If you’re still a Windows XP user, you’re probably singing a sad song knowing that after 12 long years Microsoft will end its support for the world’s second most popular operating system on April 8, 2014.
Microsoft warns you that if you continue to use its OS first introduced before the iPhone even existed “your computer will still work but it might become more vulnerable to security risks and viruses.” And if that isn’t enough to encourage you to upgrade or get a computer, maybe the fact that “you can expect to encounter greater numbers of apps and devices that do not work with Windows XP” will.
But given the millions of PCs running the OS and the scarce amount of time and resources many people have, some people will certainly be XP users well after its “expiration date.” If you’re going to be one of these daredevils, our Security Advisor Sean Sullivan has some suggestions.
“Folks that continue to use XP at home can do so with some reasonable amount of safety, but they absolutely need to review their Internet and computing habits as April draws near,” he told us. And he broke down 7 ways to avoid the trouble from the criminals who will surely be targeting these unsupported systems.
1) Install an alternative browser — not Internet Explorer.
2) Review the third-party software you’ve installed and uninstall anything that isn’t needed.
3) For the third-party software that you keep – consider disabling or uninstalling the browser plugins. Or at least set the browser to “always ask” what to do about things such as PDF files. (Personally, I always download PDFs to my desktop and open them from there. I don’t want the PDF viewer plugin installed, and I don’t like being in the habit of opening certain file types in my browser’s window.)
4) Have an up-to-date security product with antivirus and firewall installed.
5) Keep your XP computer connected to a NAT router, which will act as a hardware firewall. (Practically speaking, this means you shouldn’t be roaming around outside of your home with an XP computer. Don’t plug into a university network for connectivity – keep your computer at home on a trusted network.)
As you can see, living in the past may not make life easy. But if it’s your only option, you should at least try to stay as safe as possible.
[Image via Patrick Hoesly via Flickr.com]
Little changes can make a difference. For instance, Twitter's decision to switch a star for a heart as its "Favorite" button increased use of the button by as much as 27.82 percent. And it's clear that despite Wall St. demanding that site grow faster and be easier for new users to grasp to have some hope of keeping up with competitors like Facebook and Snapchat, the site is still sweating the small stuff. Here are the four changes to the service announced this week: Replies: When replying to a Tweet, @names will no longer count toward the 140-character count. This will make having conversations on Twitter easier and more straightforward, no more penny-pinching your words to ensure they reach the whole group. Media attachments: When you add attachments like photos, GIFs, videos, polls, or Quote Tweets, that media will no longer count as characters within your Tweet. More room for words! Retweet and Quote Tweet yourself: We’ll be enabling the Retweet button on your own Tweets, so you can easily Retweet or Quote Tweet yourself when you want to share a new reflection or feel like a really good one went unnoticed. Goodbye, .@: These changes will help simplify the rules around Tweets that start with a username. New Tweets that begin with a username will reach all your followers. (That means you’ll no longer have to use the ”.@” convention, which people currently use to broadcast Tweets broadly.) If you want a reply to be seen by all your followers, you will be able to Retweet it to signal that you intend for it to be viewed more broadly. These tweaks are in line with Twitter's tradition of paying attention to how people use the site and make it easier for them to do what early adopters are already doing. That's how we got hashtags, retweet buttons and @ replies. Now you'll be able to tweet a bit longer messages, something people do now with screenshots of text, and have more public conversations, something people do now by putting a "." before someone's @username so their whole feed sees the conversation not just people who happen to follow you and the user you're conversing with. Cool. These are useful little nudges that will keep people who already love the site engaged -- even though they may have some ugly unforeseen consequences. But will they transform Twitter and spark a new wave of growth? Not likely. What would without alienating the hundreds of millions of loyal users? Tough question and we'd like to know what you think. [polldaddy poll=9429603] Cheers, Jason [Image by dominiccampbell | Flickr]
See that floppy disc? That's how F-Secure Labs used to get malware to analyze. Nowadays, of course, it's much different, Andy Patel from the Labs explained in a recent post, "What's The Deal with Scanning Engines?" In just a few hundred words, Andy lays out what makes modern protection so different from the anti-virus that you remember from the 80s, 90s or even the early 00s. And it's not just that floppy disks the Labs once analyzed have been replaced by almost any sort of digital input, down to a piece of memory or a network stream. The whole post is worth checking out if you're interested in how relentless modern internet security must be to keep up with the panoply of online threats we face. But here's a quick look at five of the key components of endpoint protection that work in tandem to stop attacks in their tracks, as described by Andy: Scanning engines. Today’s detections are really just complex computer programs, designed to perform intricate sample analysis directly on the client. Modern detections are designed to catch thousands, or even hundreds of thousands of samples. URL blocking. Preventing a user from being exposed to a site hosting an exploit kit or other malicious content negates the need for any further protection measures. We do this largely via URL and IP reputation cloud queries. Spam blocking and email filtering also happen here. Exploit detection. If a user does manage to visit a site hosting an exploit kit, and that user is running vulnerable software, any attempt to exploit that vulnerable software will be blocked by our behavioral monitoring engine. Network and on-access scanning. If a user receives a malicious file via email or download, it will be scanned on the network or when it is written to disk. If the file is found to be malicious, it will be removed from the user’s system. Behavioral blocking. Assuming no file-based detection existed for the object, the user may then go on to open or execute the document, script, or program. At this point, malicious behavior will be blocked by our behavioral engine and again, the file will be removed. The fact is, a majority of malware delivery mechanisms are easily blocked behaviorally. In most cases, when we find new threats, we also discover that we had, in the distant past, already added logic addressing the mechanisms it uses.If you're interested in knowing more about behavioral engines, check out this post in which Andy makes then easy to understand by comparing the technology to securing an office building. So you must be wondering, does this all work? Is it enough? Well, our experts and our computers are always learning. But in all the tests this year run by independent analysts AV-Comparatives, we’ve blocked 100% of the real-world threats thrown at us. Cheers, Jason
In 1853 a strange new invention appeared in the English cityscape, and caused a small wave of moral outrage among Victorians. This perceived threat to social order was not a new drug, political movement or saucy romance novel, but the seemingly harmless letter box. One reason was the shocking development of women now being able to post letters without consent from their husbands or fathers, and the other one was that sending anonymous letters would now be even easier. Maybe Victorians weren’t very thick-skinned, and were worried about unsigned letters calling people zounderkites and rantallions skyrocketing. Who knows? History now tells us that these attempts to control this early form of long-distance communication were ridiculous. And yet, a modern version of this debate is happening even today: there are those who want to make encrypted, anonymous communication available for everyone, and those who wish to restrict it. No new technology comes without drawbacks, and encryption is no exception. However, just as with the Victorian letter box, the pros greatly outweigh the cons. But why do people want to be anonymous online? Those who oppose encryption and other methods which advance online anonymity often throw around the tired argument “If you don’t have anything to hide, you have no need to be anonymous”. Not only does this statement show an astounding lack of perspective, it is also blatantly false. According to CBS there is a rising increase in desire for online anonymity, and there are many perfectly valid and legitimate reason to cover your tracks online. A lot of us just don’t feel comfortable with their Internet Service Provider, employer or even government having access to their surfing information. We all have a right to privacy, but technology is increasing the size of our digital footprint to the point when we can never know who is monitoring what we do online. Legislation, like the aptly nicknamed Snoopers Charter have the potential to give governments and ISP’s blanket rights to monitor web traffic of normal users in the name of security. This means the responsibility to protect our individual privacy rests increasingly in our own hands, and VPN services like our own Freedome go a long way in making that happen. For many people, it’s about control. We share aspects of our lives and personality on social media and other websites, but the choice of what we share should be ours to make. This control is taken away by advertisers and tracking companies, who collect information about us from different websites and piece them together to form elaborate dossiers which contain way more information about us than most would be comfortable sharing, like your medical information or what kind of porn you watch. For many, part of being anonymous online is blocking this kind of intrusive tracking, and it’s hard to find fault in that. The most serious group of people wanting anonymity are those for whom it is not so much a matter of principle but a matter of life and death. We are talking about activists, journalists and opposition supporters who operate under oppressive regimes or in places where criminals seek out and silence those who speak against them. It’s easy for those who support intrusive privacy legislation to forget that the governments who enact them will invariably have ulterior motives to “catching terrorists” or “protecting national security”: they give governments the power to control what we say. Open and free communication is the greatest tool the masses have to keep those in power accountable for their actions, and there is nothing open or free about the kind of mass surveillance which is happening more and more, legally and otherwise. What are your reasons to be anonymous online? This is not a black & white subject, and we’d be glad to hear your thoughts via the Freedome twitter channel @FreedomeVPN.