Tuesday, June 23, 2020

EXCEPTION: One thing "poltical"

If you came here from Facebook then you'll find Larry Elder's video here.

Thank you for your interest.

Tuesday, June 2, 2020

New REMOTE SUPPORT program and service


For many years now I have used the Canada based company Instant Housecall and their program of the same name to give remote support to my customers.


Since a few months I can not log in to that service anymore, they do not accept my password and their password reset mechanism does not solve the problem for me. So I looked for an alternative and naturally for an alternative that would not entail cost for my customers. And I have found a solution.
As of immediately (June 1st 2020) I use a new company and their program to give remote support.

Their name is Any Desk. I install this program on all new computers and on any computer that I upgrade or work on directly.


If you want (or need) remote support all my many existing customers currently have only one option and PLEASE do this only when we speak with each other on the phone!

  • Click this link to download AnyDesk.exe.
  • When the download has finished open your Downloads folder,
  • find file AnyDesk.exe and 
  • double click this file name.
AnyDesk will open; here is what it will look like:
Start screen AnyDesk
In this example your AnyDesk address is 272 709 277.  

I will ask you for these numbers and then connect to your computer.

Trust me, it is not half as complicated as it may seem now.

Stay safe.



Friday, May 15, 2020

Backup - Pulling it All Together

Again I ran into into a question that I get asked quite often. I believe it is worth another one of the instances where I quote my email reply to the customer:  
Backup and Restore likely are for the non-technical home computer user the most misunderstood area of handling a computer. I have learned the hard way that discussing that over the phone usually is fruitless, mostly because a non-technical home computer user lacks basic background knowledge.
I am very reluctant to  advise about that area without the customer having a decent understanding of the terminology involved. Additionally a solid understanding of the different Pro and Cons of available technologies is requires.
If you want to read up about Backup/Restore than I can give you a few links to articles that expound on the basics.
  1. TechTerms' basic explanation of Backup
  2. PC Magazine's Beginner's Guide to PC-Backup
  3. How-To Geek's How to Use All of Windows 10’s Backup and Recovery Tools
And here are some of my own musings from my blog related to Backup; these links are  in no particular order!
I trust that you will find or take the time to digest all this reading. I will be more than happy to answer any questions you may have.
It may happen that you run into problems with single terms or technical words; please do an internet search yourself before you ask me, I would only to have to send you links to Wikipedia...
I know, all this may sound like I try to avoid a direct answer to your suggestion but, sorry, you will have to "do your homework".
After reading through above text I have to add one more article to the first group of links:

For the average home computer user who is not a computer geek and does not plan for his house burning down my recommendations are
Re. SSDs:
Whether you  use an old fashioned HDD for backups or an SSD, you need a drive with USB 3 connection. USB 3 is much faster than USB 2. 
If your current computer does not have USB 3 then your next computer will for sure.
Laptops can generally not be upgraded from USB 2 to USB 3.
Desktop computers generally can be upgraded to USB 3 for reasonably low cost.

Re. Macrium Reflect:
Even if you upgrade to the paid version of the program I want to remind you that I DO NOT get any kickbacks or other hidden compensation!


Well, that was it for today. Stay safe, computer and health wise.

Sunday, April 19, 2020

New Computer?

As to be expected the number 1 question I get asked most often is something in the veins of
      If I buy a new computer what should I look for?
Here is my reply, verbatim and as I have saved it as a template:
Hi xxx,
Thanks for asking.
It may be best to look for a new computer during sales events. For computers I recommend to look at Newegg.com or Amazon.com. Both definitely have a MUCH larger selection than any brick-and-mortar store can possibly offer.
Any new computer IMHO should go through my Set-Up job to be safe and protected on the Internet and to be free of unwanted, unneeded and sometimes outright malicious programs.

Here are some of the important technical details to currently look for:
  • 8GB or more of RAM (main memory)
  • Windows 10 Professional or Windows 10 Home
    (Pro is in some aspects more flexible than Home)
  • Buy only a computer(s) with a SSD! SSDs are MUCH faster than HDDs!
    Storage capacity of the SSD is okay if it is about three to four times of the
    amount of space currently used on your C: drive.
    Classic HDDs are in many cheap offers but it's clearly an outdated technology.
Currently I have the best experiences with computers from Dell and/or HP. And here are two warnings on what NOT to do:
  • Do NOT buy any additional warranties or similar!
  • Do NOT buy Microsoft Office!
    MS really sells you a subscription with yearly payments; good for MS but bad for you!
Feel free to call me at xxx-yyy-zzzz with any questions you may have.
That's it.
Stay safe.

