Software and Tools - Social

A large part of people being online is the various 'social' applications.  For myself the major ones I use is Twitter and Facebook.  There are others, but, the basics I will cover here should be applicable to the other sites/applications.  I use Twitter mainly to quickly comment and notify about various events and information that I find of use.  I have the account linked to my Facebook so that my friends and family can get the information at the same time.  I like Twitter as it is small enough for my low end smart phone to run without a problem.  Facebook to be blunt, is a pig on resources and when I did have it running on my phone it would take 5-10 seconds at times to do a simple action like posting an update.  Facebook runs well on my tablet and my laptop and that is the main way I socialize electronically with friends and family.  I use both to supplement my contacting friends and family and it does not replace face-2-face.  I like them both as I can quickly set up photo albums of events and quickly share them for those who could not make it to the event.

One of the first things you should do when joining is to read the terms and service.  I know they are extremely long, boring and full of legalese, but, you should be aware of the basics just-in-case there is a problem in the future.

Settings

Next up is to check the settings, especially the privacy settings to make sure you share only what you are comfortable with and turn off the rest.

Facebook Android Client Settings

Facebook Android Client Privacy Settings

Twitter Android Client Settings

Twitter Windows 10 Client Settings

Facebook Windows 10 Client Settings

As you can see above the applications have a similar look-and-feel and the web browser rendering looks very similar.  Take 15-30 minutes and navigate through the various settings and read up on what they do and then set your account to what you want people to know about you and the marketing firms gets to see.

Once you are set up then you can think about what to post.  What ever you post always assume that your employer can see all your postings so exercise some prudence on what you post!  You may have your account locked down so that only friends and family can see what you put up, but, if they re-post or share and they don't exercise good judgement on their privacy settings they can expose what you put up.  I have seen people put up photos of events that to put it kindly was less than a positive image they wanted to project socially and professionally.  When in doubt ask yourself - what would mom think if she sees it?

Security

On the security side of things be careful on what links you click, especially in Facebook.  I have noticed a large increase in what is claimed to be news (or at least what people want to you think is news), but, is at best clickbait or trolling and at worst a link to sites that may contain scripts that can infect your machine.  Best thing I can say is to exercise caution with links to news.  If the articles come from friends and family still exercise caution, but, if it is a promoted article then be very suspicious.  Most of the clickbait sites are there to make money by showing you a lot of ads and the content at best is misleading.  For the fake news sites they tend to show to people articles written in a way to inflame them (or troll them).  Personally when I get unsolicited 'ads' I click the drop down and pick the option telling Twitter/Facebook that they are not interesting.  Before I re-post a tweet or a Facebook news story I check out the article and review it.  If it is clickbait, inflammatory or misleading I just ignore it and not give them additional views by re-posting.

When I am done with my session in Twitter and/or Facebook I log out of the account.  It is a bit of a pain, but, if for some reason some gets access to my phone, tablet of PC they don't get easy access to my accounts.  When I leave the machine I also lock it!  It takes only a few seconds to unlock the machine and then log back in, but, if someone gets access to that device they can destroy my account and credibility in a few seconds.

Another thing I strongly recommend is a good anti-virus package.  It may not stop 100% of the nasty virus/Trojans out there, but, it is another layer of defense to make it harder to get access to your device.  You can read my short blog on this topic to give you an idea of what is out there.

Adding friends/family/businesses

One of the other things I am very careful of is adding people to Twitter or Facebook when I get a request.  It does not matter who it is doing the request!  All friends/family get vetted as to who they are before I add them.  I have received requests from people claiming to be a friend or family, but, when I check with the person directly I find out they didn't make the request.  When that happens I have the friend or family member report it to Twitter or Facebook and I do the same.  On Twitter I regularly get requests to add people and I  review them very carefully before I add them.  For a while the requests were from very questionable accounts and the content and images were not the type I wanted associated with my account.  In the past several months I think Twitter has gotten better nuking the accounts quickly as it is a very rare event when I get such a questionable request.  Every couple of weeks I review who I have linked to and those who link to me and verify that the accounts are still legit and the content is what I want associated with me.  I have found that some Twitter accounts looks legit for a month or two and then the true nature shows itself.

