I was recently with a client who wanted to give their old software to other people or organizations. In general, giving to those less fortunate is a kind thing to do. However, there are circumstances when this generosity is not kind or legal.

The most obvious problem is that most software allows for people to install it only on 1 computer. This is where we run into the legal issue. You can’t give your old software to another person or organization to use on a different computer. You may be allowed to do this if you give them the entire PC, but on the whole, regiving software is frowned upon.

The second and less obvious issue is security. Some of the software that my client wanted to pass on was antivirus software. These are a security nightmare. The recipients of the software will believe that their computers are safe and secure but they aren’t. When people believe they are safe online, they take risks that they wouldn’t if they knew that they were unprotected. Therefore, this false sense of security is more dangerous than going without security software.

I don’t believe that people should go without security software so I would like to point out some excellent and FREE (to home users, not businesses) security software.

1. Avira Antivir:              Download it HERE.
2. MalwareBytes:             Download it HERE.
3. SuperAntiSpyware:       Download it HERE.

Tim

If you found this post to be informative, consider following Biden PC on Twitter.

Biden PC is a Computer Network Consulting Company and we now offer Online Computer Support.

Microsoft just released 2 “High Priority” updates to help protect your online safety.

Yesterday a “Zero Day” vulnerability was discovered that allows malicious and hijacked websites to steal passwords that you have saved in Microsoft Internet Explorer. All versions of explorer are affected and should be upgraded and updated.

To update your system,

1. Open Internet Explorer (ironic, isn’t it?) and go to:
   http://www.update.microsoft.com.
2. Click on “Express”.

This will update your system with all necessary updates including the 2 new ones that came out today.

Keep yourself safe online. Keep your computer updated.

Happy Computing,

Tim

Biden PC is a Computer Network Consulting Company.

If you found this post to be informative, consider subscribing to our Biden PC’s RSS feed.

Two researchers from the Technical University of Darmstadt, Germany, have discovered a method of bypassing the WiFi Protected Access (WPA) encryption used by many wireless routers.

The exploit takes advantage of a weakness on networks that use WPA with TKIP (Temporal Key Integrity Protocol, a security algorithm based on key switching that is used to strengthen the WPA encryption) by circumventing the algorithm that encrypts the Wi-Fi data packets. Researchers Erik Tews and Martin Beck, who are members of the ethical hacking group known as Aircrack-ng, have not only discovered how to bypass WPA, they’ve also created a tool to do so. They plan to release the tool at the PacSec conference next week in Tokyo, Japan, Aircrack-ng member Rick Farina confirmed to PC Magazine on Friday.

…

Because the exploit is specific, users simply need to change the WPA encryption to work with AES or change it to the much more hardened WPA2. If your router doesn’t support WPA2, the best course of action is to shorten the timing of the TKIP in the routers, so that keys are refreshed every two minutes or less. The fast refresh makes it harder but not impossible for hackers to gain access. The best course of action, however, is to buy a new router that supports WPA2.

View the entire post HERE.

Happy Computing,

Tim

Biden PC is a Computer Network Consulting Company.

If you found this post to be informative, consider subscribing to our Biden PC’s RSS feed.

“What is computer network consulting?” I get that question from time to time and I think this would be a great time to answer it.

Computer network consulting is one of those ambiguous terms that includes many different issues. In short, the best answer you can get is to ask each company what services they provide for their clients and customers.

I’m certain that if you do ask other computer network consulting companies what services they provide, their list would be a lot like ours. If you ask me that question, I would say that we do the following, and much more…

• Install and upgrade a networks, servers, and workstations
• Monitor the health of your network, servers, and workstations
• Monitor the health of your network’s routers and switches
• Prevent virus attacks, network intrusions, and network security issues
• Internet connection support
• Preventative maintenance of network and computers
• Network troubleshooting and repair
• Network hardware, software and cable sales
• PC troubleshooting and repair
• Provide desktop support

Those are among the many services that our clients love us for. The short of it is, we keep their network and computers running efficiently so they can keep their business running smoothly.

If there are any specific computer services that you or your business are in need of, contact us.

Happy Computing,

Tim

Biden PC is a Computer Network Consulting Company.

If you found this post to be informative, consider subscribing to our Biden PC’s RSS feed.

I have a client who has a Microsoft Windows Small Business Server 2003 system on his network and he is asking me to compile a list of his users’ passwords. The problem is that even with administrator access to the server, I can’t see the employees’ passwords. I informed him of this and gave him these 3 options as to how he can achieve such a list.

