Saturday, May 16, 2015

Windows 10 - Less Fog But Still A Questions

We have news about Windows 10. Microsoft just announced their plans for the release of Windows 10.

All users now running computers with Windows 7 or Windows 8.1 (NO mention of Windows 8!) can via Windows Update download and install Windows 10 for free! Users still running Windows 8: You better update to 8.1 NOW!

Users now running Windows 7 or 8.1 Home Premium will upgrade to Windows 10 Home.
Users now running Windows 7 or 8.1 Professional will upgrade to Windows 10 Pro.

This blog is for my customers; all of them are home or small business users and that is why I will not talk about the "corporate" versions; only companies with "Volume License" contracts can get them anyway.

Quote from the original Microsoft blog post (emphasis from me):
"... once a qualified Windows device is upgraded to Windows 10, we will continue to keep it up to date for the supported lifetime of the device, keeping it more secure, and introducing new features and functionality over time – for no additional charge."
That IMHO clears the "confusion" about pricing.
If you upgrade a Windows 7 system to Windows 10 you can use it until January 2020 when Microsoft will terminate support for Win 7.

If you upgrade a Windows 8.1 system to Windows 10 you can use it until January 2023 when Microsoft will terminate support for Win 8.1.

And what happens to an upgraded system after January 2020/2023? No mention and maybe Microsoft does not yet know themselves.

This IMHO is a true change in Microsoft's attitude and I welcome it. 

I will keep reporting once the first experiences with upgrades to Win 10 become know.

A recommendation for my customers: Don't rush it, wait a bit.

If your Win7 or 8.1 system is running great and smoothly there is IMHO no compelling reason to upgrade to Windows 10. For my "typical" home users Win 10 just does not contain technical advances that justify the potential risks of such major change to a computer system.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Wednesday, May 13, 2015

2015-05-14 WBKV Talking Points (May 14th 2015)


All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to
pay again for 2017, 18,19 (20, 21, 22).

New ways to infect computers:
“… emails ostensibly sent from legitimate companies with which we might or might not have had previous business. ... often includes a link requesting to update your account. The legitimate company has no idea it’s name is being abused. Anyone who is familiar with the company might click the link and immediately have their machine attacked.”
Even small company's names are now being used.

Most malware is directed at Windows, not Mac and a phenomenal rise in malware for Android phones; Android is an open system. When installing Android apps, you give permission for the app to use various system features. Nobody who installs Android (or Windows) software reads the EULAs and permission notices; we simply accept them with a click.”
Some outrageous statements and demands have been discovered in some EULAs by people who actually read them. A list of some of the funnier ones is here:
makeuseof.com.

Malicious advertising on the rise. My customers are safe if they use the computer as I recommend, that is Firefox browser with Adblock Plus extension enabled.

Windows Server 2003 will go out of support after July 14th. You have to update! Running an outdated server is hazardous to everyone connected to it!

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com et al) are huge malware slingers.
Have your DNS settings been tampered with? Test here (but know what is correct…)


Upgrade to Windows 10?

Any time between June and September Microsoft will release Windows 10 ("this summer" is all we know).

Microsoft has officially said that users of Windows 7 and of Windows 8 and 8.1 will for one year be able to upgrade for free to Windows 10. There is a little bit of a disclaimer though: The footnote says "for the lifetime of the device".

Upgrade "for free"? That sounds (almost) too good to be true. Around Microsoft I have learned to be very cautious. Trying to find more information about this I found two very different interpretations:
  1. As long as it happens within one year after Win 10's official release you can upgrade to Win 10 for free "for the lifetime of the device".

    What if your well maintained Win 7 computer still runs great in January 2020 and you want to keep it running? Will you then have to pay for Windows 10? If yes how much? Upgrade or new license fee?
     
  2. As long as it happens within one year after Win 10's official release you can upgrade to Win 10 for free. After the first "free" year Microsoft will switch to a subscription model and you need to pay a monthly or yearly license fee to be allowed to use Windows 10.

    This would amount to a huge money grab. With your current system you have paid for the license to use the operating system; with Windows 7 until Jan. 2020, with Windows 8 until Jan. 2023. Microsoft wants to give you one year for free and then they will start to charge?

    Let's say you upgrade from Win 7 to Win 10; 2016 would be free but you would have to pay an additional license fee for three years (2017, 2018and 2019). For upgrades from Win 8 it would be six more years!
For my customers "the device" certainly is their computer. There is no better definition so I assume that "lifetime" is the time for which Microsoft supports the operating system of the computer. Win 7 support ends in January 2020, Win 8 support ends in January 2023.

