2015-07-23 WBKV Talking Points

Windows 10

• You will get updates like it or not
  License agreement: 'receive these types of automatic updates without any additional notice'.
• Will be sold on USB drives (no need for DVD drive!)
  Seen on Amazon.com's pre-order page; US release date likely August 30^th
• Price for Windows 10 Home $119.99, for Windows 10 Pro $199.99

Adobe Flash player

A seemingly endless saga of bugs and updates.
Per July 20^th you should be at version 18.0.0.209; everything below that is potentially dangerous!
Mozilla on July 20^th temporarily blocked Flash Player in Firefox!

This month's Patch Tuesday fixed 59 vulnerabilities

Microsoft stops AV support for XP

Microsoft Security Essentials nolonger updated on Window XP
Yes, there are still about 180 million people using it!

WPA-TKIP can be cracked in an hour!
Check your WiFi setup.
I know many (older?) DSL routers that have ONLY WPA-TKIP; they need to be replaced!

Google Chrome to add RED SCREEN warning

Only for ads with malicious content, known malicious web pages and web sites.

CVS's photo web site hacked and off-line
Other possibly affected firms are Walmart, Costco, Tesco, Asda & Marks and Spencer; they all used Canada-based PNI Digital Media.
I recently tried the CostCo web service and was appalled by it's bad user interface; I ran away real quick.

Hopefully listener calls with questions.

2015-06-25 WBKV Talking Points (June 25th 2015)

Please click this link if you are looking for information on Windows 10.

Emergency patch for Adobe Flash Player; details here (June 24 2015)

Windows 10 not necessary for Windows 7 users, IMHO at least:

• If you are still running Windows XP I can't help you.
   
• If you are running Windows Vista you better think about a new computer (mostly).
   
• If you have a stable Windows 7 system that does dependably what you want to do then don't upgrade to Windows 10.
  
  
• If you are still on Windows 8 you are long overdue to upgrade to 8.1.
   
• If you have Windows 8.1 then upgrading to Windows 10 will eliminate most of Windows 8's annoying quirks and shortcomings.

Beware of scam phone calls for "computer support". Your computer does NOT "report" about viruses, to nobody.
   -  This is an oldie (Feb. 2013) but still very actively exploited.

Curious about Windows 10? Microsoft has a free book "Introducing Windows 10 for IT Professionals here (scroll down just a few lines to see the title!).

Important Update for Adobe Flashplayer

Please click this link if you are looking for information on Windows 10.

Adobe released an emergency patch for it's ubiquitous Flash Player.

You should now be at least on version 18.0.0.194.

You can check the version in Control Panel, Flash Player; click on the Update tab.

Caution: Adobe gets paid to coax you to download and install McAfee Security Scan.

If you run your computer like I recommend (and may have set up) then you do not need/want this blind passenger!

Adobe's update web page looks like this:

Watch for the always pre-selected check box (big red arrow); please DE-select the check mark before you click on "Install now".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

2015-05-14 WBKV Talking Points (May 14th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

New ways to infect computers:

“… emails ostensibly sent from legitimate companies with which we might or might not have had previous business. ... often includes a link requesting to update your account. The legitimate company has no idea it’s name is being abused. Anyone who is familiar with the company might click the link and immediately have their machine attacked.”

Even small company's names are now being used.

Most malware is directed at Windows, not Mac and a phenomenal rise in malware for Android phones; Android is an open system. When installing Android apps, you give permission for the app to use various system features. Nobody who installs Android (or Windows) software reads the EULAs and permission notices; we simply accept them with a click.”
Some outrageous statements and demands have been discovered in some EULAs by people who actually read them. A list of some of the funnier ones is here: makeuseof.com.

Malicious advertising on the rise. My customers are safe if they use the computer as I recommend, that is Firefox browser with Adblock Plus extension enabled.

Windows Server 2003 will go out of support after July 14^th. You have to update! Running an outdated server is hazardous to everyone connected to it!

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

2015-05-04 WTKM Talking Points (May 4th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. It's 2015 and half a million people still click on stuff we knew was bad in the '90s. Users should stick to MS's decade-old advice and avoid executing macros

Have an LG cell phone? Running LG's Monitor software? If Yes to both your PC is at risk! LG Monitor disables UAC (User Account Control)..

Dell System Detect: All versions older than 6.0.14 are easily hacked! DSD does not get automatically updated, even if Dell's updater is running!

Motorola's DOCSIS 3.0 SBG 6580 cable broadband modem is very easy to hack! Could open your computer to the Internet. Arris, a spin-off brand, has same problem.

Verizon's Risk Assessment Team says that 2 out of 3 times a computer gets hacked the reason was a weak password. Runner-ups are clicking on links in emails and opening attachments.

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM! 

Download portals (cnet.com, download.com et al) are huge malware slingers.
 
Have your DNS settings been tampered with? Test here (but know what is correct…).

Hackers move away from Java and to Adobe Flash. Check version and update! Per 5-03-15 version 18.0.0.95 is most current. Beware: Many false downloads!