Monday, April 6, 2020

Amazon Prime member? WARNING!


I have an Amazon account AND an Amazon Prime membership.
I received an email and I want to show it in a screen shot:


On first glance nothing really alarming, right?
BUT:
The sender email address (labeled From:) looks to me totally wacky and the Reply-To address (labeled To:) IMHO is equally unlikely.
The warning bells in my mind started to ring loud and clear.
 
My wife and I use the same Amazon account all the time and thus I know that the payment method is correct and that it works.

Even saving the attached PDF document to my computer and then scanning it with Malwarebytes did not show any alarms or warnings.

So I opened the file in my PDF reader to check it out in more detail.

The PDF document contains a link and a BIG button to supposedly go to Amazon's account and payment method web page.

BUT this is what the link and the button actually would have sent my web browser to:
https://t.umblr.com/redirect?z=https%3A%2F%2Fam1zn-updtaeinfmtaonsupdtee-verifyconfimationss76757855.com%2F%3Fsigninn-&t=NmVmZTU1YjdlNTBkODkzYjc0NTg1NzM0MTI2YWNhNWJkOGNiZGRjZSxjYTVkNGQyNzY5ZjI4OGQ2OGFiZjQ2ZDJmOTg3NjZlMTZkNTI5M2Y3

What a crazy nightmare - and for me a clear indicator that something was VERY WRONG!

I went to Amazon.com and checked in my account settings and voila, my Prime membership is paid for until September and the payment information is correct.

Naturally I will report this to Amazon.

MY conclusion as far it concerns you? 
 
Be super vigilant, never trust an email and do NOT be complacent!

Yes, IMHO it is complacent to "just click" on the big button or the link in the PDF file rather than verifying the claim made in the PDF file independent of the email and it's attachment!

Stay safe, stay vigilant and pay attention to the details!

Thursday, March 5, 2020

About Trackers


General information about Trackers and Tracking Cookies:

The Guardian has some interesting reading about trackers and tracking cookies.

Yes, the Guardian article is from 2012 and these technologies have evolved and become more sinister and secretive.

HowToGeek.com is a very reliable web site with all sorts of good how-to advice. Their article from 2016 The Many Ways Websites Track You Online is worth your time.

But if you want a shortcut without the background knowledge then go and install in your Firefox web browser the extension named DuckDuckGo Privacy Essentials.

Here are four more articles from well reputed sources about this extension:

Stay safe!


Sunday, January 19, 2020

Windows 7 - RIP

As you surely can imagine recently I have quite often gotten the question  
What should I get if I buy a new computer?
Here is verbatim the reply that I sent to all such requests if the question came via email:
Thanks for asking.

It may be best to look for a new computer during special sales events.

For computers I recommend to look at Newegg.com or Amazon.com. Both definitely have a MUCH larger selection than any brick-and-mortar store can possibly offer.


Any new computer IMHO should go through my Set-Up job to be safe and protected on the Internet and to be free of unwanted, unneeded and sometimes outright malicious programs.

Here are some of the IMHO important technical details to currently look for:

  • 8GB or more of RAM (main memory)

  • Windows 10 Professional or Windows 10 Home
    (Pro is in some technical settings more flexible than Home)
  • Buy only a computer(s) with a SSD! SSDs are MUCH faster than HDDs!
    Storage capacity of the SSD is okay if it is about three to four times of the
    amount of space currently used on your C: drive or larger.

    Classic HDDs are in many cheap offers but it's clearly an outdated technology.
Currently I have the best experiences with computers from Dell and/or HP. And here are two warnings on what NOT to do:

  • If you are looking at new machines do NOT buy any additional warranties or similar!
  • Do NOT buy Microsoft Office!
    MS sells you a subscription with yearly payments; good for MS but bad for you!
Feel free to contact me directly with any questions you may have.

Wednesday, May 1, 2019

PuPs - Again and What are they?

