TechByter Worldwide

Listen to the Podcast


1 May 2020 - Podcast #691 - (19:50)

It's Like NPR on the Web

If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.

PayPal

Subscribe

1 May 2020

Why A Duck?*

Google has the vast majority of search engine market share, but that doesn't mean it's the best choice for everyone or for every search. The much smaller DuckDuckGo has several advantages.

For one thing, Google grabs a lot of information about you when you use the search engine. You may not like that. DuckDuckGo doesn't track you. Perhaps I should note that I have a Google-Fi smart phone and a Google Nest smart speaker and I'm generally OK with Google keeping tabs on me with those devices, but less so with being tracked by the search engine. Yes, that's inconsistent. Still, I've been using DuckDuckGo as my default search engine for a while and feel only an occasional need to use Google.

There are about 25 search engines, but most people would be hard pressed to name more than two or three. In terms of market share, DuckDuckGo is number six with less than half of one percent of the market. Google has a nearly 73% market share according to NetMarketShare.com, with Bing in second place (12%), Baidu (11%), Yahoo (2%), and Yandex (1%). DuckDuckGo and the other 20 or so search engines all share the remaining 1% of market share on desktop and notebook computers.

It's even more lopsided on mobile devices with Google at 83%, Baidu at 8%, Bing at 6%, and Yahoo at less than 2%. But bigger isn't always better. There are good reasons to give DuckDuckGo a try and maybe to set it as your browser's default search engine.

Baidu is a search engine in China, so users in North America and Europe primarily gravitate to Google, Bing, Yahoo, and (occasionally) DuckDuckGo.

Some of the others include:

The NetMarketShare link will lead you to a list of more than 20 search engines if you want to give some of them a try, but for now let's consider Why a Duck.*

 Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

TechByter Image TechByter ImageDuckDuckGo isn't the only search engine that provides privacy. I mentioned StartPage, but there are others. Visit the search engine's main page and you'll see these words: "We don’t store your personal information. Ever." It was the first search engine to make that promise in 2008. It doesn't track users around, doesn't store their search history, and doesn't track users' IP address. The other privacy-centric search engines all followed DuckDuckGo's lead.

DuckDuckGo is about more than just privacy, though. Results are displayed much the way Google displays results. Information is gathered by the DuckDuckBot and several hundred additional resources. These additional resources include Bing, Yahoo, and Yandex as well as Wikipedia and other crowdsourced sites.

TechByter Image TechByter ImageDuckDuckGo uses Yelp for business reviews, hours, phone numbers, and other information. Locations are sourced from Bing Maps unless you tell it to use Google Maps, Here Maps, or OneStreetMap.

One feature I like about DuckDuckGo is what happens at the end of the first page of results. Selecting the next page on Google moves to a new page. DuckDuckGo places a "More Results" button at the bottom of the first page of results. Pressing the button shows more results below the results you've seen. It's not uncommon for me to review several pages of results and then decide that I want one that was on the first page. Instead of having to navigate back several pages, I just scroll up.

Although Google is still the most comprehensive, complete, and feature-rich search engine, I've found DuckDuckGo to be adequate for most of my searches. In any given week, I turn to Google only a few times. Google offers more "vertical" search options than DuckDuckGo with news, videos, images, shopping, books, flights, finance, and personal options compared to DuckDuckGo's more meager selections: web, images, videos, news, and maps.

For obscure questions when you lack some of the important information that would lead to an answer, Google is still the better choice because its search algorithms are continuously revised, tuned, and updated. Google will usually perform better for a search such as "insurance agency in bellefontaine near columbus ave and detroit street"; however, both Google and DuckDuckGo returned the correct answer when I tried this search and DuckDuckGo had the right answer at the top of its list while Google placed it in the fourth position.


* Apologies to the Marx Brothers. In The Cocoanuts (1929) Groucho and Chico are looking at a map. Groucho describes a viaduct and Chico wonders "Why a duck? Why not a chicken?" OK, so that was a stretch.

Short Circuits

Working From Home Exposes Security Issues

Research that shows company security is more at risk when employees work from home is likely to be the least surprising news any chief security officer has ever heard. Not every organization has a chief security officer (CSO) and those that don't are even more vulnerable.

Network security rating company BitSight says it has found significant security issues across the rapidly rising number of networks used to work from home. The research analyzed more than forty-one thousand organizations and BitSight says many companies suddenly face newly exposed or vulnerable devices and services because of malware-infected networks.

I spent several years working in an office for a company that handled a sizable amount of data from the United States and Canada. My desk was adjacent to the chief security officer for a time, so I gained some insight into the issues he faced. I had a home office for the final few years that I worked for the company and appreciated the end-to-end security the company used.

