Citronix Tech Services – Houston Computer Repair

I did an interview with KHOU the other day for a piece on the lawsuit mentioned earlier and how it was progressing. They were at my lab for an hour or so and ended up using about 15 seconds of footage.

Like the video says, computer repair work isn’t the most glamorous work, but it’s what I love to do. Give me a call and I’ll show you!

Link to the news article: New law may require computer techs to be private investigators
Link to the video footage: KHOU Video

Here’s another quick picture someone at IJ snapped of me outside the Austin courthouse. I felt bad for everyone out there in wool suits, the linen was very nice to me that day.

I was in Austin last week with Mike Rife of AustinPCTech and Thane Hayhurst of iTalent Consulting Group and we filed a lawsuit, with the help of the Institute for Justice (IJ), against the State of Texas for a law they recently passed requiring computer repair technicians to hold private investigator’s licenses for a lot of the computer work we do. I wrote about the law a month ago and will spare you the details here.

In short, the state of Texas passed a law that would computer repair technicians to have a private investigator’s license to perform many kinds of computer work. The license requires a criminal justice degree or a 3 year apprenticeship, and failure to comply carries a penalty of up to one year in prison and $14,000 in fines for both the repair tech and the customer. Requiring computer repair technicians to hold these licenses would put many smaller repair shops out of business.

With the help of IJ, Rife, Hayhurst, a PC repair customer, and I are suing the state of Texas to have the law repealed or have its scope restricted.

Here are some links to news and articles about this case on TV and around the web:

• The Institute for Justice’s original press release
• News 8 Austin with Video
• PostProcess, an E-Discovery and ESI issues blog
• CW33 Dallas News at Nine
• KVUE Austin with Video – get a load of yours truly standing in the back. Bigger video here.

If you find any other coverage of this on the web, please post it in the comments. I’d love to see it. As always, I’ll be updating this blog with news as it happens, so check back regularly, or subscribe to the RSS feed!

“Magnum PI? More like Magnum PC, get my lawyer on the phone!”

I wrote a few weeks ago about a new law that would require Texas computer repair shops to get private investigator’s licenses in order to do many types of computer work. While no one has been prosecuted under this new rule, the first “victim” of the Texas Private Security Bureau might come sooner than we think.

Professional locksmiths also require licenses from the Texas Private Security Bureau (a division of the Texas Department of Public Safety). There are still many unlicensed locksmiths out there, and the DPS is having none of it. They are proud to have been running sting operations against locksmiths to find, arrest, and fine unlicensed locksmiths.

The DPS will call out a locksmith for a spurious claim, have them perform the work, then ask to see their license. If the locksmith cannot produce his license, then he is arrested and fined by the DPS officers standing by. A local paper has an article about such a sting operation here, towards the bottom of the page. Similar stings have been occurring in California as well.

The Texas Locksmiths Association put out this PDF newsletter with the following feathers in its hat.

In Houston this past May, the DPS put together a sting operation targeting locksmiths who were defrauding the public. This operation took months of work to put together with the Harris County District Attorney’s Office calling most of the shots. The outcome was: two people were jailed, one of the two was deported and three others had their ID checked but were let go. I hope this company and any others like them will get the picture that Texas is no place to defraud the public.

Your tax dollars at work, folks. “Defrauding the public” is one thing, and failure to comply with a complex and expensive licensing scheme is another. Hardworking, honest professionals are having their livelihoods taken away for not following, or simply being unaware of, this draconian licensing requirement.

These kinds of sting operations may come all too soon to the “unlicensed” computer repair businesses of Texas. Imagine being called out to clean a virus, or report on the surfing habits of a company’s employee and leaving the office in handcuffs. This is the reality that PC techs may face in the future if something is not done to rein in the Texas Private Security Bureau.

In this day of MySpace, FaceBook, and GMail, digging up dirt on someone takes little more than guessing the name of their dog. Private Investigators, who long to return to the good old days of going through someone’s trash, staking out a house while leaving the tell-tale pile of cigarette butts, and wearing jackets with elbow patches, find that as more and more people move their “dirt” online, their breed of investigation is dying out.

