Foistware - a BAD Example

Recently I read about the free video download and converter software FVD Suite. I thought some of it's functionality might be helpful so I downloaded and installed it.

And during installation it showed it's true colors. The Installer offered altogether FOUR pieces of typical foistware, some of it IMHO outright bad stuff. And on top of that it used a tricky switch of the method to avoid this unwanted stuff.

Here are the four installer windows that attempted to trick me into installing the additional junk.

1.  The first window has Quick Installation preselected. I am usually careful with my computer so I selected Advanced Installation. The switches to install Babylon were preselected and got greyed out immediately! That means I could not turn Babylon off anymore.  IMHO Babylon is outright CRAP! Pardon my French. it figures as translation software but why then do they need to change my default search engine and my browser's home page? Did I already say crap?

I had to switch back to Quick Installation; then I could remove the check marks in the three entries for Babylon and switch back to Advanced Installation. By then I was on high alert, trust me. 

2. The second window wanted my permission (naturally preselected!) to install Shop To Win and QwikLinx. I always think TANSTAAFL seeing this sort of garbage software.

This window required to deselect only one check mark.

3.  The third window offered PricePeep. See above, TANSTAAFL.

BUT: Since I wanted to avoid PricePeep this window required a change in the method to avoid the PricePeep gunk; I needed to click the Decline button. The graphic design of this and the next window is such that on first glance one might think that Decline would decline the installation of FVD Suite and thus click on Next Step. Which would be just the mistake the originators of this deceptive tactic want us to make. Decline affects PricePeep only. Tricky, tricky to say the least. 

4. Window #4 used the same method as #3, I had to click Decline to avoid getting WaJam installed.

Plus it had a graphic element resembling a check mark in a circle; only after reading the text behind this little thingy I realized what it meant.

 
That was this.

I hope you don't get bored by me repeating and repeating over and over again:

• Take the time to read EVERY little window when installing downloaded software
   
• Watch out for preselected check marks
   
• THINK before you click
   
•  When in doubt don't install what tries to trick you!

It is getting worse and worse every week; stay safe and keep your computer clean!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

On Line Backup - Not For Me

Yesterday I wrote in my article "Free Trials - User Beware!" the following:

In my opinion some of these services are bordering on useless and/or the promised services lack a sound technical base. An example for the latter are in my opinion the numerous online data backup services. All these offers pitched to the unsuspecting consumer do not mention the speed problem.

Practically all normal Internet connections, whether via DSL, cable or wireless technology have the same big drawback in common: The transfer speed from your computer up to the service's computers is significantly slower than the download speed that you experience when you browse web pages or watch a video or peruse Facebook.

Today I can give you numbers from the hard reality of what that means in real life terms.

I read on a fairly techie-oriented website a glowing endorsement of the online backup service CrashPlan and decided to give it a try. I downloaded their software, installed it and set it up to back up only the minimally required folders with my most important data.

Several hours later I wrote this email to Crash Plan's customer support:

Based on a recommendation at Lifehacker.com I bought your xxxxx plan for 2+ home computers instead of signing up for a trial. What a mistake.

After paring down the directories to the absolutely necessary minimum your program tells me after over 5 hours of run time that it still estimates another 12.2 days of run time remaining.

I am sorry, but this is absolutely unacceptable for me.

I herewith cancel my purchase. I have stopped the transfer by killing the process in Task Manager. I have uninstalled your software and deleted the downloaded installer file.

According to the promise on your web site

Our risk-free cancellation policy will automatically credit you for the
remaining unused months on any plan if you decide to cancel at any time.

I request that you please refund my payment.

Well, I warned you and promptly, on the very next day I stumble by my own free will directly in the trap. Dumb old man that I am!

As usual I welcome suggestions right here in the blog.

Click here for a categorized Table Of Contents.

"Free" Trials - User Beware!

A recent article on PCWorld titled "The truth about free trials" caught my attention. It is quite lengthy and I had some ideas how to make the material more palatable. Let me begin with some background information.

Something that bothers me for quite some time are "Free Trials". Not only "free" manufacturer installed software packages that mostly have only one purpose, to make you pay for things like update subscriptions, license fees, upgrades to "pro" versions and so on.

Now all this junk has been joined by an ever increasing number of various offers of a wide variety of online services.

In my opinion some of these services are bordering on useless and/or the promised services lack a sound technical base. An example for the latter are in my opinion the numerous online data backup services. All these offers pitched to the unsuspecting consumer do not mention the speed problem.

Practically all normal Internet connections, whether via DSL, cable or wireless technology have the same big drawback in common: The transfer speed from your computer up to the service's computers is significantly slower than the download speed that you experience when you browse web pages or watch a video or peruse Facebook.

UPDATE 9-15-2012 (only 1 day later) re. online backup: Please read this article. 

Uploading large files like pictures, music and videos just takes too darned long to be practical!

Most online services offer free trials; sounds good, right?

But what happens when you realize that the service is actually not quite what you had expected and you want to cancel? Many users have nightmarish experiences.

PCWorld had a similar article already in 2006 and I will compare the results in an easy format. As to be expected there were services where canceling was easy and straightforward; there were services that took some detective work and tenacity to get rid of and then there were some that made it very difficult if not almost impossible to cancel. Nothing new here; everybody who years ago wanted to dump AOL has experienced that.