When I had to work with client data, it came to the company's computer on my desk from the company's server. Data was encrypted on the server, during transmission across the internet, and (except for when I was actively looking at it) on the computer's disk drive. Everything was encrypted all the time, but that's only part of the issue.

Social engineering, phishing, and other threats can get through to workers when they're at home. Many companies have started using applications that work with the corporate email system to clearly mark all messages that originate outside the corporate network. But crooks will be crooks and no matter what protections are in place, the crooks will poke around until they find a way to defeat them.

BitSight recently released a work from home remote office application that allows organizations to monitor security on remote offices and networks. The system differentiates between corporate networks that are typically behind several layers of protection and work from home and remote office (WFH-RO) networks.

As a result, BitSight gained visibility into the operations of these remote networks and found that the surge in work-from-home activity has dramatically expanded the cyberattack surface in ways that make companies and their data vulnerable. The results are troubling.

Networks used to work from home are more than three times more likely to have malware present than the traditional corporate network. Malware was found on 45% employees' work-from-home networks, but on only 13% of corporate networks. The fact that so many corporate networks have malware is disturbing in its own right.

BitSight says these home networks are nearly eight times more likely to have five or more distinct families of malware present than the traditional corporate network. Although 17% of companies had at least five distinct malware families on their employees' work-from-home networks, slightly more than 2% of companies were had that level of infestation on their corporate networks. Well-known bot networks — networks of computers infected with malware — are more prevalent on work-from-home networks.

Home networks expose the corporate network to vulnerable services and devices. Cable modems, routers, cameras, storage peripherals, and other internet of things devices are found on home networks and many of the devices fail even simple security tests.

BitSight says more than a quarter of work-from-home networks have one or more services exposed to the internet: Six in ten have an exposed cable modem control interface, a flaw that is one of the most popular flaws attacked by crooks.

Chief Technology Officer Stephen Boyer says that company security risks rise sharply as a massive workforce suddenly accesses sensitive resources from outside the corporate network. "Addressing cyber risk to the remote workforce has become the primary concern for security and risk professionals."

BitSight's report, "Identifying Unique Risks of Work from Home Remote Office Networks" is available on the company's website.

Do You Need All Those Start-Up Applications?

If ever there was a poster child for having too many applications launch with Windows, it's me. I'm willing to accept the time required to start nearly 40 applications with Windows. But if you're unhappy about the amount of time it takes for Windows to be ready for use, maybe it's time to review what's starting with the operating system.

In some cases, the applications I want to start are essential. These include Adobe Creative Cloud, GoodSync, MacroExpress, SnagIt, and CrashPlan. These all perform actions that I need in the background. I call for other applications to run at startup because they speed the startup of applications that I use frequently. Spotify, Evaer (a call recorder for Skype), and Private Internet Access.

You may have told an application to start with Windows, but there may be others that you don't know about because some installers tell the application they're installing to start with Windows, but fail to ask if you want that to happen or even to notify you about what they've done.

Each application that starts with Windows takes a certain amount of time to become ready and each of these applications also consumes a certain amount of memory. Both of these are OK with me because I keep an eye on which applications are starting and disable those that I don't want to start with Windows, and because the computer has a lot of RAM.

This can be a problem on a computer with limited memory and some background programs can get in the way of essential system applications, resulting in an application crash or even a blue screen of death (BSOD). These are much less common with Windows 10, but they do still happen.

One way to see which applications start with Windows involves downloading AutoRuns from Sysinternals. Sysinternals was founded by Bryce Cogswell and Mark Russinovich in 1996. At the time, they called it NTInternals because the utilities they offered for free were intended to manage, diagnose, troubleshoot, and monitor Windows NT systems. The company, Winternals, was acquired by Microsoft in 2006. Instead of going directly to the Sysinternals site, you can start on Microsoft's website. Doing so may allay any fears about the legitimacy of the Sysinternals site.

TechByter ImageAutoRuns startles a lot of users the first time they run it when they look at (1) the size of the current location indicator on the scroll bar and realize that hundreds of entries are being shown. That's because the (2) Everything tab is selected by default. A much less scary list is on the Logon tab.

This is a large and powerful applications, which is typical of Sysinternals applications. They have been written by operating system experts for operating system experts. Sometimes we regular humans need something a little less complex. Startup Delayer is a good choice.

Startup Delayer from R2 Studios will display the applications that start with Windows and allow you to change the order in which they start. For example, you might know that one of the applications you want to have running causes a considerable delay during startup. If it's an application you don't need immediately after the computer starts, delaying it for a few minutes will take it out of contention for resources during the busy startup process.

