It seems apropos with all the recent chatter about our country’s Constitution to discuss a well known bon mot from an eminently quotable founder, Benjamin Franklin.
Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.Benjamin Franklin, 1789
I make no claim on being nearly as clever or influential as our esteemed sixth president, but I can say with some confidence that we should add a third certainty: hard drive failure. If my thirty-odd years of working in technology has taught me anything, it’s that devices can and will fail. Whether it’s a device that is spinning magnetic platters at thousands of revolutions per minute, or tiny bits of metal and mineral pushing millions of tiny sparks around an object the size of your thumb nail, the laws of nature say that at some point, chaos wins and your orderly world of ones and zeroes turns into a lot of, “Oh no’s…”
“If you fail to plan, you are planning to fail.”
You can probably guess who said that, right? I’m pretty sure Mr. Franklin would have felt right at home with today’s technology. This week alone I’ve seen more hard drives fail than feels comfortable, and in at least 2 of those cases, the individuals did not have a backup of their data.
Mechanically, all hard drives will inevitably fail. Even though most models are supposedly built to run for years of non-stop operation, statistically, we are seeing that the average life span of a spinning hard drive to be between four and six years. Just because you’ve got a hard drive that seems to have beaten the odds and is still performing like a champ, the opposite is way more likely – you are working on borrowed time. And the same goes for drives that are younger – just because they haven’t hit their expiration date doesn’t mean something can’t go wrong.
Instead of planning to fail, why not plan for failure by backing up your data? For less than $100 a year you could be backing your data to the cloud with essentially zero effort. It almost takes more effort to not back up your data given how pushy Microsoft is with OneDrive, so why aren’t you you backing up your most important digital assets?
Image courtest of Stuart Miles from FreeDigitalPhotos.net
As you are reading this, Microsoft will have officially ended support for Windows 7 on January 14, 2020. It’s a testament to the popularity of the OS that despite Windows 10 being offered as a free upgrade for any licensed copy of Windows 7 or 8, it took Windows 10 nearly 4 years to finally surpass the installed base of Windows 7 users. Even now, though the upgrade is still being offered for free, 26% of all PC’s are still running Windows 7. In prior years, I had warned about charging headlong into upgrading to 10, as the process was fraught with problems, and some of you inadvertently upgraded through Microsoft’s rather heavy-handed and confusing update messages. Fortunately, though it still has its problems, the upgrade process is much more stable and many computers, even though they may be relatively old (in computer years), can run the “new” OS just as well as they ran 7.
January 15 begins the slow retirement of Windows 7
One of the things that is worrying most of my clients are the various dire warnings they are receiving from many software vendors that “Windows 7 will no longer be supported” by that company. When conversing with the support desks of these various software vendors, you can ask them point-blank, “Will your software stop running on Windows 7,” and you will receive the answer, “We no longer provide support for computer running Windows 7,” which doesn’t really answer the question. Any well-trained support representative cannot answer this question without getting into trouble, as any variation of “Yes, but…” will result their customers continuing to use an OS that is no longer guaranteed to get fixed by Microsoft if something breaks. And therein lies the heart of the matter.
Though we can’t guarantee it, it’s pretty likely that your software, if it was running properly on Windows 7 on January 14, will continue to run properly on January 15th. While it is technically possible that a software developer could code their applications to stop running if it sees your computer running Windows 7, you can see how that may not sit well with customers if a program they paid for just stopped working. Instead, they are taking a gentler path, hoping to use a thinly veiled threat/warning instead of an outright cattle prod.
In the short run, if you hit a problem with a piece of software that requires a call to tech support, you’ll get nowhere fast as soon as they notice you are still on Windows 7. Though the software may still be running despite the issue, you’ll be on your own to solve the issue (even if it’s not caused by Windows 7), and if it’s not running at all, you are out of luck.
In the long run, continuing to use Windows 7 will be a problem for everyone, as the Microsoft will likely stop producing security patches after a year if they follow a similar retirement path to the one used for Windows XP. Not only will this make the OS increasing dangerous to use, it will likely result in Windows 7 becoming more unstable as time passes, and performance will decrease as new hardware and software are optimized only for Windows 10.