1. He can ask his employees for their passwords and compile the list himself.
2. I can create the list and adjust the users’ settings so they can’t change their passwords. I can then give them new ones.
3. The most secretive way is to perform a brute force attack within the server to attempt to discover the employees passwords. I would then create the list. If they change their passwords, I will have to perform another brute force attack.

There are problems with each of these solutions and I will go about them in the same order.

1. Asking the employees for their passwords could make them feel as though they aren’t trusted and cause a feeling of resentment. It could also compromise the users’ passwords for other accounts which is a complete lack of security.
2. If we state that we are changing the security policy and give the employees new passwords, it is a policy change and they have to accept that. Fortunately that would not compromise the employees’ passwords for other accounts.
3. The brute force attack is costly. What it entails is essentially hacking his own employees accounts on his own server. It takes time to do this and if the employees find out, their trust in the company could suffer. And like the first scenario of asking for the passwords, this may end up in compromising employees’ passwords for other their accounts.

My professional recommendation is to go with option number 2 because it has the fewest security options, is inexpensive and will create the least distrust within the company.

Having a Microsoft Windows 2003 Small Business Server on your network is a great way to increase the security and effectiveness of your small business computer network. It has many options to increase your network security. These options include maximum password life, minimum password complexity, how often you can reuse your passwords and in the event that you forget a password, the administrator can easily reset it. The administrator can’t see the employees’ passwords but they can reset them to something new.

I hope this helps.

Happy computing,
Tim

Biden PC is a Computer Network Consulting Company.

I believe that the most important thing that you can put into your small business computer network to ensure its security is time. Yes, I said time.

Windows Small Business Server 2003 has recommended security measures that should be taken called “Best Practices“. Another measure that should be taken is running MSBA (Microsoft Baseline Security Analyzer) and following the suggestions it makes. Most of these must be done only once or infrequently.

Another feature called the “Server Performance Report” tells you what features aren’t functioning properly and not working as well as who has had failed attempts at logging into your server.

So what does this have to do with time? This report is emailed to you every morning at 6:00 and I seriously recommend that you read it.It takes time (just a couple of minutes) to read it and see who is having password problems or whose account is being hacked.

Hackers and script kiddies (junior hackers) have enumeration tools that can scan a network to find out what operating systems networked computers are running as well as what accounts are on those computers. Yes, they can tell if you’re using Windows XP Pro or XP Home. They can tell if your server is Windows Server 2003 or Windows Small Business Server 2003. They can even tell if you have an account on your server that is still called “administrator” and if the notes designate it as the main admin account.

These tools are dangerous because they can see what accounts are on your server. As a small business, you probably don’t have the funds to spend on a large intrusion detection system. You also can’t afford to have your server to have your server hijacked and your data stolen.

This is where the time and “Server Performance Report” come into the picture. Take the time to:

1. Perform the “Best Practices“
2. Run MSBA
3. Enable password requirements
4. Require passwords to be changed on a regular basis
5. Enable account lockout policies
6. Rename and change the description of the “administrator” account
7. Setup (once) and read the “Server Performance Report” (daily)

If you don’t read the report, it does you absolutely no good and it becomes just another piece of spam… But this one you send to yourself.

Happy Computing,
Tim

Biden PC is a Computer Network Consulting Company.

If you found this post to be informative, consider subscribing to our Biden PC’s RSS feed.

As a computer networking professional, I keep lots of private data on my USB Flash Drive and I can’t have it falling into the wrong hands. I have been looking for a good, quick program that I can use from my jump drive, doesn’t require admin rights on other PCs and is secure.

Just the other day I found FolderLock. It is exactly what was looking for. You have different options on how to use it. You can hide, scramble or encrypt folders. Even the encrypt option, which they say is a little slow, is MUCH faster than the other programs that I found. It is compatible with Windows Vista, Server 2003, XP, 2000, NT, Me, 98, and 98SE and works on all kinds of disk types like FAT16, FAT32, NTFS.

FolderLockhas the ability to use it in free version. It has a short waiting period of approximately 5 seconds before you can enter your password to view your files but this is certainly acceptable. If you do decide to purchase it, the cost is only $35 and you get the advantage of additional options that include Stealth Mode, Hacker Attempt Monitoring, Shred files, AutoLock, Auto Shutdown PC, Lock your PC, Erase PC tracks, 256-bit Blowfish Encryption and Context Menu in Explorer.

Always keep your personal or business data safe.

Happy Computing,
Tim

Biden PC is a Computer Network Consulting Company.

If you found this post to be informative, consider subscribing to our Biden PC’s RSS feed.