The details of what really will happen are unknown. Currently my advice is
Do not upgrade right away, wait until the fog has cleared and we have answers to the questions above.
In another article in the near future I will outline the main "improvements" that will come with Windows 10.

Update 5-15-2015: My concerns about an eventual money grab were unfounded. Something up to now unimaginable has happened, you can read about it here.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
 

Sunday, May 3, 2015

2015-05-04 WTKM Talking Points (May 4th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to
pay again for 2017, 18,19 (20, 21, 22).

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. It's 2015 and half a million people still click on stuff we knew was bad in the '90s. Users should stick to MS's decade-old advice and avoid executing macros

Have an LG cell phone? Running LG's Monitor software? If Yes to both your PC is at risk! LG Monitor disables UAC (User Account Control)..

Dell System Detect: All versions older than 6.0.14 are easily hacked! DSD does not get automatically updated, even if Dell's updater is running!

Motorola's DOCSIS 3.0 SBG 6580 cable broadband modem is very easy to hack! Could open your computer to the Internet. Arris, a spin-off brand, has same problem.

Verizon's Risk Assessment Team says that 2 out of 3 times a computer gets hacked the reason was a weak password. Runner-ups are clicking on links in emails and opening attachments.

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM! 

Download portals (cnet.com, download.com et al) are huge malware slingers.
 
Have your DNS settings been tampered with? Test here (but know what is correct…).

Hackers move away from Java and to Adobe Flash. Check version and update! Per 5-03-15 version 18.0.0.95 is most current. Beware: Many false downloads!





Wednesday, April 29, 2015

2015-04-30 WBKV Talking Points (April 30th 2015)


All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to
pay again for 2017, 18,19 (20, 21, 22).

Have an LG cell phone? Running LG's Monitor software? If Yes to both your PC is at risk! LG Monitor disables UAC (User Account Control)..

Dell System Detect: All versions older than 6.0.14 are easily hacked! DSD does not get automatically updated, even if Dell's updater is running!

Motorola's DOCSIS 3.0 SBG 6580 cable broadband modem very easy to hack! Could open your computer to the Internet. Arris, a spin-off brand, has same problem.

Verizon's Risk Assessment Team: 2 out of 3 times computer gets hacked reason was weak password. Runner-ups are clicking on links in emails and opening attachments.

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)? It will take time; giants die slowly

Hackers move away from Java and to Adobe Flash. Check version and update if necessary! Per 4-29-15 version 18.0.0.95 is current. Beware: Many false downloads!


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

 


Tuesday, April 28, 2015

Bye bye Viruses, Hello Carelessness




It's almost like in the Everly Brothers song "Bye Bye Love" from 1957. They sang
Bye bye happiness, hello loneliness...
I am enticed to, no, don't be afraid, not sing but say
Bye bye viruses, hello carelessness...
In August 2014 I wrote in this blog the 2014 Update On Malicious Programs. Everything in this article is still valid today – which in the fast changing world of computers is astonishing all by itself. Self replicating viruses that "find and infect" our computers by their own accord have gone almost extinct.
What has massively changed though are the tricks and methods used by miscreants to foist their malicious junk software on our computers. It is so bad that I feel compelled to say
Do NOT click on any link in any email,
do NOT open any email attachment
and NEVER click in any advertisement.
Does that sound extreme to you? Good, because it is extreme. We are in an extreme situation and it's getting worse so extreme measures seem appropriate.
In the meantime you have learned to immediately delete emails with an unfamiliar sender address. But what about the email from that buddy of yours who always sends all the jokes? My advice is to IGNORE it! Just hit the Delete button. If that email really was from him and if he were a nice guy he would have told you in the email why and what he sends there. If he does not have the decency to do that you better err on the side of caution and delete that email; you may “miss” a joke but what is that compared to $100 or $200 cost for a good clean-up job?
Another way how modern malware (called PuPs) is distributed are dirty tricks pulled on us when we apply required updates. Even big, well known companies participate in these schemes; names that come to mind as examples are Oracle, Norton, McAfee and Adobe. Some visual examples are here.
And don't get me going on advertisements. Listen up:
If you see advertisements on your computer screen then you computer most likely already is compromised. Get it cleaned up!
And then the sneaky methods that well known download web sites like Download.com, Cnet.com and other use. You want to download that nice free little program and what they give you is a specially crafted downloader program that in turn is supposed to download the program you actually want. But what you get are one or several PuPs and then the program you really wanted.
The only method to help here is to watch for the tricks, traps and deceptions. 
In July 2013 I published my 10 Commandments Of Safe Computing. To heed the first of these has become more important than ever before; it reads:
Thou shalt read and think(!) before you click.
Be vigilant, pay attention to details and always remember: If it sounds too good to be true it usually is not true; especially in this day and age on the Internet.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.



