WannaCry Ransomware Attacks

What Exactly is this Virus?

It’s a ransomware attack that encrypts your files and demands bitcoin payments to unlock them. It spreads across networks using the SMB protocol so if a single unpatched PC or server is attacked your whole network can become infected, as happened to the NHS. It’s called WannaCry because…

Where did it come from?

Well this is embarrassing. The malware is based on the EternalBlue exploit developed by the NSA. Rather than protect their citizens by letting Microsoft et al know about this security hole, the NSA chose to exploit it to spy on people instead. Then they were hacked by a group called The Shadow Brokers and the hackers made the vulnerability public, which kind of makes them the good guys. Ironic really.

I’m infected – what should I do?

Switch off the infected computer(s) immediately. If necessary just yank out the power cable as every second it’s left on it will encrypt more files. Then it’s time to call in the experts who will clean the infected systems and restore any encrypted files from your backup. This is the bit where you are glad you invested in backup software.

Will it affect me?

Hopefully not - Microsoft also found this vulnerability on their own and released critical security update MS17-010 back on 14th March 2017. As long as your systems are up to date you should be safe. For older systems (Windows XP, Windows Server 2003 R2), Microsoft released special patches. The NHS has been hard hit because they use out of date operating systems (including Windows XP!)

Does it affect Macs?
Not at present but new variants are appearing all the time, so don’t get complacent. Apply operating system updates!

How to I check for updates?

Check For and Install Updates in Windows 10:
In Windows 10, Windows Update is found within Settings.

First, tap or click on the Start menu, followed by Settings. Once there, choose Update & security, followed by Windows Update on the left.

Check for new Windows 10 updates by tapping or clicking on the Check for updates button.

In Windows 10, downloading and installing updates is automatic and will happen immediately after checking or, with some updates, at a time when you're not using your computer.

Check For and Install Updates on a Mac:
Open the App Store app on your Mac, then click Updates in the toolbar. If updates are available, click the Update buttons to download and install them

The Mac App Store shows updates for Mac, not updates for iPhone, iPad, or iPod touch. If you don't have the App Store on your Mac, get updates by choosing Software Update from the Apple menu.

If you don't see an expected Mac update:
Install any updates that are available, then check for updates again. Some updates appear only after installing other updates, and some updates are part of other updates. For example, updates for Safari don't appear, because you get them as part of macOS updates.

Use the Search field in the toolbar to search for the app that you want to update.

Click Purchased in the toolbar to see which apps you got from Mac App Store. If you got an app from somewhere else, check with the maker of the app for updates.

If you're using OS X Snow Leopard or Lion, get OS X updates by choosing Software Update from the Apple menu. Get app updates from the Mac App Store.

Check For and Install Updates in Windows 8, 7 and Vista:
In Windows 8, Windows 7, and Windows Vista, the best way to access Windows Update is via the Control Panel.
In these versions of Windows, Windows Update is included as an applet in Control Panel, complete with configuration options, update history, and lots more.

Just open Control Panel and then choose Windows Update.

Tap or click Check for updates to check for new, uninstalled updates. Installation sometimes happens automatically or may need to be done by you via the Install updates button, depending on what version of Windows you're using and how you have Windows Update configured.

Check For and Install Updates in Windows XP, 2000, ME and 98:
In Windows XP and previous versions of Windows, Windows Update is available as a service hosted on Microsoft's Windows Update website.

Similar to the Control Panel applet and Windows Update tool in newer versions of Windows, available Windows updates are listed, alongside a few simple configuration options.

Checking for, and installing, uninstalled updates is as easy as clicking those respective links and buttons on the Windows Update website.

Important: Microsoft no longer supports Windows XP, nor versions of Windows that preceded it. While they have issued a specific patch for this attack this really is a wakeup call for you to upgrade!

Our Business is Changing

As the Chinese proverb says, we live in interesting times.

In recent years we seen a sharp increase in our overheads, and the impending changes in the new business rates and rent increases are going to have a significant impact on our costs, not to mention Brexit adding 20% to the cost of imported hardware. This has made for a challenging climate for most small businesses, and it's inevitable that we will need to adapt to the new business climate.

