While I thrived throughout the earliest years of raising my two boys, I am beginning to understand what my parents and other elders have said all along about daughters being different. This past fall, my daughter turned three and she is now at the stage where she likes to ask “Why Daddy?” or “What?” after everything we say to her. Just today as I was driving her to dance class (or “Creative Movements” as it is officially titled), I told her that that when we get there we’ll need to hurry up and get her ballerina shoes on. Her response: “Why Daddy”? I explained that we were running late, and to that explanation I got another, “Why Daddy?” We ended up making it in plenty of time; however as soon as she got into her class I was bombarded by other parents asking me computer related questions. It soon dawned on me that all of these “who”, “what”, and “why” questions from my daughter and fellow parents were actually cues for my next article.
I’d like to come at you from a different direction this month. Because currently there are many hot-topic questions in the technical arena, (and also as a tribute to my 3-year old little girl’s inquisitive stage) I’d like to chat with you in a question and answer format. We’ll focus on today’s hottest security topics: Heartbleed and Windows XP End-of-Life. I realize we have touched on Windows XP before, but with public confusion and uncertainty (and the barrage of questions concerning these topics I got today), I think it’s also worth revisiting.
Question: What is Heartbleed?
Answer: Heartbleed is a security flaw that affects servers that use OpenSSL, a popular data encryption standard.
Question: Why should I be concerned?
Answer: The Heartbleed bug provides a serious threat to the public because it provides hackers with the ability to steal large amounts of personal data (including username and passwords, credit card information, etc.) from secured servers, such as those used by social networking sites, banking institutions, online retailers, etc. Initial estimates show that Heartbleed has affected an estimated 500,000 servers across the world. If you’ve used or created accounts on Yahoo Mail, Google, Gmail, Facebook, Dropbox, Amazon, Instagram, Pinterest, Netflix and Flickr to name a few, there is a good chance your account information may have been compromised.
Question: What can I do?
Answer: Most of the responsibility for dealing with this bug falls on the shoulders of the network administrators who own and operate the affected websites. However, one preventive step you can take is to change all the passwords you are currently using online. Even if a website that you’ve created an account on claims they are unaffected, change the password at any rate because often times we’re using the same login credentials for multiple sites and cybercriminals are aware of this. The practice of changing passwords is a good one anyway, and make sure when changing these passwords to create them unique and strong (at least 8 characters with a blend of numbers, letters and special characters). If you change your password from “password” to “123456”, you’re probably not helping the situation. Another word of advice would be to stay alert for phishing emails. Given the severity and broad scope of the Heartbleed bug, in combination with the influx of email warnings by corporations suggesting immediate password resets, as well as the panic-postings that are currently flooding the Internet: we can expect virus writers and hackers to capitalize on this golden ticket opportunity. Users are going to be expecting and waiting on these emails from their service providers and cybercriminals know that as well.
Windows XP End-of-Life
Question: What was Microsoft’s announcement regarding its Windows XP Operating System?
Answer: Microsoft announced that after April 8, 2014, it will no longer provide security updates or technical support for Windows XP. Without critical Windows XP security updates, PC’s may become vulnerable to harmful viruses, spyware, and other malicious software that can steal or damage your data and information.
Question: Does that mean that after April 8th, 2014 I can no longer use my Windows XP computer?
Answer. No. The Windows XP Operating system isn’t going to suddenly remove itself or lock your system. Your computer will continue to work indefinitely. What are expiring are the security updates and critical patches.
Question: Why hasn’t my church or school already upgraded all their systems from Windows XP to Window 7 or the latest Windows 8.1 platforms?
Answer: There are many different reasons but here are a few:
Financial Investment- it can cost anywhere from $85.00 to $135.00 to upgrade each system network-wide
Time Investment – it is extremely tedious and time consuming to upgrade each system running Windows XP to a later version of Windows, as it requires a complete reinstallation of the operating system and all of the installed software programs. Resources to do such a conversation may not be available.
Network-wide Compatibility and Stability- in many cases older systems still running Windows XP do not have the system specifications required to install newer versions of Windows. (memory, hard drive space, etc.). Additionally, some software programs installed throughout the network and still being actively utilized may not yet be compatible with Windows 8.1. Newer versions of the software program may need to be purchased (adding to reason #1 & reason #2) in order to gain Windows 8.1 functionality.
Question: What if I or my church can’t financially afford upgrading our computers at this time?
Answer: While no 3rd party program can guarantee 100% protection, here are a few things that can minimize your exposure to the future risks associated with running no longer supported Windows XP systems.
Install an aggressive antivirus application and keep it up-to-date. May I suggest Thirtyseven4 Antivirus? (www.thirtyseven4.com)
Maintain a gateway security solution that contains a firewall, content filtering, etc. There are also good client-side applications available if a new gateway solution isn’t possible. For example, the latest Thirtyseven4 Endpoint Security solution is client-side but does offer full firewall, application control, device control, web security, intrusion detection and prevention and much more. At the least, make sure that the firewall option is turned on in the Windows XP operating system
On your Windows XP systems switch from Internet Explorer and Outlook to alternate web browsers and e-mail programs that will be patched after April, such as Google’s Chrome, Firefox, Gmail, etc.
Regularly backup locally created and stored documents to an external hard drive or network share.
Use common sense.
Heartbleed and the Windows XP situation leave a lot of us asking as many “why’s” as my 3 year-old. And in similarity to my answers for her: some are black and white, and some of those answers are much trickier to arrive at. Both topics require caution, however, and I encourage you to update passwords often and be ever vigilant about what you click to open. As a national virus expert, I know that so much is lurking beyond what we “see” in a URL or a pop-up. Being on the offensive with strong antivirus protection is a great place to start. And just as in parenting: I encourage you to be patient and thorough on your machines, and your vigilance will pay off.