If you have ever listened to me on WTKM or are my customer you know that I call a spade a spade. Here are the names of the services PCWorld dealt with in 2006 and in 2012, grouped by difficulty to cancel.

	BIG hassle, really hard	Difficult & time consuming	Easy
2006	31%	22%	47%          of total number
	AOL	EarthLink	Ancestry.com
	BlueMountain.com	Equifax Credit Watch Gold	Audible.com
	Classmates.com	Flickr.com	Consumer Reports Online
	ESPN	GameSpy Arcade	Ediets.com
	MSN Internet	MLB	GameFly.com
	Napster.com	Netflix	GotoMyPC
	NetZero	RapidFax	Match.com
	Real Rhapsody		Mvelopes.com
	Real SuperPass		Reservation Rewards
	True.com		Salon.com
			Stamps.com
			The New York Times Select
			The Wall Street Journal
			Vonage
			Vongo
	BIG hassle, really hard	Difficult & time consuming	Easy
2012	30%	42.5%	27.5%        of total number
	TrustFax	BeenVerified	eFax
	LifeLock	GameFly	Netflix
	GameHouse	CalorieKing	Shockwave Unlimited
	IdentityGuard	YouSendit	TrustedID
	Spotify	Foreclosure Radar	Britannica Online
	RealPlayer Super Pass	Identity Protection	SugarSync
	Tech Support for Dummies	Match.com	Weather Channel Desktop
	FreeCreditScore.com	Audible Listener Gold	Adapted Mind
	ESPN Insider	Cook's Illustrated	Ancestry.com
	IMDb	RealtyTrac	Hulu Plus
	GoToMyPC	Club Pogo	Merriam-Webster
	SociallyKnow	Rhapsody
		American Greetings
		Dr. Laura
		My Total Money Makeover
		Blockbuster Total Access
		OnlyMyEmail

Two things seem to be remarkable to me:

1. Most of the services that in 2006 were a big hassle to cancel are gone for good and/or don't play a significant role anymore.
   
   Companies in this category in 2012 might take heed; the warning is written on the wall.
    
2. The huge shift from 2006 to 2012 between the Difficult and the Easy categories. The percentages are reversed. Does this imply that it pays to make canceling difficult (but not next to impossible)?
   
   Has Netflix learned a lesson? They went from difficult to cancel to easy.

Please draw your own conclusions and please tell us about them in the comments. Thank you in advance.

As usual I welcome suggestions right here in the blog. 

Click here for a categorized Table Of Contents.

Gunk Software

This time around it was not a customer but a friend from my trap shooting club who asked a question that I want to answer here. Thank you Steve. He sent me the following text:

My new Toshiba laptop seems loaded with a bunch of Toshiba software.  It seems to want to [do] things its own way. 

If I try to use Internet Explorer as my default browser instead of Toshiba-Google Chrome, my email at SBC-Yahoo does not always seem to work well... the cursor won't respond normally and always the Toshiba browser loads anyway. 

I suspect I might have to uninstall everything that says "Toshiba." 

What are your thoughts on this?

Good that you asked before uninstalling everything from Toshiba.

In my usual complicated manner I will probably tell you more than you wanted to know but I'll do it anyway.

All the following is valid for every brand name computer marketed to consumers, no matter what manufacturer we are talking about!

Sony, Samsung, Toshiba and lately ASUS are in my experience and opinion the very worst of companies as far as dubious or questionable pre-installed software is concerned. Sometimes it takes almost criminal investigative skill to find out what the software really does that they install on their computers.

Some of these programs your computer really needs to function correctly. Other programs have questionable purposes at best and still others are outright gunk. This mix is different from manufacturer to manufacturer and within manufacturers different from model to model or series to series.

The lowdown is that you as a "normal" human being will not be able to correctly discern what is safe to remove and what needs to stay. I have personally witnessed even experienced professionals failing at that and I am VERY careful and conservative when I do that.

In your case I assume hat you can at least uninstall the existing Google Chrome version. I don't want to say more because it could be just the wrong advice in your computer's case.

Besides that I strongly recommend, no urge my customers NOT to use Internet Explorer. Use Firefox instead, but please only the original version and not Yahoo's crippled version.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance. 

Click here for a categorized Table Of Contents.

FBI Warning "freezing" Your Computer?

Caution, the latest scam out there purports to be from the FBI. It is not!

In this warning the FBI states that:

There is a new “drive-by” virus on the Internet, and it often carries a fake message—and fine—purportedly from the FBI.

“We’re getting inundated with complaints,” said Donna Gregory of the Internet Crime Complaint Center (IC3), referring to the virus known as Reveton ransomware, which is designed to extort money from its victims.

Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.

The bogus message goes on to say that the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service.

Mostly the fake message states that your computer was used for "illegal use of downloaded media, under-age porn viewing, or computer-use negligence". Naturally none of that is true.

It is a fairly primitive scam but quite a few people seem to be driven by their bad conscience to pay. They are out of some money and they have handed their credit card info directly to the crooks!

No US government agency would ask a perpetrator online to directly pay a fine. In the US you would get indicted in a court of law. "Direct payment" happens only in high corruption countries and/or under dictatorships; it's called a bribe.