Potentially
unwanted
Program

That exactly is what PuPs are. Now that formulation with "potentially" is a protection against frivolous law suits; every PuP does something, in the opinion of it's author definitely something positive and useful. The word potential protects everybody who has to or wants to name these programs from lawsuits.

In my opinion EVERY PuP out there is outright malware and it is sad that existing laws and court decisions force us to use the word potential at all.

I happened to run across a good article (IMHO at least) about PuPs. You can find it here.  Yes, it's three years old and I believe I have already linked to it in an earlier article. I hope you don't mind to get the suggestion to refresh your memory.

The article I linked to in the previous paragraph refers to an even older article about one of the major sources of PuPs on our computers, the so called Download Portals.
IMHO a refresher about this might be recommended as well.

Stay safe.


Sunday, November 4, 2018

The UGLY underbelly of the End User License Agreement


All of us - well, almost all of us have been conditioned to accept the so called "End User License Agreement" (EULA) for next to everything. Sometimes we agree unknowingly just by turning a new gadget ON; my classical example for that is Windows 10 with it's 12,000 words long EULA.

EVERY app on our phones,
EVERY program ever installed on our computers,
EVERY so called "smart" or "connected" TV in our living rooms,
EVERY supposedly "intelligent" device that recognizes "Google Hello" or is "Alexa enabled",
EVERY of the many useful things that require an Internet connection and an app on a smart phone
and many more things too numerous to list here can be used to spy on us.

Hard to believe? Please listen to this 12 minutes long TED talk, maybe it will change your view.

Stay safe!

Saturday, November 3, 2018

URGENT ALERT - Please read!


Updated 2018-12-17 to include ALL current versions of MS Windows!

Users of ALL versions of Windows:

Please DO NOT manually check for Updates any more, now and in the future!
Insufficiently or untested updates have very recently caused many home computer systems to break and/or show erratic behavior or they have led to file loss!

Microsoft has quietly modified the technology hidden behind Windows Update. The gist of it is that when you check manually for Updates your Windows operating system will be given all available but eventually insufficiently tested updates! 

As a way of avoiding that to occur Microsoft has begun to check much more thoroughly if every given update is fully compatible with the individual computer's hardware. They give that update to a given computer only when the previously mentioned checks and tests end positively.

But all this happens only in the course of the regular, automatic update process! 

If you manually 'check for updates' your computer will get ALL available updates without these compatibility tests!

You can find an interesting article about this general problem here at HowToGeek.com. This article talks about all major operating systems including iOS and Android for cell phones. But you will find Windows 10 and Microsoft mentioned many times. Just overlook everything that does not pertain to Windows. Windows 8 and 7 are now treated the same way!

So again and to summarize:

Please DO NOT manually check for Updates any more,  now and in the future!

Stay safe!

Friday, September 14, 2018

Why I Don't Like Windows 10 and MS


In quite a few articles on this blog I have referred to, quoted from or linked to one of the web sites I regularly draw information from; I am talking about Tech Support Alert aka Gizmo's Freeware.

Two days ago they published an article titled "Windows 10 connects to these websites after a clean installation". Since many of my customers are not very technically minded let me quote some points that I consider to be the important details. 

IMHO it is, to say the least, misleading to use Microsoft's wording "telemetry" when our Windows 10 systems talk to Microsoft [MS] all the time without ever having asked our permission. They even don't ever tell us about the simple fact that they do that; you have to be a technology geek and read lots of very technical stuff to even become aware of what is going on.

The article lists 20 web sites that Windows 10 connect to when you start a brand new Windows 10 system. All these sites collect technical information about our computers and about us. As a simple example: Why does MS want or need to know where I am? That is information I personally would only disclose to the police if they ever wanted or needed to know that.

Here is list from above mentioned article. I have added the bold typeface in Line 1.
Windows 10 connects to one or more websites in these categories:
  • Cortana and Search
  • Certificates
  • Device authentication
  • Device metadata
  • Diagnostic data
  • Font streaming
  • Licensing
  • Location
  • Maps
  • Microsoft account
  • Microsoft store
  • Network connection status indicator (NCSI)
  • Office
  • OneDrive
  • Settings
  • Skype
  • Windows Defender
  • Windows Spotlight
  • Windows Update
  • Microsoft forward link redirection service (FWLink)
All this can on slower Internet connections add significantly to the time it takes for the system to start up. I have experienced that quite often when a sluggish or outright slow system all of a sudden works with normal reaction times after all that got turned off.