Even though you will probably be just fine running on Windows 7 for the next few weeks (or even months depending on your environment), unless you have a compelling reason to not upgrade, moving to Windows 10 should be on your first or second quarter to-do list. Be prepared for some disruption, whether you upgrade the OS or buy a new computer with 10 already installed. If you need a primer on what to expect on going to 10, have a look at our three part series here:
Just saying the year sounds like the opening of a science fiction movie, “In the year 2020, human technology had long outgrown the archaic communication medium known as ’email’…”
To be fair, quite a few famous sci-fi films were wildly off on where we would be in 2020. Instead of interstellar travel by 2016 (Blade Runner), moon colonies and superhuman AI (2001: A Space Odyssey), or hoverboards and flying cars in 2015 (Back to Future Part 2), instead we have entire governments, economies and even generations struggling with overflowing, polluted inboxes based on a technology developed in 1972.
Email is 48 years old. Microsoft Outlook is officially 30 years old.
In celebration of exactly how much email has stayed the same, I’m cataloging past blogs I wrote about managing email that, sadly, still apply, even years later. Fortunately, they should still be useful to you, managing your email in the distant year “2020”:
- Petraeus-Gate and Fallacy of Email Privacy (2012) – TLDR: your email is not private. Seven years later, surprise surprise – still not private.
- Your email is not private (2014) – TLDR: Email providers host your email governed by Terms of Service that state they can read your email. Still true in 2020.
- Email’s growing problem (2015) – TLDR: Email boxes got huge, but programs to manage them haven’t kept up. Sadly still true, and even more so now that people have a decade or more of email stored.
- Dealing with oversized inboxes, Part 1 and Part 2 (2015) – TLDR: Part 1 has several ways you can thin out your bloated inbox. Part 2 discusses why you might not be deleting your emails.
- Get rid of those old email accounts (2017) – TLDR: Wherein I exhort you to get rid of your old email accounts. Full disclosure 2020: I still have my Gmail account that I created in 2005.
- What to do with all those old emails (2017) – TLDR: I discuss ways you can keep the data but not the email accounts. Three years and umpteen-thousand emails later, those old emails aren’t going away by themselves.
- How to spot fake emails (2017) – TLDR: I dissect a fake email that almost fooled me. Fast forward to now – fake emails are still around and trickier than ever, but the basic spotting concepts still apply.
Given the number of accounts included in this recent action, it’s highly likely you were one of the 44 million people with a Microsoft account that were recently subject to a forced password reset. Sadly, the number of accounts affected is no longer considered unusual – it doesn’t even crack the top ten in terms of size according to website Have I Been Pwned – but what is interesting is how Microsoft determined which accounts needed to have their passwords reset. In this particular case, the 44 million affected weren’t exposed in a new security breach, but were using passwords that were known to be compromised.
Is Microsoft psychic?
Though it may seem like magic, Microsoft’s prescience actually comes from utilizing really large databases. In this case, their own massive internal database of passwords was matched against over three billion known compromised passwords and 44 million Microsoft users were identified as currently using a password found on that list. Microsoft’s proactive action undoubtedly saved a lot of people and businesses quite a bit of time and money, but given how frequently breaches are exposing millions of passwords with each passing week, how practical is it for anyone to run this sort of back-end search, if one even had the technology to do so? Fortunately for you, there are password managers that will check your passwords in a similar manner to the method utilized by Microsoft above. You shouldn’t need another good reason to use a password manager – not a day goes by where I don’t commiserate with a client on their password woes, but the fact that both LastPass.com and 1Password.com will proactively check your passwords against known compromised databases should a really dang good reason to start using one of them now.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Since Android OS version 6, the widely used smart phone platform has been vulnerable to an exploit of a feature that Google touts as a competitive advantage over its chief competition – multitasking. Without getting down into the technical weeds, the vulnerability takes advantage the operating system’s inherent ability to do multiple things at once, allowing malicious apps to impersonate a legitimate, trusted app on your phone while asking for permissions that it will then use to invade your privacy and steal data.
Surely Google Play’s security scans will stop this?
