FAQ

FREQUENTLY ASKED QUESTIONS

Security
∙∙∙Keeping your Confidential Information Secure
∙∙∙∙∙∙"Phishing" emails: What are they and how to avoid
∙∙∙∙∙∙Online Stores, Best Practices
∙∙∙Spyware
∙∙∙∙∙∙What is Spyware?
∙∙∙∙∙∙Why is it so bad?
∙∙∙∙∙∙Is it a virus?
∙∙∙∙∙∙How does spyware spread?
∙∙∙∙∙∙How do I know if I've been infected?
∙∙∙∙∙∙Can I get rid of it?
∙∙∙∙∙∙How can I keep from getting infected?
∙∙∙Virus
∙∙∙∙∙∙Are viruses still a problem?
∙∙∙∙∙∙Are viruses similar to spyware?
∙∙∙∙∙∙Zombie Bots
∙∙∙Firewall (see a firewall primer here)
∙∙∙∙∙∙What is a firewall?
∙∙∙∙∙∙Do I need a firewall?

Networks
∙∙∙Wired
∙∙∙Wireless
∙∙∙High Speed Internet Access

Miscellaneous
∙∙∙Do you stock parts and accessories

Security -> Keeping your Confidential Information Secure

With so many people using the internet these days, it's become the new favorite place for savvy criminals and hackers to commit their crimes. Usually, these crimes involve identify theft and credit fraud. This type of criminal activity is what you most need to protect yourself from.

Other types of criminal (or questionable) activity include distribution of child pornography, online gambling, pyramid money mailing schemes, etc. These require a willing partner. So, if you aren't willing then it won't work.

But identify theft, and it's close relative, credit card fraud, are perpetrated against honest, unwilling folk. You can reduce your exposure to this crime by taking a few relatively simple steps.

"Phishing" emails: What are they and how to avoid
You may have heard the term "phishing" (pronounced fishing, and actually means the same thing).

Phishing is the act of a criminal perpetrator creating a legitimate-looking email, appearing to be from a trusted source, such as your bank or other well-known financial institution (such as PayPal, a commonly-used online payment service often used in eBay transactions), or from a well-known online store where you may have made purchases.

These realistic looking emails contain logos, verbiage, pictures, and other realistic elements in hopes to trick you into believing they are legitimate. They often contain links to legitimate-looking websites as well. The common theme of these bogus emails and websites is to warn you that there's a "problem with your account" and request that you "confirm your information", "verify your status", "prevent account closure", "reverse a fraudulent charge on your credit card", or to perform any number of other steps to "avoid problems".

A common PayPal-related scam involves receiving an email that says you've made a payment to some eBay seller and includes instructions on disputing the charge if you did not make the purchase. Well, of course you didn't make the purchase, so your natural inclination is the click the "dispute" button and complete the dispute process. Problem is, the entire email and dispute-process is BOGUS. The perpetrator is using this ruse to collect your PayPal password so he can then rob your PayPal account. When you see such an email, simply delete it.

Other common phishing emails appear to come from Citibank, Chase, or other popular credit provider. They all follow a similar theme: Something is "wrong" with your account that requires your attention.

Legitimate emails from financial institutions should always direct you to open a new browser window and manually type in the URL to the site -- they should never require your to click on a link in the email.

Etymology: Where did the word "phishing" come from? Years ago in the 1960's, before there were desktop computers, the "hackers" of the day were interested in placing free telephone calls using home-made gadgets that duplicated the in-band audio signaling tones necessary to spoof the telephone company equipment into believing the calls were legitimate. These phone-network savvy people were called "phone phreaks" and the act of stealing phone service was called "phone phreaking". "Freak" was changed to "phreak", both for the cool double-letter alliteration and to lend an "underground" quality to the word.

Online Stores, Best Practices
Buying things online is great, isn't it? How cool is it to browse an online store's web site, click a few buttons, then one to five days later, presto! Your new thing is on your front porch!