And to top it off, the program I use to turn off this talking back to MS is from a well reputed company and totally free.

Any questions or comments? Pleas use the Comment feature of this blog.

Please stay safe.

Tuesday, August 28, 2018

This is well done - WATCH OUT!


For many years I use PayPal; I just received this email:




Something made me more suspicious than I usually am so I moved the cursor to the "Verify Your Account" button. And YES, that button translates to a shortened link - as you can see in the second red square.

Why would a well reputed company like PayPal ever use a shortened link?

I admit, the email looks convincing and even sort of professional.

Before I hit the Delete button in my email program, I took above screen shot for this blog post.

Stay safe!

Sunday, August 12, 2018

Old Scam - New Clothes


A scammer from India came up with a new twist of an old ruse.

 Look at this screen shot of the offending email as shown in my email program:

Btw. following references to the blue or red squares do in no way refer to BattleBots. 😉

In the blue square we have the sender's email address. I believe that NO administrator in the whole wide world would ever use an AOL email account for his official business. Some criticism of AOL can be found here.

In the first red square you see my cursor on the VERIFY NOW link and because of that you can see in the second red square the textual representation of what web page that link would actually send my browser to - if I were sufficiently un-attentive to click my mouse in that situation.

The target web page is on a server in India at "managershub"! You don't see that? Learn how to read URLs.

And I don't even use what the scammer refers to as a "Web-mail system".

To top it off there are three simple spelling errors or typos in the short text of the email; unprofessional to the hilt! 

Sum total: An old but time honored scam in a new dress - but not even a fancy dress.

Again it comes down to the first of my ten commandments for safe computing:
Thou shalt read and think(!) before you click.
Stay safe!

Saturday, July 7, 2018

URGENT ALERT! For users of any Apple thinghy!


Hi y'all and thanks for reading this.

If you or someone in your household has any piece of equipment from Apple, like an iPhone, iPad, iPod or the like then
 this is for you!

Since iPhones a.s.o. are so common nowadays the crooks are targeting you. Look at the email I just got in a partial screen shot of the Thunderbird screen:

 

I have marked the give-away items with colored rectangles as follows:

Blue: I don't have an Apple account! Ha, ha, ha.

Purple: The email does not even come from Apple!

Green: My cursor pointing to the "Verify..." button.

Red: The URL (web site address) that the "Verify..." button actually is pointing to; it has NOTHING AT ALL to do with Apple.

To be addressed as "Dear ejheinze@att.net" is so unprofessional this alone would be reason enough to click on the Delete button!

The item in the red rectangle I see only because I told my email program to show this and because the cursor is on the "Verify..." button. I believe none of this needs further clarification. Should you have any questions please feel free to ask me, preferably in an email.

A general remark: 
If the program you use to read your emails
does not show you any of the information in blue, purple and red
then you potentially endanger your computer!

Any Questions? Please feel free to ask me, preferably in an email. 

Stay safe.

Sunday, June 17, 2018

Microsoft Edge and Google Chrome vs. Firefox


And again it is a customer's question that triggers me to write on this blog. The customer, thank you Steve H, asked simply "What is your opinion of Microsoft Edge vs Firefox?".

Here is my reply:

I strongly advise against using any web browser from Microsoft!

I collected some articles for your enjoyment that can give you some background for my various reasons. The articles quotes are in no particular sequence.

Test Link

Microsoft Edge introduces new security risks in Windows 10     https://betanews.com/2015/07/30/microsoft-edge-introduces-new-security-risks-in-windows-10/

IE, Edge Users at Risk from Serious Browser Security Flaw      https://www.tomsguide.com/us/edge-ie-flaw-no-fix,news-24565.html

Windows 10 users ignore Edge for a reason     https://betanews.com/2015/10/19/windows-10-users-ignore-microsoft-edge-for-a-reason/

Windows 10's new browser Microsoft Edge: Improved but also new risks     https://blog.trendmicro.com/trendlabs-security-intelligence/windows-10s-new-browser-microsoft-edge-improved-but-also-new-risks/

Before you ask let me please preempt the question about Google Chrome vs. Firefox:

So far the main argument for Chrome was "it is faster". That was and is a phony argument that shows a deplorable lack of knowledge by the people using it. I'll give you an example.

