Listen to the Podcast
14 Apr 2019 - Podcast #638 - (18:33)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
By default, Windows 10 shares information about your computer with Microsoft. I have never considered this to be much of a privacy threat, but some people do. The default settings can be changed, but it's a good idea to first understand what Microsoft is collecting and why.
Microsoft uses Windows diagnostic data to help with development decisions. The company says that this data "gives users a voice in the operating system's development." Not everyone agrees with that and some see threats where I believe no threats exist. Or that potential threats are balanced by the advantages users receive from the information provided to Microsoft.
Microsoft lists six key privacy principles that are considered when telemetry data are collected from customers' computers:
An example: A video driver caused some Windows 10 devices to crash and reboot. The diagnostic data sent automatically to Microsoft made it possible for developers to identify the problem. Microsoft contacted the company that made the video driver, received an updated driver from that company, and started testing it in the Windows Insider program within 24 hours. The new device driver was validated and then pushed out to users the next day. From start to finish, resolution took 48 hours.
Two kinds of data might be included in a crash dump or otherwise sent to a Microsoft site: Diagnostic data and functional data. These can be confused. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user's location for local weather or news is functional data that the app or service requires to satisfy the user's request. Desktop settings that are synced to several devices are also functional, not diagnostic.
I am not one who sees nefarious actions lurking behind Microsoft's collection of user data, but I understand that some people would like to limit what Microsoft can see. That's not always an easy task because the settings are in various operational groups. Wouldn't it be great if there was an application that gathered all the privacy settings in one location?
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Such an application exists. It's called WPD and it's available from the developer's website. WPD does not have to be installed. Just download the zip file, extract WPD.exe, and run it. The application is free and contains no ads. It also includes two extra components: One for firewall rules and another for removing apps.
Start with the button at the top of the screen: Privacy. This leads to an enormously long screen that shows the current state of your computer's settings and allows you to enable or disable features. A quick review will show that this includes features you might not know about. In fact, that's almost guaranteed unless you're a Microsoft operating system developer or product manager.
WPD is worth every penny you didn't have to pay for it. Most of the settings display a question mark in a circle and clicking that displays an explanation of what will change if you disable an enabled setting or enable one that is disabled.
When making changes, it's important to understand what effect the change will have. If the explanation provides insufficient information, an on-line search will probably help.
The second section of the application is for firewall rules. Windows 10 includes a firewall as part of Windows Defender. If you want to use the WPD firewall rules, you'll need to turn off the built-in firewall. Windows 10 will rely on the built-in firewall if it's turned on and ignore any other firewall.
If you're satisfied with the Windows Defender firewall or you don't have a good understanding of how firewalls work, it's best to just leave this section alone.
The third section is an application remover that's limited to removing Windows apps (not Desktop applications). Because Add and Remove Programs can uninstall most apps, you might wonder why this section is present.
You'll note that I said Add and Remove Programs can uninstall MOST apps. Most is not all. By default, Microsoft doesn't allow users to remove some apps. Xbox, for example. If you don't use Xbox and want to remove it, WPD is the tool for the job.
WPD is a good example of a free application, but use it with care.
A tech writer whose work I respect is adamantly opposed to password managers because he believes that having all of his passwords in one place makes them easier to steal. A poorly designed password management system could be a security issue, but what I consider to be a tiny threat is outweighed by the advantages a password manager provides.
Those who don't use a password manager tend to engage in one of several risky behaviors. They may use the same password for all sites, store passwords in a text file, or write passwords down. For home users, writing passwords on a list is relatively safe. Reusing passwords or keeping them in an unencrypted file on the computer are not.
I've seen statistics that suggest the average US internet user has 100 to 150 passwords. I have about 340 passwords to keep track of. They're all supposed to be unique, but I can tell you that not all of mine are. Passwords for bank accounts, medical providers, and anything related to finance are all long, complex, and unique. Something like zHL0H#T!9AQ^pbU-23 (which is not a password I use). Eighteen characters, upper and lower case letters, numbers, and symbols. There's no way I could remember even one password like that and certainly not several hundred.
