Our Private Data

As Facebook users we accept the privacy policies when we sign on.  For the most part we don’t even read over the extensive policy pages.  Instead we set up our account and enter data related to our personal lives.  We understand in the process this information gets recorded and stored.

Take Action:

We recommend that you get a clear idea of how much and what kind of data Facebook collects on you.  Check out the “Data In” section of our previous article for directions on accessing the data Facebook has collected from you.

Facebook is a free service and we can expect that they make revenue by providing our data to advertisers.  What many of us are not aware of is that they pass on our data to third party developers and organizations.

This is why we can sign on to a new app or online service using our Facebook login.  Right away they can access our data so that it is easier for us to create a new account with the third party app rather than having to enter all the personal information they require once again.

But what kinds of control are in place once our data leaves the hands of Facebook?  What kind of regulations are there to protect our privacy and information?  This is what Facebook’s Mark Zuckerberg has to address.

Facebook Updates

In the past Facebook has revised its privacy policies.  However, these previous revisions have been toward openness and sharing rather than protection of privacy.  Unfortunately, “…they were optimizing for profitability rather than security and privacy of their members” says David Kirkpatrick author of the Facebook Effect.[1]

Zuckerberg’s promise at the beginning of this year was to fix Facebook in 2018 – this is no small task.  In fact, he has stated that fixing the company’s problems will take years.

Presently, users are informing users in their News Feed if they’re among the millions of people whose data was improperly harvested by Cambridge Analytica.

Other changes we can expect in the near future: [2]

• Users will receive notice of all apps they use and what data is shared with those apps.  They then have a chance to delete apps they no longer want.
• Facebook will restrict access to certain data that applications can acquire.
• The option to search for users by entering a phone number or an email address will be removed.
• Facebook will set out to delete all logs after a year and only time of calls will be collected.
• New policy will also make users aware that WhatsApp and Instagram are part of Facebook and that the companies share information about users.  WhatsApp will still have a separate policy while Facebook and Instagram continue to share one.

Free

Whenever something is offered for free we need to ask: how is this business generating revenue?  Some companies offer a trial license for their software as a means to test drive the service.  Others rely on donation.

In the case of Facebook, it is free to users but there are associated costs.  Not only does Facebook sell data to advertisers who then place ads that are targeted to meet our purchasing preferences, they also harvests our data for app developers as well.

We need lawmakers to force these companies into the public spotlight and to enforce lawful conduct.

Regulation

Although Facebook is in the process of change and updates we need to ask: how is it possible to keep private data secure after it’s sold to third parties?  Facebook has admitted that it is impossible to monitor what these third parties do with the data once it is out of their hands.  However, Mark Zuckerberg has said that his industry should be regulated.

At present he is facing Congress and has delivered an apology and is answering questions.  But what will be the outcome of this?  What about past regulation?  Zuckerberg has stated they regularly testify before Congress on a number of topics.

In 2011, Facebook offered privacy assurances in a settlement with the FTC (Federal Trade Commission).  Allowing Cambridge Analytica to harvest data could be a violation of that settlement.  The ability to transfer the data of users’ friends should have been banned with the 2011 consent.  But what is the FTC going to do to enforce existing regulations?

Turning Up The Heat:

In 2016, the European Union passed the comprehensive General Data Protection Regulation, or GDPR.  One mandate restricts collection of personal data of EU citizens to be only saved for “specific, explicit, and legitimate purposes” and only with user consent.

This means, consent cannot be buried in the terms and conditions.

This law will take effect in May and companies worldwide are paying attention.  It is expected that this will expose the industry like nothing else.  In preparation for this law, PayPal published a list of companies it might share your personal data with – over 600 companies.

 Best Practices – Privacy at Stake

There is no doubt that privacy of information is at stake.

It’s essential that we throttle back on what information we make available online and what data is stored on our PC.  Here are our recommendations.

1. 1. We recommend the privacy functionality associated with PC Cleaner. By using the available functionality you can see all the personal and private data you have on your PC which could be accessed by illegitimate means.

1. 1. When on a public Wi-Fi network, we highly recommend not sharing out any sensitive data. Even downloading records online from a public location or terminal can leave your data vulnerable to hacks.

1. If you decide to delete your Facebook account, consider the following:
   • You will need to sever all ties with Facebook including Messenger, WhatsApp, and Instagram. Your data can be shared with these apps and policies are similar or, as with Facebook and Instagram, shared.
   • Any apps that you “log in using Facebook“ will no longer work and you will have to enter your log in credentials for these.
   • Delete all Facebook instances from all devices including your mobile ones. Make sure you delete and not deactivate.  Use this link from Facebook.
   • Do not even attempt to log in to Facebook for at least two weeks or you will cancel the account deletion process.

Last Comment

We started out this two part series asking a question of what to do as a Facebook user.  Undoubtedly, the data breach has been the final straw for some and these users are choosing to delete.

Do we throw the baby out with the bath water?

We need to acknowledge that there are positive online developments, and we need to take an active role in shaping it.

With respect to the baby / bath water analogy – we certainly can agree the bath water is dirty!

As for the baby – in the case of social media technology – we need to closely examine if it’s being overfed.

“…the thing we need to understand now,” Shoshana Zuboff states, “is that the online world, which used to be our world, is now where capitalism is developing in new ways.”

[1] http://money.cnn.com/2018/04/09/technology/

[2] https://www.ctvnews.ca/sci-tech/

[3] https://www.schneier.com/

The post How to Protect Your Privacy & Identity on Facebook – Part 2 appeared first on CompuClever.

Incognito, according to Wikipedia, from the Latin incognitus, refers to a person who wants to remain anonymous to the world and others, in hiding or shut off from humanity.

Web surfers have the option to enable privacy mode or “Incognito” mode on their browser.  Each of the main browser type offers some level of private browsing.  It is known as Private Browsing, InPrivate Browsing, and Incognito depending on the type of browser used.

