Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

  • McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
  • Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
  • Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.

Wi-Fi: What You Need to Know!

Wi-Fi is a topic that even if you are not a nerd or geek you need to know the basics. Why? Because very few of us exist without access to the internet and most of us are using a wireless connection to make that happen. The other common wireless options are cellular and satellite connectivity. Let’s talk about what Wi-Fi is. First, it is NOT an acronym. Unlike almost everything else involving technology, it doesn’t stand for something more long winded. In short, Wi-Fi is the international standard for computing technology to talk to each other over the wireless 802.11GHz frequency. For a more detailed explanation check out Cisco’s information.

Think of the internet as a major road/highway system with destinations. The websites and various applications or programs you access via the internet are your destinations. The road or highway that connects you from your laptop/desktop (starting destination) to various websites/cloud based applications is the internet. Now just like the roads you drive on with a vehicle, the internet has roads made of different materials, capacities, durability, etc…. and just like when you drive a car… you experience many different types of roads to get from point A to point B. For the internet, a browser is the “car” you drive. Most of us use Safari on Apple and Microsoft Edge or Google Chrome on non-Apple devices. So very similar to the vehicle route, if part of your journey involves a small, congested, or “rough surface”; your overall travel time will increase. The same is true with the internet. You can have a very large high-speed connection coming into your home but if the Wi-Fi connectivity in your home is poor, your internet experience will be poor.

So let’s just focus on the portion of the internet involving Wi-Fi. This technology only covers a very short distance. It’s better at distance than bluetooth but not good enough to cover anything more than a home or small yard space. The current Wi-Fi standard is Wi-Fi 7. Any device that can transmit or receive a Wi-Fi 7 signal will also be able to function with older Wi-Fi standards like 6 but keep in mind that speed and security will be less. By the same token, upgrading your home router (the device in your home that connects the wired connection from outside to the wireless devices in your home) will have little to no impact on your internet experience if your laptop, desktop, tablet is only running an older version.

Best practices and recommendations:

  • Since your router impacts multiple devices, make sure it is not obsolete technology. If you are using equipment provided by your internet provider it is just about guaranteed to be obsolete. Keep in mind that a router also functions as a traffic cop. It decides when to prioritise one connection over another so multiple devices experience minimal lag. The better the router, the more traffic it can manage without your internet experience downgrading (i.e., the TV buffering, websites taking a long time to load, tasks involving uploading/download files taking forever or timing out).
  • Walk around your home with a Wi-Fi analyzer or at minimum check the signal strength using a laptop, tablet, or cell phone with an active Wi-Fi connection. You want to ensure that dead spots don’t exist in the same locations where you need fast, solid network connectivity. For example, under the stairs to the basement is probably not a problem but the living room TV would be an issue.
  • Do a “real” device count of what needs a Wi-Fi connection. Everyone tends to think they need 1 or 2 connections per person. That is not even close to what is in a typical US home… every TV that is connected to the internet, every laptop/desktop/tablet, every smart appliance in the home, any cameras you have connected, a smart doorbell, etc… Not all of them will need a connection at the same time but most of them will and you want to allow growth room. For a family of four, you are probably looking at 50 – 100 connections.
  • Use a guest network and other firewall partitioning options on your router. Most routers now, at a minimum, have a main network and a guest network. The main network should not be used for visiting family members, your kids friends, maybe even your kids devices, etc…. Keep the part of the network where your personal financial transactions and/or work activity is separate for even trusted visitors. If you are a small business, this is even more important. DO NOT give clients access to the network where you run your business. A typical mesh router, which is most likely what you need if you are trying to cover 1200 SQFT or more, has additional firewalled network options. You can activate an IoT (internet of all things) network for various appliances throughout your location, have a separate network for young adults and their friends, etc…
  • Change your Wi-Fi passwords at least annually. The guest network password should be on a piece of paper right on the front of the fridge. When someone comes over, you want to be able to give it to them without having to go “look it up”. If you have a guest room, make a nice printout that you frame and place near the desk or on a dresser for your guests. Do NOT make it similar to your other passwords. This is going to be the one given to “trusted strangers or clients”. It should be something like “PatriciaGuest#2026#” or “HelpMeNow!_LOL”. Easy to remember or speak but not something like “Passw0rd”.
  • Make sure you have enabled Wi-Fi security settings. Keep in mind that some of your oldest devices are NOT going to be able to use the latest security. Typically, the oldest piece of equipment will be something like your garage door opener, old gaming system, or an old kitchen appliance. This is why it is important to not have them on the main network. If they are on a separate Wi-Fi network that is firewalled off from your main network, you can use an older, compatible level of encryption and still have the most current and secure technology where you have the most risk – where financial or business activities happen.

