The fix/mitigation until there's an official fix
Thursday, March 26, 2020 by DrJBHL | Discussion: Personal Computing
Seems as if all we do is about viruses, anymore, eh?
Well, there's a new zero day vulnerability in Windows and you really should fix it as you could end up infected with ransom ware as a result of its exploitation. MS has found two cases of that, and now that they have described the exploit, chances are much higher of getting hit by it. To get a good description of the problem, check the linked article. If you wish to read the original MS notification, it's here.
"On 23rd March, Microsoft acknowledged a zero-day vulnerability that affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and many versions of Windows Server. However, the vulnerability is a limited targeted attack which means it’s not that widespread and only a certain number of users can be affected — mainly those who deal with font files and the preview pane.
Microsoft has zeroed down the attack to two exploits in the Adobe Type Manager Library which the attackers are taking advantage of. Having said that, the sad part is that Microsoft will be releasing the security patch next month, most probably on April 14, 2020. So until then, you can take a series of actions by yourself which can fix Windows Zero-Day vulnerability on Windows 10 and 7 computers right now."
I'm including a snip of the 'how to fix' article because I added how to deselect the two panels in Windows explorer...it's done with Alt+P, then proceed to the Options, etc.
(from Beebom linked article)
Don't forget to disable the Web client service (at the bottom of the linked article), and then to reboot.
And have a good weekend!
Wednesday, March 25, 2020 by Tatiora | Discussion: Personal Computing
Over the last few months, the Covid-19 Pandemic has changed the way of life for millions of people around the world. Recently in the United States, schools have been closing across the country, prompting educators to do their best to get resources up online so that all learning doesn’t stagnate.
As children and their parents adjust to this temporary new normal, teachers have been working on setting up remote classrooms and teleconference lessons. To help, Google and YouTube have stepped up to the plate by providing new resources for helping teachers to keep their classrooms running.
Google’s page, called Teach From Home, provides several recommendations for how teachers can teach remotely using Google products. Right now, the page features ideas like doing a video call with a class using Hangouts or creating an online quiz using Google Forms. There’s also a “Teach from Home” toolkit, which has a series of slides with resources on how to teach remotely.
The toolkit suggests that teachers can use google calendars to schedule 1:1 appointments with their students, host video conferences using Hangout Meets (which Google has provided a free premium membership to through July), and make a class website. Google’s accessibility settings also make closed captioning possible and help teachers accommodate those with additional learning needs.
The Learn@Home resources highlight educational YouTube channels that students can watch at home. The page categorizes the channels with recommendations for families with kids 13 and older, families with kids five and older, and for families with preschoolers. YouTube has established a partnership with Khan Academy and other educational creators, featuring channels such as Discovery Education, PBS Kids, Cool School, and Sesame Street. Both Learn@Home and Teach From Home are currently available in English, and will be available in other languages very soon.
Google is also launching a $10 million Distance Learning Fund as part of the company’s $50 million contribution made through Google.org, to COVID-19 response efforts. To begin, Google.org will donate $1 million to Khan Academy’s fund to assist them in providing remote learning opportunities for affected students.
Actually is feature rich.
Saturday, March 14, 2020 by DrJBHL | Discussion: Personal Computing
This spring, Windows10 v. 2004 or 2020 first half year update (code named 20H1) will be coming and it's feature heavy, with some meaningful changes such as those in Cortana and notepad, Windows subsystem for Linux (WSL 2), Windows explorer with much better local search and tied to OneDrive, sandbox and virtual desktops, and a beefed up Task manager.
There are more, and I suggest reading up on them in the link above.
And have a good weekend! 😉
FWIW, a new study says Brave...but they didn't test Tor.
Wednesday, February 26, 2020 by DrJBHL | Discussion: Personal Computing
Ghacks is an excellent tech website. It was recently sold, however, the tech content has remained in Martin Brinkmann's extremely capable hands.
So, I was perusing there, as I really didn't want to do an article about MS killing the useless Live Tiles in W10, because Start10 beats anything MS has offered with W8 onward, nor about new icons coming to W10 as I think the icons created here beat them hands down, and always have.
So, Brinkmann discusses the findings of this study, which looked at:
"Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser...to assess the privacy risks associated with this backend data exchange during general web browsing. Questions we try to answer include: (i) Does this data allow servers to track the IP address of a browser instance over time (rough location can be deduced from an IP address, so IP address tracking is potentially a surrogate for location tracking) and (ii) Does the browser leak details of the web pages visited."
