Gimnicher Computer Services - Technology Blog

Adobe Flash is Dead

11/17/2020

Adobe Flash was predominantly a web browser platform that expanded a browser’s capabilities with features like streaming video and gaming graphics. It was originally developed by a company called Macromedia in the late 1990s and was acquired by Adobe who intended to make it the cross platform programming technology for streaming and gaming. Many software development companies embraced it, including YouTube, HBO, and Disney. But unfortunately it was riddled with security risks and other problems which led developers to slowly abandon it. Things really went downhill for Flash when Steve Jobs barred Flash from the iPhone. In 2017, Adobe set December 31, 2020 as the date for the end of life of Flash.

Browser developers have made it increasingly difficult to enable Flash and now that the end of 2020 is near, have begun to eliminate it completely. Furthermore, if you have Flash installed, you may have already noticed messages telling you to uninstall it.

Since the end of life announcement in 2017, software developers have been moving away from Flash to other platforms. You may have heard of HTML5 which is one of the more standard choices.

In general, you can safely uninstall Flash, unless you are running an old application or accessing an old website which has not been updated to use something besides Flash. If you are, you best start looking around for a replacement, because one way or another, Flash will either disappear from your system or stop working.

Support for Office 2010 Is Ending - Now What?

9/16/2020

On October 13th Microsoft is ending support for Office 2010. This does not mean that the Office 2010 suite (Word, Excel, Powerpoint, Outlook, and others) will stop working the next day, but it does mean that updates that fix bugs and close security holes will end, resulting in increased risk with continued usage.

You could chose to continue using the Office 2010 suite at your own peril, or switch to one of these options:

Office on the web: this free option from Microsoft only requires a Microsoft account, but these web versions of Word, Excel, PowerPoint, and OneNote are limited, scaled down versions that require you to be on line at all times.

LibreOffice: this option is also free and may be used in commercial environments. I blogged about it last September, so you can read about it here: https://steve.gimnicher.com/technology-blog/libreoffice I’m a big fan because it is completely free and unrestricted, offers a lot of functionality, and it supports the Microsoft Office file formats.

Office 2019: this is likely the last Office version that can be purchased for a one-time license, but you will be locked into whatever functionality it comes with (i.e., Microsoft will not be adding new functions via updates). Also, you must have internet access to use this suite. Office 2019 comes in three different versions, ranging from about $150 to $440 from Microsoft.

Microsoft/Office 365: this option is where Microsoft would like you to go and offers continuous updates and support as long as you are paying the monthly or yearly subscription prices. There are different packages for Home and Business, so be sure you purchase the right option that meets your needs.

What Computer Parts Should I Grab in an Evacuation

8/26/2020

I have blogged a lot about how important backups are to protect your crucial data in the event of computer failure, virus attack, or theft. Now there is a new reason to backup your data: mandatory evacuation.

Living in California, the possibility of a mandatory evacuation due to the threat of fire seems to be the new normal. Obviously, you will want to grab things like medication, money, face masks, etc, but what about your computer?

If you have been implementing a comprehensive backup strategy, then depending on your approach, you won’t need to grab much. If you are backing up your data files to one of many available cloud-based storage services (e.g., OneDrive, Dropbox, Google Drive, iCloud Drive, Box, iDrive, or others), then in terms of those files, you don’t need to grab anything. If you are backing up your files to an external hard drive or a network drive via backup software (e.g., Windows 10 File History, Macrium Reflect, Apple Time Machine, etc), then you just need to grab the drive.

A common mistake is not checking whether the backups are actually working. Things change on your computer all the time. Just because backups were working at one time does not mean they are still working. It is crucial that you periodically confirm that current backups are taking place.

If you don’t have a backup strategy or backups aren’t working, then you will have no choice but to grab the entire computer, but that is certainly not ideal.

Setting up backups is not difficult. Why take the risk of losing documents and pictures? Please – if you haven’t done so, get backups in place; if you have set up backups, make sure they are working!