Basically – this is a privacy feature that quite simply provides some privacy on your local computing device but, DOES NOT provide hidden detection or stealth beyond that.  Your ISP (Internet Service Provider) and other agencies connected on the Internet can detect your activities via your unique IP address on the web servers.

Disabling functions such as the web cache and browsing history make this a relatively private way of browsing the web.  Cookies, the data holders sent by web sites to recognize or track your online activity, are also disabled.

Items Deleted or Not Saved:

The list  of items that are deleted or not saved when you browse during Incognito or Privacy  mode are:

• Website history.
• The cache of files stored during your browse session.
• History of files downloaded.
• Search history stored by the browser.
• Cookies from browsed sites.
• Data on forms you have filled out.

Items That Are NOT Private:

There are items that are not deleted and the ways you remain exposed to detection:

• Search histories stored from search providers like Google are not deleted.
• Websites can identify you and keep a record of your visit.
• Your ISP can detect your network traffic and identify your IP address.
• Any malware on your PC or device can track your activities.

Also, it is important that you keep in mind the browser does not likely perform a secure delete and items from your browsing session can be recovered.  Until that data is overwritten with other data it can be undeleted using special recovery software.

Pros and Cons?

So why would you want to use Incognito?  It doesn’t seem entirely private after all.

Pros

The reasons for using this more of browsing include:

1. Reducing the history, browsing, and personal data stored on your PC or device.
2. You can prevent storage of sensitive data such as log-in credentials.
3. You can also use multiple accounts simultaneously using several tabs at once.
   Tip: You can let a friend check their email or log onto Facebook without you having to log out.  Just start up a new Incognito window.
4. You can perform searches that are not influenced by any prior browsing history.
5. Browser extensions are disabled so that Facebook and Google and other services can’t track you.

One of the main reasons however is to hide your online interactions on the computing device you are using from those sharing the same device.

In a busy household full of people… using Incognito mode can prevent others from seeing potentially embarrassing items.  It also prevents others from revealing your search history or the cache of browsed files.

Cons

We’ll, conversely, you may want to monitor online activities on your PC or device.  You may be concerned that someone will incur a malware infection or that they are browsing to websites that could be considered risky, unethical, or harmful. This is when you would want to disable Privacy / Incognito functionality as described below.

Also, having a false sense of protection can lead to consequences.  ISPs pass data to copyright holders (such as music, videos, books, or games), who are cracking down on the downloading of copyright materials.  The ISP is required to forward notices from the copyright holder alleging infringement of that work.

And, as we have pointed out, you are not completely stealthy.

How to Go Incognito

So now that you have a better idea of what the limits and benefits of this mode of browsing are, you can follow the easy steps outlined below to activate it.  Of course it will depend on which browser you are using.

• Chrome: Click on the ellipsis menu (…) at the right end of the menu bar, and select: “New Incognito Window”.
• Firefox: Click on the icon with three horizontal lines near the top right corner of the browser, and select: “New Private Window”.
• Internet Explorer: To change to an “InPrivate” session in Internet Explorer you would hold down Ctrl+Shift and press P (Ctrl+Shift+P).
• Microsoft Edge: Click the button with three dots (…), called the “More” button, and select: “New InPrivate Windows”.

Disabling It

As we mentioned above, you may want to disable this function so that you can detect for yourself the online activities of others in your household. Click the links below to take you to the specific directions for your browser type.

• Chrome
• IE / Firefox / and a freeware tool for Chrome
• Microsoft Edge

Warning: most of these procedures require a change to the registry.  We recommend you do a backup beforehand and proceed with caution.

For Parents:

If you’re a parent worried about your kids and their private online activities (for example, pornography or social networking sites), then you can first try to disable the functionality as mentioned above.  That way you can check the search and browsing history items.

You can also take the next step and look at filtering software such as NetNanny that will block porn and whatever else you want to filter even when the browser is in Incognito mode.  They have it for computers and mobile devices.  It’s not free but could be worth the peace of mind.

Last Note

We’re in favor of providing information that in the right hands is used with good intent.  To reach a higher level of stealth you would need to look at using a VPN solution.  A VPN masks your physical location and IP address so the website you’re visiting doesn’t really know who or where you are.

We hope this information has been of help to you and enhances your web browsing experiences.  For more information on this topic see our past posts:

• Privacy – Don’t Give It Away
• What Is a VPN, and Why Do You Need One?

Feel free to contact us with any questions or comments on this and other subjects.  Simply send us an email at: newsletter@compuclever.com

The post Going Incognito – Browse Web in Privacy Mode appeared first on CompuClever.

With two prominent malware attacks occurring back-to-back during the past two months, you’re likely familiar with the term  – “Ransomware” – a cyber-crime gaining worldwide attention. In this article we explore ransomware in depth and offer recommendations and instructions to prevent it from happening and to protect your PC.

Ransomware defined:

You can think of ransomware as “data kidnapping”. It is the result of a malware attack that blocks access to a user’s PC data. Once infected, the attackers try to force you into paying money so you can regain access. In some cases there is a threat to publish or delete the data unless the ransom is paid. Data and access is blocked by using strong file encryption.

Computers can be infected whether at home or in the work environment. This includes PCs on an enterprise network or government agency servers.

Some ways of infecting your PC include:

• Surfing to unsafe or fake websites.
• Opening emails and email attachments from unknown sources.
• Opening malicious links in emails, Facebook, Twitter, and from online chat apps such as Skype.

The two main types of ransomware are: Lockscreen and Encryption.

1. Lockscreen ransomware prevents you from accessing your PC or files and instead displays a full-screen message saying you have to pay a ransom to regain access.
2. Encryption ransomware prevents you from opening your files by encrypting them. The encryption is very strong (uses an AES-256 “military grade” cipher algorithm), and would take an estimated 3×10⁵¹ years to crack. Also, a unique encryption key is generated for each infected computer so you can’t just get someone else’s key.

Note: There are older versions of ransomware that display false messages such as claiming you have performed an illegal activity with your PC. They then state you are being fined by a police force or government agency. We want to stress that these claims are false and can be considered a scare tactic designed to extort money from you.