Let's assume from the moment you click on a link to having the new web page in front of your eyes it takes all together 10 seconds.

90% of that time is needed to get the many little files that comprise a web page from the server these files reside on to your computer. We and/or the web browser have no way to make that faster.

The last 10% of the time is used by the web browser to "convert " the many little files into the picture we see; this process is called rendering. And that actually was where Chrome was faster.

MS Edge, the new version of Firefox and others have closed and/or eliminated that speed gap.

If Chrome were 30% faster in rendering the web page that would be only 0.3 seconds. Even in a direct A/B comparison we would not be able to experience that difference.

Additionally: The Chrome web store, from where you'd download any browser extension you might want or need, has been plagued by rogue extensions (only one example here, there are many more!). You may find way too late that the extension you downloaded and installed was rogue.

So for me it is clear:

No to Google Chrome and ANY Microsoft browser; IMHO the only well supported alternative is Firefox.


Stay safe.

Thursday, February 1, 2018

FINALLY - Microsoft comes to (their?) senses


FINALLY something IMHO long overdue is going to happen:

Microsoft will start to remove the worst of the bad ones!

Please read the details here.

You don't need to call me if after March 1st. your "Optimizer program" has gone missing. I will wait and see what else they (Micro$oft) will declare "coercive" and then remove.

Stay safe!



Friday, January 5, 2018

Meltdown and Spectre bugs in our CPUs


Have you read about and eventually been concerned about these bugs?

First and foremost: Please DO NOT confuse cloud storage of data with cloud computing; these are two very different animals. If you use cloud storage you and your data are NOT directly affected! And as far as I know these attacks are difficult to pull off in the first place and I don't personally know anybody who actively uses cloud computing.


Here is a good and fairly easily to read article that explains the details much better then I ever could.

My short synopsis: If you are using a regular home computer I believe you are and most likely will remain safe. These bugs MIGHT affect companies that run their software, web sites, email systems and what not on Cloud Services like Amazon Web Services, Google Cloud Computing, and/or Microsoft Azure.

Don't get overly alarmed but install updates as soon as they are available, especially updates for the Windows Operating system and your web browser.

Stay safe.



Happy 2018!

A happy and healthy New Year yo all my customers and - actually- - to everybody else who happens to  read this.

Stay Safe.
Eike Heinze

Sunday, December 10, 2017

It's Amazon vs. Google. Did You Know?


Have you ever or are you sometimes watching a YouTube video or two?

Have you ever or are you sometimes looking at something or even buying something on Amazon?

If you can answer any of above questions with Yes then you should read this article.

It shows very clearly why I always say that, no matter what companies say, we, the paying customer, are a voiceless, powerless "necessary evil". They just don't give a hoot about us.

Their talk of "how important" their customers are and how they care for us and how important it is for them "to serve the customer" is nothing but marketing hullabaloo and all too often they just plainly lie to us.

Never the less, I will stick with my Amazon Prime account and I will keep using Google's services.

For now at least.

Stay safe.

Monday, December 4, 2017

Attention Everybody ...

... with an AT&T, SBC Global or a Yahoo email account:

Likely every direct or indirect Yahoo user got this or an email similar to this:


DO NOT CLICK on the RESET link! This email is a scam!

As you can see my cursor was on the RESET link in the text when I took this screenshot.

Please look at the red framed box in the left bottom corner. You can easily see that the link would take you to helpdeskhomezone.com, a web site that obviously has NOTHING AT ALL to do with Yahoo! It is your guess what might happen if you do click on it.

Just the line where these crooks address me, "Dear ejkheinze@att.net" is another simple giveaway. No even vaguely reasonable company would address a customer like that!

Again, check every link in emails in this way BEFORE you click!

THINK TWICE and stay safe!

Friday, November 24, 2017

This is where I stand...


Despite being "only" a guest in the USA there have been quite a few times when I have been asked about my opinion of the so called "flag protest issue" in the NFL.

Here is a short video that gives my answer better than I ever could.

Happy Thanksgiving!

Monday, November 20, 2017

(GRAND-) PARENTS: Real and Present Danger!