5G Cellular: What You Need to Know

6/24/2020

5G cellular networks are beginning to role out. As of this writing (June, 2020) all four major major US carriers now have some form of 5G cellular wireless. There are three major variations of 5G, which makes the offering confusing. But it is important to understand the differences.

Historically, when new cellular technology roles out, there are early implementations of networks and devices, which don’t work very well. As the networks expand, the implementations in the devices improve. Finally, as the networks and devices become robust, new applications appear that leverage the faster speeds. This was the case with 1G, 2G, 3G, 4G, and is the case with the fifth generation of cellular wireless technology: 5G. This entire sequence can take years to become stable, reliable, and widespread.

With each evolution of cellular wireless technology, the wireless channels get bigger (to increase the speed of data), latency is reduced (to improve responsiveness), and the capacity increases (to be able to connect more devices).

So, with that as a background, lets clarify the confusing part. With 5G, there are three options: low, middle, and high.

Low-band 5G
In practical terms, low-band 5G won’t be much faster than 4G. But it’s spread and capacity are much greater. One low-band 5G tower can cover up to hundreds of square miles. Published download speeds vary greatly, but on average expect around 50Mbit/s.

Mid-band 5G
Mid-band is likely to become the common offering in all major metropolitan areas of the United States. It offers about double the speed of low-band, but towers need to be a few miles apart. This is the sweet spot of 5G. You can expect download speeds to be between 100 and 400 Mbit/s.

High-band 5G
High-band is really the ground breaking technology, offering blazing speeds, low latency, and huge capacity. But, distance is very limited. You can expect to see high-band 5G towers in locations that serve huge numbers of people, such as dense urban environments, sporting and concert venues, and conventions centers. Unless you are very lucky to live very close to a high-band 5G tower, you will not be able to take advantage of what it offers. In perfect conditions, download speeds can be 1Gbit/s or even faster.

The emerging deployment of 5G is very exciting and will certainly affect all of us in a positive way. But, be knowledgable about the differences and set your expectations accordingly.

Don't Fall for Tech Support Scams

5/9/2020

At least once a quarter one or more of my customers fall for a tech support scam. These scammers want you to believe your computer is full of viruses and that you need to hire them to resolve these issues. They get you to allow them to remotely connect to your computer and they ask for hundreds of dollars for services or products you don’t need. They might also take the opportunity to steal your passwords, upload other personal data, and install their own viruses.

These scams typically occur in one of three ways:

Phone Calls: your phone rings and the callers state they are from Dell, Microsoft, Apple, or some other well known company. They say they have detected a serious problem with your computer and they need to access your computer to run a diagnostic test.
Pop-up Warnings: a window suddenly appears typically while surfing the internet, often with blaring background sounds, stating that a serious issue has been detected and that you must call a provided telephone number immediately.
Online Ads and Search Results: you are searching for help and the resulting ads or search results lead you to the scammer instead of a legitimate company.

Legitimate tech companies will never contact you by phone, email or text message to tell you there is a problem with your computer, and security pop-up warnings will never ask you to call a phone number.

If you are scammed to the point where you allowed the scammer to remotely connect to your computer, then you should assume that the scammer now has all of your online passwords and that your computer is now compromised. Your should immediately do the following:

Power off your computer. On another computer, change all your online passwords and take the opportunity to create very strong passwords.
If you paid the tech support scammer with a credit or debit card, call the credit card company or bank and try and stop the payment and cancel the card. If you paid with a gift card, contact the company that issued the gift card and see if you can get a refund.
If you have a backup system image prior to the scam, restore the computer from that system image. If you don’t have a system image, then reinstall the operating system and all the apps (of course backing up your data first).

These scammers are really convincing and experts at what they do. Falling for a tech support scam is extremely frustrating, costly, disruptive, and time consuming. Don’t give away your passwords, credit card info, social security number, driver’s license number, or any other personal information to a stranger over the phone. Don’t let this happen to you!!!!!

