Microsoft Windows Archives - Smeester & Associates - Denver, Colorado USA

Category Archives for Microsoft Windows

Improve Your Password Security

Many red opened locks around one closed blue lock

Sometimes it is the simplest or most obvious things that can be easily overlooked or taken for granted in life. The IT space is no different and many of the most basic elements, like password management, can often times be overlooked. While it’s not the sexiest of topics, passwords are something we use everyday and should be at the forefront of any security plan.

Passwords are the first line of defense against malicious activities in the digital space. We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess. However, the actual execution of these recommended practices is often lacking. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. As a managed services provider, it is imperative to ensure that your clients are employing some simple, yet highly effective tactics to keep the bad guys out of their information and IT systems.

Hackers’ Tricks

Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these folks use to crack the password code and get the proverbial “keys to the kingdom.”

  1. Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
  2. Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
  3. Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
  4. Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing.
  5. Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a gas station (debit card PINs are vulnerable).

Password Security Tips

So what is the MSP or client company to do? Educate employees on strong password practices. There is simply no-way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.

Some best practices to be teaching customers and employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’

Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. Here are some of the web’s most common passwords – and what they say about you as a person.

What else can be done? Here are some “do’s” and “don’ts” for password safety.

Do:

  1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
  2. Keep corporate and personal passwords separate.
  3. Change your passwords often (ideally every month)
  4. Always log off your computer or lock it when you leave it for any period of time

Now some don’ts:

  1. Don’t write passwords down or store then in the office
  2. Don’t store passwords on any device
  3. Don’t give passwords in emails or IMs
  4. Don’t give your manager your password
  5. Don’t discuss passwords with others
  6. Don’t use remember password function in applications
  7. Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed

After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilizing these recommended practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you and your clients from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your clients.


For Slow Windows XP PC’s Update Svchost and Windows

Man Sleeping at His Desk

As Microsoft winds down its support for Windows XP, those who are still using the twelve-year old operating system are attempting to stretch out every last bit of life left in it. One of the problems that many have noticed is that their XP machines have slowed down significantly.

Before we take a look at why and some fixes that are available let’s be sure we are all on the same page as to the future of XP.

From Microsoft’s website we read:

Microsoft has provided support for Windows XP for the past 12 years. But now the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences.

As a result, after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC.

Just so we are clear, no matter what your position is on XP (and if you are still using it you are likely convinced it is a workhorse) there will be no more support as of the beginning of April.

Microsoft has recently announced an extension to this deadline; they will continue to provide updates to their antimalware signatures and engine for Windows XP until July 14, 2015. This extension is only intended to help organizations complete their migrations away from XP, but there will be no new Windows updates for the aging operating system.

What to do about the deadline

Regardless of this extension, there are still some things that can be done to impact the performance of your XP machines even today.

XP users have noticed significant slow downs as of late. Upon booting up it slows to a crawl with svchost.exe utilizing anywhere from 50% to 100% of your CPU time. Normal operation of the machine eventually comes back but it requires the patience of Job and today’s business environment doesn’t always allow for this kind of wait time.

What’s the reason for this slowdown? Well, with age in the computer space comes many, many updates. XP keeps getting smaller and smaller in the rear view mirror and, as a result, Windows Update can be a bit cumbersome to say the least. In short, the algorithm used to identify which patch your machine needs has more work than ever to do. Windows updates are cumulative and as the number of patches has grown over time, the list that Windows is checking against has grown significantly. The result is a much slower experience on an XP machine. Simply put, your XP machine has fallen pretty far down the line of patches, making it more difficult to ensure you’re current with the latest patch updates.

How to improve performance

So what can be done to improve performance? Currently, Microsoft says that fixing this is their “top priority”, but there is no estimated date for their next attempt at resolving this lingering issue. A quick check of the calendar and the rapidly approaching end of support date might be an indication that the words “top priority” might read well, in practice it’s a ‘not so much’. With that in mind you may want to do something yourself. You could install the Continuum agent software to do the patching for you or you can disable the Windows update completely. If you are seeing improved performance as a result of these moves then you know what is causing the slowdown. That said, you are now faced with running machines that have an OS approaching end of support life from the manufacturer. At that point, you may not have a choice but to move ahead and make the necessary adjustments.

This may be the best course of action either way. Michael Goldstein, President and CEO of LAN Infotech, a Florida based Microsoft channel partner, said in an interview that the recent extension by Microsoft has given his customer base a false sense of security and a reason to delay migrating off Windows XP. “I’d be happier if they stuck to their guns with the deadline. In reality, XP users are going to have to move off. Extending antimalware updates only solves a piece of the security puzzle,” says Goldstein. Although Microsoft has extended the deadline, Goldstein suggests that it’s better not to delay your migration off of XP, given that it’s a dying OS.

Of course, we all know that this is part of the plan that Microsoft is using to get people to move to Windows 8.1. No surprise there. What XP users are now faced with is the decision of how the will move forward.

Is this an issue for you? What are your plans moving forward? If you have customers facing this dilemma how can you help them gracefully enter the present computer age?