Click here to view current Bits From Bill posts Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Thursday, April 10, 2014

April Security News is Serious

Many of my friends have been asking for my opinion of a couple security issues which have been in the news.

The first is Windows XP which was launched in September of 2001. Microsoft announced last year that after April 8th, 2014 it would no longer provide support for Windows XP and Office 2003.

The second concern is for something known as HeartBleed. This could be dangerous to anyone who visits a website no matter what kind of device you use.

Microsoft Windows XP
I realize that many of you can not or will not upgrade your computer currently running Windows XP.  It may not happen today or even next month but it’s only a matter of time before your computer is infiltrated and is useless.  Start putting aside some money, backup your data regularly and look for alternates to programs you can’t do without.  I’m sorry but it’s only a matter of time.

If someone on your home or business network is using Windows XP, turn off their access. When their machine is attacked it will compromise your entire network.
mifihotspot[8]

If they really need Internet access consider getting them a separate connection perhaps through their phone or with a separate hotspot.


Many of you asked about using WinPatrol which is a great idea but doesn’t address the big picture. The security guru’s at Microsoft spend a lot of attention on flaws or vulnerabilities in software.  When they find a hole that lets hackers in, they create a patch. After a great deal of testing they release fixes on what we called “Patch Tuesday."

WinPatrol will continue to notify you of regular changes to your computer but the ability to patch vulnerabilities isn’t its specialty. What I will be doing is paying attention to what I hear from hackers. When possible, we will notify WinPatrol users if a particular file or ActiveX component is found to have a vulnerability. WinPatrol PLUS will allow you to disable ActiveX components by setting their Kill Bit. This is the most we can do and will require quick action.

OpenSSL - Heartbleed
On Monday researchers disclosed a serious flaw in a open source program used by almost half the web servers around the globe. A version of the program called OpenSSL allowed hackers to grab a chuck of recently active protected memory.  This memory could contain anything from names and passwords to someone’s grocery list to decoded government or industrial secrets.  Any kind of data that is communicated could be snatched. After collecting unlimited chucks of data a hacker could make a game out of figuring out what segments could be valuable. Each chunk was 64K like the total addressable memory of the Commodore 64.

Some media outlets like the BBC have repeated the advise to change every password you have. There is no trustworthy list of up-to-date/time safe computers but a list created yesterday claims to have tested 10,000 popular sites. Most have been updated by now but you’ll want to be sure before changing any password or even signing on.  An updated list should be available soon.

A number of tools for consumers have sprang up allowing you to verify in real-time if a website is currently safe. I found the following to run my own tests.

 

heartbleed
Click image to test your favorite site

My web sites have been hosted by the company, Verio and I was pleased to see my information was safe It doesn’t mean it was always safe but if not, at least Verio was quick to apply a fix. I can confirm no personal or financial customer data is stored on our web servers.

I wouldn’t necessarily advise you to change all your passwords. Before you do, you’ll certainly want to be sure the company is aware of Heartbleed and has updated their security.  Over 56.8% of the companies on the list of 10,000 are listed as safe because they don’t even use OpenSSL.  Another 36.9% tested safe yesterday. That leaves only 6.3% were vulnerable when the news was announced.

I have changed some of my more important passwords but I regularly changes passwords anyway. I did change my Yahoo passwords since they were mentioned in many news reports and acknowledged using OpenSSL.  Considering Google was involved in disclosing this bug it’s interesting that Yahoo was used as an example. Many friends of Google were notified so they could update their version of  OpenSSL before the information was made public.


While you may notice my tone is not meant to create panic, I personally consider this failure as devastating. I started developing online services for consumers 30+ years ago and this is the “utmost cock-up”.  I don’t fear the damage caused by this threat as much as I worry about what this general lack of  oversight represents.


You can find more details online from our favorite security investigator,
Brian KrebsonSecurity  and official reports sponsored by Homeland Security on the Carnegie Mellon CERT database.   The list of 10,000 is located at
https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

Labels: , , , , , , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Sunday, April 06, 2014

Give a Gift of WinPatrol PLUS

I often receive email from long time WinPatrol users asking how they can give a lifetime PLUS upgrade to one of their friends. I feel a special bond with our loyal PLUS members. They send me kind messages saying that WinPatrol is their must-have program and the first they install on new or rebuilt computers.

Giving the gift of WinPatrol PLUS is easy and even recommended by USA TODAY when tech writer Byron Acohido suggested that “WinPatrol may be one of the best kept secrets in computer security.”
usatodaygift
Click on the image above for the full article or click the image below to learn how to give WinPatrol PLUS to someone who could benefit from our PLUS features.
gift

Click to go to
http://www.winpatrol.com/gift.html


If your friend isn’t worth $29.95 you can also recommend our free version of WinPatrol. Installing WinPatrol is fast and easy but our free license does include one restriction. If you install WinPatrol to protect your friend they must be informed and educated on how WinPatrol works. I have received Emails and threats from folks who had WinPatrol installed by well intended friends without their knowledge.

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Monday, March 17, 2014

Safe Updates & Discounts For Windows XP

There are a variety of services that help keep your important software updated. We've added a  "Check for Safe Updates" button  to integrate a new version checking feature directly into WinPatrol. It won’t be the most powerful but in the WinPatrol spirit our goal is to make sure updates are safe and folks are educated to all possible risks.
safeversionbutton












Previously this button checked for new versions of WinPatrol but it has been expanded to include version checks for popular software packages. When you click this button we'll compare your version against the newest safe version available. If updating is recommended you'll see a safe link that goes to the official download page for the software.

