CrexTechs Blog

I don't like to leave my computer on at night to run Vipre at 1 am and I don't want to set it to run earlier because I might be working on my machine and hate to have it run a deep scan while I'm working.   I do like to run my Vipre scan at the end of the day so I manually set my Vipre to run and shut down my computer automatically when it finishes.

Here is how:

When you are finished for the day, open the Vipre program by double clicking the icon on your desktop. (If you don't find the Vipre icon on your desktop look for the icon on the bottom right of your screen on the task bar or click on Start to bring up the Start Menu.  Vipre  might be listed on the left column of the Start Menu.  If not,  go to All Programs then to Sunbelt Security then to Vipre).

Once Vipre is open you will see four tabs across the top of the Vipre screen.  These are  Overview, Scan, Manage and Tools.  Click on the Scan tab.

(below is the new screen update 2011, click on the SCAN tab next to the OVERVIEW tab)

The Scan screen will open.  Select Deep

System Scan on the top left side of the Scan screen then on the bottom of the Scan screen select shut down computer after scan.

Click on Scan Now.

The scan will begin.  It might automatically download some definitions.  You can turn off your monitor but leave the computer running.  Vipre will deep scan and then will shut down your computer automatically when the scan is done.  The scan should take from 20 to 50 minutes.

I do this everyday, once a day, with my computer.

This comes to us from Vipre's SunBeltSecurityNews newsletter

You can subscribe using the following links:

http://www.sunbeltsecuritynews.com/Subscribe/

If you run Windows XP, subscribe to WXPnews and get the latest on keeping XP up & running, hints, tips and techniques to keep it fast and secure. You can subscribe here, and tell your friends: 
http://www.sunbeltsecuritynews.com/NK7DJ1/100317-WXPNews

If you run Vista or Windows 7, subscribe to Win7News and get the latest on keeping Win7 up & running, hints, tips and techniques to keep it fast and secure. You can subscribe here: 
http://www.sunbeltsecuritynews.com/NK7DJ1/100317-Win7News

Run Windows Server? WServerNews is the world's largest newsletter focused on system admin and security issues for Microsoft Windows Servers. Subscribe here, and tell your admin friends: 
http://www.sunbeltsecuritynews.com/NK7DJ1/100317-WServerNews

The Virus Doctor Speaks

A good friend of ours, Ken Dwight, is known as "The Virus Doctor". Recently, he ran into his own set of Internet problems which he so elegantly and eloquently explains below. I am sure many of you will sympathize with his plight. Fortunately, being the experienced computer guy that he is, Ken does offer some solution. 
http://www.sunbeltsecuritynews.com/NK7DJ1/100526-VirusDoc

One week ago today, on Saturday, May 15, my e-mail account was hijacked. The person who took control of my e-mail sent a message to 62 addresses he found in my Sent Items folder. The subject of the message was "My Deadlock," and it told a tale of woe that I was on vacation with my family in Wales and had been mugged. It stated that all cash, credit cards, and cellphones had been stolen and we were desperate for a way to get home.

The first I knew of the problem was about 9:00 Saturday morning, when I received a call on my cellphone from a friend in South Carolina. When he started the conversation with "How are things in Wales," I laughed because this is a fairly well-known scam. I've actually received two messages like this in the past year from friends and clients. I just did a Google search on "mugged in Wales scam" and got 121,000 "hits," so it's generated a lot of interest.

I wasn't too concerned initially, assuming that the scammer had somehow acquired a list of e-mail addresses on my computer and sent the message to them hoping for a big payday. But as I dug deeper I realized this was a far more sophisticated attack than I first suspected. Here are some examples of the advanced techniques used in this ruse:

The hacker discovered my e-mail password and actually logged into my e-mail account; as a result, the message was sent from my account, and the message headers made the e-mail appear to be legitimate.

The initial message didn't ask for money, but hoped for a concerned reply; then the hook was set for a payoff.

The hacker changed my e-mail settings to forward all messages to his new Yahoo address, so I did not receive any messages sent to my address during the time my account was compromised.

The hacker did not change my password, so it would not look suspicious to me; to the average user all would appear to be normal.

The hacker replied manually to any message sent to my address, with instructions on how much money to send, how to send it, and the address to send it to.

Although the attack probably originated in the U. K., perhaps in Wales, he made his request in U. S. dollars.

One of the first questions that usually comes up in a case like this is the possibility of catching the scammer, having him arrested, and possibly recovering any money that was sent to him. Unfortunately, there is almost no chance of success in that direction, for several reasons:

He is probably outside of the U. S., where there are most likely no laws against this type of crime. The structure of the Internet and e-mail makes it pretty much impossible to trace the actual origin of these messages and the follow-up messages gave an address in Wales to send the money to (almost certainly not the scammer). It's probably someone who has been recruited to "process payments from home in your spare time" for some percentage of the money received. That person may be naive but probably is not a criminal.

