Listen to the Podcast
2 Apr 2021 - Podcast #737 - (20:45)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
Security threat surround us. Several months ago, I signed up for a Liker account. Liker is probably doomed to fail, but it offers an approach that differs from Facebook. Then, halfway through March I received a message from Mozilla that said my Liker login credentials had been involved in a breach. Later that day, Liker sent a message that said the service would be shut down until they reworked their code to be more secure.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
There's no real need for concern because the credentials I used for Liker were specific to Liker. The organization that committed the breach may have gotten my email address. That's no concern because my email address isn't exactly secret. They may also have gained access to my password, but so what! I reuse passwords only for the most trivial services, and even that is rare.
My Liker password, which is t8HtaPovGG7, was generated using random characters. When Liker signs back on, the first action returning users will need to do is change their password. So I'm not concerned about having just told you my password. It's not used for any other account, and it will never be used again.
The internet is a wonderful thing, but it's also a terrible thing. It connects us, but it also makes it easy for those who want to divide us to spread false information. And theft no longer has to be done in person. Someone halfway around the planet can use your computer to spread spam and malware, to collect information needed to assume your identity, and to extract money from your bank account.
They can also attack your computer with software that encrypts all of the files and then demand $1000 to unlock the files. Security is a complex topic. Large organizations have entire departments that continuously look for weak spots. Individual home users simply can't afford that kind of security.
In 1999, I wrote about how to guarantee absolute computer security with a confidence level of about 99.9999%: Disconnect the computer from any network (intranet, local area network, and internet); remove any network interface card from the computer; remove any serial ports or internal modem from the computer; remove any parallel port from the computer; remove any USB ports from the computer (and today we would also need to disable or remove Wi-Fi and Bluetooth adapters); place the computer inside a windowless room at the center of an RF-shielded building; place security cameras inside and outside the room, making certain that no camera shows what's on the monitor or what keys the user is pressing; station guards outside the room; allow only one user may be in the room with the computer at any time; log arrival and departure; and prohibit users from taking anything into or out of the room.
For extra points: To avoid break-ins through the roof or tunneling under the floor, the room should be on a middle floor. Floors, walls, ceiling, and doors should all be reinforced with quarter-inch stainless steel.
An arrangement like that would be secure, but it would also be unusable. The law of diminishing returns becomes a factor, so the best approach for most of us is to choose a few security tactics that provide substantial returns and forget about the rest. For the computer to be useful, you'll need it to have access at least to the local network, the internet, disk drives, and printers.
So lets consider five key actions you can take to safeguard your data and your identity.
Password managers do more than just manage passwords. They can help you create good passwords and some have services that let you know if your user name has been involved in a data breach.
Password reuse is a huge problem. Using the same email and password for more than one account is risky. If you've used your Facebook password for a bank account, you may find that your bank account has been emptied. Strong, unique passwords are essential for every significant account, but keeping track of all these passwords manually is impossible. Password managers do this for you.
There are free password managers, but most of the paid services offer useful additional capabilities for a modest fee.
I harp on backup a lot, but it is the single most effective way to recover from a disaster.
If a virus or crook defeats any defense systems you have in place, being able to restore files converts a disaster to an annoyance. Backup isn't magic. You won't be back to normal 10 minutes after you discover a problem, but you will be able to recover. "Difficult" is much better than "impossible".
Several backup methods exist. You can create an image of the entire operating system. You can back up data to cloud-bases services. You can copy essential files to external hard drives or locations such as Google Drive. Consistency is the key.
My online backup constantly copies new and changed files, but there's also a local backup system that does the same with important active files. I create an image backup of the boot drive twice a week. All data files are also backed up each week to local USB drives. That's a "belt and suspenders" approach you might find amusing, but I haven't lost a file in the two decades that I've been using this system.
Some malware applications take control of computers and make them part of botnets that send spam emails and malware, either to every contact in your email program or to lists of potential victims provided by the botnet operators.
You can check to see if your email or domain address has been infected with one of the more recent botnet variants, EMOTET, by visiting this site and entering your email address. That's just one type of botnet, so it's important to watch for signs that your computer might be part of a botnet.
