Breaking Alert: Massive Memory Leak Exposes Passwords

On February 23, 2017 web services and security firm Cloudflare announced a massive memory leak that affected numerous websites, possibly including popular ones that you may have used.

Google's Project Zero team discovered the leak and reported it to Cloudfare on February 18, 2017. The leak, dubbed Cloudbleed, exposed passwords and private data. Software collaboration site Github has created a list of possibly affected websites:

See Github's list of potentially affected sites 

 

What You Should Do

Details of the news are still coming in. Based on what we know so far, here's what we recommend you do:

1. Change your passwords.

2. Share this alert with your friends.

If your friends' passwords get compromised, it could result in phishing attacks using their address books, which means you could be targeted.

Contact PowerOne if you (or your friends) need help setting up a password management tool or dealing with the fallout of this security issue.


How to tell if email is fake, spoofed, or spam

How to tell if email is fake, spoofed, or spam

By now, you've heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that's where you come in. Here are some tips to help you identify a phishing or spoofing email.

Don't trust the name

A favorite phishing tactic is to spoof the display name of an email. It's easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It's the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.

You can't trust the header

It's not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in Internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient's mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn't legitimate.There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that's different from the sender's address, then you have good cause to be suspicious.

Hover before you click

Clicking links in emails is inherently risky – you don't know where a button, link or video will actually send you. But, if you hover your mouse over any links embedded in the body of the email, you can see the raw link. If it looks strange, don't click it – there's a good chance the email is fraudulent.

Remember the basics

If an email has spelling mistakes, requests personal information, or is written in threatening language, you should be suspicious. If you did not initiate contact with the sender, be wary and think where they could have found your contact details.

Trust your instincts

Given today's e-mail infrastructure, there's not much that can be done to prevent spoofing. Companies and organizations can tighten up their mail servers. This just makes it a little more difficult for criminals, not impossible. Appearances can be deceiving. Just because an email has convincing logos, language, and a seemingly valid email address, does not mean that it's legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don't open it. If something looks off, there's probably a good reason why. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.  A legitimate email can always be resent if deleted by mistake.


Crysis Ransomware Infects Windows, Mac, and VMware Machines

Click on the image in our email to get further information about ransomware in general  The following article details only one type.

The Crysis ransomware is quickly yet quietly spreading to businesses across the globe. Even though it is more common and destructive than the Locky ransomware, Crysis has not received nearly as much press attention.

Two traits make Crysis one of the most troublesome ransomware variants:

  • Crysis works on multiple platforms. Crysis can infect Microsoft Windows computers and phones, Apple Macintosh computers, and some VMware virtual machines.
  • A Crysis infection can be considered a data breach. Besides encrypting files for ransom, Crysis sends the infected computers' names and some of the computers' encrypted files to a remote server controlled by cybercriminals. As a result, a Crysis ransomware attack can be considered a data breach. This is particularly problematic in businesses governed by regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA) and the EU Data Protection Regulation.

How Crysis Is Spread

Crysis is mainly spread through phishing emails. Sometimes, the phishing emails contain attachments that have double file extensions, which make the malicious files appear as non-executable files. Other times, the phishing emails include URLs that lead to malicious websites.

Cybercriminals are also spreading Crysis by disguising it as an installer for various legitimate programs such as WinRAR, Microsoft Excel, and iExplorer. They are distributing these disguised installers in online locations and shared networks.

Another way Crysis is spreading is through self-propagation. It uses a variety of self-running files to spread to other machines, including Windows Phone devices and other computers on the same network.

What Crysis Does

Once on a computer, Crysis uses Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) algorithms to encrypt more than 185 file types on fixed drives, removable drives (e.g., USB drives), and network shares. It even encrypts many operating system files, which can make the computer unstable.

After the files are encrypted, Crysis sends the computer's name and a number of encrypted files to a remote server controlled by the cybercriminals. It also delivers a ransom note to the victim. The ransom varies, typically ranging from 0.8 to 1.8 bitcoins. (The exchange rate fluctuates, but a bitcoin is usually worth more than $500 USD.)

In Windows computers, the ransomware deletes any shadow copies made by the Volume Shadow Copy Service so that the victim cannot recover the files. It also creates new registry values that enable it to run every time the victim logs in to the computer. This makes it more difficult to remove the ransomware.

