Fighting the Good Fight: An Interview with Malwarebytes Founder Marcin Kleczynski

Authors: Derrick Wlodarz

If you’re involved in serious malware removal these days, chances are that Malwarebytes has a soft spot in your heart. Technicians around the world (including my own company) have been combating “virtual gunk” on customer PCs with the help of Malwarebytes Anti-Malware since its first release back in 2008.

At my previous IT job, there were instances where Malwarebytes was the only tool that could handle specific wide-scale infections. So when the company’s founder Marcin Kleczynski agreed to chat, it was the opportunity of a lifetime for me. We discussed a range of topics including the current state of malware, where its headed in 2013, and how the future of Malwarebytes’ software is shaping up for the foreseeable future.

The Malwarebytes Front Office

The Malwarebytes Front Office

Seeing as Marcin had a recent, lengthy interview with TechSpot that went in depth about the history of Malwarebytes and their success story, we’re not going to beat a dead horse there. You can read what he had to say to TechSpot on your own. I had a lot of questions that many techs may be more curious in, which he had no problems divulging his opinion about. I’m glad I was fortunate to catch the busy CEO on a light work day!

Derrick Wlodarz: Where do you feel that Malwarebytes Anti-Malware fits on a modern PC? In combination with another AV product, or as the sole protection solution?

Marcin Kleczynski: The simple answer is that it’s meant to work in combination with another AV product. The product [Malwarebytes Anti-Malware] was designed about 4 years ago when my antivirus had actually failed me. I was a victim of malware. I found a forum where there were hundreds of other people who were in the same boat. Even though they claim they do it all, antivirus software simply cannot.

Very quickly, we realized that zero day threats that are polymorphic in nature were simply too much for regular AV software, and there had to be some sort of stopgap solution. That’s where we came up with the Anti-Malware product. We wanted to plug those holes. We aren’t looking to necessarily replace your current antivirus product; we’re looking to supplement it.

Derrick: How long has Malwarebytes been around as a company?

Marcin: We were developing freeware until about 2006, and in 2007 I started writing the first version of the Anti-Malware engine. In 2008, we released the first true version of the product to the public. So while the program itself has only been available for about 4 years, the company has been in existence for about 8 years.

Derrick: In your interview with TechSpot, there was mention of a product called RogueRemover. Is that a product that you made? Or was it one of your friends?

Marcin: It was actually a friend and I. He took care of the database aspect, and it was the predecessor to the Anti-Malware product. It served as the framework for Anti-Malware, which we built off of RogueRemover. Keep in mind that RogueRemover focused only on ransomware and rogue products, such as WinAntivirus 2007 and such. That’s what we really specialized in, and detected about 500 of those variants.

Derrick: This past summer, a Sophos study found that one in every 36 Macs has some form of malware installed. Does Malwarebytes have some solution to help address this problem for Mac users?

Picture courtesy of Sophos

Marcin: Building a cross-compatible product for Mac and Windows is not a trivial matter; you can’t just port your Windows product to a Mac base. Fortunately, we do have a component called “malicious website blocking” that a Pro user can enable on their system. In essence, we have two components: file system blocking that prevents infection from malicious files, and the second one targets blocking connections to blacklisted IPs. These websites are ones that have either hosted malware in the past or are currently doing so.

The website blocking component is a lot easier to port because it works on a more standardized level that is common to both Macs and PCs. A malicious IP is the same whether you’re on a Windows or Mac system. So this component will likely be the one to get ported over in the future to any combination of platforms including possibly Linux, Mac, and mobile.

That being said, we hope to scale up in size and have a Mac research team that can detect these new threats [like we do for Windows now.] Our current research team is about 10 people, and they handle new threats via a hybrid approach of some manual work and some automated processing. We’re able to scale the problem down by using our own engine.

Derrick: You also have user forums where samples are being submitted too, if I’m correct?

Marcin: Exactly. These forums are very valuable to us. This is where the “good stuff” is; the “gold” if that’s what you want to call it. These are new samples that most of the honeypots out there have not even seen.

Derrick: Looking at the trends in malware today, what do you feel will be the biggest threat in 2013? What should users be on the lookout for?

Marcin: Rootkits and Bootkits; anything with a *kit in it! Just today, I tweeted out about a new Windows 8 bootkit that is already proof-of-concept. Anything that starts before Windows loads, and has to do with driver-level changes; these are all scaling in severity where criminals are getting very good at what they do.

And the other ones are those still common today, like ransomware. These are the ones that infect your machine, place all your files into a .zip file, and then try to get you to purchase the unlocking password by providing a credit card number. This is ransomware at its finest, and they’re making good money from people. There will likely be a lot more evolution in this aspect of malware. It’s a money business for them now.

Derrick: Malwarebytes Anti-Malware has had a similar interface for the last few years. Can we expect any major changes to the product in the near future?