Remote Computer Access

3/20/2020

Remote computer access products have been around for a long time and are particularly useful now with our current shelter-in-home mandates due to the Covid-19 virus. They typically involve two pieces of software: one on the computer you wish to access remotely and the other on the computer you are using to access the remote computer (i.e. the local computer). When properly set up, one is able to see everything on the remote screen and control the remote keyboard and mouse. It is as if you are sitting in front of the remote computer and even works with multiple monitors attached to the remote computer.

The faster the internet service is on both the remote computer and the local computer the better the experience. Most of the approaches also allow you to redirect print outs from the remote computer to your local printer. Many solutions support both Windows and Mac systems. Prices vary greatly among the various products, from expensive to free.

The products I list below are the most common, with starting prices shown as of this date. The list is by no means conclusive, but will give you a good idea of your options.

LogMeIn Pro; $349.99/year access 2 computers
GoToMyPC: $35/computer/month
TeamViewer: $49/month access up to 200 computers, one session at a time (free for personal use)
RemotePC: $22.12 first year/access to 2 computers
Splashtop: $5/month access to 2 computers
Windows Remote Desktop (Windows 10 Pro or higher): free
Mac only (SSH in terminal; free) or Apple Remote Desktop ($79.99)

LogMeIn Pro is certainly one of the best known options, but as you can see it is expensive, as is GoToMyPC.

TeamViewer pricing is equally expensive. They do offer a free version, but that version is strictly for personal, non-commercial use. Also, I have seen the free version either time out after 5 minutes or pester the user with pop-ups warning it is not to be used in commercial environments.

Other than free, RemotePC is the least expensive product and is the one I always recommend.

I used to use SplashTop a lot and it works very well, but RemotePC does the same thing and is less expensive.

Windows Remote Desktop is available in most Windows systems (not Windows Home) and can be freely used, but can be difficult to set up, often requiring special port forwarding settings in the network router.

On Macs, a facility known as Secure Shell (SSH) is available, but it has to be invoked via a command line interface in Terminal, so likely is too complex for most of my customers. It also requires port forwarding settings in the network router.

Apple Remote Desktop works much like Windows Remote Desktop, requiring a variety of settings in the remote computer. It also requires port forwarding settings in the network router. It can be purchased at the App Store.

You might ask what product do I use? I purchased a platform called SimpleHelp which for a one time price I can access up to 1000 computers remotely. I currently have connections to 354 computers, so plenty of capacity remains. And, SimpleHelp can be used simultaneously with any of the products listed above.

If you have further questions or want help setting remote computer access up, get a hold of me.

Email Hacked

3/8/2020

Over the past two weeks, I’ve had two customers hacked in very similar ways. Both involved the hacker gaining access to my customers’ email accounts and then sending emails out to all of their contacts. One was a sbcglobal.net account and the other was an att.net account. Both these email systems are actually implemented by Yahoo, so really they were both hacks of Yahoo accounts.

In the first case, my customer was pretty sure that she fell for a phishing attack in which she thought she was entering her email password for a legitimate reason (securing her account), but really she was entering her password on a forged website made to look legitimate. In the second case, my customer had no idea how the hacker got her email password. Yahoo has had several massive attacks where accounts and passwords were stolen, so perhaps that is how it happened.

In the first case, this is the email the hacker sent out from my customer’s account:

Subject: Favor…..<customer’s name>

Hi there,

I need a favor from you. I’d appreciate if you could email me back asap.

Thanks
<customer’s name>

If replied to, this was followed by:

I need to get a Nordstrom Gift Card for my Nephew, Its his birthday but i can't do this now because I'm currently traveling. Can you get it from any store around you? I'll pay back as soon as i am back.

Kindly let me know if you can handle this.

<customer’s name>

In the second case, this is the email the hacker sent out:

Subject: Help…...<customer’s name>

I hope your week is going great? Actually, Please I need to get an eBay Gift Card for my niece, its her birthday but I can’t do this now because I’m currently traveling, Can you help get it from any store around you? I’ll pay back as soon as I am back. Kindly let me know if you can handle this so I can tell you how much to get.

Thank you so much,

<customer’s name>

If the victim (i.e, the person receiving the email) falls for this, the hacker will then ask for the gift card numbers after which they can easily drain the gift card of it’s cash value.