Yes, I know, it has been way too long since the last time I had to say something.

With the holiday season immediately upon us and the crazy sales already in full swing:

You please, please have to read this article about the risks associated with the newfangled so-called "internet connected" toys.   

Other than that I wish everybody a HAPPY THANKSGIVING!

Stay safe - and help keeping your kids and grand kids safe.

 

Monday, September 18, 2017

Why Me?

One time too many I have been asked by a caller why he should hire me rather than take his computer to Best Buy; here is my complete reply. I apologize for the bad style (way too many paragraphs begin with "I"!) but I am not a native English speaker.

In general
  • my main interest is cleaning your computer of all viruses and malware and securing it and your web browser against getting infected again in the future

  • I have over 25 years of experience with Windows PCs plus over 23 years of experience as a computer programmer and database dministrator

  • I do not mince words but rather say it as I see it

  • I can explain technically complex concepts in layman's terms

  • I prefer real-life usability and experience over personal opinions and commercial “tests”

  • I abhor industry shenanigans and trickery and warn my customers

  • I work on Windows PCs only and do only house calls up to 30 miles from my residence. There is no extra charge to appear at your door and I charge no mileage fees.
I neither sell material goods nor any software;
I sell only my experience, my know-how and my time.

I do not charge sales tax.

I have NO contractual ties to any product;
I do not get any kickbacks from any manufacturer, wholesaler or dealer, no matter where and what you eventually buy.

I have absolutely no hidden financial interest or other commercial bias; there is no added or hidden cost for the home user.

With two rare exceptions I use and install only freely available and functionally proven programs.
Even a proven alternative to Microsoft Office® is officially available free of charge.

I have worked professionally as a programmer and database administrator
  • with computers since July 1st 1964
  • with Microsoft software on CP/M computers since 1977
  • with PCs since February 1982
  • with Microsoft Windows since version 3.1 in 1992
For 11 years I was once every month the “computer guru” on a call-in talk show on WTKM radio out of Hartford, WI.

If you are interested please send an email to ejhprivate*AT*gmail*DOT*com

I will reply and send you my brochure with more information as a .pdf file;
if you rather want a paper copy please give me in your email your name and address and I will send you a letter.

The information in the brochure should enable you to decide whether you want to hire me to repair and secure your computer.

Thank you for your interest.



Saturday, August 26, 2017

Email Scammers At It Again


And again the email scammers are at it again. Most likely I got this email (see below) because my email address is publicly available thanks to Yahoo having gotten hacked about 2.5 to 3 years ago. It took a lot of public pressure until Yahoo well over two years after the fact finally admitted to hack #1 and then to hack #2
Disclaimer: Both articles I just linked to are to be read carefully because they were, partially at least, written by journalists that are not computer technicians and/or with sensationalist attitude. The facts of the matter are not in question though!

I have many, many customers with email addresses ending in @att.net or @sbcglobal.net". At least theoretically they all could be affected likewise.

If you think something along the lines of "... but he has an email address ending with @att.net, why is he concerned by Yahoo having been hacked ..."? Well. many years ago AT&T didn't want the hassle of running their own email servers so they subcontracted Yahoo to do the technical handling of the email accounts of all AT&T customers; that includes in Wisconsin email addresses ending with @sbcglobal.net and country wide many others.. Thus all AT&T customers could be affected.

I have checked on Have I Been Pwned and yes, my email address is in both big customer files that got stolen from Yahoo. That "pwned" by the way is pronounced as "owned" and that is what it means. In geek speak it expresses that your computer - or here my email address - is 'owned' by somebody else who can do with it as they please.

Luckily my password did not get exposed but after I learned of the hack I changed it anyway, just to stay on the safe side.

Now to the current reason why I write all this. I got this email:


  1. Sender Address: btinternet.com translates to BRITISH TELECOMMUNICATIONS PLC
    NOTHING AT ALL to do with AT&T.
  2. You see that I had my cursor on the "Click here..."  link and
  3. because of the cursor on the link you can see in the left bottom corner of the email window the the link goes to bit.ly, a well know link shortening service.
    Now THAT IS suspicious, for me at least.
And did you see the errors in the text? Failure should begin with a lower case 'f', the period behind AT&T Mail is wrong and clobbers the whole sentence and "Your Mail; version ..." does not make any sense at all. It is almost like I could say "Bad English, bad actor". 
Summary of all the above: DELETE!