How this affects you:

For all practical purposes, the recipients probably have not been affected by this scam other than the time it's taken them to read the original message. There is no reason to believe their e-mail address or identity has been compromised in any way. The only other possible affect them is if the scammer could have sold the target e-mail addresses to others who would send spam to those addresses. That's a fairly common payload for virus attacks, but clearly not the primary intent of this scam.

For future reference, be very skeptical of any e-mail message, even those that appear to come from friends or individuals you know personally. If you receive any message like this, and believe that it could be legitimate, call the alleged sender on the telephone to verify the authenticity of the message. Also be aware that criminals frequently direct that funds be sent via Western Union, as they do not verify ID.

To prevent your e-mail account from being compromised as mine was; I recommend that you change the password on that account. This is especially important if your e-mail is hosted by one of the major carriers, such as Yahoo (which includes att.net, swbell.net,sbcglobal.net, and many others), AOL, MSN, or Gmail. For an added layer of protection, take the time to choose "challenge/response" questions and answers, which are used to verify that you are really the person talking to the Customer Service or Tech Support rep.

As far as the password itself, it needs to be stronger than most people use. Serious hackers use password-cracking programs, so your password should be more complex than those programs can quickly resolve. It should be at least 7 characters long (longer is better) and should not spell a word that would be found in the dictionary. As a minimum it should include numbers and letters, and it's better if you start with a number. Including caps and lower-case letters makes it much harder to crack, but be sure you write it down somewhere so that you don't lock yourself out.

For the challenge/response questions, don't use the obvious questions and answers, such as "who was your childhood hero?" and the obvious answer is Superman. Instead, choose questions and answers that nobody else is likely to know or be able to guess. Again, the objective is to keep the hacker from being able to change your password and your account settings.

Finally, be sure your computer is fully protected with capable anti-virus and anti-spyware software and that the malware definitions are absolutely up to date. There are some 70,000 new viruses released every day, so it's a constant battle to keep your computers secure. It's a good idea to run a full scan every day, to catch any malicious software that may have gotten past your defenses.

Ever wondered what you can do with your old computers?  Here are a few suggestions offered by ComputerWorld:

• Home media server
• Guitar Amp
• Gaming Rig
• Run scientific calculation for Sanford University, yes, really

Check out the full article.  Seven pages of ideas to get the techie tinkerers busy!

Your Old Computer, Born Again

I know I get a little nervous sometimes accessing my bank accounts online, not to mention using my credit cards online. There are a number of things I do to protect my accounts. Here are a few as well as links to some good articles on how to keep your identity safe when accessing accounts online.

1.  I never access my accounts from computers other than my own.  I don't know what kind of firewall or anti-virus protection my sister has at her house or how often she scans for viruses so I don't access any bank or credit card accounts from her computer.  That goes for computers at the libraries I use when I am on the road.  I also avoid accessing my accounts from wireless connections away from home especially in coffee shops and hotels.  A bit inconvenient but it is better to be safe than sorry in my opinion.

2.  I use different user IDs and passwords for my various accounts.  That way if someone cracks my ID/password for one account they don't have a free-for-all with all my accounts.

3.  I never give out my user ID or password to anyone else.  And I don't store them on a file on my computer.  I do have them written down at home but in a cryptic way that would be hard for a bricks-and-mortar thief to figure out.

4.  I keep a hard copy list of my accounts as well as phone numbers so that if something is breeched I can quickly contact the appropriate institutions.  Now that I am thinking about it,  I think I will put these numbers in my cell so I have them really handy.

5.  I use one credit card for on-line purchases.  That way if it gets stolen I only have one card to report.  I have alerts on all my cards but by the time I would get an alert my card could have circumnavigated the virtual world via cyberspace.

6.  I never access my accounts from email links.  If I get an email that says use this link to update information on your account, I discard the email then I go check with my account to see if there really is a message out there for me to update information.   There has never been one.

7.  I do use the security questions suggested by my account providers.  I select questions that only I know the answers to.  I do genealogy on line and am very careful not to put too much family info out there or to use security questions that relate to family members.

For more information on keeping your accounts safe, check on-line with your bank and credit account providers under Security.  Read what they suggest and follow these suggestions.

Here is an old article from Consumer Reports that is still valid:

Consumer Reports on Security

And a more recent article on the Identity Theft Resource Center website.

Identity Theft Resource Center

Make sure you run your Vipre Updates!

A glitch in a recent release of Vipre caused systems to slow down.  If you are experiencing a slowdown in your computer, find the Vipre Icon on the task bar  at the bottom right of your screen.  Move the mouse to hover over the V.  You should see a little box open with Vipre, then under that AP: enabled and under that Defs: with a number.  If the number is lower than 6275, double click on the V to open the Vipre program and click Update Now. You may need to restart your computer to activate the update!