Our last price increase was in January 2011, and we’ve made every effort to keep our prices as low as possible, however as with most of our competitors, we realise that we need to increase our prices if we are to maintain the service levels that our customers expect from us, so from 1^st May 2017 we will be increasing our prices as follows:

In-House or Remote Support

First quarter hour - £25.00+VAT

Each subsequent quarter hour - £20.00 VAT

Call-out Charges

First half hour - £60.00+VAT

Each subsequent quarter hour - £20.00 VAT

Weekend/post 6pm rates: add £2.50+VAT per quarter hour

Over the last decade we’ve seen a dramatic shift in the way we support our customers. Originally we used travel to the customer’s office  to resolve anything but the simplest problems, however with the improvement of remote support tools, we now do the majority of our work remotely. This is great news for our customers as it dramatically reduces support costs, however the changing approach to how we support you means that our relationship with our customers has also evolved

One important aspect of this, particularly when we are administering cloud services for you, is that we need to keep more detailed information about your licenses and settings. Needless to say trust is of paramount importance, particularly when you also allow us remote access to your computers, and this has led to a closer relationship with our customers.

For many of our business customers in particular, we feel that the pay-as you-go model no longer suits the new style of relationship. One important aspect of this is that as support incidents take less time to resolve it has become increasingly uneconomical for us to invoice for many incidents, which has resulted in an increasing amount of our work being given away for free.   It therefore makes sense to move the remote and telephone support services into a new charging model where we charge £25+VAT per computer;  we believe that this amount is both affordable for small business, and competitive as it will include unlimited remote and telephone support, and for customers who choose this model we will continue to charge site visits at our old 2011 rate. We will be phasing in these changes over the course of the next few months, so there's no need to do anything just yet.

We will also offer these customers a Service Level Agreement so that you can benefit from guaranteed response times, and for those who want a higher level of service we will offer packages that also include free on-site support. Please let us know if you want more information about this.

Windows 10 Upgrade Advice

If you’re using Windows 7 or 8 you will have noticed a little Windows 10 icon that has appeared in your system tray and is by now probably nagging you to ‘reserve’ your upgrade. We’ve received many queries from our customers about this and our standard answer has been to advise them to wait for 6 months to allow the early adopters to iron out the pain of the new operating system for them.

While this advice is conservative, so is our average customer.

We all know somebody who absolutely has to install the very latest piece of software as soon as it’s available. They want to stay at the leading edge of technology, but when things don’t go smoothly they rapidly find themselves at the bleeding edge instead, and I have to admit that we were rubbing our hands at the prospect of all these failed upgrades arriving at our service centres for resuscitation.

The reality has been quite the opposite. While we’ve seen a few problems, all the upgrades that we’ve carried out ourselves have been fault free, and the one problem we have seen has been in Eset firewall software blocking network traffic after the upgrade, which is easily fixed by reinstalling the software.

Several of these upgrades have been so that we can familiarise ourselves with the final release of the operating system, and others have been at the request of clients, but we’ve also carried out several upgrades as a quick and easy way or repairing broken operating systems, and we’ve been very impressed with what we’ve seen so far.

I’ve only been using Windows 8 on my home PC for a couple of months after breaking Windows 7, and I’ve never been a big fan of metro interface on my desktop PC, although I love it on my 8” Linx tablet. I was therefore quite happy to take the plunge this weekend, although I did take a precautionary backup of my entire system before proceeding, but in the event the upgrade was so uneventful as to be almost disappointing.

The few problems we have seen have come in to our service centres as casualties, and we’ve found the problem was down to  the original operating systems being riddled with malware.

As of today our official advice is that you can upgrade when you want to, but if you are already having problems that might indicate a virus please give us a call first. I’m going to recommend you take a full back up before you start, because you can’t have too many backups, though I don’t expect you’ll need it.

Next week I will publish our definitive list of this you need to do after you upgrade, so watch out for more…

Companies Behaving Badly

There are some things that we are simply better without; things that, once they are gone, you feel little reason to mourn. Things like Windows 98, or the Windows 8 Charm bar. This week I've added the Comet Group to that list. You'll probably remember the consumer electronics and white goods giant that went bust at the end of 2012, and one of our customers is unlikely to forget them in a hurry either.