Please, DO NOT be curious, DO NOT click on the link just because you want to see what happens; just delete the email and sleep in peace.

Stay safe!

Wednesday, July 26, 2017

How to Protect Yourself and Your Computer on the Internet


Sometimes I am still amazed by the degree of how clueless  some people are as far as the most basic ways are concerned to stay safe on the Internet.

I don't want to repeat myself here and I don't want to sound like a broken record either. Oops, many younger readers would not even know what that means...

Anyway, here is a good and easy to read but admittedly fairly long article titled 

Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

My regular readers will recognize that I quite often link to articles on How-To Geek. At least the articles about computers are an easy read and correct on top of it.

Stay safe.



Saturday, July 22, 2017

Why NOT TO USE Internet Explorer


About one to two times every month I encounter customers who react clearly with doubt or outright disbelief when I tell them NOT TO USE Internet Explorer. IE is Microsoft's web browser with roots in the mid 1990s. That is in computer terms ancient!

Finally I found an article on maketecheasier.com that explains the "why" in easily understandable terms. You find it here. Enjoy the read and please, please pass the word to your relatives and friends.

And if you are only a little bit like me you want to turn off  IE totally. You find instructions on how to do that here.

Stay safe.




Friday, July 21, 2017

The Skinny ...

... about the latest outbreak of Encrypting Ransomware.

The original of this text was written by Ken Dwight, aka The Virus Doctor. I am an alumnus of his Virus Remediation Training and make this text available for my customers with his kind permission. Thanks Ken.

As with malware in general, encrypting ransomware is continually changing.  Most of these changes are evolutionary and somewhat predictable.  As such, they don’t call for any significant changes in the methodology to be used in dealing with them.

Some recent developments in specific families and strains of encrypting ransomware are
significant enough to justify an update to the IT Support technician’s strategies and tactics for handling them effectively.

There are primarily two families of such ransomware that warrant this attention.  Multiple names have been assigned to these families, but this discussion will use the names that are most frequently found in credible press coverage of these outbreaks.

WannaCry was released into the wild on May 12, 2017.  According to most reports, it infected at least 200,000 computers, in more than 150 countries.  This ransomware spawned its own Wikipedia entry, at
https://en.wikipedia.org/wiki/WannaCry_ransomware_attack.

The more recent attack, erroneously known as Petya, but more accurately referred to as
NotPetya, first struck on June 27, 2017.  There are no estimates of the total number of computers infected by this malware, or the number of countries represented.  But it clearly targeted businesses and organizations in Ukraine, with some 80% of the infections found there.  This ransomware also has its own Wikipedia entry, at
https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine.

These two families of ransomware have several characteristics in common.  Probably the most notable is the widespread coverage both received in the general press.  While malware generally goes unreported in the non-trade press, these attacks were the exception to that rule.  Fueling the press coverage was the revelation that both of these attacks were based on exploits developed by, and subsequently stolen from, the U. S. National Security Agency (NSA).

Interestingly enough, I have not seen any of these infections first-hand, nor have I received reports from any graduates of my Virus Remediation Training workshops that they have encountered computers encrypted by either of these families of ransomware.  Considering the fact that hundreds of IT Support Techs fall into this category, in most of the United States + 7 foreign countries, I can only speculate that the actual infection rate is much less widespread than the press coverage would lead one to believe.

Another common denominator between these two infections was the fact that the vulnerability in Windows that was used for both of these attacks had been patched by Microsoft in their March, 2017 Windows Updates; any computer with that update applied would not have been infected by either of these pieces of malware.

Two NSA exploits were used in both of these attack scenarios; they are named EternalBlue and DoublePulsar.  A free EternalBlue vulnerability scanner is available for download from http://omerez.com/eternal-blues-worldwide-statistics/.  As of mid-July, 2017 more than 10 million IPs have been scanned; the majority of hosts scanned (53.82%) still have SMBv1 enabled, and 1 out of 9 hosts in a network is vulnerable to EternalBlue.

The WannaCry malware included a “Kill switch” which was discovered by a malware researcher and activated to disable the infection from spreading any further.  No such kill switch has been found for NotPetya, but a “Vaccine” has been developed to protect against it.  More details from Bleeping Computer at https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/.