Marcin: We are actively developing version 2.0 in both interface and engine, so yes, something is in the pipeline for next year. That’s about all I’m going to say for now.

Derrick: Your company markets to a lot of different segments. Where do you feel the most demand is coming from these days?

Marcin: I feel it’s really balanced. We started in the consumer market, and that’s how we gained our popularity. People were fixing their computers at home, then went to work, and once the IT guy found out about it – it evolved via word of mouth, honestly. Corporate and small business in particular is definitely getting bigger for us, especially with the launch of the Enterprise edition we just released.

A lot of businesses are starting to understand that layered security is definitely the next evolution in protection. Having multiple scanning engines from different companies, where each company can be accountable for some aspect of protection, is starting to become key to many organizations. Universities and other schools are also buying into Anti-Malware at a fairly good rate.

Derrick: Does Malwarebytes have any intentions of becoming a rounded AV solution like NOD32 or Norton 360? What are some of the longer term plans for the software?

Marcin: It’s an option most definitely, but we want to stick to what we’re good at. I don’t want to create an AV software, and also have an anti-malware product, and end up becoming just as ineffective as some other bloated solutions on the market. People may then steer clear from installing Anti-Malware alongside an anti-virus solution because they think one program handles it all. This is not the approach we want to push.

We’re able to do everything with a 10MB installer, where other programs have a tough time in shipping with less than 100MB. It goes back to our grassroots feeling and our belief in the community at large.

Derrick: Your company analyzes more samples of malware than one can fathom. What exactly are the “worst of the worst” doing on systems today?

Marcin: That’s a good question. Back in 2005-2006, you had infections that were very simple to catch. Same MD5, same filename even – I believe one was even called nail.exe. You looked for the filename, you checked its version information, matched it to definitions, and you were done. Nowadays, you and I can go to a malicious website and get infected and end up with different variants of the same basic malware. Different MD5s, different file sizes – completely different malware.

 

WinAntivirusPro 2007

WinAntivirusPro 2007 – Picture courtesy of SpywareRemove.com

You can see how this becomes a large problem for our security researchers. We’ve had to evolve into using heuristics and install-pattern behavior to detect modern malware. It’s becoming very challenging to detect much of what is out there.

Derrick: Do you feel that signature-based detection is going to be a thing of the past some day?

Marcin: It’s already gone. Our approach is a hybrid one with signatures and heuristics, where each supports the other. The days of pure definition-based removal are long gone. Amateurs are using that now to make quick and easy malware. But if you look at all the sophisticated malware out there – the rootkits, for example – the nature of polymorphism is the scariest aspect of all this. And most major malware is using it these days.

For example, you may get hit with malware from a website claiming to offer keygens. You attempt to remove part of the infection, but the malware itself is so advanced that it will regenerate on its own and replace the missing files with fresh ones. You can’t even nuke these infections piece by piece anymore.

Derrick: Where do you see as being the largest source of infections today?

Marcin: It’s tough to answer, but social media is definitely the hottest one on the rise. The reason being is that with social media, it’s so easy to play off emotion to easily spread infections. You can post a link on a friend’s page saying “Hey, here is a photo of you – click to check it out” and by human nature, we are more likely to click on it as opposed to if we received it in an email.

Even if 10% of your friends click on it, and those friends of friends then see, it can spread very very quickly. That’s definitely on the rise and honestly a genius idea for how to spread malware.

Exploits from Java and Adobe are ones that are sticking around, too. The bad guys keep finding holes in this combination of software. The final big source of infection is still from people knowingly going to torrent and P2P websites, infecting themselves very easily.

Derrick: We now know that the upcoming Windows 8 is going to offer a bevy of security improvements such as Secure Boot. Is this going to pose an issue to Malwarebytes in the short or longer term in regards to functionality/capability?

Marcin: I don’t think it will pose too much of an issue honestly. We will work with Microsoft to ensure our product is as effective as possible. But what I fear is that with all of this deep-rooted security, we may actually see fewer, albeit bigger-impact breaches that will be harder to clean up and cause potentially more damage than what we see today. But it’s hard to predict that far out.

Derrick: There are a few top competitors out there alongside Malwarebytes Anti-Malware. What do you feel is the single feature that sets your product apart form the rest?

Marcin: There’s a lot of cool things that we offer in our software product (scheduled scanning, small updates, dual-protection modules, etc.) But the best way we differentiate ourselves is if you have an infection that Anti-Malware cannot remove, you can come to our forums and we will help you remove it for free. This is even if you are not a paying customer, and is just one of the perks that comes with our product.

Something also has to be said for our detection rates and removal success rates. This is how we grew to where we are; we are very comprehensive in our detection & removal approach.

But most important is our community approach to solving malware problems. When I had issues with an infection years ago, I will always remember how I came to a security forum to get help, and people had open arms. So I have a strong belief in this method of helping others.

Derrick: Knowing that Technibble is a place where IT professionals come for advice, is there anything you want to share with everyone as a final word?