The nasty thing with this virus is that the home user generally does not have the technical expertise to remove this nasty piece of software; you will have to call a competent technician.

My customers know who to call; do you?

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Windows 7 - And Not Word 2007?

As so often again it is a customer's question that started this article; thank you Joan L.

Background: The lady recently bought a new computer with Windows 7 as the operating system. She had asked me to do the set-up-job that I highly recommend for every new brand-name computer. The set-up-job is described here.

She sent me the following question:

I was expecting to have Word 2007.   ???    Is it available "somewhere" and I have not found it?

Why where you "expecting" Word 2007? There is absolutely no connection between the numbering systems in Microsoft software. The Windows operating system has had historically names like

• Windows 95. 98 ( and NT and 2000 for professional use)
• Windows ME, XP and Vista and
• Windows 7 (since 2009)
  
• Windows 8 (per end of October 2012)

Microsoft's office software of which Word is only a part was historically named

• MS Office 97, 2000, 2003 and then
• MS Office XP
• MS Office 2007 and 2010
  

You can see that in both product groups (Windows operating system and MS Office) Microsoft wildly jumps between names, years and numbers.

Again, there is NO correlation between Windows and MS Office.

I believe you said - as most of my customers do - that you did not want to pay another $100 or more to Microsoft because the free office suite LibreOffice enables you to create, modify and open the common MS Office file types .doc, .xls and .pps (for Word, Excel and Powerpoint files respectively). That is why I installed LibreOffice on your computer as part of above mentioned set-up-job.

The main and most obvious difference between MS Office and LibreOffice is that the latter still adheres to the time proven menu paradigm while Microsoft as of Office 2007 has switched to the new ribbon interface. 

I am an old menu user and personally have huge problems doing simple things in the ribbon interface. It is so bad that I installed a function that gives me back menus in MS Word and MS Excel. But that is besides your question, I apologize.

Not in my email response to the lady but worth mentioning in this context is that the Windows operating system and MS Office are licensed independently of each other. With the purchase of a Windows computer you buy a license to use the operating system. If you want to use MS Office you have to buy an additional license.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Tune-Up Utilities

The newest crooked trick is to tell you that your computer needs a "tune up" because it has so and so many "errors". You will be shown an impressively looking list with technical details. Please don't fall for this new trick.

This time around it's not virus programmers that try to scare you into doing the exactly wrong thing, this time well known companies use this old scare tactic to get their sticky finger into your wallet. The companies in question in the limited test I refer to are Corel, Norton and AVG.

When you try to use whatever is offered on your screen to "clean" the computer you are asked to pay! You can read about all the gory details here.

Please trust me, anybody, no matter how well known their name is, who tells you that your computer is full of errors or viruses or whatever and then wants money to correct the situation does NOT have your best interest on their mind! They are after your money, only after money!

Any commercially offered tune-up utility carries inherent dangers. Many are way too aggressive and some even have rendered well running systems unusable. Please stay away!

Read how the author of above linked detailed story summarizes his experience:

Scare tactics and hard sells should be a red flag. . . .

. . .  the software I test-drove for this article clearly seems aimed at inexperienced users who are more likely to purchase "repairs" when confronted with frightening reports of critical and numerous system problems. Unfortunately, these PC users often lack the skills to do basic troubleshooting themselves. 

My conclusions:

• It's not only crooks anymore that try to scare unsuspecting computer users out of some money
   
• Formerly renowned companies like Corel, Norton and AVG have begun to copy tactics so far only used by crooks; how desperate are these companies?
   
• In the case of Norton software (marketed by Symantec Corp) they actually add insult to injury; IMHO Norton Anti-Virus has for years caused more trouble than done good.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Wireless Security - Why?

Once more it is a customer's question that triggers a generic reply. With minor editing here is what I got asked:

When you were over. . . you told me that my internet service was "insecure" because I didn't  have a password  to log on. We have wireless internet. I didn't realize until today . . . that I still don't have a secure network. . . . Should we do that, or am I ok the way it is now?

 Here is my reply:

The question is not if "you are okay" with a not secured Internet connection.

The question is: How do you see the risk of some crook driving by your house while nobody is home, realizing that you have an unprotected wireless network, stopping and using your Internet connection for illegal purposes? And some month later you will have to explain to the FBI that it was not you or your husband who uploaded child porn from your Internet connection. (Only an example.)

Programs to indicate wireless networks are available for free and for all major types of smart phones.

For me the only question really is "Am I willing to let some stranger into my wireless network or not?"
 

 That question you have to answer yourself.
As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Windows 8 - Do You Need It?

End of October will bring the introduction of Windows 8. The "new factor" seems to be intriguing to some people.

All Windows XP computers and some early Windows Vista computers are reaching the limits of their useful lifetime or even are outright beginning to fail. I always try to get the customer to compare the cost of a repair to the cost of a new computer. New computers generally are in every technical aspect a multiple of what a computer built for Windows XP was.

Whenever I have to talk to a customer about a new computer I am asked "Should I wait for Windows 8?".