What is the result of the attack?

While there are various forms of ransomware, all of them prevent you from performing normal PC functions. This includes:

• Getting locked out! Preventing you from accessing your operating system.
• Blocked access to files! Files are now encrypted and you can’t access them.
• Disabled apps! Certain programs (like your web browser), are no longer able to run.

What about the ransom?

Some ransomware attacks involve the victim having to pay money while some make you complete a survey. Payment of money is performed online and sometimes involves the victim having to pay in Internet currency Bitcoins. Due to the nature of those that commit these cybercrimes – there is no guarantee that your data or PC will return to the pre-attack state.

How much do they extort?

Symantec gained access to a malware server in 2012. This provided them first hand insight of the ransoms that were paid out. In a single day 5,700 computers were infected and 2.9% paid the ransom. This comes out to approximately $33,600 for one day.

“Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims. The real number is, however, likely much higher.”[1]

Recent Ransomware attacks…

WannaCrypt; May 12, 2017:

Many users around the world were victims of the malicious “WannaCrypt” software attack which has been considered one of the worst and most widespread cyber-attacks. More than 230,000 computers in over 150 countries were affected. All files on infected PCs were locked and the demanded ransom was 300 dollars in bitcoins.

Interestingly, people running Windows 10 were not targeted by the attack. Despite this, this attack was serious as evidenced in the steps Microsoft took. They took a highly unusual step in providing a security update for all customers to protect even the Windows platforms that are in custom support only. This includes Windows XP, Windows 8, and Windows Server 2003.

Supported versions of the operating system (Vista, Windows 7, 8.1, 10, etc.), have access to the security update MS17-010. If users have automatic updates enabled or have installed the update, they are protected. Microsoft states[2]: “For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010“. They go on to state that this attack may evolve over time and additional defense strategies are warranted.

Petya; June 27, 2017:

Companies across Europe and the US were affected by the ‘Petya’ ransomware attacks. Infected computers displayed a message demanding a Bitcoin ransom of $300. Victims were unable to unlock their computers even if they paid the ransom.[3] The instructions included sending confirmation of payment to an email address. However, that email address was shut down by the email provider and there was no way to contact the attacker for a decryption key to unlock their computer.

This ransomware attack exploited the same Microsoft exploit as WannaCry – the vulnerability known as EternalBlue. Even with the patch, this cyber-attack has two other ways to spread within an organization focusing on the network administrator’s tools. Experts believe the initial infection is suspected to have been delivered through email (as with WannaCry).

If Infected With Ransomware:

You are a victim of a ransomware infection once you see some form of ransom demand appearing in a dialog window, an app, or a full-screen message. Unfortunately, this demand is displayed after encrypting your files or disabling some part of your PC.

Before you try to recover your files, Microsoft suggests trying to fully clean your PC with Windows Defender Offline. After this you can try to Backup and Restore in Windows.

We fully agree with Microsoft: “Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your PC or files.”

If You Already Paid:

If you paid the ransom, contact your bank and local authorities immediately. Your bank may be able to block the transaction and return your funds if you paid with a credit card. Inform your bank if you did submit credit card details to the cyber thieves.

We suggest you also contact the following government agencies that deal with fraud and scam reporting:

• In the United States, go to: On Guard Online.
• In Canada, go to: Canadian Anti-Fraud Centre.
• For other countries: go to this Microsoft site.

Prevention:

There are safe measures you can take to lessen the impact of attacks and failures and there are ways to prevent malicious attacks from crippling your PC and network.

1. Keep a current back up of your data files (images, video, documents and music).
2. Keep your Windows install up-to-date with the latest Windows security updates.
3. Keep your antivirus program up-to-date. We highly recommend a reputable AV program with active subscription (one that keeps up to recent malicious attacks). We invite you to check out the performance and protection offered by CompuClever Antivirus PLUS.
4. Do not open email links or files from a sender you do not recognize. In many cases you can recognize a fake email and webpage because they have bad spelling or look unusual.
5. Be careful where you surf on the internet especially with less reputable sites. There is a greater chance of contracting a malware virus. Quite often unsafe sites can look convincing and have only subtle differences.

Microsoft states[4]: “Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).”

Stay Safe:

Hundreds of millions of emails that include a ransomware attachment are being sent out every month. Many of these are being blocked and software vendors are working hard to shrink security holes and fix this ongoing cyber-crime.

As can be seen with the information provided here, staying informed, taking precautions, and using safe practices can help prevent you from getting an infection that could save you time and your data. If you require further information on this subject we recommend Microsoft’s Ransomware FAQ page.

[1] http://www.symantec.com
[2] https://blogs.technet.microsoft.com
[3] https://www.theguardian.com
[4] General information on ransomware

The post Don’t be Held at Ransomeware appeared first on CompuClever.

While ISPs claim they will use your Internet history to help sell you more relevant ads, the decision by Congress has made many people deeply uncomfortable.

WiFi Hotspots Are Also A Risk?

It’s not just ISPs who are after your browsing data and personal information. For example, whenever you login to a WiFi hotspot in a coffee shop or at the airport you are potentially putting yourself at risk. WiFi hotspots may not protect your data as it is transmitted to and from your device. Even worse, some WiFi hotspots may want to steal your data, such as browsing history or even passwords and credit card information.

Luckily, something called a virtual private network (VPN) may help protect you from ISPs and anyone else who wants to snoop on your Internet habits.

What Is a VPN?

A VPN is essentially an online service that allows you to create a secure Internet connection. All of your browsing is encrypted, meaning that no one, including your ISP or even the government can determine what you are doing on the Internet.

How Does It Work?

When you connect to a VPN, you usually launch a VPN client on your computer (or click a link on a special website), log in with your credentials, and your computer exchanges trusted keys with a far away server. Once both computers have verified each other as authentic, all of your internet communication is encrypted and secured from eavesdropping.

There are two main advantages to using a VPN:

Advantage #1: Browse Privately and Safely

As mentioned, all of your browsing information is encrypted. This means that your ISP cannot sell your data to a third-party for advertising. VPNs also ensure that your passwords and banking information are kept safe, too.

