Wednesday, September 26, 2007

Chicken Little in the house

In this morning's post, I said Symantec wasn't using alarmist marketing to try to get me to pay for the Norton free trial that came on my machine. I was wrong. As I logged into my machine tonight I found this nice little warning from my Big Yellow friends.


I guess I won't be protected against new viruses, spyware and other security risks. They should have given me a third option. Renew NEVER.

Good news for folks that have purchased Security Mike's Guide. The screenshots for the uninstall Symantec bonus will be done within the next 7 days, since I'll be uninstalling.

Oh Nooooooooo! Norton is about to expire...

I got a fine email from my friends at Symantec last night. It seems the 60 day trial I got on my new computer is about to expire. They're being kind enough to give me a $20 discount. How nice of them.

But what happens if I decide not to pay? Will my machine self-destruct in 60 seconds? Will I all of a sudden be easy pickings for the bad guys?

In the immortal words of Mr. Bill: "Oh Nooooooooooooo!"

To their credit, the message wasn't alarmist. They could have done the typical chicken little marketing approach of telling you the world will end. Of course, it won't.


Now I figure about 50% of the folks out there will just click the link - pay the money and go about their day. Maybe it's 40%, maybe it's 60%. I'm just estimating here. That's why Symantec and McAfee pay so much to the computer makers to pre-load their stuff onto new PC. You call it crapware, but it's really a license to print money.

What about the folks that don't buy it? What happens to them? One group will delete the message and think they are still protected. But they aren't. If the security software isn't updated, then it can't catch the latest attacks. Not too useful. Those folks are blissfully unaware of what is out there.

And the third group, which unfortunately is a small minority, will uninstall Symantec and use some good configuration practices, a layered security defense, and some free utilities to save the $50 and be just as secure. You can be one of that small minority. Security Mike can show you how. Check it out.

Tuesday, September 25, 2007

Apathy is not the answer

I read a lot of stuff every day. It helps keep me on top of the industry and in a better position to advise my customers on what is happening now and what they have to do to defend against it.

Sometimes I read stuff that makes my blood boil because some folks don't understand that the world is bigger than just their microcosm of society. Check out this post on vitalsecurity.org if you want to see apathy at work.

This fine fellow (can you detect the sarcasm?) has decided not to use any kind of security protection because it's just easier to reinstall the operating system and start over. Paperghost (vitalsecurity.org's author) does a good job of discussing why this is a bad idea.

And to be clear, it is a bad idea. The bad guys can use your machine as a spambot. Or they could break into the applications you have running and also steal information from your web browsing sessions (like to your bank or brokerage). It's always bad when someone else has control over your computer. ALWAYS.

The real issue I have is that protecting your information just isn't that hard. It really isn't. Just follow Security Mike's 10 step program and you will be better off than pretty much everyone out there. Even better, you won't have to spend any money on these security tools - I point you towards free ones that work as good, if not better, than those you pay $50-80 a year for.

Check it out at Security Mike's web site.

Image courtesy of Despair, Inc.

Monday, September 24, 2007

Autorun is hazardous to your health

Steve Riley of Microsoft has a good post here on why you should turn off Autorun, which is the function for the computer to take automatic action if you insert a DVD or CD.


Why is this a bad thing? Basically if a bad guy (or gal) installs a virus on the CD, your machine will run it automatically - thus compromising your machine.

Steve provides some instructions to turn it off in Windows (XP and Vista). Not to steal my own thunder, but this is one of the simple configuration changes I'll be instructing you to make on your own machines (both Windows and Mac). This is in Step 2 of the Security Mike Guide.

Just in case you aren't sold, some of you may remember a few years back when Sony got into big trouble for installing a "rootkit" as part of their digital rights management on some audio CDs. Once you popped the CD in, your machine was compromised and it took a few steps (including tuning the registry) to clean it up. I fell for that once myself.

Turn off Autorun. Do it right now.

Smarten up about Phishing

This NetworkWorld article wonders if we will ever learn about Phishing? They are having a conference in a few weeks on that very topic. You won't be attending, so I'll tell you what is likely to be discussed.
  1. A small minority of the Phishers out there are good. So your job is to make sure you don't get taken by the bad guys.

