What should you do about “HeartBleed?”

The following was originally posted on the Shoreline Area News, March 13, 2014 as part of the Tech Talk series

Last Monday, news broke about a key vulnerability in the primary encryption method used to ensure the security of the web sites we use. If your eyes just glazed over during that last sentence, it’s time to put a pot of coffee and see why this is a potential threat for you…and what you can do about.

The Story and the Danger
If you do Internet shopping, banking, and web-based email, you have made use of a “https” connection. This connection, also known as a SSL/TLS (Secure Socket Layer/Transport Layer Security) connection is designed to insure the privacy and security of your interaction.

The key provider of SSL/TLS is OpenSSL, an open-source project. As a majority of web servers, routers, and other network connection make use of OpenSSL, potential for stolen passwords and other critical data is high, especially since software designed to exploit this vulnerability has also been discovered.

While the vulnerability is limited to a couple of recent versions of OpenSSL, the pervasiveness of the protocol improves the chance your information can be stolen and used.

How does this affect me?
Unlike the hacks at Target and other companies, this is not a localized threat. Using encrypted connections is at the heart of our Internet commerce and communication. Since we all use credit cards, communicate with banks, and share passwords and other personal data over SSL/TSL connections, that data could have been at risk.

The challenge in this case is that unless you encounter signs of theft (card card use, account hacking, identity theft), there is no way to determine whether your data has been compromised. In security blogger Brian Kreb’s story on this topic, he quoted Jonathan Sander of Stealthbits Technologies as saying, “Heartbleed is like finding a faulty car part used in nearly every make and model, but you can’t recall the Internet and all the data you put out on it.”

This sounds awful scary…
Yes, it does, largely because of the uncertainties involved. There have been a lot of people who manage web sites working very hard to correct this problem. Sites like Tumbler, Facebook, Instagram, Pinterest, Dropbox, Intuit (Turbotax, Quicken) and Google announced their sites are now patched to prevent future incursions. The Canada Revenue agency shutdown its taxpayer sites until servers could be patched or features with the vulnerability are disabled.

Other sites that have NOT be affected according to company statements include Twitter, Microsoft services, Paypal, Amazon, AOL, and LinkedIn. Most major US banks and brokerages, according to Mashable.com are also safe from Heartbleed attacks, as a number of regular retailers, including Target.

…but is getting better.
Over the last week, web sites that have been affected have been fixing Heartbleed so they are no longer vulnerable. A scan of the top 10,000 web sites on April 8th, one day after the public announcement showed 630 still vulnerable to attack. A follow up scan on April10th showed this number at 137. By the 11th, this was down to 104 sites. This is a service set up by Filippo Valsorda, an Italian security expert.

So, one part of this problem, current vulnerability, is being addressed, by most web site owners. That window of vulnerability is closing.

However, the danger isn’t over until you take some actions. After all, this bug was in place for two years and there is a chance that your passwords and other personal information have already been taken for use or sale. You now need to reduce your own vulnerability.

What should I be doing?
Be prepared to change passwords on the affected web sites…once you know that the site has been able to correct the problem. It’s important to confirm that the site is now safe before changing passwords.

Key questions to answer:

Determine if the web site is affected by the vulnerability There are a few ways to figure this out if the web site that concerns you was not listed above.

Look for a notice on your website regarding OpenSSL or Heartbleed. Search for news accounts of your site and press releases it might have made. Many sites have sent emails over the last few days advising their customers about the site’s vulnerability or need to change passwords. Check your Spam or Junk Mail folder in case the message was diverted there.
Besides Mashable’s list, you can look on this comparison list Filippo Valsorda built using his lists of the top ten thousand web sites to see if your web site was listed as vulnerable. Filippo has listed site that were vulnerable earlier in the week and whether they are is still vulnerable.

Lastly Filippo has a test site at http://filippo.io/Heartbleed/. If your site passes, it is either because the vulnerability has been fixed or it wasn’t affected at all.

Change passwords on any sites that you believe had the vulnerability once the bug has been eliminated. The point of changing passwords is to eliminate further access to information using passwords acquired prior to the bug being fixed.

Keep an eye on your credit and accounts. Since we don’t know who, if anyone , might be affected during the two years this vulnerability was open, it’s a good idea to watch your credit card purchases and account information a little closer. If unusual activity occurs, report it promptly to the institution or site account manager

Why this bug is called Heartbleed
The bug is based in an extension of OpenSSL called HeartBeat. HeartBeat. that keeps the secure connection active, even when no data is being transmitted. Heartbleed allows someone to eavesdrop on communications and even impersonate services and users.

If you are interested is in how something like Heartbleed works, this comic rendition by Randall Munroe of xkcd.com does a great job of explaining it.

How bad is this, really?

From the Internet perspective, this is pretty bad and a lot people have been scrambling about to fix things. From your perspective, it could be bad if you haven’t changed passwords on vulnerable site once they are fixed.

In the long term, this is probably just a glitch from which we all will recover. In the meantime, taking the proper precautions will help it stay as a glitch for you.

The 27.69 percent-ers: Surviving with Windows XP?

The following was originally posted on the Shoreline Area News, March 6, 2014 as part of the Tech Talk series

Last week, I shared a graphic on the current market share for desktop operating system.  Unfortunately, while the data I fed was accurate, the percentages listed on the chart were not accurate.  My apologies.