Marcin: I think the best way to close out this discussion would be to open up the floor, so to say, to all the Technibble followers. What is it that you want to see in Malwarebytes Anti-Malware? What suggestions do you have for us? We’re very interested in hearing from the community that uses our product religiously – so please leave your suggestions in the comments area below!

Note: The original interview with Marcin took place on October 23, 2012. This interview transcript was edited for length considerations and editorial clarity.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

Grow or Die, the Choice is Yours

Authors: Guest Writer

Guest Post by Ronn Hanley:
My home based clients don’t do business with me because I know more than they do about computers, networks, and servers – there’s always someone who knows more about those things and my clients know it.

They do business with me because I insist on making the interactions with them reasonably pleasant.  They are happy to see me coming and know that I’ve helped them in the past and will do what I can to help them now.  Many of them understand that I can’t solve every problem, but they’ve grow to understand that I will do my best.  I make it clear to them that they aren’t simply numbers on a spread sheet.  I enjoy helping even when things are blowing up in our faces and the world appears determined to stay in disaster mode.

Here’s the problem though, on average, home based businesses can’t offer enough work to build and sustain a full-fledged business – a business that I can use to act as an employer to others.  Don’t misunderstand, I know that there are brick and mortar stores that have built a reputation for working on systems brought from people’s homes, but realistically, how many home users or even small offices have the capital to pay for recurring managed services?

A few weeks ago I was working on an idea to help me get new business and something occurred to me.

I’ve been maintaining a bit of a fiction (I’ll explain in a bit).  There are two ways to look at how you are doing business.  If you’re like me, you’re the chief cook and bottle washer.  You’re also the head steward, bean counter and sole tax payer.  This is fine in the short term, but this method – known as working IN the business, is just that, short term.  It’s not sustainable in the long run.

The primary reasons it’s not sustainable are pretty plain, there isn’t enough of you or hours in the day to go around.  It really doesn’t matter how much you bill per hour, over the course of months or years you will eventually burn out and then where is your business?

When I say that I’ve been maintaining a fiction this is what I mean.  I realized a while back that I can’t keep up this pace for long.  Where I need to be is developing new business leads and products.  I need to be sitting down and creating proposals for new clients and building stronger relationships with existing clients.  I need to employ others to help grow this thing I’m doing.  This is known as working ON the business and it’s what a true entrepreneur is all about.  The other method is just being ‘the computer guy’.

But NONE of that will happen the way I am doing things now.  I am spending 10 to 12 hours per day working IN the business.  Yes, I’m making money and taking care of my family, but like I said earlier, it’s not sustainable. I hope that you’re in business to do more than make money; hopefully you’re trying to build something that didn’t exist before, something that will last and be a benefit to your community.  In my opinion, that’s the true purpose of small businesses around the world.

I came up with the concept of Grow Or Die two weeks ago and put those words on a piece of paper on the wall right behind my center monitor.  It’s the first thing I see when I boot up in the morning and the last thing I see when I go to bed at night.

Kind of melodramatic?

Perhaps.

But consider this, if my business isn’t growing what is it doing?  If I’m not growing, what am I doing?

Look at the following facts:

  • The SBA and Census Bureau both report that on average 1 in 3 businesses fail in their first three years. (I start year three this coming January)
  • Some of the reasons for failures are poor marketing, poor business planning, poor management, and lack of clear objectives. (Ummm… yep)
  • Some small businesses fail because the owner fails to understand and adapt when their market changes causing them to get overtaken by their competition or lose too many customers too quickly. (Watching it happen to local businesses as I write this.)

Some or all of these things could quickly end my business or your business and put us right back in line looking for a job.  And, really, who wants that?

Guest Post by Ronn Hanley: Ronn is a technology enthusiast from way back, during the dark ages of the Arpanet and the Purple monochrome monitor screens. His first computer was a Commodore PET and his first laptop was the size of a suitcase. Despite that, he loves computers and technology to distraction and has been working in the tech world for almost 10 years full time, currently as the owner of a Desktop and Network support company in Atlanta, Georgia.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

How OpenDNS Works and Why it Can Benefit Your Customers

Authors: Derrick Wlodarz

Your customers likely have little to no idea what goes on behind the scenes to make the internet a pleasant place for the non-geek. One of these important supporting factors is the technology behind DNS (Domain Name System) which acts as the invisible address book for any and every website they choose to visit. To the normal user, it’s Microsoft.com; but we all know that in reality, 65.55.58.201 is where they’re truly going.

Not to get too technical, but it’s important to understand the workings of DNS if you are going to recommend services such as OpenDNS to customers (which I’ll get to in a little bit.) The Domain Name System is indeed a clever invention, because it affords for easy navigation of the web by end users and works globally between domain authorities of all walks. If you want to place the concept of DNS in a nutshell, think of it as the webbing that ties IP namespace (xxx.xxx.xxx.xxx) to easily recognizable domain name addresses (xxx.com). Without it, we would have to do all of our own legwork to get to any publicly available website on the internet.