How to Protect Your Business from Crysis

To protect your business from Crysis, it is best to prepare a multilayer defense. The first line of defense is to make sure that all your computers and Windows Phone devices are protected against known vulnerabilities. This is achieved by using anti-malware software and regularly updating the operating system and applications on each device.

The second line of defense is educating employees about the dangers of opening attachments and clicking links in emails from unknown senders. It is also helpful for employees to receive some training on how to spot phishing emails

The last line of defense is to regularly back up files and systems on your business's computers and test those backups. This will not prevent a Crysis infection and the subsequent data breach, but it can save you from having to pay the ransom.

Contact your IT service provider for help in getting these lines of defense in place. PowerOne can also recommend other measures you can take to protect your business from Crysis and other ransomware.


Microsoft Is Ending Support for Several Business Applications in 2017

First, from the team at PowerOne, we wish you a very Merry Christmas and a Happy New Year!

The year 2017 marks the end of the line for five Microsoft applications: Office 2007, Exchange Server 2007, SharePoint Server 2007, Visio 2007, and Project 2007. Microsoft will no longer support these applications because they are at the end of their lifecycles.

If your business is running any of these applications, you should consider upgrading them before the support stops. Here are the dates to remember:

  • On April 11, 2017, support will end for Exchange Server 2007.
  • On October 10, 2017, support will end for SharePoint Server 2007, Office 2007, Visio 2007, and Project 2007.

What Will Happen after These Dates

When the five applications reach their respective end-of-support dates, you can, of course, continue to use them. However, it is important to understand the changes that will take place.

The most important change is that Microsoft will stop updating the applications. This means that you will not receive updates that fix security issues, address bugs, or add functionality.

Another change is that you will no longer have access to any free or paid support for those applications through Microsoft's various support programs. The free online content about the applications will continue to be available, but Microsoft will not update it moving forward.

How Using Unsupported Software Can Impact Your Business

Using unsupported applications can have serious repercussions. First and foremost, your business will be more susceptible to cyberattacks because the applications will not be receiving updates to patch any new security vulnerabilities found in them. Cybercriminals often exploit software vulnerabilities to gain access to computer systems. Many cybercriminals even keep track of when vendors stop supporting popular applications. Once the support has ended, they launch new cyberattacks that target those applications.

Having unpatched software can also make it harder to achieve compliance with regulations and standards that govern the protection of sensitive data. If you cannot protect your applications from new cyberattacks, you might be found in noncompliance with those regulations and standards. Noncompliance can result in penalties and higher costs. It can even result in lost business and lost business opportunities as customers seek to do business with companies that are in compliance.

Finally, using unsupported software means that you cannot turn to Microsoft for help. Microsoft will no longer answer technical questions about applications that have reached the end of their lifecycles. The only Microsoft resources that will be available are those that have been already posted, such as knowledge base articles and webcasts.

The Time to Decide Is Now

Using unsupported applications is a gamble because of the potential consequences. However, upgrading can be expensive and time-consuming. PowerOne can help you decide whether it is best to upgrade now, in the future, or at all. If you decide to upgrade, we can go over your options, such as whether to keep the applications on-premises or move them to the cloud.


Computer Preparedness Checklist

1. ENSURE YOU HAVE A BACKUP

  1. If you are a PowerOne SAP or Flat Fee IT customer please contact PowerOne if you need reassurance of your backup status.  It's a good practice to frequently backup your data files to an external drive or memory key to prevent loss of data, as well as to store it in a secure, safe place. If you are unsure or need help with this, contact PowerOne.  Print a copy of your important/emergency contacts and take them with you in the event that you do not have access to them from your phone or computer, you'll have them available to use via a landline.
  2. DO NOT ATTEMPT TO BACKUP THE WINDOWS OPERATING SYSTEM FILES NOR PROGRAM FILES. If a computer needs to be recovered because of damage caused by disk failure or hardware failure, the Windows operating system files and the standard enterprise wide program files such as Microsoft Office will be installed when the computer is re-imaged.
  3. If you hold the physical installation media to software, consider making a copy of it, if you are licensed to do so. PowerOne does not keep copies of your unique software.

