What should you do about “HeartBleed?”

The following was originally posted on the Shoreline Area News, March 13, 2014 as part of the Tech Talk series

Last Monday, news broke about a key vulnerability in the primary encryption method used to ensure the security of the web sites we use. If your eyes just glazed over during that last sentence, it’s time to put a pot of coffee and see why this is a potential threat for you…and what you can do about.

The Story and the Danger
If you do Internet shopping, banking, and web-based email, you have made use of a “https” connection. This connection, also known as a SSL/TLS (Secure Socket Layer/Transport Layer Security) connection is designed to insure the privacy and security of your interaction.

The key provider of SSL/TLS is OpenSSL, an open-source project. As a majority of web servers, routers, and other network connection make use of OpenSSL, potential for stolen passwords and other critical data is high, especially since software designed to exploit this vulnerability has also been discovered.

While the vulnerability is limited to a couple of recent versions of OpenSSL, the pervasiveness of the protocol improves the chance your information can be stolen and used.

How does this affect me?
Unlike the hacks at Target and other companies, this is not a localized threat. Using encrypted connections is at the heart of our Internet commerce and communication. Since we all use credit cards, communicate with banks, and share passwords and other personal data over SSL/TSL connections, that data could have been at risk.

The challenge in this case is that unless you encounter signs of theft (card card use, account hacking, identity theft), there is no way to determine whether your data has been compromised. In security blogger Brian Kreb’s story on this topic, he quoted Jonathan Sander of Stealthbits Technologies as saying, “Heartbleed is like finding a faulty car part used in nearly every make and model, but you can’t recall the Internet and all the data you put out on it.”

This sounds awful scary…
Yes, it does, largely because of the uncertainties involved. There have been a lot of people who manage web sites working very hard to correct this problem. Sites like Tumbler, Facebook, Instagram, Pinterest, Dropbox, Intuit (Turbotax, Quicken) and Google announced their sites are now patched to prevent future incursions. The Canada Revenue agency shutdown its taxpayer sites until servers could be patched or features with the vulnerability are disabled.

Other sites that have NOT be affected according to company statements include Twitter, Microsoft services, Paypal, Amazon, AOL, and LinkedIn. Most major US banks and brokerages, according to Mashable.com are also safe from Heartbleed attacks, as a number of regular retailers, including Target.

…but is getting better.
Over the last week, web sites that have been affected have been fixing Heartbleed so they are no longer vulnerable. A scan of the top 10,000 web sites on April 8th, one day after the public announcement showed 630 still vulnerable to attack. A follow up scan on April10th showed this number at 137. By the 11th, this was down to 104 sites. This is a service set up by Filippo Valsorda, an Italian security expert.

So, one part of this problem, current vulnerability, is being addressed, by most web site owners. That window of vulnerability is closing.

However, the danger isn’t over until you take some actions. After all, this bug was in place for two years and there is a chance that your passwords and other personal information have already been taken for use or sale. You now need to reduce your own vulnerability.

What should I be doing?
Be prepared to change passwords on the affected web sites…once you know that the site has been able to correct the problem. It’s important to confirm that the site is now safe before changing passwords.

Key questions to answer:

Determine if the web site is affected by the vulnerability There are a few ways to figure this out if the web site that concerns you was not listed above.

Look for a notice on your website regarding OpenSSL or Heartbleed. Search for news accounts of your site and press releases it might have made. Many sites have sent emails over the last few days advising their customers about the site’s vulnerability or need to change passwords. Check your Spam or Junk Mail folder in case the message was diverted there.
Besides Mashable’s list, you can look on this comparison list Filippo Valsorda built using his lists of the top ten thousand web sites to see if your web site was listed as vulnerable. Filippo has listed site that were vulnerable earlier in the week and whether they are is still vulnerable.

Lastly Filippo has a test site at http://filippo.io/Heartbleed/. If your site passes, it is either because the vulnerability has been fixed or it wasn’t affected at all.

Change passwords on any sites that you believe had the vulnerability once the bug has been eliminated. The point of changing passwords is to eliminate further access to information using passwords acquired prior to the bug being fixed.

Keep an eye on your credit and accounts. Since we don’t know who, if anyone , might be affected during the two years this vulnerability was open, it’s a good idea to watch your credit card purchases and account information a little closer. If unusual activity occurs, report it promptly to the institution or site account manager

Why this bug is called Heartbleed
The bug is based in an extension of OpenSSL called HeartBeat. HeartBeat. that keeps the secure connection active, even when no data is being transmitted. Heartbleed allows someone to eavesdrop on communications and even impersonate services and users.

