Tag Archives: home

A Better Battery Gauge


Laptop users know the standard battery gauge that Windows uses leaves much to be desired.  It’s very small and doesn’t offer much information.  Fortunately there are alternatives.  One of them is Battery Bar from  Osiris Development.   For starters, battery bar sits on the task bar and is much larger than the standard Windows battery icon and therefore much easier to see.  That feature alone is worth the price of admission, but it offers more.

The BatteryBar icon easily shows 3:17 remaining on the battery compared to the standard Windows icon.

Clicking on the BatteryBar icon changes it from percentage of charge / discharge to a runtime / charge time format in hh:mm.

Hovering over the BatteryBar icon provides a wealth of information.

When hovering over the BatteryBar icon, a popup appears with additional information including the percentage of battery wear, which will be particularly useful for road warriors who will want to have advanced notice of impending battery doom.

BatterBar with the laptop running on battery.

BatteryBar comes in a free and a paid version.  The free version contains all of the features listed above and should work well for most users.  The paid version is inexpensive and comes with some extra features such as graphing of battery profiles.   BatteryBar is light on resources and offers up necessary information in an easy and straightforward manner.  BatteryBar is available for Windows XP, Vista, and Windows 7.  The free version can be had here.

Return of Zeus. A New Wave of Malware that will Empty Your Bank Account.


Courtesy of Flickr

In a report by security company M86 Security, organized crime is using a new trojan variant called Zeus v3 to infect unsuspecting web surfer’s machines, then steal their online banking credentials.  Once the credentials are obtained, they are then used to drain your account.  This is a very sophisticated and organized attack.  It’s not something that the kid down the street who hasn’t come out of his basement in three years is capable of pulling off.  M86 has posted an in depth whitepaper on the matter which can be found here.   The report is both fascinating and disturbing.

For those who don’t wish to commit the time to understand all of the fine details about how the attack works, I’ll lay out the short version here.  First, the bad guys infect legitimate ad servers.  These are machines that serve the advertisements to websites you regularly visit.  From there, the infected servers start pushing out the trojan to computers visiting LEGITIMATE websites.  The trojan is delivered via advertisements through the infected ad servers.  That’s really the beauty of delivery.  They deliver the payload to infect your computer through regular websites because the advertising on them comes from somewhere else.  The ad servers are infected the same way your home computer gets infected.  Somewhere along the line, a vulnerability wasn’t addressed.  This can happen for a number of reasons.  The operating system wasn’t patched, a firewall rule wasn’t enforced, etc.  Once the trojan is delivered to the home users computer, it simply waits until the unsuspecting user logs into their bank account via a web browser.  That’s when it sends the credentials to a command and control (C&C) server.  Later, after it analyzes the information (bank name, country, etc) the C&C server communicates back to the victim’s computer and has it initiate a bank transfer.  It will drain the victim’s account, siphoning it off and covering tracks along the way.  Then, to put the cherry on top, when the victim logs back into their bank, the traffic is diverted to the C&C server where a fake statement is generated, thereby fooling the user into thinking they have money in their account.

This is a brilliant and complicated scheme.  The money trail is like following a single noodle through a bowl of spaghetti.  Thus far, attacks have primarily been on UK bank accounts, but don’t let that make those of you outside of the UK feel good.  This could very easily be perpetrated elsewhere.  To compound the matter, this particular attack seems to be very good at getting past the major virus scanners.

That’s the bad news.  The good news is, we can make it very hard to fall victim to this type of attack.  If you don’t bank online of course, you are immune.  If the benefits of online banking outweigh the risks, you can still protect yourself.  First, you should be following ALL of my advice in my recent post Lock Down!.  This alone will dramatically reduce your chances of infection by the trojan.  Another option is to switch to a Mac or use Linux.  While not immune, these operating systems are much more difficult to infect because of their Unix heritage and because they just aren’t as popular as Windows.  Windows is the low hanging fruit for virus writers.  Linux has become very easy to use and most versions of it are free.  I have my computer setup to give me a choice of booting to Linux or Windows.  That’s pretty easy to do.  Third, you could use a boot CD as I described in my post A Temporary Solution for your online banking activities.  While not as convenient, you won’t be at risk of infection.  This is the safest option next to just not banking online at all.

