Scam spam

Well here’s a new one on me – maybe you have or haven’t seen it yet. I looks like it’s from the US Postal Service ( except that the email address was mailhold@usapack.com ) and the subject says:
Your confirmation for HoldMail Service request

The body of the text says:

Your request for holdmail during November 20 – 24 2017
We have received your Hold Mail Service request for November 20 2017. The USPS notice with the tracking information has been enclosed to this message. To view your Hold Mail Confirmation notice, please click here.
Please note that Microsoft Word must be installed on your PC.
We are currently holding your mail and the service cannot be cancelled.
However, the end date can be changed, by calling the Post Office and confirming the info on the Hold Mail Confirmation receipt.”

Red flags all over the place for me; the whole thing is a spam scam.

Stay suspicious, my friends.

To Windows 10 or not to Windows 10, that is the question.

Since the middle of May 2016 or so, I have heard from several people that they were surprised to find that one morning they found that Windows 10 was installed on their system overnight. And they were not happy. Others have reported that they have a message that tells them that Windows 10 is ready to be installed the next time they do a restart.

Here’s the problem: most system manufacturers are not providing all of the driver software necessary to support Windows 10 on all of their many models. Microsoft says yes, the manufacturer says no. If the upgrade goes badly, you won’t get support from either one.

I would be fairly confident that Windows 10 that is installed by the manufacturer on a new system, should work fairly well. All of the device driver software “should” be good. Upgrading an older system is a bit of a gamble, and Microsoft’s rollback doesn’t work when the system is stuck in a “can’t automatically  repair boot loop”.

So, for the small business owner or a home system user, before installing the Windows 10 upgrade on one of your current systems, here’s my checklist:

  1. Check the system manufacturer website to see if that particular model is on their Windows 10 support list. Some are and some aren’t. If the system is not on the Support list, or if you’re using QuickBooks or have some other business critical application, use the GWX Control Panel to block Windows 10. Download the installer from : http://ultimateoutsider.com/downloads/ . Just be sure to send the author a donation for each PC where you install it. He needs to be paid for development,  website hosting and traffic. I found his blog to be a good read, so enjoy that too.
  2. Next, if the PC or laptop is the only system that you have for your small business, don’t do the upgrade without having a second machine that is ready to become your main system. More bluntly, don’t do the upgrade on your only system.
  3. If you’re ready to go ahead with the upgrade, install all of the current Windows Updates other than Windows 10. Certainly, you don’t need them all, but you do need some of them and you don’t know which is which, so get them all. Also note that some systems should have a BIOS/UEFI upgrade before the Windows 10 upgrade.
  4. Before installing the Windows 10 upgrade, note that some systems have been rendered useless or crippled by Windows 10. If that happens you might want to get support from the manufacturer or from Microsoft. Good luck with either one. So, be sure that you have a system image backup of the PC. Since Microsoft’s “rollback” process doesn’t always work, and since Murphy’s Law says that if you have the backup, you won’t need it, but if you don’t have the backup, you will need it. So get a full image backup.
  5. Be prepared to not be able to use your system for several hours while the upgrade process runs.
  6. Also be prepared to have some fiddling to do with the applications that you use in order to get things to work the way you like. Expecting things to come up the way you like is totally naïve.

(Original post 2016-3-4, updated 2016-6-19)

Annoyance with Speedtest

Speedtest (dot) net provides a great way to test the bandwidth of your connection. Unfortunately, there are a few caveats. As a “free” website that needs income to operate, the business that runs speedtest (dot) net sells advertising. OK, that’s fine. Unfortunately, some of the ads are definitely not OK.

You are likely to see a different combination of ads every time you visit speedtest (dot) net, or the ads may be the same but they show up in different places. Here is a screenshot of one of my visits. If you click on the ad that says, “Before you begin the speed test blah blah blah Start Now”, it will download and install a supposed PC speeder upper that is spyware and is really a slower downer.

