Intel-Risk-Inside

Intel chip vulnerabilities

Intel computer chip vulnerabilities the story so far

Anyone who relies on a Mac or PC for work, which is most of us nowadays, will have been horrified when news broke early in January that Intel had discovered a flaw in the chips it manufactures.

Potentially, this meant that every machine fitted with an Intel chip for the last 20 years or more could have had security vulnerabilities, although there is no evidence that anyone has so far tried to exploit them.

Nevertheless, the fact that this became known, will have worried users, not least because they were likely to be affecting nearly every operating systems and device. Apple, for example, confirmed that the issue affected all its products from Macs to iPhones and iPads.

Toshiba, Dell and HP, Microsoft, Apple started to rush out patches, and some had apparently been working on patches for operating systems at least six months before the news of the problem broke.

But then other problems began to emerge when users installed them.

They were implicated in spontaneous and unexpected machine reboots, and also in slowing machines down, sometimes by as much as 20%.

Most recently, on January 23, Intel issued a statement advising people to no longer apply the patches.

According to a BBC news online report “Intel spokesman Navin Shenoy said it had been investigating why the earlier patches caused “higher-than-expected reboots and other unpredictable system behaviour”.

It added that Intel said it now knew what caused these problems and was developing fresh patches that would work better. The company’s own investigations showed computers slowing down between 2% and 25%.

Technology specialists doubted that there would be a new, improved patch anytime soon, so it’s definitely a case of “watch this space” for developments and hold off from installing the currently-available patches.

Apple-losing-its-edge

Is Apple losing its edge?

Apple laptops and desktops are often the favourite hardware for businesses, partly for quality and partly because they have always been seen as largely hack-proof.

But a recent problem has caused some technical writers to question whether the “big A” is beginning to lose its edge.

A flaw was discovered in the most recent version of MacOS High Sierra, that enabled anyone to enter the machine without a password.

The bug was discovered in late November by a Turkish developer, who discovered that entering the username “root” and leaving the password field blank, hitting “enter” a few times, he could gain access to the machine.

The vulnerability, which fortunately could not be used remotely, could give someone with root access more powers than a normal user, for example to read and write files to other accounts.

More seriously a superuser with root access and with malicious intent could have deleted crucial system files, rendering the computer useless – or install malware that might be undetectable to typical security software.

Apple issued a temporary workaround by allowing users to set a root password while it fixed the problem.

The instructions are here

However, according to the tech publication WIRED, there were more problems when Apple rushed out a patch, within 18 hours, and users discovered that the “root” bug returned if they updated to the 10.13.1, version.  The machine had to be re-booted for the patch to work, but Apple had not included this in the instructions.

Slow-Broadband

Broadband speeds are not what they’re claimed to be?

Broadband speeds are not what they’re claimed to be

A new survey by Which? has found that more than half of internet users are getting broadband speeds that are up to 62% slower than their providers claim.

The Which? figures taken from more than 700,000 consumer speed checker tests and compared with information collected in 2016 by Ofcom, found that in in 52% of local authority areas, people are recording median speeds that are at least 10 per cent slower than the median speeds estimated by providers.

Moreover in 35% of areas speeds are up to 20% slower.

The list of regions with broadband slower than the recommended 10Mpbs includes Ryedale, Purbeck, West Devon and Powys. While, along with Tamworth, Reading, Luton and Enfield get some of the quickest speeds.

Which? MD of home services said that in some locations “there can be a big gap between what people may expect versus what they actually experience in their homes”.

He questioned whether customers were really getting the service they were paying for.

It is timely, then, that Ofcom has recently announced that customers are to be automatically compensated by providers for delays in fixing problems with landlines and broadband, including for slow repairs, missed appointments and delayed installations.

Under its new scheme, to be introduced in 2019, customers will automatically get £8 for every calendar day on which the service is not repaired, after two full working days. They will also get £25 for an engineer missing an appointment or cancelling with less than 24 hours’ notice, and £5 for each calendar day without service after the day they were promised a provider would start that service.

Although the compensation does not cover slow broadband speeds, the Ofcom ruling is a welcome step in getting providers to improve their services to customers.

High Sierra before you update

Before updating to High Sierra, what to know

Apple’s new OS system

Many businesses will use Apple computers believing that the technology is far superior and less vulnerable to hacking and viruses.