Lock Down! Security Basics for the Home PC User


Salvatore Vuono / FreeDigitalPhotos.net

If you’ve been keeping up to date with my posts, you’ve been noticing that I like to talk about keeping your data secure.  This post is a continuation of that.  Here, I’ll be outlining eight simple steps to keeping your data secure.  This is by no means a comprehensive list, nor does it venture into keeping your data safe online, which is an entirely different topic that  is expansive enough to warrant it’s own future post.  Instead, I am offering up a foundation on which to start.  So, let’s go.

  1. Don’t use an administrator account for your day to day operations.  I think every computer that has ever been brought to me has been setup this way.  It’s really kind of the fault of the operating system vendors.  Typically, the first account you setup is an administrator.  People normally setup the first account and start using it.  This is a problem because the administrator has the rights to do anything on the machine.  So, if you have a piece of malware that wants to install itself on your  computer and you are an administrator, there is nothing blocking it from installing.  If you are running an account that is not an administrator, you’ll have to supply the administrator’s password to install software or make global systems changes.  While this is less convenient, it makes it harder for ugly software to install itself onto your system without your knowledge.  It is also harder to inadvertently make unwanted changes to your computer.   So, what do I do?  If you are already running on an account with administrator privileges, you simply create a new account with administrative privileges, then modify your account to become a standard user.  Once done, installing software will require the administrator account password.  To install software under Windows XP when using a non-administrator account under Windows, simply right click on the application and select ‘Run as’.  A window will then popup allowing you to select your administrator account.  There are some cases where you will need to actually switch to your administrator account and log in to perform a task, but those are pretty rare and are mostly needed when you are setting up your computer.
  2. Use passwords.  Without a password, anyone can sit down at your computer and do whatever they would like.  When creating a password, make it a good one.  Don’t use ‘bob’.  Use something more secure like ‘BobL1nk40″.  Notice the use of a ‘1’ instead of an ‘i’.  This type of password is very difficult to crack.  The combination of capital, lowercase, symbols, and numbers should be standard procedure for you as well as keeping your passwords at least 8 characters long.  If you experiment a little bit, you can come up with combinations that are pretty easy to type.  As with using a non-administrator account, this will make your life less convenient, but how inconvenient is it to do something like having to fix your credit report after having your identity stolen?  These steps can play a part in preventing something like that from happening.  Once running as a non-administrator and using secure passwords become a habit, the really do not do much to impede your life.  This step should also carry over into your online life.  Use solid passwords for everything you do online.
  3. Make sure you have an antivirus / antimalware (spyware, adware, etc) package and make sure it is up to date.   While this is fairly self explanatory, it needs to be a high priority.   For more information, a read of my earlier post, A Temporary Solution can provide some additional information.  In addition to having real time protection, make sure that you setup a scheduled scan at least once per week to catch anything that may have slipped through.
  4. Use a firewall.  Firewalls are basically like a wall between your computer and the Internet.  It won’t allow data to flow back and forth except on specified open ports.  A port is similar to a gate in the firewall.  You allow traffic to flow through specific gates in order to manage traffic in an orderly fashion.  There are standard ports for web traffic, email, etc.  Windows has a built in firewall starting with XP.  There are other software firewalls available such as ZoneAlarm.  If you are using a laptop or netbook, you absolutely will want to be using a software firewall on your machine if you ever take it off of your home network.
  5. Use a router.   Routers serve as an additional layer of protection between your computer and the Internet and act as a hardware firewall.  Plugging a computer straight into a modem is bad practice.  Routers are cheap these days and easy to setup.  If you share an Internet connection with more than one device, you already have a router.  Even if you only have one device, invest in a router.  Unless of course you are in that tiny percentage of homes with dial up.
  6. Keep third party applications up to date.  I just covered this ground in my post Update All the Way, so I’m not going to beat that dead horse other than to say that third party applications such as Flash, Java, and Adobe Reader are subject to vulnerabilities just like Windows, OSX, and Linux.  A third party update tool like PSI can help you keep those up to date.
  7. Keep the operating system up to date.  Whether you run Windows, OSX, Linux, or something else, your operating system should be regularly updating as security vulnerabilities and bugs are found.  Most people should set updates to automatic.  While the updates will break things on rare occasions, the risks associated with not having them updated is much greater.
  8. Online backups.  As with the previous item, I’ve already covered this in Back it Up, I’ll Take it!.  Backing up your data automatically and offsite is the best way to protect your data in the event of hardware failure, theft, or home damage.  There are a lot of options out there for online backups, and some are even free.  Your data is critical.  Don’t risk it.

Remember, these are just the foundational elements for protecting your data.  If you don’t have these in place, your other efforts lose a lot of their luster.  By implementing these basic concepts, you can go a long way toward keeping your data yours.

Personal Insecurity; the problem with smartphones


We spend a lot of time talking about avoiding viruses, phishing scams, and laptop security.  These things are all very important.   But, if you own a smartphone, chances are, you’ve got a much bigger security risk in your hands.  Consider how easy it is to lose your phone or have it stolen.  It’s compact and fits neatly into the palm of your hand, or a bad guy’s hand.  It’s easily set down and easily walked away from.  It’s easy to pull from a pocket or purse.  It’s easy to have knocked off of your belt in a crowded area.  In short, it’s easy to be separated from your mobile phone.

So, what’s so bad?  I call my carrier and they lock the phone right?  Well, kind of.  Part of that depends on how quickly you can get to your carrier and just because they can clamp down on somebody sending calls out, can they stop them from using WiFi?   Let’s say you give a thief just one hour.  What can they do?  Well, if you store your username and password in your web browser or apps and you haven’t locked your phone, they can do plenty.   People are doing real work on their mobile devices these days.   As an example, let’s suppose that I stored my credentials in all of my apps, then left my phone on the table at a restaurant.  I know, shame on me for even having it out at a place of dining!  What could you do with my phone?  Well, depending on the apps I have installed, you could take all of your friends to the movies on me, drop in on my brokerage account, drain my checking account and saving account, wreak havoc on all of my social networks, take over my satellite receiver, make changes to my mobile phone account, and worst of all you could run amok on this blog!  That’s some serious damage pretty fast!  All of those are just examples.  Depending on what apps you are running, the damage to you could be much worse.  We haven’t even talked about storing your username and password to your most frequented websites or that all of your contact’s information such as work and mobile numbers has just been given up!

So, what to do?  Well, first, take an inventory.  What apps have you installed?  What websites are in your history and your list of favorites?  What is your risk if your phone is lost or stolen?  If you are uncomfortable in the least at that thought, you have a couple of options.  First option is just to not save credentials.  Don’t allow any of your apps or the websites you visit to remember your login information.  That won’t make your friends any happier when some creep is calling them on their mobile phone because they got it from your phone, but that’s your call.  If you absolutely must store information, you’ll need to set a password for unlocking your phone.  This is going to be less convenient than not storing your credentials because you will have to enter that code to use your phone for anything, including simply making a phone call (who does that?).  There are multiple levels here.  Some phones will only let you enter a four digit numeric pin.  Better than nothing, but for the more paranoid (used in a good way here) some phones allow you to use numbers and letters.  Using a combination of numbers, uppercase letters, and lowercase letters makes the password harder to crack.  In addition, some phones allow you to hard lock the phone after a certain number of failed login attempts, which means the phone will no longer accept a password attempt and is therefore useless.  The iPhone has a setting that will erase the phone after 10 failed password attempts.  Both of these options mean you will want to backup your phone to your computer very regularly.  If your phone is locked or erased, chances are it’s going to end up in a dumpster somewhere and not back in your hands.  If you want full on paranoia, opt for a solid password using a combination of numbers and letters, lock down or erase after a number of failed attempts, and don’t store your credentials in apps or the web browser.  That is certainly not going to be the most convenient phone to use, but if you do lose it, you’ll be able to breath a little easier.   You will have to find the level of balance that is most comfortable for you.  Just don’t make it easy for the bad people.   You could just drop the data plan altogether and not worry about it, but that would be just icky!  And of course getting a smartphone without a data plan is becoming increasingly difficult.

Back it up! I’ll take it. Why You Need to be Backing Up Your Personal Data.


Several times each year we see a news story or read about a family who has lost their home due to a fire.  These stories are tragic, especially so for the large number that happen near the holidays.  Watching interviews with the families devastated by disaster over the years, I’ve noticed a trend.  When the residents are interviewed, some will talk about the expensive items they’ve lost.  They’ll lament over their big screen television, furniture, or maybe a car parked in the garage.  Most of the time however, those suddenly left homeless are more upset about the things that can’t be replaced such as old photographs, documents, and family heirlooms.  These are losses that insurance policies just can’t compensate for.

Having said that, it strikes me as odd that people are willing pay money every year to have their home and possessions (that can be replaced) replaced should a disaster strike, but do nothing about protecting those things which cannot be replaced.  Fortunately however, technology is allowing us to protect some of those cherished and irreplaceable items.  We all know that film cameras have gone the way of the horse drawn carriage for the average American.  Film is out, digital is in.  This means that for the average family, more and more of their sentimental photographs are located on a hard drive (or drives) somewhere in their home.  Also, digital video recorders mean tapes are quickly disappearing and  home movies are coming soon to a hard drive near you.  Add to that the growing use of software for things like taxes and legal documents, and it becomes clear that just like businesses, a home owners data is priceless.

I hope that after reading the two paragraphs above, I have convinced you to do what most people that I talk to never do.  To insure your valuable data can be replaced if your computer fails you or the unthinkable happens and disaster strikes your home.  How do we do this?  We do this by backing up our data, which means making a copy of all you find priceless (or at least anything that would be a pain to have to recreate) and keeping that copy somewhere else.  When I say backup your data, I don’t mean every two years when you get around to it, I mean regularly and automatically.   We must face the fact that we are mere mortals and as such, we forget to do things.  This makes automatic backups a must.

So, we’ve established our need for backing up.  Now, how do we do it?  There are a number of ways we can achieve the goal.  You can manually copy your data to an external hard drive, burn CDs or DVDs at regular intervals and store them, or use some of other form of portable media.  That certainly will achieve safeguarding the data in the event of a hard drive loss, but it’s not automatic and therefore subject to our whim, which makes it unacceptable.  There are some elegant solutions such as Time Machine for Apple users, and a multitude of backup applications that will automatically backup your data to local or networked hard drives.  Some software such as Cobian Backup is even free.  These solutions are fine and they will protect you against a hard drive failure, but they rely (without a sufficient amount of equipment and expertise) on hardware that resides in your home.  So, what if you are in that dreaded minority that loses your home to [insert type of disaster here]?  If that happens, we’ve really accomplished nothing, because after the disaster, you still wind up losing all of your data.  To ward off an ugly disaster, we need to move a copy of your data outside of your home.  For the average home user, online backups are probably the simplest, most effective solution.  You can setup your own custom online backup system, but if you have the capability to do that then 1) you don’t need to be convinced to do it, 2) you probably already have done it, and 3) you don’t need to be reading this post.  The more palatable alternative for most is to use one of the many online backup services available now.  A quick search for ‘online backup’ will yield plenty of results.

How does it work?  Once you’ve signed up for a service, you download and install an agent.  The agent is a small application that watches your specified backup folder for changes.  If you add, modify, or delete anything in that folder, the agent notes the changes and communicates with the servers at the company you’ve signed up with and copies the changes you just made to their server.  You wind up with a complete copy of your data on their servers.

Why is this good?  Because your data now resides on your computer and their computers, which are most likely nowhere near your neighborhood.  Additionally, most of the companies offering online backups replicate your data on servers spread across the country, which means there is a very, very, very small chance you will permanently lose anything because of disaster.

Is it safe?  You will need to read the terms of service and privacy policies before you sign up.  You should ALWAYS read the terms of service and privacy policy for any software or services you are purchasing.  Some of the things you’ll want to look for are encrypted backups, specifically you’ll want to see that your data is encrypted before it’s uploaded to their servers AND it’s stored on their servers as encrypted files.  You’ll also want to look at their policies regarding who has access to your data and what reasons they require to allow them to view your data, or if they even can.

So, which one do I pick?  There are several criteria I recommend, but one of the first things you need to know is how much data you have to backup.  If you have less than 2GB worth of data, you are in luck.  There are some services that will give you that much for free.  Higher than that and you’ll be looking at a modest monthly charge.  Another consideration is the agreements, notably the Terms of Service and Privacy Policies.  Make sure these policies are something that you can live with, because this is YOUR data you are pushing up to their servers.  Also, you’ll need to make sure that the service has a client for your computer.  Some services now offer clients for smartphones allowing you to retrieve files from anywhere you have a decent data connection.

Now what?  It’s time for you to take action.  Insuring your property is a wise move.  Insuring your data is just as wise.  Do it today!