But can you trust the online retailer to protect your sensitive data? There's been a lot in the news lately about online databases (credit bureaus, online retailers, etc.) being hacked into and having all kinds of confidential data stolen. While there's not much you can do about the credit bureaus, you can reduce your exposure to fraud from online retailer data theft.

Certainly the majority of online retailers are honest and conscientious, but there are steps you can take to minimize your risk.

Username and password
Very nearly all online retailers require you to make up a username and password for yourself before you can complete your purchase. Best practice indicates you should make both your username and password difficult to guess. For your username, add a numeric suffix such as the last four digits of your childhood phone number. Your password should contain, at minimum, letters and numbers. Including a lower/upper case mix and some special characters is really good. You should use a unique password for each web site that requires one. Using the same username isn't such a good idea, either. But using the same username and password is a terrible idea. Don't ever do this.

Credit Card
Most of the larger credit card issuers (Citibank does this) lets you generate a special "one off" account number that's keyed to a specific vendor the first time you use it. Some credit card issuers let you specify time and Dollar limits as well.

For instance, with Citibank, I can generate an account number with a $50 limit that's good for one month. As soon as I use it, the number becomes keyed to that particular vendor and will work no where else. This way, should the vendor's database get hacked, the stolen credit card number is useless. And since I can place a Dollar limit on it, then I'm not exposing my entire credit limit to that vendor -- only $50 in this case.

Security -> Spyware

What is Spyware?
The word "spyware" has evolved into a catch-all term generally meaning:

Any software that installs itself on your computer without your explicit permission, or even your knowledge, for the purpose of serving the interests of the entity that caused the installation to occur. Such interests can be wide ranging, from the relatively benign (displaying ads) to the malignant (recording keystrokes).

Other oft-used terms include "adware" and "malware". These are variants that perform specific functions, however, the various terms and definitions have coalesced into the single moniker "spyware".

The "spy" in spyware has more to do with "sneaking onto your computer", as if by stealth, or by a spy, rather than meaning "it's spying on you". Although spyware certainly can spy on you, there are variants that don't.

A common type of spyware is the advertisement-display variety, or the so-called "adware". It's designed to receive advertisements via the internet then to periodically display those ads to you, even if you aren't actively surfing the internet. For instance, you might be writing a document in Microsoft Word, then blammo, right out of nowhere, you're shown an advertisement. You have to click it away. Ten minutes later, you might be shown another ad. The ad might be random, it might be triggered on keywords in your document, or it may be targeted using other criteria based on your web surfing habits. Marketers pay the spyware company to display ads on their behalf.

Other types of spyware might not be designed to display anything. Instead, it may track your surfing habits (the sites you visit, how long you visit, whether you bought anything, etc.) and report back to the spyware company's server. This report may be anonymous, feeding an aggregate collection of data, in which you are not personally identifiable, or it may identify you specifically if it's able to. Marketers will then buy this information from the spyware company.

These two types of spyware generally aren't trying to do anything overtly illegal, like stealing your personal information for illegal use. They exist to make money for the spyware company.

Make money? Who makes money and how is it made?

Here's a common business model:

A company writes a game, ticker, or other cool thing and posts it on the internet, free for all to download. That cool app cost money to develop, yet they are giving it away for free. How can that be? Answer: The spyware company pays money to the company that wrote the cool app if the company will agree to embed the spyware into their product. Now you come along and download the cool-app, game, whatever, that contains the embedded spyware. The spyware company sells advertising time and space, or sells demographic information collected by the spyware to other marketers. Result: You see ads and/or your browsing habits are reported back to the spyware company.

Why is it so bad?
Spyware is bad on many facets:

Your property was surreptitiously modified to the advantage of an outside party.
Spyware slows down your computer, especially when it reports back to the spyware company over your internet connection.
Spyware can adversely affect other software on your computer.
Your browsing habits and the web sites you visit can be secretly sent back to the spyware company's server.
Above all: You did not explicitly authorize the installation

Is it a virus?
Not in the classical sense. At least one hallmark of a virus is that it automatically replicates itself in a computer-to-computer fashion. Spyware doesn't typically propagate in this manner. Because spyware isn't a "virus" in the normally accepted definition, it's often not flagged by popular virus detection software such as McAfee or Norton Anti-Virus. Virus detection companies have been under a bit of pressure lately to include spyware detection capability in their products, so their scanning software is slowing improving.

