How to stay safe in 2017 - Short List

Here is a short list of in my experience the most important steps you can take to keep your computer and your data safe. have I have added e few remarks for clarification.

1. Update your software.
   Not only Windows but all other regularly used programs as well;
   for a Windows PC this includes (but is not limited to)
   -   Adobe Flash (beware of fake download sites!)
   -   Adobe Shockwave
   -   Web browser(s)
   -   Email client
   -   Java (if installed; mostly Java is not needed at all!)
   -   Office programs
   We always have to keep in mind that some programs still don't update automatically and quietly in the background! Checking manually hardly ever has hurt anything.
    
2. Back-up to an external hard drive.
   Done regularly and correctly this currently is the only protection against ransomware viruses!
    
3. Use a password manager.
   For single machines see Keepass, for more than one machine see LastPass and include all cell phones and tablets in the count!
      
4. Use a unique password for every account.
   Everybody has many, many accounts; you need a password manager!
    
5. Use random passwords
   Easily done only with a password manager!
    
6. Turn on two-step verification everywhere you can.
   If you have a cell phone that you really use, otherwise this is pretty useless.
    
7. Read and think(!) before you click.
   "My" first commandment for safe computing.
    
   
8. Enable full-disk encryption
   On a single home computer? Only protects your data when the machine gets stolen.
    
9. Put a six-digit PIN on your phone and set the phone to wipe it's contents if the PIN is guessed wrongly too many times.
   

Do you have questions to any of that? Please feel free to ask them in the comments, I will reply. Maybe not immediately but I will.

Stay safe.

Java - Yes or No?

On January 14 2013 I wrote about Java. This artcle should explain what Java is.

There mainly are two opposing views about Java on home computers around.

The first one says that Java is needed so rarely that it should not be on a home computer at all.

The second one just delivers it pre-installed on all computers sold over-the-counter in case you need it.

My personal view about Java is the following:

Have it installed for the (maybe rare) case that you need it.

My reasons are:

• If we are about to do something and get interrupted we tend to react somewhat frustrated. At this time we are very likely to get directed to the "wrong" web site for the download and we will probably get some sort of "blind passenger" or gunk software that we really neither need nor want.
  You doubt that? See the real life examples in this article.
   
• Over the years I had several very frustrated customers calling me and asking why Java was not installed. In every single case some well meaning but ill advised relative, friend or computer technician had removed Java.
   
• The few MB of disk storage space that Java needs are not an argument anymore; we are in  the age of 500GB and 1TB disk drives that a home user never will fill up. It is many years since I have seen a really full disk drive.

The price we have to pay is simple:

Keep Java up-to-date - and use common sense!

In What To Update from September 18 2011 I wrote:

Here is the list of the most important things that have to be kept up to date.
Added for this article:If you don't have any of these programs installed just ignore the entry in this list:

1. Windows (better: all Microsoft software)
2. Security programs
3. ‏Firefox web browser 
4. Firefox add-ons
5. Java
6. Adobe Reader
7. Adobe Flash
8. Adobe Shockwave
9. Thunderbird email client
10. Thunderbird add-ons

My conclusion:

• It is very easy to keep Java up-to-date when you do that regularly anyway and are not stressed.
   
• At a time where you will be frustrated and impatient (you want to get back to what you were doing when you got interrupted!)  you are more likely to get tricked to inadvertently allow some unrelated gunk to get on your computer.

For the non-technical home user I install Java and admonish the user to keep it up-to-date.

Naturally it always is my customer's computer so in the end the customer has to decide if they want to live with or without Java. Uninstalling Java is easy:
Control Panel > Programs and features > Highlight Java > Right Click > Click Uninstall.

Please uninstall all versions of Java that you eventually see. Old out-of-date versions are a HUGE security risk!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

How Malware Gets Installed

You hear from me that your computer got infected with malware, especially PuPs, and you ask:

"How did that stuff get on my computer? I did not download or install it".

Sorry, but in most cases you did give permission to install that garbage alongside some legitimate install or update. You did not do it consciously, you got duped or tricked into allowing the installation. See this article for just one all too common example.

These tricks can have many different shapes and forms. They all are designed to trick or fool us into allowing the garbage to get installed alongside a legitimate program or update. User beware!

One of the more and more common forms is a legitimate install or update that asks something along the lines of

• Default (or Express) install (recommended)
• Custom install (for experienced users)

No matter whether you consider yourself to be experienced or not, if you click Default (which always is pre-selected!) or just click on the Next button you likely get PuPs installed. By now even software from well known names does that! Just as an example: Oracle's Java and Adobe Reader are bundled with PuPs; most downloads from well known download portals are by now loaded with PuPs. Why is that happening?

Simple answer: Money! The authors of PuPs pay for their stuff being bundled with legitimate software. There is a lot of money to be made from advertising!

