Wednesday, October 30, 2013

Windows 8: What the Rest of the World Thinks


Recently on a Microsoft run web site and Windows 8 blog I ran across a reply to an article written by a Dutch IT consultant.

It summarizes what I have glanced from many, many similar comments I have read. I have modified some language and grammar quirks and fixed some misspelled words to convey the meaning correctly and in correct English.
Yes  it's true; Microsoft wants us to massively migrate to Microsoft based cloud based services. But in my country that will not happen as Microsoft wants it, especially   because these "virtual cloud services" are to 85% physically located within the USA.  
That is for most foreign people simply unacceptable. It's not only for reasons like privacy, piracy, taxes, company secrets - there is also a difference in mind-sets.
What if our sensitive data sits there in a physical data center somewhere in the US of A, and 'shit' really starts happening, like for instance war, wide spread diseases, natural disaster, terrorism attack, you name it -  anything could happen anywhere.
Foreigners don't trust CIA/FBI/NSA that much, we learned from the past months.
My customers are saying..., even refusing, to migrate their financial and sensitive business data to somewhere in the 'Microsoft' or even  the 'Amazon cloud'; abroad, unknown where it really is, in a far away foreign country, and nobody knows, or even checks what is happening to their data. It may be leaked to the NSA, via a built-in back door when Micro$oft sold this opportunity to the NSA/US-Government.
 No, sorry, not with us!  We aren't like that!
We even don't come close to this kind of behavior.
Yes, people in other countries don't trust their sensitive data into American hands; they approach privacy questions with a totally different mind set.

Maybe Microsoft's management better begin to acknowledge that not everybody will follow to where they, Microsoft and others, want to lead us?

What may be good for Microsoft may not be that good for the other 310+ million Americans. And what may be "good for Microsoft's America" may not be that good for the other 95% of the world population. 

In my opinion this is NOT a technical problem, it is an ethical problem. There are just too many of us who check their ethics and morals at the entrance of the office building before they begin their daily jobs.

No, it's not government agencies or organizations or companies that "do the wrong thing"; all these entities are run by people that collectively make questionable decisions.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.



Monday, October 28, 2013

How Malware Gets Installed


You hear from me that your computer got infected with malware, especially PuPs, and you ask:
"How did that stuff get on my computer? I did not download or install it".
Sorry, but in most cases you did give permission to install that garbage alongside some legitimate install or update. You did not do it consciously, you got duped or tricked into allowing the installation. See this article for just one all too common example.

These tricks can have many different shapes and forms. They all are designed to trick or fool us into allowing the garbage to get installed alongside a legitimate program or update. User beware!

One of the more and more common forms is a legitimate install or update that asks something along the lines of

  • Default (or Express) install (recommended)
  • Custom install (for experienced users)
No matter whether you consider yourself to be experienced or not, if you click Default (which always is pre-selected!) or just click on the Next button you likely get PuPs installed. By now even software from well known names does that! Just as an example: Oracle's Java and Adobe Reader are bundled with PuPs; most downloads from well known download portals are by now loaded with PuPs. Why is that happening?

Simple answer: Money! The authors of PuPs pay for their stuff being bundled with legitimate software. There is a lot of money to be made from advertising!

Distributing viruses is illegal, distributing "search helpers"  or tool bars is not!

My advice: When you have to choose between Default and Custom installs always(!) click Custom; it is the only way to check for PuPs because so far at least they are being offered with some sort of a choice to decline or skip them.

If you are in doubt take a screen shot of the window(s) that sparked your suspicion, postpone the install and ask me in an email about it; don't forget to attach the screen shot please.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Wednesday, October 23, 2013

Beware the Tricks When Updating to Windows 8.1


Oct. 26, 2013 Important Update: Please pay attention to the text after #6 and #7 below.

Just to have it done I decided today to update a customer's system from Windows 8 to 8.1. A few things caught my attention:

Depending in the speed of your internet connection and on the speed with which Microsoft delivers the download brace yourself for anything between 15 minutes and one to three hours - just for the download.

The installation speed will depend mainly an how fast your computer is and how fast or slow your disk drive is; it will take anything from 20 minutes to an hour or even more.

Microsoft came up with new tricks to get you to set up a Microsoft Account. BEWARE! I simply left the fields for name, email address and so on empty and clicked Next. Totally not intuitive but I got the old local account back. See below after #6.