Speedtest

If you have fallen prey to one of these deceptive ads, run Malwarebytes Antimalware to clean up the mess. You also might need to check your Control Panel> Programs and Features to uninstall the program that was just installed. (Click the view button, Details, then sort the list by the Installed Date column. The spyware would be right at the top of the list.)

The reason it’s worth discussing how to get the best experience at speedtest (dot) net is this is a tool we sometimes use in analyzing a problem. By going to this website and clicking “Begin Test,” you can get useful numbers that we can interpret to isolate the source of your issues.

A perfect example came up this week. A friend called, reporting that video conferencing through a popular program was transmitting very poor video quality with choppy audio. Based on the results of this test, we are able to determine if your computer needs maintenance, or if it will be necessary to contact your Internet Service Provider (ISP) to troubleshoot a weak connection. Lower data transfer rates coupled with higher ping times are common with wireless technologies, such as cell phone networks and satellite services. These are often possible to improve through adjustments as determined by your ISP.

Trouble with free email accounts

I received an all too common complaint from someone on trouble with a free email account. They asked:

Twice in the past four years, Microsoft has locked me out of my Hotmail account.  Last time they did it, I was NOT able to ever get back in & had to create a new account and just forget all about everything that was in the one I had had for 12+ years.  I keep very pertinent information in my email account- loads & loads of information, every place I’ve ever applied for a job, every cover letter and resume I’ve ever sent out, and other account information, like electric company, the bank, whatever, it has everything in it so you can imagine the panic I feel when they lock me out. My question to you is, do you know why they keep doing this and why when they do, they ask silly questions like, what was the last three passwords you used, what was the last three people you emailed etc, I mean, some of the questions they ask I can only get by getting into my email, so, its a useless loop they send me on.  Then they say they’ll send a code to my phone and they never, ever, ever do that!  Have you heard of this happening before and if so, what can I do to avoid it in the future?

There are many possible answers to this question; so here’s my shot at it.

It’s really hard to know exactly why that happens; there are many possible reasons. One of the most likely reasons is that someone may have hacked your account and used it to send spam.

Additionally, one of the problems with using a “free” email account like Hotmail (now Outlook.com), Yahoo, Gmail, etc., is the lack of helpful support.

The bottom line is that you have to plan ahead for problems. I like using my own domain name, so that I can manage my email addresses.

In order to use a free email account successfully you need to have a backup plan. With some accounts, there might be a way to copy the important emails that you need to your hard drive. I have not tried that with Hotmail, so I don’t know if that will work.

Another approach would be to send the important emails to one or two other free accounts. The idea is to set up accounts with Hotmail, and/or Gmail, and/or Yahoo, and/or etc. , and don’t use those other accounts to send/receive email to other people so that you’re not revealing those accounts to others.

Above all, use complex passwords that no one else can guess, and never use the same password twice. Passwords should be at least 10 characters and include upper case letters, lower case letters, numbers, and common punctuation (be aware that some punctuation will be rejected by various sites.) Don’t use dictionary words or pets names or friends or a straight sequence of numbers. For instance,

IlovemyDad is a nice thought but a bad password, but by changing letters to numbers and adding some punctuation you can make a better password that is still easy to remember.

I10v3-myD4d! is a much better password, althought still not the greatest because it is based on a common phrase. It would be better to pick a weird phrase that you can remember.

Better still is using a password manager like LastPass or KeePass to create and keep track of long, gobbledygook user names and passwords. I have passwords that I have no idea what they are.

The next rule is to change passwords every couple of months. I know that’s a pain, but look at the alternative: get hacked and you have even more pain. With my 100+ websites that I use, if I change one password every day, I get thru the whole list in 100+ days. (Do as I preach, not as I do.)

 

Heartbleed: yet another security problem

You might have heard about Heartbleed, which is the name given to yet another recent security problem. Briefly, the problem was a bug in software that has been used for website security by many people.

