Much in the media this week about an industry-wide problem with all devices using Intel processors — CPU chips, and perhaps those from other manufacturers as well. A security vulnerability: Meltdown and Spectre. It’s like Dorothy, the Tin Man and the Scarecrow walking through the dark forest in the 1939 classic The Wizard of OZ and chanting “Lions and tigers and bears, oh my!”
PC World’s been covering this situation with a bunch of articles. Here’re a few links:
Massive security vulnerabilities in modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. Since the issues—dubbed Meltdown and Spectre—exist in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against it. And worse, plugging the hole can negatively affect your PC’s performance.
Intel said the patches for the CPU vulnerability, due next week, would bring a negligible performance hit to the average user. Claiming that the patches can make PCs “immune” from the vulnerabilities is a first, though.
Intel may have dominated most of the news surrounding the kernel bug in processors, but it’s not just Windows and Macs that are at risk. In addition to Meltdown, there is also a “branch target injection” bug called Spectre that affects mobile ARM processors found in iOS and Android phones, tablets, and other devices that could also expose your data. Here’s everything we know about it so far.
We’ve been waiting to hear from Apple ever since we first heard about the far-reaching Meltdown and Spectre CPU flaws earlier this week, and the company has finally responded with some not-so-good news: All Mac and iOS devices are affected. That’s right, all of them. However, Apple ensures us there’s no reason to panic.
So, the bottom line is that this vulnerability is serious. Lots of manufacturers of the hardware and software that make your devices run are working on the fixes. Some patches already have been released. So, just be ready for the updates. It’ll take time for everything to settle down. The major concern is impact on performance. Ironically, the vulnerabilities were a result of long-standing techniques to improve performance. As PC World stated:
“We feel your pain. But security trumps performance, so we’d rather our PCs be a little slower than exposed to hackers.”
Update your operating system
Check for firmware updates
Update your browser
Keep your antivirus active
 That PC World article notes that:
Microsoft pushed out an emergency Windows patch [Windows 10 ‘1709’ edition KB4056892 patch] late in the day on January 3.
Apple quietly worked Meltdown protections into macOS High Sierra 10.13.2, which released in December. [Also iOS 11.2.]
Intel also released a detection tool that can help you determine whether you need a firmware update.
The Google researchers who discovered the CPU flaws say that traditional antivirus wouldn’t be able to detect a Meltdown or Spectre attack. But attackers need to be able to inject and run malicious code on your PC to take advantage of the exploits. Keeping security software installed and vigilant helps keep hackers and malware off your computer.
Gibson Research recently released InSpectre, a wonderfully named, dead simple tool that detects if your PC is vulnerable to Meltdown and Spectre.
InSpectre is a small 122 KB program that doesn’t need a formal install and scans your computer for Meltdown and Spectre susceptibility in mere milliseconds. When it’s done, the program pops up with clear, easy-to-read information about the security status of your system.
This is the sort of software Microsoft or Intel should have released to help clarify the murky, convoluted patching situation around this devastating duo of CPU exploits.
Personally, I’ll wait for these tools to evolve further.
[Wiki] The Rose Parade, also known as the Tournament of Roses Parade, is part of “America’s New Year Celebration” held in Pasadena, California each year on New Year’s Day (or on Monday, January 2 if New Year’s Day falls on a Sunday). The parade includes flower-covered floats, marching bands, and equestrian units and is followed by the Rose Bowl college football game. It is produced by the nonprofit Pasadena Tournament of Roses Association.
Originally started on January 1, 1890, the Rose Parade is watched in person by hundreds of thousands of spectators on the parade route, and is broadcast on multiple television networks in the United States. It is seen by millions more on television worldwide in more than 100 international territories and countries.
When I ask some of my clients how they get to their email, a typical response is “AOL” or “hotmail” or “Google.” Or they might say “firstname.lastname@example.org” or “email@example.com.” Well, that’s not what I’m trying to understand.
Knowing their preferred service company or email address is a start, but I’m more interested in whether they get to their messages on a desktop or notebook computer or on a smartphone or tablet (or all of those devices). And if on a desktop or notebook computer, whether they use a special purpose program (like Microsoft’s Outlook, Apple’s Mail, Mozilla’s Thunderbird) or a general purpose program — a Web Browser like Microsoft’s Edge, Google’s Chrome, Apple’s Safari, Mozilla’s Firefox, etc.