 My current reply is usually along the lines of

• Currently you can get reasonably priced computers with Windows 7.
• Windows 7 IMHO is the best operating system Microsoft has ever released.
• Windows 8 and it's Metro user interface is meant and built primarily for touch enabled devices.
• You will have to re-learn many things that have become habitually
• I rather recommend to stay away from the bleeding edge of technical developments.
• Using a repaired (older) Windows XP computer with Windows 7 or Windows 8 is like attempting to keep up in Chicago's rush hour traffic with a Ford Model T.

I know that you will be able to use Windows 7 at least until January 2020. Yes, Microsoft has firm life cycle schedules available. If you look at these schedules you need to look at the "end of support" dates. In Microsoft's own words:

End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance.

That is the date relevant for the average home user! After that date nobody will want to help you with the "old" operating system anymore.

Conclusions:

If there is any reason to currently think about possibly a new computer please think Windows 7!

If you are confused by the huge number of options out there and/or if you can't stand the quite often incredibly snotty sales people (for example but not only at Best Buy) then please ask me for advice. All my customers have my email address, my phone number and even my postal address. Or you can use the link way at the end of every single article on this blog; it looks like this: Click to send me an Email

As with any and all brand name computers I strongly recommend my Set-Up job. The customers that had me do the set-up job are those I don't hear from for years; that's how I want it to be!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Foistware - More Than A Nuisance

The following mainly is an excerpt from my recent article "PDF Creator - Good Bye". If you have read that article you don't need to read this one.

Developers of free software always had the problem of somehow making some money; they have bills to pay too!

Quite often good free software was meant to be an "entry drug", to entice you to later buy the paid version of that software. Users of these programs were reminded at certain intervals or during certain functions like updates to buy the paid version.

Over time these reminders became more intrusive and sometimes even sneakily disguised down to the point of being outright obnoxious. Good examples of the latter are AVG and Avast antivirus programs.

To further the sale of paid versions the developers of these programs made it more and more difficult to upgrade without inadvertently switching to the paid version. 

Another method of attempting to get at least some money was and is soliciting donations from users of the program. Way too few people were willing to part from their $$ for a piece of "free" software, even if they used it daily!

Both aforementioned methods and others apparently did not have the desired effect. Software developers now are prone to look for a more direct method of getting paid.

They fall for the sales pitches of third parties and offer Foistware.

Rather than repeating all the information I point you to a very good description of foistware in this ZDNet article by Ed Bott. I recommend a look at his "Foistware Hall of Shame" as well.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

PDF-Creator Good Bye!

On most computers that I have set up in the past I did install a program called PDF-Creator. It allows very simple creation of a PDF file out of any kind of document. You simply print that document on a virtual printer and voila you have that "printed" document as a PDF file.

PDF Creator still is the same good piece of free software that IMHO it always was; but something rather nasty has happened around it. Let me explain and set the stage.

Developers of free software always had the problem of somehow making some money; they have bills to pay too! Quite often good free software was meant to be an "entry drug", to entice you to later buy the paid version of that software. Users of these programs were reminded at certain intervals or during certain functions like updates to buy the paid version. Over time these reminders became more intrusive and sometimes even sneakily disguised down to the point of being outright obnoxious. Good examples of the latter are AVG and Avast antivirus programs. To further the sale of paid versions the developers of these programs made it more and more difficult to upgrade without inadvertently switching to the paid version. 

Another method of attempting to get at least some money was and is soliciting donations from users of the program.

Both aforementioned methods and others apparently did not have the desired effect. Software developers now are prone to look for a more direct method of getting paid at least some money. They fall for the sales pitches of third parties and offer Foistware. A very good description of foistware is in this ZDNet article by Ed Bott. I recommend a look at his "Foistware Hall of Shame" as well.

You ask what all this has to do with PDF Creator? A lot since PDF Creator got loaded with OpenCandy, an IMHO classical example of foistware. So far I could easily circumvent OpenCandy during installation of PDF Creator. But now PDF Creator's developers have decided to include OpenCandy and almost clandestine offers of junk into PDF Creator's update function! Take a look at one of PDF Creator's current installer windows :

 

In the top oval highlight you see pre-selected choices to install Babylon, IMHO one of the most heinous pieces of software currently pushed on unsuspecting people. Don't take my word for it, just read a few comments by people (all original quotes from here):

"Babylon is total f***ing malware. I unchecked every box, refused every intrusion it offered, and BOOM I find it has installed itself anyway. Oh and not just installed itself, infected Firefox to the bone. It is utterly inextricable using conventional means. One must dig into Firefox system files via about:config and manual expunge each hidden piece of malware. "

"Why is Babylon software not classified as malware? My computer is infested with it; . . .  if it did not automatically install itself everywhere."

"I do not need it and I cannot get rid of it. It overrides my settings in an obscure way that seems impossible to be corrected."

"Does anybody know how to remove this stuff?"

 Now, in above example you have to do four things to avoid getting Babylon installed:

1. DE-select the check mark by "Make Babylon Search my home page"
2. DE-select the check mark by "Install Babylon toolbar"
3. DE-select the checkmark by "Make Babylon my default search" 
4. And you have to click on the Decline button.

 If you click on Agree you have done just that, agreed to Babylon taking over your web browser(s) and the settings in the check marks are ignored.

I have used PDF Creator and Babylon as examples only! PDF Creator can offer other foistware that requires other methods of avoiding it! user beware!