How DNS works at a glance


The problem with how DNS is configured for most users is that it’s usually set up by the respective ISP for a customer’s home or office. While this used to be a non-issue back in the days of dial up and the budding of broadband, now DNS can truly have a negative impact on web browsing. In general, these problems stem from one or a combination of two issues:

Geographic location of DNS servers: This is becoming less of a problem on today’s mega-sized web backbones, but still poses a relative conundrum especially when end users are making DNS requests over slower speed links. Not all DNS servers are in prime locations; this is a bigger issue for customers who are in rural areas being served by smaller regional ISPs.

Over-burdened DNS servers: Again, this is more likely to happen with DNS servers hosted by smaller ISPs or similar DNS authorities, but I’ve seen it with Comcast and ATT systems too. If an end user’s router or home PC is pointing to DNS servers that can’t handle their request load effectively, overall response performance suffers and this equates directly to what we know as “slow internet.”

If you think all DNS servers are equal, run some of your own tests. The networking & security guru Steve Gibson has a wonderful free tool available called Domain Name Server Benchmark. It is preloaded with a number of popular DNS servers in use today, but you can fully customize it to include servers from OpenDNS, Google DNS, and any other provider you may wish. If you’re purely looking for the fastest possible response on DNS queries, DNS Benchmark is truly your best bet.

Changing DNS server settings is fairly easy for any computer repair technician that has ever touched the IP settings in Windows (or MAC). But keep in mind that how you adjust DNS for a customer will impact everyone who uses a particular machine or set of systems that share connection from a common router. There are benefits to making DNS changes on the router level because:

  • Everyone will not have to adjust their systems; only the common router will need the adjustment.
  • It will speed up (and clean up) web browsing for all users on a given connection.
  • You can even offer further browsing redundancy by choosing primary and secondary DNS servers that span different providers (say, Google DNS and OpenDNS, which I recommend doing.)

Changing DNS settings on a customer’s router is my preferred method because of all of the above, but namely, time savings in configuration. If any guests come to the home or office and use the internet connection, they too will be given the benefits of utilizing custom DNS settings. Every router handles DNS settings configuration differently; I highly suggest you visit the support section on your router manufacturer’s website before making any mistakes.

Some techs may claim that ISP-provided DNS settings work just fine, and I won’t necessarily disagree. Everyone’s needs from DNS and relative performance on a given pair of DNS servers will be wildly different. Much of this stems from what I mentioned above regarding location, burden, and other factors. But it’s what you don’t know about alternative DNS solutions (especially my favorite OpenDNS) that will get you interested.

The benefits of OpenDNS technology

While Google DNS merely exists to provide a speedy alternative to what ISPs offer, OpenDNS takes this concept one step further. The company employs specialized technology that actually spans DNS requests to datacenters that are closest to your location geographically without any intervention. In addition, because they handle so many requests from different parts of the world, they have arguably the most up-to-date single repository for where everything is on the web. This significantly reduces the need for them to “ask” other DNS servers where a website or file may be located.

Another key benefit is how they provide malware blocking at the network level by literally sifting out known-infected websites and files before you can even get to them. This is beneficial because, by default, ISP provided DNS servers never filter out the responses they provide. Even if you mistakenly type in the address of a completely known and virulent malware site, chances are your ISP will take you there – without hesitation.

One of the biggest contributors to the spread of malware today is the fact that end users who truly can’t recognize bad links or search results are visiting pages on the web where they’d likely prefer not to be. OpenDNS takes the guesswork out of the process because it maintains a centralized blacklist of these sites that is in effect for all users of the service (free and paid.) For customers of mine that have bad histories with such links, OpenDNS is always a recommendation behind solid anti-malware software like NOD32.

For those that need it, OpenDNS even offers paid levels of their service for home and business customers. Home users can benefit from the parental control functionality via custom block lists and category-powered filtering of their home internet connection. I’ve recommended the service to numerous residential clients in lieu of something like NetNanny (which is installed per-PC; needs updates delivered; etc.) There’s no client software to install, no signature updates to worry about, and it affects EVERY device that wants to use internet in a home – which means any young visitors won’t be able to bypass filters merely by bringing their own computers.

The business level subscription to OpenDNS goes even further by providing advanced logs, web access control for workers, strict malware and botnet prevention options, and website blocking. One of the greatest reasons that OpenDNS is truly a remarkable product is because you can gain access to the speed and malware prevention benefits without paying a single cent – merely by configuring your router to point to OpenDNS.