Ensure that your computer's operating system and internet applications are up to date. Every operating system has flaws and many updates are intended to eliminate security problems. An up to date virus scanner will detect some botnets, but don't depend on it. The virus scanner may detect only the virus that installed the botnet, but not the botnet itself. Also watch for system slowdowns. Botnets can generate a lot of network traffic, so watch for processes that create a lot of outbound activity.
If a scammer manages to obtain the user name and password you use to log in to your PayPal account, two-factor authentication will stop them dead. Many services now offer this feature, especially those that deal with financial or personal data.
I wrote about two-factor authentication last July and everything in that article still applies. Two-factor authentication requires you to confirm your account with more than just your user name and password ("something you know") by adding a third component ("something you have").
So a scammer might have both parts of the "something you know" component, but they have no way to gain access to the authentication code. 2FA means you'll spend another five seconds logging in, but 2FA alone massively improves security.
Windows offers three types of accounts: Standard, Administrator, and The Administrator. The "The Administrator" account is somewhat like The Doctor on Doctor Who. There's only one and it's special. The "The Administrator" account isn't even active by default, but it's easy to set up any user account as an administrator.
Best security practice means that you won't use an administrator account because these accounts can be used to install software. A secondary "standard" account is safer, but it's also a pain to use.
If you're cautious, using an administrator account is relatively safe. If other family members use your computer (and this may apply specifically to children), setting up their accounts as "standard" users makes sense.
Users with a standard account can't easily to install malware. If you set your account as a standard account, it's relatively easy to switch to an administrator account when you need to perform an administrative function.
As valid as that point is, I continue to use administrator permissions for my primary account.
A lot of companies offer security software. Most of the third-party offerings degrade system performance when all features are enabled.
I have said for years (decades maybe) that security software should be provided by the operating system developer. At long last, the Microsoft firewall that's included with Windows 10 is adequate and the security tools included with Windows offer good protection. I've been using the Windows defaults for several years.
The third-party tools include advanced features, but they can also significantly degrade system performance.
Making your computer secure may seem to get in the way, but security procedures don't need to make the computer harder to use and they do protect your data, your money, and your identity from thieves.
When it's time to replace your computer's monitor, you might be looking for something larger than what you have now. And then you encounter sticker shock.
You might find a Benq 32-inch monitor ($1200), a ViewSonic 32-inch monitor ($750), and a Samsung 32-inch monitor ($320). Of course, if you need two monitors, the price is doubled. But you know that most televisions have HDMI inputs, so why not use a television as your monitor. You find an Acer 32-inch television ($219), a ViewSonic 32-inch television ($210), and a Vizio 31.5-inch television ($170).
The choice might seem obvious, but is it? We can do many things that perhaps we shouldn't. Just because you can climb up onto the roof and jump off doesn't mean you should. I think my mother had a saying about things like that. But using a television as a computer monitor doesn't seem to be in quite that category. After all, it won't kill you.
But televisions and computer monitors differ quite a bit. Compared to computer monitors, televisions are large. A 32-inch television is small, but a 32-inch computer monitor is huge. This means you can get a larger screen by choosing a television, but your eyes may not thank you.
Television sets are generally not viewed from 19 inches, which is a common viewing distance for computer screens. So televisions are intended to be watched from across the room. What's viewed on a television screen is substantially different from what you'll view on a computer monitor, too. Yes, you might watch a DVD on a computer screen or on a television screen, but the computer monitor will be used more often for text and photographs.
The refresh rate on televisions is slower and display latency can make the image seem blurry, a problem that's exacerbated by close viewing. Televisions with organic light-emitting diode (OLED) displays are better in this regard.
So in general, using a television as a computer monitor usually isn't a good idea.
Perhaps you use an application such as Speccy, SpeedFan, HardwareInfo, or any of several other applications that keep an eye on what's going on inside the computer. If so, you may have wondered why each core in the central processing unit reports a different temperature and why the readings vary so much.
After all, the computer is just sitting there. The temperature in the room isn't changing. There aren't any external factors that would affect the temperature. Yet the temperature of the CPUs may vary from 45°C to 80°C. That's quite a change. Most technical measurements are made using the Metric system, for those of us in the few remaining countries on the planet that still use the old Imperial system, that's a range from 113°F to 176°F.
