Something north of 100 countries were hit with an outbreak of the Wannacry encryption malware this past week.

The malware exploited a Windows flaw that was patched in March.  The malware is also network aware, so once inside your network, it can spread to other machines.  There are several take-aways from this incident:

1. You should be using a supported version of Windows for desktop machines and notebooks.  That means that any Windows XP or Windows Vista machines need to be retired NOW.   Windows 7 will continue to be supported for another three years.  If your business software will run on it, we recommend Windows 10 as an operating system for desktops and notebooks.
2. You should be using a supported version of Windows Server software.  This means that any Windows Server 2003 or Server 2008 machines need to be retired.  Server 2012R2 and Server 2016 are the only safe options for Windows Servers at this point.
3. You need to keep your machines current on security patches.  Our monitoring software can be configured to force Windows updates on a scheduled basis.  Alternately, each machine can be set to download and install Windows updates promptly when they are released by Microsoft.
4. You need to have current anti-malware software installed on all of your machines.  There are a number of excellent products on the market.  We recommend F-Secure and AVG Cloudcare products.  The AVG Cloudcare products integrate with our managed service offerings.  For extremely small offices (1-3 machines), there is an Avira product that also works well.
5. You need to consider your firewall solution.  Although a bit pricey, Sonic Wall TZ series routers have the option of stopping malware like Wannacry at the outside edge of your network.  We are a Sonicwall dealer.
6. You need to have a backup strategy in place just in case the worst happens.  We offer several backup options.  If you have a limited amount of data to protect, a cloud solution like Carbonite or AVG Cloudcare Backup works well.  For larger amounts of data, or where having a local copy of the data is important, we recommend a hybrid local/cloud solution, such as Intronis Backup.  The biggest advantage of a hybrid system is that you can quickly recover data locally, but have the security of an off-site backup as well.
7. You need to think about how long you can afford to be down if the worst happens.  We offer the option of “virtual” servers where data from the primary server is backed up every few minutes to a backup server that can be quickly be brought on-line of something happens to the primary server.  In many cases we can “refresh” an older server that is being replaced with new hardware so that the old server can serve as that emergency backup.
8. You need to teach your staff to practice “safe computing” and avoid doing things that will expose your network to malware.

Gulfcoast Networking has the expertise to help you avoid falling victim to Wannacry and other malware.  Give us a call at 727-847-2424 to schedule an appointment for us to come out and look at your business and assess your exposure.

 

Windows 10 appears to be “a keeper”. We believe it will be a long term benefit for most of our clients. For Windows 8 and 8.1 machines, it is a clear improvement. The case for Windows 7 machines is not quite so clear, but Windows 10 has some nice improvements.

That being said, there are issues you need to be aware of:

The most significant issue is that some business software will NOT currently run on Windows 10. If you are using specialized software, check with your software vendor BEFORE you upgrade the computers on your network. This includes cloud based software that you access via Internet Explorer. If you are using nothing more sophisticated than Quickbooks 2013 or newer, you should be fine with the upgrade.

Some older hardware isn’t quite up to the task. If your computers are less than a couple of years old, you “should” be fine. You may need to update some drivers. The two desktops we have tested internally both needed updated video drivers after the upgrade.

If you have several similar machines and are looking at upgrading to Windows 10, we recommend you upgrade one and thoroughly test everything before upgrading the rest. There is a way to revert an upgraded machine for the first 30 days, so the upgrade is relatively safe. Needless to say, always back up your data before doing any upgrade.

There is hope for some problematic hardware and software.  We are seeing new video drivers being published and software vendors are working hard to make their programs work with Windows 10.  There is absolutely nothing wrong with waiting until May or June to make the upgrade.

There is a great article on ZDNET regarding the Windows 10 upgrade program and how to disable the upgrade notices.  You can find it here.

As always, we are available to answer any questions you might have.

 

Rob Marlowe, Senior Geek

I’ve received quite a few questions about Windows 10.   If you are looking for a computer for your personal use, there is absolutely nothing wrong with Windows 10.  It may very well be the most secure version of Windows so far.

There are a couple of caveats:

1.  If you are using your computer for business purposes, you need to make sure that any special software you might want to use is compatible.
2. If you play games on your computer, you need to make sure that the games you like run on Windows 10.  Spider Solitaire is notable by its absence.  There are ways to download an install a replacement, but you have to make the effort.  Naturally, you shouldn’t be playing games on your business computer anyway.

The upgrades from Windows 7 are Windows 8/8.1 are fairly easy.  If you decide you hate Windows 10, you’ve got 30 days to roll your computer back to the earlier version.

If your computer currently has Windows 8 or 8.1, I strongly encourage you to upgrade after confirming that you aren’t going to have a problem with any special software you use.

If your computer has Windows 7 installed, the case for upgrading isn’t quite as clear.  Windows 7 will be supported by Microsoft for at least another five years.  At that point, you will have likely replaced the computer anyway.

If you have a dinosaur running Windows XP or earlier, don’t even think about upgrading.

Rob Marlowe, Senior Geek

 

We’ve been watching the unfolding train wreck that is Adobe Flash for the last week or so.  Multiple vulnerabilities have been followed with patches and yet more vulnerabilities.   It has become apparent that Flash is simply too dangerous to allow it to run on your computer.  At this point, we strongly recommend that you uninstall Flash on your computer.  For more information, see the US CERT notice that came out yesterday.

We can not stress enough how exposed the use of Adobe Flash is leaving your network.  There are several attack vectors that are possible  (including web pages, emails, and Word files)  if you have Flash enabled on any of the machines on your network.

Note:  Some software, eg. Quickbooks Merchant Services, requires you to use Flash.  If this is the case, you will need to be fanatic about keeping Flash up to date in order to minimize the risk.

 

GEEKNOTE:  One of the little “gotchas” involved in setting up a domain name and using it for your email or your website is that you have to designate two or more “DNS” name  servers.  The name servers respond to requests for information about your domain and send the appropriate information out for finding your website or mail server.

The reason for having two or more name servers is so that your domain can still be found in the event that one of the name servers winks out for one reason or another.  If your website or mail server is unavailable for a short period of time, that is not a big deal to the Internet.  If your domain disappears because no authoritative name server can be reached, that IS a big deal.

Some service providers will take a shortcut by creating two name server “A” records that point at the same physical server.  The downside of this is that they then have a single point of failure and that one server going down takes down every domain that is using the server.

Other service providers will use two physical servers, but have them sitting side by side or in the same equipment rack.  This works fine for outages effecting one server, but does nothing to protect you if the service provider’s Internet connection goes down.  This includes garden variety outages as well as larger outages like an area wide outage from a hurricane or other storm.

We have been updating the domains we host to include three separate name servers.  Two of the name servers are here for convenience, but the third one is out of state (typically Kentucky or Missouri) so that even a major weather event won’t result in our domains going down for extended periods.

Do you ever wonder how your domain is handled?  You can type in your domain name at http://www.intodns.com and find out.  If all of the name servers have the same IP address, you’ve got a problem.  If they all have numbers that only vary by the last octet (the fourth number), then you still ought to ask that the name servers be spread out.

Feel free to contact us if you have any questions.

 

Rob Marlowe, Senior Geek