Images

On uploading images I try to be careful of what is uploaded, especially when someone tells me they don't want a particular photo posted.  I also resize the image to around 1024x768 or 2048x1536.  Not everyone has high speed internet and at those resolutions the image is still good enough and is small enough for them to download quickly.  I keep the originals on my machine so if they want the original image I can send them that when requested.

Backups:

Twitter does have the ability to backup your posts.  The link on how to do that is here.  Facebook has a similar facility and the link on how to do that is here.  I strongly recommend that you do this now and then.  If for any reason you lose access to your account you have a backup.  When you backup your accounts you may also want to think about how to backup your phone/tablet/PC at the same time.  Machines do fail and I remember a person calling me to see if I restore their hard drive.  They had thousands of images and a lot of the pictures of their children when they were small was on the failed drive and they had NO backups.  I couldn't restore a lot of images, but, I could restore several thousand images.  They now have an external USB drive they backup their files to on a semi-regular basis now.  External USB hard drives are fairly inexpensive and capacities are in the multi-terabyte range now. 

Software and Tools - Antivirus

The next thing on the list of things to do is a good antivirus package after you install your favourite browser and before you start serious web surfing.  Again, this is a personal preference and it all depends on what you want, need and are willing to pay for.  There are those who say it is all snake oil and useless.  They are welcome to their opinion and in my not so humble opinion it is needed.  It is another level of defense for you that will stop the known nasty software out there.  Why make it easy for hackers to take over your system and use your bandwidth to take down sites, steal your identity?  Will it be 100% effective, maybe not, but if they want to get into my system they will need to work on it and not have an open door.

There are a number of sites that do reviews and I have a list five sites I know.  There are a lot more, but, I don't know them, their methodology and if they got paid to do the reviews. 

• AV Test org
• Consumer Affairs
• PC Advisor
• PC MAG 
• PC World

For myself I was looking for an package that works in

• Windows (I still have a machine left running Windows 10)
• Android for our tablets via the Google Play store.
• Android phone.  This is a low end model with limited resources.
• Linux.

I found one common package that works very well in Windows and Android, but, right now my distro does not offer the Linux version of that product.  It does not slow down my machines, especially the low end phone and did catch crap that tried to get installed when someone sent me an email.  Avast works well enough, has a free version that does most of what I want and need.  The version does show ads, but, they are small and unobtrusive for me and don't slow my systems down.  For Linux I am looking at ClamAV as that is available in the distro of Linux I am using.  UBUNTU community has a good small page of various packages you can check out.

The Android screens looks like the following:

The Windows screens looks like the following:

Please remember, just because you are running an antivirus program you can surf wherever you want, click on anything, install anything and open questionable emails.  Nothing is 100% and safe surfing and email practices are required.  Antivirus software just gives you another level of defense.  You also should be keeping your software up to date and making regular backups (a future blog).

Software, tools and repositories

This will be a multi-part blog covering:

• What software I use in Android, Windows and Linux;
• Social Media
• Email
• Anti-virus
• Cleanup
• Backup
• Web
• Graphics
• Office
• Where I go for that software and where do I don't go;

It isn't all inclusive, but, it may give you an idea of where to go, what to do and what NOT to do.

I will start off with where I go for the software.  For Android, Windows and Linux I always go to official repositories or the play stores for the O/S (Android & Windows).  I avoid third party sites as I don't know where they get the software from and just how legit and safe it is.  I know there are good sites, but, I am paranoid on what I install.

Android

Pick your category or do a search

I NEVER use unknown sources.

Windows 10

For O/S I use Update

Check for updates and then install

Windows store, I have a lot of updates

For new stuff you can scroll through it, or search

Linux

Synaptic is how I update Linux

Nothing fancy, no special tools.  I use what is built in to each system.  The one thing I do for all is regular updates.  Windows 10 I don't have a lot of options for the O/S, that is forced on me.  For Android and Linux I pick what to update and when.  For all three I manually review the apps I have installed to see if I really want to install them.  For too many of them they just say 'Speed and stability improvements' and that really pisses me off as I have been a developer for over 34 years and EVERY release I did had a high level description on what was changed and why.  You don't need to get fancy, but, in a few hundred words you can put in enough info to say why we should upgrade.

