Security | Jason Palmer, CPA, CITP

Strengthening Common Passwords

August 13, 2012 By Jason Palmer 1 Comment

Raise your hands. How many of you are still using one of the following as your Password:

First Name Birth Date
Kids Name
Dogs Name
First Name Date of Hire
Password
123456
Yankees
Mets

You get the idea. A Password so incredibly obvious that you really don’t even need to write it down and stick it to the underside of your keyboard for a co-worker or family member to find it. (What? You think you’re the only person in the world who would think to hide their password under their keyboard?)

Since you refuse to make a genuinely strong password as discussed in my article, “Have YOU changed your Password recently?” let’s see if we can take your existing, incredibly obvious password and make it stronger.

Let’s start with the ever popular First Name and Birth Date. WALT1901 Yes, you do get partial credit for using both Letters and Numbers but fail because these are two pieces of information that many people who might want to get in to your digital accounts already know. I understand that it is very easy to remember. We can make is stronger with just a few minor improvements.

Let us combine the First Name with the Birth Date so that we take one letter from the first name then one number from the birth date: WALT1901 becomes W1A9L0T1 .

We can make this a little stronger still by changing the Letter “L” to a Number “1” so the new password would be W1A910T1 . Changing a letter to a number in this particular manner is a form of simple letter/number substitution called LEET. (Read more about LEET at Wikipedia here.)

A determined hacker who knows your name and birth date would figure this out fairly quickly as one of the few dozen combinations and possibilities. However, the simple modification above will keep out most nosey co-workers and family members who try the incredibly obvious first. (A brute force computer program could figure this password out in a matter of minutes because it is just letters and numbers.)

Almost any Password can immediately be strengthened by using LEET – substituting numbers or special characters for letters. LEET works well as a starting point.

Password becomes P@ssw0rd or P@55w0rd
Yankees becomes Y@nk335
Mets becomes M3t5

Unfortunately, these passwords are still very easy for anyone who knows what Sports Teams you follow to figure out. LEET substitution patterns are fairly well known. (I am ignoring for the moment if you are one of the tens of thousands who still use the word “password” as your actual “password” – LEET or not, you deserve to be hacked.)

In order to throw off those who might know that you like Baseball and may use Sports Team names as your password series, we need to add a special character and mix things up a bit.

If we take our LEET version of Yankees – Y@nk335 – and add an Exclamation point – Y@nk!335 – this makes the password extremely strong from a human attack and reasonably strong from an automated attack.

Going one step further: If we move the numbers to the front: Y@nk!335 becomes 335Y@nk! – this password is even stronger and again could most likely only be broken by a brute force automated attack. (A brute force automated attack is where the computer will keep trying every letter, number, special character combination until it is successful.)

I have demonstrated that you can hang on to your common, weak Password, so you can remember it, and apply a few simple techniques to make it significantly stronger. At the bare minimum, it is will certainly keep out noisy co-workers and family members. At best, it will make the brute force hacker’s work extremely hard to break in to your digital accounts.

A few thoughts on the selection of a Password and Strength:

Understand that every password, given enough time, will be found.

As discussed, someone trying to gain entry in to your digital account is going to try the easy, common passwords first. For example, “123456” is the most common password and “Password’ is the fourth most common password. A hacker is not going to have to use any fancy brute force attack to break in to an account with either of these two passwords. In fact, they will be the first and fourth passwords that the hacker tries to use to gain entry in to your account.

The point is that any hacker will have a list of well know common passwords that include Sports Teams, Movies, Celebrities, Comic Book Characters, Seasons, Fictional Characters, Playwrights, Composers, etc. All of these well know possible passwords will be tried first and in too many cases, will be successful.

Once you start to use Passwords that are not common and have the above techniques applied to them, you will force the hacker to use a “brute force” method of attack which can take an incredible amount of time to succeed.

Thieves like to take the cars with the doors left unlocked and the keys in the ignition.

Make sure to lock your digital accounts with a good quality password.

With a few simple modifications to your Password, you can put up enough of a challenge that most hackers will give up and move on (unless you are a specific target of an attack.)

The sites below have a combination of Password Quality Meters and the theoretical amount of time it would take for a brute force, automated attack to succeed.

NOTE: There are significant differences in the assumptions used to determine the difficulty level in cracking your Password.

DO NOT RELY SOLELY ON THESE TOOLS FOR GUIDANCE WITHOUT UNDERSTANDING THEIR METHODOLOGIES!

The three sites below take entirely different approaches to determining the quality of a Password.

Password Quality Test Tools

The Password Meter – Traditional Analysis based on Traditional Policy Theory
http://www.passwordmeter.com/

Pass Fault – Patterns Make Passwords Easy to Crack
http://www.passfault.com
Pass Fault – Analysis based on Pattern Theory
https://passfault.appspot.com/password_strength.html

Needle in a Hay Stack Theory by Steve Gibson and Test
https://www.grc.com/haystack.htm

Have YOU changed your Password recently?

August 12, 2012 By Jason Palmer Leave a Comment

Account Security is not like the Weather. You can do something about it. Almost weekly, someone reports that a Social Media Site, Content Provider, or Financial Institution has had a breach and that customer account information “may” have been compromised.

The absolute best defense against this insane level of carelessness is a good offense.