2. SECURE YOUR EQUIPMENT

  • Computers:
    • Shutdown the operating system.
    • If connected to a surge protector or UPS - unplug the surge protector or UPS from the wall outlet (or unplug power cables from the surge protector or UPS if wall outlet not accessible).
    • If no surge protector – unplug the power cables from the wall outlet (or back of the computer if wall outlet is not accessible).
    • Unplug Ethernet cable from back of computer or docking station.
    • Elevate from the floor if possible.
  • Printers:
    • Power off the printer.
    • If connected to a surge protector - unplug the surge protector from the wall outlet (or unplug power cable from the surge protector if wall outlet not accessible).
    • If no surge protector – unplug the power cable from the wall outlet (or back of the printer if wall outlet is not accessible).
    • Unplug the Ethernet cable from the back of the printer.
    • Unplug phone cable from the back of the printer (if fax line connected).

AFTER THE STORM

PowerOne will work as quickly as the circumstances permit to restore network connectivity and services should you go down. As you reconnect your office equipment make sure to reconnect them to your surge protector or UPS as they were before. You can contact PowerOne for assistance with setting up your PC and peripherals. Expect power surges, brownouts, and fluctuations for at least several days or longer after power has been restored. All the effort you went through in preparation may be lost if you take a hit after the storm.

HELP

PowerOne storm emergency helpline is 352-253-2213.


6 Ways to Save Your Eyes If You Stare at a Computer Screen All Day

Staring at a computer screen all day can wreak havoc on your eyes. Irritated eyes, blurry vision, and headaches are some of the common signs of a condition called computer vision syndrome. Around 70 million workers worldwide are at risk of suffering from this syndrome, according to a 2016 study. Apart from the health effects, these workers will also be less productive, according to a study conducted by the University of Alabama at Birmingham.

Although computer vision syndrome is common, you can take measures to avoid it. Here are six ways to reduce the strain on your eyes when working on a computer:

1. Use Proper Lighting

A main cause of eyestrain is improper lighting. Excessively bright light from interior lighting or windows should be avoided. A good rule of thumb is that the ambient lighting in your computer workspace should be about half as bright as that in the rest of the office.

You can cut down on some of the unnecessary light by using lower intensity light bulbs and by having blinds or drapes on the windows. Plus, if possible, position your computer screen to the side of any windows rather than directly in line with them.

2. Place Your Computer Screen in the Optimal Position

You can reduce eyestrain by placing your computer screen around 20 to 26 inches away from your eyes and a little below eye level. This will reduce eyestrain as well as help avoid neck, shoulder, and back pain.

3. Adjust Your Computer Screen Settings

You should adjust the brightness of your computer screen so that it matches the ambient lighting of your workspace. To do this, load a web page that is all or mostly white. If the screen seems dull, the brightness might be too low. If it looks like a light source, the brightness is set too high. If you do not want to manually adjust your screen, there are applications that will automatically adjust its brightness throughout the day based on the ambient lighting.

Text size and contrast are two more issues to consider when making screen adjustments. Both options can be adjusted within your computer's display settings. On Windows devices, the display settings are in Control Panel, while on Apple devices, they are in System Preferences.

4. Exercise Your Eyes

Constantly focusing on your screen can tire out your eyes. This fatigue can cause your eyes' focusing ability to diminish after using a computer for an extended period of time.

Exercising your eyes is a good way to avoid eye fatigue. One exercise to follow is called the 20-20-20 rule. Every 20 minutes, you should look at an object 20 feet away for 20 seconds.

Another eye exercise is to look at a distant object for 10 to 15 seconds and then look at a close object for the same amount of time. Repeating this process 10 times can help reduce eye fatigue.

Remembering to exercise your eyes throughout the day can be difficult. Fortunately, there are a few applications you can use to schedule reminders.

5. Blink More Often

When you work on a computer, you blink significantly less than you normally would. By consciously blinking more often, you can help keep your eyes from drying out and becoming irritated. Using eye drops can also keep your eyes moist.

6. Take Frequent Breaks

Taking more mini-breaks during the day can reduce the risk of eye problems as well as neck, shoulder, and back pain, according to a study by the U.S. National Institute for Occupational Safety and Health. In the study, workers had four 5-minute breaks throughout the day in addition to their normal breaks. The added breaks minimized the workers' eyestrain and discomfort, without impairing their productivity.


Devious Tricks That Cybercriminals Use to Scam Businesses

Cybercriminals have stolen $3.1 billion from businesses since January 2015 — not with high-tech ransomware or stealthy spyware, but rather with low-tech emails. The U.S. Federal Bureau of Investigation (FBI) refers to these attacks as Business Email Compromise (BEC) scams. Since January 2015, more than 22,000 businesses worldwide (including businesses in all 50 U.S. states) have reported falling victim to a BEC scam. There are likely many more businesses that were swindled but did not report it.

