Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, November 29, 2010

Favorite Tips for Online Shopping

It’s been five years since media coined the term Cyber-Monday but the truth is everyday is a  great shopping day online.  I planned on writing an article about the safety of online shopping but noticed everyone was already doing it.  Many sites provide the same duplicate tips. So I thought I might include some of the best tips and post them along with my favorites.

Eric Griffith wrote a good article for PC Magazine called
11 Tips for Safe Online Shopping
One unique tip from Eric was
Don't Tell All
”No online shopping store is going to need your social security number or your birthday to do business. But if a bad-guy gets them, combined with your credit card number for purchases, they can do a lot of damage. When you can, default to giving up the least amount of information.”

It amazes me how many free Email and other password reset schemes still use easy to find information like your high school, pet’s name and birthday. This kind of information is something that you should keep private.  When you do answer these questions make up answers that you’ll remember but aren’t accurate.

Corrine at Security Garden wrote her
Online Shopping Safety Tips including,

”At checkout, the site web address should be https: and there should be a closed padlock there or in the lower right corner of your browser.  If not, forget about it.  You will be giving away your credit card information!” 

Using PayPal with Internet Explorer notice the “https”

Yahoo Online Store using Google Chrome

For years I’ve heard people say they’re afraid to use their credit card online. As long as you see the https your credit card is safer than it is when you give it to the waiter at your favorite restaurant.

Webroot's safety tips for holiday online shopping included a tip that doesn’t just apply to shopping.
"Go straight to the site.
Rather than browse to online retailers through a search engine where you may encounter malicious links, type the store's URL directly in your browser.”

The bad guys are experts at search engine optimization and frequently “poison” search results with web sites you really don’t want to visit. Just because a web site is the first or second listed on Google doesn’t mean it’s safe. In many cases, the opposite it true.

I have some of my own best tips and the following tip was mentioned in all the articles I’ve mentioned so far.

Don’t use Public WiFi
It used to be only a real hacker with proper tools could capture your data when you used a public WiFi connection. Now the tools are available to anyone so shopping or any use of public WiFi comes with a real security danger. One of benefits of smart phone tethering is you can connect your laptop to your phone for a connection instead of using a public WiFi even if it’s free.

Special Check Out Offers

When you order is complete don’t be surprised if you’re offered a survey, free shipping or other offer that promises to take $5.00 or more off your last purchase. If you read the fine print you’ll find this check out offer may actually a membership. By accepting the offer you may be agreeing to being billed regularly for a membership you don’t want or need.

Take your time!

Don’t rush. Be sure to check into the shipping policy of the store and/or item you’re going to purchase.

Shipping Costs
There are some nice comparative shopping sites and even apps for your smart phone so you can find the lowest price available. Price isn’t everything.  You’ll want to be sure what the shipping costs are. Some times cost is based on price and not weight. Even if they ship in the same box, ordering multiples of the same item stores will multiply the shipping cost.

Shipping Date
Pay attention and make sure the item is in stock.   Be sure your ship date is well before you the date you need to have it wrapped and under the tree.

Return Policies
Lots to consider here but the one to watch out is the dreaded restocking fee.

Three years ago I wrote an article called.
Top Ten Online Shopping Mistakes

Most of those mistakes are still possible including…
False Credentials
”Just because a vendor displays images from the Better Business Bureau or eTrust doesn’t mean they really have been approved.  If buying from an unfamiliar store verify they really do have the credentials they claim.”

If you’re looking for a very unique gift to keep you family and friends safe I also recommend the Gift of WinPatrol PLUS. :)

Share on Facebook

Tuesday, November 23, 2010

Saving Your Sanity for the Holidays with WHS

Is there a good chance you’ll be under a little stress during this upcoming holiday season? Perhaps you already have a little stress in your life. How much would a hard drive crash or virus infection add to your normal anxiety?

There are some simple steps you can take to prevent the trauma of losing all your precious photos, music, financial data etc… As a security professional I’ll share a secret with you. There is no AV software or anti-malware technique which is 100% fool proof.  Anyone can get infected and have their computer compromised. It doesn’t matter if you’re using a Mac, Windows or even a virtual machine, there are no guarantees.

My number one tip for keeping your data safe hasn’t changed since you purchased your first computer. In a single word, BACKUP! It’s not unusual to hear that people have formatted their computer or even purchased an entirely new computer after getting infected by malware.

Do you have a regular backup procedure for your computer?  If not, stop reading this and create a backup plan that will save your critical data and prevent you from having a nervous breakdown. You’re going to have enough crap to deal with over the next month don’t let your computer become one of your concerns.