All this sneaky stuff happens thanks to OpenCandy being now in PDF Creator's installer!   

What to do about it:

If I have set up your computer before August 2012 you likely have PDF Creator running. Please remove it! I recommend these steps:

1. Open the Control Panel
2. Open Programs and Features (on XP it is Add/Remove programs)
3. Find and highlight "PDFCreator"
4. Click Uninstall (on XP it is Remove) and follow the prompts
5. Open the Printers folder.
6. If you still see a printer "PDFCreator" Right click on it and click on Remove device

If you want to retain the option of creating PDF files by simply printing them to a virtual printer I recommend from now on doPDF. You can download it from this web page as well; please do not use the mirror links at the end of the page. Some of these go to download portals that I recommend to stay away from.

When you install doPDF you will see the window pictured below. Please set the switch "Always use this folder" to your personal preference.

If you have difficulties doing any of that or if you feel intimidated by the tasks at hand then I would love to help; you know who to ask. 

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

DISable Windows Sidebar & Gadgets NOW! Update

The Register is a British IT and computer blog. I follow it's security blog; one of the recent articles was about dangers posed by Windows Vista and Windows 7's features "sidebar" and "gadgets". To save you the need to go to this page and then return I will quote their full article here:

 Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features.

Redmond issued this advisory ahead of an upcoming Black Hat presentation by Mickey Shkatov and Toby Kohlenberg. The two have promised to reveal “interesting attack vectors” in a presentation called “We Have You By The Gadgets”.

Microsoft hasn’t provided any further information about the vulnerability, other than to say that users could install insecure Gadgets that enable remote code execution.

“Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time,” Microsoft notes.
Since Gadgets run with the rights of the current user, the vulnerability could allow exploits all the way up to administrative level.

The Microsoft fix disables the Windows Sidebar and Gadgets on all supported Vista and Windows 7 editions.

The unloved Sidebar feature for Gadgets was killed off in Windows 8, as was the Windows Live Gallery used to access Gadgets from the desktop.

I always have advised my customers not to use sidebar functionality; especially on early Vista systems with limited hardware sidebar gadgets caused a perceivable performance reduction.

It seems to be interesting that Microsoft issues a "fix" even before the vulnerability has become public. That tells me something about this vulnerability: It must be really dangerous or maybe it's just too easy to exploit it?


If I have set up your system and you have an icon labeled "Teamviewer..." on your desktop then I can apply remotely a simple fix that will disable the sidebar and it's gadgets permanently and system wide. And you have my phone number.

Update: There is a relatively easy way to disable the sidebar and the gadgets yourself:

Uninstalling the Gadget Platform also removes the Gadget options from the desktop context menu and the control panel. To uninstall, open the Control Panel, click Programs and Features. In the upper-left corner click Turn Windows features on or off. In the Windows Features list, scroll down and un-check Windows Gadget Platform, then click OK. This will require a reboot.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Passwords that are NOT a Password

Update June 15, 2013:
I stand by what I wrote here but please read as well my article "Passwords - The Latest".

I stumbled over an interesting web site maintained by security consultant Mark Burnett.  Mark writes extensively about passwords and other computer security related issues.

What intrigued me is the utter ignorance some people show when selecting passwords. Take a look at the this little table with the arbitrarily chosen top 18 entries out of the millions of passwords Mark has analyzed.

The first column lists the actually used password and the second column how often it appeared in the analyzed sample. The obscuring with **** serves to disguise a foul four letter word.

password   32027   

123456     25969   

12345678   8667      

1234       5786      

Qwerty     5455      

12345      4523      

Dragon     4321      

P****      3945

Baseball   3739      

football   3682      

letmein    3536
monkey     3487

696969     3345
abc123     3310
mustang    3289
michael    3249
shadow     3209
master     3182

What I want to emphasize are a couple of facts that by now ought to be common sense knowledge of anybody who uses the Internet:

1. Never use any word that could be in any dictionary as a password.
   Consider as well dictionaries of nicknames, pet names and common acronyms!
2. Don't use obvious sequences or repetitions.
3. Make your passwords long enough. I consider 10 to 12 characters the minimum.
4. CAPITALIZE some of the letters.
5. Use one or two numbers.

Please read my May 2012 article about hacked passwords  and my April 2011 article on what to do about passwords that are too simple.

The former article has become even more important after Yahoo admitted that just recently one of their services has been hacked and 450,000 passwords got posted on a publicly accessible web site!

On a side note: For years I have advised my customers to drop their Yahoo email accounts; seems this was and is reasonable advice.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Yet Another Scam - Beware

Just today I got this email (screen shot from my email program):

Looks almost "real", doesn' it?

I thought "Yes, we have that old BoA credit card from store XYZ" and so I started reading the email..

I read until I saw the sentence in the red rectangle above. A bank asking to "confirm customer data"?
"No way you lil' ole scammer" was my reaction.

Then I thought to check the link on "HERE". And yes, you guessed it, it goes to some place somewhere but not to BoA; see this screen shot:

You csn see my cursor was on "HERE" and in the status line you see the target web site; No BoA at all!

My conclusion: Optically appealing scam.

