TechByter Worldwide

Listen to the Podcast


14 Apr 2019 - Podcast #638 - (18:33)

It's Like NPR on the Web

If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.

PayPal

Subscribe

14 Apr 2019

Privacy Questions About Windows 10

By default, Windows 10 shares information about your computer with Microsoft. I have never considered this to be much of a privacy threat, but some people do. The default settings can be changed, but it's a good idea to first understand what Microsoft is collecting and why.

Microsoft uses Windows diagnostic data to help with development decisions. The company says that this data "gives users a voice in the operating system's development." Not everyone agrees with that and some see threats where I believe no threats exist. Or that potential threats are balanced by the advantages users receive from the information provided to Microsoft.

Microsoft lists six key privacy principles that are considered when telemetry data are collected from customers' computers:

An example: A video driver caused some Windows 10 devices to crash and reboot. The diagnostic data sent automatically to Microsoft made it possible for developers to identify the problem. Microsoft contacted the company that made the video driver, received an updated driver from that company, and started testing it in the Windows Insider program within 24 hours. The new device driver was validated and then pushed out to users the next day. From start to finish, resolution took 48 hours.

Two kinds of data might be included in a crash dump or otherwise sent to a Microsoft site: Diagnostic data and functional data. These can be confused. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user's location for local weather or news is functional data that the app or service requires to satisfy the user's request. Desktop settings that are synced to several devices are also functional, not diagnostic.

I am not one who sees nefarious actions lurking behind Microsoft's collection of user data, but I understand that some people would like to limit what Microsoft can see. That's not always an easy task because the settings are in various operational groups. Wouldn't it be great if there was an application that gathered all the privacy settings in one location?

 Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

TechByter ImageSuch an application exists. It's called WPD and it's available from the developer's website. WPD does not have to be installed. Just download the zip file, extract WPD.exe, and run it. The application is free and contains no ads. It also includes two extra components: One for firewall rules and another for removing apps.

TechByter ImageStart with the button at the top of the screen: Privacy. This leads to an enormously long screen that shows the current state of your computer's settings and allows you to enable or disable features. A quick review will show that this includes features you might not know about. In fact, that's almost guaranteed unless you're a Microsoft operating system developer or product manager.

TechByter ImageWPD is worth every penny you didn't have to pay for it. Most of the settings display a question mark in a circle and clicking that displays an explanation of what will change if you disable an enabled setting or enable one that is disabled.

When making changes, it's important to understand what effect the change will have. If the explanation provides insufficient information, an on-line search will probably help.

Additional Components

TechByter ImageThe second section of the application is for firewall rules. Windows 10 includes a firewall as part of Windows Defender. If you want to use the WPD firewall rules, you'll need to turn off the built-in firewall. Windows 10 will rely on the built-in firewall if it's turned on and ignore any other firewall.

If you're satisfied with the Windows Defender firewall or you don't have a good understanding of how firewalls work, it's best to just leave this section alone.

TechByter ImageThe third section is an application remover that's limited to removing Windows apps (not Desktop applications). Because Add and Remove Programs can uninstall most apps, you might wonder why this section is present.

You'll note that I said Add and Remove Programs can uninstall MOST apps. Most is not all. By default, Microsoft doesn't allow users to remove some apps. Xbox, for example. If you don't use Xbox and want to remove it, WPD is the tool for the job.

WPD is a good example of a free application, but use it with care.

Short Circuits

Yes, You Do Need a Password Manager

A tech writer whose work I respect is adamantly opposed to password managers because he believes that having all of his passwords in one place makes them easier to steal. A poorly designed password management system could be a security issue, but what I consider to be a tiny threat is outweighed by the advantages a password manager provides.

Those who don't use a password manager tend to engage in one of several risky behaviors. They may use the same password for all sites, store passwords in a text file, or write passwords down. For home users, writing passwords on a list is relatively safe. Reusing passwords or keeping them in an unencrypted file on the computer are not.