For example, many journalists and businesspeople traveling abroad use VPNs to protect their privacy.

Advantage #2: Browse Everywhere

Businesspeople and journalists may also use VPNs just to be able to communicate. For example, the Great Firewall of China prevents Internet users from accessing many useful websites from outside of China. Many people rely on VPNs to access indispensable online services for their jobs.

On the other hand, VPNs are also useful because they allow you to browse as though you were in any country. Many online content providers such as Netflix, Hulu and the BBC restrict access to content based on your country. You can use a VPN to get around these rules.

What to Look For In a VPN

Not all VPNs are created equally, so it’s important to look for the right one before making a choice.

Look for:

Speed

If you want to use a VPN in order to watch online content such as Netflix, make sure it has enough bandwidth to do so. Generally speaking, this bandwidth is a result of investments in server capacity and other technology. Some VPNs have more than others.

Your Data Must Be Kept Safe

Almost anyone with a little technical know-how can setup a VPN service and then sell it to consumers. The problem for you is: how do you know they’re going to protect your data?

Look for a VPN with a professional website and an active and responsive social media presence. And, if you’re really concerned with privacy, look for a VPN that has its servers in a country with strong data privacy laws. In countries such as the United States and the United Kingdom, government now has broad powers to access your data.

Countries such as Canada, Germany and Switzerland have much stronger rules prohibiting government collection of personal data, so look for a VPN headquartered in one of those countries first.

When Can a VPN Not Protect Your Privacy?

Even if a VPN does not share your personal information, there are others who can. For example, Google and Facebook both use your profile data, which includes browsing history, to sell advertising. A VPN is not designed to prevent this from happening–protecting yourself from Facebook and Google’s efforts to collect data is best done using browser-based ad blocking tools.

Also, keep in mind that you typically choose to use Google and Facebook because you agree to trade some privacy for the convenience of their services.

However, since you pay ISPs directly, you should expect that your privacy be respected. But since ISPs and others are not respecting your privacy, it may be a good time to use a VPN.

What We Recommend: SecureVPN

SecureVPN allows you to surf the web anonymously, unlock websites, unlock VoIP services, secure any wifi hotspot, and protect your data & privacy.

SecureVPN operates a self-managed VPN network with at least 750 servers in 141 countries, with plans to add more.

Since there are so many local servers, this means SecureVPN promises the fastest speed possible. SecureVPN also owns its own network–there are no third-parties that gather data, and SecureVPN keeps no logs of your activities.

Why choosing SecureVPN?

SecureVPN offers a variety of features, including:

• No 3rd Parties for Your Data: SecureVPN has a self-managed network. Your data is handled by SecureVPN only, without the intervention or interference of any third-parties.
• Military-grade Encryption: SecureVPN employs top-of-the-line military-grade up to 256-bit encryption to protect and safeguard user’s data from falling into the wrong hands.
• 750+ Servers in 141 Countries: SecureVPN has servers in 141 Countries. So, no matter where you are or where you travel to, SecureVPN will connect you to your favorite content.
• 99.99% Uptime: SecureVPN has its own network of servers and a team of highly professional experts who manage and host the network to guarantee 99.9% uptime.
• Powerful Software and Apps: SecureVPN wrote its own code for its proprietary software and apps for every major platform including Windows, Mac, iOS, Android, and Linux.
• Unlimited Data Transfer: Download, browse, stream or share, SecureVPN users are free to do whatever they want, how much they want since there is no bandwidth or data limit.

The post What Is a VPN, and Why Do You Need One? appeared first on CompuClever.

The Test Results

We’ve had four positive test results from the VB100 test lab, one of the few independently operated testing facilities focused on providing comprehensive examination of security software and solutions.  Let’s start with an overview of these four tests that are available for online viewing.  These tests were conducted between August 2015 and October 2016 on various Windows platforms.

Overview & Breakdown

The specific results of each test are based on test markers which you can get an idea of when you mouse over the column title (RAP Score, Performance impact %, etc.)  We define them here:

• Platform:  This is the selected operating system that VB100 performs its test on. VB100 tries to cover a spectrum of the most popular Windows OS with their tests focusing on one version at a time.  Note:  CompuClever Antivirus PLUS supports Windows 10, Windows 8, 7, Vista, & XP.
• Result:  This is the overall result; simply put, it reveals if the antivirus software passed or failed the test.
• RAP Overview:  “Chart shows RAP scores with weighted average overlaid.” Note: The difference in scores is explained below.
• RAP Score:  “Weighted average detection rate over recent malware samples, including retrospective coverage of new malware (Reactive and Proactive).”  Basically, this means the ability for the AV product to detect and react to malware threats.  This is the most important measure of how effective any AV product is; the higher the score, the more effective the product.
• Performance impact (%):  “Increase in time taken to complete a set of common tasks.”  This is the impact to system performance by the AV product when in operation. A lower score is better here.
• Stability Rating:  “Rated on a five-level scale from Solid (no problems) to Flaky (severe issues).”  This is the rating given by VB100 based on the test results. This tells you the quality of the AV software apart from the previously mentioned effectiveness or performance impact measurements.

What is evident in these results is a consistent pattern of high RAP Score – detection of AV threats – and a low performance impact.  Once again this means that CompuClever antivirus PLUS works to protect your PC from online malware threats all the while operating in the background.

In this way, you won’t notice it and it won’t have an impact to overall system performance – something CompuClever dedicates itself to accomplishing!

Overall Conclusions

Based on analysis of detailed test data, we are very pleased with the results of the tests. These results are in line with our original goals:

• Total protection against any form of online threats: CompuClever Antivirus’s high RAP score is among the list of top security solution providers, like ESET, Kaspersky, Bitdefender, and AVG.
• Minimum impact to PC performance: CompuClever Antivirus’s extremely low % in Performance Impact to PC performance outperforms most of our top competitors.
• A solid and well-built antivirus product: It is easy to install without reboot, has an intuitive user interface, and is extremely intelligent and quiet. CompuClever Antivirus is regarded as a “solid” antivirus solution.