How often should you replace your router? If you have had it for more than 5 years, technology improvements will be substantial and it would be considered full life. Routers can last a very long time or fail quickly depending on usage and power fluctuations. Due to rolling brownouts in Southern California, you should not expect to get more than 5 years. Obviously as your usage needs change, you may need to upgrade sooner due to performance: your kids are now old enough that they have significant connectivity needs due to gaming activities, adding equipment and members to your home has increased the number of simultaneous devices, technology expectations and usage are different so a previously acceptable dead-spot no longer works for you, etc…

I’m experiencing slow internet and thinking I need to upgrade my internet service provider (ISP). Most of the time when someone calls their ISP to upgrade their plan, they are throwing away money. The typical business or user has plenty of incoming bandwidth if they were using it effectively at their location. Just replacing/upgrading your router can significantly improve your experience without needing to incur additional monthly fees.

Give me a call/text/email and let’s schedule an appointment! Let me review your location and figure out the best solution for your current usage and your planned next 5 years, set it up correctly, and make sure you understand how to use it.

Smart Locks—The Pros and Cons

The first question I get is, what is wrong with the old tried-and-true method—a key? Answer: Nothing. The decision to change to a smart lock technology should be because you want specific features of that type of lock and you have decided the potential negatives are outweighed by these new features. So, to make this decision, you first need to know your options.

  • Option 1—Traditional key lock. This is great for someone who doesn’t have an issue carrying around a key, has a specific set number of people who need access, the people who need access don’t change, and finally either doesn’t need to monitor who or when access activity happens OR fulfills that need via cameras.
  • Option 2—Mechanical combo lock. This is an often overlooked solution. Perfect for someone who doesn’t need tracking by the lock of who or when access is happening. Someone who doesn’t want all the potential complications associated with technology and, more importantly, solves the issue of needing to carry a key. These solutions are inexpensive, do NOT require a power source, and are straightforward to use and maintain. There are models good for both gate and traditional residential door security. Example Links: https://a.co/d/0ekJ5Owd, https://a.co/d/05HOx4V1.
  • Option 3—Electronic combo lock. This is where options start to occur, and you really need to evaluate the pros/cons of each specific model. Most can have more than one code and track usage by each code. This is particularly useful so your immediate family can have a simple code you always use and never change. Then, when you have someone like a house cleaner or landscaper, you can give them a different code that you change anytime you change services. Typically these locks require a Wi-Fi network and have a battery that will need periodic charging/replacing. Most also have the ability for real-time notifications via a smartphone. I also recommend this solution if you have latchkey kids. Do NOT give them the default home code. Give them a code that is unique to them. This way, if it is shared inappropriately and something happens, you know specifically what code was used, can have that discussion about security with your child (i.e., do not share their home code with your “friends”), and should change it regularly (recommend once a year). Example Links: https://a.co/d/04rKTwhd, https://a.co/d/01WIvesE, https://a.co/d/0cDaXECL. NOTE: I always recommend anything that requires power should always be designed with a physical key backup that is hidden onsite. Some smart lock designs do NOT have this feature. Most of them do have a low battery indicator, but humans tend to ignore messages. You would rather not be locked out of your home with no other alternatives for access other than breaking in.

Your Home — Smart Outdoor Lighting

Most likely you have recently or will soon put up your outdoor holiday decor and this typically involves holiday lighting. Now, as you consider taking them down, let’s review your outdoor lighting and decide about how you want to make some home improvements. As you remove your outdoor decor, look over where lighting is bad, where do you have security concerns, do you have entertainment spaces that need different lighting when you have company over, outdoor steps that are a trip hazard due to bad lighting, etc….