Although using emails is a low-tech approach to stealing money, these emails are well crafted. Each BEC email is polished and specific to the business being victimized. The cybercriminals spend a good deal of time creating each email in the hope that its legitimacy will not be questioned.

How Cybercriminals Create the BEC Emails

The cybercriminals behind the BEC scams are digital con-artists. Like regular con-artists, they first study their victims. They identify the individuals and information necessary to carry out the scams. As part of this research, the digital con-artists sometimes send out phishing emails that request details about the businesses or individuals being targeted. Alternatively, the phishing emails might install malware that obtains sensitive business information, such as financial account records. The cybercriminals also use social engineering techniques to get information. For instance, they might visit social media websites (e.g., LinkedIn, Facebook) or call the company.

After the digital con-artists have the information they need to scam a business, they create the BEC email. They try to get both the wording and graphical elements to look like a legitimate email from that business (or from an organization it does business with, such as a supplier). They know that the closer the match, the harder it will be to spot the scam.

The Five Variations of the BEC Scam

When the FBI analyzed the reports of the 22,000+ BEC victims, it discovered that there were five main variations of the BEC scam:

  1. Posing as a business executive, the digital con-artist requests a wire transfer. A cybercriminal hacks or spoofs the email account of a business executive and then uses that account to send an email requesting a wire transfer. Typically, the email is sent to the employee responsible for processing these requests. On occasion, the email is sent directly to the financial institution. The FBI found that the digital con-artists often send these emails when the executives are on business trips.
  2. Pretending to be a business executive, the cybercriminal requests employees' personal information. Using a spoofed or hacked email account of a business executive, the digital con-artist sends an email to the staff member responsible for maintaining employees' personal information (e.g., human resources or accounting staff). In the United States, this variation of the scam was used to get employees' W-2 tax information.
  3. Posing as a supplier, the cybercriminal requests an invoice payment. The digital con-artist usually selects a supplier that the targeted business has used for a long time. After learning who is responsible for processing supplier payment requests at the targeted business, the cybercriminal will send that person a legitimate-looking payment request. The email tells the employee to wire the invoice payment to an alternate, fraudulent account. Occasionally, the invoice payment request is made by fax or phone instead of email.
  4. Pretending to be an employee, the digital con-artist requests invoice payments from vendors. After identifying who works with vendors at the targeted business, the cybercriminal hacks that employee's personal email account, using it to request invoice payments from vendors. This scam is most successful when employees use their personal email accounts for business and they have the vendors listed in their contact list.
  5. Posing as a lawyer or law firm representative, the cybercriminal requests a fund transfer. The digital con-artist emails or calls an executive or another employee in the targeted business, claiming to be handling confidential or time-sensitive legal matters. The cybercriminal tries to pressure the person into transferring funds quickly or secretively.

How to Avoid Falling Victim to a BEC Scam

Knowing about the five BEC scam variations is one of the best ways to avoid falling victim to them. Thus, you need to educate employees at all levels about the scam scenarios so they can spot BEC emails. In addition, employees should be taught how to spot phishing emails since cybercriminals will use them to gather information prior to creating the BEC emails.

Besides training employees, you should take the following measures to avoid being swindled by a BEC scam:

  • Do not use free web-based email accounts (e.g., Hotmail, Gmail) for your business. The FBI found that digital con-artists often target businesses using these email accounts.
  • Consider using two-step verification for business email accounts. If you set up two-step verification (also known as two-factor authentication) for these accounts, they will be much more difficult to hack.
  • Never wire money based on an email without first verifying via telephone or in person conversation.  There have been several instances where someone has taken an email directive from what appears to be the CEO/owner of the company and wired money per the instructions in an email.
  • Be careful about what you post on your business's website. For example, do not post job descriptions or hierarchal information, as this information might prove helpful in determining the best person to target in a BEC scam.
  • Ask employees not to post too many details about their jobs on social media websites. Digital con-artists scour these sites for information about businesses and their employees.
  • Use anti-malware software and regularly update the operating systems and applications on your business's computers. Some cybercriminals use phishing emails that install malware to get information for BEC scams. This malware often relies on known vulnerabilities of the operating system or applications to get onto a computer system.

How to Stop Microsoft from Using Your Bandwidth to Send Updates to Other Computers on the Internet

If you upgraded to Windows 10, Microsoft might be using your computer and Internet connection to send Windows updates and even applications to other computers on the Internet. The Windows Update Delivery Optimization (WUDO) feature is what makes this possible.