2015-04-30 WBKV Talking Points (April 30th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

Have an LG cell phone? Running LG's Monitor software? If Yes to both your PC is at risk! LG Monitor disables UAC (User Account Control)..

Dell System Detect: All versions older than 6.0.14 are easily hacked! DSD does not get automatically updated, even if Dell's updater is running!

Motorola's DOCSIS 3.0 SBG 6580 cable broadband modem very easy to hack! Could open your computer to the Internet. Arris, a spin-off brand, has same problem.

Verizon's Risk Assessment Team: 2 out of 3 times computer gets hacked reason was weak password. Runner-ups are clicking on links in emails and opening attachments.

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)? It will take time; giants die slowly

Hackers move away from Java and to Adobe Flash. Check version and update if necessary! Per 4-29-15 version 18.0.0.95 is current. Beware: Many false downloads!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
 

2015-04-06 WTKM Talking Points (April 6th 2015)

Free Panda Ant Virus bricks computers! My advice: stay with MS Security Essentials or Defender.

Danger from USB drives: A newly demonstrated device has the potential to fry the USB port and possibly other components on motherboards, even the CPU!

A test for the Superfish bug is here, removal instructions are here.

Firefox vers. 36.0.1 has protection against SF, vers. 37 (current as of last week!) further improves certificate checking!

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

Seagate reluctant to fix serious bug in some of their NAS drives.

More bugs in Adobe Flash Player! Per April 6 officially released version is 17.0.0.134!

Many fake Flash Player updates! Users are tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware! 

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

2015-03-02 WTKM Talking Points (March 2nd 2015)

Superfish (on some Lenovo laptops) is a real risk!
A test for Superfish is here, removal instructions are here.

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long term make oodles of money more than by selling the software.

More dangerous bugs in Adobe Flash Player! Current officially released version is 16.0.0.305! The catch: Many fake updates around! Mostly the user is tricked to download and install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware! 

Renewed warning: CryptoWall (new CrypotoLocker variant) spreads through advertising networks.
When you see advertisements your computer is not sufficiently protected or it is already infected with malware!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on her blog. Here is Ms. Gregoire's advice:

• If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer of.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
• Take the caller’s information down and immediately report it to your local authorities.

The supposed hack attack on French news media (after Charlie Hebdo shooting) was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table of Contents.

How Malware Gets Installed

You hear from me that your computer got infected with malware, especially PuPs, and you ask:

"How did that stuff get on my computer? I did not download or install it".

Sorry, but in most cases you did give permission to install that garbage alongside some legitimate install or update. You did not do it consciously, you got duped or tricked into allowing the installation. See this article for just one all too common example.

These tricks can have many different shapes and forms. They all are designed to trick or fool us into allowing the garbage to get installed alongside a legitimate program or update. User beware!

One of the more and more common forms is a legitimate install or update that asks something along the lines of

• Default (or Express) install (recommended)
• Custom install (for experienced users)

No matter whether you consider yourself to be experienced or not, if you click Default (which always is pre-selected!) or just click on the Next button you likely get PuPs installed. By now even software from well known names does that! Just as an example: Oracle's Java and Adobe Reader are bundled with PuPs; most downloads from well known download portals are by now loaded with PuPs. Why is that happening?

Simple answer: Money! The authors of PuPs pay for their stuff being bundled with legitimate software. There is a lot of money to be made from advertising!

Distributing viruses is illegal, distributing "search helpers"  or tool bars is not!

My advice: When you have to choose between Default and Custom installs always(!) click Custom; it is the only way to check for PuPs because so far at least they are being offered with some sort of a choice to decline or skip them.

If you are in doubt take a screen shot of the window(s) that sparked your suspicion, postpone the install and ask me in an email about it; don't forget to attach the screen shot please.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Firefox Does Not Show Adobe PDF Files

Recently I get many calls because PDF files don't show correctly in Firefox.

This is a known incompatibility between late versions of Adobe Acrobat Reader and Firefox. Here is what to do about it:

First you have to make sure you have Adobe Reader version X running. By the way, the X stands for the Roman numeral 10. As of this writing Adobe Reader's most current version is 10.0.1. You find the version number by opening Adobe Reader, clicking Help, About Adobe Reader. The version number is in the bottom left corner of the About window.

If you are on anything older than Acrobat Reader version 10 you should first download the latest version from a safe and fast download location for Adobe Reader like this one here. After the download you have to run the downloaded installer (or setup) program.

After the installation is done you have to do a simple setting in Firefox to avoid problems. In Firefox:

1. Click Tools, Options, Applications.
2. In the Options window:
   -   Find all entries for "Adobe Acrobat..." with a PDF icon (below marked red).
   For every entry:
   -   on the right side click on the entry and then on the drop down arrow (below marked blue)
   -   and select "Use Adobe Reader (default)", below marked pink.
3. Click OK and all should be fine.

The Options window should look like this:

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

About Adobe Reader

I am getting too many emails with the same questions about Adobe Reader and/or PDF files.