The story starts with the MacBook Pro that was brought in with a faulty touchpad. Our initial thoughts were that this was most likely to have been caused by a liquid spill, but the customer was adamant that he had never had any little accidents with his laptop. He explained that he had bought it from Comet shortly before they went into administration using a voucher provided by his insurance company which allowed him to purchase a brand-new machine to replace one which he had broken. The touchpad problem had started shortly afterwards, but hadn't been a problem initially as it was only intermittent to begin with. Over time the problem got worse and when we opened up the laptop there was visible corrosion on the motherboard that could only have been caused by liquid damage.

At that point we simply assumed that the customer had spilt liquid on his laptop without noticing it, or somebody else had without telling him, but then we made a rather curious discovery. If you're familiar with the insides of Apple's laptops you will know that there are several liquid indicators incorporated into the case. When they get wet they turn red and stay red, and the one mystery was that despite clear evidence of water damage all the indicators were still white. While we were pondering this mystery Lee peered closely at one of the indicators and suddenly got a glimpse of red where the indicator appeared to be peeling up slightly. It turned out that what we were actually looking at were some small round and very professionally produced stickers that had been placed over the top of the liquid indicators to disguise the tell-tale red warnings.

Our client assures us that we are the first people to take his laptop apart since he bought it, which leads us to believe that he had been sold a water damaged, and poorly reconditioned unit, which had led to the eventual failure of the touchpad.

This is the sort of despicable behaviour that we sometimes see at the bottom end of our industry, but when this sort of fraudulent behaviour comes from a large plc it is absolutely reprehensible, and my only regret is that we are unable to take any action against Comet as they no longer exist. Which on balance is probably a good thing.

Calling Dick Tracys everywhere

you've probably seen quite a lot of coverage of the 60^th  anniversary of VE Day, and by coincidence I recently been reading through my late father's diary which he started writing at that time. He was working as a junior newspaper reporter in East Sussex at the time, and was only 16 at the time he started writing them, which you would never have worked out from reading them because as an orphan and a refugee he had to grow up pretty fast. After hours of immersion in the pages of his diary I began to get a real sense of what life was like at that time.

In those days before the Internet, and even television, entertainment came in the form of whist drives or trips to the cinema, and I can understand his captivation with Dick Tracy's iconic wrist radio, but while that was only a dream for his generation for ours it's fast becoming a reality. In fact I've recently taken to talking to my watch in much the same way as Dick Tracy did.

I have to say that mine is a little slimmer than Dick’s, and comes in the form of the Microsoft Band. I've wanted one of these since they were first launched in limited numbers in the US six months ago, so as soon as they were made available for pre-launch in the UK I signed up for one. Its arrival was a moment of great excitement in the office, and after a month of using it I'm convinced that the days of dumb watches are numbered.

I'm almost ashamed at the speed with which my trusty old watch, which has served me well for almost 20 years, was cast aside in favour of the shiny new usurper. At least watches don't have feelings, at least not just yet.

Let's get the negatives out of the way; while it's comfortable to wear the form factor is bulky and it catches on my shirt cuffs. The rectangular screen is designed to be worn on the inside of the wrist, which I was surprised to find I got used to quite quickly. It is however a flat screen on a curved wrist which makes it cumbersome, and although the screen comes with a screen protector I know from other users' experiences that it's prone to scratching, and compared to my old analogue watch it’s pathetically fragile, so don't even think of using it as a knuckle duster, Mr. Bond.

And that's about it. As far as I'm concerned all the rest is positive.

The other great contender for the space my wrist was of course the Apple watch which I finally got to play with at the weekend. As I expected its far prettier than the Microsoft Band, and I had fully expected it to match or exceed its specifications, but in this respect the Band stood head and shoulders above the Apple watch. The biggest omission in my opinion is that Apple have decided not to include GPS with their watch, which means that most of its functions depend upon it being paired with an iPhone via Bluetooth. Break that connection and a lot of the smart in smart watch falls away.

The biggest opportunity that Apple are missing here is for using the watch is a sports tracker, and one of my main reasons for buying the band was that it allows me to go running without carrying my phone. As soon as I finish my run and get back to my phone it synchronises my run data (including the GPS data of course) so that I can immediately look at my splits or check out the route I took on a map.

The other huge difference is in battery life; Apple are quoting 18 hours, which in practice may mean substantially less. I still don't know how long my battery lasts at its never run out, but if I wear it at night (of course I do, it tracks my sleep patterns) and then charge it for half an hour while I'm in the bathroom it's good for the rest of the day.

