Tech Tuesday Special: Windows XP End Of Support

It’s time for Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

We’ve been asked a lot lately…What does the “End of Windows XP” mean?

The End Is Near with Grumpy Cat

As Microsoft announced some time ago, support for Windows XP stops on April 8, 2014. By all means hit the link for the official Microsoft countdown clock.

What’s the official Microsoft stance?

Simply, that Microsoft will not be working on any more Windows XP security updates after April 8. And if Microsoft isn’t fixing XP problems, no one else will be either.

But what does that mean?

For some people, it’s not a big deal. The sun will rise, the computer will start, and the world will go on.

If you use your computer in business it’s not so simple.

A major part of any security standard includes running a supported, up-to-date operating system.

PCI-DSS, HIPAA, Sarbanes-Oxley, and Mass 201 CMR 17.00 all mandate that your computer systems must be running supported operating systems with reasonably current security updates.

If you can’t update the operating system you can’t be in compliance.

The safest advice at this time:

  • If your business stores health care or patient information on your computers;
  • If your business processes credit cards using computers;
  • If your business is a publicly-traded entity that’s subject to SEC or other government oversight;
  • If you process or store account information concerning Massachusetts residents;

Then you are obligated to be compliant.

It’s early March…a bit late to get into a large-scale shift, but there’s still time for most smaller businesses to act. And starting to do something, even if you miss the “deadline” by a few weeks, is better than doing nothing.

What to do?

There are several approaches:

  • You can buy new computers that run a supported system like Windows 7 or Windows 8.
  • If your computers are relatively new (2010 or later) they may be able to upgrade to Windows 7 (or 8).
  • If you have a large number of older computers, we can install a Windows MultiPoint Server or Windows Terminal Server, and reload your desktop computers as “thin clients” that only are able to initiate a connection to your server.
  • You may be able to devise policies that restrict credit card entry, etc to certain computers.

It’s time to think about this, and act soon.

 

Windows XP sunset

Windows XP sunset

Breaking: LogMeIn Free Going Away

After years and years….

Coupon with a globe, promising One Free Internet

One Free Internet!

LogMeIn Free is gone. Yes, the most reliable free remote control platform is gone. Lots of people use LogMeIn, from people who occasionally work from home to part-time techies to IT folks who need remote access to the brand-new machine that they haven’t had time to completely set up yet.

The party’s over.

Next time you sign in you’ll see a happy message saying you have seven days to buy LogMeInPro, which features nice extras like file transfer, printer and sound handling, and troubleshooting tools.

Intro pricing looks like 50% off: $49/year for 2 computers, $129/year for 5 computers, and $229/year for 10 machines.

Frankly, I’m not surprised. I knew LMI had been considering removing the free product, and had already curtailed the Free product to 10 computers.

What’s next?

Quick definition: LogMeIn, GoToMyPC, etc are remote control applications. They let you access your computer from another location, without relying on someone to let you in (like join.me, mikogo.com, etc)

There are several other remote control systems out there:

Teamviewer is based on a technology called VNC that we find a bit less reliable than GoToMyPC or LogMeIn.

Windows Small Business Servers and Essentials Server include Remote Web Access, that controls remote desktop access to your computer.

We’re not heavily impacted by this as we generally use a mix of LogMeIn Pro and Citrix GoToAssist for our remote-control needs.

It’s my opinion that it’s generally worth a few bucks to ensure your remote connection will work securely and reliably, so I recommend either Citrix GoToMyPC or biting the bullet and buying LogMeIn. For most people it’s not worth jumping to another free solution that is not as user-friendly or reliable.

We can offer 30-day trials of Citrix GoToMyPC. Please contact us if you’re interested in a solution for more than 5 computers.

Update: According to LogMeIn companies that buy the $300/year LogMeIn Central product will continue to have access to install, manage, and connect to LMI Free clients. This is the most cost-effective way to companies with more than a few computers to keep using LogMeIn long-term.

