Pittsburgh Tech Guy

3. Protect Your Email. Many schools issue all students a school-specific email address, usually a standard POP3 account. It's a snap to set your email client so it logs in automatically, without requesting the password each time. However, if you ever leave your computer turned on but unattended, anyone could log in and read your email, or send scandalous messages. You'll be safer if you set your email client to require the password every time.

I run into so many people who install crappy programs that claims to keep your drivers up to date.  In general I tell people, if there is not a problem, leave it alone when it comes to drivers, however, some don't heed the warning.  For all of those customers, here is a program that will keep them up to date the right way.

2. Password-Protect It. Yes, it's awfully convenient to just turn on your computer and have it boot straight to the desktop—convenient, but not safe. You absolutely must password-protect your user account, and disable the Guest account if it's not already disabled. Also, dig into the Power settings in Control Panel and set your computer to require a password when it wakes up from the sleep state. If you have to step away from your computer, press Windows+L to lock it.

In honor of this fun time of the year, back to school, here are some security tips to pass on to the kids as they venture off to college or the library with the brand new laptop you purchased. 

1. Lock It Down.Many laptops and other small electronic devices include a slot designed to accept a special cable lock. Wrap the cable around something massive, insert the lock into the device, and turn the key or spin the combination. A determined thief could probably wrest the device loose, but only at the expense of seriously damaging the case. There are also locks that attach to a common port such as the video output or parallel port.

Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued today.

Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it's simply economics at work.

"The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft's response," said Fossen. When a new vulnerability -- dubbed a "zero-day" -- is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.

If the bug is critical and being widely used by hackers, Microsoft will go "out-of-cycle," meaning it will issue a security update outside its usual monthly Patch Tuesday schedule.

But after April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates. The only exceptions: Companies and other organizations, such as government agencies, that pay exorbitant fees for custom support, which provides critical security updates for an operating system that's officially been declared dead.

Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.

"When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks," said Fossen. "But if they sit on a vulnerability, the price for it could very well double."

Minus any official patching from Microsoft, XP zero-days and their associated exploits could remain effective for months, maybe even years, depending on how well security software detects and quarantines such attacks.

If Fossen's thesis is correct, there should be signs of bug banking, most notably a sharp reduction in the number of publicly-disclosed or used-in-the-wild XP vulnerabilities during the fourth quarter of 2013 and the first quarter of 2014.

"[Hackers] will be motivated to sit on them," Fossen stressed.

For you, the average user, you will be at the mercy of hackers.  You've been warned...