Category: Security

The Best 3 Free Tools for Desktop Support Professionals

Paul2 Replies

Display Driver Uninstaller

Display Driver Uninstaller (DDU) is something that every desktop professionals should have mainly on computers that may have Graphics cards that are required for the job such as Nvidia or even AMD cards.   You will find that every so often some driver updates causes a problem and this is a very good tool to uninstall the driver completely.     I will say this is open sourced and is very good for every day support when you might need to use this little utility for just those occasions.   You will find this free tool will be used more and more and you can even keep it on a USB drive as a way to use it offline when you need to do use it.   It’s very small and won’t need a big USB drive but this is only one of the few that you might have available to use on your USB drive.

Portable Apps

Portable Apps has so many portable applications that it would be hard to talk about all them.   However there are several that I will talk about that you can install on the USB drive.  Depending on the size of your USB portable drive you have will depend on what you might want to install on the drive.   However if you have a big enough USB drive, you could in theory install all available applications from Portable Apps and then you would be set.

  • Revo Uninstaller Portable — Great for those pesky programs that might not uninstall all the way or when something goes wrong with uninstalling programs.
  • HackthisPortable — Good for looking for viruses, and Trojans that might be on the system and gives you a run down on what might be running on any given system.
  • McAffeeStingerPortable and Kaserpky Task killer —  These are great apps for programs that you have issues with when they want to keep running even when you need them to not be loaded or running on a system.
  • CPUZPortable and GPUZPortable — great ways to find out even more about finding out what drivers you might need for GPU and looking at what type of CPU might be on any given system.  In case you needed to know.
  • Microsoft Safty Scanner — Great portable app that you can use on any Windows system in case you might have a Virus infection and is being blocked from being download or run locally.
  • CCleanderPortable —  Another great applications to use to clean the registry and other places in Windows that might be causing problems and helps fix some of the registry problems you might have.

As you can see there are several portable apps you can install on any given USB drive and have ready at moments notice if you ever need it.  So this is great tool that you can use for what ever you might come your way.

WinDirStat

WinDirStat is something that helps me find what might be hogging a system drive.  It is great and showing graphically what could be taking up the space of a hard drive.  It is portable and can be put on USB also but can also be download and used for many different reason but mostly when you need to find out why the hard drive is so full and how what you can delete to create space.  So this is something most Desktop Support people will use at one time or another.   I have used this several times in the past to find files that can be deleted, you just have to be careful what you delete and never touch anything in the Windows Directory or Program Files directory unless you want the system no run properly when you reboot.

These are what I have on my USB just in case I need them but these are only a few of them because there are even more tools that I use when I need them however this would start you on the right to having a powerful USB drive when you might need it.   Do you have a favorite tool that you want to let everyone else know about?  Why not leave a comment and tell people about it.

Don’t forget to subscribe to keep updated on any new posts.

 

 

The Prevailing winds of the Lastpass Breach — How it affects you!

Paul

hacking, cyber, security, hacker, technology, web, coding, internet, face, mask, identity, hack, virus, danger, protection, anonymous, code, crime, criminal, firewall, illegal, password, spy, stealing, thief, illustration, font, graphic design, art, graphics, clip art, Free Images In PxHere

Photo by mohamed_hassan from PxHere

Understanding the Lastpass Breach

Let us be clear about this, people really don’t truly understand what is going on with this breach.   It however will not stop the threat actors from taking control of your data if they get a chance.   This means they will go after the websites you will visit or maybe impersonate you in some way to get the access they are seeking.   Either way it isn’t like we can just sit back and do nothing.

“It is possible to crack those passwords,” Melissa Bischoping, director of endpoint security research at Tanium, said via email. “Instead of running the math to determine how complex your password would be to crack with modern equipment, it’s best to go ahead and do some credential hygiene.” — CyberSecurity Dive

Credential hygiene is necessary in our day to day routines because it helps stops theft of our accounts and our personal information.  However that doesn’t that the Meta data associated with your vault was encrypted, in fact it wasn’t and can be used to exploit this issue.   So even if they don’t brute force yoru password vaults, they can do fishing or means to get the access they are seeking so they can get even more information about you to use against you.

The Lingering effects of Password Managers

Password managers are a necessity in today’s time because of the all too common breaches.  Even if Lastpass wasn’t breached, some other site or sites would of breached and you’d still have to change your password or add multi-authenticator access to prevent any authorized access.  This goes without saying, we will see other breaches and it will not just be Lastpass.   Sooner or later some other Password manager will be a target and we will see this again but that shouldn’t deter you from using a Password manager it is the one tool we will always need to create even better Passwords than we could by our selves.    Although Many in the Security field are advicing users to go to another Password Manager.  I too have not like the taste of what Last Pass has done.  They way they made it sound less important that it truly is but that just might be because they’re lawyers got involved.   Either way I will suggest three things to better help you even if you keep Last pass.