Tech Basics: Backup Speak

Continuing from my recent post on backup basics, there are some things to know before we get too deep into the details.

Backwards analog clock with caption

Because not everyone can afford a DeLorean.

The overall premise of data backup is to protect your stuff. Simple enough until you start looking at the range of solutions. You could argue that everything from an old beat-up flash drive to a completely redundant data center is “backup.”

How to compare? Fortunately there are some industry-standard buzzwords:

RPO: Recovery Point Objective. How old is the stuff you recover?

RTO: Recovery Time Objective. How long does it take to get your stuff back?

Retention. How long your stuff is saved and when old copies are written over or destroyed.

File backup. Your stuff is saved file-by-file.

Image backup. Your stuff is saved as hard drive blocks.

Scheduled Backup. Your stuff is saved at regular intervals.

Continuous Data Protection. Your stuff is saved as changes are made.

Full Backup. Saves a full copy of your stuff.

Differential backup. Saves stuff that’s changed since the last full backup.

Incremental backup. Saves only stuff that’s changed since the last backup of any kind.

Shadow Copy. A copy of your stuff that some systems will make when a new copy is saved.

Delta. The parts of your stuff that have changed since we last checked it.

Archive. Keeping your stuff for a set period of time, usually for legal reasons. Like tax returns in a storage box.

Disaster Recovery. Getting your stuff back (and running) after something bad happens.

BDR/BDR Device. A self-contained computer with lots of hard drive space, programmed to save image backups of your computers. Can usually run copies of those computers in case of major failure.

Bare-Metal Recovery. The ability to re-load your stuff onto a computer without installing Windows first.

Hardware-Independent Restore. The ability to re-load a backup onto a computer that’s not an exact match.

Failover. An extra whatever that will start working in case the first whatever stops working.

Deduplication. Looks for matching stuff and keeps only a single copy of it. Say you have two copies of Moby Dick, de-dupe saves one and puts a link where the other one would go.

<Whatever>-Aware. A backup that can work with a specific program, usually a mail server or database, to back it up properly. Most file backups don’t handle databases well unless they’re “aware.”

Did I miss any? Let me know in the comments, or on our Facebook page.

Tech Basics: The importance of backups

Quick question:

What is the most important thing you can do to protect your information?

It’s not antivirus.

Logos of several popular antivirus programs

It’s not a firewall. It’s not network protection, monitoring, or remote access monitoring.

 

Really expensive firewall

As much as I appreciate the value of good hardware, that’s not the most important thing.

Burned server equipment

These things are important. No one wants to deal with viruses, data getting out, replacing hardware, dealing with insurance companies, etc…

But backup is the part of this that can literally save your business:

  • Got the nasty CryptoLocker ransomware? Clean everything then recover from a recent backup.
  • Server hard disk failed, controller corrupted your data? Fix it, rebuild the server, recover from a recent backup.
  • Fire burned down your facility? Choose your future systems, get a temporary setup, and recover from a recent backup.
  • Cloud provider went out of business? Re-load data from a recent backup.
  • Ex-employee erased a bunch of folders on her way out the door? You guessed it, recover from a recent backup.

Which brings us to the key here. Information backup can have different forms, speeds, and capacities. There are many places and technologies that we can use to save your stuff.

Our role is to look at your organization and choose protection against the risks you face.

However it’s done, backup is the first and last word in protecting your business.

backup safe

Questions about your backup and data protection plans? We’re here to help!

 

 

Business E-mail, Part 1: What’s in a name?

For years, I’ve urged every business I’ve met to swap their free e-mail for a domain-based account. It’s a small investment in time and money, but ultimately well worth it.

But why would you stop using a free e-mail account and change to something you’d pay for?

Well…what’s in a name?

How would your customers and prospects respond to a message from ilovecutekittens@verizon.net?

or a message from your doctor’s office from drluuuuuv@gmail.uk?