Now divide your outdoor space into different zones. Most homes will have 4 zones: front, each side, and backyard. If you have a more complex outdoor space, you may want to divide into additional zones: back patio entertainment space, front walkway or driveway, etc…. When we set up smart lights, we assign them to a zone and then your controlling app will activate based on your choices one or more zones at a time. As an example, I may want my front door zone only to light up if it is nighttime and motion or doorbell activity at the front door. Another example would be motion detected in the backyard at night, but for safety, you want the backyard and both side yards to light up to ensure nobody can break into your home unnoticed.

So now that you know where you have concerns or issues as well as what you want to achieve, we can start looking at solutions. The first consideration is electrical. You do not NEED a wired power source because of the availability to use solar or battery solutions, but you need to know that before purchasing equipment. If you want items to be dependent on each other, the easiest solution is to keep everything in the same brand.

For purposes of this conversation I will use “Ring by Amazon” but multiple brands provide similar solutions. If you have a large estate, something like Josh AI is a great solution to automate and control multiple devices of different sources/brands. You are probably familiar with Ring doorbells, but they have motion activated cameras, floodlights, path lighting, etc… All of these items can be interconnected via their app, which you load onto your cell phone or access via your computer. Set up a zone called pathways, which could be solar-powered path lighting, that is set up to automatically come on from a dusk to down. For security, you can have your motion activated cameras automatically turn on any floodlight in their zone whenever it is dark and motion is detected. You could also add the “side zones” so that all sides of your house light up when the backyard cameras register motion. Finally, for an evening party, you can then turn on the “patio” zone. These lights could be setup on a dimmer so you have them provide the appropriate mode lighting and automatically override the evening motion activated full flood.

So as you set up and take down that outside holiday decor, review your setup for some home improvement opportunities. This is a great way to incorporate smart technology that provides the automation and improved security so you can simply enjoy your home. Give me a call if you want some help deciding on the correct equipment and how to design your lighting plan!

What is Encryption?

When it comes to computers and the average end user, encryption typically involves two completely different usages. Let’s start with what is encryption? Encryption is the process of converting ordinary programming coding or data to a “secret” code that you need the encryption key in order to decipher the content.

So the two forms that most end users deal with is sending/receiving data and hard drive security. Let’s start with the sending and receiving of data. The most common forms are email encryption and virtual privacy network (VPN) tunnels. Email encryption is an “add on” provided by your email service that scrambles the data of an email so it cannot be read or opened unless the receiver has the key. The key is tied to unique user identifiers to prevent just a random person from opening/reading the email. A VPN is used to create a virtual “wall” of encryption around your data as it travels through the internet. If you think of the internet as a highway system with various exit ramps for different website addresses, then a VPN is a tunnel around your lane in the highway that prevents anyone from looking in your windows and prevents you from exiting off at the wrong ramp. VPNs are typically used by business to employee connections, financial transactions, or people who simply don’t want anyone to know where they are from and where they are going!

Hard drive encryption (sometimes referred to as endpoint encryption) is where the entire hard drive of a computer needs a key by each program in order for it to access data or perform functions on the hard drive. This is VERY useful if someone is wanting more security than just a password. Think of it as having additional security behind the lock on the front door. The concern with hard drive encryption is it prevents some forms of IT support when you are having technical issues with your hard drive or software. It is REALLY important to ensure you have the hard drive backed up to a 3rd party location because quite often the only fix available with an encrypted hard drive is to “flatten and reload”. It is quite frequently what various malware/hackers do to hold your data hostage. They will “encrypt” the hard drive and then only give you the key if you pay a ransom (and sometimes not even then). Really essential that you don’t give permission to any application to encrypt your computer unless you really want it encrypted and have access to the associated key.

Using encryption on your computer is a great way to enhance the security already being provided by your firewall and antivirus services….especially for the transmission of data. Just keep in mind the trade-offs for maintenance and repair, or even the forwarding of an email to someone else.

Passkey — What Are They and Why/How Are They Replacing Passwords

First — What is a passkey? This is a device specific authorization that uses the device authentication (i.e., pin, fingerprint, face scan, etc…) to allow access to a program/website. Think of it as a special authentication that is limited to a physical piece of hardware in your hands. There is no need for 2-factor authentication or passwords if the program/website is using a passkey.

