Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

What’s With All These Updates?!*

Every time I sit at my computer, it says there’s an update available!

I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.
But, listen. People. And please hear me. If you learn just one thing from me.. please learn this– those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.

Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.

bandaidsIt does not matter which IT security expert or professional source you ask, they will all tell you the same thing: a major method hackers use to  attack (networks and computers) is through unpatched holes in common software — like Internet Explorer, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.

The way the software industry protects itself – and us – is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?)
If it helps, when you see “update”, mentally substitute the word “patch”.

The main objection to updates I hear is, I don’t want to have it reboot.Not all patches (excuse me, “updates”) require a reboot; and most allow you to delay the reboot. But this is important enough that I say, Save your work, answer “Install”, and use the reboot as an excuse to stretch your legs and refill your coffee.

When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.

This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 5,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (they received a C+) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)

Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox. [note: Today (mid-2010) Firefox is just about a large a target as IE.]

I’ve run longer than I intended, so I’ll wrap up with a recap of how it works:
1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine.
2) He posts his find on a hacker forum, or/and sells it to other hackers.
3) These hackers then start using this code to attack machines.
4) Security experts take note of this new attack and notify the authors of the program being exploited.
5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.]
6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”.
7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards and infecting machines.

So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.

Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.

Orig post: 11/23/07

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

June 30, 2010 Posted by | advice, computers, Internet scam, PC, security | , , , , , | 16 Comments

Interesting Read

Folks, I only have time to post a link to an interested news item today.

Please see, FTC Says Scammers Stole Millions, Using Virtual Companies

“The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers — often by taking just pennies at a time. The scam, which had been run for about four years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.

Today’s free link: Free Credit Report

June 29, 2010 Posted by | cyber crime | Leave a comment

Monday, Monday, Monday

I suppose I should start today’s by telling you that I will not be holding a software license giveaway this week.

Okay. Okay, okay – settle down (and please put down that rotten tomato). I understand your disappointment.

But the fact remains: both of the products I had lined up proved to be in need of some refinement before I will recommend them here. I do try to look out for you guys. So..

I know that many of my readers like my giveaways, so, instead, let me mention that my friend, and fellow tech blogger, Rick Robinette has found a “limited time” giveaway of a fine PC tune up (optimization) program that retails for $50. Not a contest or drawing, but a straight-up giveaway! Don’t delay. I checked just now and it was still up, but I don’t know how long this offer will last. To get yours see, Get WinUtilities Pro for FREE (while it lasts).

Mondays are great, aren’t they? Great things happen on Mondays. So, I can’t offer a contest today. I will “get over it”. Yesterday was my kind of day. It was 100° in the shade. Occasional light breezes. Almost no humidity. The kind of day that makes one think of swimming pools.

And when I think of swimming pools, I am reminded of a story.. which I posted here. It goes…

How To Rescue A Drowned Devicecellphone2

From time to time I do something stupid — like  stub my toe or knock over my coffee mug or blurt out a blaspheme in the general vicinity of women and small children.
On my better days, I sometimes do all three at once.

This Saturday I went swimming, and I had my cell phone in the pocket of my shorts. Like I said, stupid. To my credit, I noticed that sad fact quite quickly. But the damage had been done. The phone had suffered not just a spill, but total immersion–submersion–and it was wet. In my defense, it was over a hundred degrees. In the shade.

It is a simple and a natural fact that electronic devices and water don’t ‘play well together’. It would not in the least be unreasonable to assume that total immersion of an electronic device (such as my phone) would render it – to use a technical term – kaput.

Quick action on my part, good fortune, and the fact that I wasn’t using the phone underwater (it was “off”) combined, in this particular case, for a much happier result, and my phone seems to be no worse for its adventure. (The fact that my make and model phone is very low end probably, to my way of thinking, helped a bit too. It has always struck me that the more costly to replace something is, the more delicate and fragile it is. A cosmic law, perhaps?)

Tip of the day: Rescue your drowned device with quick action.
Should you be suddenly struck with a case of bad luck and/or fumble-fingers, and you spill your drink right onto your keyboard, or you find some other creative way to get liquid onto your digital device, all may not be lost. The quicker, and more effectively you do the following, the better your chances of saving your device from the recycler’s heap.

