In addition to malware and ransomware, a new kind of unwanted application might find its way onto your computer. Starting last year, computer security company ESET began warning about websites that use visitors' computers to mine Bitcoin.
Regardless of the legal and ethical aspects of the practice, it's annoying to have someone use your computer without your knowledge or your permission. The mining operations need all the power they can get and that includes borrowing (stealing?) CPU cycles from your computer.
The cost of electricity required to mine a single Bitcoin is currently around $4800 that reflects the astonishing amount of computer power needed. When the value of a Bitcoin was near $20,000, miners could quadruple their investments, but the price of a Bitcoin has fallen to less than what it costs to create, so the miners are looking for a little "help".
Mining costs will continue to rise according to The Motley Fool: "Making matters even worse, the cost to mine a single Bitcoin is only likely to grow over time, for a couple for a couple of reasons. For starters, electricity is a basic-needs service for most everyone, and as such electric utilities tend to possess strong pricing power that allows them to pass along inflation-matching or –topping price increases. In short, inflation all but assures that electricity costs are going to move higher over time."
At least one website, Pirate Bay, a site that has been accused of stealing intellectual property, is experimenting with in-browser mining to replace on-site advertising. Presumably the mining would occur only when a visitor was connected to the site and display ads would be removed.
The news site Salon offers 2 options if a visitor has an ad blocker installed. Option 1 involves turning off the ad blocker and option 2 allows Salon to use "unused computing power" and explains that option this way: "For our beta program, we’ll start by applying your processing power to mine cryptocurrencies to recoup lost ad revenue when you use an ad blocker. We plan to further use any learnings from this to help support the evolution and growth of blockchain technology, digital currencies and other ways to better service the value exchange between content and user contribution."
Salon uses Moneo, which is far more efficient than Bitcoin. Those who choose option 2 will see no ads and while on the site, the computer will run calculations for Salon. "To do that," Salon says, "we are instructing your processor to run calculations. Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site." Nothing is installed on the computer and the process does not access any data stored on disk or in computer memory.
Assuming that visitors are told about the practice (as Salon does), this seems to be both ethical and legal, but a website operated by the Los Angeles times used visitors' computers to mine Bitcoin without their knowledge and without the knowledge of the newspaper. The Homicide Report, operated by the LA Times, lists people killed in Los Angeles county during the past year.
A directory used by the Homicide Report site had been set up with write access enabled. When crooks discovered the security flaw, they took advantage of it to run Coinhive on visitors computers. The malicious code is gone from the website and MalwareBytes has blocked Coinhive since last year.
There are other ways of gaining access to computing devices. Attacks have been crafted to add mining operations to Android devices and malware can be included in Microsoft Word documents. In these cases, the mining operation is installed on your computer or smart phone so that it will run whenever the device is powered.
It's not easy to figure out if someone is surreptitiously using your computer, but both Windows and MacOS computers have tools that may help.
Click any of the smaller images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Assuming you have a reasonably new computer and you're not overloading the system, CPU usage should be in the 20% to 40% range. Occasional spikes are generally not indicative of problems, but beware if CPU usage is consistently high. You can try closing individual tabs in your browser to see if usage changes. That's sufficient to identify a more or less legitimate situation, but if the site has opened a hidden tab or installed malware, it'll be harder to find.
Currently these mining operations seem to use Javascript, which is an essential part of modern websites. You can disable Javascript on specific sites or turn it off altogether. Doing this has its own significant drawbacks. The TechByter Worldwide site makes extensive use of Javascript and, while the site will still be usable without it, your experience won't be as good. Some sites (Facebook, for example) won't even load if you've disabled Javascript.
MalwareBytes, which I use and recommend, seems generally to block mining operations and ad blockers such as AdBlock Plus help. There are also browser extensions that promise to block mining operations. The only one that works with Firefox, Chrome, and Opera is called NoCoin, which you can find on GitHub, but should be downloaded from your browser's add-on tab.
Those kinds of protections would have no effect on malware that's delivered through via image files or links to a malicious site. Researchers at IBM say that those who install malware on your computer are generally trying to generate Moreo coins.
It's a complicated issue. One thing we journalists have learned in the internet era is that few people feel that they should pay for information. As a result, newspaper and magazine staffs are shrinking. Most journalists would do what they do even without pay except for one troubling fact: They need money to pay for food, lodging, clothing, an education for their children, and other frivolous expenses.
If cryptocurrency mining can be used in a legitimate way to fund journalism, I'm all for it.