CHANGE YOUR PASSWORDS EARLY AND OFTEN.

This is an aspect of digital account security that is completely within your control.

The sites that care most about the security of your data force you to change your password on a periodic basis of no less than ninety days. If they do not force a periodic password change, take it upon yourself to change your password at least monthly. If they really care, they force you to use a “strong” password which generally means it is more than eight alphanumeric characters, must include at least one letter, one number, one special character, and is case sensitive.

Unfortunately, most sites feel that forcing you to change your password, even if for your own protection, is too invasive and not very customer service friendly.

Be honest. How many of you have NEVER changed your password on your email account? Facebook? Gmail? AOL? AIM? AppleID? Your bank account? Seriously? Never? Need I go on?

Stop reading this right now and GO CHANGE YOUR PASSWORDS. I will wait… Hmmm… still reading? Well then the least I can do is to give you some advice on creating a strong password.

As amazing as it seems, some Banks do not allow special characters as part of the password. (Special characters are punctuation marks like # @ $ ! % * . – anything that is not a letter or number.) Even without special characters, you can still make a strong password that will be difficult to guess and withstand a good number of basic hacking techniques.

Let us start by creating a password not from a word but from a phrase. Take the first letter from each word in the title of this article as a starting point. “Have You Changed Your Password Recently” would translate to HYCYPR. This is absolutely not a word in any dictionary which eliminates the possibility of a dictionary based hacking attempt. To anyone who is not you, the password looks like complete gibberish. (A dictionary attack uses an English Dictionary or a list of common words and tries thousands of them until it succeeds.)

Now, let us make it even stronger. We are going to substitute the some of the letters with their numeric position in the Alphabet. HYCYPR is going to become 8Y3YPR. H is the eighth letter and C is the third letter of the Alphabet. To keep with my own statement that a strong password should be at least eight characters, I will pad this with some extra numbers. The final password will be “ 8Y3YPR42 ” (Ignore the quote marks.) This password is now virtually impossible to guess and it is definitely impervious to a dictionary attack. By the way, I chose 42 as that is the answer to “Life, the Universe, and Everything” from “Hitch Hikers Guide to the Universe.”

Which bring up another point: Try to use a sentence, phrase or quote that is not common or attributable to your personality, likes, or habits. If someone knows you like Douglas Adams (Author of the Hitch Hikers Series) and has figured out how you assemble your passwords, this gives that person a starting point if you are being specifically targeted.

Now that you know how to make strong passwords, GO DO IT NOW for all of your accounts.

Take this opportunity to get one giant step ahead of the hackers.

Lack of Electronic Privacy – It’s your own fault.

July 29, 2012 By Jason Palmer 1 Comment

I am a Motorola Droid 2 Global Smartphone user running the Android 2.3 operating system. By default, the phone comes preinstalled with a number of useful Google applications (Apps) such as email, web browser, maps, books, etc. and one in particular that got my attention: YouTube.

I acknowledge that in order for Smartphone Applications to function, they need a certain amount of unrestricted access. This might include opening up network connections, keeping the phone from going to sleep, automatically updating your location, using stored credentials to access your accounts for transmitting and receiving data. Most of these activities are routine, necessary, and are of little cause for concern.

Now I am sure all of you are thinking, “What could possibly be troublesome about the YouTube media player app?” Answer: Its’ total and complete disregard for my personal privacy and the inability for me to set any parameters to limit its’ reach in to my phone or personal activity.

In the most recent update the Privacy Policy has changed. So much so that Google specifically brings to your attention this new level of invasive access that is something right out of a TV Crime Drama. The YouTube app may, and I quote, “Take Pictures and Videos” which sounds harmless enough until you read this part, “Allows application to take pictures and videos with the camera. This allows the application AT ANY TIME to collect images the camera is seeing.” Wait there is more: “Allows an application to perform operations like adding, and removing accounts and deleting their password.”

Excuse me? This implies that any time my Camera is on, YouTube can capture the images from the Camera and then without asking for my specific approval, act on my behalf by accessing all of my account information and permissions and transmitting the images regardless of my intent.

This sounds very much to me like that new Anti-Theft application that, upon activation, automatically turns on the Camera of your Smartphone and takes a picture of the alleged thief, tags the GPS location of the phone and updates a secure web page or emails the information for you to forward to Police. There is one critical exception: I can control that Anti-Theft Applications access to my camera, I cannot control the actions of YouTube.

I would like to believe that I am misreading the privacy policy and that what Google really means is that the above can only happen when I have the Camera on and INTEND for the YouTube application to upload my images to the YouTube service. However, that still does not explain the part about the ability to, “add/remove accounts and delete passwords.”

If the intent of Google is to “act on my behalf with my explicit instructions and approval” then they should clearly say so. If not, I am concerned that if I permit YouTube the access it seeks, I might have just given up all privacy rights to every photo or video I take with my phone because I have given Google complete and total access to those images.

Unfortunately, there is really no one to ask for clarification about the Privacy Policy at Google. I did use the Privacy Policy Contact Us form but the confirmation page was less than comforting in its response to my inquiry: “We’ve received your message. We’ll follow up with you only if we require more info or we have additional info to share.”

More users need to READ the privacy access permissions being requested by Smartphone and Software Applications and recognize exactly what they are signing away in terms of personal privacy. Then, they need to contact the developers or providers of the service and refuse to accept the terms and NOT USE THE APPLICATION until the privacy policy is corrected.