This is what VB100 lab says about us in one of its test remarks:

Check Your AV Product

We invite you to examine the results for your AV product.  You can trust VB100 as it a free service that performs regular independent reviews of malware solutions and provides test results for AV software that handle both known (reactive) and unknown (proactive) virus samples. You can see the latest test results for any product or you can use the Search field to quickly find test results.

CompuClever Antivirus PLUS

CompuClever Antivirus PLUS offers unparalleled security technology against malware threats. It is designed to deliver the best performance for your PC and it is built on the most advanced antivirus technology available today. Exceptional in its ease of use, it allows you to handle security with a single click. The intuitive technology also guards your online privacy and digital identity with specific protection when doing online banking and online shopping.

Browse the following topics to learn more about Antivirus PLUS:

• Do you have to sacrifice PC speed for protection?
• How to safeguard online banking
• How to protect your personal identity
• Does your antivirus bark all the time?
• How to surf the web safely

The post CompuClever Antivirus PLUS – VB100 Award! appeared first on CompuClever.

On Friday, October 21st, a lot of people were having a hard time accessing the Internet. First, Twitter went down. Then PayPal no longer worked. Later on cloud storage sites such as Dropbox went offline. For most of the day tens of millions of people could not access some of the most important and most useful websites on the Internet. Reddit, CNN and Netflix were all affected.

Was it a Russian hack? Could it be the Chinese? Nobody could say for sure. The only thing that was certain was that massive Distributed Denial of Service (DDoS) attack had occurred. The target of the attack was DNS service provider Dyn.

What is a DNS provider?

As as DNS provider and as a company, Dyn’s job is to convert human-readable website names such as www.facebook.com into computer-readable numerical IP addresses (for example, 192.168.0.1)—humans prefer to use easy-to-remember-addresses such as www.facebook.com rather than the long, insanely complicated numerical strings favored by our machine servants.

Websites like Twitter and Dropbox rely on Dyn to help resolve and translate the various kinds of links each company uses as part of their product. For example, you post a link to your Twitter account, Dyn will make sure that whoever clicks on it will get sent to the right website. Dyn does this by having a massive database of domain names it can “point” web browsers to. If Dyn goes offline, Twitter, Dropbox and other web services can no longer “point” people about where to go.

The October 21 hack forced Dyn’s domain name servers to go offline so nobody could use them. This pushed Twitter, Dropbox and other websites offline. It was alarming for any company who relies on Dropbox to store and access important files. The outage was also alarming to journalists, who rely on Twitter to share information and generally gossip with their colleagues.

The fact that Twitter went offline, then, ensured the DDoS attack would receive immediate and comprehensive coverage.

Were the Russians behind the October 21st hack?

But nobody knew exactly what happened. Thanks to the supposed role Russia has played in providing Wikileaks with hacked Hillary Clinton emails, there were rumors that Vladmir Putin was behind the massive hack.

But the real story was much weirder.

For one thing, the hack was the largest one in history.

It turned out the October 21st hack was not the work of Russia. Instead, it was largely orchestrated by amateurs. They used a weapon called the Mirai botnet as the ‘primary source of malicious attack.’

Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called “internet of things” (IoT) devices such as digital cameras and DVR players. Dyn estimated that the attack had involved “100,000 malicious endpoints.”

Internet-connected devices made the hack inevitable

Basically, any device with an internet connection could initiate an attack against Dyn. All the attacker had to do was instruct an unsecured, internet-connected device to make a request to Dyn. The sheer volume of requests, made by millions of devices located around the world, from web cams to DVR players to, theoretically, at least, toasters, overwhelmed Dyn’s DNS servers, shutting them down.

There’s a theory that the massive attack on Octover 21st was targeted at the PlayStation Network and that Dyn was hit because it provides DNS services to PSN.

It could have been a few kids who brought down the Internet for a day in October.

Why every computer user should care about this attack

What lesson does this even have for the average computer user?

There are more ways to get hacked than ever before

In the case of the October 21st hack, the attackers may have been searching for “open” Internet-connected devices they could use to perform an attack. It could be your internet-connected toaster, or it could more likely be your computer.

2) You have bigger things than Internet-connected devices to worry about

Most of us do not own an Internet-connected toaster or even a “connected home” you can monitor remotely over the Internet.

But we all have computers, and people are getting infected by malware every day. Your computer is fundamentally insecure unless you do something about it.

Luckily an antivirus program can provide powerful protection against this.

How antivirus keeps you safe

Antivirus software has long been recognized as a way to prevent your computer from being infected by viruses, malware, trojans and other harmful programs. But, by “locking down” specific ports and other access gateways, antivirus programs can prevent computer from being hijacked by a hacker.

The intuitive technology also guards online privacy and digital identity, including banking and credit card details, as well as email passwords and social media information.

 Learn more about CompuClever Antivirus PLUS.

The post How Antivirus Protects Your Computer From Hackers appeared first on CompuClever.

Here are the key facts that you should be aware of regarding this breach:

• In August 2016, a person codenamed “Peace” attempted to sell what he claimed to be 200 million Yahoo user information.
• Back then, Yahoo only said they were investigating the legitimacy of the claim.
• On Sept. 22^nd 2016, Yahoo issued a statement acknowledging the legitimacy of the claim. Furthermore, Yahoo confirmed the scale of the breach is actually 500 million accounts.
• Yahoo also confirmed that the information stolen contains name, username, lightly encrypted passwords, date of birth, and for some accounts, security questions and answers.

Nevertheless, till this moment, Yahoo hasn’t issued a notice to all of its users advising them to reset their passwords.

Here at CompuClever, we felt it is necessary to inform you about this event because there is a high possibility that either you or someone you know might be impacted by this incident.