How does spyware spread?
Spyware is commonly spread via two vectors:

1. Via free downloads.
Popular software, such as Kazaa (a file sharing program used by people swapping music/movie files) and games, always free of charge to download, often carry spyware. As mentioned above, the spyware company pays the software company (the company that created the program or game you want to download) a fee for agreeing to include the spyware component in their program.

When you download the game (or whatever) and install it, the spyware component tags along and is installed at the same time, often without your knowledge. I say "often" because there's a fair chance that you "agreed" to this by clicking "I Agree" to the "End User License Agreement" (EULA) window that is usually displayed before you can download most popular, free software.

You can certainly be excused for skipping past this many-pages-long legal treatise as you've probably seen similar verbiage hundreds of times. Nevertheless, that is the legal loophole that most spyware companies rely on for the "permission to install" on your computer.

2. Via web browsing.
The type of spyware that tries to install simply as a result of visiting a web site (as opposed to knowingly downloading a program) tends to be the more onerous variety. But if you have your browser security settings right (how do I check that ?) then you'll know for sure if something is trying to download and, therefore, you can avoid it.

How do I know if I've been infected?
Spyware, by it's very nature, makes no effort to advise you it's installed. There are some subtle and some not-so-subtle signs that you're infected.

Overall sluggishness of your computer system. If you have multiple spyware components installed (quite common, actually) then your computer may boot up slowly. It may also be rather slow after boot-up is complete.
Advertisements being displayed unexpectedly, especially if you aren't web-surfing at the time.
There seems to be a slight delay in seeing your keystrokes on the screen. This may be a sign that a keystroke recorder is present.

Note: Observance of these symptoms does not necessarily mean you are infected with spyware. These are possible symptoms only.

Can I get rid of it?
Yes, usually. Most spyware is installed as a hidden tag-along when you install free software from the internet. Rarely will uninstalling the parent application also uninstall the spyware. And the spyware component itself will rarely have it's own formal uninstall feature. Usually, uninstalling spyware involves using a spyware detection/removal tool such as those mentioned below.

Some spyware can be quite obstinate about removal, preventing you from easily removing it. Indeed, a few are designed to permanently attaching itself to your Windows operating system, thwarting all attempts at removal. One of the ways this is done is by modifying certain Windows OS files with spyware code so that if you do manage to remove all the spyware-specific components, it'll just reinstall itself. Often the only practical way to completely rid yourself of these aggressive spyware components is to reload Windows from scratch. But this is generally only necessary for the most aggressive spyware.

Most spyware will allow itself to be removed without causing much fuss. Although the spyware itself rarely provides a clickable uninstall feature, most won't fight your attempts to remove it. At least not yet.

There are numerous spyware detection and removal tools available. Some are free of charge.

I use one called Webroot Spy Sweeper (not free) which consistently yields top marks for it's ability to detect and remove a wide array of spyware. Webroot frequently updates their spyware signature files to detect the newest spyware.

Microsoft is currently offering it's AntiSpyware product free of charge. This, too, is a good product, though no one knows how long it will remain free. Microsoft may surprise us all with an uncharacteristic display of benevolence and provide their AntiSpyware tool free of charge forever. I mean, it's only appropriate given their long and rich history of security-exploit laden products.

How can I keep from getting infected?
It depends. Now THAT'S a useful answer, huh?

Avoiding spyware can be difficult if you're in the habit of downloading free software from the internet. Some free software explicitly states there's "no spyware". But usually you are exposing yourself to spyware when you download freebies from the web.

Purchased software rarely (very rarely) contains spyware. Don't worry about it.