The bottom line result is that out of the box, using default settings (like no autofill), Brave won among them all. In Brinkmann's closing words:
"The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality."
But, the study left a bit to be desired, at least for me. Vivaldi, Epic browser and (shhh) Tor weren't in this study, and imho, certainly Tor should have been. Interestingly, Bravo has the ability to apply Tor extension to private browsing ("Private Window with Tor: Tor hides your IP address from the sites you visit").
When Tor is put head to head with Bravo, take a look at the results (pros and cons) from users at Slant. It's not the only site which issued a comparison. Truth be told, though, Tor is slower than molasses in January, because of how it's onion layered switching works.
Without starting a browser war or a "mine is better" contest, I'd really like to hear what you all think.
Sources and links:
Saturday, February 22, 2020 by Frogboy | Discussion: Personal Computing
We’ve had some great discussions on Hard drive speeds over the years.
One of my favorites was the one about whether SSDs was worth it.
I’ve also been benchmarking my PC’s for a very, very long time:
Here is a brief recap:
Most of the CPU speed improvements comes from adding more CPU cores. My 2019 machine has 18 cores, 32 logical threads. My 2008 box was the last machine with only a single core in it. That isn’t to say that the CPU experience isn’t much better these days. I’m just saying that unless your app is using all those cores, you could argue that you could divide these scores by the number of cores to get a better approximation of what a single threaded app would perform like.
Anyway, here are the results from my box today:
Samsung 970 Pro NVME:
Sabrent Rocket NVME 2280:
As a practical matter, they’re both incredibly fast.
In real world practice, an NVME (like these) will have roughly the same load times as a SATA SSD despite scoring a lot lower on the benchmarks.
Feel free to use this thread to post your Hard drive specs and scores to share with others.
And a few useful 'how tos'
Saturday, February 15, 2020 by DrJBHL | Discussion: Personal Computing
The external link is a really useful explanation of how to add some power to the W10 context (right click) menu by Brady Gavin at How to Geek.
I won't waste your time with copying exactly how to do a registry edit, but I will reproduce the universal warning about editing the Windows registry:
"The Registry Editor is a powerful tool and, if it’s misused, it can render your system unstable or even inoperable."
and three more:
1. How to backup your registry: https://www.howtogeek.com/197785/how-to-backup-and-restore-the-windows-registry/
2. How to backup your computer: https://www.howtogeek.com/242428/whats-the-best-way-to-back-up-my-computer/
3. How to create a system restore point: https://www.howtogeek.com/237230/how-to-enable-system-restore-and-repair-system-problems-on-windows-10/
If you're afraid to do this by yourself, Brady Gavin has supplied two registry hack scripts to do all that editing...
"If you’d rather not edit the registry yourself, you can download our Add Move to/Copy to registry hack. Just open the ZIP file, double-click either “AddMoveTo.reg” or “AddCopyTo.reg,” and then click “Yes” to add the information to your registry." - Brady Gavin
However, do your backups and create a restore point before using the scripts (REG files).
And, have a great weekend!
More than 200 tweaks in more than 10 sections
Sunday, February 2, 2020 by DrJBHL | Discussion: Personal Computing
Razvan Serea wrote a good review of Windows Ultimate Tweaker 4.7
over at Neowin, including the change log. There are more than two hundred new tweaks, and most pertinently new ones in the privacy and security sections...nice for the folks who are new to W10 from W7 and who are (rightfully) concerned about the former.
The full list of the tweaks are here: https://www.thewindowsclub.com/list-of-tweaks-available-in-uwt4 .
Here's a screenie showing privacy tweaks. The red arrow simulates my cursor. Note the explanation the app shows for "Disable telemetry".
As with any app, and especially one like this one, I'd advise creating a restore point before tweaking away. It's very convenient the app reminds you to do so, as well.
It's a great app...one many of us had and probably forgotten all about, and well worth downloading, here: https://www.thewindowsclub.com/your-download-of-uwt4-will-start-in-5-seconds and as the link mentions, download commences 5 seconds after landing there.
It is freeware, without ads or other software with it.
Wednesday, January 29, 2020 by Tatiora | Discussion: Personal Computing
Earlier this month at CES, AMD declared that 2020 was the year for “gamers and creators.” Chief Executive Officer Dr. Lisa Su took to the stage during a press conference and announced that AMD’s 3rd generation processors for laptops have officially arrived.