Yahoo is currently working with law enforcement agencies, including the FBI, to deal with this breach. Nevertheless, we recommend you immediately take the following measures to protect your online security and personal privacy:

• Immediately change your Yahoo email password.
• If you happen to be using the same combination of username and password across multiple (non-Yahoo) online accounts, change all of the passwords. Make sure that you use a different password for every account.
• Ensure you have a legit and reputable antivirus protection with active subscription to protect your PC from any forms of cyberattack.

Further readings:

• How to protect yourself in a post-password world
• How to create a good password
• Safe guard your online banking
• Stay safely connected

The post Breaking News – Yahoo Admits Breach of 500 Million Accounts appeared first on CompuClever.

We’ll begin with a definition of what a firewall is and then move into some basic questions and answers.  After that we’re going to provide information for those that might want to beef up their firewall protection.

The Firewall Basics

Effectively a firewall is a filter.  It is designed to prevent dubious programs and Internet services from establishing a connection or gaining access to your computer.

A Little Q and A

Now that we know basically what it is, we can answer some questions.

1. Why do I need one?

A firewall tries to screen out incoming Internet streams of data from unwanted sources and it also prevents programs on your PC to access the Internet without authorization.  The purpose is to prevent unwanted and malicious programs from communicating to, or from, your computer.

2. Who makes firewalls?

Microsoft includes a firewall with Windows – we’ll cover this in more detail below.  There are also a significant number of known makers of free and paid solutions.  The best known names would include Norton, McAfee, BitDefender, Kaspersky, as well as Zone Alarm, Webroot, and Comodo.  Some routers also have firewalls built into them.  While we are not recommending any specific option, selecting one of the manufacturers listed above should provide greater security.

3. When do I need one?

Quite simply – you need a firewall when you connect to the Internet. This is why you should also consider a solution for your smart phone or mobile device.  Most malware programs these days attempt to get money from you and your mobile devices are also targets of malware attacks and cyber crime.

4. Doesn’t Windows already come with a firewall?

Yes, it does, and it may be all you need.   It blocks unwanted connections and will prompt you if you want to allow a connection or not.  There is a list of programs to block and you can enter exceptions to identify programs you deem safe.

Windows Firewall is equipped to monitor traffic, but lacks in the area of program control.  Despite shortcomings, Windows Firewall may be all you need.   Other tools will provide additional functions such as the ability to create activity logs.  In this way you can review what was happening in terms of attempted connections so you can fine tune the security parameters.  The bottom line is that the Windows Firewall will suffice for most users and should not be regarded as providing insufficient security.

If you find surfing the net is slow, begin by optimizing the browsers and Windows configuration for accessing the Internet.  We recommend looking at the articles: Improve Internet Speed and Restore Browser Speed.  After this, if you are more certain that the firewall is affecting performance, you may want to replace it.  If your PC is encountering issues with viral infections then first look at your antivirus protection, and if you have a top notch AV solution and are still getting breaches, that too would be a reason for looking for a new firewall.

5. Is a firewall all the protection I need?

In a previous article we covered some myths about antivirus protection and this came up.  We can review briefly here.  As we have described, firewalls can filter nefarious traffic.  However, they cannot protect your PC from files that contain a virus or Trojan.  The reason for this is that firewalls are not able to scan for infected files – you need an antivirus solution specific to this purpose.

Cyber criminals exploit potential security holes and look for ways to openly connect with your PC.  A firewall can minimize this risk and offer the first line of defense.  However, it is not sufficient in blocking the myriad of virus and malware threats that are prevalent.  Malware creators are very clever in disguising data and can even disable your firewall in an effort to steal private or personal data.

Turning Windows Firewall On and Off

Microsoft states: “You only need one firewall app on your PC (in addition to the firewall that’s probably built into your network router).  Having more than one firewall app on your PC can cause conflicts and problems.” ^[1]  It is also good practice to NOT turn off a firewall unless you have another one turned on.

With these safe practices in mind, you can view the status of Windows Firewall and you can turn it off or on.  The easiest way to begin is to type “firewall” in the Search field located in the Start menu.  For more information and instructions specific to your operating system follow one of these links:

Windows 10  / Windows 8 / Windows 7 / Windows Vista / Windows XP

What to Consider if Seeking an Alternative

Here is our list to help you better decide on alternatives to the built-in firewall for Windows.

1. You need to consider how accurately a firewall solution will identify threats to your system. You do not want it to miss threats but you also do not want it blackball safe and known programs.  No one wants an unending stream of warnings from their firewall for no valid reason.  The very best firewalls handle unknown programs by monitoring them closely for suspicious activity and signs of improper network activity behaviour.
2. The fewer resources it requires the better. This will allow your system to run programs faster and dedicate resources to perform duties related to regular day-to-day activities.
3. Supply only the functions you need. Some “suite” applications will include antivirus and performance tools.  If you already have these areas covered by other applications there is no need to pay for bloated software that is inadequate in these other areas.
4. You will also need to know what kind of coverage you require in terms of the devices you are needing to protect (desktop, laptop, tablet, or phone), and if your solution will suffice.

Other Considerations

Now to finish off with some final points related to installing a new firewall solution.

Install Your Firewall 

There isn’t any one “right” place to install a firewall; it comes down to the devices you use and the programs you run.  If you are looking for a firewall for your business then the normal firewall is not what you need; you need what is known as a “Next Generation Firewall” or, “NGFW’.  These are more sophisticated and expensive, ranging from $500 to $80,000, and are beyond what we will discuss here.

Also, some routers have firewalls built right into them, meaning any system behind them does not need a firewall.  This is useful as it means that there is no performance loss for Windows as a result of a firewall performing checks on data streams.  However, if you have a portable device (like a laptop, tablet, or phone), then you need a firewall installed to the device that can be turned on whenever you connect to the Internet when away from home.

Common Problems

The most common problem in using a firewall is blocking a program you know is good.  When this happens you need to create an “exclusion” or “exception” (search the program help files for those terms).  Effectively, this provides you the ability to override what the firewall would normally do.  Firewalls are designed to run in the background so most people have little to no interaction with these programs once they are installed and exceptions are generated.