Distributing viruses is illegal, distributing "search helpers"  or tool bars is not!

My advice: When you have to choose between Default and Custom installs always(!) click Custom; it is the only way to check for PuPs because so far at least they are being offered with some sort of a choice to decline or skip them.

If you are in doubt take a screen shot of the window(s) that sparked your suspicion, postpone the install and ask me in an email about it; don't forget to attach the screen shot please.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Gunk - Everyday Examples

On September 16, 2012 I wrote about a very bad example of a useful program trying to trick us into installing lots of unwanted software; admittedly this was an exceptionally bad example. 

Last week I got my most beloved question about malicious and unwanted programs one too many times. It is the question "But how does this sort of program get on my computer? I certainly did not install it."

Here is my reaction to all this: Dear customer, you did it, I bet!

Let me show you some examples. Today I deliberately used the automatically appearing reminder to update Java; I used the mechanism that every unsuspecting computer user gets offered. The first program downloaded was a downloader which then in turn downloads the actual update.

This and other "download" programs download not only the real updater program that you want and need, no, they almost always offer some unrelated software sort of disguised as part of the actual update, here Java. The installer for the Java update showed several common windows to select the location for the install, agree to the ubiquitous End User License Agreement and so on. And among all these small windows was this one:

The title shows clearly that Java Setup is running, see the blue marking. If you read the text in the window, and you should read it, you see that they, whoever that may be, "... recommends insrtalling the FREE Browser Add-on from Ask, see the green marking. And then it comes:

Two lines that very clearly state what the gunk software wants to do:

• Install the Ask Toolbar and
• "Set and Keep" Ask as the default search provider.

And the check boxes in front of the text are pre-selected, naturally! Please see the red marking.

The "Set and Keep" is really tricky. Not only do they change your default search provider, they also tell the web browser not to allow future change.That means you can not just go in and set the browser back to the search provider of your choice. 


Every single of my customers has heard me saying: Toolbars are POISON for computers, no exceptions and no matter whose name they carry, no matter where they come from, no matter who made them and no matter what they promise.

We have to read these little windows, see that there are pre-selected check marks and let our common sense tell us that the Ask Toolbar and Search Page have absolutely nothing to do with Java. We need to un-check both check marks or our web browser will be messed up - and then it will get worse and worse and in the end effect some of you will call me for help.

Update 2014-01-16:

Here are more examples of the same process with different optics and different "gunk" to be foisted on our computers.

 

Updating Adobe Shockwave player would install Norton Security Scan.

Or, in different optics and different content because downloaded from a different download site:

 

IMHO the worst example because even Google employs these sneaky tactics:

This is how Google Chrome got on your computer Jerry G, you did allow it's installation.

Make no mistake, these things can happen with any installer or update of any program. Isn't it a shame that even well known big companies like Adobe, Oracle, Symantec (Norton products), McAfee and others employ these sneaky tactics trying to dupe us into installing something else than what we want?

Please save yourself the aggravation and some money, simply by paying attention!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

BIG Trouble With Java

Have you read or heard about the government recommending to disable Java?

Are you concerned about these warnings?

Or are you wondering if the warnings apply to you?

If you answered "No" to any of the questions above then please wake up, be concerned and do what needs to be done.

A wee bit of background information: Java is a programming language that makes programs largely computer independent. That means any program written in Java should run an any given computer.

The number of viruses written in Java has recently exploded. And some very nasty viruses are among these newcomers.

The software system that has to be installed on your computer to make Java "work" has found to be faulty; thus it endangers most computers.

On ALL my customer's computers Java is installed since it is required for some web sites and here especially for some web sites with games.

Java has to be turned OFF in all web browsers now! 

If a web page requires Java you better stay away from this web site, especially sites with any kind of games! Well, if it is a web site from a company, college or public administration that you have good reason to trust then you can enable Java in Firefox (or Google Chrome) and only for this web site.

You can follow the instructions in this article to easily disable any Java programs (called Java applets) running in Firefox or Google Chrome.

If you want to avoid Java running in any other web browser and if you have diligently kept Java up-to-date you can follow the instructions in the first three paragraphs of this article. "Diligently kept up-to-date" means you have Java version 7 Update 17 installed (per March 4th 2013).

Some related background information is in this article. 

Update 1/21/2013: here a quote from The Register:

Separately Trend Micro warned earlier this week that the latest Java security update may be incomplete. The update attempts to address two security bugs but fails to quash one of these completely.

The security firm advises users to avoid Java where possible, particularly as a plugin to their browsers, where the main danger arises. Users obliged to use Java, perhaps on the small percentage of sites which require it or for work-related reasons, can minimize their exposure by disabling Java on their main day-to-day browser and using a secondary browser with an enabled Java plugin solely for those sites. This tactic for minimizing exposure to Java-based attacks is advocated by many security firms.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

What To Update?

