Category Archives: Uncategorized

Time to pick on Apple

Microsoft gets a lot of bad press. They’re easily picked on. They produce the most widely used software in the world. Their operating system is the most widely used operating system in the world (source: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0). Don’t get me wrong, in so many respects they deserve it. I will reserve my opinion of Windows 8 for another post (need I really say more?); for now, I’ll simply remind readers of Windows Vista and Windows Me; Office 2007 and 2010.

Most aggravating, in my opinion, is the way the user interface is changed so drastically. Microsoft seems to get some sort of perverse satisfaction from changing even some of the most commonly used features of its software and OS, seemingly hiding things on purpose. So you search and hunt, perhaps resorting to a quick Google search, only to finally locate what you were looking for and, alas, it looks and feels and performs exactly as you’ve known it for years!

I cannot count how many times the above scenario happens to me on a daily basis. My computer usage is all over the place. It is hard enough to learn the locations of the many apps, utilities and features I use, let alone relearn them!

But wait, you say! This article’s title implies a rant against Apple. I’ll get to that now!

Apple is no different! As I mentioned, my computer use is incredibly diverse. I use many software applications, utilities and operating systems on a daily basis. Apple flies under the criticism radar partly because their fans are so loyal, one dare not criticize the underdog and partly because of what seems to be a cultural phenomenon: if you have trouble using an Apple device, there is something wrong with you, not the device, because they are so easy to use!

I recently upgraded my MacBook Pro to the newest OS X, Mavericks. It has been no less a frustrating experience than any update or upgrade that Microsoft has provided. My machine runs slower, applications suddenly broke and things have been changed to the point of frustration. Case in point: this evening, I was looking for the Network Utility app. It is a great tool that Apple includes with OS X, but it is not the kind of application that I have cause to use on a daily basis. It has always been in the Applications > Utilities folder. Not any longer! Now where is it? In the /System/Library/CoreServices/Applications folder! Now why didn’t I think to look there?!

New, dangerous, malware threat: ransomware

I don’t want to sound alarmist, but I have a responsibility to you and your data safety.

There is a new and dangerous outbreak of computer virus going around. I ask that you continue to be extra vigilant so that your data and files are not affected. Not only would data on your computer be affected, but data on any “shares” would also be affected.

Ransomware, has been around for a while. Most of what I’ve seen is accompanied by an FBI warning. The screen indicates that you are infected, or that you’ve been logged in participation of some illegal activity. Further, you are prompted to submit a sum of money to get yourself out of the situation, hence the name, ransomware. This particular threat takes the idea further. It encrypts your files so that they are inaccessible until you pay the sum, at which time the software will decrypt your files and return them to you. The consensus of opinion in the field is that, barring being able to restore a usable recent backup, there is no way of recovering your data without paying the ransom.

Remember this: the most common method of infection is by way of the computer user.

The best preventative method is user education. Here are the best tips to avoid infection:

1) Please make sure that “Hide extensions for known file types” is disabled in Windows Explorer on your computer. Instructions are below. I’ve posted here on that topic before!

2) Please do NOT open email attachments with the file extension “ZIP” or “EXE”, most importantly. Other file extensions, including PDF can contain threats. Know the sender and if in doubt ask for assistance.

3) Be aware that people try to trick you into thinking files are safe by trying to hide the extension. For example: filename.pdf.zip is a ZIP file and immediately suspect and dangerous. (This is especially dangerous if “Hide extensions for known file types” is enabled because the previous example would appear as a pdf: “filename.pdf” – note: the hidden extension is “.zip”)

4) Please be suspect of PDF files you receive by email. If you don’t know the sender, ignore it. If it looks suspect or something doesn’t seem right, it probably isn’t. I see many fictitious emails sent from “Administrator”, or even my own email address or domain, with subject lines such as “invoice attached”, “Payroll reports”, “purchase order” – all sorts of ways to trick you into thinking the attachment is not only legitimate, but important. BEWARE!

5) Install all updates – to Windows, to Adobe Acrobat, to your anti-virus application.

6) Back up, back up, back up – back up your files!!

How to disable “Hide extensions for known file types”

Windows XP users: Double click on My Computer. Choose the Tools menu, then Folder Options. Click on the View tab, and in the box labeled Advanced settings, scroll down until you see “Hide extensions for known file types” and make sure that there is no check in the check box. Lastly, click OK.