Another important difference between these two families of malware involves the type of
encryption they perform on the victim’s hard drive.  WannaCry, like most encrypting
ransomware, encrypts each individual file.  It also changes the filename to end with an extension of .wcry.

On the other hand, NotPetya encrypts the entire hard drive and replaces the Master Boot Record with its own version.  While the encryption is taking place, the malware displays a screen that looks like a chkdsk operation is being performed; when the whole-disk encryption is complete, it forces a reboot.

Upon the reboot, the modified MBR causes the ransom note to be displayed, with instructions to pay $300 USD in Bitcoin; after 72 hours, the ransom increases to $600 USD.  Because of the modified MBR, at this point it is not possible to boot into a normal Windows environment.

As of this writing there is no means to pay the ransom; even if the ransom is paid, there appears to be no way to decrypt the hard drive or restore it to normal operation. Consequently, there is no reason to even consider paying the ransom.

Back to WannaCry, there have been some reports of successful decryption after paying the ransom. But here again, I have no first-hand (or even second-hand) reports from victims of this family of ransomware.

Those are the most recent, high-profile developments in the field of encrypting ransomware.  But it’s a pretty safe bet they won’t be the last.  This category of malware continues to evolve and become more sophisticated and more insidious.  It has crossed the threshold of being a billion-dollar industry; that success will attract more and more criminals who are lured by the promise of  easy money.  Our prospects for future employment remain secure!
That was it.

All my customers are advised to weekly initiate a check for Windows Updates. If they followed that advice their computers  were protected and they don't need to care about these two overly "hyped up" virus outbreaks.

Stay safe.
 


Wednesday, May 10, 2017

Your Attention Is Required - NOW!


Virtually ALL my customers use
   -  Microsoft Security Essentials on Windows 7 and
   -  Windows Defender on Windows 8.x and Windows 10.

A really BAD bug has been uncovered that warrants your immediate attention.

Please follow the instructions in this article or alternatively you can do the following:
  1. Open Windows Defender (MS Security Essentials on Windows 7)
  2. Click on the Update tab
  3. No matter what the program says click on the big button Update Definitions
If there is any update for Defender or Security Essentials it will be downloaded and installed.

Stay safe.


Friday, May 5, 2017

"Security" software breaks Windows


It gets fun again - my life I mean; the rest of this blog post is dead serious, please make no mistake.

For years I have recommended NOT TO USE products from Webroot. I remember too many bad experiences with and infections on computers that were presumably "protected by Webroot".

In NBC's words:
An antivirus service used by tens of thousands of businesses and millions of home users shut down an untold number of computers around the world Monday after it mistakenly identified core parts of Microsoft Windows as threats, the company confirmed.
Similar events have occurred in the past; sadly they are much more common than we would like and the public hardly knows about it. Some well known companies in the "computer security" or "anti virus" business have had similar snafus. Here is a quote from a blog post at Bleepingcomputer.com:
... Such mishaps have been reported for years to include major anti-virus/security vendors such as Panda, avast, AVG, BitDefender, Kaspersky, Malwarebytes, McAfee and Symantec. In most cases when these issues occur, the anti-virus vendors and security tool developers take quick action to correct the problem and provide support to those users who have been affected.
To call such blunders a "mishap" is not a euphemism, IMHO it is outright glossing over or covering up a major blunder.

Things like this should not happen and they don't need to happen, they are major avoidable blunders. In every case we can only speculate about the "why" and I don't like to speculate.

What does all the above tell us? IMHO very simple:

Do not trust a single word in high gloss, pretty brochures.
Do not believe the words in computer related advertisements on TV.

What you find in high gloss publications is mostly marketing hype and likely not really trustworthy. And when certain "security" software seemingly out-of-the-blue suddenly is being hyped over the moon in TV advertisements it IMHO is time to run for the hills. It tells me that very likely a marketing campaign has to cover up some so called "mishap".

-----

So far I have used the acronym IMHO three times in this blog post. Generally there are always at least two ways to look at something, as we say around computers YMMV. If you have a different opinion - or maybe simply think I am a dumba.s then I ask you to please leave a comment, state your case or blow off steam below. 

Thank you in advance.