• Welcome to BGO! We know you will have questions as you become familiar with the software. Please take a moment to read our New BGO User Guide which will give you a great start. If you have questions, post them in the Feedback and Tech Support Forum, or feel free to message any available Staff Member.

Tech/Computer advice from me

tshile

Guest
Tech/Computer advice

The idea behind this thread is to provide a place for our fellow users to look to when they have questions regarding technology (more specifically for now, computers/laptops). The original post will have a table of contents that links to other posts with information. I'll add posts as I have time/see fit. I make no promises how long it will take to get you something :)

I've been working in the IT field for over 6 years as a Systems Administrator; I work as a consultant to a few handfuls of companies managing their networks. In this job I've had the pleasure of working with many different technologies from many different manufacturers/vendors. The idea is for me to give you the knowledge I have as it may relate to your home computing needs. If you disagree with something I have said - please let me know what it is and why, and we'll see how to proceed best. I do not claim to know it all, and I reserve the right to be wrong. That said, most of the topics I post here will be because I'm comfortable with my knowledge in the area. I'm pretty cocky about it, so if you think I'm wrong then be prepared to backup why :)

That said please feel free to add content!

I am also going to (roughly) mark sections with a date/month marker of when it was posted and/or last updated. Be skeptical of old information. The field changes very quickly. Old information can sometimes be as good as bad information (that is to say: not very good). So keep that in mind.

Also, this is based on business experience. If you have questions regarding video gaming I can't help you any more than basic google searching will - I quit playing video games on computers about 6 years ago, so I don't have a clue as to what the best hardware is for video games. In the past they used to conflict, so don't be surprised if I say x item is terrible but some video game site ranks it among the best; none of this is in reference to video gaming. I'll say this now, and hopefully this will be the last time but I doubt it, the requirements for video gaming and production/business/enterprise/programming/graphics/etc are not the same. A good video gaming card does not make a good 3d Studio Max card.

With that said - on with the show.


===========================================
Table of Contents
-------------------------------------------------------
1. Antivirus, Security, and Protecting yourself online - Last updated July 25th, 2012
2. So you want to buy a computer? AWESOME! - Last update August 2nd, 2012

===========================================

annnnnnnnnnnnnnnnnnnnnnnnnnd...... initiate wall of text NOW
 
Last edited by a moderator:
Antivirus, Security, and Protecting yourself online - last updated July 2012

General
There used to be a day where getting a virus/malware/scareware/et al was caused by going to a "dirty" site. We used to joke with people about it.

Well, that day is gone. It was gone about 4-5 years ago. Today there are many threats, many of which are behind the scenes. The days of a virus being something that redirects you to porn sites and causes your computer to make funny noises are gone. It's now a multi-million (in some estimates billion) dollar industry that is (largely) run from overseas.

They don't want to force you to look at porn anymore. They want to scare you into paying for bogus products, steal your identity, steal your credit card numbers, and gain access into your banking account.

To do this they sit quietly on your computer. They stopped giving you bizare popups - it doesn't do them much good. They'd rather record your key strokes quietly and send them back home. They'd rather pop up a window that looks like an antivirus program and claim that for $200 they'll remove all the viruses from your computer!

Furthermore, you can be hit by a virus by browsing a legit site that uses Google Ads. Google Ads is continually compromised with virus-laden Flash files, JPG's, and other items. Legitimate sites (CNN, Washington Post, etc) can give you viruses now if someone infiltrates their ad service provider.

You're a fool if you think you can 'smartly' use a computer with out getting a virus these days. Don't be a fool.

The internet is the new wild wild west. Do not underestimate it.

Updates
The first best setup is to keep your computer up to date. Every piece of software you install on your computer (over top of your operating system) becomes a possible attack vector. The most commonly exploited pieces of software include:
- Java Runtime Environment
- Adobe Reader/Adobe Acrobat
- Adobe Flash Player

These have regular patch cycles - normally quarterly releases and emergency patches here and there to address zero-day flaws as they are exposed.

These pieces of software account for 99.9% of the viruses I've had to remove in the last 6 years. So, tip #1 is to keep these pieces of software up to date. Every one of them has automatic update settings - enable it! And when you get that pestering pop up just do the install there. Of course it's annoying, and of course you have better things to do. The longer you wait, the more likely you are to get infected. Just run the update and be done with it.