There are pros and cons to each option. When a Web Browser is used to access your email on a service provider’s Web site, this method is called Webmail. One advantage to this is that you visit other sites (web pages) using your browser and so webmail is just visiting a special type of site. And you can do this anytime and anywhere you have a device with an Internet connection and a browser. No special programs need to be installed and configured. You do not even need to use your own computer.
Webmail can be tedious, however, when you have many email addresses (and accounts with several email service providers) — going to separate sites to check each one.
A special purpose email program, however, can typically manage multiple accounts and Inboxes, which makes checking those accounts more convenient. A special purpose program also may in general be easier to use (a friendlier graphical user interface). That’s why many pepople still use the AOL Desktop program.
On smartphones you’ll generally want to use a special purpose app, like Apple’s Mail or Google’s Gmail app.
Here’s a drawing intended to clarify these email options (link to pdf version below).
We’ll explain why Windows 10’s Fall Creators Update is worth your time in our review. Here’s what’s different this time around: There’s new hardware, too.
PC World today shared the news that Microsoft is rolling out the Windows 10 Fall Creators Update: “Windows 10 Fall Creators Update review: This could be Microsoft’s biggest Windows yet.” As in past Updates (which install like entire new editions of Windows 10, as large downloads with extended install times), there’s a way for early adopters to grab the Update now, while most of us will get it over time like other monthly Windows updates.
Update: The Windows 10 Fall Creators Update is now available, and can be manually downloaded/upgraded via the Windows 10 Upgrade Assistant. Otherwise, Microsoft will automatically push the FCU to all PCs in a series of waves that should last for a few weeks.
Microsoft’s Windows 10 Fall Creators Update is what every sequel shoots for: bigger, better, more ambitious than the original. As it rolls out in phases starting Tuesday (see Microsoft’s blog post for details), our review focuses on Windows’ big, risky bet on mixed reality, plus smarter investments in the pen, creative 3D apps, Edge, and even speech. A ton of practical, everyday additions won us over, including OneDrive placeholders and much longer battery life while watching movies.
See the full article for what’s new and what’s changed.
Microsoft’s Story Remix was expected to be one of the highlights of the Windows 10 Fall Creators Update, and it lives up to that promise, combining the existing, excellent Photos app with a video and slideshow editor that adds transitions, music, and even fantastic 3D animations.
It’s worth noting, though, that Story Remix and Photos exist (for now) within a sort of odd, yin-yang duality where both apps co-exist. If you choose to open or edit a file within Photos via File Explorer, Windows will open the “traditional” Photos interface. But if you simply launch the Photos app, the Story Remix interface will open. Interestingly, there also seems to be no way to transition between the two interfaces within the app itself.
“Fortify your PC against all manner of attacks—for free!”
This PC World article “How to build the best free PC security software suite” (October 16, 2017) is one of the best digests of the topic that I’ve encountered. The article offers a ready summary of what you need to cover various security risks on your PC. For those not wanting to purchase an annual computer security subscription (with auto renew, eh) — but not go potluck — and willing to blend together a solution, the recommendations agree with my research and experience.
Antivirus software is the key component of any security suite, and for good reason—it’s going to be your primary defense against malware. Windows offers its own built-in anti-virus program called Windows Defender for Windows 8.1 and up—Windows 7 users can download and install Security Essentials. Windows’ solution offers fairly good basic security, but most third-party testing firms find that it falls short of third-party security suites. The upshot is: If you’re a security-aware user who’s willing to occasionally run a scan with Malwarebytes (see below) then Defender may be enough.
Avira Antivirus Free Edition and Bitdefender Antivirus Free Edition are two free products worth your attention. According to recent benchmarks published by the German antivirus testing firm AV-Test, paid products for both Avira and Bitdefender won top marks on all three of the firm’s major testing categories including protection, performance, and usability; both did a perfect or near-perfect job at stopping malware and other threats. Avira did score one false positive from AV-Test when it identified legitimate software as malware during a system scan.
And, as for any free PC app, there’s a caution:
… free products can include browser toolbars, extensions, or other desktop programs that you might not want. Freebies can also have ads that help their makers pay the bills. Be mindful while you’re installing free programs to avoid also installing bloatware you don’t want, which is often flagged for installation by default.
Read the full article for recommendations to safeguard your PC in other ways.
I’ve talked with at least one iPhone enthusiast who’s going to get Apple’s new iPhone X — and willing to wait until it ships. It’ll be interesting to get his reaction to the new Face ID feature. In the mean time, this CNET article “10 things we learned about Face ID on the iPhone X” is a useful summary of face-scanning.