For Android and Windows I keep my A-V running and up-to-date.  If any package tells me to turn it off as it interferes with the install or update I dump the package ASAP.  If you can't install with the A-V running that sets off red flags for me.  For Android I also review the permissions.  Too many packages asks for rights that they don't need.  I have had games that ask to see my contact list, phone and a few other things I don't think they have the right too and I end up not installing.

For all software I don't mind if it is ad-supported, I understand you need to make money, but, please don't show the full screen ads or show ads every few minutes forcing me to watch before I can continue.  Each app that does that gets nuked from orbit as there are other apps that I can use and don't spam me.  As an example, last week I removed an Android app.  It was opening a lot (over 12) Firefox tabs and going to a group of sites with a common high level URL.  I don't know if it was mal-adware, or, they got greedy and tried to max out advertising revenue, but, it got nuked from orbit and I will install a similar app (local weather FYI).  Before that happened they had a nice ad running along the bottom and was well behaved.  Upside is AVAST didn't find a virus so I think I dodged a bullet there.


For Windows not all apps are in the windows store.  For those I go direct to the software developers and download from there.  I don't go to many aggregators as I had a bad experience with one (CNET I am looking at you for that) and it messed up my Windows 7 systems so badly with spyware I had to rebuild TWO laptops from their original install CDs.  I am fairly proficient when it comes to operating systems, tools and such, but, it was telling me I didn't have the admin rights to remove it and when I did get tools to remove it there were so many hooks elsewhere that it re-installed itself.  If you go to a third party for software, be careful, be VERY careful as even an experienced user got burned badly.  This is why I tell everyone not to use third party software sites.

Possible ad-malware attempt

For the last several days my Android tablet was opening windows at random.  At first I thought it was me, but, yesterday the following happened and the tablet was sitting on the table untouched:

• Multiple search windows open;
• Over 12 tabs opened in the browser going to a number of sites with the same prefix.  I won't name it as I don't want them to get the ad revenue;
• My BANKING app was opened up.  I don't have auto-sign-in there so no damage done.  I checked the bank account from my Linux machine and no activity to my account (yay!);
• Multiple apps opened up.  Again these had ads so I suspect they were trying to maximize their ad revenues.  Either that or they wanted someone to pay a lot of ad money for spam clicks;

I know what the last app I installed so I suspected that app as they are ad supported.  After I removed the app and let the machine sit for 24 hours I had no more random windows opened so I may have guessed correctly.

I also run AVAST on the machine and I scanned everything and it was clean.  I know if it is very new the scanner may not detect it, but, I wanted to make as sure as possible I wasn't infected with a known virus.

I also sent Google a feedback that the app may have ad-malware and see if there is anything that they could see and do.  May not be much, but, at least I wanted to make them aware of the issue.

My guess for next gen malware encryption

I am going to make a bet that the next generation of file encryption malware is going to be a lost nastier.  Your best defence is:

• Backups.  Keep multiple backups and not connected to any network after your backups are done.  Don't just do backups, test them!  Too many times someone approaches me saying they need help as they tried to restore files from backups and they don't work;
• Up-to-date software.  When patches comes out for your operating system and applications install them ASAP.  Most of the time those patches are due to holes and the hackers are already using them.  It does not matter what O/S you use, Windows, Linux, OS/X all need to be up-to-date;
• Home routers.  Keep them up-to-date also.  Sometimes your ISP will patch their routers, ASK them to keep their hardware up-to-date;
• Good anti-virus software and keep them up-to-date;
• Do and not opening up attachments from emails that you didn't ask for is also a good step;
• Good web surfing habits.  Sometimes a site will pop-up 'You need to update or install this program to view'.  Don't trust any site doing this.  Most of the time it is for Flash and people think 'Oh, I am out-of-date again' and click install.  NEVER DO THAT, go directly to the source of the program and check.  If it is out-of-date install from the maker directly and not from a web site.

Unfortunately the writers of these nasty programs won't stop there.  They have been using ad-malware and then getting into legit sites serving ads and try to infect you when you view their "ads" and try to bypass asking your permission to install.