This discrepancy did not affect the versions of Mac OS X more than a percentage point (the subject of my posting), but it did skew the percentages of Windows versions.  Windows XP was listed at 24% and should have been 29 and a half percent.  Windows 7 should have been over 47% but ended up at 39%.  For the chart below, I updated last week’s worldwide usage chart to show March’s figures and the date of each OS release.

Errors or not, these figures do show there are still a lot of Windows XP users out there and Microsoft is ending support for the operating system in just a few days. It’s almost as if most of the townspeople of Windows XP has been evacuated to safer ground and nearly 3 out of ten folks have decided to stay in town..

Sticking It Out with Windows XP

(Illustration by Tony Auth)

There are a lot of reasons why people stay in their homes in the face of potential dangerA 2009 study in the journal Psychological Science of those who stayed in the Hurricane Katrina’s danger zone showed many of them felt they didn’t have a choice, either because of money, community roots, and other local considerations. While a Windows upgrade is not in the same league as Hurricane Katrina, many of the same motives keep people from upgrading:

Cost – While computer built in the last five years do well upgrading to Windows 7 or 8/8.1, computer sold in the first eight years are probably lacking in processor capability (single core), memory (one GB or less) or are simply too worn out to do an upgrade. That means buying a new computer. Though you can get a new and more advanced desktop system for same price the old one cost, it’s still an expense above and beyond others.


Dedicated Equipment – Some XP owners hang on to the OS because it is necessary to run older equipment that isn’t supported under a new OS. I have seen this in film recorders, plotters, or old printers. The reason is that the manufacturers of these devices either no longer exist to provide device drivers or they have chosen not do so. While Windows provides numerous ways through its Compatibility Mode or virtual machines to simulate a Windows XP environment for old software, a lack of available drivers can prevent an upgrade.

Fear and Uncertainty – The consequence of having an operating system around for 13 years is that people become unaccustomed to change in the face of all the other changes around them. For many consumers, Windows XP was the first operating system on their first computer. In that scenario, leap-frogging from XP over four versions to a different looking Windows 8.1 is terrifying. For businesses who spent thousands of dollars on the creation of internal business application around Internet Explorer 6 (Windows XP’s default web browser), the uncertainty and cost around retooling keeps the OS in business.

On April 8th, those folks staying in town with Windows XP will be tested along with users of Microsoft Office 2003 when Microsoft officially stops supporting these products. What can they do?

I talked a bit about this in February and have a few more insights today that might help the 27.69 percent-ers buy some additional time or at least put some plywood up for additional protection.


Things that will still work

  1. Windows XP will still be installable and automatically activated on a system
  2. Windows Update will still work and allow you to download currently available updates for Windows XP
  3. People who have Microsoft Security Essentials installed will still get anti-malware signature updates through July of next year.
  4. The Malicious Software Removal Tool will still download via Windows Update through July of next year.


Things that will no longer be available

  1. New Windows XP Security or software updates after April 8th
  2. Downloads of the Microsoft Security Essentials program itself.

Things that might help

While upgrading to a new version of Windows and purchasing a new system are still the best options, there are still individual things that can be done to reduce risk. While has been speculation about zero day exploits happening after April 8th.

  • Don’t access the Internet. Either unplug your network cable or turn off your computer’s wireless connection. If you must be online, don’t stay online more than necessary. Internet Explorer versions 6,7, and 8 for Windows XP will not be updated. You should download Google Chrome, Mozilla Firefox or Opera as they will at least be providing browser support on Windows XP for the next year.
  • Avoid using the system for email. Email is a common entry point for phishing attacks. While some people argue that web-based email is safer, systems still get infected my clicking on content in webmail.
  • Remove Java, if installed. Java has traditionally been an entry point for malware on Windows.
  • Keep programs like Adobe Flash and Microsoft Office up-to-date so they don’t become an entry point as well.
  • Avoid using removable drives. USB-base hard drives or flash drives are another common entry point for malware.

If this appears to be onerous or too-restrictive, you probably should look again at upgrading or a new computer purchase. It takes more work to stay safe in a tough neighborhood and the town of Windows XP is now in a real-tough neighborhood.

The Mythology of Macs and Malware

The following was originally posted on the Shoreline Area News, March 30, 2014 as part of the Tech Talk series

At Sunday’s Computer Q&A at the Commons, one of the participants shared her experience at a local Apple store while buying a new Mac. Multiple employees assured her that she didn’t need any anti-virus software. I was shocked that they told her the only reason they needed malware protection was if the system would also be booting Windows.

Yes, Macs can “dual-boot” between Apple’s OS X and Microsoft Windows if set up to do so. If you do that you should definitely add an anti-virus to your Windows installation if one is not already available.

However minimizing the risk of malware inflection on OS X itself is a kind of response I would have expected a few years ago, not in a contemporary Apple Store.

My Virus Roots
Ironically, the first virus I ever personally encountered was a Mac virus called WDEF in 1990. I was managing tech support for a small company making both Mac and PC software. Like most viruses of that period, WDEF’s primary goal was to simply keep replicating itself, hitching a ride on any available floppy disk to go to from Mac to Mac.

While WDEF did cause some specific Mac II models to crash, that was due more to bugs in the virus than any malicious intent. WDEF first made its appearance in 1989 amongst colleges and universities. It was accidentally shared through some disk-based computer magazines and some commercial software, including a version of Microsoft Excel for the Mac, released in 1990.

