9 Steps to Removing Viruses Before You Go Nuclear

Don't get tricked by fake antivirus

Your PC is running super slow and you're getting annoying pop-ups probably trying to sell you some fake antivirus.  What do you do?  One option, which I call the "nuclear option," is to back up your data, format your hard drive, reinstall your operating system and all your applications (where did I put those reinstall disks and product keys?), then restore your data.

But before you go to the nuclear option, you probably want to try to remove the virus or malware.  It is less time consuming, will effectively remove the malware, and you won't have to spend the next three weeks reinstalling all the applications.  


9 Steps to Eradicate Viruses and Malware

1. Boot your PC into Safe Mode with Networking by pressing F8 while booting up
2. Delete Internet cache and temp files by going to My Computer - right-click on C-drive -  properties - Disk Cleanup
3. Download, install, and update Malwarebytes (free version)
4. Run Malwarebytes - Full Scan; remove any detected infections
5. Update your antivirus program and run a full scan (some AV programs must be run in Normal mode); download AVG Free if you need a good AV program
6. Remove any detected infections
7. Reboot PC into Normal Mode
8. Re-run Malwarebytes and rescan with your AV program to verify that PC is clean
9. If malware persists, download, install, update and run Combofix

If you are still unable remove the virus, call your computer guy or AXICOM.  Computer techs typically charge about $150 to $200 to remove viruses.  Then there's always the "nuclear option."  Good luck!

12 Tech Must-Do's To Protect Your Business

Defending your Business Against Disaster


There are more threats to your business today than there have ever been.  Cyber-criminals are scouring the Internet for vulnerable networks seeking passwords, credit card numbers, and social security numbers.  Hard drive failures and virus infections can wipe out your data.  Computer theft, fires, water damage and natural disasters can destroy your computers and servers and the data they contain.  Employees may turn rogue and snoop around your systems to gain a salary negotiation advantage, take a copy of your customer data and get a better job with a competitor, or make a few extra bucks selling your data to competitors, cyber-criminals, and identity thieves. 

These threats are very real and woe to the business owner or CEO who thinks "it will never happen to me" or "my business is too small" or "my data has no value to anyone."  Owners and CEOs who are unconcerned or underestimate the threats are the perfect prey for the cyber-criminal or the perfect victim for disaster.

Here is a quick 12-point checklist of the minimum safeguards you must have in place to protect your business, your computer network, and your data.  Please note the "recommendations" and take them to heart: just because you antivirus doesn't mean you have RIGHT antivirus and just because you have a firewall doesn't mean you have the RIGHT firewall or that it's configured properly.

     1.  Use two methods to backup your data.

• Use two methods of data backup for redundancy: onsite and offsite/remote
• Use a disk imaging technology for faster disaster recovery in the event of a catastrophe such as break-in, fire, flood or earthquake.
• Update your data daily; update your server images at least monthly.
• Recommendations: Symantec System Recovery (onsite) and AxiVault (offsite/remote).

     2.  Use really, really good and easy-to-remember passwords.

• Long passwords (12 to 18 characters or longer) makes it impractical for cyber-criminals to attempt to hack your password via brute force or rainbow tables so they will move on to easier prey.
• If you use cloud computing, a strong password may be your only defense against intrusion.
• Recommendation: Use a long, complex, easy-to-remember passpharase (e.g., An*ounce*of*prevention or Fly^fishing^is^fun).

     3.  Deploy multi-layered, comprehensive antivirus and anti-spyware.

• Protect each desktop computer, file servers, mail servers and your firewall.
• Keep the subscription always active: Never let it lapse.  
• Don't use "free" antivirus in your business.  Free versions don't have the features to adequately protect your business network.  Use the free versions for home PCs only.
• Recommendations: AVG Business and Trend Micro SMB

     4.  Keep security patches up to date.

• Deploy security updates on all computer and PCs.
• Don't rely on automatic update feature in Windows or users to update their security patches.
• Recommendation: Use a third party product or service to manage security patch deployment.

     5.  Purchase a high-grade firewall.

• Your firewall should support intrusion prevention, gateway antivirus, and deep packet inspection to clean the Internet traffic streaming into your network.
• Avoid home or SOHO routers which don't have adequate firewall functions to protect your business from Internet threats. 
• If you set up your firewall yourself, have your tech professional review the settings  to verify that it is properly configured.  A mis-configured firewall is as dangerous as having no firewall.
• Keep your firewall firmware up to date.  The latest firmware will upgrade the security features.
• Recommendation: Sonicwall with Comprehensive Gateway Security Suite

     6.  Configure proper user account and password security policies.

• Lockout user accounts after 10 failed attempts.
• Configure PCs to lockout users after 5-15 minutes of inactivity.
• Passwords should be at least 12 characters long and use upper/lower case letters, numbers and/or special characters.
• Change user passwords at least every 60 days if you are in a high security threat business such as banking, financial services, accounting and insurance. 
•  Windows Active Directory allows you to easily configure password and security policies.

      7.  Keep your servers behind locked doors.

• Limit physical access to servers to only those personnel who require access. 
• All security prevention measures are useless if some has physical access to your servers or computers.

     8.  Encrypt data on mobile or portable devices.

• Use a complex 12 to 18 character passphrase for the encryption key for maximum security.
• Encrypt USB flash drives, notebook hard drives and tablet computers.
• Android-based tablet encryption must be enabled manually.
• Recommendations: PGP (multiple devices) or TrueCrypt (individual devices)

     9.  Subscribe to a really good anti-spam and email security service.

• A good email security service such as AxiBlock will protect against phishing scams and email viruses.
• Email phishing will dupe users into downloading key loggers and trojan viruses.  
• Don't send sensitive information such as credit card information, social security numbers, etc. through email.  You never know who good the recipient's security is.