This is critical because bogus sites are showing up on the top results page with Google, Bing and other search engines. It's easy to find yourself on web page that tries to trick you into downloading software wrapped with a setup program that installs additional unwanted software.

Even a legitimate company like Oracle has partnered with toolbar and anti-virus companies. The revenue they get when anyone installs the parasitic software is significant. Considering the installed base of Java users and now often they need security updates it’s a very lucrative market. The WinPatrol PLUS Safe Update Engine will also warn you about these threats and show you sample screen shots of what you might expect.

javaask
Every time a new version of Java is available Oracle will try to push other software unrelated to Java. In some cases they’ll receive over a dollar for each customer lead.

Restore Deleted Files

Our second big feature came after feedback from radio host and America’s Digital Goddess, Kim Komando. In a recent article, Kim recommended WinPatrol but cautioned her readers about the dangers of deleting files that may be required. WinPatrol has always provided a History button that allows you to Restore any Startup Programs but she had a point when it comes to the removal of hidden files.

The files will now quarantined in a WinPatrol vault. We will also include a command line scripts that can be used to restore any files that had been hidden. The command-line scripts are created for a worse-case scenario when someone deletes a file that is required for Windows to run. The script or .bat file can be run in safe mode or a command-line mode.

PLUS Discount for Windows XP

The new Safe Update Engine will also detect which version of Windows you're running. If appropriate we will advise you to any potential problems. For instance, if someone is still using Windows XP we will offer timely protection tips. It’s clear not everyone can or will be upgrading immediately. Some businesses have software or hardware that still requires Windows XP.  Unfortunately, an XP machine could be infiltrated and turned into a "bot" that could be used to send SPAM or deploy viruses.

If our Safe Update Engine detects you're using Windows XP you'll see a link to a special Windows XP purchase page. The name of this page will routinely change but it will have a PayPal button that allows you to upgrade to WinPatrol PLUS for only $2.00 USD. If you can’t afford a Windows upgrade we’ll make sure WinPatrol PLUS is affordable.

safeupdatexp

This is section of the results provided by the WinPatrol PLUS Safe Update Engine. In this example, the special offer is provided when the Safe Update feature detects Windows XP is running.

Labels: , , , , , , , , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Thursday, March 13, 2014

Tell Microsoft to Rethink Windows XP Guidance

On the surface(no pun intended) it’s not unreasonable for Microsoft to drop support for Window XP. At least that’s what I used to think.  Richard Hay of WindowsObserver.com shares a common opinion, “XP is 13 years old - hardware and OS's have changed so much since then.”  He’s right of course but I realized my car is even older. It doesn’t have built-in GPS, backup cam or even an iPod connection but I’ll keep it. The impact of Windows XP on our planet & me is still much bigger than my ‘95 Camaro Z-28.

xplaunch4In the fall of 2001 Bill Gates stood on a stage in New York City and proudly introduced us to Windows XP. It was the largest launch event I had attended complete with a concert in the park by Sting.

As Microsoft prepared for the launch they were encouraged by then Mayor Rudy Giuliani to hold the event in NYC. After the trauma of 9/11 a large event was needed to show the world the city was safe and open for business. Microsoft did the right thing.


On April 8th, 2014 Microsoft will cease support for Windows XP inviting hackers around the world to have their way with any system still using XP. While it may seem reasonable Microsoft has provided limited guidance. Their advice; upgrade to Windows 8.x or even Windows 7.

Windows is not like any other product.
You can’t compare Windows to any other tool in or outside  the computer industry. The courts may have ruled Microsoft did not hold a monopoly but the impact of Windows world-wide is beyond a normal product life cycle. The justice system did acknowledge a substantial cost would be occurred choosing an alternative to Windows on an Intel based system.


windowsxpeos  Click for updated count down info

Microsoft making an effort to encourage upgrading and is providing help to business customers who need to make the transition. The site makes it clear what will change in support and security risks.  “you will no longer receive security updates, fixes or online technical support for PCs still running Windows XP SP3 and Office 2003.”
malaysiaxp
While Microsoft is trying to point to their actions as being reasonable their examples show the world isn’t ready to change. If 1 out of 6 computers in Malaysia are still using Windows XP it’s clear Microsoft is not providing a reasonable choice. Even if a cost was attached to continued support the option should exist. There must be a path available besides a completely new OS that may not support all the existing hardware or software.

Microsoft has sponsored a white paper which demonstrates the costs connected with continuing to use Windows XP. All data and costs predictions  are based on a world with no alternate support from Microsoft. No where in the paper are cost estimates if Microsoft was still involved in minor ways.

By not providing some kind of extended support Microsoft will fail to attract a new generation of users of microprocessor based devices. Many of us remember the quote, “Nobody ever got fired for buying IBM”. By ignoring history Microsoft is damaging its brand at a critical time in the market place. Modern customers want to hear the quote, “We’ve got your back.”

scotty128Ironically, Microsoft’s decision will increase sales of my own WinPatrol PLUS product which does support Windows XP.  WinPatrol has been in the market for over 16 years and while I will take advantage of many new Windows 8 features I’m still able to protect Windows XP users.

Let me be clear!
If you’re using Windows XP I strongly recommend you find a cost effective way to upgrade your computers. I’m happy if you upgrade to WinPatrol PLUS but to really be safe you need to a different version of Windows. After you upgrade, continue to use WinPatrol along with other security programs.  Millions of Windows XP machines will soon become malware infected “bots” sending out spam and attacking computers across the world with software vulnerabilities  as soon as they’re found.

Even if you aren’t running Windows XP let Microsoft know how you feel.  Use hashtag #april8th


Labels: , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit