xp

5 things to do if you’re going to keep using Windows XP after April 8, 2014

If you’re still a Windows XP user, you’re probably singing a sad song knowing that after 12 long years Microsoft will end its support for the world’s second most popular operating system on April 8, 2014.

Microsoft warns you that if you continue to use its OS first introduced before the iPhone even existed “your computer will still work but it might become more vulnerable to security risks and viruses.” And if that isn’t enough to encourage you to upgrade or get a computer, maybe the fact that “you can expect to encounter greater numbers of apps and devices that do not work with Windows XP” will.

But given the millions of PCs running the OS and the scarce amount of time and resources many people have, some people will certainly be XP users well after its “expiration date.” If you’re going to be one of these daredevils, our Security Advisor Sean Sullivan has some suggestions.

“Folks that continue to use XP at home can do so with some reasonable amount of safety, but they absolutely need to review their Internet and computing habits as April draws near,” he told us. And he broke down 7 ways to avoid the trouble from the criminals who will surely be targeting these unsupported systems.

1)      Install an alternative browser — not Internet Explorer.

2)      Review the third-party software you’ve installed and uninstall anything that isn’t needed.

3)      For the third-party software that you keep – consider disabling or uninstalling the browser plugins. Or at least set the browser to “always ask” what to do about things such as PDF files. (Personally, I always download PDFs to my desktop and open them from there. I don’t want the PDF viewer plugin installed, and I don’t like being in the habit of opening certain file types in my browser’s window.)

4)      Have an up-to-date security product with antivirus and firewall installed.

5)      Keep your XP computer connected to a NAT router, which will act as a hardware firewall. (Practically speaking, this means you shouldn’t be roaming around outside of your home with an XP computer. Don’t plug into a university network for connectivity – keep your computer at home on a trusted network.)

As you can see, living in the past may not make life easy. But if it’s your only option, you should at least try to stay as safe as possible.

Cheers,

Sandra

[Image via Patrick Hoesly via Flickr.com]

More posts from this topic

Screen Shot 2014-10-24 at 2.53.58 PM

5 things you’d know about password security if you had time to care

If you use the internet like a normal person, password management is a pain. It doesn't have to be that way. Over the last two months through Triberr, we invited a group of bloggers we enjoy to work as brand ambassadors on behalf of our password manager KEY, which we built to make securing your accounts simple. They tried KEY out and shared their experience with their readers. By watching them explain what they learned we were reminded that there are some password truths we take for granted. Here are five important points about passwords they made that everyone needs to know. 1. No one changes their passwords when there's a hack. It's constant headline, "Passwords breached. Change all your passwords!" Not only do we have to put up with our trust being breached, as Breakthrough Radio's Michele Price pointed out, we have to take the time to change all our passwords ourselves. If you're a regular reader of Safe and Savvy, you know that experts aren't being sincere when they tell you to change all your passwords. “The dirty little secret of security experts is that when there’s a data breach and they recommend to ‘change all your passwords,’ even they don’t follow their own advice, because they don’t need to,” our Security Advisor Sean Sullivan told us. The only reason you'd need to change all your passwords is if you made a few basic mistakes. 2. Our password choices can make us vulnerable. "You should have diversified your usernames and passwords in the first place," Harri Hiljander, our Product Director or Personal Identity Protection, told LeadersWest's Jim Dougherty. If you reuse passwords, every hack or breach is exponentially worse. But still people reuse passwords over and over for a pretty obvious reason. 3. It's too hard to come up with and remember strong, unique passwords for all our important accounts. Our bloggers presented the suggestions for generating strong unique passwords our Labs offered -- and to be honest, the advice can overwhelming. But if you're going to come up something that protects your financial details, it's essential. That's why the bloggers liked KEY's ability to generate strong passwords for them. "I think this is the best feature of all," World of My Imagination's Nicole Michelle wrote. Forget all the rules. Now you don't have to worry if your password is going to end up on a list of ones you should never use. 4. Password security is especially important to people who work online -- and who doesn't? If you spend your time building up an online publication your readers trust, the integrity of your site is priceless, as we learned from WhyNotMom.com. Sean advised our bloggers to sure that their WordPress -- or any blogging platform -- password isn't being reused anywhere else. In addition to the three things everyone needs to do -- back up everything, patch all your software and use updated security software -- he also advised them to make sure they keep a watchful eye on all their blog plug-ins. Keep them updates AND keep an eye out for plug-ins that are no longer being updated. Get rid of those. 5. You should have at least one email account you don't share with anyone. Identity management gets harder and harder as our usernames become more public. Everyone gets by now -- we hope -- that you should never reuse pairings of logins and passwords for your crucial accounts. But there are extra steps you can take, as our bloggers learned from our KEY experts. "Create a new email address for online accounts, don’t share it with ANYONE." Chelsea from Me and My Handful wrote about our Labs' advice to keep your login names secret. "So smart, and yet, we don’t do it." But all this knowledge is useless if you don't have a system to keep your passwords secure. Set up a system then pick a password manager -- we suggest you try KEY for free, of course --and stick with it. Cheers, Jason [Image via kris krüg via Flickr ]

Oct 24, 2014
Privacy principles 1

Your privacy is our pride, part 1 of 3 – the fundaments

The whole world is waking up to a new reality. Privacy used to be a fundamental human right that we took for granted. Technically it still is, but the global Internet has made it easy to violate this right. Too easy as there is proof that many states and companies violate it extensively and blatantly. There’s many motives for this. Technical feasibility, commercial benefits, diplomatic and political advantages, fear of terrorism and last but not least, peoples’ lack of awareness. The incentives to violate our privacy will not go away, but peoples’ awareness is certainly increasing. This is obvious now in the post-Snowden era. Customers start to ask how their service- and software providers guard their privacy, and make purchase decisions based on that. Protecting our customers’ data has been F-Secure’s mission for more than 25 years. That’s why we are very worried about the current situation, and eager to raise awareness about it. But raising awareness is not enough. We also need to get our act together and make sure our own offering isn’t violating your privacy. It’s by the way a surprisingly complex task that affect all functions in a company. That’s why we have published nine privacy principles that guide our work to guard your privacy. Let’s walk through the first 3 in this post. Stay tuned, the rest will be covered soon.   WE RESPECT YOUR RIGHT TO PRIVACY This is really the fundament of it all. Our goal is to provide you with products and services that create some value for you, but this is never done by violating your privacy. Quite the opposite, guarding your privacy is a central goal in many products. Many companies market “free” services, where the customer in reality pay by letting the provider utilize personal information. F-Secure is NOT one of them. YOUR CONTENT BELONGS TO YOU We handle your data in many ways, either by apps on your own device or uploaded to our services. But no matter how we get in touch with it, it is still YOUR data. We have no right to utilize it for our own purposes and we do not reserve such rights in legal-jargon user agreements that nobody reads or understands. YOU DECIDE HOW MUCH YOU SHARE WITH US Your data, or data about you, may become accessible to us in several ways. You may upload it to our servers yourself. In this case it’s obvious that you are in full control of what data you transfer. Our products may also collect data to improve the service we offer, but you can opt out from much of this. Only a small part of the collected data is mandatory and not controlled by you. In short, we apply a strict minimalistic policy to automatic data uploads. We only fetch data if it’s needed to improve the service, we anonymize data when possible and we let you opt out if the data isn’t absolutely necessary. That’s 3 fundamental privacy principles in our set of totally nine. Stay tuned, we will present the rest shortly.   Safe surfing, Micke  

Oct 23, 2014
BY 
FBI

No, we do not need to carry black boxes

The recent statements from FBI director James Comey is yet another example of the authorities’ opportunistic approach to surveillance. He dislikes the fact that mobile operating systems from Google and Apple now come with strong encryption for data stored on the device. This security feature is naturally essential when you lose your device or if you are a potential espionage target. But the authorities do not like it as it makes investigations harder. What he said was basically that there should be a method for authorities to access data in mobile devices with a proper warrant. This would be needed to effectively fight crime. Going on to list some hated crime types, murder, child abuse, terrorism and so on. And yes, this might at first sound OK. Until you start thinking about it. Let’s translate Comey’s statement into ordinary non-obfuscated English. This is what he really said: “I, James Comey, director of FBI, want every person world-wide to carry a tracking device at all times. This device shall collect the owner’s electronic communications and be able to open cloud services where data is stored. The content of these tracking devices shall on request be made available to the US authorities. We don’t care if this weakens your security, and you shouldn’t care because our goals are more important than your privacy.” Yes, that’s what we are talking about here. The “tracking devices” are of course our mobile phones and other digital gadgets. Our digital lives are already accurate mirrors of our actual lives. Our gadgets do not only contain actual data, they are also a gate to the cloud services because they store passwords. Granting FBI access to mobile devices does not only reveal data on the device. It also opens up all the user’s cloud services, regardless of if they are within US jurisdiction or not. In short. Comey want to put a black box in the pocket of every citizen world-wide. Black boxes that record flight data and communications are justified in cockpits, not in ordinary peoples’ private lives. But wait. What if they really could solve crimes this way? Yes, there would probably be a handful of cases where data gathered this way is crucial. At least enough to make fancy PR and publically show how important it is for the authorities to have access to private data. But even proposing weakening the security of commonly and globally used operating systems is a sign of gross negligence against peoples’ right to security and privacy. The risk is magnitudes bigger than the upside. Comey was diffuse when talking about examples of cases solved using device data. But the history is full of cases solved *without* data from smart devices. Well, just a decade ago we didn’t even have this kind of tracking devices. And the police did succeed in catching murderers and other criminals despite that. You can also today select to not use a smartphone, and thus drop the FBI-tracker. That is your right and you do not break any laws by doing so. Many security-aware criminals are probably operating this way, and many more would if Comey gets what he wants. So it’s very obvious that the FBI must have capability to investigate crime even without turning every phone into a black box. Comey’s proposal is just purely opportunistic, he wants this data because it exists. Not because he really needs it.   Safe surfing, Micke    

Oct 17, 2014
BY