Having said that I have absolutely no doubt that when it launches the Apple watch the far outsell Microsoft band, and what they both do very well as provide notifications that you can glance at without having to get your phone out of your pocket. If I was to say that this has changed my life I might be exaggerating a little, but it has certainly changed my behaviour. Now whenever I get an email a quick glance at my wrist tells me whether it's urgent or not and this is changing the way I manage my email, which marks a fundamental shift in the way I manage my workflow.

I'm not sure if this is good or bad; whereas before I would check my mail every few minutes or hours now I'm constantly screening them, and on one hand it might make me more efficient, but on the other hand my work-life is now constantly intruding into my personal life in a way that it didn't before. At the moment that's fine, but when I head off on holiday this summer I'm going to be interested to see whether this behaviour has become a habit that I can't leave behind.

Who knows? After spending most of my life wanting to be like Dick Tracy, maybe what I'm really going to be reminiscing about in the future is my good old analogue watch.

Feedback Loop

It seems every time I visit a website these days I'm prompted to fill in a survey.

Let's get one thing straight. I've nothing against feedback. We invite our customers to leave feedback every time we do work for them, but the way we do it is to send them a link that they can elect to click on that will take them to a nice, simple and short questionnaire. What we don't do is foist a huge pop-up over the top of the webpage they're on which they have to dismiss they want to proceed any further.

To say that I find this irritating would be something of an understatement; it's particularly galling when it happens on websites that I visit frequently, and where the option not to take a survey could at least have been noted so that I'm not prompted every couple of days (usually when I'm in a hurry to get something done), to once again let them know what I think. I do wonder who completes these feedback forms, and come to that, what they look like as I've never ever in all my time of using the Internet filled one out. For all I know they could be beautifully crafted questionnaires that offer you marvellous free gifts with every question answered. But somehow I doubt it.

I'm also curious to know if the majority of feedback that is left has to do about the irritating requests for feedback, which am sure must figure quite prominently on the list of negative criticisms of any site that offers visitors the opportunity to respond to a feedback survey. Clearly, if I'm right in this assumption, feedback is ignored as I haven't noted any reduction in the number of tedious pop-ups getting in the way of my work. I'm also curious to know what exactly this feedback is being used for; somebody somewhere is probably analysing the feedback data as a way of justifying their existence, but the cynical side of me wonders whether the process is simply about identifying people who are prepared to leave feedback in the first place, which will then allow them to be targeted for advertising, or more active sales activities, in an attempt to convert the respondents’ accommodating nature into hard cash (at their expense of course).

Sometime soon I'll have to accept a feedback request just to see what happens. Unless of course that's exactly what they counting on.

These days I do quite a lot of my surfing from the comfort of my sofa using a tablet, or on the move using my phone, and these these pop-ups reach a whole new level of irritation as I often fail miserably to dismiss them because the screen isn't large enough me to get to the ‘no’ button. It's a bit like the ubiquitous pop-up advert that is easy to get rid of using a mouse, but nearly impossible to dismiss by pressing the little cross in the top right-hand corner when you're using a tablet. I used to think that I was simply a really bad aim when it came to hitting the cross, but I now realise that this is just a cynical trick by the advertiser who, having identified that you're using a tablet, is going to take you to their website regardless of whether you have managed to hit the cross or not, and you of course will just assume that your aim was poor as usual.

All of these irritations pales to insignificance, however, when compared to my pet hate which is adverts in the form of videos embedded at the side of webpages that decide to pay themselves without any intervention from you. One of the neat features of Chrome is that you can at least see which tab the sound is coming from, but this in no way reduces the heinous nature of the internet crimes being committed by advertisers in their attempts to promote more rubbish. And if I'm beginning to sound like a grumpy old man I'd just like to remind our advertisers and survey monkeys that they're the ones that have driven me to this.

Ignorance Is Bliss

If you’ve visited one of our service centres you will have seen that we have wire mesh wall displays that are used to organise small peripherals, accessories, and of course many, many cables. Over time the range of cables that manufacturers produce, and the frequency with which we sell individual cables will change, so for the last month or so we've been reviewing the ranges of cables that we want to carry in our retail display area.