Windows 7 users: Click the Start button, then Computer. Press Alt + T on your keyboard then click Folder Options. Click on the View tab, and in the box labeled Advanced settings, scroll down until you see “Hide extensions for known file types” and make sure that there is no check in the check box. Lastly, click OK.

Article: http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/

Windows

Interesting tidbits in the news:

According to a netmarketshare,com Desktop Operating System Market Share report, 31.41% of all PCs still utilize Windows XP. That’s estimated at over 500 million!

Guess what? In April of next year, Microsoft is discontinuing support for Windows XP. That means that in excess of 500 million computers will no longer be patched against latest hacks and malware techniques.

In other news: According to ZDNet.com citing another report at netmarketshare.com, Windows 7 sales seemed to have outpaced Windows 8 sales over the last quarter.

Hide extensions for known file types – NOOOOOOO!

Why Microsoft? Why?

By default, Microsoft Windows (all versions since XP to my knowledge) have the “Hide extensions for known file types” option on by default in Windows Explorer. This can be a huge security risk, I am left to wonder why Microsoft set it that way.

How is it a security risk? The problem exists with both downloads and email attachments.

Because file extensions are hidden, all a nefarious soul must do is add a familiar “extension” before the actual, hidden extension to potentially fool the user into thinking the file is safe. For example a file that appears to be named “personal.pdf”, could actually be “personal.pdf.zip”, or worse, “personal.pdf.exe”.

Do you see the problem? Because the file extension is hidden, malicious spammer can hide the true file type by adding another “.” (dot or period) and three familiar character sequences to disguise the actual file type.

Someone who is in a hurry, or not paying full attention, not on guard, may think they are opening a Word file, when in actuality, they are executing a malicious program, such as a trojan or virus.

Do yourself a favor: right now, open a Windows Explorer window (simply double click on My Computer, or Computer) and choose the Tools menu. In the newer versions of Windows, Microsoft hid the menus too (thanks Microsoft! – sarcasm off), hit the “Alt” key, then the “T” key while holding “Alt”, then choose “Folder options…”, then click the “View” tab and scroll until you see “Hide extensions for known file types”. Remove the check from that option and click the “OK” button. Now the actual file type will be evident in the file name. You’ve just eliminated one more vulnerability.

Backup, backup, backup

“Save and save often” used to be the computing mantra. These days computers are so much more reliable, you don’t hear that phrase repeated as often. Power outages, bugs and crashes could send people into a fury who had been working diligently on a file or document only to have time and productivity lost when the screen went black or blue. Although not as often, it does still happen – though this post is about backups, I thought I’d remind you to save and save often…

You do back up your files, don’t you? Hard drives fail. They do. I see it all the time. There are instances when you do receive some kind of warning and you have time to create a final backup before replacing the failing hard drive. Other times, there is no warning.

Time was, when it required a fairly good bit of misfortune to lose everything: precious photos of relatives who’ve passed, of your son or daughter’s first day of school, video of baby’s first steps, graduations, you get the point, misfortune like a house fire or a leaky roof, or flooded basement. In this digital world, all that is required is a hard drive failure.

You have to back up your files and data! It is not only personal photos and video at stake. I have experienced people who’ve lost hundreds of dollars in music purchases. We never really had much to worry about with albums, cassettes or CDs, but now with music and video downloads there is much at stake. All of your email communication could also be lost. Not to mention data files and documents. With hours of labor involved, it is hard to attach a monetary cost to such items.

Put in perspective, spending $150 to $200 for an external USB backup hard drive is cheap insurance to protect your digital valuables.

Personally, I use a Synology server, which I mentioned in a previous post. It was much more expensive than a simple external back up device, but still when compared to the value I would stand to lose, it really is cheap insurance.

Why I don’t like “Cloud computing”

It was announced that on July 1st, 2013, Google will shut down Google Reader, an application for organizing and reading favorite web sites and blogs via RSS feeds.

Google’s decision is as a result of declining membership: “While the product has a loyal following, over the years usage has declined. So, on July 1, 2013, we will retire Google Reader.” as indicated on their Google’s blog.

One of the benefits that developers of cloud based applications claim is that you do not have to purchase and install updates or upgrades. Because the application is cloud based, when updates and upgrades are applied, all users instantly benefit.