If you are interested is in how something like Heartbleed works, this comic rendition by Randall Munroe of xkcd.com does a great job of explaining it.

How bad is this, really?

From the Internet perspective, this is pretty bad and a lot people have been scrambling about to fix things. From your perspective, it could be bad if you haven’t changed passwords on vulnerable site once they are fixed.

In the long term, this is probably just a glitch from which we all will recover. In the meantime, taking the proper precautions will help it stay as a glitch for you.

Advertisements

The 27.69 percent-ers: Surviving with Windows XP?

The following was originally posted on the Shoreline Area News, March 6, 2014 as part of the Tech Talk series

Last week, I shared a graphic on the current market share for desktop operating system.  Unfortunately, while the data I fed was accurate, the percentages listed on the chart were not accurate.  My apologies.

This discrepancy did not affect the versions of Mac OS X more than a percentage point (the subject of my posting), but it did skew the percentages of Windows versions.  Windows XP was listed at 24% and should have been 29 and a half percent.  Windows 7 should have been over 47% but ended up at 39%.  For the chart below, I updated last week’s worldwide usage chart to show March’s figures and the date of each OS release.

Errors or not, these figures do show there are still a lot of Windows XP users out there and Microsoft is ending support for the operating system in just a few days. It’s almost as if most of the townspeople of Windows XP has been evacuated to safer ground and nearly 3 out of ten folks have decided to stay in town..

Sticking It Out with Windows XP

(Illustration by Tony Auth)

There are a lot of reasons why people stay in their homes in the face of potential dangerA 2009 study in the journal Psychological Science of those who stayed in the Hurricane Katrina’s danger zone showed many of them felt they didn’t have a choice, either because of money, community roots, and other local considerations. While a Windows upgrade is not in the same league as Hurricane Katrina, many of the same motives keep people from upgrading:

Cost – While computer built in the last five years do well upgrading to Windows 7 or 8/8.1, computer sold in the first eight years are probably lacking in processor capability (single core), memory (one GB or less) or are simply too worn out to do an upgrade. That means buying a new computer. Though you can get a new and more advanced desktop system for same price the old one cost, it’s still an expense above and beyond others.

 

Dedicated Equipment – Some XP owners hang on to the OS because it is necessary to run older equipment that isn’t supported under a new OS. I have seen this in film recorders, plotters, or old printers. The reason is that the manufacturers of these devices either no longer exist to provide device drivers or they have chosen not do so. While Windows provides numerous ways through its Compatibility Mode or virtual machines to simulate a Windows XP environment for old software, a lack of available drivers can prevent an upgrade.

Fear and Uncertainty – The consequence of having an operating system around for 13 years is that people become unaccustomed to change in the face of all the other changes around them. For many consumers, Windows XP was the first operating system on their first computer. In that scenario, leap-frogging from XP over four versions to a different looking Windows 8.1 is terrifying. For businesses who spent thousands of dollars on the creation of internal business application around Internet Explorer 6 (Windows XP’s default web browser), the uncertainty and cost around retooling keeps the OS in business.


On April 8th, those folks staying in town with Windows XP will be tested along with users of Microsoft Office 2003 when Microsoft officially stops supporting these products. What can they do?

I talked a bit about this in February and have a few more insights today that might help the 27.69 percent-ers buy some additional time or at least put some plywood up for additional protection.

 

Things that will still work

  1. Windows XP will still be installable and automatically activated on a system
  2. Windows Update will still work and allow you to download currently available updates for Windows XP
  3. People who have Microsoft Security Essentials installed will still get anti-malware signature updates through July of next year.
  4. The Malicious Software Removal Tool will still download via Windows Update through July of next year.

 

Things that will no longer be available

  1. New Windows XP Security or software updates after April 8th
  2. Downloads of the Microsoft Security Essentials program itself.

Things that might help

While upgrading to a new version of Windows and purchasing a new system are still the best options, there are still individual things that can be done to reduce risk. While has been speculation about zero day exploits happening after April 8th.