When WUDO is enabled, the following occurs:

  • Your computer will receive updates and applications from other computers besides getting them from Microsoft.
  • Your computer will send updates and parts of applications that it downloaded through WUDO to other computers.

To a limited degree, you can choose which computers are involved in sending and receiving updates and applications. You have two options. One option is to keep the exchange limited to computers in your local network. This can reduce the amount of bandwidth needed to keep those computers up-to-date, according to Microsoft. The other option is to let the exchange occur between computers in your local network and computers on the Internet. This option is designed to help people who have a limited or unreliable Internet connection, notes Microsoft.

WUDO is enabled by default. It is set to allow computers in your local network and on the Internet to send and receive updates and applications. If you are not okay with these settings, here is how to change them:

  1. Click the "Start" button and select "Settings".
  2. Select "Update & Security".
  3. Choose "Windows Update" in the left pane.
  4. Click "Advanced options" in the right pane.
  5. Select the "Choose how updates are delivered" option.
  6. If you want to disable WUDO, move the on/off slider to "Off".
  7. If you do not mind the computers in your local network sharing updates and applications, keep the slider to "On" and select the "PCs on my local network" option.

Defending Against Cybersecurity Threats in Your Hotel Room

This July 4th weekend according to AAA is going to be the busiest ever.  A projected 43 million Americans will pack their bags to celebrate the 4th.  Being on the road is typically a stressful affair. Travelers have to worry about making their flight connections or booking reservations to a hotel or restaurant. Just being in an unfamiliar area can make some people anxious. Unfortunately, when sorting out these issues, some travelers don't think about the cybersecurity threats that they may be facing.

Many businesspeople use public Wi-Fi networks when on the road. This practice is particularly unsafe, since hackers can use fake hotspots to break into their targets' computers. Even when a network is legitimate, hackers can still spy on a target's web connection, hijack their data, and infect their computer with malware.

Many hackers have begun to focus their efforts on hotels, since they are typically full of traveling executives. These businesspeople are considered to be high-value targets since they may possess access to company bank accounts or sensitive information. Experts have already uncovered a number of sophisticated cyberattacks that targeted hotels and their guests.

Examples of Cybersecurity Threats in Hotels

Kaspersky Lab, one of the world's leading cybersecurity firms, announced in November 2014 that it had discovered an advanced cyberthreat that targeted several luxury hotels. The threat, which the firm called "Dark Hotel," went unnoticed for 7 years before being uncovered by Kaspersky. Although the attacks were predominantly focused on East Asian countries, researchers discovered instances in the US, Germany, and Ireland as well.

Each Dark Hotel attack began with hackers compromising a hotel's Wi-Fi network. After a guest at the hotel connected to the compromised network, the hackers offered them "updates" to well-known software like Adobe Flash Player. These "updates" contained malware that allowed the hackers to take control of the guest's computer. The malware also included a keylogger program that the criminals used to steal usernames, passwords, and other important pieces of information. They also used phishing techniques to spread their malware, specifically by sending malicious email messages to governmental and nonprofit organizations.

These attackers were quite skilled, as evidenced by the fact that they used previously unknown vulnerabilities in major applications. They were also very careful about not getting caught. Their malware was designed to remain inactive for 6 months after infecting a computer. This made it very difficult to discover. It also had a self-destruct protocol, so researchers would have trouble studying it after detection.

Attackers can also use hotels' vulnerable IT equipment as part of their attacks. These vulnerabilities can be very severe, as the Cylance cybersecurity firm showed in March 2015. The company announced that it had discovered a major vulnerability in a popular network router used by hotels and convention centers around the world. Hackers could have exploited this vulnerability to compromise a hotel's Wi-Fi network, and infect any computers connected to the network with malware capable of stealing data and personal information. The router's manufacturer quickly released a patch that fixed the problem, but the case demonstrated just how insecure hotels' Wi-Fi networks can be.

Compromised wireless networks are not the only cybersecurity threats that one can find at a hotel. Infected computers also represent a serious threat to travelers' online safety. One case in Dallas, Texas, was so severe that the US Secret Service and the Department of Homeland Security had to publish a warning about the threat. The case involved hackers that used keylogger programs on the public computers in the business centers of several major hotels in the area. The authorities noted that even though the attacks required relatively little skill, the hackers were still able to successfully steal a large amount of data, including guests' personally identifiable information (PII) and the login credentials to their online bank accounts.