I've seen statistics that suggest the average US internet user has 100 to 150 passwords. I have about 340 passwords to keep track of. They're all supposed to be unique, but I can tell you that not all of mine are. Passwords for bank accounts, medical providers, and anything related to finance are all long, complex, and unique. Something like zHL0H#T!9AQ^pbU-23 (which is not a password I use). Eighteen characters, upper and lower case letters, numbers, and symbols. There's no way I could remember even one password like that and certainly not several hundred.

Passwords are sometimes reused for trivial sites such as newspapers or support sites, but even then I generally create a password that follows a pattern. Because these passwords are shorter, sometimes the pattern creates identical passwords for more than one site, but using the same password for many sites is dangerous. Not every site stores passwords securely and a breach that includes a user name and password leads crooks (who, by the way, aren't dumb) to try the user name and password with financial institutions. Many financial institutions include an additional question in an attempt to block thieves.

So you need a password manager. I use LastPass, but others such as Dashlane, 1Password, RoboForm, ZohoVault, and KeePass2 are all good choices. These password managers store all of your passwords in an encrypted file on your computer and some also store the passwords in the cloud. That's what causes some people to worry.

If there is one password that absolutely must be long, complex, and unique, it's the one that you use for the password manager. Anyone who learns the user name and password for your password manager has indeed stolen the keys to the kingdom. The password I use for LastPass is 21 characters long, it includes upper and lower case letters, it includes numbers, it includes symbols, and it is astonishingly easy for me to remember. No, I'm not going to tell you why it's easy to remember.

In addition to storing passwords and making them available on every computer or mobile device you use, most have the ability to create long and complex passwords that are more random than what you would create by just poking keys on the keyboard. Most password managers defeat keylogging software by pasting user names and passwords in when you log on to a site.

Your user names and passwords are stored on-line, but they are encrypted and salted. The encryption typically uses your password to create the hash and the procedure uses AES-256 encryption. Of course, if crooks do get your credentials, they have everything needed to access every account you have -- so make the password strong and complex, protect it carefully, and use two-factor authentication that most password managers provide.

Although your browser may offer to save passwords, browsers are not password managers. Some store credentials in plain text. In addition to using a real password manager, it's important to delete any passwords that have been saved in a browser and to turn off the browser's ability to save passwords.

The 20 worst passwords don't change much from year to year and I have to wonder what people were thinking when they selected these: 123123, 12345, 123456, 1234567, 12345678, 123456789, abc123, admin, dragon, football, iloveyou, letmein, login, master, monkey, passw0rd, password, qwerty, starwars, welcome.

Your Windows Computer Can Start Fast, so Why Slow it Down?

Windows 10 has a fast startup option. Most people feel that any time spent waiting for a computer is wasted, so making sure the feature is enabled seems like a good idea. Not everyone agrees, though, and there are valid reasons for both options. Maybe that's why Microsoft makes it an option.

Windows PCs have several Advanced Configuration and Power Interface (ACPI) power states. When the computer is running, it's in S0 power state, but several other states exist, from S1 to S5. Do you turn off you computer at night, put it to sleep, or allow it to hibernate? Hibernate is power state S4. A hibernating computer will appear to be off, but it can resume to a state with all of the applications open that were there when it entered hibernation state. The S5 power state occurs during a reboot and G3 means the computer is fully off.

TechByter ImageWhen fast startup is enabled, the computer shuts down and although you're logged out and all applications are closed, the Windows kernel state is saved. The file is much smaller than a hibernation file and it allows the state of the kernel to be restored quickly.

You can see this if you open the Task Manager and navigate to the Performance tab and select CPU. Although I usually shut the system down each night, this panel reported up time as 14 days, 18 hours, 30 minutes, and 12 seconds. This little trick saves time if the computer has a standard hard disk, but there's little performance increase for computers with solid-state drives

TechByter ImageIf the boot drive has little space, disabling fast startup will release space used by the file that stores the kernel's state. In some cases, users have reported that problems with their computers are resolved when the computer fully shuts down and restarts without benefit of the fast startup file. Turning the feature off is a way to test this on your computer.