Unlike Currys or PC World, we are a real tech shop, and this is reflected in the cables, accessories and peripherals that we stock, and over the years we've built up a diverse collection of legacy connectors and cables that we tuck away in the corner, but it's been the mainstream products that have been causing us the most problems. Generally for cables our preferred manufacturer is Belkin, but our experience with the business-to-business sales team has been pretty poor, to the point that, rather than relying on the stock codes they are giving me, I've been visiting competitors’ stores and quietly photographing stock codes from the retail packaged items that they carry.

We’ve got to the point where we can offer a fantastic selection of excellent quality cables, unless of course you want to plug anything into your network, at which point things get a little more difficult.

If like most people you aren’t familiar with both purchasing processes as well as network technologies I need to explain a few things: firstly cables are sold in two ways; retail packaged (these are the ones that come in boxes or blister packaging and hang on hooks) and OEM, which stands for own equipment manufacturer, and this means they come in plastic bags, and are intended for bulk use. Next we need determine what we mean by a patch cable; these are network cables that are intended to be used over short distances, often to connect routers, switches, or computers to the network. And finally we get to the tricky bit; there are many specific variations of cable types, but when it comes to patch cables they come as either STP or UTP, which stands for shielded twisted pair and unshielded twisted pair.

What we want to stock are retail packaged UTP patch cables, preferably in a range of lengths up to 15 meters, and we also like to use snagless cables as these are easier to work with them ones with sheaths. The problem is that the retail lines we used to order have been discontinued, and while we can still buy these cables in OEM packaging, Belkin only stock STP cables in retail packaging.

This clearly isn't an issue for all our competitors who are quite happy to fill their shelves with these STP cables, however for us this is a serious issue, because we know our networking technologies and simply put, Belkin, probably the largest cable manufacturer there is, have got it wrong. If you're going to put something in retail packaging then you can reasonably assume that it's going to be bought by consumers, and if a consumer is using a network cable it should definitely be a UTP cable. STP cables have their place, and that place is in the hands of professional cable installers who know how to manage the cable, and how to ensure that the shielding is optimised by way of earthed terminals.

This next bit is going to get a little bit technical, so I'll forgive you if you want to skip the next couple of paragraphs. Shielded cables are used to protect data packets from interference, and this is achieved by sheathing the cables in foil which is then protected by the (usually) PVC outer layer. You can also identify them by the metal sleeve on the outside of the RJ45 connector at each end. The shielding is important when you're running bundles of cables together (as they can interfere with each other, which is called cross-talk), and also when running cables in close proximity to power cables, but it also comes at a price. Because the shielding material is thin the cable is quite delicate, and something as simple as coiling it for packaging can cause the shielding to tear (particularly for CAT6 cable). Any tears will severely compromise the shielding, as will failing to terminate the shielding, preferably at both ends, using an RJ45 socket design for that purpose.

Unshielded twisted pair takes a different approach, and uses different twist patterns and pairing of the eight wires that make up the cable to tune out cross-talk. Because it doesn't rely on metal sheathing it is far more robust, and can turn in a much tighter radius than STP cable. As there was no sheathing to earth it also doesn't require the earthing of RJ45 sockets. While we wouldn't recommend it we know from our experience that UTP cable can survive the chair test, which is where you run over it on your swivel chair (probably several times a day), and I'm constantly surprised to find UTP cables that have been shredded to the point of multicoloured spaghetti which still manage to transmit data adequately.

So what on earth are Belkin doing selling STP cables to consumers? The first thing your average home user is going to do is use them to connect their computer to their router, and a quick check of the router plug will show that the earth prong is made of plastic, so the cable clearly isn't being earthed at that end. The next thing that's going to happen is they are going to ride their swivel chair over that cable repeatedly, in between letting the cat, dog, and a small child have a good chew of the cable (and probably in that order). Once the foil shielding has been completely destroyed you’re left with a compromised cable that's pretty much guaranteed to perform poorly.

All this could be solved by Belkin quite simply by using UTP cables in their retail lines, and relegating STP cables to their OEM lines. What beggars belief is that somebody in a senior enough position at Belkin was able to make this mistake in the first place. It's a sad indication that the company whose name is synonymous with cables no longer employs decision-makers who actually understand how they work.

And spare a thought for us as well, because we would much rather wallow in ignorance like our competitors than have to face the near-impossible task of trying to get a large company like Belkin to change the way they are doing things.