How to Protect Your Computer When Traveling

The Dallas attacks show just how important it is to avoid online banking on public computers or unsecured Wi-Fi networks. Travelers are especially guilty of breaking this rule while on the road, with many of them connecting to public wireless networks in airports, coffee shops, convention centers, and hotels.

If you need to access your email inbox while traveling, create a throwaway email address and use your smartphone to forward the relevant message or messages to the throwaway email address. This lets you keep your regular email account safe from hackers.

When traveling, make sure that your computer doesn't automatically connect to unknown Wi-Fi networks. Similarly, avoid visiting any websites that are not secured by HTTPS. The encryption provided by this communications protocol protects web traffic from hackers. You can also use a virtual private network to encrypt your web traffic.

You should be using multi-factor authentication measures as well. These tools require you to use multiple forms of identification — such as your password, your fingerprint, or a code sent to your smartphone — in order to access your accounts. This ensures that even if a hacker manages to steal your passwords, they still won't be able to get into your accounts.


7 Ways to Help Your Windows Computer Run Faster

Many different factors can cause computers to become slower and less responsive, no matter their age. Files might take longer to open, and applications might respond to commands at a snail's pace. Fortunately, there are actions you can take to improve a Windows computer's performance.

Here are seven ways to speed up your computer:

1. Uninstall Preloaded Programs That You Do Not Want

Computers often come with preloaded programs (aka bloatware) that computer manufacturers try to push on users. These applications can slow down your computer and take up valuable space on your hard drive. Removing these preloaded programs can help clear up space and boost your computer's performance.

2. Close Applications Not Being Used

Having many software programs running at the same time can bog down your computer. Closing applications that you are not actively using can improve your computer's speed. It also cuts down on distractions, which can help you get your work done more quickly.

3. Use the High Performance Power Plan

Windows Vista and later versions provide three power plans — High Performance, Balanced, and Power Saver — that let you manage how your computer uses power. As the name suggests, the High Performance power plan maximizes performance. However, your computer will use more energy.

By default, Windows computers are set to the Balanced power plan. To change this setting, open Control Panel, select "System and Security" (Windows 7 and later versions) or "System and Maintenance" (Windows Vista), and click "Power Options".

4. Add Random Access Memory (RAM)

Adding more RAM is a good way to give an older computer a performance boost. With newer computers, however, the benefits are less obvious since they typically already have large amounts of memory installed. The more RAM you have, the less an upgrade will boost performance, according to experts. For example, upgrading from 2 gigabytes (GB) to 4 GB will not have as great an impact as upgrading from 1 GB to 2 GB.

The effects of upgrading beyond 4 GB of RAM will depend on the quality of the rest of the hardware. Installing massive amounts of RAM on a cheap system will not help much because you will likely encounter a bottleneck somewhere else.

5. Install Solid State Drives (SSDs)

One of the best ways to improve your computer's performance is to upgrade its hard drive to an SSD. SSDs are faster at reading data than hard disk drives. In most situations, SSDs are also faster at writing data. SSDs have fallen in price, making them a cost-effective solution for greater computer speed.

6. Reinstall Windows

Over time, all kinds of garbage can accumulate in your computer system. For example, uninstalling applications sometimes leaves remnants, such as registry entries, icons, and leftover data. Reinstalling Windows gets rid of all the garbage, which can boost performance. However, it is time-consuming. You need to not only reinstall the operating system but also reinstall all your applications and restore all your files from backups.

7. Refresh Windows

Windows 8.1 and Windows 10 provide the refresh feature, which you can use to remove accumulated garbage. With this feature, the operating system is reinstalled, but personal files, user accounts, and important settings are preserved. With Windows 8.1, applications that came with your computer and any you installed from the Windows Store are automatically reinstalled, but you need to reinstall all others. With Windows 10, you need to reinstall all your applications, except those that came with the computer.

Actions to Avoid

Besides knowing the seven ways to boost a computer's performance, it also helps to know the actions to avoid. Despite what you might read on the Internet, you should avoid disabling startup items and making changes in the registry. If done incorrectly, you can cause some serious problems. Plus, other actions such as defragmenting hard drives and clearing temp files will result in little if any performance gains, so it is not worth the effort. PowerOne can help you decide the best ways to improve the speed of your computer, given its hardware and applications, as well as your usage habits.