Curious about using your face to unlock your phone? Apprehensive about Face ID and Apple Pay? Apple published an extensive guide on Face ID in advance of the upcoming iPhone X. You can read it all yourself. Also, check out our in-depth look at the security aspects of Face ID and general overview of the tech.
This isn’t the first time Apple’s mentioned some of these features, but it all feels much more official now. Here are the ones that stood out …
Yes, you’ll still need to use a regular passcode at times. Note the additional citations in the article for more information.
You’re paranoid about security. Some say that the update is essential in order to get a complete set of security fixes, but it’s not like Apple is going to keep Sierra unpatched. Enterprises are running even older versions and they’ll continue to be patched. But if you think the potential security advantages outweigh the possibility of running into application issues, then update.
Your system has an SSD, not a Fusion Drive or HDD.
You’ve updated your iPhone or iPad to iOS 11 and shoot photos and videos with the new file formats.
You’re a big Photos user.
You have a complicated family to manage with iCloud.
You’ve been screaming for the specific capabilities added in those particular applications.”
Best practice usually is to wait awhile — a week to a month — before upgrading. If your Mac is not running Sierra (10.12) and is compatible, then upgrading definitely makes sense. If you decide to upgrade, first backup your Mac’s internal hard drive (or at least all your personal files); and do so when you don’t need to use your computer for a few hours.
This CNET YouTube video (below) reviews the changes.
App Store > Featured > Info macOS High Sierra Size: 4.80 GB
New technologies at the heart of the system make your Mac more reliable, capable, and responsive — and lay the foundation for future innovations. macOS High Sierra also refines the features and apps you use every day. It’s macOS at its highest level yet.
Easily organize, edit and view your photos in Photos.
Make short videos from your Live Photos using new Loop and Bounce effects.
Easily locate and organize your content with the new sidebar.
Conveniently access all of your editing tools in the redesigned Edit View.
Fine-tune color and contrast in your photos with new Curves and Selective Color tools.
Access third-party apps directly from Photos and save the edited images back to your Photos library.
Rediscover images from your library with new Memories themes including pets, weddings, outdoor activities, and more.
Create printed photo products and more using new third-party project extensions.
Improve your browsing experience with Safari.
Stop web video with audio from playing automatically.
Prevent websites and ad networks from tracking your browsing with Intelligent Tracking Prevention.
Customize your browsing experience with new per-site settings for Reader, page zoom, content blockers, and more.
Enjoy refinements in Mail.
Instantly find the messages most relevant to your search using Top Hits.
Use Split View when composing new email in full screen.
Save space on your Mac with compressed messages.
Look up flight information in Spotlight.
Check the status of a flight by typing the airline and flight number in the Spotlight search field.
Collect your thoughts with Notes.
Organize your information using configurable tables.
Pin your favorite notes so they’re always at the top of the list.
Capture a moment in FaceTime.
Take a Live Photo during a video call to any supported Mac, iPhone, or iPad.
Get music suggestions from a more natural-sounding Siri.
Hear more variations in intonation, emphasis, and tempo when Siri responds to you.
Enjoy personalized music recommendations from Siri when you listen to Apple Music.
Copy and paste files from one Mac to another with Universal Clipboard.
Copy and paste files between your Macs using standard copy and paste commands.
Safely store your family data in iCloud.
Share a single iCloud storage plan with your family and keep everyone’s data backed up and safely stored.
Set up your family with a few clicks and add capabilities when needed.
Work together with iCloud Drive.
Share and work on any file in iCloud Drive with other people so it is always be up to date with the latest edits.
Upgrade the performance, reliability, and security of your Mac with the new Apple File System.
Update to a new file system architecture designed for all-flash Macs.
Experience greater responsiveness when performing common tasks like duplicating a file and finding the size of a folder.
Enjoy faster and more reliable backups.
Protect your entire drive with built-in native encryption for greater security.
Step up to the new standard for 4K video: HEVC.
Create and watch high-resolution video with High Efficiency Video Coding (HEVC), which uses up to 40 percent less space without sacrificing quality.
Enjoy next-generation graphics and computation with Metal 2.
Get the most out of the graphics capabilities of your Mac with the new and improved version of Metal.
Discover immersive tools for content creation with support for virtual reality.
Build state-of-the-art apps with features that accelerate common machine learning functions.
Some features may not be available in all regions or all languages. Some features require an iCloud storage plan. Some features have hardware requirements. Apple File System requires all-flash internal storage.