  1.  Check your interations and make sure you have them high.   I think the minium we should have is over 500,000 interations to make sure they can’t be hacked the next time as easily.   Also if they are low, now is a good time to bump them up even though it makes you more of a target right now.  This will help in the future, in case there is another breach.
  2. Change all your imporant sites passwords, don’t just wait to get hacked might as well go through and see which sites you are truly using right now and go ahead and change your password and if you can add an authentication method to help protect you incase there is another hack down the road.
  3. Create a new masterpassword which isn’t anywhere close to what you have now.  If you can create your own acronym with a minium of 12 digits that would help. (What is an acronym?)  I suggest not using the most common acronyms but creating one that you can only remember and use that.   It may take some time but it could be something you have to say everytime you type in on your computer, just don’t let everyone else hear it.

Those Password Managers

Finally, let’s talk about your choices in this matter. Even though I talked about this in the previous post, we should at least look at the ones that might want to go another service.  Here are a few of them that I saw around the internet:

  • Bitwarden  — This is the one I perfer to go to because it is so opened sourced and you have several options to choice from.   It is where a lot of people are going right now after the LastPass Breach, I am sure of it.
  • 1Password —  This one I only know about through what i’ve heard.  I’ve heard good things about this but there are not many options to those who are wanting free.   This is good because they’ve been in this for quite sometimes.  I’ve heard of this company for MANY years and still has some great value to give to their users.
  • Dashlane — I’ve never heard of this product but it comes highly recommended by other because of how security focused they are.  You will have to pay a yearly subscription fee and there is only a demo version that means you do not have a free version.
  • Roboform — I’ve talked about Roboform way in the past and still it was a very useful password manager when I was using them 10 or so years ago.  So they must ast least be doing something right to still be in the business.   I haven’t explored them lately but I might just do that again to see how they are doing.

As you can see you have several choices to choose from if you decide you want to get away from Lastpass but ultimately you will have to decide what you want to do.  I am still going to possibly go to Bitwarden because of the open source or I might go back th Roboform if I can find my license that i had with them in the past.  I haven’t really decided I think Bitwarden would be my best choice because I know people can look at their code and help keep my passwords secure.   Are you planning on changing or staying with Lastpass?  Who will you be going to if you are going to change Password Managers?  Why not leave a comment and tell me your options.  I’d love to hear them and find out exactly what you are thinking about this LastPass breach.

How Keyloggers work and why you should worry!

Paul

keyloggers

 

The History of Keyloggers

Keyloggers have been used ever since the dawn of computers.   It used to be a problem even in DOS(Directory of Systems).   If you haven’t used Dos that is normal, it hasn’t been used for years and years but it was still was a problem.  What are Keyloggers?  Well, to put it in a way that even those who might not know about computers will understand, is a program or app that will watch everything you do, this includes everything you might say, might type, and then report back to the person or organization who created the keylogger.   If your phone was infected they could use the keylogger to even know your GPS location and you would not even know it.   This is where it has gone in the past and I am sure it will get even worse in the future because of all the IOT(Internet of Things) we have being used to control our Fridge, or even our thermostat.

The Information gained by a Keylogger

Even today, we should be watchful of who might be looking over our shoulders.   It is even more difficult to do that in security because Keyloggers will tend to hide in the background and not show signs that you have a problem on the system or systems involved.  The information a threat actor might gain from using a keylogger is tremendously valuable.    I don’t say that lightly either, when a threat actor gains control of a system and wants to gain access to something even more secure this is one of the ways they can get the information needed to gain access to that really important documentations.   They can sit on a system for weeks to months without being noticed and gaining valuable information such as passwords, account information’s from banks to email addresses, Even your Social Security Number and even what websites you might of visited while the keylogger is installed on your device.  This is just a small part of how much information a keylogger can gain just by being on a system.   They can learn habits of the user, if you visit a site at 12:13pm almost exactly each day, then they will know what you are doing on your break or what you do at night if this is a system at home.  They could even know your location just by having a keylogger on your phone and be able to track you through the day to figure out your habits.

It’s not a victimless as you think

No matter how many times you hear of keyloggers, you probably don’t realize just the truth of the matter.   That the reason to install keyloggers into a system is for money, extortion, or blackmail.   These are just a few of the reason why a threat actor would do this.   They’re doing this usually for money but not always they will do this to make a statement or gain access to information.   This is where the value of keylogging comes into play, anything a user does can potentially show valuable information from black mailing someone because they are visiting sites we shouldn’t be visiting for pleasure or to get the information needed to impersonate someone to gain access or ruin someone’s credit.   All these can bring shame to the victim and make it even harder to survive.   This is one reason security has always been one of those hit or miss areas in IT.  As soon as we find the program, infection, or worm, they go about coming up with new ways to do it all over it.   You see we are always trying to analyze the structures of the programs they create and find them in the wild.    So as soon as we know about the program they have to change the program to be able to do it again on some other systems.