  2. There are attacks coming from everywhere. Even online games. So you have to be careful and always have your guard up. It'll keep you alive.
One thing that is unlikely to be discussed is what to do if/when you do get compromised. There are few (if any) technical defenses to a well-executed Phishing attack. You should be in the habit of monitoring your financial accounts at least daily to REACT FASTER if your information is stolen.

The numbers indicate it will happen to you, so you better be ready. Remember, Security Mike's Guide will teach you the basics of how to detect a Phishing email in Step 7.

Picture source: http://www.flickr.com/photos/ezioman/456991202/

Friday, September 21, 2007

Breach Alert: Ameritrade 6.3 million customers compromised


Another day, another data breach - or so it seems. As part of Security Mike's role to educate the broader consumer audience on how to protect your identity, I'll refer to these data breaches and use the opportunity to reinforce many of the key messages in Security Mike's Guide.

If you want more details, check out Ed Dickson's post on the Ameritrade breach. Ed does a good job covering lots of identity related topics, so I'd recommend you reading his blog as well.

Let's break up the discussion into two main thoughts:

  1. You are an Ameritrade customer - If you are one of the lucky 6.3 million, then I suggest you get on the horn with them ASAP and find out what they are doing to protect your identity. Are they issuing new account numbers? Are they going to pay for a credit monitoring service? Poke them in the eye a bit (they did lose your information, after all) and see what you can get. Also make sure you get more aggressive about your fraud alert and monitoring your accounts.

  2. You are not an Ameritrade customer - Rejoice. It wasn't you this time. But soon enough it probably will be. No one is lucky indefinitely. Not even Security Mike. Take this time to revisit your identity protection measures and ensure they are up to snuff.
This brings up a pretty important point: In many cases, Identity Theft is NOT your fault. Ameritrade's customers had no involvement in this issue. Besides having the good fortune to have an account with them. So it's not enough to just take care of your own stuff, you need to also be ready to respond when your information is compromised.

An even sorrier state of affairs is that this breach probably happened years ago. Which is why CONSTANT VIGILANCE is critical when protecting your identity.

If you don't know where to start, do yourself a favor and get Security Mike's Special Report: 6 Easy Steps to Protect Your Identity. It's only available on Security Mike's Web Site.

Monday, September 17, 2007

Security Mike's Presale

I'm really excited to be announcing Security Mike's Guide to Internet Security. It's a 10-Step process broken up into 3 sections to help consumers protect themselves and their kids from hackers, identity thieves, and other online mayhem.


The product will be delivered via Security Mike's Portal, which will go live on October 15. I am taking pre-sale orders until then and offering a $10 discount, as well as a few bonuses to give you an incentive to jump on now.


You will be able to get the Guide for $27 until October 15. When the Portal launches the price is going up to $37.

If you want to find out more about the program, register on Security Mike's web site and you'll get the Special Report: 6 Easy Steps to Protect Your Identity. This is Step 6 in Security Mike's process and you can get it for free. These are things that EVERYONE should be doing, so register and download the document today.

I also mentioned a couple of bonuses. The first is a little guide on "How to UninsSecurity Mike's Guide to Internet Securitytall Symantec and McAfee (without killing your machine)." Since a hallmark of Security Mike's approach is that consumers don't need to pay for security software anymore, you'll want to get rid of those heavy "suites" that slow down your machine and lighten your wallet. This report shows you how to do that.

The second bonus is "How to talk to your kids about Internet Security." These are pretty hard discussions to have, but it's absolutely critical that you address the issues. This special report will provide some ideas and tactics for you to do just that, in Security Mike's no-nonsense way.

Remember, the pre-sale period ends on October 15. So don't delay. You can save some money and get the bonuses.

Hello World

Welcome to Security Mike's Blog. I'm glad you are here.

You see, Internet Security is a very dynamic business, and it requires constant vigilance. One of the reasons that I wrote Security Mike's Guide to Internet Security is that most people don't know how to even start securing their online environment. They certainly don't know how to stay on top of the new attacks.

So on this blog I will be providing tips, tutorials, and updates on how you can avoid being a victim of the attack de jour. I won't be providing as much detail as I do in Security Mike's Guide or on the Portal, but you'll at least know there is something you need to look into.

There are so many reasons I wrote Security Mike's Guide that I don't know where to start. So I won't. I'll be announcing the product in a bunch of different venues over the next few days. So I'll be linking to those posts, which will give you a better feel for what I'm trying to accomplish with the Guide and who it's meant for (and who it's not meant for as well).