Picture the difference getting an appointment reminder from

service@charlandtech.com
vs
geekytechdood@aol.com

1. Generic domains (like verizon.net, charter.com, yahoo.com, gmail.com, and especially aol.com) are more likely to get caught in SPAM filters. Seriously, or junk mail folders are full of crud from hijacked yahoo, gmail, aol, hotmail, verizon, comcast, and Rodgers accounts. Many of your recipients don’t know how to find and whitelist you even if they realized they missed your mail.

2. Service-based addresses (like verizon.com, comcast,net, etc) generally won’t transfer after you terminate service. If you business moves from a Comcast city to a Charter town, you need to change addresses quickly.

3. Free addresses beg the question, “You can’t afford/can’t figure out/can’t hire someone to set up” your own domain?

And then there’s security….but that’s another story.

Tech Tuesday: #13: What Plants vs Zombies Can Teach You About Small-business Security

It’s time for Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

We’re going to take a break from the questions this time, and talk about Internet Security for your small business.

Most everyone has played (or at least heard of) Plants vs. Zombies. It’s a fun game from PopCap Software. Go check it out if you haven’t yet. We’ll still be here when you’re done.

You’re welcome.

So, PvZ is a defense game. You place plants with different abilities on a game field and zombies come. If all goes well your plants will stop the zombies before they get to your home.

What does this have to do with business security? Plenty. Think about the game for a moment, in the screenshot above.

As soon as a zombie appears he gets pelted with peas.
If a zombie survives the peas he’ll run into a chomper.
Then he continues to get hit with peas.
If he survives that he’ll end up dealing with another Chomper.
If that Chomper is full and he gets to the end, there’s a lawnmower that’ll spring to life and run him over.

That’s how network security works in an ideal world. We’ve seen failures every step along the way.

To put it in another perspective,

It a bad guy wants to break into your office he’ll see the alarm company sticker and your security lights.
Then there’s the doorknob lock.
And the deadbolt.
If he gets through that then either door, motion, or glass-break sensors start the alarm.
After several minutes of sound and fury the police are contacted.
Meanwhile, the really valuable stuff is kept in locked cabinets.

And if all else fails you’ve got theft insurance on the really valuable stuff.

break-ins,buildings,burglars,cat burglar,cat burglars,gloves,jeans,occupations,photographs,roofs,securities,stocking caps,thieves,windows

So it’s a layered approach. Like an onion

agriculture,chopping boards,cutting,food,onions,vegetables

or a parfait.

Of course we’ve got antivirus. Massachusetts law says we need this.
And we’ve got a Unified Threat Management device, a business-grade firewall that can detect threats in all types of traffic.
And we have automatic operating system updates.
And our users work with limited accounts wherever possible.
And we have monitoring and intrusion detection on the firewalls and servers.
And we have users who know what their systems should look like and who to call when something looks suspicious.
And encryption and limited access on the really confidential stuff.

And we recommend cyberfraud insurance for our clients. Just in case all of these measures fail….because they can.

Got questions? Send them to CharlandTech via Facebook, post as a comment on this article, Tweet ‘em to @gregc00 or @CharlandTech, or find another creative way to get them to us.

(And FYI, you can make the gorgeous-looking parfait yourself at LowFat Vegan Cooking…)

New laptop pregame: 2013 edition

I stumbled across an article by Dawn Altnam the other day, Laptop pregame: What to do to your company laptops before you give them to employees. Complete with stock photo of snarky guy holding a laptop.

“Pregame” calls to mind a football metaphor…but after reading the article I got the sense that it could have been written in 2003. Remove all references to “spyware” and “cloud” and it could have appeared in Inc or Forbes magazine in 1993.

In football terms that’s going back to the days of the “flying wedge” and no helmets.

Is this how you’d equip your team in 2013 and beyond?

Of course not.

So what can we do better today for notebook prep?