Perhaps the best example of a complete and total disregard for personal privacy of any kind is Facebook. The site gives the appearance of allowing users to set controls over how their information is used and shared. The practical reality is that every Facebook App wants the ability to act as if it is you with full access to your address list and all of your information. It wants to “post to your wall” at will with no opportunity to for you to review what the App will post.

Obviously, the other 799,999,999 Facebook users (of the 800 Million) are completely comfortable with allowing Facebook and most Applications to have an “All Access Pass” to every single piece of information listed in the Facebook ecosystem. I must be the only one to be concerned as Facebook since as popular as ever.

My point is that due to our own lack of action, we are giving away our information then complaining about it after the fact.

If you are concerned about the state of Electronic Privacy, get involved with the Electronic Frontier Foundation. Their mission is to defend your rights in the Digital World.

Forewarned is forearmed. If you know that the privacy policy is overly invasive and access to your information is virtually unrestricted, be mindful of what you post or allow any site or service that has a sharing component to know about you.

The age old adage, “Never put anything up on the Internet or in an email that you would not want on the cover of the New York Times” still holds true. (Or, you might just be reading about it in the morning paper.)

One Final Note: Institutions that manage your personal financial data take privacy very seriously and go to extreme measures to make sure that your information stays secure. They may share your name and address for marketing purposes but your sensitive information is not shared without your express permission. An example would be release of financial information for a credit application.

To view the Google Privacy Policy, visit:
http://www.google.com/policies/privacy

To learn more about the Electronic Frontier Foundation, visit:
http://www.eff.org

Help – My Computer is infected with a Virus!

July 22, 2012 By Jason Palmer Leave a Comment

It is not a question of if your computer will get infected a Virus, Trojan, or some form of Malware/Spyware, it is just a matter of when. The Microsoft Windows family of operating systems are targeted by hundreds of thousands of malicious software programs regularly. Even with the most up-to-date Antivirus software, infections do happen. No Antivirus software can catch every attack and variant all the time.

If you can still access the Windows “Start” button, access the Internet, and install Programs, the Antivirus Scan and Removal Tools listed in my article, “What did your Antivirus Software Miss?” will usually resolve and remove the minor infection from the offending software.

If the virus has taken your computer desktop hostage and is holding it ransom, telling you to click on a link to access a web site to make a payment for an “unlock” code – which will magically “fix” your computer, then more drastic measures are required.

Such is the case with a recently encountered, “File Recovery” virus that has started to make the rounds this past week.

Note: The majority of viruses, even Root Kits, can be removed and your Computer restored to its’ “pre-infection” state. It may just take an incredible amount of time and patience to go through the steps required to remove the virus.

This would be a great time to remind everyone that if they had an “Image Backup” of their computer prior to the infection, they could simply perform a “Restore” and roll-back the computer to a time BEFORE it was infected. See my article, “Image Backup – True one-click Restore for Disaster Recovery.”

As an example, the “File Recovery” virus encountered displays fake alerts and warnings claiming a number of hard drive errors and that failure of the hard drive is imminent. In reality, NONE of these warnings are real. The entire purpose of the malicious program is to scare you in to purchasing the “File Recovery” software and stealing your personal financial information. (You will presumably be entering in a credit card number to make the purchase.) In addition to bogus alerts, it changes the Windows desktop to solid black, hides any desktop shortcuts, and hides all of the program files and many other folders. It definitely gives the appearance that all of your programs and data are missing. The File Recovery Self-Defense tactics block access to the Windows Task Manager, Windows Registry, and all Windows system utilities.

Just for reference, a sample screen shot of the fake warning page is shown below.

Regardless of if it is the “File Recovery” virus or some other nasty virus, they all tend to exhibit many of the characteristics described above. Most importantly, to the average individual, they strike a sense of fear and panic hoping you will pay them the ransom to “clean your computer” of the dreaded infection. DON’T.

Instead, start by seeing if you can figure out which specific malicious software program is infecting your computer. For example, in the screen shot above, the title in the window on the upper left hand side is called “File Recovery.”

Visit your favorite search engine, like Google.com and type in “File Recovery Virus”. You will immediately see dozens of sites with instructions on how to remove the File Recovery Virus. In most cases, the steps are well documented for removal. Many include screen shots and instructions telling you exactly what to click and type and the expected response from the computer after each step.

Here is an example of the comprehensive instructions which I used to remove and clean up after the “File Recovery” virus infected one client computer this week.

http://malwaretips.com/blogs/file-recovery-virus

Most of the well-known Antivirus vendors provide hundreds dedicated removal programs for specific well known viruses that are available free-of-charge from their support sites. Each specialized removal program is optimized to disinfect your computer from a specific virus infection.

In addition, most of the vendors provide some level of advanced “Rescue” Antivirus scanners and removal tools that are available free from their web sites to assist in extreme lock-out cases. These are programs that run in command line mode or have a custom boot image that bypasses the severely infected Windows operating system so that the Antivirus program can “kill” the malicious program BEFORE Windows starts.

For example, even if the computer seems to lock you out in Windows “normal” mode, many viruses can be tricked or stopped by restarting the computer in Windows “Safe Mode with Networking.” In extreme cases, when the only thing you can do is restart the computer in Windows “Safe Mode Command Line Prompt”, the “Rescue” utilities are the solution of last resort and will start you on the path to recovery.