I do use cloud based services. I’ve used QuickBooks Online, Dropbox, and Gmail among them.

I’ll never embrace them fully. What happens when an update applied is something you neither want nor need nor like? Applications that are actually installed on my own machine allow me to decide for myself whether I want to upgrade or not. What happens if a service is sold or shutdown? As recently happened to me with an anti-spam filter, and now with Google Reader. What if the provider determines that the service is no longer for their benefit, what about your benefit? Finally, although some amount of privacy protection is written into most services Terms of Service, some more than others, how private is your information when transferred over the internet and stored on someone else’s machine? Couple that with the fact that, as any Facebook user knows, terms tend to change. Here’s another relevant article about cloud storage privacy.

I like the “old way”, LOL!

I store my own files and data on my own computer and back up accordingly. I use Dropbox merely for convenience and the ability to share files with others. My primary email accounts reside on my machine and I back up my email boxes. When away from the office, I check via web based email or on my mobile. I buy a software license and install the application to my computer. I have the freedom to decide whether I update and upgrade or not.

Better Understanding of Malware

I have repaired many computers and have encountered most forms of malicious software. The question I am asked most often by the infected party is “How did it happen?”. After the fact, that is a very difficult thing to determine.

The term “computer virus” has become a catch-all phrase that incorporates all forms of “malware”, “spyware”, and “adware”. The thread that binds these malicious programs together is the fact that they are employed for nefarious purposes. The differences, briefly, include the “worm” which can travel from machine to machine over a network exploiting security holes in operating systems and programs, the “virus” which is self-replicating and must be executed (run – like any other program), and the “trojan horse” which, true to its name, presents itself in some friendly way, concealing malicious intent, and must also be executed.

The best way to avoid worms: keep your software and operating system up to date by installing the latest security patches, and use a firewall.

To avoid viruses: install and run a reputable antivirus program, and keep it up to date. Don’t install software if you don’t know where it came from. If it’s free, unless it was recommended by a reputable source, I avoid it. Avoid file-sharing: music and video are commonly shared files and often the source is unknown. Avoid opening email attachments where the file ends in “.exe”, “.zip”, “.bat”, “.com”, “.vbs”, “.scr” to name a few (make sure “Hide extensions for know file types” is unchecked in Windows Folder Options, under View). Be careful of Microsoft Office files that contain “macros” – again, know the source.

To avoid Trojan Horses: remember ‘”all that glitters is not gold”, know what types of alerts are legitimate Windows alerts and know the legitimate alerts from your particular anti-virus program. Also, follow the steps for avoiding viruses.

With regard to email messages, don’t fall for messages that try to create a sense of urgency with statements like “Your account has been compromised” or “Your account information has been stolen”. These email messages generally provide a link where you can “log in” to correct the situation. In reality, these emails are cover for a “phishing” scheme where you are lead to a phony web page, created to look incredibly realistic. Once you enter your log in credentials – you’ve just given the schemer all he/she needs to know: that you have an account at Bank of America/Wachovia/TD Bank, that your user name is XYZ and your password is 1234.

Look closely at the link contained in the message. Generally, a user friendly address is provided indicating ‘bankofamerica.com/login’ when the address behind the link is along the lines of ‘bankofamerica.iwillgetyou.com/login’. As you should be suspicious of strangers at your door, or telemarketers asking questions like ‘what’s your street address?’ and ‘What kind of security system do you have?’, you should also be suspicious of an email telling you that your account has been compromised and providing a link for you to ‘log in’. If you are unsure, log on to your account by typing the actual web site address yourself, or by using the link saved to your “favorites” – or call the company in question and ask if they sent out an alert. Most companies will tell you that they would never send out an email of that nature and would instead suspend your account until you reinstate it. By the way – Microsoft will never contact you by email to let you know that there’s an update you need to install.

Recently, I received a call from someone who was very alarmed by what she was seeing on her computer screen. Apparently, there were pop-ups and messages indicating the presence of “viruses” and “trojans”. Not knowing whether those pop-ups were legitimate or not, I suggested that she simply power off the computer. She did better than that! She put it into standby which enabled me to later pick up right where she left off. Because of that, I was able to document a trojan attack attempt. I detailed it in the hopes that it will help you guard yourself against similar attempts. Visit the next page if you’d like to see a malware attack in progress.