Infectious Fax? No, It’s a Dangerous Download

Today’s mail includes a new variation of an existing scam. A simple message, apparently coming from your own email server, reporting the arrival of a fax message. Note that it’s all super-generic; the from address is fax@ (your email domain here), and the return address is (probably random) blopez27@ (your email domain here). The download link is through Google’s goo.gl link shortening service, but other domain shorteners are likely also in use–note the reference to Dropbox in the email–OOPS!

 

FakeFax-anon
 

Don’t Do What I Did–I Am A Professional

OK, I followed the link. it led to a ZIP file, and I downloaded it. Again, don’t try this at home.
Then I opened the file. It contains one file, ‘Document-2816409172.scr’. I did NOT open that file.

A fax would typically be an image file, probably PNG or TIF or JPG format. It will not be inside a ZIP, because ZIP files compress or bundle other files, and image files are already compressed as much as they can be, so zipping them makes them slightly larger–there’s no logical reason to zip a fax image.

An SCR file is a Windows screen saver, and it can contain scripting and program code. It’s potentially very dangerous.

So, for those of you who still use 20th-Century image transmission technology, er, faxes, be advised of these facts:

  • Email services won’t receive faxes for you.
  • Fax services are branded with the name of the service provider that you pay a monthly fee to, or on corporate networks, much more information than just the domain name from your email address.
  • If you haven’t paid for a fax phone number through a paid service, any fax that arrives is anything but a fax.

OK, all of this should be obvious, but if no one is falling for the scam, then why haven’t the senders moved on to the next evil idea?
 

Lightning Strike Season, or: Weather to Unplug Your Stuff For

Tropical Storm Arthur is on its way up the East Coast as I write this… I’ve already been asked, “Should I turn off my computers when the storm arrives?”
And the answer is: OFF isn’t good enough.

Lightning strike in Westminster, central Carroll County Maryland

 

Computers draw power when turned off, to keep the clock running. Notebooks pull power for battery charging, all the time. Monitors have fancy ‘soft switches’, which electronically sense a finger press. Pure mechanical switches will actually cut power, but most electronics don’t have them. The front switch on a tower is what we call a ‘momentary contact, single-pole’ switch–it just sends a signal to the mainboard to turn on or off, and doesn’t isolate anything. So turning off a computer isn’t enough. You have to disconnect it from power completely.

How? Quickest way is to flip the small rocker switch on the surge suppressor strip; that should take care of everything that connects to the computer at once. For notebooks, unplug the charger, it’s time to go cord-free.

Same thing applies to all electronics, not just computers. Anything that uses a remote control is connected to AC power, and turned on, at least at a low-power level–unplug it before the lightning reaches your area.

And finally: Remember to also unplug the network cable–half the lightning strike repairs I fix here in Maryland are from a lightning strike at the power pole carrying the Internet into the router, which continues into the network and burns out computers.

SSD Upgrade for your Notebook?

Slow notebook? A solid-state drive may be the best fix, and they are no longer expensive. And they improve battery runtime, too.

Computers are slow for many reasons:

  1. Malware, Adware, and PUPs taking up background cycles on work for their owners, not for you.
  2. Hard drive hasn’t been defragmented in, well, ever.
  3. Autostarts are cluttered with advertising crapware from the computer manufacturer, some as ads, some as phone-home junk.
  4. Not enough memory. Windows 7, 64-bit, requires 2 Gb of memory, and speeds up with 4 Gb. 32-bit installs can manage with 1 Gb, but still benefit from more memory. Windows 8.1 has similar needs.
  5. The antivirus is a suite product, with far too many autoplay entries, and it has taken over your notebook like the Borg on a mission. Switch to a non-suite AV.
  6. The installed hard drive is running at 5400 RPM. By comparison, most desktop drives run at 7200 RPM.

replace your hard drive with an SSD
Yes, this hard drive is technology from the 1970’s.

So, first, deal with any cleanups and updates needed. Then consider why a notebook should be running a storage device with spinning disks and motors, based on a cross between a photograph record and something akin to 8-track tapes and wire recorders. These spinning disks are technology from the early 1970s, known as Winchester Drives back then. Yes, they’re reliable if you don’t move them. But motors and moving parts don’t really work all that well in a travel notebook.

Why an SSD?

A solid state drive has no moving parts, just memory chips, and can survive a drop better than the notebook it’s installed in. A solid-state drive is many times faster than a spinning drive. An SSD uses less power than a hard drive, so battery runtime is significantly improved. All that is the good side.

And the bad side? Well, until recently, cost and reliability. As of now, solid-state drives are very reasonably-priced in the smaller sizes, up to 250 Gb, and that size works well for nearly all notebook owners. Reliability is approaching that of spinning hard drives, and many SSD’s have 5-year warranties, compared with 1 or 3-year warranties for mechanical hard drives, or drive warranties that match the notebook warranty on every drive installed by a notebook manufacturer. As always, use an external drive for backups, both as full-drive images and as uncompressed document files.

