Geeks in Phoenix

Geek Blog


Five things to look at to protect your computer when working from home

With more and more people working from home, keeping your personal computer safe and secure is essential. There is always somebody out there that will want to get your information and data. So here are five (5) things to look at to protect your computer when working from home.

Five things to look at to protect your computer when working from home

It is hard not to be paranoid when it comes to the security of your computer at home. You hear about all the ways that the bad guys can get access to your data. But with a few simple changes, you can harden the security of your personal computer.

E-mail

Protect your computer from malicious email when working from home

E-mail is the most popular way for the bad guys to get access to you. They will try and infect your computer with a malicious attachment or get you to go to a compromised website to get your information. Sometimes they just want you to respond to their e-mail with your personal information.

Either way, e-mail is currently the largest source of attacks and scams. But there are some simple things you can do to protect yourself. The first thing you want to look at is how you view your e-mail.

Now e-mail can be written using two (2) different formats: plain text (like in a .TXT file) or HTML (like the code used for websites). Plain text e-mail cannot have any special formatting, but HTML e-mail can.

Just like malicious websites can have hidden code that can download and install malware, adware, and viruses, so can malicious HTML formatted e-mail. There is no difference between the two.

So, just like if you went to a malicious website and viewed an infected web page that had a malware payload inside of it, displaying a malicious HTML formatted e-mail has the same effect.

The best way to avoid downloading the contains of an HTML formatted e-mail is by not using the preview feature in your mail program. Most of them, like Outlook and Thunderbird, can turn off the preview pane. If the HTML formatted e-mail can not be rendered, it cannot execute the code inside.

One thing to remember is that if you do not know or recognize the person or company that sent you a questionable e-mail, just delete it. It is not worth the trouble a malicious e-mail can cause just to see what is in the e-mail.

While on the subject of malicious e-mail, knowing how to spot a piece of junk mail is essential. I go into more detail on how to do it in the following article I wrote a little while back.

How to spot a piece of spam e-mail

There is another option when it comes to e-mail security, and that is using an anti-spam program. Since I get hundreds of e-mail a day, I started using the anti-spam program MailWasher almost two decades ago. It is perfect for getting rid of junk mail.

For more information on MailWasher, check out this article I wrote a couple of years ago. They have a paid version and a free version.

Eliminate spam from your inbox with MailWasher 7.5

Tech scams

Protect your computer from a tech scam when working from home

Tech scams have seemed to lose there popularly with bad guys. I guess is it because consumers are getting smarter and not falling for them anymore. But you still get them from time to time, so here is a link to an article I wrote about avoiding them.

How to handle a tech scam

The bottom line is, don't give them any information and, whatever you do, do not provide them with access to your computer!

Software updates

Protect your computer with software updates when working from home

Allot of people don't apply updates to Windows and other programs because they are afraid that the upgrades will break the software. Yes, it does happen occasionally, but not regularly.

Sure, I have had my fair share of repairing computers that have experienced a failed update. But more often than not, updates install flawlessly. With all of the testing that software manufacturers do to updates, a failed upgrade is kind of rare.

But recovering from a virus or malware infection that could have been prevented by applying software updates can be expensive. And kind of embarrassing too.

Then there is using an operating system, like Windows XP, Windows Vista, or Windows 7 that has reached its end-of-life and no longer gets security updates. I get the "I just like the way it works" or "My software won't run on the latest version of Windows" arguments.

I have found solutions to those arguments, and many like them. When there is a will, there is a way. But running unpatched software is just way too dangerous. Bite the bullet and apply updates or upgrade your software.

Anti-virus software

Protect your computer with anti-virus software when working from home

This is another piece of software you have to keep an eye on. The biggest problem I encounter is expired anti-virus licenses. A customer will get a new computer with anti-virus software preloaded that has a 30 or 60-day trial license.

When the trial license expires, they just ignore the pop-ups telling them about the expired license. Luckily, Windows 10 has a highly rated anti-virus program (Windows Security) built-in. It will usually take over when a trial anti-virus license expires.