If you aren't in the habit of downloading free internet software then you can pretty much avoid spyware by having the right browser settings.

Security -> Virus

Are viruses still a problem?
Computer viruses will always be "out there". However, since the traditional virus threat is pretty much common knowledge these days, many people have virus protection software loaded. If you have virus protection software and you keep it constantly updated, then you are much less likely to become infected.

Virus writers today know that a lot of people have virus protection software in place. But not everyone has such software in place, so the virus writers depend on that lack of complete coverage. They also take advantage of speed -- virus companies have to react to the release of a virus and that can take a few hours. Most virus software companies are very fast at updating their virus definition files so even brand-new viruses can be detected and removed scant hours after their release. Don't be the victim because your virus scanner is out of date. You should have your computer set to check for virus definition updates at least daily, if not several times a day.

Are viruses similar to spyware?
Not really. Most viruses are specifically designed to spread rapidly, destroy data, or cause other harm. Most spyware is designed to earn money for the spyware company through advertisement display or demographic data collection. Spyware companies have a vested interest in not causing problems, though it often doesn't work out that way.

The only similarity between the two is that both viruses and spyware tend to install themselves without your knowledge and certainly without your explicit permission. But that's where the similarity usually ends.

Zombie Bots
A malicious piece of software, resting silently and without your knowledge, on your computer, ready to spring into action upon receiving a command from an external source, usually via the internet.

etymology
One of several definitions of "Zombie" is: One who looks or behaves like an automaton
Definition of an "automaton" is: 1. A self-operating machine or mechanism, especially a robot. 2. One that behaves or responds in a mechanical way.
The word "bot", as it concerns software systems, has it's roots in "robot". In this case, a "bot" is a piece of software that performs a very specific task in a highly efficient and automated or mechanical manner.

Therefore, a "zombie bot" is a highly efficient, specifically tasked piece of software that performs in an automated or mechanical way.

A "bot", in and of itself, is not evil. For example, Google uses "bots" (called "spiders") to crawl the web, indexing pages so you can find them when doing Google searches.

But a "zombie bot" is a hidden piece of software, sitting on your computer, that silently monitors an internet connection, waiting to receive orders from an external source, somewhere on the internet. Usually those orders are instructions to perform some sort of illegal task, such as sending spam or attacking a web site.

Hackers will attempt to install their zombie bots onto thousands of unsuspecting computers, usually through viruses or malevolent web pages, to build a virtual army of computers waiting for orders to do whatever their masters dictate. This is usually a coordinated effort to send spam (from your non spam-blocked IP address) or to execute a coordinated attack on a web site (a "Distributed Denial Of Service", or DDOS attack).

Your computer (if infected), when combined with thousands of other zombie-bot infected computers, can mount a formidable attack -- enough so to temporarily disable the target of the attack, or to send out millions of spam emails before the source IPs are blocked -- which can prevent you from subsequently sending legitimate email!

Most virus detection programs will detect, remove, and report on zombie bots.

Another good reason to keep your virus detection software updated.

Security -> Firewall

What is a firewall?
A firewall is a program or device that protects your computer and internal network from unauthorized traffic to and from from the internet.

There are two broad categories of firewalls:

1. Endpoint Firewall
This is a piece of software that runs on the computer you want to protect. Software firewalls monitor all inbound and outbound traffic on your computer, the IP address they are going to/coming from, the port numbers, and even the program handling the traffic. You have extremely fine control over exactly what programs have network access and how it's used.

One popular software firewall is called ZoneAlarm, by Zone Labs. There are others, including a free firewall built into Windows XP SP2.

2. Perimeter Firewall
This is (usually) a physical device that sits between your internal network (and all it's computers) and the internet (outside world). A perimeter firewall protects you at the network level, so that computers on your internal network are safe.

Virtually all wired and wireless routers have a perimeter firewall built-in and enabled by default.

But having a perimeter firewall does not mean you don't need an endpoint firewall on each computer, especially computers used to access the internet.