TechByter ImageTurning fast startup on or off is easy enough. Open Settings and (1) choose Power & Sleep and (2) click Additional Power Settings. This will open an old-style Control Panel dialog. Click (3) Choose what the power buttons do.

This will open a System Settings dialog with several shutdown settings in the lower half of the screen. These will be disabled until you click (4) Change settings that are currently unavailable and accept the User Access Control warning. Then you can (5) change the fast startup option and save the results.

Spare Parts

What Really Happened at Mar-a-Lago?

A blog post by Malwarebytes Labs examines the case in which a 32-year-old Chinese woman tried to gain access to the Florida resort owned by Donald Trump. She was carrying four cellphones, a hard drive, a laptop and a thumb drive that was found to be infected with malware.

Thumb drives are commonly used to infect targeted computers, but there are questions about the intent and about whether the woman knew the thumb drive was infected. According to the post, there are two plausible possibilities: The malware was placed on the thumb drive intentionally with the goal of infecting systems near the president or the woman was unaware that malware was on the thumb drive.

The blog post quotes William Tsing, an expert on China and advanced persistent threat (APT) malware: "Although China has a long history of manipulating members of the Chinese diaspora towards espionage goals, we lack sufficient information at this time to conclude definitively that Zhang was engaged as an intelligence collector. What we can say for sure is that businesses at high risk of cyber attack – such as Mar a Lago – can take measures to lower their risk profile. Knowing your customers, and what legitimate business activity looks like, can assist in spotting fraudulent or dangerous behavior. Empowering employees to challenge or alert to suspicious activity can stop an attack in its tracks. Lastly, hotels of any sort are functionally impossible to secure well due to their transient population, and should not be the location of any sensitive or significant business transactions."

The next question is whether this was simply an amateur attempt or something that was truly sponsored by the Chinese government. At a bond hearing on 8 April, Assistant US Attorney Rolando Garcia told Magistrate Judge William Matthewman that many questions remain” about Yujing Zhang. An arraignment is scheduled for 15 April. The full blog post is on the Malwarebytes website.

Drones for Public Safety

Not everyone likes drones. In fact, a lot of people hate them, but they are useful tools for photographers and increasingly they're being used by public safety agencies.

Drone maker DJI has established a partnership with the Los Angeles Fire Department to create, test, and deploy drone technology as an emergency response and preparedness tool. DJI enterprise partnership manager Bill Chen says the agreement will benefit both the company and the fire department by giving DJI operational feedback while allowing the fire department to deploy drones in emergency situations.

So far the LAFD has flown over 175 incident-related missions using drones that are equipped with visual and thermal imaging cameras for real-time video and data transmission to incident commanders. The technology will be used to identify hot-spots, map wildfire response, and provide information about water rescues, hazmat operations, and urban search and rescue missions.

DJI has published a white paper (Effectively Deploying Unmanned Aerial Technology in State and Local Government) that addresses how drone technology can provide useful emergency information. It's available on the DJI website.

Combating Smoking, Unhealthy Eating, and Anxiety

MindSciences, the developer of a new website says the portal will provide techniques to help people with behaviors they want to change, including smoking and poor eating habits.

DrJud.com recognizes the founder of MindSciences, Dr. Jud Brewer, who specialized in addiction medicine, neuroscience, and habit change. The sites three apps are aimed at some of today's most significant health challenges: smoking, dysfunctional eating, and anxiety. The apps have been around for a while, but were marketed separately. Now they're all available in a single hub.

The company's apps are built on over a decade of research, $11 million in funding and the experiences of thousands of users both in clinical trials and real-world use. Brewer says that his goal "has always been to provide evidence-based health solutions to as many people as possible." The issues are difficult for people and Brewer says they often feel stigmatized. "These are common problems and many if not most of us have struggled with them at one time or another. In fact, we refer to them as everyday addictions because they are so ubiquitous."

In the US alone, an estimated 40 million adults experience anxiety disorder, cigarette smoking is the leading cause of preventable disease and death, and binge eating is a common eating disorder that affects millions more people than are formally diagnosed.

More information is on the Dr. Judd website.