network running Windows 7 that also has a homegroup setup, you will be prompted to choose what kinds of files you'd like to share on that homegroup and for the homegroup password. You can enter this information or Skip the setup entirely. I do not show this additional screen in this guide. 33 of 34 Wait for Windows 7 to Prepare the Desktop Windows 7 Clean Install - Step 33 of 34. Windows 7 will now put all the "finishing touches" on your clean installation like adding icons to the desktop, prepare the start menu, etc. You don't need to do anything here. All of these changes are done automatically in the background. 34 of 34 Your Windows 7 Clean Install is Complete! Windows 7 Clean Install - Step 34 of 34. This completes the final step of your clean install of Windows 7. Congratulations! Important: If you chose not to enable automatic updates (Step 29) then the first step after installing Windows 7 is to visit Windows Update and install all the important service packs and patches that have been issued since the version of Windows 7 on your DVD was released. In other words, any service packs and patches installed on your old operating system are obviously no longer installed. If you did enable automatic updates, Windows 7 will prompt you about any important updates needed.

    Blog Entry, Patches, Software
  • Posted on January 9, 2017 11:11 am
    Joseph Forbes
    No comments

    How your online habits leave you and your computer at risk Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid. Browsing the Web with javascript enabled by default Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Chrome, Firefox, Opera, and the much-maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing. Using Adobe Reader/Acrobat with default settings Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof. To use Adobe Reader (and Acrobat) safely, you need to make a few tweaks to its settings. Clicking unsolicited links in email or IM Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender. Clicking on popups that claim your computer is infected Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.   Logging in to an account from a link received in email, IM, or social networking Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.   Not applying security patches for ALL programs Chances are, there are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.   Assuming your antivirus provides 100% protection So you have antivirus installed and are keeping it up-to-date. That's a great start. But don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month. Hence the importance of following all the tips provided on this page.   Not using antivirus software Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection. Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day. Not using a firewall on your computer Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.   Falling for phishing or other social engineering scams Just as the Internet makes it easier for legitimate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars

    Blog Entry, Hacking, Internet
  • Posted on January 8, 2017 12:07 pm
    Joseph Forbes
    No comments

    Make Sure Windows Updates Help, Not Harm, With These Preventative Measures Let me first preface all of the following with this: updates provided by Microsoft rarely cause problems. This includes those pushed out on Patch Tuesday and others made optionally available in Windows Update. I said rarely, not never. Ask anyone with a house full of nonworking computers the day after Patch Tuesday and you'll swear that Microsoft deliberately sabotaged the world's computers running Windows. Again, problems don't occur that often and are rarely widespread, but when they do they hurt. Luckily there are some really simple things you can do to minimize the chance that a patch from Microsoft will do more harm than good: Tip: If it's too late and the damage is done, see How To Fix Problems Caused by Windows Updates for help. One-Time Preventative Steps Most importantly, make sure your important data is being backed up! When your computer crashes, regardless of the reason, you probably have little emotional attachment to the physical hard drive itself but I bet you're pretty concerned about the stuff you have stored on it.There are lots of ways to backup data, from manually copying your saved documents, music, videos, etc. to a disc or a flash drive, all the way up to setting up instantaneous backup with an online backup service. Regardless of how you do it, do it. If your only way out of a post-Patch-Tuesday system crash is a full clean install of Windows, you'll be very, very happy that your valuable information is safe. Change Windows Update settings so new patches are no longer automatically installed. In most versions of Windows, this means changing this setting to Download updates but let me choose whether to install them.With Windows Update configured this way, important security and other updates are still downloaded, but they won't be installed unless you explicitly tell Windows to install them. This is a one time change so if you've done this before, great. If not, do it now. Important: Don't get me wrong: I still recommend that you install all available updates. However, this way you are in complete control, not Microsoft. Check the free space on your main hard drive and make sure it's at least 20% of the total size of the drive. This amount of space is plenty for Windows and other programs to grow as necessary, especially during installation and recovery processes.Specifically, System Restore, which is the primary recovery process if a Windows update causes a major problem, can not create restore points if there isn't enough free space on your hard drive. Just Before Installing Updates Now that your automatic update settings are changed and you're pretty sure System Restore should be in working order if you need it later, you can actually get these updates installed: Plug in your computer if it's not already. You desktop users are already covered but laptop, tablet, and other mobile devices should always be plugged in during the Windows update process!Along these same lines, avoid applying Windows updates during thunderstorms, hurricanes, and other situations that could lead to a sudden loss of power! Why does this matter? If your battery drains during the update process or your computer loses power, there's a significant chance that it will corrupt the files being updated. Important files that get corrupted often lead the very thing you're trying to prevent here - a complete system crash. Restart your computer. Be sure to do so properly, using the restart feature from within Windows, and then make sure your computer starts up again successfully.Why should you restart? On some computers, when Windows restarts after Patch Tuesday security updates are applied, it's the first time the computer has been restarted in a month or more. Many issues first appear after a restart, like problems caused by some types of malware, certain hardware problems, etc. If your computer does not start properly, see How To Troubleshoot a Computer That Won't Turn On for help. Had you not restarted and found this problem now, you would have been trying to solve the issue as a Windows Update/Patch Tuesday problem instead of the completely unrelated issue that it really is. Create a restore point manually before applying updates. A restore point is created automatically by Windows Update prior to installing any patches you select but if you'd like an extra layer of protection, you can certainly create one yourself.If you'd really like to be prepared, you could even try restoring to your manually created restore point. This would prove that the System Restore process is functioning properly in Windows. Unfortunately, some users find out that System Restore was somehow broken exactly when they need it most. Temporarily disable your antivirus program. Disabling your antivirus program while installing a program can often help prevent installation problems. Based on my own experiences, and those of many readers, doing the same prior to updating Windows is also wise.Tip: The part of your antivirus program that you want to disable is the part that's always on, constantly watching for malware activity on your computer. This is often referred to as the program's real-time protection, resident shield, auto-protect, etc. Install Updates One at a Time Now that you've properly configured your computer and prepared for the updates, it's time to get to the actual installation procedure. As the heading suggests, install each update by itself, restarting your computer after each one is applied. While I realize this might be time consuming, this method prevented almost every Patch Tuesday issue I've ever experimented with. Tip: If you're feeling particularly brave, or have never had problems with Windows updates before, try installing updates together as a group, something that I've also had a lot of success with. For example, install .NET updates of a particular version together, all of the operating system security updates together, etc. The order of installation has never seemed important but let me know if you discover otherwise. Warning: You may need to disable your antivirus program's real-time feature each time Windows boots again after your post-update-installation restart. Also, be sure to check that your antivirus program is fully enabled once you're done installing updates.

