Wednesday, July 22, 2015

2015-07-23 WBKV Talking Points


Windows 10
  • You will get updates like it or not
    License agreement: 'receive these types of automatic updates without any additional notice'.
  • Will be sold on USB drives (no need for DVD drive!)
    Seen on Amazon.com's pre-order page; US release date likely August 30th
  • Price for Windows 10 Home $119.99, for Windows 10 Pro $199.99
Adobe Flash player
A seemingly endless saga of bugs and updates.
Per July 20
th you should be at version 18.0.0.209; everything below that is potentially dangerous!
Mozilla on July 20th temporarily blocked Flash Player in Firefox!

This month's Patch Tuesday fixed 59 vulnerabilities

Microsoft stops AV support for XP
Microsoft Security Essentials nolonger updated on Window XP
Yes, there are still about
180 million people using it!

WPA-TKIP can be cracked in an hour!
Check your WiFi setup.
I know many (older?) DSL routers that have ONLY WPA-TKIP; they need to be replaced!

Google Chrome to add RED SCREEN warning
Only for ads with malicious content, known malicious web pages and web sites.

CVS's photo web site hacked and off-line
Other possibly affected firms are Walmart, Costco, Tesco, Asda & Marks and Spencer; they all used Canada-based PNI Digital Media.
I recently tried the CostCo web service and was appalled by it's bad user interface; I ran away real quick.

Hopefully listener calls with questions.

Tuesday, July 14, 2015

Backup - Windows 7 and 8


Please click this link if you are looking for information on Windows 10.

Here are links to articles that should answer most of the questions I get asked about back up.

Windows 7
Build a complete Windows 7 safety net

Windows 8  Understanding Terms
Understanding Windows 8's File History
TechNet: Windows 8 File History explained

Windows 8 Prepare like Microsoft wants it

Microsoft: Set up a drive for File History

Mastering Windows 8's backup/restore system

If you are adverse to Microsoft's built-in tools there are proven free third party backup programs available:
Free Backup programs - Not from Microsoft 
Sadly this otherwise excellent article does not mention Macrium Reflect, an  often recommended free third party backup program.

And here is an interesting discussion about the question where to store the back up:
Internal or External Hard Drive for Backup

And since two customers recently asked about here some words about 
How to back up and restore the registry in Windows

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Friday, July 10, 2015

Windows 10 Broadcasts Wi-Fi Passwords


Please click this link if you are looking for information on Windows 10.

I "stole" the following VERBATIM from a blog post at The Register. 
If you upgrade to Windows 10 and if you have a wireless home network you better turn Wi-Fi Sense in Windows 10 OFF! 
 Wi-Fi Sense is a feature from the world of Microsoft Mobile (cell phones) that sneakily appears in Windows 10.

Here now the article from The Register:

--------------------------    

theregister.co.uk

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

30 Jun 2015 at 20:59,
Updated A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it can share access to Wi-Fi networks with the user's contacts.
Wi-Fi Sense has been on Windows Phone since 8.1
Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can log into that network.
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it. How successful that will be isn't yet known.
"For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone if they use Wi-Fi Sense and they're in range of the Wi-Fi network you shared," the Wi-Fi Sense FAQ states.
Microsoft also adds that Wi-Fi Sense will only provide internet access, and block connections to other things on the wireless LAN: "When you share network access, your contacts get internet access only. For example, if you share your home Wi-Fi network, your contacts won't have access to other computers, devices, or files stored on your home network."
That sounds wise – but we're not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.
The feature has been on Windows Phones since version 8.1. If you type the password into your Lumia, you won’t then need to type it into your laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
Yes, wireless passwords can be written down and trivially passed along to others: we know network security shouldn't end at the Wi-Fi login prompt. But there's nothing like an OS automating the practice of blabbing passphrases to your mates, eh?

Updated to add

A Microsoft PR rep has been in touch about the headline, pointing out that when you share access to your network via Wi-Fi Sense, your contacts cannot share that access to other people. We know this.
The headline still stands because: imagine you and I are friends, and you visit my house. I tell you the Wi-Fi password, or you read it off the fridge. You type it into your Windows 10 device, and access to my network is shared via Wi-Fi Sense with your Windows 10 friends. Your friends now have access to my network, or in other words, my friend's friends now have access to the network.
And that's not good.
--------------------------

So far for the article from The Register.

By now I have installed several versions of Windows 10 Preview and the install process has changed over time - which is to be expected in a preview for testing of a product that is in active development. The last install(s) have asked questions about sharing Wi-Fi keys and I have declined. By the way, I am planning an extensive article about the install process of Windows 10.

I have declined to share Wi-Fi keys because I read the questions before I ACCEPT the default settings. These preselected default settings more often that not help Microsoft rather than the individual user; that at least is my experience with Microsoft software and products since I know them - and that is only since about the early 1980s.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Thursday, July 9, 2015

2015-07-09 WBKV Talking Points (July 9th 2015)

Windows 10
  • What
    It is an in-place upgrade.
    If you want to preserve your Windows 7/8 system DO NOT UPGRADE!
  • When
    Anytime on or after July 29th.

  • Why
    If you want to get rid of Windows 8 annoyances and quirks.
    But you will have to learn a new interface - AGAIN! (boo Microsoft).

  • Why not
    It does not bring anything I consider worth wile the risks of that change.
    There is no realistic simple way to avoid establishing a Microsoft account! Thus every Windows 10 user will become the “target” of the associated “advertisement ID”.
    The install process now even openly mentions the "advertisement ID"!

If your current Windows system is running stable and doing what you want to do I see no compelling reason to upgrade.

Hopefully listener calls with questions. 


As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.


Thursday, July 2, 2015

Repair Scams And New Variants - Again


Please click this link if you are looking for information on Windows 10.

I hardly can count how often I have spoken in my radio shows about repair scams and other tricks crooks use to scare unsuspecting computer users into handing over their credit card info; that is what all these and similar scams come down to.

Here is only a small selection of articles from this blog that deal with various aspects of this situation - with NO claim of completeness at all:
The newest twist in this never ending saga happens as follows: You are on a web site you have been on many, many times, let's say for information on your favorite hobby. Naturally after having used that web site for years you assume it is "clean" and the information from there is valid.

But suddenly you get a pop up window or some other kind of message informing you that "your computer has been reported" to some "Windows Security" team or it "is infected with 567 viruses" or similar.
This sort of pop up is by definition a scam!
  • Do not click anywhere in this window.
  • If applicable DO NOT call the toll free phone number givin in the message.
  • Do NOT "x out" of this window, that is do not click on the "red X" in the top right corner of the window to close it.
The only safe way out of such windows and/or messages is to close them with Alt+F4, that is holding down the Alternate key and while holding this key down pressing function key F4.

Beside getting out of this window safely I would avoid ever again going to this web site. There is almost always some alternative.

Why did I above say "... is by definition a scam"?
  1. There is no "Windows Security" team or company or anything even vaguely similar.
  2. You Windows operating system does NOT report any info to anybody; only malicious software does that!
  3. Neither Microsoft nor any of their partner companies care about your computer's and your well being! 
You don't even have to take alone my word for it; here are links to two very official web pages about that exact same issue: 
  1. Tech Support Scams from the Federal Trade Commission  and
  2. Avoid tech support phone scams from Microsoft's Safety & Security Center

Stay safe and always(!) heed the first of my 10 Commandments Of Safe Computing.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.