Much of the above depends on not on your technical ability but on your willingness to methodically follow a specific set of instructions and be patient. From any given search, there will be dozens of responses. Review a number of them to make sure that your situation applies, (based on the symptoms) and see if they are all basically providing the same steps to remove the virus. Then pick one and stay with it until completed. In my example with the “File Recovery” virus, the instructions had screen shots, told me exactly what to type at each step of the way, and the responses I should expect to see if successful.

Depending on the Antivirus software product you use, the vendor may provide advanced virus support removal assistance. With some vendors this is free, like Vipre from GFI.com, with others, like Trend Micro there is a $50 support charge for assistance. Do not expect to find live human support if you are using one of the many “free” versions of Antivirus software such as AVG, Avira, Avast, or ClamAV.

Understanding the support and virus removal services provided and associated fees, if any, available from your Antivirus vendor should be a major consideration in choosing your Antivirus Software.

I personally like Vipre from GFI.com for their outstanding, free virus removal support available via Web Chat and Telephone. GFI/Vipre Support has helped me remove the nastiest of virus infections at no additional cost. Support was included with the nominal cost annual virus update subscription which every vendor requires for you to obtain and download the latest threat definition databases to the Antivirus software.

Finally, there are a number of well-known sites that specialize in providing free virus removal assistance and tools through a community of volunteers. Most provide support and response that exceed that of the major Antivirus vendors. Realize that with rare exception, any virus infection on your computer has been seen before by the “community at large” and therefore Google.com will have a wealth of references to sites with information on how to remove it.

If you are faced with a complex virus problem or would just like some professional guidance on what to do after your computer has become infected, feel free to contact me for assistance. “The Doctor” is always in.

Antivirus Removal Sites – All have specific popular virus removal instructions.

Either Search the sites below for the specific virus, or join for free and post your problem.

http://www.bleepingcomputer.com
http://www.malwaretips.com
http://www.myantispyware.com
http://www.im-infected.com
http://trojan-killer.net

Specialized Antivirus Removal Tools – Major Vendors

Symantec
http://www.symantec.com/security_response/removaltools.jsp

Kaspersky
http://www.kaspersky.com/virus-removal-tools

McAfee
http://home.mcafee.com/virusinfo/virus-removal-tools?ctst=1

Trend Micro
http://esupport.trendmicro.com/en-us/home/pages/virus-and-threat-removal.aspx

GFI.com – Vipre Rescue – Command Line – Last Resort – Removal Tool
http://live.vipreantivirus.com

Mac Users

McAfee OS X/FakeFlash Detection and Removal
http://www.mcafee.com/us/downloads/free-tools/macstinger.aspx

Image Backup – True one-click Restore for Disaster Recovery

July 16, 2012 By Jason Palmer Leave a Comment

Image Backup is the only true one-click Restore option for recovering from a hard drive failure. An Image Backup makes an exact mirror copy of your hard drive at a point in time.

It is the best of both worlds as you can either Restore your entire computer, like to a brand new hard drive after a failure, or you can select individual files, like that important proposal that you accidentally deleted today, but you know you backed up a few days ago.

The true value of Image Backup software is the incredible time savings in the recovery process and the speed at which you can get back to work and be productive after a hard drive failure. Everything on your computer will be restored like a photocopy back to the time of the last Image Backup. If you backup nightly, the amount of potential data loss is minimized to less than a day.

[Mac users with current generation equipment have Apple Time Machine which offers a proprietary Apple backup solution that essentially accomplishes the same effect as an Image Backup and Restore.]

Many of you are probably thinking, I use DropBox or Mozy, or Carbonite or some other File-by-File, (more specifically “File only”) backup solution. Well some form of backup is better than none but here is the dark secret: Sure your critical data files are protected, but what about everything else? How do you get back all of those Windows Operating System files, software applications like Microsoft Office, your Outlook email and calendar, printer software, scanning software and drivers so that you can access your critical “backed up” data files? The short answer is you really don’t – at least not easily.

Question: How many of you have “all” of your original software installation disks for every software application presently installed on your computer AND the license keys? Did you make that set of Windows Operating System Recovery Disks that you were prompted to make in the first weeks of owning your computer? I am sure that everyone here has their Microsoft Office License Key right? No? I thought so.

Let’s use the following example: Assuming you had all of the above, after a hard drive failure, the manufacturer sends you a replacement hard drive that is completely empty. (Regardless of if you install it or the manufacturer sends out a tech, it is still empty.) It does not even have the original Windows Operating System on it. (Blame Microsoft who claims it is to prevent piracy.) Instead, you have to play computer technician and install a factory fresh copy of the appropriate version of Windows to your computer from a set of Recovery Disks. (Even if you paid for Software Support from the Manufacturer, all the tech will do is install the Windows Operating System – nothing else.) This takes about one to two hours.

Then, you have install any hardware manufacturer specific drivers for your Video Card, Network Card, Motherboard, Audio/Sound card and possibly WebCam and apply the hundreds of megabytes of Microsoft Security Updates and Operating System Patches.