Since December 2008 I have written several times about issues surrounding Adobe Reader. Here are all three articles referenced chronologically:

First article December 2008: What PDF Reader?
 
2nd. article June 2009: PDF Files on the Web
 
Recently I added a rant about Adobe’s incredibly brazen attempts to disown you and me of our computers:

3rd. article January 2010: Adobe, again it’s Adobe - Shun Their Reader!

If all the above is not sufficient to help you accept the workaround I outlined in the 2nd. article then I really don't know how to help. Go the “easy route” and re-install Adobe Reader again. I will gladly come back to clean up your computer when it is in a mess again.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Adobe Shockwave – Manual Update Required!

As you can read in this article at The Register Adobe again proves to be a company that seems not to know what they want. One part of their organization wants to take the user “out of the picture” and fully automate updating as I reported here, another department goes back to the stone age and requires us to manually un-install a dangerously flawed version of the Shockwave Player before we can install the most current version.

If you think “I never used such a thing as a ‘Shockwave Player’” and maybe ask yourself if just un-installing it would do the trick then you would be badly wrong.

Adobe’s Shockwave Player is required for a vast number of web sites. Many animations and things that seem to be videos on the Internet actually require Adobe’s Shockwave Player.

What is so annoying is the fact that Adobe requires us to go the archaic route to manually un-install before we can download and install the current version.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Adobe, again it’s Adobe - Shun Their Reader!

Now this is worth reading I think; take some time, get a cup of Java and read on.
Regularly I receive a MS-Windows specific newsletter that usually has pertinent and correct information. Here is a literal quote that I think is worth reading (emphasis added):

Beginning April 13, Adobe plans to release automatic, silent updates for its Adobe Reader PDF-viewing software.

In an interview with InfoSecurity.com, Brad Arkin, Adobe director of product security and privacy, said Acrobat Refresh Manager was quietly installed on millions of machines worldwide as part of the October 2009 quarterly patch released by the company.

The new, silent updater is currently disabled. Now, as before, Adobe Reader prompts users when an update is available and lets them decide whether to install it. Adobe wants to change this because users often postpone an update until they're confident the patch won't cause problems of its own. This delay opens what Arkin calls a "window of vulnerability."

Acrobat Refresh Manager is designed to take the user out of the equation; the updates will install when Adobe wants them to. This week's scheduled Adobe Reader update will begin test-activating the new updater with "selected users."

Depending on the results of this testing, Adobe Reader's automatic, silent updater may be operational across the millions of Reader installations starting in April. The company currently has announced no plans to launch an automatic-update feature for its Flash Player or any other Adobe products.

IMHO that is a typical example of a big company taking over my computer without either informing me nor asking my consent! What Adobe’s director of privacy and security sys there means:

1. Adobe does on my computer what they want when they want it and however they want to do it. They treat my computer as if it were theirs!
2. I am being “silenced” – and I don’t like that, believe me!
3. Adobe decides to use my computer and me as their guinea pig whether I like it or not, whether I am willing to cooperate or not!

What are these idiots at Adobe thinking? That is worse than Microsoft eventually labeling new functionality that only helps them as a “security update”. I have written about Adobe’s more than questionable policies and related problems here and here.

For me the consequences are clear: Adobe Reader gets removed from all my computers! I will replace it with PDF X-Change Viewer; how to get PDF X-Change Viewer is described here.

Commonly recommended alternatives like CutePDF, Foxit Reader and eventually others will attempt to install gunk-garbage like the Ask-Toolbar and make other not desirable changes. User beware!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

PDF Files on the Web

Imagine you are on the Internet, browsing away and enjoying yourself. You come to a place where the web page offers you a PDF file. BTW, PDF stands for Portable Document Format, an invention of a company with the name Adobe. Years ago there was only one program around to show the contents of PDF files, the Adobe Reader. That situation has changed massively; we have various good PDF readers available. Most of them are smaller than Adobe Reader, much faster and many good ones are free. On top of that eventual errors or shortcomings usually get corrected MUCH faster than Adobe does it. You can read more about that here.

If you want to read that piece of documentation you either get to see the document and all is hunky dory. But on some web sites you get an idiotic error message to the effect that the system can not find Adobe Reader and you should install it. Bummer!

You happen to be on a very dumb programmed web site. Even HP does that if you want a manual from their support site.

What a web site should do is send the PDF file to the browser who then shows it to you in whatever PDF Reader you have installed on your computer. You should have a good one installed! See the article I linked to above and below.

What your web site actually tries to do is to directly load Acrobat Reader with the PDF file. That is nonsense and only understandable in a historic context; way back when there were no alternatives. There are plenty of reasons to shun Adobe Acrobat Reader. I wrote here about recent ones.

Here is what you can do to circumvent this problem:

1. Right click on the link to the PDF file.
2. Click on Save Link As...
3. Navigate to a location you know and can find again.
4. Check the file name and amend it if required.
5. Click on OK (or Save?).
6. Navigate to the file and double click it.

This sounds more difficult than it is but it is the secure way - and you have the document on your computer.

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.