    Blog Entry, Patches, Technical Support
  • Posted on January 5, 2017 11:24 am
    Joseph Forbes
    No comments

    You’re not really sure How the Heck They Got Your Password, but they did, and now you’re freaking out. The password to one of your accounts has been cracked and you don’t know what to do to get control back of your account. Let’s look at several things you can do to get control of your account and get things back to a secure state: If Someone Cracked Your Password But You Can Still Log Into Your Account The worst case scenario is that your account password gets hacked and the hackers change your password. Hopefully the security questions that you answered when you set up your account will help you regain control of your account and allow you to reset your password back and lock them out. What if there aren’t any security questions? Many accounts have a password reset process that will allow you to initiate a reset using an email account that you have on file with the account provider. Unless the hacker has changed this email address, you should be able to regain control of your account by having the password reset link sent to your email. If They’ve Taken Control Of Your Account and Locked You Out By Changing The Password If the person who cracked your password has locked you out by changing your password then getting it reset might be a little more complicated. You may need to contact the account support line of the account provider and explain the situation, they should be able to verify that you are who you say you are via other means such as by looking at the phone numbers you have on file, verifying your address, or reviewing the answers to your security questions. Make sure that you inform the account provider that this just happened and that any new information recently added to your account is false and that you want to place your account on hold until everything is sorted out. Reporting the password hack quickly is essential to limiting the damage. If The Account Was Your Main Email Account If your main email account is hacked then things can become even more complicated because, chances are, you have a lot of other accounts pointing to your email account for password reset purposes. Thankfully most email providers have multiple ways of verifying that you are whom you say you are. Follow their account password reset procedures and if all else fails contact their account support. The next step you should take after resetting your main (hacked) email account password is to change all passwords for any other account that you have that point to that account for password reset purposes. The reason: the password crackers could have initiated password resets for those other accounts. Steps to Take To Prevent it From Happening Again: Make Your Next Password Much Stronger When creating passwords to replace ones that have been cracked, you need to create a much stronger, longer, and more complex password. For tips on creating strong passwords, check out our article: How to Make a Strong Password. Use Two-factor Authentication If It’s Offered Another way to prevent future account compromises is to enable two-factor authentication on the accounts that support it. Two-factor authentication usually requires some kind of token, such as a PIN that is sent by the account provider via an already established communication line that you have verified, such as a mobile phone or secondary email account. Other methods of two-factor authentication use fingerprint readers such as those featured on newer iPhones, iPads, and some Android devices. Linking these devices to your account works in two ways.  If you never lose your phone, you will always be notified of when someone or you are accessing online accounts.  If you lose your phone, then someone has your whole life in their hands.

    Blog Entry, DATA, Data Recovery