Right now when your system is infected and your files are encrypted some people recommended to turn back the system clock so time does not expire. Right now that works, but, I suspect not for very long.  The writers of these programs know that "trick" and I suspect they are working on how to counter that.  I see them saving the system clock information and the network time information at time of infection.  With that they know exactly when they installed on your system.  They also can determine the basic time differential between your system and the network.  If they then compare that information the next time it runs the program may just nuke your files if the date on system clock is less than their time-stamp.  Also, if they are really nasty they will also nuke the files if they cannot make a connection to the network to verify the time.  When they can make a connection they will use the time differential to see if you played with the system clock.  I would also be willing to bet that they will advertise what they did and why so that fact will spread around that playing with your system clock or unplugging from the network will nuke your files.  I don't know if (or when) that will happen, but, it will make your backups much more important as the only way to restore your system is to do a total wipe and restore.

Why do I use ad blockers?

In this blog I will try to explain why I am using ad blocking software.  To quickly summarize use ad blocking software for four simple reasons.

1. I have a bandwidth limit and when I exceed it I pay for every byte sent/received.
2. A number of devices I use are older and slower and most ads will bring them to a complete stop.
3. Ads have now been used to target us with malware.
4. Cookies and other tools are being used to peel back what little privacy we have on-line to track us everywhere and try to target us with 'relevant' ads based on where we go.

For a number of years I have been using ad block software.  Publishers for years also have been complaining that we are stealing.  Frankly that is BULLSHIT, publishers you have been hogging my bandwidth that I pay for when you spew ads at me and try to track every move I make on-line.  I monitored a few sites and 80% of what is sent to me are scripts and images for ads and tracking companies!  That is just the scripts, I wasn't even counting the images and flash pages they were sending.  Since I am the one paying for the bandwidth I want to make sure I get what I pay for.  For the good sites with ads that are tasteful, unobtrusive and doesn't suck up every spare CPU cycle I white-list and allow the ads.  The rest I give them a try now and then and if I find them to be resource hogs I black-list again.

Some will say it isn't that bad, well in my not so humble opinion it is.  I have a number of devices and for all of them I must use ad blocking software or when I go to a site in the browser a number of my devices will stop for minutes at a time while it is trying to render that page and serve ads.  The three devices where I must use ad blocking or they are almost unusable are:

1.  Huawei cell phone.  I use this now and then when i am out shopping.  While resting I may surf Twitter, Facebook and email if the mall has free WI-FI.  Now and then something may catch my eye on-line and I click the link to see more about it. Without ad blockers the browser will take minutes to render a page (looking at you CNN, ABC, CTV and CBC).  At times I just close the window due the scripts running if I don't use ad blockers.
2. Google Nexus 7 tablet.  This is now retired, but, I used it in a similar manner to my cell phone when traveling.  At home it was my main tool for using Twitter, Facebook, blogging and email.  Like the phone I am forced to use ad blockers or even that machine will slow down to a near stop.
3. Acer Aspire Net-book.  This is a more robust machine, albeit a low end laptop.  I upgraded the system to 2 gigs of memory, but, everything else is stock.  Before I moved to Linux I was running Windows 7 then Windows 10.  Like the two  devices before I do run ad blockers.  It isn't as bad as those devices, but, it would take up to a minute for some sites to render a page and I watched the CPU usage hit 100% (I like using GKRELLM to see what my system is doing).  I also modified my HOSTS file to kill a lot of ads and trackers.  

I have two more devices that are more modern and higher powered and even there I use ad blockers as even they have problems at times rendering pages with ads.

1. Samsung Galaxy Tab A.  An android device and works quite well.  Samsung's site is also up-front on their use of cookies!  The browser has an ad blocker.  I can't modify the HOST file as I have not rooted the device.
2. Dell Inspiron 15 7000 Series.  A high end laptop with Windows 10.  Even here I have to use a HOST file and ad blockers as some sites are so bloated they take up to 30 seconds to render.

Now I can hear web sites saying we need the ad revenue to stay in business.  Some have even gone as far as to run scripts to scan for ad blockers and then block their site until we turn off our blockers.  For those companies who actively block me when I run ad blockers I just go elsewhere and a good site gets my 'business' and you get absolutely $0.00 in ads from my visit.