It made its way to our door through Grammatik, one of the first grammar-checking programs available for either the PC or the Mac. It was also easy to remove, thanks to one of the first commercial anti-virus programs available, Symantec AntiVirus for the Macintosh or SAM as it was more commonly known. This was about the time that Peter Norton’s company merged with Symantec but a good five years before Norton launched Norton Anti-Virus for Windows 95.

So Why Do People Think Macs are Immune to Viruses?
For people aware of the Mac’s viral past, they say that OS X’s multiuser functionality, improved component isolation and better security eliminated most technical concerns about viruses. Of course, that was the same argument used about the same time for Windows XP over earlier versions of Windows. While both OS X, Windows, and malware have continued to evolve, these opinions also continue to be shared as fact:

“OS X has fewer flaws than Windows”
A flaw is a general term, but if we narrow the definition to a vulnerability that can be exploited by malware, there are some good reasons why people might think this. Because of business customer needs, Microsoft has created a predictable and quite public monthly update time knows as Patch Tuesday to provide updates and security patches. This and regular press coverage of these security updates can give the impression of Windows as an extraordinarily flawed system.

Apple’s update and security patches are less predictable or publicized. Apple’s only security update this year was at the end of February. It lists 19 security fixes and one additional update for its Safari web browsers version to fix in recent versions of OS X. Microsoft’s total security updates this year for all Windows versions and Internet Explorer was two for January, seven in February, and four released in March, a total of 13.

“OS X does not get viruses like Windows does”
Yes, OS X does not have the same technical “attack vectors” (as security experts call them) that Windows has. However, there are many similarities in how malware can infect Mac and Windows systems.

Third-party components like Oracle’s Java or Adobe Flash have been a popular vehicle for Mac malware. Mac are the only OS with this problem. Most of Windows 8.1 security updates have been to fix problems with Flash.

Social engineering is a prime cause of inflection on both the Windows and Mac systems. Anti-virus software not only monitors system vulnerabilities but protects users who may be deceived into installing something unknowingly harmful. Some people have argued that adding an anti-virus to a Mac will lead to a false sense of security. Telling people that Macs don’t get viruses could have the same result without any protection.

“OS X is a less attractive a target as Windows because of its small user base”
It is true that OS X Mac users make up only about 7.5 to 15 percent of the computer market, depending on who is counting (examples, NetMarketShare, StatCounter). While Windows has a bigger bull’s eye for malware developers and distributers to hit, it doesn’t mean that Mac users are more secure.

Some Apple employees discovered that first hand in February 2013 when their systems were inflected through flaws in a third-party plug-in. As security expert Charlie Miller said at the time, “The only thing that was making [a Mac system] safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it.”

Last year at their Worldwide Developers Conference, Apple announced its Mac install base had grown to 72 million machines. Though still a low percentage of system overall, if a majority of that installed base is not using anti-virus protection, it sounds like fertile ground for an attack.

So what can you do to protect your Mac?

Start with a greater awareness of how your system can be attacked from a technical and social standpoint.

  • Update OS X promptly. Any system vulnerabilities for which Apple has released fixes need to patched as soon as possible. Otherwise Apple’s security update notices simply become a menu for how the bad guys can attack your system. If you are still running an earlier version of OS X, consider upgrading to Maverick as it will protect you better than previous OS version.
  • Update or Eliminate third-party apps and plug-ins. Old versions of Java and Flash provide plenty of opportunities for malware infection. If you need them for programs you run or websites you visit, update them. If you don’t, remove them.In addition, unpatched applications like Microsoft Word 2008 can be susceptible to “boobytrapped” documents. Documents of this type were circulated amid allegations of abuse in Tibet, Syria and East Turkestan in the last year.
  • Be mindful of what you install or consent to. With human factors a major input point for Mac malware, you need to be smart about your actions.Think twice about opening email attachments, especially if the sender is unknown to you or is something a known sender would not normally do.
  • Know what you are actually clicking on in an email message or unusual web link.
  • Avoid peer-to-peer networking connections like “torrents” as they can often contain malware.
  • Add an anti-virus monitor. As in Windows installations, these are free tools like Sophos’ Antivirus for Mac  or avast! Free Antivirus or paid versions like ESET Cyber Security or Kaspersky Internet Security. An added benefit of many of these tools is the ability to detect Windows –based malware and avoid passing them on to others.

Those of you who have heard me speak before on security know this is the same advice I share with Windows PC users. Since Windows and Mac users live in the same world, it makes sense to take the same precautions.

Even if statistically, Mac users are less likely to be infected, the distinction fades pretty quickly the moment you become that statistic. Protect yourself from that moment.

It’s a Mystery!

The following was originally posted on the Shoreline Area News, March 23, 2014 as part of the Tech Talk series

Brian! Glad I was able to reach you. I have a Mystery.”

“Hi, Dad. What’s the problem?”

“I was typing a letter and, suddenly everything disappeared!”

“Okay, I assume you were typing in Word then, right?”

“That’s right!”

“What were you typing when everything disappeared?”

“It was name of a airport. I am traveling again.”

“Let me guess…you were actually typing the word “Airport” at the time, the screen flashed and you were left with part of the word.”

“I don’t know about the flash, I was looking at the keyboard, but you are right about the rest. I only have the “ir” left. That’s when I noticed the rest missing.”

“I think we can get it back, Dad. Hold down the Cntrl key and tap “Z” a few times while watching the screen. Once the “ir” disappears, your text should reappear. You are reversing your keystrokes.”

“Its back! You are a miracle worker. I see everything back, highlighted.”

“Good. Make sure you click outside the highlighted selection before you type again.

Otherwise you might lose it again.”