By the same token you must keep your OS up to date. I don't care what linux distro, windows version, or apple product you're using. If there is an update available there's a good chance it closes a security hole - install it. Yes, there are updates that break things every now and again - you have to pick and choose what is important to you.

Anti Virus
Today there are many free antivirus programs. Some of them include Microsoft Security Essentials, Panda Cloud, AVG, AVast, and many more. There is no need to pay for antivirus anymore. Please don't.

I look for two things in an antivirus client:
- It effectively blocks Viruses. I don't care if it removes them, I want it to stop them from the start.
- It is not intrusive to my day-to-day activities.

By those standards I currently think Microsoft Security Essentials ( http://www.microsoft.com/security/pc-security/mse.aspx ) is the best for the windows client.

A close second is Panda Cloud Antivirus ( http://www.cloudantivirus.com ). Panda is my favorite for business clients, and I've enjoyed their cloud product.

I do not like Avast or AVG - I feel they are bloated. That said there are others who love them. Don't be afraid to try one - if you don't like it just remove it. Thats the beauty of them being free!

MAC Users - Panda Cloud Antivirus is the only one I've ever used. I recommend it, but it's not because I have a lot of experience with MAC antivirus clients.

Side note : Yes, you need antivirus if you run a mac. To think otherwise is extremely foolish. I'll leave it at that. I will, under no circumstance, entertain the idea of arguing otherwise.

Linux users - I don't have a recommendation for you. There's tons of free solutions, and depending on your distro it may be built into your OS. I run a few different Virtual Machines with linux on them for doing super awesome programming (LISP > * btw), but I don't have any experience with the AV software. If you're using Linux then odds are most of the information in this post you are already aware of. :)

If someone feels like contributing to the Linux AV section add it. I'll link to your post here.

UAC and Local Admin Accounts
(note: this section applies to Windows vista and Windows 7 (and likely windows 8))
Is the UAC annoying to you?
I bet it is. I bet you've looked for ways to disable it.

DO NOT DISABLE IT.

When a virus tries to run on your computer it needs Admin rights. If it doesn't need to log in to get admin rights then it can run without you ever knowing it ran...

So. The first thing is to keep UAC enabled. Look, as part of my job I log in and out of things probably somewhere around a thousand times a day with somewhere between 20-30 different user names and probably between 30-50 different passwords.

I know how annoying logging into things is.

You have to pick security or laziness. If your interested in security you need to at least enable the UAC.

Second, you should have your regular account not be an administrator. This way you have to type in separate username and password to do administrative tasks. This makes you think twice before you do things, and (more importantly) prevents a virus from running without you knowing about it.

Easiest way to do it is to have a user account, say: mike
and then set up an administrative account for you to use and just call it: !mike

If you need help enabling your UAC and setting up a user account, just ask.

Shopping

I don't care what protections your bank promises you. I don't care how long you've been with them. I don't care how you feel about 'credit'.

Using a debit/atm card to make purchases online is the most dangerous thing you can do while using a computer.

You don't even have to be on a compromised computer anymore. Something upstream (at the ISP, at the bank, at the telephone pole) can be compromised. It's beyond your control.

If you use a card that directly links to your bank account then if that card is compromised any money that is stolen is actually taken away from your account. It's gone. It's like someone reached in your pocket and took it out.
Will the bank work with you? Hopefully, depends on who you have.
But your ability to get those funds returned to your account may not be what you think it is. It may take weeks. It may take months. And it is entirely possible that you never see that money again. Worst yet, the entire time your money is gone. Hope it wasn't your savings account, and I hope you have money in another account to pay your bills while you try to recover what was stolen.

I have family, friends, and coworkers that have all experienced this. Again, I don't care what your bank says they will do when it happens, it is what they do when it actually happens that matters. Banks have a funny way of not living up to those commitments. Go figure.

USE A CREDIT CARD OR GIFT CARD FOR ONLINE PURCHASES.
If there is a fraudulent charge your credit card company fights the battle for you. Not a cent is removed from your account. You have much more protection this way, even with crappy credit card companies. You can fight the charges without having the money gone.