Now it is on to the Applications: You have to re-install Microsoft Office, your Printer Driver Software, Adobe Acrobat Reader (or perhaps Professional), Adobe Flash, Adobe Shockwave, JAVA, and maybe iTunes, AOL Instant Messenger or Skype. If you have a label printer or scanner, you have to re-install that software too. Are you getting the picture here? Hopefully there is a Star Wars Trilogy on TV because you have about six hours to kill while your computer dutifully takes in disk after disk.

And, every piece of software just mentioned in our example probably has an update so Microwave another bag of Popcorn and see what’s on Comedy Central because at this point you really need some Comic Relief.

If you had an Image Backup of your hard drive before the failure, you would place a CD-Rom Boot Recovery Disk (or bootable USB drive) in to your computer after installing the replacement hard drive and simply turn the computer on. In a few moments, you would be asked to point to the location of your Image Backup Set – which would most likely be on the External Hard Drive you use for your daily backup. Then, after selecting the most recent Image Backup, you would sit back for about 45 minutes to an hour and upon completion of the restoration process the Computer would restart and all would be as it was before – EXACTLY.

Your desktop wallpaper, every icon on the desktop, every application fully functional, every file exactly where you left it, every song, picture, Word document, PDF – everything would be identical and 100% operational as if nothing had ever happened (up to the point of the time and date of the Image Backup.)

The last paragraph is a real world example. Today I was at a Business client where Symantec System Recovery for Desktops is installed. (The data files are synchronized and stored on the Office Network File Server and backed up separately.) The hard drive of one notebook computer failed and a replacement hard drive arrived today. This notebook is used by a CPA and it had at least twenty Accounting specific applications, many of which were complex to install and configure, along with dozens of desktop icon short-cuts on the desktop. (Because the applications and configuration do not change that often, we refresh this notebook Backup Image about once a week or when applications are updated. Daily Backups are recommend for any home or single PC user where both the applications and data are stored on the local hard drive instead of an Office Network File Server.)

I installed the new hard drive in the notebook in about ten minutes, started the notebook with the Recovery Program (on a USB drive instead of a CD-Rom), did a couple of mouse clicks to point to the latest Backup Image and in under an hour, the user had his computer back EXACTLY as it was with every application fully functional and icon in its’ place.

File-by-File backup makes Recovery of the Operating System and Applications a Disaster.

Image Backup Software provides true Disaster Recovery that is completely painless.

Note: This article discusses Image Backup Software for Desktops. Similar editions exist for File Servers. For complex Server environments, a combination of both Image Backup Software and dedicated File-by-File Backup Software is more appropriate especially when applications such as Microsoft Exchange, Sharepoint or Microsoft SQL are involved. All of the vendors listed below have a full line and range of Image and File-by-File products for desktops, Servers, and Virtual Machines.

Here is a list of Image Backup Software Products that I like and work:

Symantec System Recovery – Available for Desktops and File Servers
http://www.symantec.com/theme.jsp?themeid=system-recovery

Storagecraft Shadow Protect Desktop
http://www.storagecraft.com/shadow_protect_desktop.php

Acronis – True Image Home Desktop
http://www.acronis.com/homecomputing/products/trueimage

Acronis – True Backup & Recovery Business Workstation (Desktop)
http://www.acronis.com/backup-recovery/workstation

AppleCare Protection Plans – It’s Genius

July 14, 2012 By Jason Palmer Leave a Comment

AppleCare Protection Plans are a necessary component of any Apple Product Purchase. AppleCare is Apple’s own hardware and software support offering delivered via phone or at any Apple Store.

AppleCare adds anywhere from 15% to 30% of the purchase price but extends the coverage from one year to two years for iPods, iPhones, and iPads and to three years for Macs, Mac Books, and iMacs. While under warranty only Apple or Apple Authorized Service centers can repair your units. Once the warranty expires, there are a variety of service shops that can replace cracked screens and cases on iPods, iPads, and iPhones and others that can do more advanced repairs on Macs, Mac Books, and iMacs.

If your iPod, iPhone, or iPad is under AppleCare, instead of getting a repair to your original unit, you get an Apple Brown Box (Factory Refurbished to like new) unit in exchange. For Mac Books, Pros, iMacs, and Macs, if within the warranty or under AppleCare, these units are repaired by Apple directly and in extreme cases are completely replaced with Apple Brown Box (Factory Refurbished to like new units.)

The most compelling feature of AppleCare is the significantly discounted Accidental Damage replacement option, up to two times, on any iPod, iPhone, or iPad for a flat $49 fee. Considering that cost of an iPad ranges from $499 to $829, with AppleCare at an additional $99, one cracked screen and $49 puts you ahead of the game. (AppleCare at $99 plus Replacement Fee of $49 is $148 which is significantly less then purchasing a new one or even the exchange/replacement option described below.)

If you have an Original iPad/ iPad2 and crack the screen and you do not have AppleCare, the cost of an exchange/replacement iPad2 at an Apple Store is $249 at the Genius Bar. (The cost would be $299 to replace the new iPad – a.k.a. iPad3.)

Realize that with or without AppleCare, you can walk out of an Apple Store with a Factory Refurbished iPad that might as well be brand new because you cannot tell the difference as the case and glass are in perfect condition.

The above experience with a cracked iPad2 screen is real. The names and genders have been carefully omitted to protect those claiming innocence.