Well, you did it. You pulled the trigger on a shiny new iPhone 8 or 8 Plus. Nice! Before you head out to take a squillion photos or plop it down on your new wireless charging pad, there are a few housekeeping details you should tend to first.
Backup and restore
Finish the setup
Set up Touch ID and Apple Pay
Choose the Home button’s feel
Update your apps
(Pair your Apple Watch)
Try the new camera
Edit a Live Photo
Customize your Control Center
Charge it up
(Call your mom)
And this CNET video “Favorite features in iOS 11 in 60 seconds (Tech Minute)” (below) highlights new features in iOS, if you got a new iPhone 8 or upgraded your older iPhone or iPad.
If you’re an iPad user, download iOS 11 immediately. It’s a huge update that makes major improvements to the two-year-old multitasking features, and drag-and-drop and Files have the potential to transform iPad productivity.
If you’re an iPhone user—well, who are we kidding, you’re almost certainly going to upgrade to iOS 11, too. And you’ll be right to do so. This is a great collection of new features, Apple’s best iOS upgrade in years. The new, customizable Control Center is a winner. Do Not Disturb While Driving will make the roads safer. And ARKit threatens to kick off a revolution in augmented-reality applications. This is all great stuff.
Privacy concerns have plagued Windows 10 since its launch. It’s no surprise: The operating system is designed to ensnare you in Microsoft’s services, and you can’t stop it from sending Microsoft basic telemetry data about your device. But Microsoft has been working hard to assuage the concerns, and on Wednesday it announced enhanced privacy settings coming in October’sWindows 10 Fall Creators Update.
While such disclosure by Microsoft may well be a step forward, any new privacy agreement is hardly something that “mere mortals” will likely parse and ponder. But any settings that can limit data collection or the degree of such collection might be worth the effort and time investigating.
How companies collect, store, and share personal information via the purchase and use of their products and services is concerning. Even when such items are “free.”
In previous posts, I’ve noted PC World’s summaries of test results by the independent computer security test organization AV-Comparatives.
All four passing software packages got through the false alarm test without making a mistake. Bitdefender won the top spot for detecting actual phishing sites with a detection rate of 96 percent. Coming up right behind Bitdefender was Fortinet with a 95 percent detection rate followed by Kaspersky and Avast with 93 and 92 percent detection rates, respectively.
Some of my clients use free anti-virus (AV) programs. Pros and cons.
Should I go free or paid for antivirus? But there isn’t a good answer to that question. It really comes down to what you’re willing to put up with. If you just need basic protection then most free antivirus suites are probably fine.
Adobe Flash has a checkered history. Although in use for decades, many of my clients do not understand what Flash does. “There’s a message that Adobe Flash is not installed — should I install it? The web page is requesting that I enable Flash — is that okay? There’s a message that Flash is out-of-date — do I need to do something?”
So, when the occasion arises, I say that unless there’s some really compelling reason to use Flash, the best practice is not to. I mention the long-running security issues, and that it’s being phased out. But there’s still the question: what is Flash?
Adobe Flash, one of the most controversial elements of the web, will be phased out by 2020, Adobe said Tuesday. Browser makers, including Microsoft and Google, simultaneously announced plans for a gradual phaseout over the next few years.
Specifically, Adobe Flash Player will be end-of-lifed by 2020, the company said, meaning that it simply won’t work.
In a blog post, Microsoft laid out its timeline for phasing out Flash support from Edge:
Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user’s preference on subsequent visits. Internet Explorer will continue to allow Flash with no special permissions required during this time.
In mid to late 2018, Microsoft will update Microsoft Edge to require permission for Flash to be run each session. Internet Explorer will continue to allow Flash for all sites in 2018.
In mid to late 2019, Microsoft will disable Flash by default in both Microsoft Edge and Internet Explorer. Users will be able to re-enable Flash in both browsers. When re-enabled, Microsoft Edge will continue to require approval for Flash on a site-by-site basis.
By the end of 2020, Microsoft will remove the ability to run Adobe Flash in Microsoft Edge and Internet Explorer across all supported versions of Microsoft Windows. Users will no longer have any ability to enable or run Flash.
Some major web sites still use Flash for viewing video. Even some high-speed Internet service providers’ (broadband) speed test pages still require Flash be enabled. Anyway, all that will change, eh.
… some of iOS’s most useful features are, in fact, the oldest ones. They’re easily overlooked, particularly by new iPhone and iPad users.
Read on for 10 basic iOS features that every iPhone owner should know, like how to take a screenshot, the ability to long-press your way to draft Mail messages, a physical button that doubles as the Camera app’s shutter release, and more.