Thursday, April 9, 2015

2015-04-09 WBKV Talking Points (April 9th 2015)



Free Panda Ant Virus bricks computers! My advice: stay with MS Security Essentials or Defender.

Danger from USB drives: A newly demonstrated device has the potential to fry the USB port and possibly other components on motherboards, even the CPU!

A test for the Superfish bug is here, removal instructions are here.
Firefox vers. 36.0.1 has protection against SF, vers. 37 (current as of last week!) further improves certificate checking!

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to
pay again for 2017, 18,19 (20, 21, 22).

Seagate reluctant to fix serious bug in some of their NAS drives.

More bugs in Adobe Flash Player! Per April 4 6:00AM officially released version is 17.0.0.134!

Many fake Flash Player updates! Users are tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware!

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!


Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.





Monday, April 6, 2015

2015-04-06 WTKM Talking Points (April 6th 2015)


Free Panda Ant Virus bricks computers! My advice: stay with MS Security Essentials or Defender.

Danger from USB drives: A newly demonstrated device has the potential to fry the USB port and possibly other components on motherboards, even the CPU!

A test for the Superfish bug is here, removal instructions are here.
Firefox vers. 36.0.1 has protection against SF, vers. 37 (current as of last week!) further improves certificate checking!

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to
pay again for 2017, 18,19 (20, 21, 22).

Seagate reluctant to fix serious bug in some of their NAS drives.

More bugs in Adobe Flash Player! Per April 6 officially released version is 17.0.0.134!
Many fake Flash Player updates! Users are tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware! 

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Thursday, April 2, 2015

Now THAT is interesting!


Okay, maybe more for me than for you but anyway, I will offer to you what I just found.

It turns out that Microsoft has a really good article on their sprawling web site. It is titled

Ten Immutable Laws Of Security

Make some time, the article is long! Grab a coffee or tea or what ever lubrication you fancy for a good, lengthy read.

Oh yes, before I forget it, the bold text above is the link to said article.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.


Thursday, March 26, 2015

2015-03-26 WBKV Talking Points (March 26 2015)

Free Panda Ant Virus bricks computers! My advice: stay with MS Security Essentials or Defender.
Danger from USB drives: A newly demonstrated device has the potential to fry the USB port and possibly other components on motherboards, even the CPU!

A test for the Superfish bug is here, removal instructions are here.
Firefox vers. 36.0.1 has protection against SF, vers. 37 will further improve certificate checking!

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).
Then licensing will kick in? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments.

Seagate reluctant to fix serious bug in some of their NAS drives.

More bugs in Adobe Flash Player! Currently (as of March 16) officially released version is 17.0.0.134!
Many fake updates! Users are tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware! 

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?



Wednesday, March 25, 2015

Microsoft is at it AGAIN!


Finally some big Microsoft customers have gotten Microsoft to stop trying to squeeze their Bing search and Bing software on Windows computers. And what happens a few month later?
Microsoft is at it again!
 
Recently I see more and more (especially Windows 7) computers with Skype installed - and the user of the computer swears they did not install it, they don't use it and most say they have no idea what it is or does.

The last point is answered by Wikipedia like this:
Skype /ˈskp/ is a telecommunications application software that specializes in providing video chat and voice calls from computers, tablets and mobile devices via the Internet to other devices or telephones/smartphones.
By now Skype can send text messages and do some data sharing as well.

It is useful if you often want to video chat (camera required) or voice chat (microphone required) for free over the Internet. It sure is a nice thing for families with relatives abroad, just think of families with relatives in the armed forces. 

Microsoft installs Skype by default so that it always runs. I have seen quite a few computers that got severely slowed down when Skype was running.

If you do not want Skype on your computer:

Microsoft has begun to offer it as an Optional Update. If you see "Skype for Windows" when checking for Windows Updates please right click on the Skype entry and then left click on Hide Entry. It should look like this (the hourglass symbol is my cursor):


IMHO it is a shame that Microsoft thinks they need these kind of tricks to get their software on unsuspecting home user's computers.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.