If you want to switch to OpenDNS on your own router or on a customer’s setup, here are the two DNS servers that they publish (follow their instructions page for generic guidance; consult your router’s documentation for in-depth steps):

  • PRIMARY: 208.67.222.222
  • SECONDARY: 208.67.220.220

I tend to take a balanced approach in my own setup for customers which uses a hybrid combination of OpenDNS as the primary server, and Google DNS as the secondary server. You don’t have to do this, but I feel that if for some reason OpenDNS has outages across both of their systems, at least your router can then tunnel DNS requests to a complete third party. For redundancy, this is a great approach. My preferred router configuration happens to look like this:

  • PRIMARY (OpenDNS): 208.67.222.222 or 208.67.220.220
  • SECONDARY (Google DNS): 8.8.8.8 or 8.8.4.4

How you configure your router is up to you, but give the above combination a try to see if your website browsing speed is improved. You will also gain the transparent malware blocking and phishing protection that OpenDNS advertises. My own experiences have found that OpenDNS alone will not block all malware – but it does cut down on “easy entry” for about 70% of mistaken search result clicks by mistaken customers. Any extra bit helps, and I think OpenDNS has a great product for the price tag of free.

What do you think of OpenDNS? Do you prefer some other DNS service other than OpenDNS or Google DNS? Let us know in the comments section!

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

Kill the Employee Mindset or your Business is Doomed

Authors: Guest Writer

Guest Post by Ronn Hanley:
On paper my business is three years old.

In reality, it began more than 30 years ago.

The desire to own my own business isn’t new. I’ve always known that I have less control of destiny if I work for someone else. The problem is, early education, a large portion of average home life and life’s general experience doesn’t prepare you for being your own boss.

When I started my company, I did everything wrong. I gave away time and service for free. I sometimes forgot previous scheduling and had to backpedal after realizing that being in two places at the same time really is impossible. I obsessed over having to tell clients no. Despite all of this, I managed to survive by realizing that beginners have a lot to learn and trying to give myself a break.

Despite all of my ‘growth pains’ one constant thought has run through the whole process of getting to where I am now. I’ve made it a goal to be mindful that I’m doing something outside of my ‘training’.

Early life and school seem to be designed to turn us into good little automatons. We’re told to get good grades, do the right (safe) thing, graduate and then join the workforce. We’re taught to do our best for the group. Individuality is frowned upon in most instances. I’m not saying its like this for everyone, but for the great majority of us, it is.

When you start a business, no matter what kind it is, it’s very possible you are attempting to break out of 15 to 20 years of indoctrination. If you spend time in the workforce before starting the business, the problem is even worse.

When I started my company, I had been an ‘employee’ for 30 years. All I knew was how to ‘wait’ for work to be brought to me. Like most employees, I was somewhat proactive, but I never really went out of my way to do things. This was the result of being burned for trying to think outside the box in corporate settings.

My biggest issue to overcome – and if its your’s as well, you’ll understand – is putting the employee mindset in its proper place.

I’ve consistently caught myself saying WE towards my clients, as if I were something more than a vendor. It’s hard wired into me to make myself part of the ‘group’.

On the face of it, the mindset isn’t a bad thing. I’m able to quickly acclimate myself to whatever setting I find myself in. It allows me to connect to my client and get the job done faster with less awkwardness.

The problem is, once its time to sever that cord and move on to the next job or client, I sometimes run into an emotion wall. This issue tends to show up with my long term clients or for those that I have intense daily interactions. I tend to blur the lines of what a client should be. I look at the client more like a co-worker than what they truly are – a client that’s paying me for a project or my services. I’ve never noticed this issue with clients I don’t have daily interaction.

My largest client is also my oldest. In a lot of ways they are more like a job than a client. I know their goals, strengths and weaknesses. And I honestly wonder if I should know what I know about this client. If I’m just supposed to be a vendor, shouldn’t I keep it in the realm of – do a job, invoice them and keep it moving?

But that’s not what happens. I find myself emotionally entangled with their company goals and problems. During meetings or jobs I find myself saying WE a lot.

And this was my original point. The WE comes from my training to be a good team player. 30 years in corporate and private America has left its mark on me. Chances are you have a similar story.
If you’re wired this way you have to be actively aware every day that a certain distance is necessary – this means home user clients as well as businesses.

It doesn’t mean you have to be some kind of emotionless machine. Your clients are people who need to see the confidence and humanity you bring to the table as a problem solver. BUT the minute you violate that boundary you set yourself up for all kinds of problems. Their issues aren’t your issues (to the extent that their issues don’t interfere with your ability to do what they contracted you for).

I remember a conversation I had with the very first IT contractor I ever met. I was working for a heating and cooling company in Portland, Oregon and he had come by to fix some computers. During a break, I found myself talking to him and I mentioned a problem that we were having in the office. He stopped me before I really got going and said – “Please don’t tell me about the problems here, I don’t involve myself with my clients internal issues. I don’t have the time or energy for it.”

At the time I thought he was being an arrogant jerk, but now, all of these years later, owning my own business, I get it.