  • Don’t access the Internet. Either unplug your network cable or turn off your computer’s wireless connection. If you must be online, don’t stay online more than necessary. Internet Explorer versions 6,7, and 8 for Windows XP will not be updated. You should download Google Chrome, Mozilla Firefox or Opera as they will at least be providing browser support on Windows XP for the next year.
  • Avoid using the system for email. Email is a common entry point for phishing attacks. While some people argue that web-based email is safer, systems still get infected my clicking on content in webmail.
  • Remove Java, if installed. Java has traditionally been an entry point for malware on Windows.
  • Keep programs like Adobe Flash and Microsoft Office up-to-date so they don’t become an entry point as well.
  • Avoid using removable drives. USB-base hard drives or flash drives are another common entry point for malware.

If this appears to be onerous or too-restrictive, you probably should look again at upgrading or a new computer purchase. It takes more work to stay safe in a tough neighborhood and the town of Windows XP is now in a real-tough neighborhood.


The Mythology of Macs and Malware

The following was originally posted on the Shoreline Area News, March 30, 2014 as part of the Tech Talk series

At Sunday’s Computer Q&A at the Commons, one of the participants shared her experience at a local Apple store while buying a new Mac. Multiple employees assured her that she didn’t need any anti-virus software. I was shocked that they told her the only reason they needed malware protection was if the system would also be booting Windows.

What?
Yes, Macs can “dual-boot” between Apple’s OS X and Microsoft Windows if set up to do so. If you do that you should definitely add an anti-virus to your Windows installation if one is not already available.

However minimizing the risk of malware inflection on OS X itself is a kind of response I would have expected a few years ago, not in a contemporary Apple Store.

My Virus Roots
Ironically, the first virus I ever personally encountered was a Mac virus called WDEF in 1990. I was managing tech support for a small company making both Mac and PC software. Like most viruses of that period, WDEF’s primary goal was to simply keep replicating itself, hitching a ride on any available floppy disk to go to from Mac to Mac.

While WDEF did cause some specific Mac II models to crash, that was due more to bugs in the virus than any malicious intent. WDEF first made its appearance in 1989 amongst colleges and universities. It was accidentally shared through some disk-based computer magazines and some commercial software, including a version of Microsoft Excel for the Mac, released in 1990.

It made its way to our door through Grammatik, one of the first grammar-checking programs available for either the PC or the Mac. It was also easy to remove, thanks to one of the first commercial anti-virus programs available, Symantec AntiVirus for the Macintosh or SAM as it was more commonly known. This was about the time that Peter Norton’s company merged with Symantec but a good five years before Norton launched Norton Anti-Virus for Windows 95.

So Why Do People Think Macs are Immune to Viruses?
For people aware of the Mac’s viral past, they say that OS X’s multiuser functionality, improved component isolation and better security eliminated most technical concerns about viruses. Of course, that was the same argument used about the same time for Windows XP over earlier versions of Windows. While both OS X, Windows, and malware have continued to evolve, these opinions also continue to be shared as fact:

“OS X has fewer flaws than Windows”
A flaw is a general term, but if we narrow the definition to a vulnerability that can be exploited by malware, there are some good reasons why people might think this. Because of business customer needs, Microsoft has created a predictable and quite public monthly update time knows as Patch Tuesday to provide updates and security patches. This and regular press coverage of these security updates can give the impression of Windows as an extraordinarily flawed system.

Apple’s update and security patches are less predictable or publicized. Apple’s only security update this year was at the end of February. It lists 19 security fixes and one additional update for its Safari web browsers version to fix in recent versions of OS X. Microsoft’s total security updates this year for all Windows versions and Internet Explorer was two for January, seven in February, and four released in March, a total of 13.

“OS X does not get viruses like Windows does”
Yes, OS X does not have the same technical “attack vectors” (as security experts call them) that Windows has. However, there are many similarities in how malware can infect Mac and Windows systems.

Third-party components like Oracle’s Java or Adobe Flash have been a popular vehicle for Mac malware. Mac are the only OS with this problem. Most of Windows 8.1 security updates have been to fix problems with Flash.

Social engineering is a prime cause of inflection on both the Windows and Mac systems. Anti-virus software not only monitors system vulnerabilities but protects users who may be deceived into installing something unknowingly harmful. Some people have argued that adding an anti-virus to a Mac will lead to a false sense of security. Telling people that Macs don’t get viruses could have the same result without any protection.

“OS X is a less attractive a target as Windows because of its small user base”
It is true that OS X Mac users make up only about 7.5 to 15 percent of the computer market, depending on who is counting (examples, NetMarketShare, StatCounter). While Windows has a bigger bull’s eye for malware developers and distributers to hit, it doesn’t mean that Mac users are more secure.

