2017 Billing Policy

Some of our customers may want to see our billing policy.   So, we’ve decided to publish here to make it easy for customers, and prospects, to access it.

The Computer Guys LLC Billing Policy 2017

Billing: A necessary evil in our profession. The fact is, we enjoy our work and interaction with our clients, and, if we could, might be quite content doing our work for free. We can’t, so we send you bills for the work we perform. We bill for the time we devote to serving your needs. Like your doctor, we don’t bill for the results of our work; we bill for our work. Sometimes we have to expend time finding out what is wrong, what might work, what won’t work, or trying things that don’t work in order to find out what will work. We necessarily bill for that kind of time.

Research: Sometimes we have to consult with our associates internally, or with support staff in companies that have supplied products you are using. Sometimes we have to spend time researching details that relate to your system. For most problems, we should know how to find the resolution to the problem in a reasonable period of time. We don’t, and you should not, expect our staff to answer every question or resolve every problem immediately or without any research. If the best method for finding that resolution is for one of our technicians to review the problem with another of our technicians, or to review it with the maker of the product, we make no apologies and we necessarily bill for the time required. The old story about the washing machine repairman comes to mind. The customer complained about the repairman’s $100 bill. After all, the customer complained, all he did was tighten one screw. The repairman then rewrote the bill: Tightening screw to resolve the problem – $1.00; knowing which screw to tighten – $99.00.

Experiments: Sometimes the best method of resolving a problem is to implement what, based on our experience and research, we think will resolve the problem, let you test the result in your real-life work for several hours or days, and then return if needed to refine the solution. Returning to refine a solution does not constitute failure or reduce the value of previous work we have done.

Malicious Software Resolution: This can be particularly complex. By design, viruses & other malicious software hide, replicate, transport, and recur. Virus resolution almost always requires at least two sessions for success, and even then can easily recur in the near or distant future.

Hourly Rates: Our rates are set to reflect our costs in providing service to you, and in the hope, of course, of earning a reasonable profit. The rates we charge vary depending on the type of service we are performing for you since that most directly affects our cost. Database & Engineering services are charged at higher rates than PC Technician services. Phone support will be billed at regular rates.

Travel time: For short distances from our office or current location to yours is simply included in the time we bill for our work. Also, mileage will be charged if when traveling outside the Wendell Ford Expressway or anytime we are traveling on your behalf, to purchase stuff for your specific location.

Discounts: We sometimes discount our rates. If we are doing a particularly large project for you or if you are located in certain geographic regions, we may apply a small discount to our rates. These discounts are subject to receiving payment within the terms we specify on our bills. If you fail to adhere to these payment terms we will reapply to your account any discounts we may have applied.

Out-of-Pocket costs: These are costs that we incur on your behalf. In many cases, these costs are for software or hardware that we provide. These items are billed to you with NO markup and are considered a “Reimbursable Expense.”  Because there are additional costs associated with providing these items, we normally apply billing time but no markup on the items themselves. We work hard to find suppliers that can provide us with the highest quality hardware and software, not necessarily the lowest cost so you may be able to find comparable items (or at least what appear to be comparable items) at a lower cost elsewhere. We do not provide warranty service for any hardware or software problems since we do not manufacture or produce hardware or software. Most of the items that we provide include a manufacturer’s warranty. These warranties cover repair or replacement of a failed item, but do not usually cover our time in diagnosing, shipping, replacing or otherwise affecting the warranty. Like warranties of other products, these warranties cover the item’s failure, not associated costs or inconvenience. We will be happy to assist you in contacting the manufacturer yourself in order to reduce our charges in working on warranty issues.

Billing Frequency: Our bills are generated weekly as a project progresses. We expect you to pay out of pocket costs (including travel costs) and costs for proposed projects in advance. If we don’t collect out-of-pocket costs or proposed project costs in advance, they are due immediately upon billing and become past due 5 days after the billing date. Unless specific credit terms have been requested and approved in writing, charges for routine services are due when billed, and become past due 15 days after the billing date. We will usually perform routine and occasional service for established clients and bill for the service after it is complete. New clients, those for whom we do little or irregular service, or clients with whom we have experienced past credit problems will be required to make a deposit payment before work begins. We will estimate the cost for work to be performed and will base the deposit payment on that estimate. We may need to revise our estimate and receive additional deposit payments during the course of a project. Deposit payments will be applied as a payment to your account, and will be reconciled in our regular billing process. We will process a refund of excess deposit payments if needed.

Past-due Amounts: Like any business, past due accounts are a concern for us, and we apply strict procedures in dealing with them. We would prefer to never apply finance charges, and we think you will find our finance charge procedures quite liberal. But if we do apply a finance charge, we are not easily persuaded to reverse it. If your account is past due, you will find that we rarely apply any write-down at all, and if you question a charge on your bill, we will not write it off until the account is brought to “current” status. If we do choose to reverse charges that have been applied to an account that was past due and has since been brought to “current” status, we will only do so in the form of a credit on the account that can be applied to future services.

Questions: We welcome the opportunity of discussing billing and any other questions with you. Communicating with clients is always a pleasure for us, and we encourage it. Client communication sometimes reminds us of little Jimmy who, at three years of age had not spoken a word. His concerned parents sought diagnoses from the best doctors, who could find no problem. At age five, Jimmy still had not spoken, and extensive medical tests sought out by his anxious parents could still not identify a reason. At age nine, during the family dinner one evening, Jimmy suddenly said, “These peas are cold!”  His shocked parents sprang to their feet and excitedly asked, “Jimmy, you’re nine years old; you have never spoken until now. Why!?”  “Well,” Jimmy replied, “everything’s been OK up to now.”  We are always anxious to hear from you. Please feel free to call us anytime.

Hourly Rates as of January 2017:

Business and Networking:  $90

Residential and Not-For-Profits:  $65

Engineering:  $125

Custom Programming:  $100


Ransomware known as “WannaCry”

The following information is a copy/paste of a bulletin we received The Department for Homeland Security and US-CERT. This is necessarily long, but does not contain the full bulletin due to its technical nature.

Please please take this seriously. You could lose your Word Documents, i.e. homework, portfolios, research papers etc, Excel Documents, Power Point files, Publisher files, digital memories (a/k/a family photos and movies) and any other data. If you have not made a backup of your data lately please do so NOW and then remove that external drive or media from your PC immediately. Here is another link to a different article on backup.

If you need assistance in taken precautionary steps please let us know.

Now the bulletin….

TA17-132A: Indicators Associated With WannaCry Ransomware

Initial Analysis

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.

The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.

This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.


Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.


Recommended Steps for Prevention

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.

· Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.

· Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.

· Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.

· Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.

· Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

· Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.

  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.

Recommended Steps for Remediation

  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup.

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.

Microsoft FINALLY Ending Support for Windows Vista

I know this may come as a surprise to many of you but there are still a little over 11 million PC’s still running Vista.

The following notice appeared on data security site and I thought I would share with all of my readers.

Thursday, May 4, 2017

Microsoft Ending Support for Windows Vista

Original release date: March 17, 2017

All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:

  • Security updates,
  • Non-security hotfixes,
  • Free or paid assisted support options, or
  • Online technical content updates from Microsoft.

Computers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft’s Vista support and product lifecycle articles.

A Dangerously Convincing Google Docs Phishing Scam…..

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Crazy

“Oh God, a hacker’s on the loose with a new (but familiar) Google Docs phishing scam, and journalists (among many others) are in the crosshairs.” – Adam Clark Estes

Please read the whole story…