“Great! Thanks son.”

“Happy to help, Dad.”

Mysteries are a Gift
I love mysteries. Whether it’s technical troubleshooting or a TV murder to solve, I enjoy the process of un-wrapping the situation and working back from an event to find the cause, and, hopefully, a solution.

My Dad’s mystery was actually one we have been through a few times before, though he usually didn’t remember the detail. It also helped that I had experienced the same situation and had the benefit of seeing the “flash” I mentioned. Lastly, I had the benefit of knowing what likely was happening behind the scenes.

His problem was rooted is the position of the Ctrl key just below the Shift key on PC keyboards. It’s very easy to hit Ctrl instead of Shift when you intend to capitalize a letter, like that “A” in Airport.

What’s Going on?
The result of the Ctrl+A keyboard combination on the Mac would be to move the typing cursor to the beginning of the line. Ctrl key combinations on the Mac center around moving the cursor; the same the convention used by UNIX, the operating system on which the Mac operating system, OSX, was based.

While moving the cursor suddenly can provide some confusion if unintended, the result of Ctrl+A on Windows PC’s is a bit more dramatic. The key combination generates a “Select-All” option. For most Windows applications including Microsoft Word, this selects all text and other objects (pictures, charts, shapes). It’s a great alternative to dragging your mouse down a page or multiple pages to highlight everything.

The “OOPs” Sequence
Unfortunately, if you haven’t intended to Select All, it can cause your text to disappear with the next keystroke. Here’s the sequence:

  1. You are typing madly away without a care in the world
  2. You hold down the Ctrl key and tap “A” instead of the Shift key to capitalize the letter. All document contents are now selected. You continue to type the word “Airport.”
  3. All selected items disappear, replaced by by “I” or “irport,” depending on how long you type before looking up and notice everything else is gone.


The Solution to the OOPs Sequence
Ctrl keys on the Windows’ Keyboards are focused on text formatting, document retrieval and storage. Fortunately one of those keys lets you undo a previous operation. Ctrl+Z is known as the “Undo Key.”

How far back you can “undo” actions depends entirely on the program and memory it has allocated for undo operations. Fortunately Word has multiple undo levels. Unless you save the file (removing the undo levels), rolling back is pretty straight-forward. Word also has undo and redo options on which you can click in the document’s title bar.

Mac’s have an Undo key as well, Command+Z. You will find many of the Windows Ctrl key combinations become Command key combinations on on the Mac. Fortunately, The Mac Ctrl key is farther away from the Shift key than the PC Ctrl key so our problem is less likely to occur.

Mystery Solved!
All is well. Time to reflect and…Excuse me, I should be probably take this call.

“Hi, Dad, What’s the problem?…”

Are You Using Your Lock Screen?

The following was originally posted on the Shoreline Area News, March 15, 2014 as part of the Tech Talk series.

Nearly all desktop, laptops, smartphones and tablets have a “lock screen.” But is it just an annoyance that you swipe or click away or is it actually locked with a pin or password?

An informal poll has been running at AndroidCentral.com for a couple of years, asking a similar question, “Do you use lockscreen security?” The answers are revealing:

According to the data, nearly 56% of respondents don’t use any form of lockscreen security. While this poll is clearly unscientific, it is also pretty alarming. The people who visit AndroidCentral are, according to their demographics well educated, technically connected, and largely within the ages of 24 to 34. That is the same age range that ProtectYourBubble.com reports are most likely to have their phones stolen.

It’s one of those common scenarios that happen to most mobile device users … setting down a smartphone or tablet and then not finding it. Back in 2011, Lookout.com presented a survey of the smartphones whose owners used the service to track their lost or stolen phones. The Seattle area ranked 2nd behind Philadelphia when it came to losing phones, averaging a twice a year per person.

Sometimes a lost phone is just a matter of forgetfulness. You often retrace your steps and find it. Other times it’s just gone, picked up by others curious about an unattended device or those simply intent on stealing it and its contents.

Why Its Contents?
Today’s smartphones hold a lot of information. Besides your email and contacts list, it might contain attachment with personal financial information, links to your favorite retail or banking websites, social networking sites. To be most efficient, most of us cache our access passwords to these sites so we don’t have to keep entering a password each time. It’s very convenient for us … and equally convenient for those who are interested in stealing our identity and defrauding our friends and family. That might not be the the person who snatched your phone, but it could be person who buys the your phone from them.

Symantec conducted a study called the “Symantec Honey Stick Project” in which they left 50 smartphones in publicly accessible areas like elevators, malls, and public transit in five major cities. Each phone was seeded with fake information, and apps installed tracked the activity on the phone and its location after it was “lost.”

The good news was that half of the smartphones lost were returned. The bad news was how much information on the each phone was accessed.

While accessing some pictures, social networking contacts, or email might have suggested an altruistic motive of contacting the phone owner, much of the access does not.

Can You Track Your Stolen Device?
Yes, it is possible. The key to tracking a device is that it can be tracked if it is connected to the web and the device’s hardware or software supports tracking.

Phones are easier to track because they are connected to a cellular network that regularly checks-in with local cell towers. This and GPS information is how 911 dispatch centers are able to track phone locations in an emergency. While most tablets and laptops are not on a cellular network, they do use Wi-Fi and can be tracked.

If you do authorize tracking software to use these technologies, it can allow you to track and remotely manipulate your phone, even allow you to wipe its contents. Apple laptops, tablets, and phones can use its Find My IPhone services to do this. Windows Phone provides these same services through My Windows Phone. If you have a Windows 8 tablet, look for the Locate My Tablet app in the Windows Store to tie your device to the My Windows Phone service.