Passwords are sometimes reused for trivial sites such as newspapers or support sites, but even then I generally create a password that follows a pattern. Because these passwords are shorter, sometimes the pattern creates identical passwords for more than one site, but using the same password for many sites is dangerous. Not every site stores passwords securely and a breach that includes a user name and password leads crooks (who, by the way, aren't dumb) to try the user name and password with financial institutions. Many financial institutions include an additional question in an attempt to block thieves.
So you need a password manager. I use LastPass, but others such as Dashlane, 1Password, RoboForm, ZohoVault, and KeePass2 are all good choices. These password managers store all of your passwords in an encrypted file on your computer and some also store the passwords in the cloud. That's what causes some people to worry.
If there is one password that absolutely must be long, complex, and unique, it's the one that you use for the password manager. Anyone who learns the user name and password for your password manager has indeed stolen the keys to the kingdom. The password I use for LastPass is 21 characters long, it includes upper and lower case letters, it includes numbers, it includes symbols, and it is astonishingly easy for me to remember. No, I'm not going to tell you why it's easy to remember.
In addition to storing passwords and making them available on every computer or mobile device you use, most have the ability to create long and complex passwords that are more random than what you would create by just poking keys on the keyboard. Most password managers defeat keylogging software by pasting user names and passwords in when you log on to a site.
Your user names and passwords are stored on-line, but they are encrypted and salted. The encryption typically uses your password to create the hash and the procedure uses AES-256 encryption. Of course, if crooks do get your credentials, they have everything needed to access every account you have -- so make the password strong and complex, protect it carefully, and use two-factor authentication that most password managers provide.
Although your browser may offer to save passwords, browsers are not password managers. Some store credentials in plain text. In addition to using a real password manager, it's important to delete any passwords that have been saved in a browser and to turn off the browser's ability to save passwords.
The 20 worst passwords don't change much from year to year and I have to wonder what people were thinking when they selected these: 123123, 12345, 123456, 1234567, 12345678, 123456789, abc123, admin, dragon, football, iloveyou, letmein, login, master, monkey, passw0rd, password, qwerty, starwars, welcome.
Windows 10 has a fast startup option. Most people feel that any time spent waiting for a computer is wasted, so making sure the feature is enabled seems like a good idea. Not everyone agrees, though, and there are valid reasons for both options. Maybe that's why Microsoft makes it an option.
Windows PCs have several Advanced Configuration and Power Interface (ACPI) power states. When the computer is running, it's in S0 power state, but several other states exist, from S1 to S5. Do you turn off you computer at night, put it to sleep, or allow it to hibernate? Hibernate is power state S4. A hibernating computer will appear to be off, but it can resume to a state with all of the applications open that were there when it entered hibernation state. The S5 power state occurs during a reboot and G3 means the computer is fully off.
When fast startup is enabled, the computer shuts down and although you're logged out and all applications are closed, the Windows kernel state is saved. The file is much smaller than a hibernation file and it allows the state of the kernel to be restored quickly.
You can see this if you open the Task Manager and navigate to the Performance tab and select CPU. Although I usually shut the system down each night, this panel reported up time as 14 days, 18 hours, 30 minutes, and 12 seconds. This little trick saves time if the computer has a standard hard disk, but there's little performance increase for computers with solid-state drives
If the boot drive has little space, disabling fast startup will release space used by the file that stores the kernel's state. In some cases, users have reported that problems with their computers are resolved when the computer fully shuts down and restarts without benefit of the fast startup file. Turning the feature off is a way to test this on your computer.
Turning fast startup on or off is easy enough. Open Settings and (1) choose Power & Sleep and (2) click Additional Power Settings. This will open an old-style Control Panel dialog. Click (3) Choose what the power buttons do.
This will open a System Settings dialog with several shutdown settings in the lower half of the screen. These will be disabled until you click (4) Change settings that are currently unavailable and accept the User Access Control warning. Then you can (5) change the fast startup option and save the results.