1. When you use third party ad companies to present ads on your behalf you are trusting them to ensure their sites show us legit ads.  Well check out the links here and here for malware issues.  Why should I open up my machine to malware served by YOU?  You can claim that it is the ad company, but, you picked them, you trusted them, you are taking their money for presenting those ads and in my not so humble opinion the buck stops at your desk!
2. Your advertising partners are doing their best to track everything I read and where I go in order to 'serve' me more 'relevant' ads.  Relevant in whose opinion?  When I read an article on diabetes does not mean I want to get flooded with targeted ads on blood meters and related items.
3. I do unblock the good sites.  I understand their need to make money and the ads they serve are good and don't hog my bandwidth or system.  They also respect my privacy and try their best not to track my behavior.

The latest beef I have about ad blockers is that some of them are now white-listing sites and taking the choice out of my hands for what sites can present me ads.  Well that cost them a loyal user as I dropped them from EVERY browser in EVERY device in my house.  When it comes to ads and sites I am the final arbiter and no one else!

For users I have a few things for you to think about.

1. If you are technically inclined check out using a HOST file.  You can then pick the more annoying sites to block. 
2. Virus scanner software.  There are a lot of good ones and many are fairly inexpensive.  Personally I use AVAST as it is cross platform (Windows, Mac and Android), inexpensive, doesn't hog system resources and it just works.  
3. An up-to-date Browser.  This is important and the latest versions have bug fixes to minimize exploits.
4. Ad blocking software that allows you to white-list sites.  You can then tailor your blocking and allow sites that respects you to be able to serve ads and allow them to stay in business.  For me I like UBlock origin and Flashblock.  They work in Windows, Android and Linux for my Firefox browser.

An example white-list from UBlock origin (hmmm, seems like there is only one site there, probably because I don't want to advertise who I white-list).

White-list options, Slashdot is one of the GOOD sites I allow ads.  I hid the others.

Huawei Android phone crashes on Contacts

For a few months my phone would crash when I tried to dial out or open up my contacts.  I had to try anywhere from 3 to 10 times before the operation would work.  It took me a while to figure out what the problem was, but, once I made a small change the crashes went away.

Being a paranoid person I put on an anti-virus package on my phone and tablet (along with my wife's tablet).  The installation of AVAST itself was easy as it is in the Google Play Store.  It is a product I used first on our windows machines and it works quite well and does not hog a lot of system resources (especially on my older netbook).  AVAST works very well for us and we have not had a problem.  As I was digging I noticed that it scans files with 'File Shield'.  A light went off as I realized that AVAST was locking the file(s) contacts needed to scan the file when I tried to open either the phone or contacts list.  I turned off the File Shield, ignored the whining about a shield being off and tried opening up the phone dialer.  To my relief the dailer worked and the next thing I did was open contacts and it opened up without crashing.  I did a shutdown and reboot of the phone and did the same two things and it works.  For the last few weeks the machine has been stable.

If you have a problem with the phone crashing on the dialer or contact list and you are using AVAST (or any other a-v product that scans all files when accessed) you may want to look at shutting down that functionality, or, if possible put an exception to the phone/contact applications.

Some tools for securing & cleaning your Windows machine

This is not a fancy or pretty article, but, functional.  The following are various tools I use to help secure and clean computers.  This is a list of links I keep on my Google Tablet for when I visit and I can quickly download and install software.  The Windows Defender offline I install on to two USB sticks (32 bit and 64 bit versions).  The rest of the utilities I download and then copy to a USB stick just in case the person does not have a working internet connection.

Autoruns for windows
Technet.Microsoft.com/en-ca/sysinternals

AVAST:

www.avast.com

CCLEANER:
www.piriform.com

Chrome (note this installs only and no download):
www.google.com/Chrome

chrome://extensions
chrome://plugins

Firefox:
www.mozilla.org

To reset all and lose everything:
about:support and click Reset Firefox

safe mode: firefox.exe -safe-mode

Malwarebytes:
www.malwarebytes.org

SlimWare Utilities:

www.slimwareutilities.com

SPYBOT Search and Destroy:
www.safer-networking.org/private

SUPERAntiSpyware:
superantispyware.com

Window defender offline
Windows.Microsoft.com/en-CA/what-is-windows-defender-offline