However, reviewers of the latest version of the operating system, MacOS High Sierra, warn Mac users to wait a while before installing it and to make sure they do an external back-up before they begin.

According to The Independent tech reviewer Andrew Griffin, in late September, there are two main reasons to wait a few days before installing: “the risks are much higher and the rewards are much less interesting.”

The danger is that in installation, he says, cherished pictures and other data could be lost, and this will be a catastrophe if the installation is on the owner’s main computer.

The High Sierra system has completely revamped the way files are stored with the intention of speeding up some computer tasks. But the question is whether the new system is quite glitch-free.

MacWorld’s Dominic Preston has compared the High Sierra Version with the previous Sierra version and concluded that it isn’t “the most exciting” MacOS upgrade.

On the subject of the revamped file system MacWorld’s review says:

“First of all, copying files and finding the size of files and folders should now be near-instantaneous, the sort of small improvement that will add up over long-term use.

It also helps keep files safe thanks to built-in encryption, data protection for power outages and system crashes, and simplified data backup. It’s also compatible with HFS drives and data so you shouldn’t lost anything during the upgrade – though we’d still always recommend a backup first.”

There have been tweaks to Safari to prevent auto-playing videos and include tracking prevention. There have also been tweaks to mail and messages.

Preston’s conclusion is that there is little reason to not upgrade to High Sierra, but he, too recommends a back-up just in case.

Faster-broadband

Do you need faster broadband?

How crucial to your business is a faster download speed?

It may be in the interests of Internet service providers to increase their revenue by encouraging you to upgrade to a service that gives you faster connectivity and download speeds, but it is wise to do the research before committing.

Firstly, it’s about bandwidth, expressed as Megabits per second (Mbps).  The larger the bandwidth, the more and faster data can be moved.

Secondly, it is about the purposes for which you use the internet – whether it is downloading movies, using VOIP to make conference calls between different parts of your business and with customers, or simple email communication and internet browsing.  Does your business have to regularly upload large files?

For example, it can be a problem if VOIP calls are constantly breaking up or interrupted when the participants are in the midst of an important discussion or negotiation.

Having defined the purposes for which your business uses the internet the next step is to check on what bandwidth your internet service provider (ISP) is offering, in theory and in practice.

Why might you want to check your bandwidth?

It may be that you think, or suspect, that you are not getting the bandwidth you’re paying for, either on purpose or because something is wrong. Signs may be web pages taking a long time to load or the VOIP example mentioned earlier.

Perhaps, also, you want to check that the internet speed is adequate for a service you are considering buying.

While there are plenty of online free services to test your download speed, it is a good idea to use the test offered by your ISP.  You should do several tests over the course of a day and take screenshots of each, identified with date and time.

This will give you the evidence you need if the service you are paying for is not as good as you have been promised and you want to challenge your ISP.

However, there are other variables that it is worth bearing in mind that can affect internet speed. This is why ISPs always promise speeds of “up to” stated Mbps. The service is being shared with other households and businesses in the neighbourhood and the factors that will affect it include how may users are online at a given time and, within a company where there will be multiple users, how many people are using the system, and for what operations, at the same time.

Only once a business has gathered all the information, defined its internet needs and done the checks will it be in a position to decide whether paying for faster speeds is going to be viable and necessary.

how-to-avoid-email-phishing-scams

How to avoid email phishing scams

According to the security software provider Malwarebytes 33% of businesses have suffered a ransomware attack in the last 12 months.

Their research also revealed that 20% of UK businesses feel they’d have no chance in stopping a ransomware attack.

But actually, there is a lot that a business can do to protect itself, especially since the majority of approaches designed to either get the recipient to share their personal bank details or to install malicious software that locks the machine until a ransom is paid.

Emails that appear to come from a bank, from HMRC (HM Revenue and Customs) or from well-known companies, even social media accounts like Facebook, often either alert you to a problem, such as a suspended account, or to your being due a refund.  The giveaway is that invariably the message will include an invitation to click on a link in the email.

The main thing to be aware of, apart from the obvious one that you may not in fact have ever used that particular organisation’s services, is that in general neither banks nor HMRC will contact you via email with such information.

Unless you have specifically set up e-mail communication with the bank or other organisation an obvious giveaway of a fake is that it will not detail account numbers but also full names and may also contain spelling mistakes or grammar oddities.

Firstly, businesses should make sure every employee is alert to the possibility of emails being fake, regardless of how authentic the branding may look, and make sure they never click on any links contained in a suspect email.