Some Apple employees discovered that first hand in February 2013 when their systems were inflected through flaws in a third-party plug-in. As security expert Charlie Miller said at the time, “The only thing that was making [a Mac system] safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it.”

Last year at their Worldwide Developers Conference, Apple announced its Mac install base had grown to 72 million machines. Though still a low percentage of system overall, if a majority of that installed base is not using anti-virus protection, it sounds like fertile ground for an attack.

So what can you do to protect your Mac?

Start with a greater awareness of how your system can be attacked from a technical and social standpoint.

  • Update OS X promptly. Any system vulnerabilities for which Apple has released fixes need to patched as soon as possible. Otherwise Apple’s security update notices simply become a menu for how the bad guys can attack your system. If you are still running an earlier version of OS X, consider upgrading to Maverick as it will protect you better than previous OS version.
  • Update or Eliminate third-party apps and plug-ins. Old versions of Java and Flash provide plenty of opportunities for malware infection. If you need them for programs you run or websites you visit, update them. If you don’t, remove them.In addition, unpatched applications like Microsoft Word 2008 can be susceptible to “boobytrapped” documents. Documents of this type were circulated amid allegations of abuse in Tibet, Syria and East Turkestan in the last year.
  • Be mindful of what you install or consent to. With human factors a major input point for Mac malware, you need to be smart about your actions.Think twice about opening email attachments, especially if the sender is unknown to you or is something a known sender would not normally do.
  • Know what you are actually clicking on in an email message or unusual web link.
  • Avoid peer-to-peer networking connections like “torrents” as they can often contain malware.
  • Add an anti-virus monitor. As in Windows installations, these are free tools like Sophos’ Antivirus for Mac  or avast! Free Antivirus or paid versions like ESET Cyber Security or Kaspersky Internet Security. An added benefit of many of these tools is the ability to detect Windows –based malware and avoid passing them on to others.

Those of you who have heard me speak before on security know this is the same advice I share with Windows PC users. Since Windows and Mac users live in the same world, it makes sense to take the same precautions.

Even if statistically, Mac users are less likely to be infected, the distinction fades pretty quickly the moment you become that statistic. Protect yourself from that moment.


Making Email Work Best in a Mobile World

The following was originally posted on the Shoreline Area News, March 7, 2014 as part of the Tech Talk series.

Email used to be simple. Connect, access your email and disconnect. However as more of my clients access email between their PC, and newly purchased smartphones and tablets, they are discovering that the email access methods that worked well for their single PC or Mac are no longer adequate. What do we need to do to adjust?

Let’s start with a little history of email access.


The “Dial-up” Days
For many users in the 80’s and early 90’s, “connect time” meant either inconveniently tying up a phone line or expensive per-minute charges. So, Email servers used a “store and forward approach” to make connection time more efficient.

You would load an email application to retrieve email and store it locally on your computer. Any replies or new communication would also be stored locally and then passed to the email server then the next dial-up connection was made.

The process was pretty efficient with an online connection lasting only the period of time necessary to retrieve new messages from the server and send your outgoing messages.

This process is not unlike how “snail mail” is delivered from or sent to your local post office. Given that, it’s not surprising that this method become known as the Post Office Protocol (POP). Technically, POP only handles received email. To send email, we use another protocol, SMTP (Simple Mail Transfer Protocol), a topic for another time.

The latest version, POP3, is a very simple retrieval method that downloads your mail, deleting it from the server. Virtually all Internet Service Providers (ISPs) and major email services like Google’s Gmail and Microsoft’s Hotmail/Outlook.com support POP email access.

The downside of POP today is that it is designed for a single computer to collect your email. A Harris/Teamview study in 2011 found that 63% of people surveyed “use at least two computing devices” a week. The chance of losing mail between two computing devices is irritatingly high.

While POP lets you leave a copy of email messages on the server for another device to collect, that lays the burden on you to manage a lot of duplicate mail.

Always Connected and On the Web

“Webmail” eliminated local storage of email and allowed multiple computers to access messages through their web browsers. Hotmail’s and Gmail’s email web sites became a major draw for users, competing for awhile on how much web storage of email they offered.

Today, Outlook.com offers 5 gigabytes (GB) of storage initially but provides for unlimited expansion. Gmail combines email storage with Google+ Photo on the 15 GB offered free through their Google Drive cloud service.