Concern — How is that better, and what happens if that device is lost, stolen, or has a critical malfunction? Passkeys are better in 2 ways!

  • From the end user standpoint, a single passkey can safely access multiple different applications. This is very helpful for the human brain. The reason a password should not be used this way is because passwords are transmitted over the internet to the program/website. Passkeys are not. The only information transmitted is the approval status….not the actual passkey code!
  • If the device becomes unusable (lost, stolen, critical failure, etc…), how do I log in? First, remember that passkey technology normally is managed by a 3rd party using extensive encryption technology specially for retrieval when device changes/reformatting occurs. Assuming you are using something like Google Password Manager, iCloud Keychain, Microsoft Authenticator app, etc…, you can recreate a new passkey when your device is repaired or replaced that will have access to all the original content. Secondly, most websites/programs that use a passkey still have backup methods for access if passkeys are failing. Third, a passkey can be saved as a physical security key (special kind of USB stick). This makes the stick the authentication device so you can use it with any computer.

But what about when someone has access to my computer or laptop? First, if you are not physically present at your device, it should be locked. You should also have a timer set to automatically lock it after X minutes to ensure this happens just encase you forget to lock it when you step away. If a thief was going to get access, they would have to steal it when it was unlocked and use it before the timeout feature would protect your data. Assuming that they have access with it locked, the types of thieves that can break operating system security in a passcode are not the local kind. They are typically government backed actors, that most of us don’t need to consider.

What about if I need more than ONE passkey or profile? For example, my work has me use my personal laptop.

  • Typical passkey systems allow more than one to be created.
  • If you think you require more than one, talk to a geek! Just because you use multiple programs/website does NOT mean you require multiple passkeys. Your IT support (or me) can help you navigate this concern.

Some USB stick based security key options:

Home/Gate Locks — Smart or Not?

When consider installing or replacing existing locks on doors or gates, you should consider some features for smart or very not smart solutions that don’t require a key! Smart locks have one universal issue…power. Most of them have batteries that are very long-lasting, but at some point, you will probably be trying to enter your home, and it will not work because the battery is too low. At a minimum, you should not consider any smart lock that doesn’t have a key bypass override. Proactively replacing/charging batteries on a set cycle is also a best practice. Most smart locks include a phone app that allows you to set up more than one code, so you know who is coming and going. This is particularly good if you want to give a “worker” something temporary and not the easy to remember code you use for yourself.

Some options are:

Some Patio Door Options:

Some Gate Options:

Now, if you want to go “old school” but hate having to carry keys, you should consider a keyless mechanical lock. No battery issues here. No connectivity issues. Complete privacy.

Give me a call/text/email if you want some help finding the right solution.

Artificial Intelligence — What Is It, and Should I Be Using It?

What is Artificial Intelligence? According to IBM, “Artificial intelligence (AI) is technology that enables computers and machines to simulate human learning, comprehension, problem-solving, decision-making, creativity, and autonomy.”

So, what does that mean, and how can I use it effectively to improve my business operations or personal life?

When we are talking business or personal life, it is all about repeatable successes. This means if you have a task and can break it down to specific steps…in a specific order…and expect the same successful result, that is a winning formula as well as something that is probably scalable for your business! If it is repeatable, then AI can be used to automate many of the steps.

The first issue you need to understand about AI is a problem we call hallucination. No kidding, AIs can and do hallucinate. What does this mean? As an example, recently a law firm was using AI to write briefs. When the AI could not find cases to cite to support their position, it made them up. Obviously, when the judge realized the cases cited did not exist, they lost. If you use AI, you need to validate/check anything provided to make sure it is legit and not from a made-up source or a source that is really sarcasm.

At a minimum and probably your 1st usage of AI will be looking up information. I always recommend you ask for sources when you place the question. Example: “How do you grow orchids and include sources?” Instead of just a list of related sources, the AI will summarize the data from multiple sources into a single, cohesive list of steps or data. Your next usage will probably be productivity. For example, a realtor might ask, “Write a property description that is approximately 250 words long for XYZ address in Tom Perry tone”. Property features include open floor plan, newly remodeled kitchen with stainless steel commercial grade appliances, etc….. This will result within about 15 seconds a completely written property description with all the unique features you stated as well as whatever the AI can find from various public sources (Ex: square feet, year built, etc….) written in a style of the public figure requested. You need to review it for validity and make any changes you think are appropriate. For realtors, this is a major time saver. With the help of various IT specialists, your online responses or even internal business processes could be executed by an AI, resulting in saving lots of money on labor costs.