And yes, Yahoo.com and many other common sites have had the problem, so if you have used those usernames and passwords anywhere else, pay attention.

Read it about it here:

http://news.msn.com/science-technology/how-to-tell-if-heartbleed-could-have-stolen-your-password-and-when-it%e2%80%99s-safe-to-change-it

Then come back and check the list below and read about it in today’s Portland Biz Journal:

http://www.bizjournals.com/portland/blog/2014/04/after-massive-heartbleed-security-breach-portland.html?ana=e_du_pub&s=article_du&ed=2014-04-09&u=zgSD4d+pX4SRgPIGOndEtwXfJFA&t=1397146424&page=all

I grabbed the list of over 600 vulnerable sites from the link in the first article  alphabetized it, then deleted most of the sites leaving a few examples of sites that you (I) would think they really should have known better. But it just goes to show you that really smart people from big and small companies use the “off the shelf” software that other people trust. Have a look and be shocked.

androidcentral.com.

androidpit.com.

androidpit.de.

arstechnica.com.

bittorrent.com.

breitbart.com.

cabelas.com.

cplusplus.com.

duckduckgo.com.

economist.com.

flickr.com.

fool.com.

graphicstock.com.

heritage.org.

kaspersky.com.

mail.com.

nascar.com.

resellerratings.com.

reverbnation.com.

rollingstone.com.

searchfunmoods.com.

shopzilla.com.

thestreet.com.

thewire.com.

toshiba.com.

weather.gov.

wisegeek.com.

wisegeek.org.

yahoo.com.

zagat.com.

zap2it.com.

So yeah, it looks like I’ll have to change my nascar.com password too.

If you’re not using KeePass or LastPass or another encrypted password program to make new passwords and keep track of them, it’s time to start. Many of my passwords are pure gobbledygook that KeePass created for me.

And, in the words of Han Solo, “It’s not my fault.”

A question about backup systems

I received a question from someone about backup systems. My friend says… “The guy who built my PC recommended Acronis but when I checked it out on Amazon it got raked over the coals by reviewers. Interestingly enough several of the posts recommended using the backup software in Windows 7. Any recommendations you have for me to checkout would be appreciated.”

It is a great question because it is constantly changing market. So  keep two things in mind: my comments are my opinion and other people have theirs. Second, this is not a complete review of all backup systems, but is part of my knowledge base at this time.

Given Microsoft’s history in the realm of backups, I know it seems strange, but the Windows 7 backup has some good features, such as reliability and ease of setup. It’s fine for doing a straight, simple backup. On the other hand, flexibility is a bit of a drawback.

Another drawback, is that it does not do incremental backups; which means that it works by first calculating how much space is needed to do a complete backup, then it checks the destination drive ( for the home user that is usually an external hard drive) to see if it there is enough space. If there is not enough space, it deletes the oldest backup(s) to create enough space before completing the current backup.

Which means that if your destination drive has room for only one backup, then you lose the previous backup before getting the current backup done.

And if there is a power failure or some other crash during the backup, you’re hosed.

Furthermore it doesn’t handle versions of files. So, the Win 7 backup has its drawbacks.

As for Acronis, I suspect that the bad reviews were from people who couldn’t figure out how to use it, because it is a backup that can do everything. Now I must admit that my comments here are a bit behind by a version or two, but there are two things that bother me about Acronis: one is real nit-picky, but the product key is half a mile long and it takes a couple of minutes to get it entered correctly; entering the product key is enough of a chore to drive most people crazy. My other complaint is that they over the years have changed the user interface and dumbed it down so much that they have made it confusing. Fortunately, once you find the secret hidden button, you can open up the advanced menu, and then it gets nice and geeky and comfortable and flexible and powerful and useful. But yeah, I can see how non-geeks might not like that.

For simple backups I kind of like the Seagate Backup Plus drives.