Despite being documented as far back as 2015, Google has continued to downplay the security loophole even though up to the time of the article’s publication, 36 different apps were available on the Play Store that were identified as exploiting the weakness, dubbed StrandHogg, and apps exploiting this “overlay” technique have been showing up in the store since 2017. Unfortunately, despite Google’s efforts, many malicious apps still manage to make it through their security screening, including highly popular apps such as the infamous “CamScanner” app that had been compromised and turned into hidden malware conduit.
Unfortunately, there’s only so much heavy lifting you can do on your own. In the case of the CamScanner incident, even the developers allegedly did not know their app had been compromised and injected with the malicious dropper library that went on to infect its users. If you were being diligent on updating your apps to repair bugs and patch security holes, you walked right into a trap you couldn’t possibly have avoided. That being said, there are things you can watch out for:
- Apps that suddenly ask for permissions it should already have.
- Apps that ask for login credentials it should already have.
- Apps that ask for permissions that don’t make sense, ie. a Calculator app asking for permission to access your camera or microphone.
- Permission or login popups that look strange or don’t match the app it supposedly comes from.
- Spelling, grammar and punctuation errors.
- Email warnings from services detailing unusual activity or unexpected logins.
If you notice anything of these things, immediately stop and assess the situation. If you are uncertain how to check your phone for malicious apps or compromised security, definitely do not grant new permissions or enter confidential information into any prompts until you can verify your devices integrity.
Every year clients ask us what they should be watching for on Black Friday and lately, Cyber Monday as a possible replacement for their aging desktop or laptop. As online shopping has steadily stomped out brick-and-mortar outlets in the electronics and technology market, finding a good deal is a combination of vigilance, internet savvy and luck as well as a willingness to push that “buy” button knowing that a better deal is always around the corner. With that caveat, here are some deals I can spot right now on November 24. Prices may change as you read this, or may not be in effect until Black Friday/Cyber Monday, but you can also use these as a guideline when evaluating similar deals.
- Dell Inspiron Desktop, Intel Core i3-8100, Intel UHD 630, 1TB HDD Storage, 8GB RAM for $329 – This is a fantastic deal if you are looking to replace your old desktop tower PC. The only real downside is the hard drive is a standard spinning device (not solid state) and the OS is Windows 10 Home, which would need to be upgraded to Pro for proper use in an office. That upgrade is $99 and can be done later, so altogether, still a great deal.
- Inspiron 15.6″ Touch-Screen Laptop for $349 – Actually an outstanding deal if you can get it, as it’s a “Doorbuster” at Best Buy. This can easily function as a work laptop once you upgrade it to the Pro version of the operating system ($99). Only downside is the weight, which is a hefty 4.4 lbs and that it arrives in “S-mode” which is Microsoft’s locked-down (for security) version of Windows 10. You can switch out of S-mode, but it’s a one-way change.
- HP 14 Laptop, Intel 10th Gen Core™ i5 for $399 – Another outstanding deal on a mid-range laptop, this time from Walmart as a pre-Black Friday sale. It’s a little chunky in design, weighs in at 3.2 lbs, and a bit light on storage with only 256GB SSD drive, but otherwise has rock-solid technical specs. Looks like it’s available online, so it may go quick.
- HP Pavilion Gaming Desktop Tower for $579 – If you have an aspiring e-sports athlete or streamer in the family this might be a nice upgrade. It can also serve well as a business machine, though the hard drive is a little small. Fortunately, the case has plenty of room for expansion, and the beefy graphics card will be good for video and photo editing. Downside – it’s a Walmart Doorbuster – good luck!
- ASUS – VivoBook 15 15.6″ Laptop for $499 – This is a great deal on a solid office laptop. Excellent technical specs are only held back slightly by a smallish (265GB) SSD storage and Windows 10 Home, but it’s lighter than the Inspiron above at 3.75 lbs.
- ENVY x360 2-in-1 15.6″ Touch-Screen Laptop for $749 – If you need power and don’t mind the extra weight (4.5lbs), this laptop is very well priced for what it offers – 10th gen i7 CPU, 12GB RAM and a 512GB SSD. Touchscreen, convertible, thin and loaded with premium features. Ships with 10 Home, so using it in an office may require an upgrade to 10 Pro ($99).