If you have any doubts, the first thing to do is to hover the cursor over the alleged sender’s email address without clicking on or tapping it.  It should reveal the detailed address, and that will usually be enough to make you suspicious.

Your can do the same with any link in the email you are invited to open. If you are still unsure, log on to the organisation’s website from elsewhere, NOT via the email and check what it says about communications security and any specific alerts mentioned in the email.

Alternatively, if an email appears to come from an organisation with which you do have dealings it is always worth a phone call to check whether it is authentic.

Finally, report or flag the email either to your email provider or the organisation named in the email and alert them to the attempted scam.

what-your-developer-needs-to-know

What your website developer needs to know

Potential clients or customers generally expect a business to have a website and when they are looking for a product or service it is likely to be their first port of call.

Not only that, but these days, particularly in the UK, they are likely to be viewing it on a mobile phone or tablet, rather than a laptop or PC.

So, a website needs to be constructed and designed to be responsive (easily viewable) across all these. These days, website developers and designers will almost certainly build a site with this in mind.

Similarly, to be acceptable to browsers such as Google and Firefox, a website needs to be secure, as in https: not http.  Again, developers should know this and will need to buy a SSL (Secure Sockets Layer) certificate from an authorised supplier to make the website safety compliant.  The SSL provides secure communication over a computer network.

You should also clarify who owns the copyright of your website design to prevent any problems later and ensure that a cookie policy as well as a proper privacy statement are included, both legal requirements, especially if you are going to ask people to sign up to get access to information.

It may be worth checking with your developer that these features are part of their service, but the developer will also need input from you to do a decent job.

Before you talk to a developer

If you want a design that stands out rather than looking like those of your competitors it is a good idea to do some preparation work before you talk to the designer/developer. This will help you give them the information they will be looking for when they visit your website.

Firstly, you should have a customer profile – a description of your ideal client, their tastes and preferences, their ages, lifestyle, professional level and so on.

Everything should be written from the website visitor’s point of view, defining their problem first before showing how your business can solve it. Work with a professional content writer if this sounds like too much to do on your own.

What your developer needs from you

Either you, or your marketing/content writer should put together a design brief, which will detail your budget, how many pages the site needs and their titles, whether you will supply pictures (always better than stock pictures), perhaps also including examples of websites that you like (and dislike). You will also need to provide images of your company logo and details of your corporate colours.

Do you want to be able to add to and update the site yourself?  In that case you will need a CMS (Content Management System) and guidance on how to use it.

Website developers will generally expect you to supply the words. They will also want guidance on the pictures, preferably original ones that you own rather than stock pictures.  That way you keep copyright of the information but it also helps you to define what pages will be needed, covering what subject matter. A basic website generally includes home, about us. Services/products, testimonials, blog/news and contact pages.

Remember, the clearer you are about what you want your website to look like and contain the easier it is not only to get comparable quotes but also for the website builder to discuss with you what is possible within your budget and to provide you with something that fits your needs.

Before choosing between developers, look at examples of their work and remember, cheapest is not always best. Once you have chosen the developer and agreed terms it is always best to get these details agreed and confirmed in writing.

The first decision is whether you intend to update your website yourself, write and load your own blogs or products.  If so, you will need the website to be built with a CMS (Content management system).  Does the developer provide either an instruction document or training to help you get familiar with it?

Most developers will offer some sort of support or aftercare package, which includes hosting, taking care of security updates, perhaps ongoing SEO work and may also include adding new content or changing existing words.  They will charge a monthly fee for this.  You need to know what services are included and whether there are options, such as a basic package (eg hosting and security) and a higher level package.  You also need assurance that if your developer is going to be adding content for you they will do so promptly.

Other questions to ask

Copyright – some website owners have found when they want to move to a new developer or host that the original developer is blocking them, claiming that they own the copyright to your website.  You must clarify this when negotiating the initial contract.

Cookie policy, these days legally websites must contain information about whether they use “cookies” which are pieces of code to gather information about visitor activity and must offer an option to opt out. Make sure you discuss this with your developer.

Online-security-is-a-must-for-businesses

Online security is a must for businesses

Businesses should be much more aware of online security after last month’s WannaCry ransomware cyber-attack attacked 200,000 computers in 150 countries, causing chaos for the UK’s NHS.