The popularity of webmail as a service has lead ISPs to offer it for their own email accounts. Unfortunately, using webmail requires you to stay online all the time, something not be possible on wireless-only tablets between Wi-Fi hotspots. Smartphones can still stay connected through cellular data plans, it can be an expensive proposition for plans with limits on data usage,. Also, webmail sites are challenged by the need to accommodate a wide range of screen sizes…and users are often challenged by the results!

The Online/Offline Mobile Experience

Today’s email access needs the flexibility of being offline periodically and still be able view email, while creating new mail that can sent while online or held for the next online opportunity. It also needs to accommodate different screen sizes and be able to synchronize changes with the email server that other devices can see emails previously read/written. The most common solution is to reach back into the past and use IMAP.

IMAP – Internet Message Access Protocol has been around nearly as long as POP but uses a model that duplicates the email found on the server and then synchronizes any additions or changes made. Since IMAP or its latest version, IMAP4, is just a protocol, you need a IMAP-aware email program installed to handle your local mail management. Fortunately, there are many free or low-cost programs to handle this task on virtually any desktop or mobile device.

While IMAP is well-supported by email service like Outlook.com, Yahoo, and Gmail, it is less common among Internet service providers. Earthlink and Frontier don’t provide support. Through Comcast doesn’t promote it, they do have a sign-up site to convert your account to IMAP.

Syncing with EAS

Microsoft Exchange and Outlook.com email users have another email alternative, EAS. Exchange Account Service is the protocol originally designed for mobile devices but is now also being used in desktop.

EAS allows these users to not only synchronize email but also calendar and contact information. Users of Office Outlook may not know the name of the protocol but they may be familiar with the “Outlook Connector. ” The Connector uses EAS to connect with the Microsoft email addresses like @hotmail.com.

Google used to also directly support their Gmail, Calendar, and Contacts through their EAS-based Google Sync service. That changed last year when they restricted usage to Google Apps for Business, Government, and Education customers.

Windows 8 and 8.1 shipped with the Mail, Calendar and People apps that make use of EAS to connect Microsoft domain users. If you have an outlook.com, msn.com, hotmail.com or live.com user account, it is automatically used as a Microsoft Account in Windows, connecting you not only to mail, contacts, and calendar items but backup your account settings, and other information.

Mix and Match Your Email Options

What you choose to use with your PCs, Macs and mobile devices can be pretty individual, especially for the major email services. For example, you might use IMAP in the Mac’s Mail program to access Google Gmail. For your iPad, you can choose either the built-in Mail program or the official Gmail app in the in App Store.

The mix ultimately depends on your email provider and the email access they support, the devices you intend to use, and the email applications you prefer to use.The nice thing is that once you make set up these choices, email across your computing devices can work remarkably well…and accessing your electronic can become “simple” again.


When Text Size Varies and Defaults Don’t Apply

The following was originally posted on the Shoreline Area News, March 1, 2014 as part of the Tech Talk series.

A couple of weeks ago, I started talking about how to make text and objects on your screens more visible and usable. It’s a step in my personal campaign to have technology work to our benefit instead of us having to accommodate small screens, tiny pointers, and hard-to-read text. The basic changes we covered help in many cases, but not all situations. While application developers are encouraged to accommodate changes in font size and other options in their programs, it has taken many years for this approach to become standard practice.

Applications Which Make Up Their Own Rules
iTunes, for example, is notable for not following the font sizes you chose in Windows or on the Mac. While going its own way gives iTunes a unique look, it can also challenge those trying to see its song lists and sidebar. Those items shown in their default size can be challenging on a high-resolution screen.

iTunes 11 provides a minimal solution to this problem. For the Mac you can go to Preferences under the iTunes Menu. On the PC, it is either the Edit Menu in the application or the app’s general menu (). Once in Preferences, you can go to the General tab and click the check box to “Use large text for list views.”

When in Doubt, Just Magnify Everything!

If that adjustment isn’t enough in iTunes or the application you are using doesn’t provide any font size adjustment, there is a still a “fall-back” option. You can use the magnification feature in the operating system to magnify the display.

For Apple Mac this is called “Zoom” that can be turned on in Accessibility settings In System Preferences. Microsoft chose to make its “Magnifier” a separate program in Windows that can be launched through an icon or keyboard shortcut. Both increase and decrease the screen magnification by using keyboard combinations.

Apple’s tablets and smartphones also have Zoom capability as well as their competitors, Android, and Windows Phone.