Thursday, March 12, 2015

2015-03-12 WBKV Talking Points (March 12 2015)

Superfish bug on some Lenovo laptops is a real risk:
A test for Superfish is here, removal instructions are here.
Firefox vers. 36.0.1 has protection against SF, vers. 37 will further improve certificate checking!

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long term make oodles of money more than by selling the software.

More dangerous bugs in Adobe Flash Player! Currently (as of March 12 2015) officially released version is 16.0.0.305! The catch: Many fake updates around! Mostly the user is tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware! 

Scam phone calls: Microsoft does not even know that we exist. MS's own advice:
  • If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
  • Do not purchase any software or services.
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer of.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
  • Take the caller’s information down and immediately report it to your local authorities.
Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?

FREAK bug (low quality encryption): Check your web browser here.
News March 12 2015: Fixed with this month's batch of updates for Windows

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.


 

Sunday, March 1, 2015

2015-03-02 WTKM Talking Points (March 2nd 2015)


Superfish (on some Lenovo laptops) is a real risk!
A test for Superfish is here, removal instructions are here.

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long term make oodles of money more than by selling the software.

More dangerous bugs in Adobe Flash Player! Current officially released version is 16.0.0.305! The catch: Many fake updates around! Mostly the user is tricked to download and install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware! 

Renewed warning: CryptoWall (new CrypotoLocker variant) spreads through advertising networks.
When you see advertisements your computer is not sufficiently protected or it is already infected with malware!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on her blog. Here is Ms. Gregoire's advice:
  • If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
  • Do not purchase any software or services.
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer of.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
  • Take the caller’s information down and immediately report it to your local authorities.
The supposed hack attack on French news media (after Charlie Hebdo shooting) was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table of Contents.



Tuesday, February 17, 2015

Computer(s) And "Friends"

And again it was a customer's email that brings forth another post on this blog; thank you G. G. With his kind permission here is his email:
I recently have run into a situation about which I don’t know what to do.

For the last few years I have occasionally let a friend, who does not have a computer, use mine.  This would be a few times per year.  Basically he wanted to go on Craig’s List, so he used my second address, with his own password for a Craig’s List account. I didn’t really question what he was doing, because I know one can sell and buy on Craig’s List.

What I found out is that he was posting sexually explicit ads on Craig’s List.

While the screen shows all the ads have been deleted, I cannot figure out a way to get them off of my computer.  An email to Craig’s List was of no help, it just told how to delete the ads, but not how to permanently remove them from my computer.

I’m finding this to be a difficult situation, not only because of the mechanics of getting rid of something I don’t want on my computer, but because of the personal factors involved with someone who was a friend, and trying to weigh in if that relationship can be continued.  Any help that you can give will be appreciated.  

And here is my reply:
Dear Mr. G,

I have heard of similar situations like yours and you have my sympathy.

To your question about cleaning up your computer: I can most likely help. I can try to do that via remote support or in a house call, that is your choice. Although since sexually explicit material is involved I would strongly prefer a house call. Working locally on the computer will allow me to disconnect the computer from the Internet which will allow deeper analysis and cleaning and protect the computer and your Internet connection from eavesdropping.

Additionally and because you asked me I will voice some general ideas:
  • NEVER let a "friend" or relative (children, teenager, nephew/niece, grandchildren!) use your computer in/with your regular user account.

    If you are a "normal" home user you most likely always work in an administrator account; that can incur added risks.  If you follow this link to the explanation of administrator account please ignore the outdated line "Applies to Windows Vista". These basic concepts apply to all modern operating systems.
     
  • For other people on your computer always create "standard" user accounts.
     
  • NEVER trust that anybody will behave responsibly and that they will follow basic rules of safe computing.
     
  • NEVER let anybody (and not for ANY reason) use an identifier that is tied to your person (email account). It may happen that you will have to answer to the FBI if the person for example uploaded child pornography.
     
  • Only allow any third parties (whether visitor or family!) to use your internet connection (wireless network, cell phones, tablets a.s.o) when you can be certain that your internet connection is secured beyond browser and operating system based measures.
    One option of several is described here.
Above advice may seem harsh but consider your situation. Naturally I can not "advise" you on how to handle the situation with your "friend".

My very personal and for you irrelevant opinion is that this person has proven beyond doubt that he is not a friend, maybe not even an acquaintance worth my time. But I am certain you will find your way of dealing with this aspect of the situation.