This shows again that we need to think before we click!  And we better check every link in an email whether it's actual target has anything to with what it claims to be.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Printer Problems - Check This First

All too often I get calls about a printer not working. The following is a first attempt at giving you some basic tools to do a preliminary check yourself. This will likely be augmented and expanded upon; suggestions are welcome.

The first things to check before you call me would be:

1. Are all cables correctly connected on both ends of the cable?
   
   
2. While the computer is up and running: Turn off the power switch on the printer, wait about ten seconds  and then turn this power switch on again.
   
   
3. Open your printers folder. If printer is shown as offline right click and remove the check mark by "Use printer offline".
   
   
4. If the printer still does not work and only if it is connected to the computer with a cable:
   

• Right click on the printer and click on (depending on your operating system) "Remove device" or "Delete printer".

• UNplug the printer cable either from the computer or the printer (one side is good enough).

• Restart the computer.

• Plug the cable back in and let the system re-install the printer.

If that does not fix it I will have to visit you and take a look if you so desire.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Why I Shun Some Microsoft Programs

This is something that I need to explain to almost every new customer; so it makes sense to write it down – finally.

For technical purists: I know my wording is not always technically 100% correct but this blog is written for totally non-technical people; their understanding of the concepts is more important to me than expressing my thoughts technically fully correct. I ask your forgiveness.

In the 1990s Microsoft developed a programming technology known as ActiveX. This technology naturally is widely used in all major Microsoft products. ActiveX programs require the so called “ActiveX environment” on any given computer to be able to work. Consequently all major Microsoft programs contain and supply an ActiveX environment.

In December 2009 Microsoft operating systems powered more than 92% of installed computers according to this ArsTechnica article. This market share has somewhat shrunk but I believe I still can say: Since ActiveX was introduced Microsoft has become a world encompassing monopoly.

According to Internet World Stats currently there are over 2.3 billion Internet users worldwide. Around 80% to 90% of these people use a computer that is run by an operating system from Microsoft.

What is a crook going to do if he wants to (ab-) use your computer for his purpose? What programming technology or programming language is he going to choose? Likely he will choose the programming language that will give him access to the largest number of computers, machines run by a Microsoft operating systems.

Around 2006 there were estimates that about 75% to 80% of all viruses were written in ActiveX. I have not found current statistics but that percentage is lower now. By my personal estimate currently ca. 50% to 60% of viruses are still written in ActiveX.

My conclusion: Just by not using certain Microsoft programs we can easily avoid common ActiveX viruses! Microsoft programs that I avoid are primarily:

• Internet Explorer
• Any and all Microsoft email programs
• Windows Media Player
• MS Word, Excel and PowerPoint when I need to tap into Internet connected features 
• Microsoft Messenger (a chat program)    

How do I “get to the Internet” and write letters and so on you ask? The alternatives of my choice are all free, free as in no money at all and safe as far as malicious ActiveX programs go:

• Mozilla Firefox (web browser)
• Mozilla Thunderbird (email client)
• VideoLan VLC (media player)
• Libre Office (office suite)  
• Pidgin (a chat program)

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Why I Recommend A Backup Program for $$

Update June 20th 2016: Changed software recommendation

Again a customer's question required an answer that might be of general interest. Thank you Carrie L.

The lady asked: 

So you would recommend the xyz external disk drive PLUS the fully automatic solution which is the software that runs the xyz drive?  Or can I just get the fully automatic solution?  If I do, where does the backup go - to a company who stores it?

I would never recommend to store backups on a third party's computer or "in the cloud" as the many Internet based services are called now. Uploads (from your computer) to the Internet are just too slow! All these advertisements are an appeal to our complacency and unabashed attempts at getting a sticky finger into our wallets. These solutions may be feasible when a company has leased a fast connection into the Internet; technically we talk about T1 lines or faster. For the average home user this is simply cost prohibitive.

Storing backup data in the computer itself does not offer any security against data loss in case the computer fails badly. Everybody who has been around computers a little bit will agree that you need to store your data files outside of your computer; for the home user that is on an external disk drive! Ideally the files should be stored in the same format that the operating system uses.

So, yes, you need an external disk drive. These disk drives usually come with some sort of backup software. Mostly these programs create proprietary formats. Whether you can restore your data files from these proprietary formats on other, new computers is questionable at best. This specific piece of software might not run on a new machine or not be available for a new operating system.

Above mentioned proprietary formats usually are compression and/or encryption schemes of some sort. This makes backed up data files inaccessible for normal, standard means of the operating system. I totally oppose any of these schemes for home use, especially if the users are "normal" people that do not have a degree in computer science.

Every other backup program I know needs to be either run manually or be scheduled to run automatically. Manual operation usually gets forgotten or postponed until it's too late; I confess, I can't do it dependably!
Automatically scheduled solutions require

• that your computer is always turned on at the scheduled time and on the scheduled day of the week and
   
• that you do not work on the computer while the scheduled backup runs (the problem here are "open" files, files you are working with whether you know it or not; many backup programs can not handle open files correctly(!) and
   
• that the computer does not enter sleep or hibernation mode while the backup is running (all Windows computers are by default set to go into sleep and hibernation).

Update June 20th 2016:

All too often a backup does not get done because, honestly, to run "that darned backup program" is an additional chore. And such chores get "forgotten" too often. But this something I can not change; if you want to be secured against data loss you will have to run backups - and you will have to do backups regularly! 