- ASUS ZenBook S UX391UA-XB71-R Ultra-thin and light 13.3-inch Full HD Laptop for $789 – If you are looking for a very portable (2.3 lbs) but powerful laptop, this Asus ZenBook well priced against the competition. Be aware that the ultralight form factor and cost comes at the cost of durability, limited ports, and a relatively petite (256GB) SSD hard drive.
General Advice and Cautionary Tips:
- All of the computers listed above come with Windows 10 Home, which can be upgraded to Pro for $99. You need the Pro version for hard drive encryption (important for laptops), connecting to your work’s domain (if you have one), and if you want to remote into your PC using Microsoft’s built-in RDP software. Otherwise, the Home version of Windows 10 is perfect for home office and family use. You can still use LogMeIn, TeamViewer or RemotePC as alternatives to RDP, but business use of those services require a subscription.
- If the deal seems too good to be true – check the fine print. Doorbusters have the obvious downsides, and are sometimes deceptively attractive and scarce to get you to the store.
- Watch out for refurbs and open-box deals. They may be fine functionally, but make sure you are getting some form of full warranty from the manufacturer or return guarantee from the seller.
- There is a reason Chromebooks are so cheap: they can’t run desktop versions of Microsoft Office and should only be considered for specific office tasks like email and cloud-based applications.
- Avoid AMD-powered computers if you are intending to use it for business. While their latest generation CPUs can definitely stand toe-to-toe with Intel, many holiday sales take advantage of less tech-savvy buyers to dump older, poorer-performing AMD technology at ridiculously low prices.
- Don’t use Black Friday sales as an excuse to under-spend on business technology. Instead, consider it a fun way to stretch your technology budget a little further. Cheap technology can end up costing you more in the long run.
- If you want to see if the Black Friday price is really a deal, or just a typical discount, you can check price trackers like https://camelcamelcamel.com/.
It’s late and we’re fighting through a rather difficult month of technology challenges for our clients, but I wanted to make sure you got a heads-up on two important news items that happened this week. The first one actually happened months ago, but we are only hearing about it now, after the companies involved were able to plug the gaping security hole. As you can imagine, I’m fairly jaded when it comes to hearing about yet another vulnerability in our technology, but this one raised an eyebrow as it literally affected hundreds of millions of Android users.
Really Google? Again?
Google and Samsung recently confirmed a rather large security failure in the Camera app of both Google and Samsung smartphones that could be exploited to gain essentially unfettered access to the camera, microphone and GPS functions of your phone, all by installing a simple app that only requests storage access permissions. Discovered by security research firm Checkmarx back in July of this year and eventually fixed (supposedly) in August, Google and Samsung only just recently approved the publication of this vulnerability after confirming the patch has been successfully deployed to counteract this weakness.
While this particular incident wasn’t even out of sight of our rear-view mirror, news of a new email-delivered ransomware attack hit my inbox. For this latest campaign the hook was set to exploit everyone’s heightened awareness of keeping your computer up to date, an awareness that we have played no small part in pumping up, and now, ironically, may end up tricking clients into infecting their computers with ransomware. This time, the attack comes as the form of a fake email notification from Microsoft urging readers to, “Install Latest Microsoft Windows Update now!” and provides a spoofed EXE file renamed to appear as a JPG image file. If the reader happens to fall for the con, the attachment downloads the Cyborg ransomware variant and quickly encrypts the users data in files ending with “777”, leaving behind a note with instructions on how to get your files back if you pay the ransom in bitcoin.
The average Windows user probably doesn’t realize that Microsoft doesn’t use email to notify its customers that updates are available, primarily because it can do so right through the operating system. Unfortunately, we are all so used to receiving information via email that we’ve grown accustomed to these types of notifications for just about every other aspect of our digital lives. As a whole, we’ve become too trusting to question everything we receive digitally out of necessity as researching or vetting everything is essentially impractical for the average human. As such, you should continue to make it a rule to NEVER open an attachment that you haven’t vetted fully. Always call the sender to verify if you receive an unsolicited attachment, and if you are at all unsure, check with your nearest IT professional.