Update May 2019: Please read this article, it supersedes what follows here. 

Revised September 18th 2011 and October 3rd.

All to often I hear from customers remarks like “There are always these reminders to update this or that but I am afraid to do something wrong so I always say NO”. I do understand the basic impulse behind this reaction; I always ask “Why didn’t you ask me?”. And that is where we usually have to leave it because I am at their home to do a job.

There is an easy answer to the title question: “Every program you use”. But I realize that this answer raises for most of my customers even more questions; it appears that is not a correct answer.

Here is an updated attempt to put together a list of programs that IMHO should always be kept up-to-date. Please respond with as many suggestions, critical remarks and questions as possible right here in the blog by using the Comment feature. I hope this list will grow and become a good point of reference for the ubiquitous question “What should I Update?”. The bolded words are a list of what you should keep up to date.

Windows itself and all other programs from Microsoft need to be kept up-to-date all the time. My experience shows over and over that the standard Windows feature called “Automatic Update” is not really dependable. On computers I have set up you will find a desktop icon for Windows Update or Microsoft Update. Although the background color will be different on your computer they look like this:

     Windows XP              Vista/7

When Automatic Updates has worked it may show you a small icon in the tray area (bottom right corner of the screen).

          
Windows XP       Vista/7

When you rest your mouse cursor on one of these icons Windows will tell you for example that “Updates are ready for your computer. Click here to install them” or “Updates have been installed. Click here to restart”. Well, please do that; Windows is telling you that important security relevant changes have been made and you need to allow Windows to complete this process!

Any and all security programs like anti virus, adware- and spyware scanners and the like have to be kept up-to-date.

Your web browser, hopefully Firefox, has to be kept up-to-date. It should check for updates automatically but this sometimes just does not work. Firefox for example allows you in the Help menu in About Firefox to check for an eventual update like this:

 

Another important thing are Firefox add-ons (also called extensions), little programs that add functionality to the web browser like weather status, blocking of advertisements and color coding of dangerous web sites in Google search results. Currently I install three extensions: Adblock Plus (block advertisements from known commercial advertisement servers), Forecastfox (weather info) and Web Of Trust (warns of unreliable web sites in search results). Firefox may ask you to check for Updates for installed add-ons.

After you have done the check you may be told that there are updates available; allow these updates to be installed!

If it tells you that “No updates were found” just close the window.  

Another slightly more detailed representation of Firefox Add-ons on my blog is here.

Update 03/0/2016:
Java is a computer system independent programming language that used to be widely used on the Internet. It has so extensively been abused to distribute viruses that it hardly used any longer.

I do no longer install nor support Java. If for any reason need to have Java installed keep reading, all others please remove Java from your computer(s) and skip to Adobe....

All too often I find computers with terribly outdated Java installations; this is like playing Russian Roulette with a revolver that has five of six chambers loaded. Java mainly gets updated to fix security risks and there are many Java viruses out there that just wait for a computer with an older version of Java. 

The newer versions of Java have an Auto-Updater that should check at least once every month for updates.You find the most current version Java on Filehippo.com.

If you get a Java update you are NOT done yet, sorry. Newer versions of Java since about one or two years will normally remove older versions but they can do that only in a limited fashion. You have to check manually that there are no older versions left on your computer!

In Control Panel click on Programs and Features (in XP click on Add/Remove Programs). In the resulting list look for any Java entry with a version number lower than the highest, that is the most recent one. If you find older Java entries highlight them and click on Uninstall (or Remove). Here is what is current per Sept. 19, 2011, example from Windows 7:


Naturally this will change with future updates or releases.  

Adobe Reader, Adobe Flash and Adobe Shockwave are ubiquitous on the Internet and important to be kept up-to-date. Here is how you can check for updates yourself:

1. Adobe Reader: Help menu, Check for Updates will tell you...
2. The About Adobe Flash Player page has to be visited with every web browser that you use regularly.
3. Adobe Shockwave Player; when you see a version number in the graphics box then you have the most current version. If not then please update immediately!

Please see below the paragraph beginning with "For the technically inclined reader…".

If you use the Thunderbird email program it too needs to be kept up-to-date. In Thunderbird you can check for an eventual update in Help, About Thunderbird. You will see something like this:

 

For the technically inclined reader I recommend Secunia PSI, a free program that will tell you when ANY program you have installed needs to be updated. 