And to be totally honest, you will have to learn about the different basic backup concepts and functions and their names. There are literally many hundreds of tutorials about that on the Internet.
 
For Windows PCs I recommend the $70 (one time payment!) program Macrium Reflect. The free version is sufficient for most home users but you always can pay to upgrade.

You may want to read additionally this article about backup devices.
As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Stay safe.

Email Scams Getting More Elaborate

A few days ago I received an email that requested to "verify" my Yahoo! account. Similar scams happen for Hotmail.com, MSN.com and AOL.com based accounts all the time.

I took a screen shot of my email program to demonstrate a few details.

First warning flag:In the top line you see (framed pink/purple) that the email comes from an individual Yahoo account in Australia.

Second warning flag: When I rested my mouse (without clicking!) on the link that textually seems to be from Yahoo! (red frame) you can see in the status bar on the bottom of the picture that the actually called web site is from a different web address, here "host-now.net". Never, ever click on a link that translates to something else than the link claims!

Third and most important warning flag: No reputable company, no financial institution, no Internet company, absolutely nobody who wants to be taken serious on the Internet will ever ask you to confirm personal or account information via email.

It is amazing that this still has to be repeated and repeated and repeated. Please use your common sense BEFORE you click!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Hacked Passwords

Currently it happens way too often that passwords of email accounts get hacked. The compromised accounts get used to send out spam emails that will one way or another make money for the crooks behind this scam.  Mainly affected are accounts that end with

• @yahoo.com
• @hotmail.com
• @aol.com
• @att.net
• @sbcglobal.net

AT&T and SbcGlobal accounts are affected because AT&T subcontracted Yahoo to technically handle their email accounts. This is true for our local area. In other parts of the country other email accounts may be affected as well.

Affected accounts are used to send out spam email that look mostly like that:

this is rather awesome http://www.eudonews.net/biz/?read=6036326

The leading text and readable part of the link can be different but so far the general format has been similar. I expect that sooner or later (I am afraid sooner) the crooks will replace the leading text with more intriguing and/or salacious creations.

Again and again I have to say: Even when such an email seems to come from someone you know DO NOT CLICK on the link! The sender address in an email is NOT trustworthy, it can easily be faked to show whatever the crook wants you to see!

The links always lead to known malicious and untrustworthy websites. One way or another the crooks make money, lots of money. Some gang that recently got busted had collected about 14Million dollars.

The accounts could get hacked because the passwords were too short, simple, easy or any combination thereof.

In April 2011 I wrote an article about "Passwords too simple - What to do about it". It still is valid!

Just as an example: A collector of classic cars uses the password "fordbuff". Eight character length is by some technicians considered to be a fairly good password. BUT see this from passwordmeter.com:

Had he chosen "I am a Ford buff" it looks like this:

And now look at the result for "Driving 2 Fords":

Impressive differences, aren't they? And where come these differences from? Example two contains capital letters and special characters (spaces), example three contains an additional number.

If you have not yet done so please read my April 2011 article about "Passwords too simple - What to do about it". It still is valid! 

And another possible reason for your account passwords being hacked may be that you have a password sniffing virus on your machine. Do you already run Microsoft Security Essentials or are you still on Avast, AVG or Avira, "the other" free anti-virus programs? 

Conclusion: A simple little sentence with a number somewhere in it is way better than any single word!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

DNS Changer - as promised on the last radio show

Well, I have gotten a few calls because of the ridiculously exaggerated comments and reporting in the press.

If you want the low down and the details please grab a cup of Joe or a beer or whatever else you like, settle in your favorite chair and head over to this article on the Windows Secrets newsletter dated May 2nd. 2012.

You'll have to read oll the way to the end to find the link to the web site that is testing your computer for an eventual DNS Changer infection. SHOULD against all expectations your computer be infected and if you can't get rid of the virus yourself then I would be more than willing to help.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.
 

Bing Desktop in Windows Update . . .

. . . seems to be Microsoft's latest and (so far?) most desperate attempt to get you to use it's Bing search engine.

As another blog said:

... Bing Desktop, one of the most annoying apps you may install that isn't a virus.

I don’t use Bing very often. Neither does the majority of the Internet — a fact that must upset Microsoft. In the last 14 years, Google has snapped up the vast majority of the search market by being the fastest, cleanest, most accurate way to search. ...

Typically what I don't like about Microsoft: They act as if they know better how I want my desktop to look and that they know better what search engine I want to use and what I want my homepage to be.

That is preposterous to say the least, invasive and absurd; it is yet another Big Brother attitude of the worst kind!

So what does Bing Desktop do? It is nothing but a big and in my opinion ugly search box in the middle of the desktop. Plus they can show you varying desktop backgrounds and naturally they change your home page and your default search engine.

After the installation Bing Desktop gives you the choice of three options:

 

 In the default install naturally all three options are selected. My personal take on these options is so unfavorable that I better not say that here publicly.

Why does M$ (Microsoft) do that? Just look at Google; Google makes billions of $ with their search engine and M$ desperately wants to get a larger slice of that pie.

Enough ranting now. How do we get rid of it?

If you are still in Windows Update right click on the "Bing Desktop" update and then click on "Hide update".  