Plug the drive into USB, install the software, pick the folders to backup, and away it goes.

When it’s done, eject the drive or shutdown and remove it and put it in your fire safe box.

A week later, plug it in, and it runs a new backup for you.

When it’s done, eject the drive, or shutdown, and remove it and put it back in your fire safe box.

But let’s take a step back and look at the big picture.

The first thing to consider is: how much data do I have and how critical is it?

IF the answer is that there is not much data and it’s not very critical, then copy it to a couple of different flash drives and/or burn it to a CD and put it in a fire safe box and then repeat that process whenever there is new data that you would hate to lose.

But if you have very much data, and you would kick yourself around the block if you lost it, then you need to use a better backup system.

Ideally backups would include both a local backup and an off-site or cloud backup. Norton, Dell, Seagate, and your cousin’s uncle have all jumped into that market with their solutions. I have not tested them all, but I was out at someone’s home and found that their Norton backup had broken and wasn’t working. So I fixed it and got it going again. My point is that you can’t just get something going and then forget it about it. You have to check it occasionally to make sure that it’s working. And that means restoring a file occasionally to make sure the system works.

Then there are the cloud backups such as Carbonite, Mozy, iDrive, iCloud and iDon’tKnowAllOfThem. The advantage to those cloud backup system is the support and the fact that your data is stored in one or more data centers. If a machine crashes, or burns or is stolen, they will help you recover. Is it an expense or insurance? I would answer that question with a question. How much data can you afford to lose?

Of the cloud backups, I really like SpiderOak because it is unbelievably secure. SpiderOak has the features, like Dropbox, of synchronizing files between devices and sharing files with other people. The big advantage over Dropbox is the security and the fact that its primary purpose is the backup system.

The problem with SpiderOak is that if you forget the password that you used, you’re sunk. The SpiderOak support folks can’t retrieve it or figure it out. That password is used for the encryption key, so it needs to be a long, strong password. Just don’t forget it, or write it on a sticky on the bottom of your keyboard. (I use KeePass for keeping all of my passwords, but that’s another subject.)

Another backup system that I am using with a client is the LogMeIn Backup. After the first full backup, it backs up new files and changes; which means that it can keep track of versions of a file or document that you might be working on, such as a manuscript or doctoral thesis.

There are two reasons for using LogMeIn backup with this client. One is that they have a ton of data, which would be prohibitively expensive to store with a cloud backup service. The other reason is that it handles both local and remote backups. All of their data is backed up to a system in my office.

The bottom line to this discussion has two points.

First, backups are a crucial part of owning and using a computer.

Second, always remember that data that you don’t have in at least two places is data that you don’t care about losing – because you probably will lose it. Pun intended without apology.

I uninstalled Google Chrome

I opened the Windows Task Manager on my Windows 8.1 system to poke around and see what processes were running and noticed that there were 4 Google Chrome processes running. But I had not opened or started Google Chrome since the last reboot.

I rarely use Google Chrome, so I uninstalled it, and the processes closed.

Wondering if there was some malware, I ran the Windows Defender anti-virus scan, and all was good.

I’m still puzzled as to why and what those 4 processes were doing. I’ll let you know if I figure it out. Just don’t hold your breath waiting, because I’m not going to waste any more time on it.

Dear Microsoft – here’s a great way to annoy people

Launch a pretty good cloud storage product and let people get used to using it. Run it that way for a couple of years.

Then you go and change the product name. Why? To annoy people?

Or here’s another idea: You’ve got an operating system that lots of people are using. So here’s what you do: drop support for it.

Or wait, even better: You’ve got an operating system that people love and know how to use. So with the next release you change everything so that people’s productivity goes down and their frustration level goes up. And the PC manufacturers will all hate you worse than before. Yeah, that’s the way to do it.

Or here’s another idea: buy a smaller company with a great product that lots of people like, then totally crapify the product and then dump it.