As a side note - my family no longer uses debit cards at all. I'm actually close to cutting them up. In the Northern VA/DC/MD area skimmers have become relatively popular at gas stations, ATM's, and other places. It's just not worth the risk. If you can handle managing money I strongly suggest you move past using Debit/ATM cards. They are just incredibly dangerous.

SSL
Know when you're on an encrypted page and when you're not.
http://www.symantec.com/theme.jsp?themeid=how-ssl-works

I can write a book about SSL. The bottom line is you need to know when you're on an HTTPS (SSL) and when you're not. The S in HTTPS is one clue, so is the security lock in your browser (location is browser specific). Read up on it using google searches.

DO NOT LOG INTO FINANCIAL WEBSITES THAT DO NOT PROVIDE HTTPS:// AT THE START OF THE LINK


Password Generation
Password generation has become quite the joke over the last few years. Website/companies keep upping the 'requirements' and the results are terrible. Studies are showing that the more complex we (the IT staff) require your password to be the less secure it becomes. Mainly because you start writing them down because you can't remember them (often in an excel file on your computer called 'PASSWORDS' ...) and you start using the same password for every site.

So lets get some basic ground rules that will help you out. Yes, it's a pain in the ass to change your passwords. It's a bigger pain in the ass to recover money that was stolen from you or to repair your credit after your identity was stolen.

Take your pick.

Tip 1 - use a different password for everything. Come up with a scheme that makes sense. maybe it's something like:
name of my dog + first 5 letters of the website
So, if your dog was named dog, and you have an account at BGO, your password could be:
dogbgobs

Tip 2 - Use numbers in place of letters where you can. It's good to have a symbol in there too, some places require it.

But other places restrict which symbols you can use, so be careful. best to use things like !, which you can easily tack on the end.
So your password is now:
d0gbg0bs!
Those are zeros, not the letter o

Tip 3 - You're better off using two words put together than one complex word. In essence: house + car would make a better password than: Remuneration

So, now that we know dog isn't enough, lets make it dog and his favorite toy, bone. Maybe we'll put the second word at the end of our 5 letter, site based section. so now our password is:
d0gbg0bsb0n3!

you should have a capital in there, but you now see some basics for how you can form secure passwords.

Tip 4 - Change your passwords on a regular basis. If you stick to tip #1 this isn't nearly as important (thank god!) but if you're not going to stick to tip #1 (which no one does...) tshen at least change them every 6 months. Pain the ass I know, but again you have the luxury of choosing the outcome here. Once you've been compromised you don't get that luxury anymore.

Conclusion:
Now that you have a little site based part in it, you can easily have different passwords anywhere. Say you have an account at redskins.com.
Now you have a second password:
d0gr3dskb0n3!

Two different passwords, yet you only need to remember the scheme and be able to look at the site name to figure them out. You've added a little extra layer of security to your online use.

The bottom line is that companies, websites, banks, etc all dropped the ball on this big time and our current structure of username + password for everything has left us in this terrible situation. I apoligize on behalf of all IT related people out there. Until there is a better system (trust me, they are working on it) do the best with what we have.
 
Last edited by a moderator:
stupid notepad formatting is apparently awful. i'm trying to fix some things i missed.
 
Good advice about external HDs. I use two of them and three 64 GB flash drives for the most sensitive files. Everyone should have a sound backup plan. And please don't use an online service to backup your HD - that is just asking for more trouble and it is costly. For just a few bucks more, the external HD will suffice.
 
Microsoft has had bugs and security issues for years. Why do you feel Microsoft Security Essentials is the best or reliable?
 
Microsoft has had bugs and security issues for years. Why do you feel Microsoft Security Essentials is the best or reliable?

because microsoft's problems are related to the sheer popularity and complexity of their systems - not their ineptitude.

Microsoft is probably the best out of all the major software companies (that are not entirely dedicated to security) in terms of security.

They're estimated to be about 10 years ahead of Apple, Oracle (Oracle is now in this category with their purchase of Java. Before it would be Sun. But now they bare the responsibility for the awefulness that is the Java Run-time Environment), and Adobe when it comes to security:
http://malware.cbronline.com/news/apple-10-years-behind-microsoft-on-security-kaspersky-250412

I know it's popular to hate on microsoft, but what they do on the backend and behind the scenes is pretty impressive.