For Android and other systems, there are a number of options. These range from a long-time open source project (Prey) to mainstream anti-virus makers (Norton, avast!, Kaspersky) to mobile-focused products (Lookout, Cerberus, Android Lost).

While all these systems can be very helpful, the best course of action is to protect yourself from losing your mobile device in the first place.

So How Do You Protect Yourself?
Start by changing how you handle your mobile device in public places. Lookout lists the types of places in the Seattle area you are most likely to lose a phone, typically eating or shopping locations.

Don’t publicize the presence of tablets or smartphones by setting them on counters or tables, or having them out while boarding public transit. This reduces the opportunity for thieves watching for opportunities to grab and run off with devices, especially when the user is near an exit.

Avoid displaying these devices or laptops in parked cars. If you must leave them in the car, discretely place them in the trunk. And, of course, don’t leave them unattended at any time.

And Lastly….

Make sure you add a PIN number or Password to that mobile devices lock screen. Here is how to do that:

  • Mac – To Set: Apple menu/ System Preferences, click Security & Privacy, and then click General, Select “Require password for sleep and screen saver.” To Use: Cntrl+Shift+Eject or Cntrl+Shift+Power to blank screen.
  • Windows Vista/7 – To Set: Windows XP-7: Start/Control Panel/User Accounts and Family Safety/User Account/ create a password for your account.
  • Windows 8 – To Set: (If not using a Microsoft Account) Settings Charm/Change PC Settings/Users/Create a Password or Create a PIN.
  • Windows 8.1 – To Set: (if not using a Microsoft Account) Settings Charm/Change PC.Settings/Accounts/Sign-In Options/Create Password or Add PIN.
  • Windows (All versions) – To Use: +L or Tap User Name/Lock (Windows 8/8.1).
  • Android – To Set: Settings/Lock Screen/Select screen lock/PIN or Password. To Use: Tap Power Button to blank screen.
  • IOS (iPhone/iPad) – To Set: Settings/General/Passcode Lock/ PIN or Passcode. To Use: Tap Power Button to blank screen.

Making Email Work Best in a Mobile World

The following was originally posted on the Shoreline Area News, March 7, 2014 as part of the Tech Talk series.

Email used to be simple. Connect, access your email and disconnect. However as more of my clients access email between their PC, and newly purchased smartphones and tablets, they are discovering that the email access methods that worked well for their single PC or Mac are no longer adequate. What do we need to do to adjust?

Let’s start with a little history of email access.

The “Dial-up” Days
For many users in the 80’s and early 90’s, “connect time” meant either inconveniently tying up a phone line or expensive per-minute charges. So, Email servers used a “store and forward approach” to make connection time more efficient.

You would load an email application to retrieve email and store it locally on your computer. Any replies or new communication would also be stored locally and then passed to the email server then the next dial-up connection was made.

The process was pretty efficient with an online connection lasting only the period of time necessary to retrieve new messages from the server and send your outgoing messages.

This process is not unlike how “snail mail” is delivered from or sent to your local post office. Given that, it’s not surprising that this method become known as the Post Office Protocol (POP). Technically, POP only handles received email. To send email, we use another protocol, SMTP (Simple Mail Transfer Protocol), a topic for another time.

The latest version, POP3, is a very simple retrieval method that downloads your mail, deleting it from the server. Virtually all Internet Service Providers (ISPs) and major email services like Google’s Gmail and Microsoft’s Hotmail/Outlook.com support POP email access.

The downside of POP today is that it is designed for a single computer to collect your email. A Harris/Teamview study in 2011 found that 63% of people surveyed “use at least two computing devices” a week. The chance of losing mail between two computing devices is irritatingly high.

While POP lets you leave a copy of email messages on the server for another device to collect, that lays the burden on you to manage a lot of duplicate mail.

Always Connected and On the Web

“Webmail” eliminated local storage of email and allowed multiple computers to access messages through their web browsers. Hotmail’s and Gmail’s email web sites became a major draw for users, competing for awhile on how much web storage of email they offered.

Today, Outlook.com offers 5 gigabytes (GB) of storage initially but provides for unlimited expansion. Gmail combines email storage with Google+ Photo on the 15 GB offered free through their Google Drive cloud service.

The popularity of webmail as a service has lead ISPs to offer it for their own email accounts. Unfortunately, using webmail requires you to stay online all the time, something not be possible on wireless-only tablets between Wi-Fi hotspots. Smartphones can still stay connected through cellular data plans, it can be an expensive proposition for plans with limits on data usage,. Also, webmail sites are challenged by the need to accommodate a wide range of screen sizes…and users are often challenged by the results!

The Online/Offline Mobile Experience

Today’s email access needs the flexibility of being offline periodically and still be able view email, while creating new mail that can sent while online or held for the next online opportunity. It also needs to accommodate different screen sizes and be able to synchronize changes with the email server that other devices can see emails previously read/written. The most common solution is to reach back into the past and use IMAP.

IMAP – Internet Message Access Protocol has been around nearly as long as POP but uses a model that duplicates the email found on the server and then synchronizes any additions or changes made. Since IMAP or its latest version, IMAP4, is just a protocol, you need a IMAP-aware email program installed to handle your local mail management. Fortunately, there are many free or low-cost programs to handle this task on virtually any desktop or mobile device.