Image Courtesy of Stuart Miles at FreeDigitalPhotos.net
Many of my clients, even the ones that I’ve worked with for years, view my tech troubleshooting skills as supernatural. While some of this is attributable to the perverseness of mechanical devices, “It was doing the thing until you walked into the room, and now it’s working,” the rest of the time it looks easy or magical is primarily because I’ve spent over 30 years honing my craft. Along the way, experienced technicians gather useful “shortcuts” to figuring out what’s wrong, and many of them are so simple that their use may be considered “magical.” So if you are having odd problems with your technology, either performance is slow or apps are unpredictable, here are some of the trusty tricks we troubleshooters use on taciturn technology.
“Any sufficiently advanced technology is indistinguishable from magic.”Arthur C. Clarke
- Reboot. No, I’m not trolling you. This is every master technician’s secret weapon: we are not afraid to reboot. This is the doctor’s equivalent of, “Drink lots of water, get plenty of rest and take your vitamins.” Computers (and phones!) are so stable these days that you can go months(!) without rebooting. This also goes for home routers, Wifi access points and other “smart” devices. For older devices, rebooting might be painful and slow, but it still needs to be done.
- Check your data connection. Despite how pervasive and relatively reliable wireless data has become, it’s still reliant on the inherently unpredictable nature of EMF. If you are having intermittent issues with internet-powered apps, frequently this may be attributed to an unreliable Wifi signal or spotty cellular reception. If you can eliminate that variable by going hardwire for computers and getting to full-bars for cellular devices, many problems evaporate. If you have the option to change networks, try that as well, such as switching from the local Wifi to your phone’s hotspot, or disabling Wifi on your phone and using strictly cellular data, you can identify or rule out local network problems that might be out of your control.
- Close apps you aren’t using. Remember the good ole days when running two programs was considered multi-tasking? Me neither. Having half a dozen applications running on a computer is trivial even for budget computers and mobile devices, and you can bet that even though your device is putting on a brave face, it might be one straw shy of a broken back. If you are inquisitive, try closing apps one at a time and testing if the problem still exists. If you ain’t got time for that, see #1. And yes, you can close apps running in the background on phones too!
- Make sure you haven’t run out of storage space. Computers and mobile devices can store a ton of data, but today’s technology also creates way more data than ever before. When your device runs out of space, it can’t do the things it needs to do (like upload those 16-megapixel photos and 4k cat videos to the cloud, see #2), which just creates a vicious circle. Smartphones are notoriously bad at letting you know you are out of space, and will confuse the issue with trying to sell you more cloud storage when you just need to remove some old apps to give your phone some breathing room.
- Check the date & time. Most of the time, computers and mobile devices can check on the internet and keep their clocks proper, but that doesn’t mean that it’s doing so reliably, especially around Daylight Savings Time or if you are crossing time zones while traveling. If your clock is off by even a little bit, some security systems flag that as a possible hack and can result in web pages not loading, passwords not working, and various other unpredictable behavior. Also, a consistently incorrect time on a device is indicative of other issues, especially if the clock is regularly slow or fast, which should not occur on modern technology.
- Try switching ports/devices. If the problem is related to something connected to something else, try either device with something else. Thumb drive not showing up? Try a different port (or computer). Phone not charging? Try a different cable or charger, or try a different phone to identify the culprit. Solving a problem properly requires knowing exactly which device is the actual root of the problem. Be careful though – just because something fits does not necessarily means that it will work, especially devices that supply power. Try to stick to the same type of device/cable/port if that is available to you.
- Did you try rebooting?
I’m sure that when the first prototypes of today’s smart speakers were demonstrated it probably felt like part of the bright, shiny future from Star Trek: Next Generation had arrived. Finally we were going to have the modern-day equivalent of Majel Barrett politely making things happen just with the power of our voice. It’s taken a few years for the devices to gain a toe-hold in the home, and they have come with their fair share of problems. In a recent addition to the pile, hackers have discovered a security flaw in the basic hardware design of voice-controlled devices, including smartphones and tablets, that allows them to be exploited at a distance via this feature using a simple laser pointer.
“Alexa, buy blackout curtains.”
In a paper published on Nov 4, a team of academic researchers revealed that by using a focused beam of light they could trick Alexa, Siri and Google Voice controlled devices into acting as if they had received an actual voice command. The researchers were able to mimic sound waves using light pulses that were directed at the device’s microphone diaphragm, and they demonstrated this capability across hundreds of feet through windows and even obstructions on the mic itself. They were able to get the devices to perform tasks that it normally had access to, such as turning lights on and off, opening garage doors, unlocking smartlocks on doors and cars, and even purchasing items online.
