Tuesday, February 17, 2015

Computer(s) And "Friends"

And again it was a customer's email that brings forth another post on this blog; thank you G. G. With his kind permission here is his email:
I recently have run into a situation about which I don’t know what to do.

For the last few years I have occasionally let a friend, who does not have a computer, use mine.  This would be a few times per year.  Basically he wanted to go on Craig’s List, so he used my second address, with his own password for a Craig’s List account. I didn’t really question what he was doing, because I know one can sell and buy on Craig’s List.

What I found out is that he was posting sexually explicit ads on Craig’s List.

While the screen shows all the ads have been deleted, I cannot figure out a way to get them off of my computer.  An email to Craig’s List was of no help, it just told how to delete the ads, but not how to permanently remove them from my computer.

I’m finding this to be a difficult situation, not only because of the mechanics of getting rid of something I don’t want on my computer, but because of the personal factors involved with someone who was a friend, and trying to weigh in if that relationship can be continued.  Any help that you can give will be appreciated.  

And here is my reply:
Dear Mr. G,

I have heard of similar situations like yours and you have my sympathy.

To your question about cleaning up your computer: I can most likely help. I can try to do that via remote support or in a house call, that is your choice. Although since sexually explicit material is involved I would strongly prefer a house call. Working locally on the computer will allow me to disconnect the computer from the Internet which will allow deeper analysis and cleaning and protect the computer and your Internet connection from eavesdropping.

Additionally and because you asked me I will voice some general ideas:
  • NEVER let a "friend" or relative (children, teenager, nephew/niece, grandchildren!) use your computer in/with your regular user account.

    If you are a "normal" home user you most likely always work in an administrator account; that can incur added risks.  If you follow this link to the explanation of administrator account please ignore the outdated line "Applies to Windows Vista". These basic concepts apply to all modern operating systems.
     
  • For other people on your computer always create "standard" user accounts.
     
  • NEVER trust that anybody will behave responsibly and that they will follow basic rules of safe computing.
     
  • NEVER let anybody (and not for ANY reason) use an identifier that is tied to your person (email account). It may happen that you will have to answer to the FBI if the person for example uploaded child pornography.
     
  • Only allow any third parties (whether visitor or family!) to use your internet connection (wireless network, cell phones, tablets a.s.o) when you can be certain that your internet connection is secured beyond browser and operating system based measures.
    One option of several is described here.
Above advice may seem harsh but consider your situation. Naturally I can not "advise" you on how to handle the situation with your "friend".

My very personal and for you irrelevant opinion is that this person has proven beyond doubt that he is not a friend, maybe not even an acquaintance worth my time. But I am certain you will find your way of dealing with this aspect of the situation.

Additionally and independent of all the preceding I want to ask your kind permission to re-work your question and my answer into an article on my blog. What has happened to you is so "typical" that it lends itself to wider attention. Naturally your text would be quoted completely anonymously.
So much for the customer's letter and my response.

All the above was meant to be the whole post on this issue and then the heavens made me meet with a friend who had given his computer to someone when last fall they were on a hunting excursion.

In this case there are no sexually explicit materials involved but the computer was majorly infected with PuPs, this nasty new kind of malicious programs that I talked about here and here. And here are a few more examples of how we get tricked to allow this stuff to be installed.

I want to add here that you should never activate the Guest account that you find in many versions of Windows. Crooks and hackers know about this account and will be happy to exploit it if they find a computer with activated Guest account.

Update 2/19/2015
I forgot to mention that all good will and the best intentions by us and by others are null and void if my
10 Commandment of Safe Computing are ignored!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Sunday, February 1, 2015

2015-02-02 WTKM Talking Points (February 2nd 2015)

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long run make oodles of money more than by selling the software.

New dangerous bug in Adobe Flash Player is exploited via Facebook! Current version is 16.0.0.296!The catch: Many fake updates around! Mostly the user is tricked to download/install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware!

Renewed warning: CryptoWall (new CrypotoLocker variant) spread through advertising networks.

When you see advertisements your computer is already infected!It is more important than ever to have a backup routine in place AND TO DO IT!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on this blog.

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
Here is Microsoft's own advice for such a case:
  • Do not purchase any software or services.
     
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
     
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer or when you personally  initiated a support call with Microsoft.
     
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
     
  • Take the caller’s information down and immediately report it to your local authorities.
EBKAC errors are the most common ones and no program protects against that!

The supposed hack attack on French news media after the Charlie Hebdo shooting was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!

As usual I welcome suggestions right here in the blog.
Click here for a categorized Table Of Contents.