Our story begins in 2011 when a family member purchased an iPad2 for another family member for a birthday and overlooked the purchase of AppleCare. The iPad2 was dropped or banged up against something and the Touch Screen cracked. My first inclination was to look for one of the many iPad Repair Services on the Internet. Price, speed of repair, and location were all considerations. Candidly, I did not have a week or more for shipping back and forth to another State. I found a top rated repair shop, actually with the lowest price of $130 in Hoboken NJ, just a PATH ride from Midtown Manhattan. They could even do the repair, “while you wait.”

If I were to hike out to Hoboken and wait for the repair, it would take me a minimum of four hours, assuming approximately two hours of roundtrip transit and about two hours or so for the repair. To do the repair, they pry apart the iPad2 and replace the damaged screen. A major consideration of not having the unit repaired vs. just going to the Apple Store for an exchange was not knowing if the screen was the only component that was actually damaged. And, then I had to consider four hours of my time vs. an approximate $100 savings ($150 Repair plus Transit vs. $249 for Apple Store Exchange) – and getting back a year plus old iPad2 that might still have other issues.

I decided that I would have the best outcome with the least amount of aggravation by simply making an Apple Store Genius Bar Appointment and exchanging the damaged iPad2 for a “Brown Box” Apple Factory Replacement unit.

I could not have had a more pleasant or better experience at the Apple Genius Bar.

Within minutes of my appointment time, an “Apple iPad Genius” made an introduction, surveyed the situation with the iPad2, took down the serial number, completed some quick electronic paperwork, and went in to the back room to get a replacement iPad2. Then, verified that there was a current iCloud backup of the damaged iPad2 data, had me wipe our personal data from the damaged iPad2, helped me setup the replacement iPad2 and restore the data from iCloud. I was in and out of the Apple store in less than 30 minutes.

The experience at the Apple Genius Bar had been exactly the same with my Mac Book Pro 17” which is under AppleCare and had an issue with its’ Power Port connector. The part was changed out in less than 30 minutes. For the Mac Book, Pro, iMac, and Mac’s, some repairs and issues can be done while you wait like the Power Port connector. Others like hard drive and system board replacements or screens, requires you to leave your unit for a few days.

As Apple makes the hardware, operating system, and many of the applications, it makes sense to have the experts at Apple Support help you. AppleCare offerings along with the Genius Bar give you a one-stop service and support experience like no other.

Cost of AppleCare? – A few extra dollars.

Benefit of Genius Bar Expert Help, Factory Replacement Units or Certified Repair Parts and a working Apple Product in the shortest period of time? – Priceless.

[For everything else, there’s Windows…]

Learn more about AppleCare Products at:
http://www.apple.com/support/products

What did your Antivirus Software miss?

July 13, 2012 By Jason Palmer 2 Comments

Most people assume that just because their Antivirus Software subscription and version are up-to-date, they are fully protected from all malicious threats. Symantec, Trend Micro, AVG, and McAfee all do an extreme marketing job to make you believe that “their products are the best” and that as long as you have their top-of-the-line subscription, you are safe.

This is not entirely true. No single Antivirus software product can protect you from all threats all of the time. Even though many claim to protect you from unknown viruses and Zero Day Attacks, the practical reality is that every manufacture will miss some malicious threat some of the time.

How do you check the health of your computer to see what your Antivirus software missed? It’s easy. There are a number of free tools available that will allow you to scan for different types of malicious threats and most importantly, fix any problems found during the scans.

(Cautionary Note: Many of the so called Free Scan Tools advertised on download web sites, banner advertisements, and TV/Radio ads are nothing more than sales pitches to get you to purchase their full product which is the one that will do the fix. Their free tools just tell you there is a problem. What good is a free scan if the free product does not remove the malicious threat?)

It is best to use more than one tool because each will excel at diagnosing and eliminating a different type of threat. Some focus on mainstream viruses, others on Spyware, or Annoyances like browser toolbars or games and seemingly innocent programs violate best practices privacy policies for use of your personal information.

Here are the five best known of the bunch. Each uses a different methodology to detect and remove the nasty stuff that can get in to your computer. Take the time to run each program, accept all of the defaults and see what they find that your currently installed Anti-Virus Software product missed. (Sorry Mac users, most of these are Windows only programs but there are a few for Mac at the bottom of the list.)

Windows Options

Trend Micro – Housecall – General Viruses
http://housecall.trendmicro.com/

SuperAntiSpyware – Spyware, Adware, and Malware
http://www.superantispyware.com/

Malwarebytes Anti-Malware
http://www.malwarebytes.org/ – Malware – Root Kits, Worns, Trojans

Spy-Bot Search and Destroy – Spyware, Adware, and Malware
http://www.safer-networking.org

Ad-Aware 10 – Adware and Spyware (and just added Anti-Virus detection)
http://www.lavasoft.com

Mac Options

BitDefender Online Virus Scanner (for Mac)
http://www.bitdefender.com/solutions/virus-scanner-for-mac.html

Note: The Mac Anti-Virus Products listed below require download and installation but are 100% Free.

Comodo Antivirus for Mac – FREE
http://www.comodo.com/home/internet-security/antivirus-for-mac.php

iAntivirus (A Symantec/Norton Antivirus Product) – (Mac) FREE
http://www.iantivirus.com

ClamXav – (Mac) – FREE
http://www.clamxav.com

Should you find a virus you cannot remove and your Software Anti-Virus vendor cannot help you, feel free to contact me for assistance.