According to Dr. Su, the new Ryzen 4000 series of chips based on the company’s 7nm Zen 2 architecture are the “best laptop processor(s) ever built.” By incorporating the right technology elements, AMD will fit tremendous amounts of power within a laptop form factor. These chips are AMD’s first laptop chips to make the move to Zen 2; the Ryzen 3000 series has already brought the tech to desktops, but laptops have been using an older process.
The new processor, which can fit into ultra-thin laptops, contains 8 cores and 16 threads. The new CPUs will come in both 15-watt “U-class” ultra-low power versions (for thin and light laptops), and “H-class” 45-watt laptops (for gaming and content creation). AMD promises desktop-class performance on laptop hardware with the top of the line U-series chip (Ryzen 7 4800U), which offers an 8 core, 16-thread design.
In addition to the new Ryzen 4000 series, Dr. Su also announced the AMD Ryzen Threadripper 3990X Processor during her CES presentation. The performance comparison graphic covered three screens and showed nearly 5x the power of leading competitors’ products. During an interview on AMD’s “The Bring Up,” Dr. Su discussed the process behind developing the Threadripper.
“When you think about what you can do with computing -- I mean, if you think just a few years ago, 16 cores seemed like more than you ever needed, but then we did Threadripper and we went up to 34 cores,” Su said. “And we said with third gen, ‘why not? Why not go up to 64 cores,’ and it’s not just about technology for technology’s sake. It’s really about how do we put technology into the hands of power users so that they can do new and important and creative things.”
According to AMD, the first Ryzen 4000 series laptops will arrive from Acer, Lenovo, HP, Asus, Dell, and other companies starting in the first quarter of 2020. The Threadripper 3990X will release on February 7, 2020.
AMD is a registered trademark of Advanced Micro Devices, Inc. in the U.S. and/or other countries. All rights reserved.
A new one on me, but there's a fix (not 100% foolproof) for it you should do.
Thursday, January 23, 2020 by DrJBHL | Discussion: Personal Computing
Jafo made the remark on a post of mine recently that he does no banking on his phone. There's an excellent reason not to. I'd heard it wasn't wise because of the vulnerability of phones, and public networks (man in the middle attacks), though not because of SIM swap fraud!
So, I have to admit, this one's a new one for me. SIM swap fraud. Turns out they’re easy pickings for hackers. So, what’s SIM swap fraud?
"SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data. They do this by using data that's often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession."
Once that's accomplished you're the victim of identity theft. Think about what's in your email, bank info, etc. So, they're in your phone and first thing, they change your emails' passwords, your social media passwords, if you have cryptocurrency passwords, they're now in the hacker's possession, as well as any codes sent to your phone as two factor identification, etc. Getting the picture?
"You can decrease your chances of someone gaining access to and taking over your phone number by adding a PIN code or password to your wireless account. T-Mobile, Verizon, Sprint and AT&T all offer the ability to add a PIN code.
Some companies, like Sprint, require you to set up a PIN code when you sign up for service. However, if you're unsure if you have a PIN code or need to set one up, here's what you need to do for each of the four major US carriers.
- Sprint customers: Log in to your account on Sprint.com then go to My Sprint > Profile and security > Security information and update the PIN or security questions then click Save.
- AT&T subscribers: Go to your account profile, sign in, and then click Sign-in info. Select your wireless account if you have multiple AT&T accounts, then go to Manage extra security under the Wireless passcode section. Make your changes, then enter your password when prompted to save.
- T-Mobile users: Set up a PIN or passcode the first time you sign in to your My T-Mobile account. Pick Text messages or Security question and follow the prompts.
- Verizon Wireless customers: Call *611 and ask for a Port Freeze on your account, and visit this webpage to learn more about enabling Enhanced Authentication on your account."
If you have service through a different carrier, call their customer service number to ask how you can protect your account.
Most likely, you'll be asked to create a PIN or passcode.
When creating a PIN or passcode, keep in mind that if someone has enough information to fake that they're actually you, using a birthday, anniversary, or address as the PIN code isn't going to cut it. Instead, create a unique passcode for your carrier and then store it in your."
Short of having empty accounts, how can you tell if you're a victim? A very quiet phone and the inability to make calls. That includes customer service at your carrier, but store the number in your phone to call from someone else's phone:
"Here are the customer service numbers for each major carrier. Put your carrier's number in your phone as a contact:
- Sprint: 1-888-211-4727
- AT&T: 1-800-331-0500
- T-Mobile: 1-800-937-8997
- Verizon: 1-800-922-0204"
Remember to get a good password manager (we'll talk about them in a subsequent post)...and, good luck!