Summary

While we haven’t gone into detail about hardware and software firewall technologies and the various viral threats to firewalls, we have covered the basics.  Standard coverage should get you started and you have the option of customizing the onboard Windows Firewall.  As an alternative to Windows, you can follow our introductory guidelines for taking on an alternative firewall solution.  In either event, remember that an effective antivirus solution is part of your fortress of protection.

We would like to thank Richard from our Tech Support team for his first wave of research on this subject.  We will continue to provide story lines like this and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com

The post Firewalls – First Line Filtration appeared first on CompuClever.

Here are 7 myths about antivirus software that we get from interacting with users when dealing with security related support cases.  Let’s debunk the myths related to AV applications.

The Top 7:

Here are the myths that we cover in this article along with the real truths about each.

1. Authentication and encryption offers me all the protection I need.

It’s true that authentication and encryption can make it challenging for a criminal to get to your confidential information but not impossible.  Some authentication systems use a One Time Passcode (OTP) and send a Simple Messaging System (SMS) or computer generated call back system.

Unfortunately, cyber criminals have already found ways to circumvent multi-factor authentication which was supposed to radically reduce online criminal activity.  New malware versions are now able to intercept authentication codes that are sent to your phone, so criminals can still get access to your OTP without you knowing about it.

Encryption scrambles your information to render it useless and requires you to use an encryption key to unlock the data.  However, it does not fully protect you from key-logging malware that can read your password used to access the encryption key.

While both of these technologies are useful in protecting sensitive data on your PC, they do not protect your PC from contracting malicious software.  In other words, your system can be hacked and be held hostage – you can fall victim to ransomware and other debilitating viruses.

2. I don’t download files so I am safe from virus attacks.

You don’t have to actively download files to be the victim of virus attacks.  Browser based attacks are now much more common.  In fact, some of the most popular websites, including Yahoo, New York Times, Huffington Post, and CNN.com, have fallen prey to malware attacks that are integrated in display ads.  This is known as “malvertising”.

Malvertising is a common online criminal tactic which can easily spread among popular websites for maximum gain.  There are two types of malvertising attacks.  One is when a user clicks an ad and the malware infects their system.  The other type is not even triggered by user interaction as it uses embedded malware code within iframes that results in the ability to manipulate the browser to grab files from other malicious sources.  Simply browsing to a site can result in falling victim to malware attacks.

There are also attacks, referred to as “Man in the Middle” where an “…attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other”.^[1] For example, the Man-in-the-Browser (MITB) attack utilizes a Trojan horse virus.

Online banking is very susceptible to the MITB attack.  In these cases the infected web browser uses altered web pages and content without the user knowing it.  The information is exchanged between the user and the host bank and the confirmation screens are all the same.  However, in the background, the criminal can be altering the data so as to change the transaction destination and the amount.

These examples illustrate that files do not have to be downloaded in order for you to be compromised.  Fortunately, Trojan viruses can be detected and removed by effective AV engines.

3. Firewalls protect me from malicious activities.

Firewalls block certain nefarious traffic but they cannot protect your PC from files that contain a virus or Trojan.  The reason for this is that firewalls are not designed to scan for infected files – you need an AV engine specific to this purpose.

It is crucial to eliminate potential security holes.  Port scanning can be problematic as criminals look for ways to openly connect with your PC.  A properly configured firewall can minimize this risk and new Windows operating systems come with firewall functionality.  While this is the first line of defense… it is not sufficient in blocking the myriad of virus and malware threats that are out there.

A firewall can be configured to block outbound traffic as well.  However, malware writers have been able to disable a firewall so traffic can escape from your system.  AV vendors have already created mechanisms to minimize this problem, but cyber criminals have proven themselves to be very clever in being able to hide the information within normal http traffic so as to disguise the data as innocent web requests.

4. Viruses and malware are written by AV companies.

There is no shortage of conspiracy theories.  So… is there any truth to AV companies creating malware?

There is an old technique that Firefighters use known as back burning.  Firemen create a controlled fire to burn up all of the debris that can fuel a fire which leaves a black zone. This method reduces the chance of a wildfire from jumping across the black line of defense.  This is similar to a strategy that Antivirus companies employ with viral attacks.  They use existing malware or create viruses to test their AV engine so they can understand the limits of their program, improve their software, and eliminate the vulnerability associated with such attacks that are known and encountered in the real world.

The real and full truth here is that there have been billions of dollars in loss suffered by companies and private individuals as a result of cyber criminals utilizing malware for profit.  There are in fact real criminals that focus their energies and skill on a variety of heinous activities such as stealing money, selling stolen credit card information, hiring other malicious code writers, selling malware to other cyber criminals, holding an infected PC ransom, and more.  Cyber crime is a billion dollar industry and it will continue to grow as long as criminals see an opportunity to make money.

5. You can get good protection from free AV programs.

There are free antivirus programs that provide a basic level of protection, like Microsoft Windows Defender.  However, many of these lack key security features to reduce exposure to attacks, some have slower scanning speeds, others do not provide technical support, several do not respond quickly to emergencies, and some do not detect new threat categories effectively.

Free AV programs generally do not provide web protection.  This fundamental security feature is designed to block malicious links, prevent phishing attempts, and stop fraudulent links from compromising your system.  As we stated previously, online criminals want to make money and they will target personal or financial information.

Some free antivirus products offer a personal firewall that can block unauthorized communication.  You will need to verify your AV solution is equipped with this and activate it during the enrollment process.  And keep in mind, if your PC is already infected, cyber criminals could be actively stealing your information.

Choosing a free or paid antivirus program can be a difficult challenge as you need to weigh out your own privacy concerns along with getting full protection.  Third party publications can help narrow down your choices so we recommend that you review articles from publications such as: PC Magazine, Cnet, AV-Test, AV Comparatives, or Virus Bulletin.

6. AV applications are not equipped to deal with APT attacks.

Advanced Persistent Threat (APT) is a recently used term spoken in such a way as to conjure up dark and scary creatures that we can speak of when gathering around a campfire at night.  In reality, APT is not dramatically different from malware that was launched ten years ago.  It’s quite common for cyber criminals to use similar tactics in new ways when launching their latest PC threats.