While IMAP is well-supported by email service like Outlook.com, Yahoo, and Gmail, it is less common among Internet service providers. Earthlink and Frontier don’t provide support. Through Comcast doesn’t promote it, they do have a sign-up site to convert your account to IMAP.

Syncing with EAS

Microsoft Exchange and Outlook.com email users have another email alternative, EAS. Exchange Account Service is the protocol originally designed for mobile devices but is now also being used in desktop.

EAS allows these users to not only synchronize email but also calendar and contact information. Users of Office Outlook may not know the name of the protocol but they may be familiar with the “Outlook Connector. ” The Connector uses EAS to connect with the Microsoft email addresses like @hotmail.com.

Google used to also directly support their Gmail, Calendar, and Contacts through their EAS-based Google Sync service. That changed last year when they restricted usage to Google Apps for Business, Government, and Education customers.

Windows 8 and 8.1 shipped with the Mail, Calendar and People apps that make use of EAS to connect Microsoft domain users. If you have an outlook.com, msn.com, hotmail.com or live.com user account, it is automatically used as a Microsoft Account in Windows, connecting you not only to mail, contacts, and calendar items but backup your account settings, and other information.

Mix and Match Your Email Options

What you choose to use with your PCs, Macs and mobile devices can be pretty individual, especially for the major email services. For example, you might use IMAP in the Mac’s Mail program to access Google Gmail. For your iPad, you can choose either the built-in Mail program or the official Gmail app in the in App Store.

The mix ultimately depends on your email provider and the email access they support, the devices you intend to use, and the email applications you prefer to use.The nice thing is that once you make set up these choices, email across your computing devices can work remarkably well…and accessing your electronic can become “simple” again.

When Text Size Varies and Defaults Don’t Apply

The following was originally posted on the Shoreline Area News, March 1, 2014 as part of the Tech Talk series.

A couple of weeks ago, I started talking about how to make text and objects on your screens more visible and usable. It’s a step in my personal campaign to have technology work to our benefit instead of us having to accommodate small screens, tiny pointers, and hard-to-read text. The basic changes we covered help in many cases, but not all situations. While application developers are encouraged to accommodate changes in font size and other options in their programs, it has taken many years for this approach to become standard practice.

Applications Which Make Up Their Own Rules
iTunes, for example, is notable for not following the font sizes you chose in Windows or on the Mac. While going its own way gives iTunes a unique look, it can also challenge those trying to see its song lists and sidebar. Those items shown in their default size can be challenging on a high-resolution screen.

iTunes 11 provides a minimal solution to this problem. For the Mac you can go to Preferences under the iTunes Menu. On the PC, it is either the Edit Menu in the application or the app’s general menu (). Once in Preferences, you can go to the General tab and click the check box to “Use large text for list views.”

When in Doubt, Just Magnify Everything!

If that adjustment isn’t enough in iTunes or the application you are using doesn’t provide any font size adjustment, there is a still a “fall-back” option. You can use the magnification feature in the operating system to magnify the display.

For Apple Mac this is called “Zoom” that can be turned on in Accessibility settings In System Preferences. Microsoft chose to make its “Magnifier” a separate program in Windows that can be launched through an icon or keyboard shortcut. Both increase and decrease the screen magnification by using keyboard combinations.

Apple’s tablets and smartphones also have Zoom capability as well as their competitors, Android, and Windows Phone.

With the exception of Windows Magnifier, these magnification tools first need to be switched on in their respective Accessibility or “Ease of Access” settings before zooming controls will work.

Expanding Your Web Browsing Experience

While complete screen magnification can relieve most screen “squinting,” it isn’t always the best viewing experience. An expanded view means that you have to move around to see everything, especially on busy web pages to find information or click links.

Fortunately, most web browsers provide ways to magnify and reflow page text and images. This is a much nicer way to display web pages, especially pages.

On the PC side, Microsoft’s Internet Explorer, Google’s Chrome, and Mozilla’s Firefox web browsers all use Ctrl+Plus (∪) and Ctrl+Minus (‒) to expand or contract text on a web page. If you prefer to use the mouse’s wheel, you can perform the same actions while holding down the Ctrl key and moving the wheel back and forth. Touch systems with IE and Chrome can also use two fingers stretching apart to expand or pinching together to contract.

For Safari on the Mac, it’s a similar keyboard combination for expanding/contracting, Cmd+Plus and Cmd+Minus. In the more touch-oriented iPhone/iPhone works, the stretch/pinch technique works fine in Safari.

Fortunately, browsers on most other mobile devices running on Android and Windows Phone also use stretching and pinching to enlarge or reduce text size on web pages. It’s nice to see this level of conformity across web browsers.   Now we just have to get other application makers to follow suit.

Playing with Your Sizing Options

Do you have applications with hard-to-read text or images?  If the techniques I laid out in my last article on this topic don’t improve the situation, check the application’s preferences or display options for ways to control the size of these items. Failing that, you can try these tips to improve your experience and reduce the discomfort of accommodating your technology.

“We’ve noticed you have a virus on your computer…”

The following was originally posted on the Shoreline Area News, February 22, 2014 as part of the Tech Talk series.

This week I had intended to follow up with part 2 of my exploration of how to make your computer adjust better to your needs. However, as they say in the news media: We interrupt our regularly scheduled program for this important announcement:




Seriously, hang up! They will be persistent and patient. They have been doing this for years. You will need to steel your nerves, abandon your usual phone etiquette and hang up without comment.