Here is the list of the most important things that have to be kept up to date:

1. Windows (better: all Microsoft software)
2. Security programs
3. ‏Firefox web browser 
4. Firefox add-ons
5. Adobe Reader
6. Adobe Flash
7. Adobe Shockwave
8. Thunderbird email client
9. Thunderbird add-ons

Please help to improve this list by making suggestions in comments.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

LibreOffice - What Is It - Installed Correctly

Once upon a time there was an office software suite called OpenOffice, worldwide free (as in no money!) and used in many European and third world countries. OpenOffice was an OSS system. The technical infrastructure (server computers, storage space a.s.o.) for this sizeable project was mainly supported by Sun Microsystems, a now defunct computer manufacturer. Then the software behemoth Oracle Corp. bought Sun and got OpenOffice as an Easter egg with the whole basket. They, Oracle, imposed some fees and apparently a whole lot of red tape and typical "big company" overhead which did not sit well with many of the major developers, that is the programmers who mostly as volunteers wrote the code and did all the nitty-gritty detail work.

Quote from another blog:

"Oracle's imposition of fees for some OpenOffice capabilities caused some of the venerable open source office suite's creators to head out on their own and create LibreOffice as a truly free OSS tool."

So the developers of OpenOffice spoke, parted from Oracle's realm and alas, we had LibreOffice.

Basically LibreOffice is almost exactly the same as OpenOffice, only better. Better because it can read files from Microsoft Works and Word Perfect and handle SVG graphics files.

There are two major differences:

1. OpenOffice came with an always outdated Java version and LibreOffice requires a Java environment already installed on the computer. If I have set up your computer that is covered. If I did not set up your computer you need to install the most current version of Java and remove all older versions.
2. OpenOffice came with Help files integrated in one huge download, LibreOffice comes in two files; you need both.

There are a few things you ought to know if you want to install LibreOffice.

1. Install or update to the latest version of Java (as of July 2011 version 6 update 26 is current).
2. Remove (un-install) all eventually still existing older versions of Java.
3. Remove (un-install) OpenOffice - if it was on your computer at all.
4. Download LibreOffice from this web page. As of end of July 2011 the current stable version id 3.4.2. You need two files:
   1. LibO_3.4.2_Win_x86_install_multi.exe, the LibreOffice installer program.
      Caution: This is a 214MB download!
   2. LibO_3.42_Win_x86_helppack_en-US.exe, the installer for the Help package.
   3. Above version numbers will be different for future versions!

Some important installation instructions (not meant to be comprehensive!):

Install LibreOffice itself by running the installer in file LibO_x.x.x_Win_x86_install_multi.exe.

For everything here not explicitly mentioned you can accept the default values/selections.

When you are being asked to select the type of installation please select Custom:

You will have to de-select the following features:
In Optional Components the Python-UNO Bridge:

In LibreOffice Program Modules de-select Draw, Base and Math; it should look like this:

Then select all three Microsoft Office modules:

Install the Help package by running the installer in file LibO_x.x.x_Win_x86_helppack_en-US.exe.

With these hints you should be able to install LibreOffice with the ability to open and write Microsoft Office Word, Excel and Powerpoint files. If you prefer to have me do the installation then please download both files that I mentioned above, I can do the rest remotely.

After the installation you will find two folders named "LibreOffice 3.x (random) Installation Files" and "LibreOffice 3.3 Help Pack (English) (random) Installation Files" on your desktop. Please delete these two folders.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

On Java

I am writing this while on vacation because it is so important that I want it to be out as soon as possible. Again it underlines the requirement to proactively check for updates regularly; that means not when you happen to remember, once a month or anything like that. Do it at least once every week if you want to stay safe. Those updates have to be done for security reasons, not to just have the newest gadget!

In the following I will quote from an Australian computer technicians blog and add my comments right after a quote.

This past year something has been brewing in the underbelly of the Internet that has only recently come to light, causing security experts to sit up and taking notice.

Exploits on Java have multiplied tremendously in number and they are proving to be incredibly effective.

Many of you may have heard of rogue programs; some of you may even have had to battle one or call me for assistance. Much of that is due to Java.

Three recent vulnerabilities in Java have paved the way for malware exploitation and all three have had patches available for some time.

So why in all the world don’t people keep the software in their computers up to date?  Actually, this is a rhetorical question; mostly because people never have been told, some don’t do it because of complacency and all don’t do it because Microsoft did not design a “standardized” method to do it.

… notable is that two of the [Java] vulnerabilities went from hundreds of thousands of attacks per quarter [year] to millions.
Now that we know what is going on, what can we do to avoid malware drama?

Make sure to update Java frequently; in fact, a very important update for Java was just released today [Oct. 18 2010] with fixes for 15 highly severe vulnerabilities.

I have updated the Java paragraph of my article on What To Update to reflect this renewed importance of keeping Java up to date.

As of October 18, 2010 the most current version of Java is 6.0.22. In Add/Remove Programs on Win XP or in Programs and features in Vista and Win7 the entry looks like this:
I recommend to remove (or uninstall) all other Java versions. Future updates or releases will have higher version or update numbers. All eventually left behind older versions need to be removed manually, that is from within Add/Remove Programs or Programs and Features respectively.

Make sure you check for Java Updates regularly!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.