Malware writers are very innovative as they quickly change their attack methods while still leveraging criminal underground networks and strategies all the while remaining focused at absconding funds or making their mark.  Case in point: Ashley Madison hackers were motivated as a result of outrage due to the activities of the targeted website.

AV companies have evolved by using a combination of malware signatures, heuristics, and behavior techniques to capture new and unknown threats.  They will not however detect all malware attacks.  Some AV companies detect unknown threats better and more consistently than others.

Let’s turn our focus on third party testing companies that specifically test for unknown and zero-day malware threats.  Companies that specialize in preventing APT attacks generate a lot of revenue, but it is surprising to see that these vendors have not submitted their products for testing by a third party organization.  Why is that?

For most users, the most affordable and best option is a reputable AV program along with using common sense.  It also helps to get recent and frequent software updates.

7. I can get good information about AV app comparisons from the AV vendor.

The simple answer to this is: make sure you get independent reviews.

Often times, AV test reports sponsored by a company range from being biased to blatantly skewed.  These reports typically highlight specific detection techniques and compare a limited number of vendors.  On the other hand, third party, non-profit malware testing organizations publicly provide their testing methodology to be scrutinized by all participating vendors.

All AV vendors are allowed to participate in third party tests and reviews, compared to being selected and tested by a vendor who is paying for the report.  There are different testing scenarios to help understand efficacy characteristics.

One test, involves capturing malware for a specific period of time and preventing the update mechanism from fetching the latest files from the AV vendor.  This particular test determines whether the AV engine can proactively prevent new or unknown threats from infecting a PC without file updates.^[2] Another test involves speed performance tests which measure the impact of the AV program on the performance of a computer system.

An Independent Review: CompuClever Antivirus PLUS

We are pleased to report that we were tested and received a glowing review by VB100, “…a world-renowned independent testing and certification body, active in testing, reviewing and benchmarking security solutions for over 20 years.”^[3]

For more information about CompuClever AV PLUS click here: Are You Well Protected?

Summary:

With the information provided in this article we feel you now have a much clearer understanding of AV applications and virus attacks.  We strongly recommend that you protect your PC from viral dangers that are prevalent in our daily computing world.

We will continue to provide story lines like this and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com

The post Antivirus Software – 7 Myths Debunked appeared first on CompuClever.

Cyber-criminals have so far collected more than $200 million in the first three months of 2016, and are on track to steal $1 billion by the end of the year.

How?

By tricking regular people, as well as businesses and institutions, to download “ransomware” that takes control of computers and servers. If you want to unlock your computer data, you have to pay the crooks.

It’s a lucrative scam and no one is safe: hospitals, school boards and even police departments have all been blackmailed by ransomware criminals so far this year.

You Don’t Even Have to Download Ransomware to Infect Your Computer

Most recently, Game of Thrones fans were targeted by ransomware just by visiting the Pirate Bay video downloading site.

What’s most frightening about this example is that the visitors to the Pirate Bay didn’t actually download any malicious files.

Instead, all they did was get secretly redirected to a webpage that exploited common security holes in their Internet browser. Ransomware was “injected” into their computer before they knew what was happening.

What is “Ransomware”?

Ransomware is a type of malware—a malicious software program—that, once installed, takes over your computer. Ransomware may prevent your computer from working properly. It can also encrypt or lock away important data, including photos and music files.

The only way to regain control of your computer is to pay off the ransomers, usually by wire transfer or some other untraceable payment method.

How Does Ransomware Get Installed In the First Place?

Sometimes ransomware is downloaded and opened by accident. You may think you are downloading a video file or a useful software program, but in reality you are installing ransomware on your computer.

Sometimes people claiming to be “MS tech support” call you up, and persuade you to download what they claim is some sort of computer utility program.

They walk you through the process, step-by-step, over the phone, to download the ransomware.

Still, what is the most common ransomware “exploit”?

Your Internet browser. Thanks to weak coding, Internet browser security vulnerabilities are being found by cyber-crooks all the time. Visit the wrong web page by mistake and ransomware is downloaded automatically onto your computer.

Once downloaded, a common ruse to complete installation of the ransomware is for a pop-up screen with an “FBI warning” to appear on your computer. Push any button on the popup and the ransomware installation process gets finished, and your computer is hijacked.

Police departments and other government agencies can’t provide much help—they are overwhelmed by other problems and simply cannot track down the cyber-criminals.

So, to get rid of the ransomware and regain control of your computer, the only thing you can do is pay off your hijacker.

Or, you can take steps to avoid downloading the ransomware in the first place.

How to Protect Your Computer from Ransomware

1) Make sure you have antivirus installed

Make sure you have a current, legitimate antivirus program installed on your computer. Antivirus continuously scans for Internet attacks and malicious web pages that try to download ransomware without you knowing it.

Did you know CompuClever offers a comprehensive Internet security solution that continuously blocks Internet attacks and malicious web pages that try to download ransomware without you knowing it?

Check out CompuClever Antivirus PLUS, an innovative security software. CompuClever Antivirus PLUS has received a full mark with a rating of “SOLID” from the prestigious VB100 antivirus testing lab.

2) Hang up the phone on “Microsoft tech support”

Microsoft or any other software company never, ever phones (or emails), offering to help fix a problem they have identified on your computer. If someone claiming to be from tech support phones you up, hang up the phone immediately.

3) Backup your files on an external disk

Make sure important such as photos, music and videos are stored on an external backup drive. Backing up data is easy to do, thanks to cheap USB drives that now have more storage space than some laptops.

If you do download ransomware, before paying the cyber-crooks a single cent, ask a computer-savvy friend for help or obtain professional tech support.

There are many reputable programs and utilities that can help you gain control of your computer.

Have a request for Tech Corner? Email me at newsletter@compuclever.com.

The post How to Protect Your Computer from Ransomware appeared first on CompuClever.