1) The first and most important thing is to turn it off and remove any power source. Shut it down, yank the cord, remove the battery, isolate the dilithium crystals! And do it fast. Some devices, such as those connected to your PC by USB cables, and keyboards, get some voltage through their connecting cable, so also remove any attached cords or cables. Turning it off is not enough. You need to open the cover and remove any batteries. Remember, it is not the moisture which will ruin your device, it’s “short circuits”, and those are an electrical phenomenon.

2) Get as much of the moisture out as quickly as possible. Pick it up and let gravity drain it as much as possible. You should have the battery cover off already, now open up the device as much as possible. If we’re talking about a laptop, remove any PCMCIA cards (PC cards), release and remove the optical drive, and turn it upside down and with a screwdriver remove any access panels — such as the one covering your RAM chips. If your model allows, release the spring-latches and remove the keypad.

If we’re talking about a cell phone or PDA or MP3 player, try “popping” its case with a flat-head screwdriver or large coin. If the Web is available on another nearby machine, go online and look at the manufacturer’s instructions for opening the device’s case. Now that it is opened as much as possible, gently blot with a paper towel, or whatever absorbent material is handy.

[Note: If the liquid you spilled is the kind that dries sticky, such as a soda, you have more work to do. If it’s available, use rubbing alcohol (the “purer” the better) and cotton swabs to clean it up as much as you can. If rubbing alcohol is not handy, use water. Yes, water. Distilled if possible.]

Removing the moisture is key: drain and blot what liquid you can see. When that’s done, rest assured that there is still more liquid lurking in your device. Now is when absorption and evaporation become our friend. Since it was a hundred degrees outside, I simply left my phone in the sun for several hours. If sunshine is not an option, you can try using a hairdryer set to low (this will take a while), or if you’re brave (and ready to stand by, and keep a close eye), place it in a conventional oven set no higher than 150 degrees (°C), for an hour. In the case of a PDA or phone, you can also carry it, wrapped in tissue or a hanky, close to your body in a pocket. Another trick is to place the device in a sealed plastic bag with a handful of uncooked rice. Replace the rice every couple of hours or so.

3) Regardless of the method used, I strongly advise you to not reassemble and power up your device until the following day. Give evaporation and/or absorption every chance.

If you are lucky, your device will power up and function just fine — good luck and how quickly you removed the power being the key contributors to your success. If, however, you power up and your device functions strangely, or not at all, you may be able to isolate and replace the malfunctioning component (if you’re an experienced troubleshooter type). Or you may want to take it in to your friendly neighborhood repair shop and have them do it.  Sometimes it is more cost-effective to simply replace the device — your particular situation will vary.

jaws movie poster[note: I re-post this article each year, and someone will inevitably write in a comment about the ocean and salt-water; informing me that salt-water is very conductive and this practically guarantees a ruined device. To them I say, “Ocean? Didn’t you see Jaws ?”]

Today’s free download: Super Mario Bros 3 : Mario Forever 4.4
Hearkening back to the heyday of Nintendo, this game faithfully reproduces the classic Super Mario Bros. Although Mario Forever’s graphics and sound aren’t identical to those of the original, they’re so close most users familiar with the game won’t be able to differentiate.

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

June 28, 2010 Posted by | computers | , , , , , , , , , , , , , , , , | 7 Comments

Folks, Limited Time Free Software Offer

My friend and fellow tech blogger Rick Robinette has found a limited time giveaway of a fine PC tune up (optimization) program that retails for $50. Not a contest or drawing, a straight-up giveaway! Don’t delay. I checked just now and it was still up, but I don’t know for how long this offer will last.

Please see, Get WinUtilities Pro for FREE (while it lasts)
‘”I was combing the web site of YL Software, the developers of the popular utility suite, WinUtilities and came across a page where you can acquire the license and registration code for the professional version of WinUtilites for FREE.”

June 27, 2010 Posted by | computers, free software, PC, performance | , , , , , , , , | 4 Comments

Sunday Beauty

"Serenity" by Per Ola Wiberg. Courtesy of Flickr

Click on image to see more images by this artist.

June 27, 2010 Posted by | Digital Images | , , | 7 Comments

Layer 8

Folks, cleaning infected computers has me quite busy today, and it also caused me to decide to reiterate for you an important concept: each one of the machines on my workbench had up-to-date, for pay, antivirus and/or Internet Security Suite products installed.

Yet here they are — infected.