Tech Support Contracts Insure Productivity

July 12, 2012 By Jason Palmer 2 Comments

Technical Support Contracts are the ultimate safety net to keep you productive when bad things happen to good computer software and hardware.

Software support contracts enable you to call an expert in near real time and get immediate assistance with any usability issues or errors allowing you to get back to work as quickly as possible.

Hardware support contracts, depending on the response level purchased, can provide replacement parts same day or next day, with or without a trained vendor technician to install them for you.

If your TV Set or iPod fails, it will probably not impact your ability to make a living, so a discussion of the value of support and service contracts on consumer electronics gear are a topic for another day.

Last night, after the monthly Microsoft Patch Tuesday updates applied, my computer requested to restart. I dutifully complied and walked away for a few minutes. When I came back, I heard a “jet engine” sound – which was the computer fans running at full speed with nothing but a green power light, no hard drive light activity and nothing on my computer screen. As a Computer Professional, I followed the appropriate diagnostic protocol and sadly determined that the motherboard had failed in my one month old computer.

As my desktop computer is critical to my daily productivity, I had a same day, four hour response hardware technical support contract on it. I called the manufacturer late in the evening, went through some additional troubleshooting steps and the support person concurred that the Motherboard needed to be replaced. A Tech Support Case was created for morning dispatch and by 11am a Courier had arrived with my new Motherboard. To expedited matters, I installed the Motherboard myself but I could have easily arranged for the manufacturer’s technician to stop by and install it for me. In fact, the assigned technician to the on-site tech support case called me around 9am to advise me that the part was in-transit and that he was available in-person or by phone at my discretion.

Within an hour of the part arrival, my PC was fully operational and I was back to work and getting on with my day. Without a Tech Support Contract, had I relied on the standard warranty, it would have taken one full business day for dispatch of the part and the technician.

Had this been a Consumer class PC instead of a Business class PC, the only option might have been to send it back for service to the manufacture or wait up to a week for on-site service – if even available. This difference in the standard business class system warranty options, in and of itself is a good reason to purchase “Business Class” systems vs. the consumer oriented models available at warehouse clubs and consumer electronics stores.

Had I been unable to work for more than a few hours, the lost revenue and productivity would have far exceeded the nominal cost of the same day, four hour response Tech Support Contract. In most cases, these premium option Tech Support Contracts cost approximately 20% of the list price for same day service and a little as 10% for guaranteed next business day service. When you look at the cost of not being able to do your work compared to a few extra dollars for the premium warranty options, the value becomes clear.

Even though my data was fully backed up, I still would have needed a system to run all of my software applications: Quickbooks, Microsoft Office, ACT!, Google Apps, etc. Compared to having a similarly configured spare system, or my willingness to purchase one at full retail – assuming one was available with comparable specifications, the least expensive, most expedient option was and is to have a current, in-force Tech Support Contract for my personal computer with the same day service option.

I would like to point out that my data was never at risk. I have rock solid backups of my data both on-site and off-site – I just could not get to my applications and data – until my desktop PC was fixed – to do my work. Had this been a catastrophic failure of the hard drive or a complete loss of the system (Fire Damage or Theft), of course, I could have done a full restore to a new hard drive or completely new system. And that would be expected for those situations.

Software Updates fix things before they Break

July 11, 2012 By Jason Palmer Leave a Comment

Software Updates are an important part of periodic maintenance for the programs that keep your technology running. If the “Check Engine” light came on in your car, would you keep driving until the car finally broke down completely? No, you see the “Check Engine Light”, and if you are like most people, you get your car to the mechanic as quickly as possible to have the problem investigated and repaired.

When a Software Vendor, such as Microsoft, Adobe, Oracle (Java), or Apple, releases a Software Update, that is the equivalent of of the “Check Engine Light” telling you there is a potential problem in your technology that needs to be addressed and fixed as quickly as possible.

You have probably noticed that major software vendors that release a large number of patches categorize them in to three basic categories: Critical – as in “ignore at your own risk and peril”; Recommended – as in “I would if I were you”; and Optional – as in “We really think you should install this for the new feature, but the choice is yours.”

Some vendors release Software Updates on a periodic schedule like Microsoft with “Patch Tuesday”, the second Tuesday of every month, to help customers plan and schedule maintenance. Others release Software Updates on an as needed basis and ALL will usually release a critical patch as soon as available.

If you are the type to change your oil “per the car manufacturer’s recommendations” and follow the recommended scheduled maintenance, then you should be following the Software Update Patch schedule of your software vendor and applying the updates as soon as possible on the same scheduled, periodic basis.

Most software products and computers have an “auto-update” feature that is turned on by default. This is usually the best setting for the majority of users. The software or operating system or computer, “phones home” to the Vendor to get notice of any updates and either automatically installs the software update or notifies you that one is available.

To drive home the point of the importance of Software Updates, I just spent the last seventeen hours updating and undoing the damage caused by lack of scheduled maintenance on a File Server. The “Check Engine Light” was on for over a year and no one took any action. You might say I did a transmission rebuild, flush and fill of the radiator, and removed the sludge in the oil pan, all in one service call. Considering that I earn at least as much as an auto mechanic, this was an expensive repair job. And, the company lost two days of productivity with no access to their accounting system, files, or email.

