Listen to the Podcast
6 Aug 2021 - Podcast #755 - (19:48)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
Much has been written about spyware recently because spyware from the NSO Group has been found on smart phones owned by world leaders and journalists. It's not just phones that are at risk, though, and it's not just world leaders and journalists.
It's easy, but sometimes time consuming, to check your computer for signs of malware. I'll show the process for a Windows machine, but similar processes exist for Linux and the MacOS.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Start by opening either the Command Line or PowerShell as an administrator. The command to run is "netstat" (Net Status) with a -b switch: netstat -b. The result will be dozens (or possibly hundreds) of lines of output, so my preference is to capture the output in a text file. To place the file I called "netstat.txt" on drive D in the _TEMP directory, I used this command:
netstat -b > D:\_TEMP\netstat.txt.
The -b switch means that netstat will display the executable involved in creating each connection or listening port.
Each process that has a network connection will display two lines of text. Example:
TCP 192.168.1.198:23022 ord38s29-in-f10:https CLOSE_WAIT
[googledrivesync.exe]
In some cases, more than two lines will be displayed. Example:
TCP 192.168.1.198:16125 static-75-76-84-32:http TIME_WAIT
TCP 192.168.1.198:16129 72.21.81.240:http ESTABLISHED
CryptSvc
[svchost.exe]
Each line displays the protocol being used, the local address, the foreign address, and the connection state. So "TCP 192.168.1.198:16129 72.21.81.240:http ESTABLISHED" means that an HTTP connection using the transmission control protocol (TCP) has been established between the local IP address 192.168.1.198 on port 16129 and the foreign address 72.21.81.240 by CryptSvc using svchost.exe. How's that for easy to understand plain technobabble?
Here's how to sort out the meaning:
It's OK to ignore the protocol. The common ones are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). If you want to know more about the protocols, W3Schools has a reasonably clear explanation.
The local internet protocol (IP) address is 192.168.1.198. 192.168.1.XXX and 192.168.0.XXX are the most common IP ranges for home networks and some small-office networks. 198 happens to be the local address that my computer has received from the router on the day I was testing.
The port being used (16129) is not "well known", which means that it's not in the first 1024 ports (0 through 1024) that are typically used for specific services: 25 for the Simple Mail Transfer Protocol (SMTP), 80 for HyperText Transfer Protocol (HTTP), and 443 for Secure HyperText Transfer Protocol (HTTPS). Ports 1024 through 49151 are "registered" and ports 49152 to 65535 are "dynamic". You'll see a lot of ports in the dynamic range.
Now we're getting to the important part: The foreign connection. It's not unusual for the "foreign" connection to be on your computer ("LAPTOP-FAPUO6JL" in my case) or to a local IP address that starts with 192.168.1 or 192.168.0. You can ignore most of these. What you're looking for is connections outside your network by processes or executables that you don't recognize.
So CryptSvc is using svchost.exe to connect to 72.21.81.240. Is that good or bad? What is CryptSvc and what is svchost.exe?
The executable (svchost.exe) is a common Windows application, but how do we know that? Google, DuckDuckGo, or Bing is your friend. Ask "what is svchost.exe" and you'll get a list of responses from sites such as LifeWire, HowToGeek, File.Net, ShouldIBlockIt, and more. Some of the sites that appear in the search can be a bit dodgy. To be safe, don't click any links that offer to "fix" the computer. Just gather information about the application. This one is easy: "The svchost.exe (Service Host) file is an important system process provided by Microsoft in Windows operating systems. Under normal circumstances, the svchost file isn't a virus but a critical component for a number of Windows services." (LifeWire)
We now know that a valid Windows process is being used, but what about CryptSvc? Return to your preferred search engine and ask "what is CryptSvc". "The process known as Cryptographic Services belongs to the Microsoft Windows Operating System..... The genuine "cryptsvc.dll" Windows Cryptographic Services library module resides in 'C:\Windows\System32'." (File.net)
This is a Windows process that's using a Windows service to connect to 72.21.81.240. It's clear that this isn't spyware, but if you get to this point and still have questions, it's easy to find out who owns that IP address. Visit WhoIs.com and type the IP address into the WhoIs box at the top of the page. This IP address is owned by Verizon.
That seems like a lot of work, and checking every connection would be tedious. Checking every connection isn't necessary, though. I recognize Adobe CEF Helper.exe, Code42Desktop.exe, Code42Service.exe, Dreamweaver.exe, OUTLOOK.EXE, OneDrive.exe, Spotify.exe, googledrivesync.exe (Backup and Sync from Google), and msedge.exe (Microsoft Edge) so there's no need to check them.
That leaves a few to be checked. This will take a while, but you'll then have a list of known safe files and processes that you won't have to look up again.
If you find spyware, it can be removed using a well documented process on WikiHow. Before proceeding though, scroll to the the bottom of the article and read the warnings! It's important to create a restore point so that you can get back to the original configuration if you accidentally uninstall something that's essential. To avoid having to do that, make sure that what you're uninstalling really is spyware. And be sure to download applications listed in the WikiHow article only from legitimate websites because rogue sites that promise to remove malware and spyware can actually install more.
If you'd like to learn more about the NSO software incidents, the Guardian newspaper has an organized and detailed explanation on its website.
When film was king, the highest quality images were created by professionals who used cameras that accepted sheet film — one sheet at a time — 8x10 inches, 5x7 inches, or 4x5 inches. A photographer might spend two hours setting up an image and then expose just one or two sheets of film.