My recommendation isn’t necessarily the cheapest but it’s reliable and less expensive than any data recovery service. It could also save your sanity. This isn’t the first time I’ve talked about a Windows Home Server. A WHS is a stand alone device which connects to your network and automatically saves data from every computer, laptop connected to your network.  Once an initial backup, it will only backup changes and can do so on a daily basis.

HP EX490 1TB Mediasmart Home Server

This 1 TB Home Server is currently available for $425 but includes many more features than just a regular backup. I have added additional hard drives to my Windows Home Server and it currently backs up two desktop computers and two laptops. Since my investment, I’ve used it three times to rebuild a system that were either compromised by a Trojan or failed due to a bad hard drive. It helped save my sanity and perhaps my marriage. :)

If you already have a solid backup plan in place than consider a Windows Home Server as a gift for one of your friends or family members. It may not be as exciting as the Xbox Kinect but at some time in the future you’ll be someone’s hero.

Cloud Backup
My friend Cathy recently asked about online backup services…
”My nephew has had his 2nd laptop stolen at college.  It's so frustrating - he loses so much. All of his papers, homework, etc.  I thought maybe I'd buy him a subscription/membership to an online file storage site for Christmas,”

Online backup has one major advantage. It’s offsite so in case of fire or other disaster at your location, your data will be safe.  I’m confident in the safety of data being stored online but there’s one reason I haven’t subscribed to any online backup services.

Most internet service providers don’t provide a lot of bandwidth for uploading data.  Instead they assume customers will be watching videos and downloading music. If you’re like most consumers your upload speed will be 5-10 times slower than your download speed. One of the exceptions is Verizon FIOS which provides my internet connection. Even with an upload speed of 20 Mbps it would take me a month to backup my desktop to an online service. There may be a future in online backup, but it’s still in the future.

Happy Holidays
This week the holiday season officially begins so have a happy one. Keep your data safe and when you’re shopping online please be careful.

Share on Facebook

Wednesday, November 10, 2010

Beware over ambitious clean up programs

Last month I wrote about problems caused by the security company McAfee. An update from McAfee falsely accused my WinPatrol program of being a dangerous Trojan. A slow response from McAfee cost some business but mostly hurt our reputation for over a week.  I’ve had a number of people ask me how things were going since this annoying experience.

Unfortunately, my story isn’t unusual. What we call “False-Positives” happen all the time and reputable companies take them serious.  Most companies certainly don’t want to cause more harm than they help.

There’s another potential danger from programs promoted as Registry Cleaners and/or system optimizers. They can also delete program files or registry values that they decide may be harmful. How they decide what needs to be cleaned appears to be arbitrary. Currently, the only program of this type I recommend is Optimize 3 from PC Pitstop.

My most recent efforts have been to contact folks with Piriform a company who distributes a program called CCleaner.  This program is well respected as a utility which will help clean up your computer claiming to make it run faster and more secure. One of our friends found out if you’re a WinPatrol user CCleaner will remove one file you’ll want to keep.  CCleaner does provide an option to exclude WinPatrol which for now I recommend unchecking.

While I’m honored to be included, WinPatrol users will want to uncheck this box.  The history.txt file is an important file you won’t want deleted. The history.txt file stores a lists of actions you took using WinPatrol. If for some reason you want to recover a change you’ve made it won’t be possible without the history file. If at sometime you want to clean up this file WinPatrol already provides a button to initialize it.

I’m hoping to contact someone at Piriform so I can let them know what might be useful to clean without hurting WinPatrol.

My experience with McAfee wasn’t the best but they’re not alone. There’s an company in Norway called Norman which continues to classify WinPatrol as a Trojan even though I’ve contacted them multiple times. Since they’re not very popular in English speaking countries I haven’t had many complaints but I’m sure it has hurt our reputation in Europe.

I have however had some good experiences. In the past month I’ve had two reports of false positives caused by new software from Panda Security. After my first report last month they updated all their users and resolved the problem within 24 hours. This weekend I started to get new reports but they had it fixed before I found the time to report it.

Another security company ESET tells me their test procedures are so extensive that WinPatrol is included when they test any new signature files.

I’m also a big fan of the site  If you ever find a suspicious file you can uploaded it to VirusTotal and have it evaluated by up to 43 different anti-virus signature files.  VirusTotal also allows you to join their community and comment on files you test.



Update 11/11: I heard early this morning from a rep from Piriform and they have agreed to leave the history.txt alone but will continue to include WinPatrol logs in their clean up. Thanks!

Share on Facebook