Upon being contacted by my customers, here is what I did and what you should do should this happen to you:

1) Via any web browser, log into your email account
2) Change the password. If you used the same or similar password on other accounts, change them there too. Pick great passwords!
3) Check all your email settings to make sure they are correct. In particular:

Check the reply to field to make sure it is your email address
Check if an automatic forward or automatic reply has been set (if you can’t find these settings, you may need to change your email view to basic; this is the case on Yahoo)
Check email rules and filters to make sure none have been set
Check your signature if you have one
Check your account recovery information
Add two factor authentication
Change the answers to your security questions so that they are false. You should do this here and everywhere. It can simply be done by adding another word to the end of your security question answer.

4) Email all your contacts and let them know you have been hacked and to ignore any emails asking for gift cards or looking unusual in any way. Encourage them to call you if they receive a strange email from you before replying to make sure it really came from you.

In my customers’ cases, I found the following settings:

Every email was automatically forwarded. In one case, a gmail account had been created in the customer’s name to receive the forwarded emails
A rule with the name of “.” was created to move every received email into either the Archive folder or the Trash folder

These settings meant that every email my customer received would be sent to the hacker and deleted from my customer’s inbox.

This hack can happen to anyone. Be vigilant in case it happens to you!

Introduction to Internet of Things

2/11/2020

Like it or not, Internet of Things (IoT) devices are increasingly becoming part of our everyday lives. They are most often associated with the “smart home” where you can find them on doorbells, lights, cars, thermostats, security systems, speakers, alarm clocks, vending machines, medical devices, ovens, refrigerators, and more. They are also increasingly being used in commercial environments such as hospitals, transportation systems, manufacturing, agriculture, energy management, and the military.

Wikipedia defines Internet of Things as follows: “The Internet of things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers(UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.” This definition is a fancy way of saying that Internet of things extends the Internet into devices and everyday objects where they can independently communicate with each other and with Internet-based systems.

All IoT systems are comprised of sensors to collect data about the environment in which they reside, connectivity to send the data to the cloud (typically via either WiFi or Bluetooth), data processing systems within the cloud to process all the data, and a way to transmit the results to the end user (such as via email or text message).

As you can imagine, privacy and security issues abound. Privacy is a concern because data might be stolen; security is a concern because the IoT device might be taken over and controlled remotely from anywhere in the world.

IoT devices are incredibly useful and have a real “wow” factor. Hence, they are in high demand. There are a number of things you can check and do when purchasing them:

1) Only buy from reputable vendors
2) Check if the device is compliant with current encryption standards such as TLS/SSL
3) If the device has a default password, change it to a strong password
4) If it connects wirelessly, set up a guest network for it to use, thereby keeping it off of your main internal network
5) Make sure you have the current firmware and that you keep it updated

Windows 7 Support Has Ended – What’s Next?

1/17/2020

As has been widely reported, Microsoft’s support for Windows 7 ended on January 14th. If you are still running Windows 7, you should either upgrade to Windows 10 if viable and practical to do so or take the opportunity to purchase a new computer.

So, in the consumer and small business environment, which major products will have their support ended next? Here is the list:

Windows 10 v1809 May 12, 2020
Microsoft Office 2010 Oct 13, 2020
Microsoft Office 2016 for Mac Oct 13, 2020
MacOS High Sierra (10.13) Nov, 2020
Windows 10 v1903 Dec 8, 2020
Windows 10 v1909 May 11, 2021
MacOS Mojave (10.14) Nov, 2021
Windows 8.1 Jan 10, 2023
Windows Server 2012 Oct 10, 2023

Notes:

To determine what version of Windows 10 you are running, hold down the Windows logo key in the lower left of your keyboard and type the letter R, then type “winver” in the open box and then select OK.
Any earlier versions from the above list are already not supported.
Microsoft Office includes the apps Word, Excel, PowerPoint, and Outlook.