(Okay, now I’ll tell you about the title of this article. “Layer 8” is a play on the 7-layer OSI model of machine function. “Layer 8” translates to: “the human using the machine”.)

3 of the 4 machines (on my bench) were infected using the Trojan method – the User (unwittingly) downloaded and installed (willingly and on purpose) the infection. Please read Download Danger – the “Trojan” if you have not already.

The 4th machine was “drive-by” infected via unpatched (out-of-date) software. The User was in the habit of clicking “Remind me later” and never actually finding a convenient time to click “Install” when prompted by a pop-open. They visited a website that had been “poisoned” by a hacker and the hacker’s code attacked the unpatched vulnerability… no action on the User’s part was required.
The cure for this one is to realize that nothing you are doing on your PC is more important than applying the “a newer version”/”update”, as these releases are SECURITY fixes. (Yes.. I’m shouting.) To make sure you don’t have any unpatched/obsolete software on your system, click here, and then click on “Start scanner”.

Allow me to repeat:
I have written many articles regarding the epidemic that is “cybercrime”, and done my best to keep my readers informed about current scams, hacker techniques (like “social engineering” and “phishing“), as well as malware (Spyware, Trojans, worms, viruses, keyloggers, etc.) and provided you with advice and How-To’s for staying safer online.
(i.e., I have told you that malware has evolved into military-grade instruments.)

One item I have mentioned several times is the use of a free “online virus scanner” to help detect and remove malware that has managed to sneak past your current defenses (and don’t kid yourself, there are plenty of types that are capable of this trick). There are many such scanners out there, and some of them are fakes designed to trick you into thinking you’re infected — I suggest you avoid those!

Internet Security writer Bill Mullins published what I think is the perfect summary and analysis of the “good” online virus scanners, and their uses. I highly recommend you visit Think You’re Infected? Find Out – Run An Online Scanner From Your Browser and learn about these very important (free) tools.

Related: To read my other articles on malware, and how to deal with it, click here.

If you would like to hire me to clean your infection, click here.

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

June 26, 2010 Posted by | computers, cyber crime, how to, Internet, security | , , , , , , , , , | 8 Comments

Disable the Preview Pane For Safer Computing & Less Spam*

Disable the Preview Pane For Safer Computing & Less Spam

[note: if you are looking to see who won this week’s contest, click here.]

A recent article on spam (e-mail) prompted a reader to send in this good question,

Q: “Hi Paul –
You wrote “don’t even open e-mail from unknown sources.. doing so can/will mark your e-mail address as a “live” person, …”.
How do we delete without opening a specific email message?   Even while deleting in bulk the first email in the highlighted selections opens.  I’m using Outlook Express.  Thanks for your help!

* What is being referred to is the feature common to e-mail clients called the “Preview Pane”.”

A: Dear Reader–
You’re correct that most webmail settings, and e-mail clients, (by default) have what is called a “preview pane”, which opens the first (topmost/most recent) e-mail in your Inbox, and shows you the first few lines of the e-mail. Yes.. this will trigger whatever the spammers/hackers are using to verify receipt (such as downloading an invisible jpeg). Because of this, I always turn the Preview Pane off.oe_new
To do this in OE, click on the View menu and select Layout.
Then in the Preview Pane Properties, uncheck the “Show preview pane” checkbox.

BTW– by exploring Properties/Options/Settings/Preferences (different names for the same thing), you can disable the preview pane in every e-mail viewer.. (i.e., Thunderbird), and webmail (i.e., Hotmail, Gmail, etc).

Tip of the day: While many people find the preview window a convenient way to skim their incoming mail, using it automatically opens your machine up to security risks — especially if you are allowing HTML, and/or images, as the OE pictured above does — and tells anyone who’s interested that yes, is a valid address: suitable for spamming.
The spammers (and advertisers) collect lists of these validated addresses and sell them to each other.

I advise disabling the feature, and doing without the ’speed enhancement’ of previewing. Doing so will reduce the amount of spam you receive, improve your privacy, and close the door on one of the methods hackers can use to infect your machine.

Today’s free download: Open Office A new version of very popular free office suite is now available. Support for Office 2007 formatting and improved PDF creation in Writer highlight the big additions for business users. A new Start Center provides a launching pad and makes it easier to switch between tools.

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

June 25, 2010 Posted by | advice, computers, e-mail, Internet, privacy, spam and junk mail | , , , , , , , , , | 3 Comments