Since few, if any updates were applied by the prior computer consultant, instabilities in the software manifested themselves and caused a cascading failure of the operating system. Conflicts between various drivers – special pieces of software that tell the Windows operating system how to interact with the hardware – and the Windows Server Operating System were causing the infamous BSOD – “Blue Screen of Death.”

Software Updates fix things before they break – and so should you by applying them.

However, if you find that you too have ignored the “Check Engine Light” on your technology and need some after the fact assistance, consider me like the “Triple A – American Automobile Association” and feel free to contact me for a “Tow” back to the Computer Repair Shop garage to get your systems back in working order.

An Information Technology Inventory – Cheap Insurance

July 9, 2012 By Jason Palmer Leave a Comment

My father’s absolute favorite expression regarding life was, “The time to sharpen your claws is not when you hear the Hunter’s call.” Dad was a big fan of the Boy Scout Motto, “Be Prepared.”

Today, I received the classic periodic frantic call from a potential new small business client who obtained my name as a referral that her current Computer Consultant was resigning her account effective virtually immediately. He was at least kind enough to hand her a network information sheet with some very limited user name and password access information for the Server and Firewall but not much else.

To make matters worse, the former Computer Consultant mentioned to her that the Server was having a number of issues that needed to be addressed immediately. (It turns out the abrupt resignation was due to his inability to resolve the issues. So rather than seek assistance, he quit the account before a total meltdown could occur.)

As I started to ask her questions about her information systems and technology, even simple questions like “How old is the File Server?” or “Can you tell me the manufacturer”, and “How many PC’s do you have?” – I could see through the phone the blank expression and hear the complete panic in her voice.

Sure, if you point most qualified Information Technology professionals in the general direction, they will be able to inventory and reconstruct the missing documentation and put Humpty Dumpty back together again, but that takes time and is an unnecessary delay and expense that can be prevented with a little preparation.

Here are the pieces of information that YOU should know about your Information Technology Environment REGARDLESS of who is responsible for maintaining it.

As you read through the list below, you may see a number of technology terms that you are not familiar with and that’s O.K., because the person who set up your Information Technology Systems – your Computers, File Server, Software, Network, Firewall, Email, Internet Access, and Web Hosting certainly does (or should) understand these terms and can write the answers down for you.

Physical Inventory: The manufacturer, purchase date, serial number, warranty expiration date and service level (same day, next day, on-site or off-site), and support phone number for each piece of hardware including: Computers, Monitors, Printers, Firewall, Network Switches, and File Server, as applicable.
Software Inventory: Application Name (i.e. Quickbooks or Microsoft Office), License Number, Number of Users Licensed, Support Contract Information including start/end date and support phone number.
Server Information: Operating System, Administrator Login and Password, IP Address, Server Installed Applications (i.e. Microsoft SQL, Microsoft Exchange, Accounting Software); Active Directory Domain, DHCP Scope, Drive/Partition Volume Information.
Network Information: IP Map which includes Static IP Device Assignments (usually Printers); Router/Firewall Information along with User Name and Password, If a Firewall, then Support Contract Information for Updates and Contact information for assistance; Wiring Diagram for Office and Jack/Patch Panel Number Assignments.
Internet Access Provider Information: What type of technology? – Cable Modem, DSL, FiOS, T-1, Ethernet over Copper, or Building Provided Ethernet? Who is your provider? (i.e. Cablevision, Time Warner, Verizon, etc.) Do you have a Dynamic or Static IP Address assigned? If a Static IP Block, how many IP’s? Along with Sub-Net, Gateway, and Doman Name Server information IP’s. Is there an online control panel to manage your account? If so, user name and password access information as well as the URL to access the control panel. Is there a term contract in place? If so, then start date and end date, along with name of Account Manager and Technical Support phone numbers and contacts.
User Information – Full User Name with Login information for each account that accesses the network resources (i.e. File Server); Optionally, Password Information if a small environment, as applicable; Which computer they use to access the network and the specific network resources they are permitted to access: which directories on the Server, which Printers, and which Software Applications. Secondary User Name and Password information for any Client/Server Software Applications like Quickbooks, ERP Systems, Accounting Software, etc.
Email Information: Primary/Secondary Domains, Anti-Spam and Anti-Virus solution, if applicable; Full list of all email account addresses including any generic addresses such as info@ or sales@ and if they are configured as mail forwards or mail alias’s. Type of Mail Server: POP3, IMAP, Microsoft Exchange, Office365, Google Apps for Business, etc. Who is responsible? Internet Service Provider, Computer Consultant, Web Hosting Company, Internal Email System (On local File Server?)
Web Site Hosting Information: Domain Registrar Information including Account Name and Password; Web Hosting Company – i.e. 1and1, GoDaddy, local Internet Service Provider, hosted on Local File Server? – And appropriate account and contact information.

Armed with this information, you will be prepared with the critical details necessary so that any reasonably qualified Information Technology person can step in and take over without too much issue on short notice and keep you operational.

If you are in the New York City metropolitan area and find yourself suddenly without your Computer Consultant, feel free to use my contact page for assistance. I specialize in crisis situations – that would be resolving them, not creating them.

« Previous Page