Additionally and independent of all the preceding I want to ask your kind permission to re-work your question and my answer into an article on my blog. What has happened to you is so "typical" that it lends itself to wider attention. Naturally your text would be quoted completely anonymously.
So much for the customer's letter and my response.

All the above was meant to be the whole post on this issue and then the heavens made me meet with a friend who had given his computer to someone when last fall they were on a hunting excursion.

In this case there are no sexually explicit materials involved but the computer was majorly infected with PuPs, this nasty new kind of malicious programs that I talked about here and here. And here are a few more examples of how we get tricked to allow this stuff to be installed.

I want to add here that you should never activate the Guest account that you find in many versions of Windows. Crooks and hackers know about this account and will be happy to exploit it if they find a computer with activated Guest account.

Update 2/19/2015
I forgot to mention that all good will and the best intentions by us and by others are null and void if my
10 Commandment of Safe Computing are ignored!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Sunday, February 1, 2015

2015-02-02 WTKM Talking Points (February 2nd 2015)

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long run make oodles of money more than by selling the software.

New dangerous bug in Adobe Flash Player is exploited via Facebook! Current version is 16.0.0.296!The catch: Many fake updates around! Mostly the user is tricked to download/install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware!

Renewed warning: CryptoWall (new CrypotoLocker variant) spread through advertising networks.

When you see advertisements your computer is already infected!It is more important than ever to have a backup routine in place AND TO DO IT!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on this blog.

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
Here is Microsoft's own advice for such a case:
  • Do not purchase any software or services.
     
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
     
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer or when you personally  initiated a support call with Microsoft.
     
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
     
  • Take the caller’s information down and immediately report it to your local authorities.
EBKAC errors are the most common ones and no program protects against that!

The supposed hack attack on French news media after the Charlie Hebdo shooting was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!

As usual I welcome suggestions right here in the blog.
Click here for a categorized Table Of Contents.



Tuesday, January 6, 2015

"Tests" of Security Software


Again it is a customer question that triggers new information on this blog; Thank you Frank C.

The customer asked what I think about the results of a test of Security Software in Consumer Reports' June 2014 issue.

I am not subscribed to Consumer Reports and the contents of their publication is not available online. Luckily the customer had attached a pdf file of the article. Without permission from CR I can not publish it here.

Needless to say that Microsoft Security Essentials/Windows Defender ended up on one of the last places in the rankings. That is very relevant to me because all my home customers use either one of these anti virus programs.

Here is my reply, almost verbatim from the email.
Thank you for the question. A few points in no special order as a reply.

Who actually ran these tests?
And who financed them?
Consumer Reports certainly does not have a proper test lab; that takes years to develop and a big lot of money to finance and run.

I have seen dozens and dozens of "tests" that were paid for by manufacturers of "security software".
And guess what, the result was always that their specific product ended up on top of the list.

Microsoft Security Essentials and Windows Defender on Windows 8 are not "security" programs, they are classic anti virus programs. Anti virus programs protect against getting virus infected files on your computer. And in my limited experience of 12 years and ca. 6000 distinct home customers these two programs do an excellent job at that.

To compare the two MS programs 1:1 against security suites is ridiculously wrong and done to dupe the un-informed into wrong conclusions.
Security suites try to supervise every click and input in web pages.
An endeavor that brings additional computing burdens but is doomed to fail because most errors are or are a result of an EBKAC (Error Between Keyboard And Chair).
Please see an irreverent remark below.

Most security suites are a very noticeable additional work load even for well equipped computers.

Just today I had been called to "slow" computer. After removing the PuPs the machine was still sluggish. After removing an older version of Norton Internet Security (about 4 years old)  the computer suddenly worked just fine. It was a BIG perceivable difference; I have seen that many, many times. This effect is not specific to Norton, it applies to many brands of security suites; in my experience especially (but not limited) to AVG, Avast, Norton, McAfee and Trend Micro.

Many of these "tests" do not talk about the curse of free security suites, that is false positives. Erroneously marking a benign program as malicious leaves the non-geek home user clueless and helpless.

Avast especially has last year broken quite a few computers with insufficiently tested updates.

AFAIK
only one of the programs in the CR test can even detect Poweliks, the worst and best hidden virus currently around.

AFAIK the only AV program that currently detects Poweliks is MS's Security Essentials/Defender! Although I use third party tools to remove it completely and terminally.