If Bing Desktop is already installed go to Control Panel, Programs and Features; find Bing Desktop in the list, highlight it and then click Uninstall to remove Bing Desktop.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Backup Devices

Update June 20th 2016: Software recommendation changed.

Again I got a good question from a customer (Thanks Brian). The answer became this article.

So far I did not write about backup devices because the offers out there are in constant change; what I give as an example might not be available any more tomorrow. But here are quite a few generally applicable bit and pieces of info to that issue.

General: I favor 2.5" external hard disk drives over 3.5" drives. 3.5" drives need an external power supply; who likes more cables?

Brand: Over many years I have personally had too many failures with drives from Hitachi, Toshiba and Fujitsu. For years Seagate was a dependable drive but at the time of writing up to 20% of Seagate drives reportedly fail almost "out of the box". That leaves us currently only with Western Digital. This may change at any time. Stay away from drives with other names, you never know what brand of drive really is in there.

Capacity: 500GB to 1TB (1TB = two times 500GB) is currently the "sweet spot" where you get the most GB per $ spent.

Speed: If you can get a drive with 7200rpm that is still quiet go for it.

Interface: The vast majority of computers still have only USB version 2 interfaces. But version 3 is available and MUCH faster. If you have a choice buy the drive with USB version 3, your computer can likely be  upgraded with a USB 3 add-on card; that is not cost prohibitive at all.

Software: Most external drives come with some sort of (often manufacturer specific) back up software that sometimes even installs automatically when you connect the drive for the first time to the computer. GRRRR! Who guarantees that this backup program will be be running on your next computer when you want to restore the backed up files to that new computer? Additionally some of these programs encrypt and/or compress your files; you can restore them only with exactly this program. Windows Vista and 7 come with a decent backup program, but it's only decent.

Backup is the only instance where I recommend to pay for software!

Update June 20th 2016:

All too often a backup does not get done because, honestly, to run "that darned backup program" is an additional chore. And such chores get "forgotten" too often. BUt this something I can not change; if you want to be secured against data loss you will have to run backups - and you will have to do backups regularly!

And to be totally honest, you will have to learn about the different basic backup functions and their names. There are literally many hundreds of tutorials about that on the Internet.


I recommend the $70 (one time payment!) program Macrium Reflect. The free version is sufficient for most home users but the paid version can do it automatically.

Update May 2020:

For backups I strongly urge you to completely ignore conventional Hard Disk Drives. This is by now an outdated technology!

Prices of SSDs (Solid State Drive) have in the meantime come down into a price range where there is IMHO no reason at all any longer to shun them. The speed advantage alone can no longer be ignored.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Stay safe.

Download Portals - A Nasty Side Of the Internet

We all sometimes want or even need to download that nifty program that will do something we think we need done on the computer. Many downloads of really good software are offered on Download Portals, web sites that are specially designed to make many different programs available in "one convenient location" and accessible through "one convenient user interface".

Did you see what I put in quotes in the previous paragraph? "Convenient", one of the regularly (ab-)used weaknesses of human nature.

A consistent single user interface for many different downloads certainly is a nice idea - when it's done correctly and without a hidden agenda. Some very well known download portals do have a hidden agenda; mostly it is about making some money from the fact that many people use them.

Today I found an excellent article on the Emsisoft Blog about the abuse that unsuspecting visitors are subjected to by some well known download portals. Here you find the original blog post with quite a bit of technical detail; Emisisoft makes very good anti virus software and their blog is written for a technically inclined audience.


To save you the need to wade through the technical details here is an excerpt from that blog post (two paragraphs) and then I follow it with just the skinny:

What are download wrappers good for?

You have every right to wonder what the point of download wrappers is at all, as conventional downloads have been just as simple and as well established for decades now. There are several reasons: Useful features such as pausing and resuming while downloading big files are mostly advertised. Current browsers support pausing and resuming downloads, though. You can also make use of professional download managers instead of having a wrapper imposed onto you. This argument is also rather weak as download wrappers are also used for very small target files that are sometimes even smaller than the wrapper itself.

For download portals there is first and foremost a good reason for using download wrappers: the possibility of systematically putting in ads. Software you have designed yourself for that purpose is way more useful than a website is. Plus, this offers the advantage of collecting statistical data on used hardware, which enables the creation of detailed user profiles. One must not forget the commercial effect, either:  When a user downloads software from a specific portal, they are highly likely to remember its name and use this portal for future downloads as well. Regular visits including unique user statistics result in more profits from advertising.

Example 1: download.com

Risk: Installing a browser toolbar and hijacking your browser’s homepage.

Example 2: softonic.com

Risk: Installing undesired software, fraudulent ad banners.

Example 3: softonic.de / RegNow

Risk: Unintentional redirection to unknown third-party providers, ad banners.

Example 4: tucows.com

Risk: Greatest risk due to accidentally installing third-party software and tampering with your browser.

  

Should you at any time have downloaded anything from any of these four download portals you may find any of these icons on your desktop, in your Downloads folder or in almost any other location:

PLEASE uninstall these programs from your computer; uninstall them no matter what they tell you when you attempt the uninstall.

The vast majority of programs offered by download portals is available from other sources without all the "extras". My customers know who to ask. 

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.