ComputerComments Off on Windows 10 Fall Creators Update — notable features
Have you installed the Windows 10 Creators Update on your PC yet? In my lab, I’ve installed the Creators Update on a variety of Windows 10 PCs, from cheap or midrange to powerful quad core models and from 7 year old to 2016 models.
… Microsoft just revealed a service pack’s worth of additions as part of Windows 10 Build 16215: dictation, predictive typing, a “Find My Pen” mode, full-screen Microsoft Edge, and tons more.
Essentially, Microsoft appears to be bringing some of what’s best about Windows 10 Mobile (which received a few bug fixes) to the Windows 10 desktop, improving the way in which Windows uses pens and camera input, and adding literally dozens of small refinements across the board, including elements of Microsoft’s new Acrylic UI.
Why this matters: Build 16215 points toward a Fall Creators Update that will bring a lot of welcome improvements and flesh out features that have remained minimal so far. Microsoft’s blog post lists dozens of changes, so we’ve picked 11 especially cool features you definitely need to know about.
Read the full article for the highlights of the latest release.
Microsoft unveiled the uninspiringly named Windows 10 Fall Creators Update during Build 2017, and it will most likely hit Windows 10 PCs (including Windows 10 S devices) this September. Here’s a look at the most noteworthy new goodies you’ll find in the next massive Windows 10 iteration, including a potentially wonderful new feature just revealed by Windows 10 Insider Preview Build 16232.
ComputerComments Off on Ransomware protection — tips
Ransomware has been much in the news since the WannaCry attack on May 12, 2017.
The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The attack started on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
Best practices to guard against such attacks apply to both personal and business computers. In particular, that you keep the Microsoft Windows operating system up-to-date (Windows Update). Also, as mentioned previously, many of these attacks start with hacking your “head” rather than your hardware — your PC — via targeted phishing email messages.
The Federal Trade Commission, along with federal, state and international law enforcement agencies, said on Friday they caught several scam artists who bilked money out of victims through a tech support scheme.
The scam worked like this: An advertisement designed to look like a security alert would pop up on your computer [while browsing the Internet] to warn of a virus or malware, directing the user to call a toll-free number. Some of the messages even included a countdown clock.
Once the person called the number, they were connected to telemarketers claiming to work with well-known companies like Apple or Microsoft. These telemarketers would ask for remote access to the computer and discover a large number of problems (that weren’t really there). They would ultimately charge the user hundreds of dollars for unnecessary repairs.
The article contains an image of the window that appears in your browser. One client believed the screen, panicked, called the number, and let the scammers take remote control of her PC (to show all the supposed problems); then realized the scam when an odd form of payment was demanded (iTunes gift cards). Another client called the number and realized the scam after a brief Q&A about who they were. Another client was about to call the number but called me first. Just another telemarketing scam — whether on the phone or computer screen.
I’ve written about this before: whether it’s at your front door or on your phone or on your computer, scammers use the same tricks. In this case, spoofing their identity. Southern California Edison send out this email notice last week.
Subject: Important message from SCE: Beware of caller ID spoofing
That ‘Southern California Edison’ phone call may not be legitimate.
For your security, never give out your personal information, such as your SCE account number, Social Security number, credit card information or PIN number.
We have recently experienced an increase in reports of caller ID spoofing, a practice in which special phone equipment falsifies information on your caller ID display. Calls may appear to be from SCE, when in reality the caller has no association with SCE and may try to sell you products, collect personal information or say your electric bill is past due when it’s not.
Common red flag warnings related to spoofed phone calls:
Calls were made multiple times per day
Callers asked about customer’s usage, meter or other personal information
Customers were provided recommendations for purchasing alternative energy products
Tips to help protect yourself from caller ID spoofing scammers:
SCE will not send solar representatives to your home, nor do we have solar companies contact anyone by phone.
SCE will never ask for credit card information, a prepaid card such as Green Dot or electric usage information over the phone.
Do not use a call back number provided until you confirm it is an SCE number listed on your bill or the Contact Us page on sce.com.
Please know that we take your privacy seriously and make every effort to protect your information. For additional red flag warnings and tips to protect yourself, please visit sce.com/scamalert.
If you believe you are the recipient of a spoofing call, contact SCE Information Governance at firstname.lastname@example.org.
Vice President of Customer Programs & Services
Southern California Edison
We all need to be careful. The fact that these scams continue to occur is a sign that they work. Caller ID is not perfect but still can be useful.