Your business lives or dies based on the way you conduct yourself around clients. I don’t mean just acting like a professional, I mean actively keeping yourself from getting drawn in and sidetracked by clients internal issues. I can’t imagine a faster way to reach burnout than ignore the trained in employee mindset while you’re trying to build a business.

A few things I do to help me ‘keep it real’ include:

  • Plan for my business to solve problems for more than one client. If I wanted to help only one entity I’d get a job.
  • Realize that my clients have issues have NOTHING to do with the growth and continued operation of my company. (I know this sounds like Duh, but its harder than it looks when you truly care.)
  • Realize that my clients can only see within their own little world. As a business owner I have to see in different spectrum’s.
  • Stay mindful that my employee mindset is a trained response and its stronger than it seems
  • Remind myself (sometimes daily) that one client won’t pay the bills or allow for me to grow this business to what it could be, no matter how nice they are or how much they seem to need me.

Good luck.

Guest Post by Ronn Hanley: Ronn is a technology enthusiast from way back, during the dark ages of the Arpanet and the Purple monochrome monitor screens. His first computer was a Commodore PET and his first laptop was the size of a suitcase. Despite that, he loves computers and technology to distraction and has been working in the tech world for almost 10 years full time, currently as the owner of a Desktop and Network support company in Atlanta, Georgia.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

Randy The Tech Professor

Hello everyone,

I started a computer repair/tech blog about three years ago. I was experiencing so many different repair scenarios on a daily basis that I wanted to write about them.

I have always liked to write and teach as well as share any knowledge with others. If you would like to check out the blog you can do so here: http://randythetechprofessor.com

Any comments, suggestions, additional tips, etc. are very welcomed and appreciated.

Best wishes,

Randy Read More…

Read more:

Disk2VHD – Turn Physical Disks into Virtual Machines

Authors: Bryce Whitty

Disk2VHD is a free application that will make a copy of a hard disk from within the OS using Windows’ Volume Snapshot capability. This copy can then be mounted in Windows as a ‘disk’ or run as a Virtual Machine.

Some of the reasons why you would want to do this is to make a backup of the OS, test a repair in the virtual machine copy before you do so in the live environment or move an existing OS installation into a new or different one. For example, backing up a clients install of Windows Vista, doing a clean install of Windows 7 and then allow the client to run their old Windows Vista install in a Virtual Machine.

The application is small, fast, portable and very easy to use. Simply run the executable, choose the location where you want to backup the Virtual Machine image to, tick the drives you want to make an image of, and press “Create”.

As the name suggests, the image gets turned into a .VHD file which is native to MS Virtual PC. One downside of MS Virtual PC is that it only supports a maximum virtual disk size of 127GB. However, other software such as VirtualBox can also open .VHD files and support much larger image sizes.

In my own tests, I made an image of my C: drive which took around 5 minutes. I opened up Virtualbox, pressed “New” and went through the Create Virtual Machine wizard. When the Hard Drive stage came I chose to “Use an existing virtual hard drive” and chose the .VHD file that Disk2VHD created for me. I got a Blue Screen of Death when I first tried to boot the VM but the solution to this was to go into the virtual machines settings, goto Storage, remove the .VHD file as a SATA controller and add it back in as an IDE controller. After I made that change and booted the Virtual Machine everything worked fine.

Screenshots



Downloads

Download from Official Site – 812kb

Special thanks to 16k_zx81 on our forums for recommending this one.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

How To Shop on Behalf of Clients as a Computer Technician

Authors: Bryce Whitty

If a large part of your client base is residential then you may have been asked “shop around” on a clients behalf. The client knows they need to purchase something but want to do it alone because they want to make sure they dont purchase the wrong one or get ripped off. This usually occurs in two ways:

  • 1. The client tells you what they want, you look around for an item that does what they need and gives them the best bang for their buck, then they purchase it through you.
  • 2. The client already had a store in mind to purchase the product from (usually a Bigbox store) and wants you to help them choose the right one.

While this sounds like an easy way to make money, how do you charge? Do you charge for your time or do you place a markup on the product?
Well, there is a right way and a wrong way to go about this and if you get it wrong, you can end up wasting a lot of time or upsetting your customer.

The client will generally let you know whether they want to purchase through you or purchase from another business but you may have to ask. Here is what to do in each situation:

The Client Wants To Purchase From You

If the client wants to purchase the product through you, then you simply to treat this like you would with any other stock you carry, where the markup makes it worth your time. You do the research for your client, you buy the product through your business and place your markup on it that is appropriate for the amount of time you spent, and the client never knows who your suppler was.

The Client Wants To Purchase From Another Business

If the client has another business in mind like BestBuy or Newegg, you need to charge based on your time rather than have a markup. Marking up a product is difficult to do in this situation without looking like like you picked a price out of thin air.

For example, which way sounds sounds more legitimate?