TechByter ImageStartup Delayer is free, but there's also a premium edition that costs $20 and offers a few advanced features: Copy and paste applications between user accounts, convert running tasks to startup applications, backup and restore all local users and applications, startup profiles, and launch applications on a schedule. A single paid license is good for all computers in the user's home.

So when you're looking for the cause of a performance or reliability problem, checking to see which applications start with Windows is usually a good first step. The Task Manager offers a limited insight into what runs at boot time, but you'll get a much clearer picture with AutoRuns or Startup Delayer.

These applications let you right-click any item and disable it so that it won't run when Windows starts. If that solves the problem you're having, you can leave the autostart disabled and run the application only when you need it, or uninstall the application.

Spare Parts

Mozilla Developers Improve Firefox's Search Function

Most web browsers allow the user to type a search term into the address bar without first opening Google, Bing, Duck Duck Go, or another search engine. Firefox speeds even that quick process. I wrote "most" browsers even though every current browser I know of does this. There might be an outlier somewhere that doesn't, so the wording leaves a little wiggle room.

When you want to perform a search, press Ctrl-L (as in "look") and start typing. Mac users will know that they need to use the Command key instead of the Control key. As you type, the browser will identify any URLs it knows about and suggest them. If the URL is what you want, just press Enter. If you term isn't in the browser's known URLs or if you type more than one word, pressing Enter will open whichever search engine you've defined as the default for Firefox and perform the search.

There's one small gotcha: The new URL or search engine will open in the existing tab. You might not want that, so you first need to open a new tab with Ctrl-T (Cmd-T for Mac users) and then Ctrl/Cmd-L. Does that really save time and effort? Yes, because you don't need to take your hands off the keyboard, locate the mouse, move the cursor to upper right corner and click the plus to open a news tab, move the mouse to the address line, and finally start typing. Ctrl-T, Ctrl-L is faster and easier.

TechByter ImageFirefox has gone beyond that by making the address line smarter. Let's say you're looking for a finger pulse oximeter because it can provide early warning about decreased lung function. So Ctrl-T, Ctrl-L, and "oxime" is sufficient for Firefox to suggest searching for oximeter with Duck Duck Go, along with searches that include stores where you might find one and information about how to interpret oximeter readings. In other words, things that might not have occurred to you but might be useful.

Surveilling Yourself During a Pandemic

I monitor my blood pressure daily. As far as I know, there's no direct relationship between blood pressure and COVID-19, but monitoring my own readings set the stage for using some other small and inexpensive medical devices daily.

A high temperature seems to be an early indicator of a COVID-19 infection. Digital thermometers range in price from about $10 to nearly $100. No-contact thermometers that take readings from the forehead are more expensive, those that take readings from the ear canal are generally somewhat less expensive, and standard oral thermometers are the least expensive.

I already had an electronic oral thermometer, so I added a temperature reading to the morning routine.

TechByter ImageTechByter ImageSome public health officials are recommending a pulse oximeter to measure oxygen saturation in blood. Emergency room physicians have seen people who appeared to be reasonably healthy collapse and die because the virus has severely affected their lungs. The pulse oximeter can provide early warning about dropping oxygen levels. It's painless and quick to use, so I've been checking my levels each day. The text takes about 20 seconds and pulse oximeters, although in short supply, can be found for $30 to $50.

Safe oxygenation levels are 95% and above. Sustained readings below 90% are a cause for concern and readings below 80% are indicative of a medical emergency. So a pulse oximeter might be a few dollars well spent.

Twenty Years Ago: The One and Only Time I Loaded a Virus

"Don't ever open an executable file attached to an e-mail unless you're expecting it." That was something I'd known and preached for years, but in early May of 2000, I received a message that appeared to be from someone at WTVN. "I LOVE YOU" it said and I thought maybe the person who sent it really liked a segment of Technology Corner.

Wrong. The attached file didn't look like it was executable because the Visual Basic extension (VBS) had been obscured. I became one of the victims of the ILOVEYOU virus that spread through email attachments. It exploited the fact that the scripting engine system was enabled by default in Windows at that time.

I had made two mistakes: First, I was the victim of social engineering, and second, I neglected to confirm that the attached file really was just a text file.

The malware started sending copies of itself using Outlook, but I realized what was happening and detached the network cable. Two messages escaped, but damage had been done: Every Javascript, Perl script, cascading style sheet, Visual basic, JPG image, and MP3 file on the computer (about 1300 files) had been overwritten.

The recovery was fairly easy: Notifying two people to ignore the message the virus had sent on my behalf, making a small Registry edit, deleting the damaged files, and restoring the files from backup.

In the 20 years since then, I have managed to avoid this kind of threat.