The last of the preparation screens brought the surprise with the following six questions, all with ON (that is Yes, do it) preselected, quoted literally but emphasis added by yours truly:
  1. Use Bing to get search suggestions ad web results in Windows Search, and let Microsoft use my search history, location, and some account info to personalize my experiences
     
  2. In Internet Explorer, use page prediction to pre-load pages, which sends my browsing history to Microsoft
     
  3. Let apps use my name and account picture
     
  4. Let apps use my advertising ID for experiences across apps
     
  5. Let Windows and apps request my location from the Windows Location Platform
     
  6. Get better protection from malware by sending info and files to Microsoft Active Protection Service when Windows Defender is turned on.
Do I need to talk about the obvious privacy issues with points 1 through 5? I hope not...Needless to say, I set all switches for questions 1 through 5 to OFF.

Point #6 makes sense, we all need better malware protection. But at this point in an upgrade I would appreciate to have at least some sort of "What is that?" available to learn what info is reported to Microsoft. But no luck here, there is nothing of this kind.

By now I have updated two machines from Windows 8 to 8.1.

The first machine I updated was an OEM installation; this means that Windows 8 was installed and licensed by the manufacturer and delivered with the computer. The system was set up to work with a local account.

The second machine I updated was my own laptop that I always have with me on customer visits; it runs a retail copy of Windows 8, that is a copy I bought myself from Microsoft in the early days of Windows 8. This machine was set up to work with a local accountas well.
 
To my surprise the second machine showed during the initial setup of Windows 8.1 two more windows. At that stage of operation I did not yet have a screen shot program available so I need to try to describe these windows verbally.

The first of these additional windows asked without any explanation for my email address, name and other IMHO personal information. I did not supply any information but "took the plunge" and just clicked Next.

The second screen then gave in small, easy to overlook lettering the option to "Continue with your local account". That was what I did and the machine works beautifully.

The text after #6 IMHO shows two things:
  • Microsoft becomes ever more ruthless and blatant in trying to lure us into using a so called Microsoft Account. IMHO this is arm twisting!
     
  • There is a functional difference between updating an OEM version and and a retail version of Windows 8. This is in opposition of what Microsoft people say in their company blogs.
If you have a metered internet connection with a cap on the volume of data per month then numbers 1, 2, 4, 5 and 6 increase the risk of going over the data limit; and that gets expensaive really fast.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
  

Warning: Old Fiend With New Muscle


In the title I say "old fiend" and it is an old adversary in new clothes and with significantly more muscle. 

Instead of repeating the background story please first head over to my September 2012 article and come back here after you have read it.

So what's new?  Besides the new name, Crypto Locker, a couple of major improvements have been made to that nasty piece of maliciuos software:
  • The encryption is now "NSA grade", meaning there is no way out! Your data files most likely will remain lost!
     
  • The ransom has been raised in some variants of this malware  to close to $1000.
     
  • Now even files on other than the system drive C: will be encrypted. That renders restore partitions useless.
  • Is your backup disk permanently connected to the computer? Then the files on this drive get encrypted as well and all your backups are totally useless!
     
  • Now even files on network connected other computers can get encrypted.
     
  • Many victims that actually did pay the ransom got a decryption key that did not work! Their files remained inaccessible and were totally lost.
     
  • To pay ransom in some instances credit card information was given to the obviously wrong people; credit cards got maxed out in minutes! That is much more trouble than the loss of years of pictures, emails and other files!
     
  • Many attempts to save files turned out to be more expensive than a brand new computer would have been, Even with a new computer your files remain lost!
So far, and that may change soon, CryptoLocker 
  • arrives on victims computers in an email from an arbitrary sender they often don't know.
     
  • arrives on victims computers as an email attachment; this requires the victim to explicitly execute the attachment, that is double click on it and eventually even ignore the warning from Windows about running a downloaded program.
     
  • arrives on victims computers after the victim clicked on a link in an email without first checking the link and it's real target.
You say you don't do either of these arguably fairly dumb and dangerous things? Good for you! Are you 100% certain that everybody who eventually uses your computer is as careful, as attentive and as cautious? Think about your sweet teenage granddaughter, your kid's friends, visitors and so on.


You ask why your anti virus program did not catch the bad program? Simply because this form of CryptoLocker is new. It requires time and quite some effort to design detection methods and find secure ways to neutralize these modern and very sophisticated threats.

As of this writing we all are unprotected and need to use due diligence. Always wear your common sense hat!

The only currently known "protection" against damage by CryptoLocker is to have a recent image backup of your system drive and/or to have a set of restore DVDs that were created when the system was still functioning correctly.

If you need to use either of the aforementioned a System Repair disk is required. Did you already create one?

If you need help to set up a sensible backup routine and/or to create the disks mentioned above please contact me. You find a useable email address in the left sidebar at the end of the text titled "Welcome".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
 


Old Scam - New Clothes

A scammer from India came up with a new twist of an old ruse.  Look at this screen shot of the offending email as shown in my email program:...