  • “Here is the screen from BestBuy which cost $150. That’ll be $200 please”
  • “Here is the screen from BestBuy which cost $150. It has been an hour at fifty dollars an hour, so that’ll be $200 please”

The first looks like you plucked a price out of thin air, the second sounds fair enough.
The best way to go about this is to shop with them either physically or using remote support software to shop with them online. This way they know they are taking up your time and that you need to charge for it.

Otherwise, if you tell them what to purchase after you put in the time researching for them, it is possible that they will just go buy it from a Big Box store and circumvent you entirely. There was a topic similar to this in the Technibble forums recently where Lisa from Call That Girl said: “We tell the clients to pay us for our shopping time. Remote time with me is our normal rates, $59-$79 to shop online together, or they can take my lead tech to Microcenter and he’s $125 an hour. We save people money by shopping with them.”

Following the simple guideline above, this should help prevent you from getting stung when shopping on behalf of your clients.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more:

Dropbox Portable – Run Dropbox form a USB Drive

Authors: Bryce Whitty

DropboxPortableAHK is a portable version of Dropbox made possible with a small application written in the scripting language AutoHotKey. While this is not a repair tool, there are a huge amount of technicians who make use of Dropbox to access files while onsite. This application allows you to run Dropbox from a USB drive and sync files that are contained on your Dropbox account. Other than the obvious benefit of being able to access your Dropbox files on your USB key, it doesn’t leave any files on your clients computers and can be run when you don’t have administrator permissions.

The setup application itself has some nice features such as allowing you to create an autorun.inf file to automatically start software on your USB drive, import the Dropbox folder and optionally make it so the application syncs all files before you exit Dropbox.

One caveat is that this software uses Dropbox version 1.1.45 which is an older version. The reason why they use an older version is because newer versions encrypt their configuration files which prevents this application from changing the Dropbox path to your USB drive.

To install DropboxPortableAHK, download and extract the zip file to your USB key, run the DropboxPortableAHK.exe file and follow the prompts.

Screenshots

DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable
DropBox Portable

 

Download

Download from Official Site – 1.4mb

More Information

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

DropBox Portable 1 1

Read more:

A Short FAQ on IPv6 For Computer Repair Technicians

Authors: Derrick Wlodarz

Few technological shifts in our tumultuous industry have moved as slowly and methodically as the long-proposed shift to IPv6. The confusion surrounding this radical new approach to the way we view networking is still quite high, especially among computer technicians I speak to.

I’ve heard them refer to IPv6 as “the new internet” or “version 6 of the web.” Clearly there is an informational disconnect between those on the front lines working with these technologies and the major players pushing this change in the networking realm. If technicians are to be prepared to answer questions that customers will be asking as this revolution heats up, they need to have a base understanding of what IPv6 not only is, but what it aims to accomplish.

I want to address some of the most common concerns and questions about this shift, what it means for technicians, and most of all, what it means in real terms for the customers you support. For all intents and purposes, IPv6 is already a real technology that is steadily being implemented across the web – starting with the innermost core hardware that runs the modern internet and moving outward towards the hardware/software at the end-user level.

Here are some of the most important things you should know about this increasingly important standard.

What exactly is IPv6?

IPv6 is just short for Internet Protocol Version 6. When most technicians think about networking, they probably encounter network addresses at customer locations that look like 192.168.1.120, 10.1.1.150, or similar. These are all considered IPv4 (Internet Protocol Version 4) addresses which are the most prevalent and represent what a majority of equipment and software developed up until about 2007 solely utilized. The new standard doesn’t represent any new version of the internet as a whole; it merely updates the way in which devices and software inter-operate with one another.

What was wrong with IPv4 that it had to be updated?

One of the biggest reasons for the push to IPv6 is the real fact that we are slowly running out of IPv4 public addresses. Simply put, IPv4 is a 32-bit addressing scheme which translates into an available pool of only 4,294,967,296 addresses. That may seem like a lot of addresses, but we are very near the exhaustion point for much of what is publicly available. The use of NAT has pushed off the inevitable, but it’s more of a bona-fide bandage then an alternative to switching to IPv6. As they say, you can only slice a pie so many ways – eventually, there’s none left to go around.

The way that these public IP addresses get handed out globally is ultimately led by an authority known as IANA (Internet Assigned Numbers Authority.) This body hands address “pools” out to various RIRs (Regional Internet Registries) across the world, which in turn trickle down addresses to ISPs (for customer internet access, like what you are using to read this website now) and other parties that request them.

IPv6 redefines the addressing scheme for networking devices and software to a 128-bit structure. This allows for a near limitless number of addresses, or 2128 to be numerically exact. Technical experts proclaim they never expect there to be another address shortage due to IPv6. If that holds true obviously remains to be seen.

You can view a neat countdown ticker of how many IPv4 addresses are left in global registries provided by INTEC, Inc.

How quickly do I have to upgrade my customers’ infrastructure?