They were talking to my client a week ago when I showed up for our regular appointment. Relieved, she said to the caller, “You can explain all this to my computer specialist.”  They hung up the phone before I said “hello.”


The Sordid Truth
Have you guessed by now? She wasn’t called by anyone from Microsoft. That is because Microsoft never calls people out of blue to tell them they have an infected system.

It is and has been a scam going around since at least 2009. Microsoft does not send unsolicited emails either. What confused my client especially was this email:

From: Microsoft Corporation

Sent: Fri, Feb 14, 2014


Subject: Microsoft Corporation

This is to let you know that your computer has been sending us some error notifications as its been filled with a lot of junk programs which are malfunctioning with your computer from DELL and it may crash your system at any point of time.

Hence, you got a call from one of our representative.

Thank You.



I haven’t seen this wrinkle before. Normally these kinds of calls are more random. However this email is not from an official Microsoft support email address, contains grammatical errors and assumes that Microsoft’s error collection service (Windows Error Reporting) collects information that can be used to identify individual users.


How the Scam Works
The method is consistent. You are informed that Microsoft has received information that your system is infested with viruses or problematic software and the caller, identified as a support person from the Windows Technical Department Support Group / Microsoft Support / Windows Service Center or other appropriate-sounding name has been asked to help you.

Their actual goal is to collect more information from you, either by having you download remote access software so they can get into your computer or by having you share account or credit card information that they can use. If you stay on the phone with them but appear resistant, they will claim that “unless something is done soon, your computer will crash.”

Depending on the caller, they can become quite argumentative. During one of my calls, (I have had three), I explained that I used to work for Microsoft and knew they were a scam … and they still argued. As long as they have you on the phone, logic must be that you can be worn into submission.

We must getting a lot of these calls right now because A.G. Schneiderman, New York’s Attorney General, issued an consumer alert earlier in the week warning New Yorkers about the scam.

So Want Can You Do?
First, learn about this problem so when you receive the call, you can recognize the scam. Microsoft has information on this kind of scam and other common scams that use its name.

Second, know your computer and its current health so you won’t be vulnerable to this scam. Besides your regular anti-virus software, run a second malware scanner monthly or quarterly that uses a different engine and virus database to get a second opinion. Malwarebyes Free Edition, Kaspersky Security Scan and Trend Micro’s HouseCall are excellent free scanners for this purpose.

Third, spread the word about this problem to your friends and family. The chances of someone you know having this experience is high. Besides my client, two other immediate members of my family have had these calls.

Explain that if the scammer has gained access to the system, they should uninstall any remote software on the system added, run complete malware scans (See Step Two), and change any system passwords as well as passwords to financial or critical websites to avoid potential identity theft (more information). They can also file complaints with the FTC, and your state attorney general (WA state).

Fourth … when your turn comes and the “Microsoft” tech person calls for you … hang up!

Do you accommodate technology too much? Sizing up the options

The following was originally posted on the Shoreline Area News, February 15, 2014 as part of the Tech Talk series.

Cartoon - I'm fine!  This is just my computer face.
The tension is obvious. Head and neck pitched forward; shoulders hunched; brow furrowed, eyes squinting … all supporting the virtual manipulation of objects on a computer screen. I see it all the time, not just in client’s offices and home, but at internet-enabled cafes and in other public spaces. We work very hard to create, modify, read, and navigate our computers and mobile devices.

As a result, we develop CVS (Computer Vision Syndrome), a combination of headaches, eye and neck problems from staring fixedly at the screen. 90% of people who use a computer screen three hours or more are likely to experience these problems. Besides display-related problems, repetitive motions like typing and mouse clicking also take their toll in the form of Carpal Tunnel Syndrome and RSI (Repetitive Stress or Strain Injuries).

Most of the time of we work harder than we need to, accommodating how information is presented on the screen or how information is entered, instead of having the screen or software, or input devices accommodating us. It doesn’t have to be that way, because there are many ways to adjust existing settings to improve the experience.

Typical Icons sizes from 16x16 to 48x48 pixels

Making things easier to see

Most icons, mouse pointers, cursors, and text are too small to comfortably locate or understand at today’s high screen resolutions. Icons and pointers, for example are usually 16×16 or 32×32 pixels (picture elements). This was fine years ago on a 19” monitor with 1024×758 pixel resolution. However, a common scenario today is closer to a HD screen (1920×1080 pixels) on a 15” laptop. This reduces the relative size of these objects tremendously. Here are some ways your system can adjust this relative size.

Available Mouse Pointers in Windows 7

Change the size of your mouse pointer

Mac: On older Macs, go to Universal Access in System Preferences, choose Mouse and Trackpad. For newer Macs, locate Accessibility in System Preferences (or press Command-Option-F5, choosing Preferences) and select Display. In all cases, locate the cursor size slide control and adjust the slider to your desire pointer size.

Mac OSX Mountain Lion Accessibility Display Options

Windows: Choose one of the large or extra-large Schemes in the Pointer tab of Mouse Properties. In Windows 7 or earlier, you can quickly search for Mouse Properties by typing “mouse” directly in Control Panel (upper right-corner) or from the Start Menu. In Windows 8/8.1, use the Search charm to locate this Control Panel item.

Windows 7 Mouse Properties - Pointers

Change the pixel size or DPI (dots per inch) of your text and icons

Mac: Right-click on the Desktop and choose Show View Options from the menu. This will display a panel that lets you adjust both icons and text for the Desktop. There are also additional options for adjusting finder windows and applications.