Why does any of this matter? It matters because as of the end of support date, no more security updates or bug fixes will be issued. Hackers are continuously finding flaws which are then exploited by them and the software vendors continuously fix the flaws. Flaws discovered after the end of support date will most likely not be fixed, so the risk of virus attack increases significantly. Furthermore, vendors of third party applications will typically also end support of their products running on unsupported software, increasing your risk even further.

Bottom line: it is risky and unwise to use software that is not supported.

How Ransomware Spreads

12/19/2019

The article below was written by Jareth at Emsisoft. I have reproduced it verbatim for your benefit. Ransomware in all its forms is arguably the worst computer virus ever created. Some of the information might be a bit technical, but whatever you can take from it, you will be better off.
----------------------------------------------------------------------------------------------------------------------------------
How ransomeware spreads: 9 most common infection methods and how to stop them.
Jareth . December 19, 2019 (copied from Emsisoft’s website blog section)

Cybercriminals are looking for creative new ways to hold your data hostage.

However, while ransomware might be getting more sophisticated, it’s important to remember that it still has to abide by the same rules as regular old malware.

That means it still has to be distributed, it still has to infect your system before it can deliver its payload – and it can still be avoided by taking a proactive approach to security.

How does ransomware infect your computer? In this article, we’ll show you some of the most common ways ransomware propagates and how you can reduce the risk of infection.

1. Email attachments
Ransomware is commonly distributed via emails that encourage the recipient to open a malicious attachment. The file can be delivered in a variety of formats, including a ZIP file, PDF, Word document, Excel spreadsheet and more. Once the attachment is opened, the ransomware may be deployed immediately; in other situations, attackers may wait days, weeks or even months after infection to encrypt the victim’s files, as was the case in the Emotet/Trickbot attacks.

Attackers may conduct extensive research on their target (often a specific company or high-ranking individual in an organization) to create credible and very believable emails. The more legitimate the email looks, the more likely the recipient is to open the attachment.

Prevention tips

Only open attachments from trusted senders.
Check that the sender’s email address is correct. Remember that domain names and display names can easily be spoofed.
Do not open attachments that require you to enable macros. If you believe the attachment is legitimate, seek guidance from your IT Department.
Read this guide for more information on how to avoid phishing emails.

2. Malicious URLs
Attackers also use emails and social media platforms to distribute ransomware by inserting malicious links into messages. During Q3 2019, almost 1 in 4 ransomware attacks used email phishing as an attack vector, according to figures from Coveware.

To encourage you to click on the malicious links, the messages are usually worded in a way that evokes a sense of urgency or intrigue. Clicking on the link triggers the download of ransomware, which encrypts your system and holds your data for ransom.

Prevention tips

Be wary of all links embedded in emails and direct messages.
Double-check URLs by hovering over the link before clicking.
Use CheckShortURL to expand shortened URLs.
Manually enter links into your browser to avoid clicking on phishing links.

3. Remote desktop protocol
RDP, a communications protocol that allows you to connect to another computer over a network connection, is another popular attack vector. Some examples of ransomware that spread via RDP include SamSam, Dharma and GandCrab, among many others.

By default, RDP receives connection requests through port 3389. Cybercriminals take advantage of this by using port-scanners to scour the Internet for computers with exposed ports. They then attempt to gain access to the machine by exploiting security vulnerabilities or using brute force attacks to crack the machine’s login credentials.

Once the attacker has gained access to the machine, they can do more or less anything they wish. Typically this involves disabling your antivirus software and other security solutions, deleting accessible backups and deploying the ransomware. They may also leave a backdoor they can use in the future.

Prevention tips

Use strong passwords.
Change the RDP port from the default port 3389.
Only enable RDP if necessary.
Use a VPN.
Enable 2FA for remote sessions.

4. MSPs and RMMs
Cybercriminals frequently target managed service providers (MSPs) with phishing attacks and by exploiting the remote monitoring and management (RMM) software commonly used by MSPs.

A successful attack on an MSP can potentially enable cybercriminals to deploy ransomware to the MSP’s entire customer base and put immense pressure on the victim to pay the ransom. In August 2019, 22 towns in Texas were hit with ransomware that spread via MSP tools. Attackers demanded $2.5 million to unlock the encrypted files.