Why? The computer might look like it's just sitting there, but it's always doing something. It's watching for you to move the mouse or type on the keyboard. Maybe it's waiting for voice input from you. It could be backing up files to a cloud-based system. It's processing and sending data to the screen all the time. When the computer is largely idle, the CPU temperatures will be lower. Ask the computer to render a video, and the CPU temperatures will rise dramatically.
Consider what happens to you at the gym. When you walk in, you're cool and comfortable, but half an hour later, you'll be hot and sweating profusely. That's what's happening inside the computer. Every time you ask the CPU to do something more, it gets a bit hotter.
But why do the individual cores vary so much? They're all part of the same physical CPU and it's probably not much larger than a commemorative postage stamp. The temperatures are generally close, but the cores vary a bit depending on how much work is being assigned to each.
The various monitoring applications provide different kinds of information. Speccy (1) monitors all of the computer's subsystems. I use it once a week to see if anything is significantly out of line. It shows temperatures for the CPU cores, but no graphs. To see performance over time, I can run SpeedFan (2), which has a graphing option that shows changes over time. HardwareInfo (3) offers some additional information, such as the distance to TJmax, which shouldn't be confused with clothing store T.J.Maxx.
The TJmax value is the temperature at which the CPU will automatically initiate throttling to slow itself down and avoid overheating. Core 0 is reporting a temperature of 53°C and a distance to TJmax of 47°C, so the core would need to reach a temperature of 100°C (212°F) before throttling would occur.
Temperatures generally don't become a problem unless the user is "overclocking" the CPU by running it at a higher speed than it was designed for, or if the computer's fans or heat vents are blocked.
Microsoft offers "S Mode" installations for Windows 10 computer. The S stands for "security", but you may find it so limiting that you can't use it.
S Mode isn't exactly new. Microsoft introduced it in 2017. It's worth considering for low-end computers and those used by anyone who's likely to get into trouble by downloading and installing rogue programs. Most of us won't want the limitations, but there are good points: Documents are automatically saved to OneDrive instead of locally, so the computer doesn't need as much local storage. Also, it's stripped down so that it will work on low-power CPUs.
No local storage? Minimal CPUs? Does that sound familiar? Should this operating system be called Microsoft Windows Chrome instead of Microsoft Windows S?
S Mode has another factor in common with Chromebooks: You can obtain applications only from the company store. If the app isn't in the Microsoft Store, you can't install it. That means no Adobe Creative Cloud, few (if any) open-source applications, and no music or video players except those Microsoft offers. The only protective application available is Windows Defender, which is actually quite good, but that's a lot of noes. Oh, and the only web browser available in Microsoft Edge.
Security and usability are almost always at odds with each other, but this seems to be an extreme case of security with severely limited usability.
So if you bought an S Mode computer and find it far too limiting, the good news is that you can turn it off. Go to Settings > Update And Security > Activation. In the Activation menu click Switch To Windows 10 Pro or Switch To Windows 10 Home (depending on which version the computer has). But be sure before you make the change. Once you've installed the full version of Windows, you can't return to S Mode.
Criminal organizations are using Instagram to sell counterfeit Apple products worldwide according to a report from Ghost Data.
The report, Instagram as a Wholesale store for fake Apple products (PDF), says Ghost Data has documented that factories/vendors are using Instagram to sell counterfeit Apple products, accessories and parts around the world, identifying more than 160 such merchants, most of which are in China. The report claims that Instagram accounts offer a wide variety of counterfeit Apple accessories: EarPods, AirPods Pro, power chargers, cables and and other components such as screens and batteries.
Ghost Data is an Italian research group that focuses on social media.
The first web browsers were text only. Then came the ability to add graphics. By 2001, website designers had access to half a dozen or so typefaces that were considered "safe" because they were installed on most computers or had acceptable generic fall-back options. Designers wanted more.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Bitstream WebFont Wizard offered a way to display more adventuresome typefaces. I illustrated it with the Curlz typeface. It didn't work with all browsers and users of Internet Explorer needed to download and install the WebFont player. Developers paid about $200 for the application, but many considered it a worthwhile investment because they could create easily distinctive websites that worked on some browsers.
Today that technology looks primitive. Google offers a library of 1043 free licensed font families and APIs that any website designer can use on any website. Just like this.