Net Neutrality isn't a new topic, but it's an urgent topic. I've said before that an effort exists to cast Net Neutrality in a political light, but it seems that most people, regardless of their political affiliation, reject that and prefer to have the protections offered by Net Neutrality remain in place.
You’ve probably heard that Net Neutrality is dead. “So sorry,” they say, “but there’s nothing to be done about it.” That’s wrong. There’s still one final option.
On February 22, the Federal Communications Commission’s rule that destroys Net Neutrality under the guise of “Restoring Internet Freedom” was officially published in the Federal Register. If Net Neutrality is to be saved, it must be done within the next 60 Congressional days (days when Congress is in session).
It’s easy to cast this in political terms because Net Neutrality was established during the Obama administration when Tom Wheeler was the FCC chairman and dismantled by the current FCC chairman, Ajit Pai, who was named to head the FCC by Donald Trump. Pai, however, was appointed to the FCC by Barack Obama.
Research by the University of Maryland’s Program for Public Consultation shows that more than 80% of voters favor Net Neutrality, and that includes a majority of Republicans, Democrats, and independents. Simply put, the ISPs are playing the political card.
Net Neutrality classifies the internet as a “Title II” common carrier and thus gives the FCC the authority to pass rules that ban blocking and throttling of content as well as selling faster lanes to companies wanting to get speedier access to consumers. Supporters include Apple co-founder Steve Wozniak, Tim Berners-Lee (widely considered to be the inventor of the Web), and virtually every company that uses the internet as part of its business operations.
Eliminating Net Neutrality could have a detrimental effect on websites operated by businesses not large enough or wealthy enough to compete with mega corporations. That’s why it’s important to contact your federal legislators and express support for Net Neutrality.
The clock is running and the website you save might be one you like, maybe even this one.
Late last year Code 42 announced that they were discontinuing the on-line backup service for home computers. Priced at $60 per year per computer, the plan was popular and many users were unhappy to see that their backup costs would double to $10 per month. Code 42 offered a 75% discount for the first year, and promised system improvements. Overall, they seem to be succeeding.
The old program interface was scrapped in February and a new interface was released. It's an improvement. In 2016, I rated CrashPlan a 5-cat application and despite the increased price, that rating is still deserved. The new interface's control options are more robust and now include the ability to restrict the use of network resources, both on the LAN and on the internet connection to CrashPlan's servers.
Selecting drives as well as individual files and folders to back up is easy. Clicking a file folder icon on the interface displays folders and files that are inside and selecting a checkbox adjacent to a file or a folder marks it for monitoring and inclusion in the backup. It's important to note that CrashPlan is not intended as an image backup system, so attempting to back up the operating system (the Windows, Program Files (x86), and Program Files directories) is guaranteed to cause problems. Image backups need an application such as Acronis TrueImage and a local USB hard drive for the image file.
Restoring files and folders offers the ability to obtain the most recent version of a file (that's what you'll want most of the time) or an earlier version of a file (and this would be handy if you've modified a file and want to work with the earlier iteration).
Restoring files to a directory other than the location of the original file is easy. This is useful when you need to compare a restored earlier version of a file with the current version. Those who want the restored file to be in the same location as the original file can choose to have CrashPlan re-name the restored file.
A detailed history file is helpful if you need Code42's support team to assist with a problem, but it's also useful if you want to confirm that backups are occurring as intended, how many files are being backed up, how many bytes are being transmitted, and what the data transfer rate is. Users can also have CrashPlan send a confirmation email when backup sessions are complete as well as warning messages if backups fail.
Overall, CrashPlan is a good choice despite the increased cost. At $10 per month, that's still just $120 per year. When compared to the cost of recreating hundreds or thousands of files and losing additional hundreds or thousands of files that could not be recreated, the cost of backup seems quite modest.
A short note from the Mozilla Foundation reminded me of the need to review extensions and add-ons for Firefox, but the suggestion is also worthwhile if your preferred browser is Chrome, Internet Explorer, Edge, Maxthon, Vivaldi, or one of the others.
Firefox and Chrome have the largest number of extensions to choose from. The message from Mozilla points out that extensions are as varied as the internet itself. "From serious jobs like protecting your privacy to not-so-serious stuff like improving your emojis, they’re built to enhance nearly everything we do on-line," the message says.
Mozilla created a page that lists a dozen popular extensions. Some have only a few hundred users (Easy Emoji) and others have well over a million (Ghostery).
You can also visit your favorite browser's on-line extension site.
Taking an hour or two on a weekend day to explore add-ons and extensions for your favorite browser is a good way to improve the tools you use to navigate the web.