Prevention tips

Enable 2FA on RMM software.
MSPs should be hyper-vigilant regarding phishing scams.

5. Malvertising
Malvertising (malicious advertising) is becoming an increasingly popular method of ransomware delivery.

Malvertising takes advantage of the same tools and infrastructures used to display legitimate ads on the web. Typically, attackers purchase ad space, which is linked to an exploit kit. The ad might be a provocative image, a message notification or an offer for free software.

When you click on the ad, the exploit kit scans your system for information about its software, operating system, browser details and more. If the exploit kit detects a vulnerability, it attempts to install ransomware on the user’s machine. Many major ransomware attacks spread through malvertising, including CryptoWall and Sodinokibi.

Prevention tips

Keep your operating system, applications and web browsers up to date.
Disable plugins you don’t regularly use.
Use an ad blocker. The Emsisoft lab team recommends uBlock Origin.
Enable click-to-play plugins on your web browser, which prevents plugins such as Flash and Java from running automatically. A lot of malvertising relies on exploiting these plugins.

6. Drive-by downloads
A drive-by download is any download that occurs without your knowledge. Ransomware distributors make use of drive-by downloads by either hosting the malicious content on their own site or, more commonly, injecting it into legitimate websites by exploiting known vulnerabilities.

When you visit the infected website, the malicious content analyzes your device for specific vulnerabilities and automatically executes the ransomware in the background.

Unlike many other attack vectors, drive-by downloads don’t require any input from the user. You don’t have to click on anything, you don’t have to install anything and you don’t have to open a malicious attachment – visiting an infected website is all it takes to become infected.

Prevention tips

Always install the latest software security patches.
Remove unnecessary browser plugins.
Install an ad-blocker such as uBlock Origin.

7. Network propagation
While older strains of ransomware were only capable of encrypting the local machine they infected, more advanced variants have self-propagating mechanisms that allow them to move laterally to other devices on the network. Successful attacks can cripple entire organizations.

Some of the most devastating ransomware attacks in history featured self-propagation mechanisms, including WannaCry, Petya and SamSam.

Prevention tips

Segment your network and apply the principle of least privilege.
Implement and maintain a reliable ransomware backup strategy.

8. Pirated software
Ransomware is known to spread through pirated software. Some cracked software also comes bundled with adware, which may be hiding ransomware, as was the case in the recent STOP Djvu campaign (free decryptor available here). In addition, websites that host pirated software may be more susceptible to malvertising or drive-by downloads.

The use of pirated software may also indirectly increase the risk of ransomware infection. Typically, unlicensed software doesn’t receive official updates from the developer, which means users may miss out on critical security patches that can be exploited by attackers.

Prevention tips

Avoid using pirated software.
Don’t visit websites that host pirated software, cracks, activators or key generators.
Be careful of software deals that are too good to be true.

9. USB drives and portable computers
USB drives and portable computers are a common delivery vehicle for ransomware. Connecting an infected device can lead to ransomware encrypting the local machine and potentially spreading across the network.

Typically this is inadvertent – a member of staff unwittingly plugs in an infected USB drive, which encrypts their endpoint – but it can also be deliberate. For example, a few years ago, residents of Pakenham, a suburb in Melbourne, discovered unmarked USB drives in their mailboxes. The drives contained ransomware masquerading as a promotional offer from Netflix.

Prevention tips

Never plug in unknown devices to your computer.
Don’t plug in your devices to shared public systems such as photo-printing kiosks and computers at Internet cafes.
Businesses should implement and maintain robust BYOD security policies.
Use reputable antivirus software that can scan and protect removable drives.

Conclusion
Ransomware spreads in many different ways. Some attack vectors such as malicious email attachments, phishing links and removable devices rely on human error, while others such as malvertising, drive-by downloads and network propagation are effective with no user input whatsoever.

Regardless of how ransomware propagates, there are many things you can do to reduce the risk of infection and mitigate the effects of an attack. Investing in proven antivirus software, maintaining backups and being cautious with your clicks can go a long way toward protecting your data and keeping your system safe from ransomware.