Typically when I set up a new computer for a customer, I ask them what they want to do about anti-virus software. The majority of them tell me to remove the pre-loaded trial version of anti-virus software.

If they don't have a preference for a particular anti-virus program, I have them go to an independent, third-party website like AV Test and check the ratings for the different anti-virus software.

A lot of people are surprised that Microsoft's Windows Defender / Windows Security is rated so high. Microsoft has worked hard over the years to improve its anti-virus software.

Now the cool thing is even if you have installed another companies anti-virus software on Windows 10, Windows Security will see it and set it as the default. But you can still have Windows Security do periodic scans.

Routers

Protect your computer with your router when working from home

This security tip may or may not affect you. If you lease your router from your Internet Service Provider (ISP), then this topic is not relevant to you. If you own your router, then this will be of interest to you.

Home Internet routers have always been a target for the bad guys. There are two reasons for that: First is the fact that home users don't usually change the default administrative passwords. Luckily, a few years ago, router manufacturers started to install complicated default passwords.

The second reason is that once people set up their routers, they have a tendency not to think about them anymore until something goes wrong. Its as I like to call it, the set it and forget it syndrome.

Just like I discussed updating software earlier in this article, your router also has software that gets updated. It is called firmware, and it is the operating system for your router. Think of it as what Windows is to your computer; the firmware is to your router.

Now the problem is that the firmware in your router does not get automatically updated. You have to do this manually. And sometimes it can be kind of hard to determine what version of firmware your router is running, if there is an updated version of firmware for your router and how to go about upgrading the firmware of your router.

The first place to start is to log into your router and find out what version of firmware it is running. It is usually listed right on the first screen. From there, you go to the manufacturer's website and find the product page for your router. What you are going to need is the manual for your router.

An effortless way to find it is by just searching on Google. Just search for manufacturer model manual, and the product page for your router should be in the top three (3) results. Once you have the manual, you can search it for Firmware Update, and it should explain where to go inside of your router to look for and upload a new version of the firmware.

Now that we have looked at the firmware of the router, let's take a look at the security of your router. The bad guys regularly scan an ISP's range of IP (Internet Protocol) addresses looking for open ports to attack. An IP address is a unique string of numbers that identifies each device on the Internet.

We now want to check and see if your router has any open ports that can be used by the bad guys to gain access to your router or any of the devices inside your network. For this, we want to do an unintrusive scan of all of the service ports on your router.

Gibson Research Corporation has a fantastic tool for doing this called ShieldsUp!. Just go over to the website, and under the Services pull-down, you will find ShieldsUp.

Once you get to the ShieldsUp! page click on the Proceed button. From there, you can select from several different types of scans. I recommend the All Service Ports scan.

Once the scan is complete, the webpage will display the scan results. If you score a perfect rating, you are good to go. If any ports that require attention, the webpage will tell what you need to do.

Toughen your computer security with EMET 5.1

Keeping your computer secure has always been challenging. It seems like every week there is another exploit making the rounds. Nobody can predict what kind of attack hackers will use next. But you can protect your computer from the most common actions and techniques used with the Enhanced Mitigation Experience Toolkit 5.1 (EMET).

The main screen inside of EMET 5.1
The main screen inside of EMET 5.1

What is EMET? It monitors selected programs (Internet Explorer, Microsoft Office programs, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET can block or even terminate the program in question. It will also validate digitally signed SSL certificates inside of Internet Explorer. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

The about screen inside of EMET 5.1
The about screen inside of EMET 5.1

EMET 5.1 includes the following improvements:

  • Attack Surface Reduction (ASR) has been updated to limit the attack surface of applications and reduce attacks.
  • Export Address Table Filtering Plus (EAF+) has been updated to improve and extend the current EAF mitigation.
  • 64-bit ROP mitigations have been improved to anticipate future exploitation techniques.
  • Several security, compatibility and performance improvements.