The Failures of Board manufacturers and Windows 11

Paul

Motherboards Diversity / SML.20120917.164110.IP3

Motherboard BIOS

Don’t try to understand the system but rather see it as a broke system and try to fix it. When Windows 11 came out, you can bet everyone who was wanted the next version of Windows wanted it so they can test it out.  The real problem is Windows 11 made every one get into their BIOS and figure out what needed to be turned on.  Motherboard manufacturers each have their own way of creating the BIOS settings.   They like to call it something you might not know about or even want to try to understand.   Just like enabling TMP can be hard to find since Intel and AMD uses different wording such as PTT (Intel Platform Trusted Technology) for Intel and fTPM (Firmware Trusted Platform Module)  for AMD.  Even this can be frustrating for even the most seasoned IT guy.   There is so many Mother Manufacturers out there, from MSI to ASRock. according to Wikipedia there is at least 7 to 15 different manufacturers of Motherboards.   So each one will make the Bios Menu’s just a little bit different.  It can be quite hard to figure out where you might need to go to enable something or disable something in bios.

The Failure of all parts

It isn’t every time I see Microsoft releases a new OS that I wonder just how much the consumer will suffer from the new systems requirements.    Most of the time the requirements were not that big of a deal but with Windows 11, we now need to enable TPM and Secure boot for systems that may or may not have the requirements to run Windows 11.   This to me just seem an arbitrary requirement because we’ve seen people run Windows 11 on a system that doesn’t  have  a TPM.   Microsoft says this is for security but I can’t see this being for consumers.  I’ve talked about how Windows 11 will fail, and I still think this will happen eventually once people see If Windows is worth upgrading.

The PrintNightmare

With the recent Windows updates the last few weeks has caused more pain for Microsoft.   Since most people who are having problem probably have to buy new printers and those old printers are probably going to the waste side.   Even manufacturers aren’t going to update their drivers for old printers.  Microsoft likes the idea that people will need to buy new printers and maybe even new systems for that Windows 11 OS.   They make their money by people upgrading their systems and getting a new Windows 11 key or even a new system by Dell, or some other OEM.   Every computer technician is having to work harder for people who might want to install Windows 11.  Even then the process of install Windows 11 is not something that can be done very quickly depending on how big the HDD you are going to be converting.

What is to come?

Some people are not going to install Windows and maybe will wait to see what Microsoft does.  We’ve already seen a comparison from Windows 8 to Windows 10 and you know how well Windows 8 didn’t work out well.   Some are probably going to install another OS that won’t require people to have some stringent requirements like Microsoft.   Are you going to Install Windows 11 or are you waiting like I am because you don’t want to worry about all the security requirements to install Windows 11?   I’d like to hear your ideas about Windows 11 and or what your will do in 2025 if they still require all these things.

Is it worth upgrading to Windows 11?

Paul

Windows 11

Windows 11 is now Available

Microsoft releases Windows 11 last week and people all around have had their opinions from it’s good to not so much like I have said.   It just isn’t worth it right now to upgrade.   You have to worry about encryption of the HDD to having a TPM installed on your system.   All these requirements doesn’t mean it is any safer than before.   I know that Microsoft is preaching how this will help increase security in their OS.   I personally think it is just a lot of hot air, any security that they might think will help, will eventually have some hacker or virus get around.   It is a good idea for the short term but maybe no in the long term.    We’ve seen blogs talk about how it isn’t worth it and others where Microsoft talked about all these things that will come along but have yet not even seen anything on Windows 11.

Upgrade Woes

Even if you wanted to upgrade, you still have to go through a lot of system preparation for you to even upgrade to Windows 11.   You’ll need to enable TPM if you have it and also you will then need to make sure you have UEFI enabled.   This also makes you to turn your hard drive partition from MBR into a GPT to be able to use Windows 11.   This a lot of system just to use Windows 11.   I am hopeful that Microsoft will release a good tool to help you with this issue because I am sure most systems don’t even have GPT being used in Windows 10.   Microsoft has said in the past that you can avoid some of this if you install Windows 11 on a new system because you don’t have to encrypt your hard drive or use TPM.   So downloading Windows 11 might work for some of you but I am little hesitant due to Microsoft saying that may not support them in the future but I don’t see this being the issue because of the security risks involve.

Should you upgrade

This has been the question for most people around the world.   I’ve seen people wonder if they should upgrade.   I say probably not right now, due it being so new.   There are still problems and nothing is that compelling to install Windows 11 unless Microsoft brings on something so compelling that you will want Windows 11.   If they supported DDR5 and helped make the system faster, I am sure it would be something that might compel people to upgrade to Windows 11.   I am sticking with Windows 10 ]until I have to consider upgrading or installing a Linux Distro.   I am going to say just wait and see what happens in the near future.   Only you can really know for sure if you should upgrade.   Are you going to upgrade or are you going to wait?  Why Not leave a comment and tell me what your thoughts are about Windows 11.