So many businesses these days rely on their IT systems for record keeping and for communications that it makes sense to do everything possible to keep them both secure and running. Ransomware attacks can take over a machine and lock the owner out until they pay a fee to the hacker.

It is estimated that such incidents have increased by 50% in the last 12 months.

The first thing to do is to ensure that the operating system is up to date, and that any security patches issued by the provider are installed promptly.

Also make sure to protect the system with a reputable anti-virus protection programme.

Remember that as Microsoft rolls out new operating systems, sooner or later it will withdraw support for older ones. This was part of the problem with the NHS meltdown, where some of its system was still using Windows XP, long after Microsoft withdrew support.

The second thing to do is to ensure that all data crucial to the business’ operation is backed up elsewhere, either in the cloud or on an external hard drive, preferably both.

Thirdly, all staff should be trained to be on the alert for suspicious e-mails and above all to never click on any links they contain.  Often such emails will appear to come from a reputable organisation, such as HMRC.

If in doubt about a link, hover the mouse over the link and the complete URL will pop up.  That is often a good indication that it is suspicious. Further checks could be done by either calling the sender or checking its website via a search engine not via any links in an email.

Remote monitoring by your IT support company is another option.  We offer remote monitoring and back-up options via AVG.  Better to be safe than sorry when your livelihood is at stake.

Updated-Data-protection-regulations

Updated Data protection regulations coming into force

From 25 May 2018 GDPR (General Data Protection Regulations) will be in force throughout the EU and the UK Government has confirmed that it will comply regardless of the decision to leave the EU.

The GDPR is designed to improve consistency in protecting and strengthening consumers’ rights over their personal data, although work is continuing on refining the regulations.

Many organisations collect and keep personal information for a range of legitimate purposes, from use in targeted business marketing, to records kept by organisations providing health and other services and also for research.

But rarely a week passes without news of yet another organisation’s customer database being invaded or “hacked”.

Any business or organisation that collects information from people who either work for or use its services has a duty to ensure it is stored securely and safely.

When the new regulations come into force both businesses and those who process digital records for them will now be accountable. They will have to document decisions that are made about processing the data that has been collected. This means showing that the data has been lawfully collected for specified and legitimate purposes, and that the details of what has been collected are specific and limited to those purposes.

Crucially the information must be protected and held securely and must be stored for no longer than required.

Any organisation or business that keeps lists containing people’s personal data will need to look at their data collection, storage and processing systems to be ready in time for the new regulations.  They must ensure they have proper permissions for collecting and holding personal information and can verify this. Silence or pre-ticked boxes are not proper consent.

They must also give individuals a right of access to and correction of the information being held, the right to its removal and to restricting it and the right to object. So, they will need to put in place acceptable governance to ensure all these rights are acted on, on request and in a timely manner.

Opt-outs from the regulations, known as derogation, will be allowed only in some situations – such as for national security reasons.

RIP-Vista

The End for Windows Vista

No more support for Windows Vista

It is ten years since the Windows Vista operating system was launched and this week on April 11 2017 Microsoft finally withdrew support.

Vista users will no longer receive security updates that can help protect PCs from harmful viruses, spyware, and other malicious software that can steal personal information.

When it was launched, Vista was supposed to revolutionise Windows because of its new file system and user interface.  But the new system was “graphically intense” and took up a lot of space, especially on laptops.  It was also too much for many netbooks.

Users complained about file transfers being slower than Windows XP, video games were sluggish, and on-screen prompts constantly pestered PC owners.

Vista reportedly became one of the most disliked software packages, especially when compared with Windows XP, which was two years older than Vista.

At the time, Microsoft was criticised for failing to understand customers’ needs and for not listening to them.

While those who still have Vista on their machines will still be able to run it, they should be aware that they will no longer be protected and if they store sensitive information, where security is important they should consider changing to a different operating system.

They may also find that their PCs will no longer work with other hardware, such as printers, scanners and cameras that have been manufactured to be compatible with more recent operating systems.

If you want to find out about the life cycles for support on other Windows operating systems there’s a fact sheet here

If you want help to upgrade to a newer system Colchester IT can assess whether your existing computer hardware is powerful enough to cope as Windows 10, for example, is very power-hungry needs at least 1GB of RAM, between 16 GB and 20 GB of free storage, and a display with a resolution of at least 800 x 600 pixels.

Call us for advice and to help you through the process of upgrading.