If you want to talk about end user stuff - office products for example - and how cumbersome they are or how awful their UI's are, thats another story. I did a project for a senior level End-User class on office and it rated terribly.

Best is also subjective: I qualified it in my post, and my experience is what leads me to say that.

To give you an idea, here's a list of security vendors I've used over the last 6-7 years both in enterprise/business and home environments:
Trend micro, Bitdefender, Panda, Norton/Symantec, McAfee Avast, AVG, Vipre, and Microsoft.

I'm not saying that the others are awful or bad - they all have pros and cons. Except for things branded Norton/Symantec and McAfee - they are awful. I'm just saying that Microsoft Security Essentials is currently my favorite and the one I recommend the most. Panda is a close second, and you wont have any problems with it. I especially love Panda's business suite - I flat out have ZERO problems with managing an entire network with it, and it's not that expensive.
 
Last edited by a moderator:
Great thread, tshile. I've come to one great conclusion about keeping yourself safer online-convenience and security are mutually incompatible. The more convenient it is to use the less secure it's likely to be. I never use any features such as auto-fill, I always uncheck "keep me logged in" notifications and I use other security software such as Air Defense Personal, Malwarebytes, Super Antispyware...etc. in addition to my av software-I also use Web of Trust and Avast's site reporting feature and don't visit either porn or warez sites which are notorious for harboring viruses and assorted malware. I avoid torrent downloads and private FTPing. I even avoid using a contact list in my email, keeping such things in a separate file which I open for myself as needed to remember email addresses. This may seem a bit paranoid to some but the "bad guys" online are far cleverer than I am.

I have a question, I usually use a sandboxed browser and then have the av software scan the sandbox-good idea? Worth the effort? Just interested in your opinion on it.
 
I have a question, I usually use a sandboxed browser and then have the av software scan the sandbox-good idea? Worth the effort? Just interested in your opinion on it.

The specifics of your question are out of my area of expertise, so what I'm about to say is based on other experts in the field and what i've read them saying.

Sandboxing is a theoretically awesome idea that fails on many levels in practical use. Take the Java Runtime Environment. Last I checked it was the #1 most abused vector into systems - it's entirely built on the sandbox idea.

Adobe just recently shifted their Reader/Acrobat platform (starting with version 10) to be sandboxed - It still ranked #2 in the most abused attack vector.

Is what you're doing a good idea? Sure, unfortunately you can never be too safe. Whether it's worth the effort or not really depends on your specific setup and how you browse the web.

I think you'll be much safer making sure you stay up to date (and as a part of that, use popular software that has regular updates - chrome firefox and IE) and making sure you know what you're clicking on when you browse the web.

I don't trust safari. I don't trust apple when it comes to security. They got caught outright lying about security on the iPhone in how it implements ActivSync, they got caught lying about malware/viruses for their OS X line, and they used to claim themselves as being incapable of getting a virus. I respect apple for many things - their security is not one of them.

That said, if what you're currently doing works for you then there's no reason to stop doing it. If it's entirely too cumbersome then you may be happier going with the other approaches I've mentioned.
 
Tshile, thanks for the input. Chrome is my browser of choice (Firefox has become a bloated mess, IMO, especially if you tack on all the add-on toys that made it so popular in the first place).

I do, BTW, make sure I get all the latest updates for all the software I use as well.

I'm willing to put up with a little "cumbersome" to lower the risk of encountering the latest exploits. It's not ever going to be risk free obviously but I try to tilt the odds a bit closer to my favor.
 
I currently use Chrome as well. I bounce between it and Internet Explorer. I know people think IE is terrible, but it's a really safe browser. One eventually pisses me off and I switch to the other for a few months until it inevitably irritates me.

I share your feelings on firefox. I loved it - sometime around when chrome came out it went to hell in my opinion :(

(that's not a comment on it's security aspects, just on how I view it's usability and look-and-feel)

edit:

side note - extensions and addons for browsers introduce another vector for attack into your browser. That includes thing slike big bar, google bar, ask bar, et al. Be careful which ones you install and use.
 