EMET can also be customized via the registry (see EMET manual for instructions). Here are a few of the items that can be modified:

  • Enable unsafe configurations.
  • Configuring custom message for user reporting.
  • Configuring certificate trust feature for third party browsers.
  • Configuring local telemetry for troubleshooting
  • Configuring EMET Agent icon visibility.

Here's a quote from Microsoft's website:

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

EMET should never monitor anti-malware and intrusion prevention or detection software, debuggers, software that handles digital rights management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies. Click here for the EMET 5.1 application compatibility list.

For more information on EMET, follow the links below,

Enhanced Mitigation Experience Toolkit 5.5 download

Strengthen your computer security with EMET 5

It seems like every day, a new software exploit or vulnerability is found. Software vendors work hard at keeping their software secure, but it can take time to test and deploy patches. So what can you do to protect your computer? The Enhanced Mitigation Experience Toolkit (EMET) from Microsoft does just that.

The main window inside of EMET 5
The main window inside of EMET 5

EMET is designed to prevent attackers from taking control of your system. It works as 'shim' in-between your programs and the operating system. EMET looks for the most common attack techniques and will block and terminate any program it is monitoring. EMET works alongside your favorite anti-virus and anti-malware programs for layered security.

I have been using EMET as part of my layered security for years and have written a few blogs on it. With each version, Microsoft keeps improving it. Some of the improvements in EMET 5 include Attack Surface Reduction (ASR), Export Address Table Filtering Plus (EAF+), and 64-bit ROP mitigations. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

There are two (2) different ways to configure EMET, a Graphic User Interface (GUI) and a command-line tool. It is best to configure EMET through the GUI since the command-line tool doesn't allow access to all EMET's features. The built-in configuration wizard will enable you to use either the recommenced settings, keep previous settings (upgrade install), or manually configure EMET (new install).

Easily configure programs to monitor in EMET 5
Easily configure programs to monitor in EMET 5

Once you have EMET installed, it's pretty easy to add programs to monitor. Just open the program you want EMET to watch and then open EMET. On the lower part of the main window, you will see Running Processes. Just find the program you want to monitor in the list, right-click on it, and select Configure Process. You will have to restart any program you have just configured inside of EMET.

For more information on Microsoft EMET 5, follow the links below.

Enhanced Mitigation Experience Toolkit 5.0 download

How to use layered security to protect your computer

It seems whenever I tell someone that I repair computers for a living, I almost always get asked the question "What do you recommend for anti-virus software?". I tell them that I use a layered approach to security, not relying on just one program for protection. I personally don't like to use all-in-one security suites. It's not that I don't trust any particular software; I just don't like having just one piece of software protecting my computer. Here's how to use layered security to protect your computer.

Protecting your computer with layered security
Protecting your computer with layered security

Software firewall

Windows has had a pretty good firewall built-in since Windows Vista and it's turned on by default. It comes pre-installed inside of Windows and is ready to go. There are also some great stand-alone programs like ZoneAlarm. This is also one of those additional features of all-in-one security software. It's your choice.

Anti-virus software

This one is a no brainer. There are plenty of free and retail anti-virus programs on the market, and I have used quite few different ones over the years. Some internet service providers like Cox Communications even offer free security suite software. The only thing to keep in mind when picking an anti-virus program is the performance of the system you're installing it on. I would not install a full-blown security suite like Norton or McAfee on a tablet or netbook.

Anti-malware / anti-spyware software

Anti-virus software normally looks for, you guessed it, viruses. I've cleaned out quite a few pieces of ransomware that anti-virus programs missed because it wasn't a virus. Quite a few of anti-malware programs are meant to be run side-by-side with anti-virus software. But there are a couple of exceptions to this rule: McAfee software doesn't like to work with Malwarebytes Anti-malware, but it can. And never install Microsoft Security Essentials along with SuperAnti-Spyware, as they are completely incompatible. It's a long story, but basically they are the same program.

Enhanced Mitigation Experience Toolkit (EMET)

EMET actuality works as a shim between programs and the operating system. It looks for known patterns of attack and can prevent programs from getting access to the operating system. It can prevent a hacker from using security holes in programs until the developer issues an update. Just configure EMET to monitor any program that can access the Internet. I've seen it work first hand (rouge flash inside of browser) and it does what it's meant to do.