Mac - Show View Option

Windows: Right-click on the Desktop and choose Screen resolution from the menu. Click on the link “Make text and other items larger or smaller.” The Control Page that displays will let you switch from the default of 100% to 125% or 150% (the last item only appearing on systems supporting at least 1200×900 pixels). You can also set a custom or larger size using the “set custom text size (DPI) link on the left side. For Windows 7 and later, this is consistent. The procedure changes for Windows Vista and Windows XP.

Maker Text Bigger - Windows 7

For Windows 8/8.1, these settings do not impact the new Windows 8 UI or apps. For those, go to Ease of Access in PC Settings at bottom of the Settings charm and turn on “Make everything on your screen bigger.” This option is disabled on displays less than 1024 pixels high.

Windows 8 - Ease of Access - Make everything on your screen bigger

Other sizing and accommodation alternatives

Of course, your web browser also has the ability to resize text on web page. We will explore some of those options next week.

April 8th – The End for Windows XP?

The following was originally posted on the Shoreline Area News, February 8, 2014 as part of the Tech Talk series.

Today marks the 48th-day countdown to a major event in the computer world. It’s not a major product launch or a new technical advance. “It’s the end of an era,” some say or at least, the beginning of the end <smile>.

On April 8th, Microsoft stops supporting Windows XP.

Microsoft has been promoting this day for years in the tech press, hoping to move businesses and consumers out of an operating system that launched the same year they launched the original Xbox game console, and were still working out an anti-trust agreement with the US Justice Department. It was 2001, the year of the 9/11 attacks and our entry into Afghanistan; the year Wikipedia went online, Apple started a music download service called iTunes and their first portable music player, the iPod.

Windows XP, despite its age, is still being used by 29% of Windows users, according to Netshare, so there is concern about what this move by Microsoft means. Here are some answers to the common questions I am hearing about the 12 year-old operating system.

Does Windows XP stop working on April 8th? Can I continue to install it or reinstall it.
No, Windows XP will continue to function and you can continue to install it on computers. Of course Windows XP has not been available as a new purchase with or without a computer for years.

Since Windows XP still requires activation to continue to use it within 30 days of installation, the online activation feature will still continue to function. What will not be available is activation through a phone call. Microsoft will no longer be staffing that service.

What does Microsoft mean by “end of support?”
End of support is defined in some detail for Windows XP on Microsoft’s Support Lifecycle page, but essentially it falls into Mainstream support and Extended Support categories. Mainstream includes free warranty support for a new product installation and other no-charge support options. For Extended Support, focus shifts to paid support, and free online support options.

At the end of Extended Support (in this case, April 8, 2014), Microsoft stops staffing support, as well as development and testing of updates for the product. While many of these free online support options like the Microsoft’s Download Center may still continue to be available, any active or staffed services related to Windows XP will not. Windows XP-specific support topics in Microsoft’s Knowledge Base will still be available on the web site, but no longer be updated or maintained.

Microsoft’s most utilized support service is Windows Update. WU provides product fixes and security updates to improve the system and keep it protected. End of support for most people means the elimination of that service. The implications of not receiving additional security updates is that Windows XP will not be protected from attack if there are vulnerabilities discovered after April 8th.

What are the dangers of going on the web with my Windows XP system after the 8th?
Without the protection of new security updates for Windows XP, the chance of a newly discovered security weakness being exploited by malware is very high. Some people are suggesting that malware authors will try to hold information back on vulnerabilities in order exploit them on Windows XP after the April date. Others speculate that Windows XP will simply become more vulnerable as time goes on.

While up-to-date anti-malware software will often catch viruses and other malware, a system update is the most effective deterrent against infection, data loss, or other consequences. For that reason, I recommend that you not connect a Windows XP system to the Internet after April 8th.

I need my Windows XP computer for Internet access to email and other web sites, what do I do?
I recognize this is a tough spot if your goal is to keep your existing computer running Windows XP. Aside from purchasing a new computer, you might also upgrade your system to Windows 7. Though less common today than a year ago, it is still possible to find Windows 7 available for purchase online. The key concern is whether your computer hardware will support a later version of Windows. Downloading the Windows 7 Upgrade Advisor can help you determine this.

While Microsoft is providing some customized options for large companies, the only other alternative is to purchase a new system. Fortunately, the average price range of a new PC desktop or laptop is about the same it was 10 years ago though the system has evolved in capability and capacity.

I am running Windows 7 but have programs running in “Windows XP Mode.” Does this impact them?
Windows XP Mode is the capability of Windows 7 to run applications that don’t work under Windows 7 itself in a “virtual” Windows XP system. As this is a complete Windows XP environment, that environment is also subject to the same lifecycle constraints as Windows XP on the standalone computer. If you truly need Windows XP Mode to run your program and do not need Internet access, I recommend going to the settings of Windows XP Mode (right-click on XP Mode in the Windows Virtual PC folder and chose settings) and under Networking, change Adapter in use to “Not Connected”

I heard that Microsoft Security Essentials for XP will also no longer be supported. Is this true?
Yes, but in April, the only restriction is that the Security Essential for XP program will no longer be downloadable. If you are current using Security Essentials on XP as your anti-virus, virus signature updates will continue to be available until July 2015.

Is Microsoft ending support for anything else soon?
Yes, Microsoft Office 2003, the last version of Office that doesn’t use the Office “ribbon” also reaches its end of support on April 8th. Many of the same security concerns about Windows XP also apply to this version of Office.