This is quite a tough question to answer with 100% certainty as most experts in the networking fields still don’t have a uniform voice to lead the way. Some claim that there is no pending crisis due to the depletion of IPv4; others are clamoring for a brisk and swift change to IPv6. I’m not in the camp that is calling this a global crisis yet, but I do believe that the reasonably mindful thing to do is to ensure that all new network gear you are purchasing for customers is IPv6 compliant.

Thankfully, this task is not as difficult as some may think. Most new networking hardware that has been in production since about 2010 (with a fair number of devices pre-2010 as well) natively support the IPv6 standard out of the box. This means that, in general, you don’t have to “hunt” for gear that supports IPv6. It’s still a good idea to check the equipment you are looking to purchase because some legacy gear on the market still doesn’t have dual compatibility. Spec sheets are always publicly available for most equipment sold and you can easily keyword scan them for IPv6 references.

In terms of “when” your customers should be IPv6 ready, this is also a catch 22 dilemma. Most networking realists are taking the cost-effective approach that all new gear going into place should have full IPv6 compatibility, and the hope is that slowly all equipment will be replaced by the time IPv4 is phased out. This is because coexistence plans are already in place for using IPv4 side-by-side with the new IPv6. Schemes such as dual IP stacks and IPv6-over-IPv4 tunneling are some of the methods that we will live in a cooperative networking world for the near term.

In plain terms: just ensure you are purchasing IPv6 capable equipment when the need arises; ensure that all new equipment has IPv6 turned on by default; and don’t turn IPv6 capability off within Windows for customers.

Do Windows and MAC OS X handle IPv6 already?

This is a common concern among technicians I speak to, and it happens to be the area that is already in place for IPv6. Microsoft included full out-of-the-box support for IPv6 in Windows Vista, 7, and 8 (a full compatibility chart has been posted for Microsoft products.) Windows XP has support too, but it has to be installed manually per these instructions.

Apple has our backs on IPv6 too, and has included full support for the new protocol since OS X 10.1 (it has only been turned on by default since 10.3, however.) In basic terms, technicians don’t have to do much for customers running Vista or above, and likewise, OS X 10.3 or above. All they need to worry about at this point is to ensure all network hardware is compatible (which is unfortunately much tougher and expensive to get into place.)

How can I test my customers’ IPv6 readiness?

The easiest form of test you can run is a public-facing readiness test from one of the many sources that offer them. A good one that I like to use with customers is aptly named Test-IPv6.com and provides a visual result page with overview on your IPv6 public address, your DNS’ IPv6 compatiblity, as well as simple scores that show how “ready” you or a customer are for IPv6. Take the results with a grain of salt; even though I personally get a 0/10 for IPv6 readiness on this site, there is no immediate crisis since a majority of the world is still working hard to get all the proper switches flipped.

Within Windows, you can check your Network Connection status details for every flavor of Windows since XP to see what your current IPv6 address is; MAC’s control panel area for networking shows similar information for the wired/wireless adapters. To most people this information is not necessary yet… but remember, one day, IPv6 will become as prevalent, or replace, IPv4 that we are so fond of today.

When will IPv6 become necessary for my customers?

If I knew the answer to this, I’d probably be some exec at a large and famous networking company. While IPv6 has been pushing its way into eventual relevance (and necessity, many say) with events like World IPv6 Launch Day, this change is so radical and far reaching that it likely has at least 4-6 years before it becomes a major force in the way we think about networking.

As I said earlier, however, as long as you are playing your part in preparing customers for the eventual switchover (whenever it happens, as gradual as it may be) then you are doing your part in this technical evolution. I’m not scaring customers of my company FireLogic with IPv6 readiness, but am being mindful to always look for IPv6 gear when new hardware goes into place.

More importantly, I haven’t willingly recommended any Windows XP-based workstations to clients in over a year now; Windows 7 is my base OS of choice thus far, with Windows 8 likely to be the eventual standard once it hits in October.

IPv6 is coming, but IPv4 is here to stay – for now

While the best thing technicians can do now is ensure their customers are being softened into an IPv6-ready ecosystem, rest assured that IPv4 won’t be dying in the flick of a finger. As mentioned above, dual-stacking schemes will likely be the compatibility path for some years down the road until a full steamrolling of the networking landscape happens globally. It’s a lofty prospect to see such a radical change happening in even 5 to 10 years, and I’d presume that it may take closer to 15 or more years before we even begin to see the dimming of IPv4 as a whole.

The likely scenario is that websites will slowly start forcing the IPv6 revolution from top-down, and we will see a slow squeeze to catch up by all of the network equipment vendors and software providers alike.

Following the simple guidelines I laid out above, you can help make this transition as painless for your customers as possible. While IPv6 may seem like mere hoopla for the time being, it will soon become a growing reality for the wired world.

© Technibble – A Resource for Computer Technicians to start or improve their Computer Business
To get started with your own computer business, check out our Computer Business Kit.

image

Read more: