Windows XP updates

5 things to do if you’re going to keep using Windows XP after April 8, 2014

If you’re still a Windows XP user, you’re probably singing a sad song knowing that after 12 long years Microsoft will end its support for the world’s second most popular operating system on April 8, 2014.

Microsoft warns you that if you continue to use its OS first introduced before the iPhone even existed “your computer will still work but it might become more vulnerable to security risks and viruses.” And if that isn’t enough to encourage you to upgrade or get a computer, maybe the fact that “you can expect to encounter greater numbers of apps and devices that do not work with Windows XP” will.

But given the millions of PCs running the OS and the scarce amount of time and resources many people have, some people will certainly be XP users well after its “expiration date.” If you’re going to be one of these daredevils, our Security Advisor Sean Sullivan has some suggestions.

“Folks that continue to use XP at home can do so with some reasonable amount of safety, but they absolutely need to review their Internet and computing habits as April draws near,” he told us. And he broke down 7 ways to avoid the trouble from the criminals who will surely be targeting these unsupported systems.

1)      Install an alternative browser — not Internet Explorer.

2)      Review the third-party software you’ve installed and uninstall anything that isn’t needed.

3)      For the third-party software that you keep – consider disabling or uninstalling the browser plugins. Or at least set the browser to “always ask” what to do about things such as PDF files. (Personally, I always download PDFs to my desktop and open them from there. I don’t want the PDF viewer plugin installed, and I don’t like being in the habit of opening certain file types in my browser’s window.)

4)      Have an up-to-date security product with antivirus and firewall installed.

5)      Keep your XP computer connected to a NAT router, which will act as a hardware firewall. (Practically speaking, this means you shouldn’t be roaming around outside of your home with an XP computer. Don’t plug into a university network for connectivity – keep your computer at home on a trusted network.)

As you can see, living in the past may not make life easy. But if it’s your only option, you should at least try to stay as safe as possible.

Cheers,

Sandra

[Image via Patrick Hoesly via Flickr.com]

More posts from this topic

Lee Rigby

Whose job is it to catch terrorists, MI5’s or Facebook’s?

The sad killing of British soldier Lee Rigby has been in the headlines lately after release of a report about how authorities handled the case. Publicity was boosted because the committee thinks Facebook is responsible for the killing. They think the social media giant has a clear obligation to identify and report people who plan attacks like this. Just like the fact that phone companies report everybody who are talking about terrorism and the postal service sends a copy of all fishy letters to the Scotland Yard. I’m sure you get the sarcasm. What happened is that British agencies, MI5, MI6 and GCHQ, had identified the killers, Michael Adebolajo and Michael Adebowale, as interesting persons before the attack. They did however fail to investigate properly and apparently made no attempts to get the suspects’ communications from Facebook. There would have been several ways for them to do that, by a direct request from the police to Facebook or by the secret intelligence connections between GCHQ and NSA. Meanwhile Facebook's internal controls had flagged the killers’ communications and automatically closed their accounts. Facebook did however never report this to the British agencies. Which gave the Brits a convenient scapegoat to focus on instead of the fact that they never asked for that data. Ok, so the Brits blame Facebook. Let’s take a closer look at some numbers and what they really are demanding. There’s about 1,6 billion users total on Facebook. 1,3 billion monthly active and about 860 million daily active users. These users share around 5 billion items and send over 10 billion messages every day. This creates a total stream of around 10 million items per hour and 173 000 per second. Quite a haystack to look for terrorists in! Facebook has some 8 300 employees. If every single one of them, Mark Zuckerberg included, would spend their full working day monitoring messages and shared items, they would have to do over 60 items per second to keep up. Needless to say, any kind of monitoring must be automated for volumes like this. Facebook is monitoring its content automatically. Some keywords and phrases trigger actions, which can lead to closure of accounts. This is understandable as no company want to be a safe haven for criminals and many kinds of harmful activities are prohibited in the user agreement. But Facebook is walking a thin line here. Their primary task is not to be a law enforcement agency but to provide a social media service. They must also be well aware of the fact that reporting innocent people to the authorities is highly irresponsible. Commonly accepted practices of justice are not obeyed anymore when dealing with potential security threats and there is no transparency. There are numerous cases where western authorities have detained and even tortured innocent persons, apparently based on some very vague indications. Maher Arar’s case is a well-known example. So the bar for reporting someone must be high. It is easy for an Internet service to throw out a suspected user. They are after all not paying anything and Facebook have no obligation to let them be users. This ensures compliance with the user terms, no criminal activities allowed. But the threshold to report someone is naturally a lot higher. Especially when the volume forces Facebook to make automated decisions. This is not a sign of carelessness from Facebook’s side, it’s because people by default are entitled to communication privacy. It is also a direct consequence of the fact that terrorism suspicions are handled outside the normal justice system in many western countries. You carry a heavy responsibility if you feed innocent peoples’ data into a system like that. Let’s face it. There’s a large number of criminal conversations going on right now both on Facebook and other social services. Many terrorists are also on the phone right now and some are picking up deliveries with items related to planned attacks. Nobody is expecting the phone company to routinely listen in to identify potential terrorists and nobody is expecting the post to check parcels randomly. Facebook may not report every flagged conversation, but they are at least doing something to not be a safe haven for terrorists. Still they are the only of these services that the Brits call a safe haven. Not very logical. The simple reason for this apparent inconsistency is naturally the need for a scapegoat. The British agencies failed to investigate so they need someone else to blame. But there is a more dangerous aspect hidden here as well. Snowden made us aware of the privacy threats on Internet. The wide-spread mass surveillance has so far to a large extent been secret and even illegal. Pandora’s Box is open now and authorities all over the world are racing to get legal rights to mass surveillance, before the large masses understand what it really would mean. Putting pressure on Facebook fits that agenda perfectly. To be fair, one can naturally also ask if Facebook could have done more. A calm and balanced debate about that is welcome and beneficial. The flagged messages is probably quite a haystack too. To what extent is Facebook reviewing those messages manually, and could this process be improved to catch more potential killers? And at the same time avoid reporting any innocent users. To illustrate that this isn’t as simple as many think. People are asking why Facebook didn’t react on stuff containing the phrase “let’s kill a soldier”. Well, this blog post contains it too. Am I a killer because of that? Should this post be flagged and given to MI5?   Safe surfing, Micke    

Nov 28, 2014
BY 
11184349836_ea2bfb1da8_b

10 ways to keep your credit card and memories safe during the holidays

Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. Until December 6, we're giving away one free license for SAFE on 5 devices along with 200 GB of storage and a SAFE hoodie for free each day on our Facebook page. Read the the rules and enter now. And while you're shopping on any device, stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping -- or use credit card alternatives. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. For extra security, Sean recommends that you see if your bank offers virtual credit card numbers that can only be used once. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]

Nov 25, 2014