With the exception of Windows Magnifier, these magnification tools first need to be switched on in their respective Accessibility or “Ease of Access” settings before zooming controls will work.

Expanding Your Web Browsing Experience

While complete screen magnification can relieve most screen “squinting,” it isn’t always the best viewing experience. An expanded view means that you have to move around to see everything, especially on busy web pages to find information or click links.

Fortunately, most web browsers provide ways to magnify and reflow page text and images. This is a much nicer way to display web pages, especially pages.

On the PC side, Microsoft’s Internet Explorer, Google’s Chrome, and Mozilla’s Firefox web browsers all use Ctrl+Plus (∪) and Ctrl+Minus (‒) to expand or contract text on a web page. If you prefer to use the mouse’s wheel, you can perform the same actions while holding down the Ctrl key and moving the wheel back and forth. Touch systems with IE and Chrome can also use two fingers stretching apart to expand or pinching together to contract.

For Safari on the Mac, it’s a similar keyboard combination for expanding/contracting, Cmd+Plus and Cmd+Minus. In the more touch-oriented iPhone/iPhone works, the stretch/pinch technique works fine in Safari.

Fortunately, browsers on most other mobile devices running on Android and Windows Phone also use stretching and pinching to enlarge or reduce text size on web pages. It’s nice to see this level of conformity across web browsers.   Now we just have to get other application makers to follow suit.

Playing with Your Sizing Options

Do you have applications with hard-to-read text or images?  If the techniques I laid out in my last article on this topic don’t improve the situation, check the application’s preferences or display options for ways to control the size of these items. Failing that, you can try these tips to improve your experience and reduce the discomfort of accommodating your technology.


“We’ve noticed you have a virus on your computer…”

The following was originally posted on the Shoreline Area News, February 22, 2014 as part of the Tech Talk series.

This week I had intended to follow up with part 2 of my exploration of how to make your computer adjust better to your needs. However, as they say in the news media: We interrupt our regularly scheduled program for this important announcement:

IF YOU RECEIVE THE ABOVE MESSAGE UNSOLICATED FROM SOMEONE CLAIMING TO BE FROM MICROSOFT

 

HANG UP THE PHONE.

Seriously, hang up! They will be persistent and patient. They have been doing this for years. You will need to steel your nerves, abandon your usual phone etiquette and hang up without comment.

They were talking to my client a week ago when I showed up for our regular appointment. Relieved, she said to the caller, “You can explain all this to my computer specialist.”  They hung up the phone before I said “hello.”

 

The Sordid Truth
Have you guessed by now? She wasn’t called by anyone from Microsoft. That is because Microsoft never calls people out of blue to tell them they have an infected system.

It is and has been a scam going around since at least 2009. Microsoft does not send unsolicited emails either. What confused my client especially was this email:

From: Microsoft Corporation

Sent: Fri, Feb 14, 2014

To:

Subject: Microsoft Corporation

This is to let you know that your computer has been sending us some error notifications as its been filled with a lot of junk programs which are malfunctioning with your computer from DELL and it may crash your system at any point of time.

Hence, you got a call from one of our representative.

Thank You.

Regards,

MicrosoftCorporation.

I haven’t seen this wrinkle before. Normally these kinds of calls are more random. However this email is not from an official Microsoft support email address, contains grammatical errors and assumes that Microsoft’s error collection service (Windows Error Reporting) collects information that can be used to identify individual users.

 

How the Scam Works
The method is consistent. You are informed that Microsoft has received information that your system is infested with viruses or problematic software and the caller, identified as a support person from the Windows Technical Department Support Group / Microsoft Support / Windows Service Center or other appropriate-sounding name has been asked to help you.

Their actual goal is to collect more information from you, either by having you download remote access software so they can get into your computer or by having you share account or credit card information that they can use. If you stay on the phone with them but appear resistant, they will claim that “unless something is done soon, your computer will crash.”

Depending on the caller, they can become quite argumentative. During one of my calls, (I have had three), I explained that I used to work for Microsoft and knew they were a scam … and they still argued. As long as they have you on the phone, logic must be that you can be worn into submission.

We must getting a lot of these calls right now because A.G. Schneiderman, New York’s Attorney General, issued an consumer alert earlier in the week warning New Yorkers about the scam.

So Want Can You Do?
First, learn about this problem so when you receive the call, you can recognize the scam. Microsoft has information on this kind of scam and other common scams that use its name.