Some popular AIs that specialize in various areas are:

If this is the start of your usage for AI in your business, I really recommend you talk to someone like me to review your business processes, your current level of AI usage, and let me help you figure out how AI can improve your productivity and cut costs.

Home Security — OTC or Company Monitored

Are you thinking about adding a security system to your home or business? Security system can be broken into two main categories. The 1st type is what I call over the counter (OTC). The 2nd is company monitored systems.

OTC systems typically are purchased and installed by the home/business owner (sometimes with the assistance of a handyman), do not connect automatically to a police department for automatic reporting, and cost significantly less. Company monitored systems typically are installed and maintained by a 3rd party and include the ability to notify local emergency services/police.

Two factors play the most impact for determining which is best for you — cost vs. scope of monitoring. If you just want to know who is at your door, if someone is on your property, and/or record activity in a specific location; the OTC type system is probably all you need. If you have very valuable assets on location, a repeated history of burglaries, and/or want the ability to dispatch police/fire automatically, a monitored system is what you require.

Some of the most popular OTC systems are:

  • Ring by Amazon — they are known for their doorbell model, but have an entire line of products that can be integrated to give you full camera and light controls, both exterior and interior. Link: https://a.co/d/0XMkXBp
  • Blink by Amazon — really affordable indoor and outdoor cameras as well as doorbell features. Link: https://a.co/d/epezYZn
  • Vivint — great security features and complete line of products. Link: https://www.vivint.com/products/doorbell-camera

Company Monitor Systems:

  • ADT — probably the most known (both good and bad) for company monitored systems. Link: https://www.adtsecurity.com/
  • American Alarm Systems — this is a local company (Orange County, CA) that can give you that one-on-one service to make a customizable system specific to your residential or commercial needs. Ask for Alissa Beale (ph: 714-863-0333 or email: [email protected]) who can help evaluate your situation and recommend the appropriate equipment or system for your needs. Link: https://www.amalarm.com/
  • Postil Property Management — this is a local company (Orange County, CA) that handles property management including security…especially if your business involves residential rental units. Talk to Mike Postil (ph: 949-213-9980 or email: [email protected]) for some expert assistance. Link: https://ppmser.com

Apple and Windows Updates

Should I do it or not? Unless you have really old equipment or running unique software/company applications that may or may not be ready for the latest Windows/Apple OS update the general rule of them is update regularly when the updates are fully released (i.e. not beta status) unless you have been specifically instructed by your IT Support to not update.

Currently, the United States is experiencing cyberattacks at a higher than ever rate, and most of these updates are designed to improve security or remove bugs. The time period you are most likely to be hit with a virus or some other form of malware is the time period from when it was released until when your antivirus software has been updated with the solution. Bugs that most likely will impact the average user are the first to be fixed by Microsoft and Apple because of the number of customers negatively impacted. This means by not doing updates, you are only prolonging your exposure and/or difficulties.

If you have really old hardware (i.e., old IPhone) you may want to hold off on some large “cumulative or OS” updates because it could slow your system down. I would still recommend that any security or bug fix update should be done as soon as possible. Remember, when you purchase hardware, you should always get “more processing” power than you currently need. Reason — because of updates, the tasks performed today will require more resources in the future.

Laptops and desktops have good automatic backup settings but keep in mind this does NOT automatically download driver updates that Apple or Microsoft considers optional. In my opinion monitor, mouse, keyboard, audio are not optional. If any of those features are not working seamlessly, you are down. The likelihood you are not using these accessories is very small, so any security flaw is a major concern. You should have a reminder on your calendar to check for optional updates at least 4 times a year, if not monthly. This is a task that typically can be performed in less than 5 minutes but saves you hours of time if something goes wrong and should be done just after completing a backup.

Gamers and high-end users will need to use their best judgment about updates. Microsoft and Apple perform extensive testing before deploying an update, but they cannot account for every piece of hardware or software potential conflict. The more unique the hardware or applications you are using, the more likely for a problem post update.