Yes, we’re installing SSD’s as upgrades to notebooks here at Science Translations, if you’re anywhere near Carroll County, Maryland, including Howard and Baltimore Counties. Call us at 410-871-2877, and we can tell you if it’s worthwhile for your notebook. We’ll ask for the computer model number, and how much space is used on the current drive, and can help find that information.

Windows XP support has ended at Microsoft. So What?

XP-Ends

On Patch Tuesday of this month, Microsoft sent the last batch of patches to Windows XP users. What does this mean?

First, the positive items:

  • XP Activation, needed for re-installing Windows XP, still works. I’ve done it since April 8th, and it is not a problem.
  • Existing patches still download, if they are from AFTER Service Pack 3 for Windows XP.
  • Service Pack 3 is still available for Windows XP.
  • Microsoft’s very basic antivirus, ‘Security Essentials’, will continue to function, with warnings, on Windows XP with Service Pack 3, but is no longer available to download on XP.
  • Many antivirus companies have announced that they will continue to provide protection for Windows XP.
  • Alternate browsers are available for Windows XP, including versions of Mozilla FireFox and Google Chrome.

Next, the negatives:

Wireless? Network? USB? How to choose your printer

Printer and printout

Looking for a printer for a home office? The low end of printers has changed, and how we use our computers has changed. How we connect to our computers should change, too.

There was a time when if you needed a printer, you bought it and hooked it up to the printer port. AKA the LPT1 port, the Centronics connector, or the DB25 cable end. All that is gone. The choices now are: USB, wireless, and network. Because all the printer companies are marketing geniuses, they manage to sell network printers for more than wireless printers. Keep in mind that a wireless printer is a network printer with a network radio added; they have more components than a network printer, and if not for economies of scale, would be expected to cost more than a network printer. They don’t, when compared to other printers of similar printing speed and options. And most wireless printers also have a wired network connection for an ethernet cable that will connect back to your router or network.

Can I share my printer?

Back a decade or so, if you wanted to share a printer among multiple computers, I would set up printer sharing from inside Windows. That lets you use a printer connected to some other computer. I don’t do that now, because 1) that host computer must be turned on, and 2) cross-platform printer sharing in Windows doesn’t work. Sharing between Windows 7 and XP is more broken than not, and sharing isn’t a good option when printing from non-Windows gadgets.

Don’t Search Online for Tech Support Phone Numbers

by Jerry Stern
CTO, PC410.com

A few of my customers have made the mistake of going to Google and searching, for example, for “HP tech phone”, and called the number that showed up. All of them recognized that the phone call was very, very odd, and hung up once the company at the far end remoted into their machines, blamed all problems on malware, and asked for $150 to $300 to clean it all up, and none of them were burnt.

What I’ve done is search for the phone number they dialed, in quotes, and each time, I found at least a dozen listings for a company with that phone number saying that they are the authorized tech support for a particular company, with a page for each of HP, Microsoft, Samsung, Sony, Brother, and so on and on. Or, to be more accurate, NONE of the above–it’s fraud.

So if you must search Google for tech support phone numbers, do it like this: “site:____company_domain__ tech support phone”

So for Microsoft, the search would be “site:microsoft.com tech support phone”
The results will bring up ONLY search results on the domain after “site:”, and not random fraud and paid placements.

Here’s what the Federal Trade Commission had to say about this on November 20th, but remember that they’ve only settled one case. The practice is still prevalent:


Tech Support Scheme Participant Settles FTC Charges

One of the defendants in an alleged tech support scheme has agreed to settle a Federal Trade Commission complaint against him and give up the money he made from the scheme.

Navin Pasari is a defendant in one of six complaints filed by the FTC in September 2012 as part of the Commission’s ongoing efforts to protect consumers from online scams. According to the complaint against Pasari and his co-defendants, the defendants placed ads with Google, which appeared when consumers searched for their computer company’s tech support telephone number. After getting consumers on the phone, the defendants’ telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The scammers then offered to rid the computer of the non-existent malware for fees ranging from $139 to $360.

The stipulated final order against Pasari imposes a $14,369 monetary judgment, which represents the total amount of money Pasari received in connection with the scam. The final order also requires him to divest his ownership interest in PCCare247 Inc., another defendant in the action, and transfer any proceeds he receives from the divestiture to the FTC.

In addition, the final order prohibits Pasari from opening or assisting with the opening of payment processing accounts for a company or other entity unless he personally supervises the accounts. The final order also prohibits Pasari from misrepresenting or assisting others in misrepresenting any information to consumers.

While the stipulated final order announced today resolves the FTC’s claims against Pasari, litigation continues against the remaining defendants in each of these actions.

The Commission vote approving the stipulated final order was 4-0. The U.S. District Court for the Southern District of New York entered the judgment on Nov. 12, 2013.