For portrait and wedding work, medium-format cameras were common. They used 120 and 220 roll film that took 12 or 24 square images per roll. Non-square options also existed. Wedding photographers eventually migrated to 35mm single-lens reflex cameras.
And then digital cameras changed everything.
Smart phone cameras are probably the most used cameras now, but digital SLRs and mirrorless cameras are still popular choices. Camera manufacturers have started offering digital medium-format cameras. Maybe you're thinking about buying one.
There are several things to keep in mind if you are:
Medium-format digital cameras exist for a reason. So do APS-C and full-frame digital SLRs. So do mirrorless digital cameras. And smart phone cameras. What's important is not the size of the camera, but the photographer's eye to compose an image and the photographer's brain to choose the right equipment for the job.
If disinformation wasn't bad enough, now we have deepfake videos that can appear to be legitimate and real. "The camera doesn't lie" was never true, but now it's even easier to lie. Do you think you can spot a fake?
Fakery isn't new. Some Civil War era photographs were manipulated. Soviet dictator Joseph Stalin ordered people to be removed from photographs after they had been "liquidated" for disloyalty. In those days, images had to be manipulated manually — in the early days by being cut and reassembled. The Soviets added airbrushing. These weren't changes that could be made quickly or easily.
Computer-based image and video editing makes the process much easier and faster. Some of the work is amateurish and easy to spot, but some is virtually impossible to tell from reality. Big companies such as Adobe and Microsoft are attempting to create ways to identify fake videos, but these are probably doomed to failure.
They will fail, not because the technology isn't good enough, but because some people are willing to be fooled. Those who are willing to think critically about photos and videos found on the internet are likely to be more accurate defenders of truth than all the technological defenses.
There's no proof that he ever said it but Mark Twain (probably the most frequently misquoted person on the internet) is credited with saying "A lie travels around the globe while the truth is putting on its shoes," or maybe "A lie can travel halfway around the world before the truth can get its boots on." Although those are accurate statements, it's unlikely that Twain said them: The quotation is usually dated 1919, which is remarkable because Twain died on 21 April 1910.
Microsoft, the BBC, CBC/Radio-Canada, and the New York Times are promoting a technology that embeds GPS information about where a photograph was taken, along with other security devices, to make it "impossible" for someone to alter the image or video without the change being detected. Yeah. Impossible until somebody figures out how to break the process, and somebody will.
Adobe's actions address images used for editorial purposes by news organization so that the source of an image or video can be documented.
Microsoft offers an online quiz that you can take to determine how good you are at identifying fakes. I got nine of ten right, but one of those was simply a coin toss. The primary takeaway from the quiz is that we should all think critically about what we see and read. "Creators of manipulative deepfakes, and other media," the accompanying text says, "often try to trigger people to think with their heart instead of their head. One of the best things to do is monitor how you are responding emotionally to a video or photo, and if you have a strong response, ask yourself why the creator of that media might want you to feel that way."
We are drowning in a sea of lies that are designed to create disunity. Are we smarter than the manipulators? I hope so.
Your computer may have a solid-state boot drive. If not, your next computer almost certainly will, but that doesn't mean mechanical drives are gone. The SSDs are fast and are good choices for the drive used to boot the computer and store the applications. They're still a bit on the pricey side for storing data, though, and giant mechanical drives are being developed.
If you're looking for the best possible performance for storage, you can find 8TB solid-state drives in the $600 range. By comparison, a high-quality 8TB mechanical drive will probably cost less than $200.
New mechanical drives may use graphene instead of the usual carbon plate covering. Doing this will increase capacity. 16TB drives using this technology will be pricy at first, but prices drop over time. They also may use heat-assisted magnetic recording for more precise reading and writing. The disks are heated and this allows more greater data density. One problem is that old style carbon coverings were damaged by the heat. Using graphene resolves that problem.
Don't look for heat-assisted magnetic recording to show up in portable devices where heat is always more of a problem, but those who need to store enormous amounts of data will be able to store more data in less space.
Research by the Univerity of Cambridge has more details.
Enabling high dynamic range in Windows will improve brightness, color, and contrast if you have a monitor that supports it and when you use an application that can use it. Videos, TV programs, and games will see the most benefit.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Microsoft plans to have Windows use the HDR mode automatically, probably starting with Windows 11, but if you want to use it now, you'll have to enable it manually.
Open Settings and select System. The Display tab is at the top. Scroll down to the Windows HD Color section and click "Windows HD Color Settings".
If you don't see an option to enable HDR, that's probably because the monitor you're using doesn't support HDR or failed to report its status accurately to Windows. The toggle should be in the area I've indicated with a red rectangle, so my system won't support HDR. If you think your monitor should support HDR mode, check the specs to determine if it must be enabled via a setting on the monitor or the video driver.
If you have trouble enabling HDR mode, Microsoft has some suggestions.
The internet was far from ubiquitous.
In August 2001 Reuters reported a McDonald's in Jerusalem that had become the first to offer internet access to distract customers "munching on their Big Macs and fries." Patrons were able to buy 20 minutes of access for about $2, and there are free computer-game terminals for the Happy Meal crowd. The report cited Nielsen/NetRatings stats that put Israelis online eight-and-a-half hours per month — "ahead of Internet users in 14 European countries but slightly behind the United States."
In China, the government had shut down 8000 Internet cafes (out of 56,800 inspected this year) for "promoting crime and corrupting young Chinese by giving them access to pornography." In Afghanistan, the Taliban banned internet, floppy disks, movies, and satellite TV.