Security: Virus protection needs to be a closed loop. Most small business owners don’t know the difference between benign reports like toolbars/plugins and the nasty stuff like rootkits, much less how to properly assess and respond to a detection alert.

What does your sales manager do when she sees this?

99% of ‘em click “allow” or “allow always.” Which could possibly load the trojan which starts to scan their e-mails and files for account numbers. Most tech service providers offer ongoing services to handle these alerts consistently and affordably.

And today, we have web filtering to limit users’ exposure (and company liability) to non-business stuff like porn, pirated software, hate speech, etc.

Firewall: The Windows 7 firewall is generally regarded as business-grade and up to the task of protecting a typical computer, even in a coffee shop or  other shared connection.

In the Physical Protection section the author drops the ball. At the very least every corporate computer, external disk, etc should have an asset tag. These start at about 50 cents per label.

Beyond that every business should consider a system like Absolute Computrace or Awareness Technologies’ LaptopCop. These solutions allow us to locate and track a lost or stolen computer. And recover the latest versions of files from the hard drive, then securely erase the disk.

Every business should have a “lost device response plan” in place before handing out a single laptop. It may be as simple as “Call Charland Tech and advise them of the lost device.” (Which means that WE need a response plan for each client with remote devices. If you’re our client you should ask to see it. If you’re not our client you may still ask to see it.)

And don’t forget Compliance and Data Loss Protection…software designed to prevent problems like

  • Copying your customer list to a notebook or flash drive
  • e-mailing social security or account numbers
  • flagging messages containing certain words for management review before sending

And another thought: Businesses also need to develop a plan regarding remote access to company resources. Most offices have a collection of “stuff” inside the office, with other stuff in cloud services. Do they have a desktop in-house to remote into through GotoMyPC or Logmein? Is there a Small Business Server to provide Remote Web Access?

Answer these questions before running out to Best Buy and buying shiny things.

Ms. Altnam’s post ultimately points out why professional technology service providers continue to exist in today’s era of iPads and self-service cloud apps. Because anybody can do it but not everyone does things right.

Tech Tuesday #12? What’s up with Java?

It’s time for Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

Chris from Devens asks….

I saw a report on the news about disabling Java before hackers steal all my info. What’s up with that?

Thanks, Chris

There’s a lot of panic about Java right now. Headlines abound that the US Department of Homeland Security is recommending that all computer users disable java until this cyber-storm blows over. The media, has naturally jumped on this. Is it because “Department of Homeland Security” sounds more impressive than “Computer Emergency Readiness Team at Carnegie-Mellon University?”

Partly, I’m sure. And partly because we love to panic about our computers. Let’s start with the basics…but first this important message.

I don’t think any of these posts explain clearly WHAT Java is. So…What is Java?

Java is a web programming language. It allows websites to run programs on your computer. Similar to Adobe Flash and Microsoft ActiveX.

Allowing websites to run “stuff” on your computer sounds scary..and there are scary elements to it, but it’s also a powerful thing:

  • Want to use web-based remote control like GotoMyPC or Logmein? You need to run a Java, Flash, or ActiveX program on your computer.
  • Want to play Angry Birds, Texas Hold’Em or Bejeweled? The game runs a program on your computer.
  • Want to use web-based e-mail? You need several of these web-based programs to do that.
  • On a site like Facebook…the ticker, chat, and scrolling page updates are all implemented in these programming languages.

There are a number of flaws, recently revealed, that make it easy for someone to trick you into visiting a page that launches code that can take over your computer.

This can be “weaponized” by sending you e-mail that claims to be from the IRS, Quickbooks, the lottery, or your bank. Click on the link in the e-mail…and your computer is compromised.

This also can be brought to bear by compromising other websites and forcing them to host the bad code. This can be a problem for smaller websites without full-time monitoring and support staff.

It’s important to remember…any time you visit a website or load a program on your computer you are trusting the author of that program and the keeper of that website.