In an attempt to regulate this obsolescence, the Texas Private Security Bureau, lobbied heavily by Private Investigator interests, has passed into law an update to the Private Security Act (HB 2833) which brings computer investigations under the umbrella of investigations that would require a private investigator license. Here is a section of bill in question, the new addition that affects computer investigations in bold:

Sec. 1702.104. INVESTIGATIONS COMPANY.

(a) A person acts as an investigations company for the purposes of this chapter if the person:

(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to: [...]

(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; [...]

(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; [...]

(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.

This text is written so broadly that it could mean just about anything. For example, if a PC Tech looks through a mother’s private computer (computer-based data not available to the public) to find out where her son has been online (the habits [...] of a person), then he has performed an investigation. Very obvious non-investigatory actions like installing a wireless network, installing a hardware upgrade, performing a system tune up, or setting up a home theater system would not fall under the scope of the law; but nearly everything else is in a gray area. When approached for a clarification of the law, the Texas Private Security Bureau held up the overreaching scope of the law. This is the partial text of their opinion; the full PDF is linked here:

We understand the term “computer forensics” to refer to the analysis of computer-based data, particularly hidden, temporary, deleted, protected or encrypted files, for the purpose of discovering information related (generally) to the causes of events or the conduct of persons.

They are saying here that the above scenario of a mother attempting to find out the conduct of her son would run afoul of this law. If a PC repair customer got a virus and wanted to know why they did, the analysis of their browser history, temporary files, and hidden virus files would constitute an investigation and telling the customer how or why they got a virus infection would constitute the delivery of a report on this investigation. The TSB’s report goes on to put computer repair techs on notice and warn them and their customers of the penalties of violating this law.

Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators.

[...]

Please be aware that providing or offering to provide a regulated service without a license is a criminal offense. TEX. OCC. CODE §§1702.101, 1702.388. Employment of an unlicensed individual who is required to be licensed is also a criminal offense. TEX. OCC. CODE §1702.386.

The penalty for performing investigations without a license is up to one year in jail and $14,000 in fines and penalties. Not only would I, or any PC repair tech, be liable, the customer would also be liable and would face the same penalties.

What makes this bill even more fun is that it was lobbied for exclusively by private investigator interest groups, surely under the specious claim of “protecting consumers”, and not one computer repair technician was asked for comment. The list of “witnesses” to this bill are listed here and here. Notice anything about the makeup of the witnesses?

So, now that many actions of Texas computer repair and service companies would require a PI license, now what? Surely a PI license is a simple matter of taking a test or paying a small fee? I’m afraid not. From their registration website, the Texas Private Security Bureau states the following requirements

• three years of investigative experience or a bachelors degree in criminal justice for investigations company license
• two consecutive years of legally acceptable experience in the guard company business
• successful completion of a two-hundred-question examination testing ability of the manager applicant to operate the guard company under the provisions of the statute regulating them
• criminal background check
• submitting fingerprints to have on file with the FBI
• ~$500 in registration fees, subscription fees, application fees, and fingerprint fees, payable yearly

These requirements would necessitate either Texas PC repair techs to close up shop for 3 years while completing an apprenticeship or to pursue an irrelevant college degree. On top of the hefty fees, this makes licensing a tough pill to swallow.

As with any law, exceptions exist, and one loophole is that a large repair shop, like the Geek Squad, would only be required to have one “full” private investigator on staff, and the other techs can simply have PI licenses bought for them ($500 per head per year) without needing to have the degree or apprenticeship. This makes the law doubly confusing as the ones who will be doing the sensitive data work will not actually need to have the mandated training or experience.

I have been contacted by a law firm who wishes to sue the state of Texas in order to get this law repealed or its scope narrowed significantly. I will be updating this blog with the progress of this situation, and hopefully PC Techs in Texas can come out clean.

UPDATE: I am proceeding with a lawsuit against the state of Texas to have this law repealed or changed. Please see this post for more information and updates.

I keep half of my computer repair tools on a USB Flash Drive (the other half I keep on bootable CDs). I found myself often losing the flash drives or otherwise destroying them in my pockets. I came up with a great way to make a cheap (or free!) holder for these keys out of things you should have around the house anyways. You could even use it to hold other USB dongles you frequently work with, such as a USB bluetooth or wifi dongle.