Microsoft has had bugs and security issues for years. Why do you feel Microsoft Security Essentials is the best or reliable?


Actually, Windows Servers now are patched less than competitive server products for security vulnerabilities.
 
I had Avira on my PC, but decided to give Microsoft Security a try. Just reading the advice and explanations in this thread made sense.

I'm one of those that knows just enough about a computer to be dangerous. I don't claim to be an expert. Threads like this are a great idea.

I appreciate the honest opinions and advice.

Thanks Tshile.
 
Actually, Windows Servers now are patched less than competitive server products for security vulnerabilities.

yes, and one of the really interesting thing is microsoft is changing the server setups - they're going in reverse!

things used to be heavily command line based - big black screen, you type in commands to do what you need done. then GUI's (graphical user interface) came around and have been all the rage for the last few decades.

now they're going back to command line interfaces (powershell for microsoft). many people hate it, but there's a very simple reason.

majority of the security flaws microsoft spent all of it's time finding and patching were caused by the GUI framework and system. returning to command line interfaces will significantly reduce the number of vulnerabilities and therefore the amount of time (and money) needed to find/fix them.

thats only for the server side of things though. the end user is not getting that change obviously.
 
Two things I would like to add to the good advice Travis has posted here already:

First: Do your updates people. AV is not enough. In fact, I consider updates, especially Windows Updates, to be more important than AV. News flash, when a new virus is released into the internet every AV solution in the world is outdated. AV is by nature reactive, meaning that once a virus is released the AV companies add it to their definition list but that does not help whoever was patient zero of the outbreak.

If however, you are doing your updates and the exploit that the virus is using is already patched, you are good to go.

Second, I favor words not in the dictionary for my passwords and I favor a minimum of 8 to 10 characters. Password crackers usually rely on dictionaries for the database of things to try first when trying to crack your account. Programs will run down a list of words, trying each, in various case combinations and inserting numbers for obvious letters (3 for the letter E, ! for the number 1 or letter I or L, etc).

Admittedly, Travis's method likely fixes this but I still like to take it a step further. That I know of, none of my passwords have ever been directly compromised and I have tried.

One other thing on passwords, stay away from family names, address or phone numbers, birthdays or anything that might be quickly and easily thought of by people who know you.
 
Another thing I would recommend is getting an antilogger program. The one I like is Zemana.
 
Good Jesus man.

That Second post is the longest ever in the history of this site.
 
Will I really go blind if I keep........................Oh wait. Nevermind.


Just funnin'.

Greatly appreciate the thread, and all the free advice/help. I will put some of the recommendations to use, forthwith.
 
I like the PW suggestion. I don't think my PWs are easily crackable, but I do use a small selection of them for a bunch of different websites, only because its hard to remember more than one. T's trick should help with that!
 
nice post t.

couple thoughts....

- realize that these IDS/AV tools (commercial variants anyway) are signature based....they catch yesterday's news...not tomorrow's. it's a reactive tail chase you can't win....but it makes $$$$$!!!!!

- without going into the math...AV/IDS are a simple speed bump for the pros. but if you are going to use AV...use several. no one product is going to look at/catch the pretenders comprehensively.


others

- aside from the patching regimen t speaks to...one of the best forms of protection is simply to reduce your footprint. don't load every piece of code that comes along unless it really serves a purpose. don't load 10,000 plug-ins if you don't need them (heck......you're playuing roultte just loading the stuff)

- look at the link in the task bar before you click it...that'll save you some pain in many cases

- I know some famous folks in the IT field who...for home purposes with Internet facing machines...simply reload the entire OS once every 6 mos or so

- back-up key data and keep the back-up off-line when not in use

- travel the dark recesses of the web at your own risk.
 
Last edited by a moderator:

Users Who Are Viewing This Thread (Total: 2, Members: 0, Guests: 2)

Help Users
As we enjoy today's conversations, let's remember our dear friends 'Docsandy', Sandy Zier-Teitler, and 'Posse Lover', Michael Huffman, who would dearly love to be here with us today! We love and miss you guys ❤

You haven't joined any rooms.

    You haven't joined any rooms.
    Top