For example, if you want to play the online game Pirate Galaxy, you’re exposed to whatever code the developer (Splitscreen games seems pretty trustworthy) has decided to put in the game. You’re also exposed to whatever the host of the game publishes (Kongregate is also legit).

If the chain of trust ended there we’d be in decent shape. However, that’s not the case.

The ads in most pages are not necessarily vetted on a regular basis. It’s entirely possible for a rogue ad to link to a compromised site that looks like the game you want to play.

So for now I think it makes sense to disable java unless you find an important site that absolutely will not work without it. Don’t like those instructions? Try these.

Another way to go is to disable Java, Flash, etc in your primary browser…and use another one ONLY for trusted websites that require running code.

Of course, Java 7 Release 11 fixes the most glaring and commonly-exploited security issues, and adds a major new concept…that the user needs to actively click to let a java program (called an “applet”) run.

We’ll discuss best practices for business Internet safety later this week.

Got questions? Send them to CharlandTech via Facebook, post as a comment on this article, Tweet ‘em to @gregc00 or @CharlandTech, or find another creative way to get them to us.

Tech Tuesday #11: Are We Business-Grade?

Another Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

Cathie from Rindge asks….

My new technology company says I need to replace my router…or firewall…not sure which. The sales guy said my D-Link is not made for business. Is he just trying to sell me a more expensive one?

Thanks, Cathie…most small businesses have a single device that acts as both a router (moves traffic between networks) and a firewall (inspects each  packet of traffic and allows/blocks based on a set of rules). Many small-business techies use the words interchangeably now, but you’ve almost certainly got a single device that does both.

Here’s a nifty older picture (despite the mid-90′s iMacs the theory still works)

But the bigger question is….

GMC Professional Grade Logo

Is it “professional grade?”

The simple answer? It depends. Many businesses can get by with less-expensive, consumer-grade networking gear. It’s 2013 and nearly any firewall/router you can buy will give a few years of trouble-free connection to the internet.

Take this one, for instance. It’s a TrendNet N150 Router. This is a typical $40 consumer-grade router.
TrendNet N150 Home Router

A basic Internet and Wireless connection! Who could ask for anything more?

Well… Looking at the specifications…this is a router that does not claim to have a Stateful Packet Inspection Firewall.

It might be nice to set up a second wireless network for guest access.

And, setting up more than a few connections at the same time the lil TrendNet will start to lag….

and what happens if something doesn’t work? Send an e-mail to Trendnet support and hope for the best?

Level up!

So we can consider an entry-level business firewall…like the Netgear FVS300.
Netgear FVS318

These cost around $200. For the extra money we get:

  • Better network speed
  • Real SPI firewall
  • Phone or chat support
  • VPN connections (limited)

What could be better?

Well…

“I want to block job hunting/porn/shopping websites, except on my computer… or at break time.”

“We use voice over IP phones, how do we make sure that gets priority?”

“We need a reliable connection between our two buildings…”

“Our regulations say we need to monitor for unauthorized access…”

“Can I get a report of what websites employees are going to?”

“Can this system collect evidence in case of an attack?”

This is a job for a Sonicwall! (Or Cisco ASA, or WatchGuard, or Meraki, or Fortinet)
Sonicwall TZ-series wireless Threat Management System

Here’s where we leave the “router/firewall” and enter the “Unified Threat Management” systems. These devices have:

  • Comprehensive router/firewall systems designed for setup by a professional technician
  • Additional services like Intrusion Detection, Web filtering, Remote administration, and incident logging
  • Secure wireless systems that offers segmented guest access
  • Reliable, highly-secure VPNs for remote and site-to-site connections
  • 3G/4G wireless backup connections

What are YOU using for a firewall? Drop a post in the comments!

Got questions? Send them to CharlandTech via Facebook, post as a comment on this article, Tweet ‘em to @gregc00 or @CharlandTech, or find another creative way to get them to us.