Second, know your computer and its current health so you won’t be vulnerable to this scam. Besides your regular anti-virus software, run a second malware scanner monthly or quarterly that uses a different engine and virus database to get a second opinion. Malwarebyes Free Edition, Kaspersky Security Scan and Trend Micro’s HouseCall are excellent free scanners for this purpose.

Third, spread the word about this problem to your friends and family. The chances of someone you know having this experience is high. Besides my client, two other immediate members of my family have had these calls.

Explain that if the scammer has gained access to the system, they should uninstall any remote software on the system added, run complete malware scans (See Step Two), and change any system passwords as well as passwords to financial or critical websites to avoid potential identity theft (more information). They can also file complaints with the FTC, and your state attorney general (WA state).

Fourth … when your turn comes and the “Microsoft” tech person calls for you … hang up!


Do you accommodate technology too much? Sizing up the options

The following was originally posted on the Shoreline Area News, February 15, 2014 as part of the Tech Talk series.

Cartoon - I'm fine!  This is just my computer face.
The tension is obvious. Head and neck pitched forward; shoulders hunched; brow furrowed, eyes squinting … all supporting the virtual manipulation of objects on a computer screen. I see it all the time, not just in client’s offices and home, but at internet-enabled cafes and in other public spaces. We work very hard to create, modify, read, and navigate our computers and mobile devices.

As a result, we develop CVS (Computer Vision Syndrome), a combination of headaches, eye and neck problems from staring fixedly at the screen. 90% of people who use a computer screen three hours or more are likely to experience these problems. Besides display-related problems, repetitive motions like typing and mouse clicking also take their toll in the form of Carpal Tunnel Syndrome and RSI (Repetitive Stress or Strain Injuries).

Most of the time of we work harder than we need to, accommodating how information is presented on the screen or how information is entered, instead of having the screen or software, or input devices accommodating us. It doesn’t have to be that way, because there are many ways to adjust existing settings to improve the experience.

Typical Icons sizes from 16x16 to 48x48 pixels

Making things easier to see

Most icons, mouse pointers, cursors, and text are too small to comfortably locate or understand at today’s high screen resolutions. Icons and pointers, for example are usually 16×16 or 32×32 pixels (picture elements). This was fine years ago on a 19” monitor with 1024×758 pixel resolution. However, a common scenario today is closer to a HD screen (1920×1080 pixels) on a 15” laptop. This reduces the relative size of these objects tremendously. Here are some ways your system can adjust this relative size.

Available Mouse Pointers in Windows 7


Change the size of your mouse pointer

Mac: On older Macs, go to Universal Access in System Preferences, choose Mouse and Trackpad. For newer Macs, locate Accessibility in System Preferences (or press Command-Option-F5, choosing Preferences) and select Display. In all cases, locate the cursor size slide control and adjust the slider to your desire pointer size.

Mac OSX Mountain Lion Accessibility Display Options

Windows: Choose one of the large or extra-large Schemes in the Pointer tab of Mouse Properties. In Windows 7 or earlier, you can quickly search for Mouse Properties by typing “mouse” directly in Control Panel (upper right-corner) or from the Start Menu. In Windows 8/8.1, use the Search charm to locate this Control Panel item.

Windows 7 Mouse Properties - Pointers


Change the pixel size or DPI (dots per inch) of your text and icons

Mac: Right-click on the Desktop and choose Show View Options from the menu. This will display a panel that lets you adjust both icons and text for the Desktop. There are also additional options for adjusting finder windows and applications.

Mac - Show View Option

Windows: Right-click on the Desktop and choose Screen resolution from the menu. Click on the link “Make text and other items larger or smaller.” The Control Page that displays will let you switch from the default of 100% to 125% or 150% (the last item only appearing on systems supporting at least 1200×900 pixels). You can also set a custom or larger size using the “set custom text size (DPI) link on the left side. For Windows 7 and later, this is consistent. The procedure changes for Windows Vista and Windows XP.

Maker Text Bigger - Windows 7

For Windows 8/8.1, these settings do not impact the new Windows 8 UI or apps. For those, go to Ease of Access in PC Settings at bottom of the Settings charm and turn on “Make everything on your screen bigger.” This option is disabled on displays less than 1024 pixels high.

Windows 8 - Ease of Access - Make everything on your screen bigger


Other sizing and accommodation alternatives

Of course, your web browser also has the ability to resize text on web page. We will explore some of those options next week.