Materials:

• Any USB cable with a female end on it. I just cut mine off the USB extender cable that came with my flash drive. Most flash drives come with these extender cables, so being a packrat, I naturally had dozens of them.
• Eyelet. I’m not even sure if this is the right term for this little screw. I got mine from a half-used picture frame hanging kit. You should be able to find them otherwise at any craft or hardware store.
• (Optional) Any strong glue like super glue or epoxy

Click the link below to catch the rest of the instructions after the fold!

Read the rest of this entry »

When one talks about antivirus definition updates, one usually speaks in terms of Manual and Automatic updates. A manual update is performed by going to the antivirus vendor’s website, downloading the definitions, and then either installing them by running a program or just placing them in your antivirus software’s definition directory. Antivirus software that automatically updates would download new definitions automatically on a set schedule, once a day or once a week, for example. Most antivirus software is pretty straightforward when it comes to Automatic updating. They will almost always come preconfigured for automatic updates, so they are mostly “set and forget” sort of solutions.

This is no way to make money, however. Due to the nature of ever-evolving virus threats, virus definitions are outdated within days of their release, necessitating some sort of a constantly updating definition system. The major antivirus companies have turned antivirus protection from a software to a service. They do this by selling you “subscriptions” or “licenses” to use the software. This means that when your subscription is finished, you will stop getting updates. That is why it is so important to stay on top of your subscriptions and make sure they don’t run out.

As sort of a follow-up to last week’s post, I went around and compiled links to all the antivirus products I could find. From this comprehensive set of links, you should be able to find the updates to the program you run on your computer. Some of the products can only be updated from within the program itself, meaning that you can’t download the definitions manually. I’ve made a note of those that are only updated manually.

If I missed on that you would like me to find the update link for, then please let me know.

Anti Virus Updates

You don’t know how sad it makes me to see things like this (click to enlarge):

This client’s copy of Norton Internet Security expired over a year ago, meaning that for a whole year it has been running with old virus definitions. Why are virus definitions important? Well, image that a virus definition is like a word definition in that it helps you identify the word/virus and what it does. Now imagine that you’re a foreign student traveling in America with a travel dictionary (our virus definitions) from the year 1654. Those word definitions (virus definitions) are terribly out of date, so there’s no chance that you’re going to be able to pick up new words (new viruses) like rollerblade and crunk. Granted, words like rollerblade and crunk may only hurt our feelings, but an undetected virus can do so much more damage!

Many modern PC makers will bundle trial versions of anti-virus products with a computer that will only last 90 days before expiring. This can be even worse than having no anti-virus at all because you might think that you are protected when you actually aren’t.

Please take a few minutes today to make sure that your anti-virus software is updated and running correctly.

I recently had a customer drop off a laptop that was having very odd issues on the screen. There were all sorts of artifacts scrolling up and down the screen, with an odd checkerboard pattern that changed randomly based on mouse movements or even touching the computer. Sometimes video corruption like this can be a driver issue that is usually resolved by getting the latest drivers for the video card. In this case, however, the corruption persisted even in the bios menu and a boot cd. This meant the issue was in the hardware and not software. Now, hardware video corruption issues are sometimes memory corruption or loose cables. If the cable that connects the laptop’s LCD to the motherboard becomes loose, but not completely disconnected, you can get random corruption on the screen.

I figured it was a cable problem and while I prepared to take the laptop apart I ran my Citronix Remote client from the laptop to diagnose the issues from my desktop when something odd happened. The video corruption persisted even in the VNC connection! Ever stranger was that the mouse cursor was unaffected by the corruption and that certain windows and pop ups would also come in clear.

This meant that it wasn’t a cable issue, but the corruption was occurring in the laptop’s video memory itself. Since the corruption was in memory, when the VNC server sent the contents of the video memory to my lab station, it also copied the artifacts. I turned it off and replaced the ram, but the corruption was still there. This was bad news for my client, as that meant that the laptop had dedicated video ram that is soldered to the laptop’s motherboard. I looked up the laptop model and sure enough, that model had separate dedicated video ram. This type of memory is not serviceable and required a motherboard replacement to fix the problem.

Update: I opened the laptop up to check for physical damage to the memory chip such as a faulty solder joint or the chip being physically compromised in some way. I found no such external damage, but I got a pretty good macro photo out of it