Tech Tuesday #10: 2013 Predictions!

Another Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

Joan from Athol asks….What are your tech predictions for 2013?

I’ve got a few thoughts, in no particular order:

  1. Windows 8 will fail. Miserably. Sure, Microsoft will make it sound like it’s been accepted in the market, and will use accounting tricks to make it look like money has been made (they count new systems with Windows 7 that include Win8 “upgrade” disks as net sales, for example)

    It will be so bad that Windows 2014 (they’ll change naming conventions again) will come out in December, 2013. Look for 2014 to be like Windows 8 desktop-mode, with a visible Start button and…well…stuff to click.
    Microsoft Surface and Windows Phones will continue to sell to dyed-in-the-wool Microsoft fans. Exclusively.
  2. There will be a new iPhone and iPad. Apple will make them sound magical and revolutionary even though they’re not. They’ll add some nice features and cost a lot of money. Millions will be sold, mainly to Apple fans who are upgrading from their iPhone 5′s.

    Apple stock will continue to rise for the foreseeable future. I still wouldn’t buy it.
  3. As many i-Devices as Apple sells…Samsung will sell twice as many of their not-yet-announced Galaxy S4s (this is a link to a concept video, not even “good” rumor yet.) Still a couple more years before these win the coolness war, though. Here’s a link to a more realistic look at what the actual 2013 S4 could be like. A lot of those will be to Galaxy S3 fans who have gone all cult-like over their phones…becoming every bit as ugly as the i-Fans they hate.
    samsung Galaxy S4 i9500
  4. There will be a major outage and/or security breach involving Quickbooks Online. Intuit hasn’t shown the management wherewithal or the development muscle to keep QBO running as a stable, truly redundant architecture. Many of the promised changes after the last several outages are still in the early planning stages.
  5. Speaking of big companies sucking really badly, I predict outage-prone Microsoft Office 365 will re-brand their service to distance from the current name. Maybe something like Office Anywhere… despite the name change there will be lawsuits from customers who will lose substantial data. Heads will roll, which at Microsoft means several Directors and VPs will make lateral moves to other divisions.
  6. Seems everyone is talking about BYOD (bring-your-own-device) right now. That’ll turn out to be a fad that no one will be talking about this time next year. It sounds good, ’til you think about what will really happen: We’ll “save” the cost of a $1,200 laptop by having Joe co-opt his kids’ computer, or do everything on an iPad. We’ve been hooking up new employees’ phones to the mail server and key resources for year. Add one clause in the employment agreement that says,
    “Employee consents to installation of Company geolocation and monitoring software on employee-owned mobile devices; if such device is lost, stolen, or employment terminated the Company will securely erase all information contained on the device. Employee agrees that personal information on the device will be erased in this operation and holds Company and its agents harmless regarding deletion of such information.” (You should obviously ask you lawyer before you go sticking clauses in your employee handbook!)
    There are some places where BYOD desktop etc strategy can work, and we’re ready to support it there, but it’s just a buzzword that’s going to go away.
  7. We’ll talk about Gesture Control as a next big thing. It won’t go anywhere. I won’t care ’til I can have my own J.A.R.V.I.S. (Y’know, Ironman’s house computer):

  8. This will be the year of the Linux Deskt……HAHAHAHAHAHAHAHA!
    Even IF a good linux-based accounting system came out, and despite the confluence of Windows 8 sucking, Apple being evil, and mobile devices being too hard to actually do work on…it still wouldn’t be enough for a linux desktop to take hold.

I guarantee that at least four of these predictions will be completely wrong and that we’ll laugh about them (hopefully together) in 2014.

Happy New Year!

Got questions? Send them to CharlandTech via Facebook, post as a comment on this article, Tweet ‘em to @gregc00 or @CharlandTech, or find another creative way to get them to us.

Follow

Get every new post delivered to your Inbox.