     10.  Implement virtual private networking (VPN) for remote access.

• Close/block remote desktop (RDP) services on your firewall.
• Users connecting remotely should connect via VPN, then use RDP
• Recommendation: SonicWall firewall with VPN

     11.  Keep all your software current.

• New versions of software always have security enhancements which will protect your business and your data.
• Old, outdated software have security vulnerabilities and usually aren't supported by the vendor.
• Make sure you are using the most current operating systems (Windows), applications (Office, Photoshop, Quickbooks) and utilities (Acrobat, Flash).
• Consider software subscriptions offered by your software vendors such as Microsoft's Software Assurance.

      12.  Get on a managed service program with your tech professional.

• Managed services, such as AxiGuard, will monitor your computers, manage your data backup, provide daily maintenance and clean up of your network and prevent problems before they occur.
• Letting a tech professional manage your technology will free you to focus on making your business better and more successful.
• Use a tech professional to set up your security the RIGHT way: this is not a do-it-yourself project.  

Additional Recommendations

• Have a disaster recovery plan in place.  What steps would you take if everything burned in a fire tonight?  Recommendation: consult with your tech professional.
• Use an uninterruptible power supply (UPS) to protect your servers, networking equipment and even computers from voltage spikes or sags.  Recommendations: APC
• Keep your servers and networking equipment cool and ventilated.  Heat will dramatically shorten the life of your equipment.

The technological threats to your business are many and varied.  By following this 12-point checklist, you will go a a long way to mitigate those threats and reduce your exposure to disaster.

Why Cyber-Criminals Want Your Password

Gaining your password is the Golden Ticket to a cyber-criminal.  But why would they want your password?  The irony is that some people think that have nothing valuable that a criminal would want so they use weak, convenient passwords.  The truth is that you have valuable treasure sitting in your inbox.

Your Email is the Gateway to Criminal Riches

You may think that it is ridiculous that a criminal wants access to your email account.  After all, your mailbox only contains some bad jokes, chain letters, and a ton of spam.  Wrong!  Don't you remember that bill reminder from your bank? If a cyber-criminal gets access to your email, they now know where you bank.  But that's okay, because your online bank account is protected by personal security questions that you only know the answers to, like your mother's maiden name, your high school mascot, or your favorite movie, right?

But wait, the criminal has full access to your mailbox so it's not much of a problem to go to Facebook and request a password reset which sends a reset code to your mailbox.  By creating a new Facebook password, the criminal now has full access to your Facebook account and can view the names of your family members, your high school you attended, and favorite books and movies.  That means that they could easily ascertain your mother's maiden name, your high school mascot and your favorite movie.  That information will allow them to access your online banking account information.

So the cyber-criminal has access to your  bank account they can use the bill pay to send themselves a check or transfer money to one of their disposable online accounts like PayPal.  Cyber-criminals can use the same techniques to access your online credit card account and download your latest bill which contains the full credit card number.
 

Other Mailbox Gems

Another gem for a cyber-criminal who has access to your mailbox, is your Social Security Number (SSN).  Maybe you sent a copy of your tax return or tax prep organizer or a completed credit application, to your bank, mortgage broker, a product vendor or tax preparer.  Or you may have emailed your SSN to your spouse for one reason or another.  Perhaps you one time sent or received a copy of your credit report.  If your SSN is anywhere in your mailbox, a cyber-criminal with access to your mailbox will find it.

With your SSN, personal address, phone number and other contact info, mother's maiden name, a cyber-criminal can open up credit card accounts or bank loans in your name and start running up charges.

If a cyber-criminal has access to your mailbox, then they can download your address book which has the names, addresses, phone number and email addresses of all your friends and family.  These are great leads for a cyber-criminal's next victim.

Cautious Passwords

One needs to exercise much caution and forethought when choosing a password for their mailbox and Facebook.  See your mailbox through the eyes of cyber-criminal as a treasure chest and toolbox to do evil.

Your best protection is to use a long password of 12 characters or more using a complex mix of letters, numbers, and/or special characters. Plus it must be remember.  The technique I prefer is to use a phrase and substitute special characters for the spaces.  Here are some examples:

     Full%Court%Press
     Exercise*for*30*minutes
     Picasso^paints^well

This password technique will foil most tools used by cyber-criminals, namely guessing and dictionary attacks.  They will be forced to use a brute force hack or rainbow tables.  Both techniques will be impractical because it will take too much computing power, storage and time to crack your password and they will move on to easier targets.

Apple Release iPad 3 ... er ... the New iPad

So Apple has announced today the latest version of their iPad tablet called the new iPad.  It has some pretty good upgrades including a high resolution retina display, a 4G LTE option (yeah!), 1080p HD video and a 5 megapixel rear camera.  Unfortunately the new iPad does not have Siri voice recognition.  Pricing is the same as the first two versions ranging from $499 for the 16GB wifi-only model to $829 for the 64GB LTE version.  Availability is March 16.

But the biggest news is that Apple has shaved $100 off the price on their iPad 2 tablets which now start at $399 for the 16GB wifi-only version and $529 for the 16GB 3G model.  This price gets it closer to the very popular Android OS Kindle Fire tablet from Amazon but you can still buy two Kindle Fires for the same price as an Apple iPad2.