What does this mean for you?
If you have a voice-activated device that can control access to things you don’t want strangers accessing, either make sure your device is not in view of any open window, or disable that function. Most smart speaker devices have a way to disable voice control – something you may want to consider engaging when you leave your “smart” speaker unattended. Unfortunately, the nature of this weakness is something that (probably) cannot be fixed by a firmware update as it’s exploiting a core component of the microphone’s analog to digital process. At the moment, there are no documented incidents of this sort of hack occurring “in the wild,” but now that the news is out, it may be time to tuck those devices into a drawer for the time being.
Image courtesy of Miles Stuart from FreeDigitalPhotos.net
Last week I explained why email continues to be the number one source of malware infections, but this week’s blog is for the TLDR crowd: how to reduce the amount of risk we incur each day using email. Enough talk, more tips, Woo!
- All attachments delivered via email should be considered unsafe. This is a big hassle, but if you shift your mindset to automatically distrusting every attachment you receive regardless of who sent it, you will be safer overall. If you regularly receive attachments via email to operate your business, I recommend changing your business process to use a more secure platform to transfer files. This may not be cheap, but can you afford to get hacked? If you need a quick way for someone to send you an attachment, or to send one yourself, you can use https://send.firefox.com/ to send secure, encrypted attachments for free.
- All links in emails should be handled very carefully. Unless you understand exactly how to reveal the actual destination of a link you see in an email, do not click links in emails. When reading email on your computer, hovering over the link in question should show you the actual destination, especially if the link looks just like this and does not actually show you the URL. Become familiar with how your email application shows you the link destinations. Outlook will show you in a little pop-up when you hover over the link. Gmail will show you the destination in the lower left corner. Keep in mind that most smartphone email apps will NOT show you the destination URL, and as such, I don’t recommend you click links or open attachments on your mobile device for this very reason (see #4). If you need to investigate further, manually type the link of the site in question in your browser.
- Guard your email password as if your (digital) life depended on it. Your email password should be complex, hard to guess, and never used anywhere else. Access to your email is a key stepping stone for hackers who are intent on stealing your identity. They can also use it to destroy relationships with clients and customers by sending malware to them from your email account. Always consider carefully when being prompted for your email password whether the request is legitimate. If you get the prompt after opening an email attachment (see #1) or clicking a link (see #2), stop. Do not enter your password. Recheck the source of the prompt and make doubly sure it’s not a phishing attempt. If you are unsure, do not proceed and check with your IT professional.
- When reading emails, whether on your computer or on a mobile device, always pay 100% attention to what you are doing. The more distracted or rushed you are while processing email, the more likely it is you will make a mistake that could result in a malware infection. Phones display less information on a small screen and are often used in distracting environments, and this can lead to you being bamboozled by an email you would otherwise spot easily on a bigger screen with your undivided attention.
- Get rid of old email and social media accounts. If all they are doing is collecting junk mail, consider closing them permanently, or have the email forwarded to an account with more robust filtering services in place. Forgotten accounts can be hacked and used to steal your identity in places you might not be watching, so instead of leaving that backdoor wide open, nail it shut permanently.
- Never use an email account, business or personal, that does not have some form of filtering service attached to it that can detect and quarantine malware and spam. At the moment, among the free email platforms, Google’s Gmail has probably the best filtering, and at the other end of the spectrum, ISP email accounts, especially legacy services like ATT, SBCGlobal, Roadrunner, etc. have barely functional spam filtering. Some of the more “traditional” freemail platforms like AOL and Yahoo have improved somewhat, but they are still no match for the corporate-grade mail filtering services that can be attached to platforms like Microsoft Office 365 and Google Apps Suite. In this case, you get what you pay for, and with the exception of Gmail, free doesn’t get you much.
- Always delete emails that contain sensitive information, like passwords and PII (personally identifiable information). Do not use your email account to store important information. If a hacker gains access to your account, they may scan the entire contents of your email box for other juicy information they can use against you, your clients, your family and friends.
Image courtesy of cuteimage at FreeDigitalPhotos.net