Security made easier with Microsoft Security Essentials 2

In a previous article, I discussed Microsoft Security Essentials (MSE). I like the ease of use, the integration with Windows Update, and the small footprint it has, especially on my netbook. Recently, Microsoft has released Microsoft Security Essentials Version 2 with some new features, including a new and improved protection engine, Windows Firewall integration, and a Network Inspection System.

Microsoft Security Essentials Version 2
A new look for MSE V2

As you can see, the user interface changed slightly, with a new color palette and mesh graphics. There are a few more options for the user to configure, but it is still one of the easiest anti-virus applications to setup. For more on the major improvements, here is a quote from the MSE web site:

Windows Firewall integration
Windows Firewall can help prevent attackers or malicious software from gaining access to your computer through the Internet or a network. Now when you install Security Essentials, the installation wizard verifies that Windows Firewall is turned on. If you have intentionally turned off Windows Firewall, you can avoid turning it on by clearing a check box. You can change your Windows Firewall settings at any time via the System and Security settings in Control Panel.

Network Inspection System
Attackers are increasingly carrying out network-based attacks against exposed vulnerabilities before software vendors can develop and distribute security updates. Studies of vulnerabilities show that it can take a month or longer from the time of an initial attack report before a suitable security update is developed, tested, and released. This gap in protection leaves many computers vulnerable to attacks and exploitation for a substantial period of time. Network Inspection System works with real-time protection to better protect you against network-based attacks by greatly reducing the timespan between vulnerability disclosures and update deployment from weeks to a few hours.

Award-winning protection engine
Under the hood of Security Essentials is its award-winning protection engine that is updated regularly. The engine is backed by a team of antimalware researchers from the Microsoft Malware Protection Center, providing responses to the latest malware threats 24 hours a day.

Now, in going through the program, I did find two options quite interesting...

Microsoft Security Essentials Version 2
Enable behavior monitoring and Enable Network Inspection System options in MSE V2

I did a little digging in the MSE V2 Help file and found this description of these features:

Enable behavior monitoring
This option monitors collections of behavior for suspicious patterns that might not be detected by traditional anti-virus detection methods.

Enable Network Inspection System
This option helps protect your computer against “zero day” exploits of known vulnerabilities, decreasing the window of time between the moment a vulnerability is discovered and an update is applied.

Here are a few of the other changes inside of MSE V2:

  • Microsoft Security Essentials also supports Windows XP Mode in Windows 7
  • The ability to limit CPU usage during scanning
  • Automatic removal of quarantined files after a set amount of time
  • You can now select between monitoring all files, incoming or outgoing

Microsoft Security Essentials Version 2 is available for Windows XP (SP 2 or SP 3)(x86), Windows Vista (x86, x64), and Windows 7 (x86, x64) and can be downloaded here.

Note:
The only issue I came across was that the update function inside Version 1 would not update the program to Version 2. I tried it on a couple of systems without success. I had to uninstall Version 1 first, then install Version 2.

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Diagnosing PC problems can be time-consuming. From running memory checking software to scanning for viruses, these are processes can take some time. We base our in-shop service on the actual time we work on your computer, not the time it takes your computer to work!

Contact us

Geeks in Phoenix
Professional service at an affordable price!
4722 East Monte Vista Road
Phoenix, Arizona 85008
(602) 795-1111

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube

Geeks in Phoenix is an IT consulting company specializing in servicing laptop and desktop computers. Since 2008, our expert and knowledgeable technicians have provided excellent computer repair, virus removal, data recovery, photo manipulation, and website support to the greater Phoenix metro area.

At Geeks in Phoenix, we have the most outstanding computer consultants that provide the highest exceptional service in Phoenix, Paradise Valley, Scottsdale, and Tempe, Arizona. We offer in-shop, on-site, and remote (with stable Internet connection) computer support and services.

Copyright © 2020 Geeks in Phoenix LLC