Yeah, that’s what you can do to really irritate people.

Hello? Is anyone listening?

Didn’t think so.

Oxymoron: Facebook Security

This whole FB phenomenon is a real paradox. It’s like if you don’t join in, then you’re considered to be a doofus, but if you do join, they want your cell phone number, birthdate, and all kinds of other info. Given FB’s security track record you need to be careful about how much info you share with the world.

And I’m not even going to apologize for having an attitude about it. If  they would tighten up security and eliminate viruses, trojans and other malware, it still wouldn’t mean that it’s OK to let everyone know what your birthday is.

Meanwhile, I have this to say: If you value the security of the information on your computer, be very careful with what you do on FB, who your ‘friends’ are and what you ‘like’. Sure, many people on FB are nice. However there are a few who ruin it for everyone else. Unsavory characters are looking for any little tidbit of info so that they can tuck that into the world wide database that they are building with your name, birthdate, phone number, passwords, SSN, etc.

The bottom line is, don’t allow anyone to see your birthdate, phone number, full name, and any other important personal info. Unfortunately, FB has a really bad habit of hiding the place to change those settings. I used to be able to find it under the Security Settings but I can’t find it right now. Facebook really makes me mad.

So, I had to do a search on “facebook hide birthday” and I found this:

How do I change my birthday and choose who I share it with?

To edit your birthday:

  1. Go to your Timeline and click About under your profile picture
  2. Scroll down to Basic Information and click next to Birth Date
  3. Use the dropdown menus to adjust your birthday
  4. Click Save

There are two audience selectors next to your birthday: one for the day and month and one for the year. Friends won’t get a notification about your upcoming birthday if you don’t share the day and month with them.

Note: If you’ve recently changed your birthday, you may have to wait a few days before you can change it again.

That worked today, but might change tomorrow.

Mouse troubles

Are you having trouble with your mouse?

Just to be clear, I’m talking about your computer mouse, not the live varmints or the ones that your cat brought you.

I know it might sound stupid, but just humor me, the first thing to do is to reboot the computer.

If rebooting didn’t solve the problem, and if you have a PS2 mouse (the round connector), shut the PC down then unplug the mouse and plug it back in. If you try to unplug and plug in the mouse with the PC running you have a chance of causing the motherboard to fail by trying to “hot plug” a PS2 connector. The chances are slim, but it has happened. Shut the computer down, check the connector for bent pins and the cable for damage; sometimes house pets like to chew on cables. Replace the mouse if it’s looking bad.

If it’s a wireless mouse with a USB adapter, check or replace the battery in the mouse; make sure that the + and – ends of the battery are oriented correctly. Someone had me drive out to their house and that was the whole problem; and yes, they needed to pay me for my time. As long as I was there I did a tuneup, but still, they felt kind of dumb.
Then make sure that the USB adapter is inserted into the PC or laptop.
If it’s still not working, look for a Connect button to push on the mouse.
If it’s still not working, try a different mouse with a USB connector.

If you have a USB mouse you can unplug it from the PC and plug it in again or maybe plug it into a different USB port. The computer will go thru the process of installing the driver software which takes a minute or so.

If it’s the real old kind with the ball, and it works but is jumpy, you can open the bottom cover around the ball and clean out the dust.

It is possible that the mouse has failed; that is rare, but it does happen.

I have also seen rare cases where plugging in a mouse causes real strange problems to occur. In that case, it doesn’t make any sense to spend time trying to solve the problem. Replace the mouse. Use the old one to entertain a cat.

If you have trouble with live mice, bring in a rat snake, ball python, or maybe a cat. Rat snakes are constrictors, so they are not poisonous and actually make great pets. Although, it’s important to keep them in a properly setup herptile terrarium. There are many great websites for ideas. One of the best is
http://house-of-reptiles.com/
in Tigard Oregon. Stop by their store for an up-close look at their many fascinating herp’s.