It may sound like a perimeter firewall provides more security, since it protects the network before unauthorized traffic can even reach your computer, but that's not necessarily the case.

Click Here for more on firewalls.

Do I need a firewall?
Almost certainly! They say the only way to completely secure a computer is to power it off, unplug it, and bury it in the desert.

Any computer that has any possible connection to the internet, either directly, through another computer, through a network, or through shared-media like a USB memory stick, should have a firewall.

Networks
Wired
Many companies, especially larger ones, used wired networks to join all the company computers in a LAN (Local Area Network) Wired networks offer much higher speed, greater reliability, and near immunity from RF (radio-frequency) sources. Most wired Ethernet networks use category 5 UTP (Unshielded Twisted Pair) cabling capable of 100 mbps (megabits per second). 1,000 mbps (or gigabit) Ethernet is also available.

Residential Ethernet wiring isn't very practical unless it's done during construction. Pulling UTP post construction is possible, but it's expensive and time consuming. There's a better alternative.

Wireless
Wireless network product prices have fallen rapidly since the year 2000. Back then it could easily cost a Thousand Dollars to setup a multi-computer wireless network in a home. Today it can cost less than $200. Nearly all laptops have wireless Ethernet (or Wi-Fi as it's called nowadays) built-in.

But you've got to use caution when setting up a wireless network, being sure to enable the various security mechanisms, lest a rouge hacker gain access to your network while sitting in his car!

We will install your wireless network with these security features configured properly to prevent this from happening.

Another thing to be aware of: Wi-Fi systems operate in the 2.4 GHz radio spectrum, which is popular with other wireless devices such as cordless phones. If you have Wi-Fi at your home and you like having cordless phones, then you'll want phones that operate in the 900MHz or the new 5.8 GHz radio spectrum. Some of the newer 2.4 GHz phones are advertised to be Wi-Fi friendly (they cooperatively share channel space) so you may be fine if you have such a phone. But older 2.4 GHz phones are not compatible with Wi-Fi.

In a cordless phone vs. Wi-Fi battle, the Wi-Fi usually loses. If you live in an apartment complex or other dense housing and your Wi-Fi inexplicably winks out on occasion, it's quite likely due to a neighbor using an older 2.4GHz phone. You have little recourse other than to work something out, like buying them a new phone system! There is no law stating their phone must not interfere with your Wi-Fi.

High Speed Internet Access
Today there is presently two major methods for delivering high speed internet: Cable and DSL. If you are lucky, you may have your choice of the two. Often, however, it's a matter of which one is available in your area to service your home.

Cable-based systems (from your cable TV provider) tend to offer higher speed and have broader coverage areas.

DSL (Digital Subscriber Line, provided by a phone company) tends to be slower and have narrow coverage areas.

Improvements in both technologies are ongoing, each providing better service today than just a couple of years ago.

There are other high speed internet options on the horizon. One such system is NAN (Neighborhood Area Network), which blankets an area (such as a residential neighborhood) with a Wi-Fi type of signal. Some municipalities are experimenting with NANs as a way to offer high speed internet access to underserved areas.

Another up-and-coming system is Power Line Communications (PLC) or Power Line Broadband (PLB). This technologies delivers high speed internet access over existing power lines! This is probably the holy-grail of fixed site internet delivery. Power lines are nearly ubiquitous so with a bit of modification, there's no reason they can't handle internet traffic.

Click Here for some more detailed information into the various high speed internet access methods.

Miscellaneous
Do you stock parts and accessories
No. There is no possible way we can stock all the various parts and accessories to upgrade or repair all the different types and models of computers. There are simply too many different types of hard drives, memory chips, other expansion features, etc. to maintain a stock. Moreover, such inventory would quickly become obsolete as newer hardware is released.

However, we will acquire necessary replacement and upgrade parts and accessories for you, so you don't have to worry about it.

For instance, if you want to have a secure wireless network installed, we will acquire the necessary accessories on your behalf after determining your need. You don't have to go out and get them yourself prior to our visit.