Re. EBKAC errors:IMHO no software in the world can protect irresponsible people from themselves.

We need to pay attention to the details and we need to heed #6 of my 10 commandments for safe computing.

Frank, please do not take the last paragraph personally; it only reflects general observations that I make all too often.
Please let me know in the comments what you think; thank you in advance

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.


Monday, January 5, 2015

2015-01-05 WTKM Talking Points (January 5th 2015)

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements on the internet your computer
already needs to be cleaned!

Is you Adobe software up-to-date? Per 2014-12-31 current versions are:
Reader 11.0.10
Flashplayer 16.0.0.235 (for both IE and plugin versions)
Shockwave 12.1.5.155
Air 15.0.0.356
Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here>).

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

To stay safe use: My “typical” customer uses:
Anti virus program     (MSE/Defender)
Secure DNS server     (router vs. computer & only if set up correctly)
Firewall                     (not with HIPS (Host Intrusion Prevention System)
Sandbox                      ???
EBKAC errors are the most common ones and no program protects against that!

Yearly maintenance suggestions:
  1. Backup the whole system as it is via image backup on an external disk drive
    - Vista: Backup data (evtl. free 3rd party program)
    - Wind 7/8 Excellent built-in backup tools (non-MS instructions Win7, Win8)
  2. Check physical HDD health (SMART, HD-Tune, PassMark DiskCheckup)
  3. Check logical HDD health (admin command prompt, chkdsk c: /f)
  4. Check for updates (MS sites for Vista /Win7, Win8)
    - Operating system and all Microsoft software
    - ALL regularly used programs (web browser, mail program, PDF reader, Adobe Flash, - Shockwave, - Air, Java, office software, games, media player a.s.o.)
  5. Check ALL your passwords (read this article!)
    - Use password software (Roboform, KeePass, LastPass)
  6. Verify your system is clean (ESET online scanner, Malwarebytes & my instructions)
  7. If you have a wireless router make sure that WPS is turned off! (background)
  8. Really clean out debris files most thoroughly (see these instructions)
  9. Defragment the HDD (Win8: "Optimize";  Vista/Win7Win8)
A big Thank You 
to WTKM listeners,
to all my customers,
to WTKM
for having me on the air!
HAPPY NEW YEAR to everybody!


As usual I welcome suggestions and comments right here in the blog.


Click here for a categorized Table Of Contents.



Thursday, December 4, 2014

Urgent Alert - Caution!


I just saw that Micro$oft offered as an optional update the Windows 10 Technical Preview!

Are they completely nuts?

I am afraid that many of my customers will not be sufficiently attentive and just think oh, an update, and hit install.

That will become an awful mess because they likely will ruin their perfectly well working Windows 7 or Windows 8 computers.

PLEASE, please check every optional Update and hide the "Upgrade to Windows Technical Preview".

You hide the update by a right click on it and then left click on "Hide Update".

I hope and pray that you see this post early enough to avoid this huge (2.7GB!) and totally superfluous update.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
  

Monday, December 1, 2014

2014-12-01 WTKM Talking Points (December 1st. 2014)


USPS hacked. Personal data of 500,000 full time and 178,000 part time employees stolen including SSN numbers! Plus names, addresses, telephone numbers, email addresses and other information of people dialing in to one of the USPS’ call centers between Jan 1st. and Aug. 16th of this year. Credit card information was not compromised.

Microsoft's own language says it:
"Remote code execution if an attacker sends specially crafted packets"
"remote code execution if a user views a specially crafted web page using Internet Explorer"
Original quotes from MS bulletins for November's Patch Tuesday.
I preach for many years: Don't use IE.

New flaw in VERY IMPORTANT and ubiquitous security software got quietly patched. In this context a prominent MS security researcher said:
"It is of critical importance that all versions of Windows are updated ...”
Sad that we still need to be reminded – and sadder yet that some still don't do it.

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements your computer
already needs to be cleaned!

Microsoft's newest “... Security Intelligence Report” makes it clear: Not up-to-date or expired security software does NOT protect in any way!And I thought that was a no brainer; Silly me.

Adobe pushed out its own Patch Tuesday updates. .. [they] released Flash Player fixes that squash four pretty bad flaws.

Poodle: An understandable explanation and instructions on what to do are here.

Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Win 10 Technical Preview updated to build 9879.

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

Hot off the press this morning: TheWeather Channel web site open to simple, primitive attacks if you click on any link in that web site!