Category Archives: Newsletter Reprints

Taming Windows 10: Shrink that Massive Start Menu

Newsletter Reprints, ,

A reprint from the PC410 Security Newsletter:

As in most versions of Windows, the Windows 10 Start menu is ignored by most users. It’s usable if it isn’t enormous, but by default, it’s showing far too many apps and advertisements to be useful, and they’re in no order, and include advertising for apps with “in-game purchases”, like CandyCrush. You can drag the icon blocks to any position or order you like, and they’ll dock. But first, delete the blocks you won’t use, by right-clicking on each, and choosing “Unpin from Start”. If you remove enough blocks, the scrollbar will disappear. You can also turn off internet content on items like News, Finance, or Twitter: Right-click any of these blocks, and choose “More >” and then “Turn live tile off”. For any tiles you keep, you can change the size, choose “Resize >” and select an option.

Windows 10 Start Menu
Reminder: Removing these icon blocks does not uninstall the matching apps. To do that, click the start icon, go to the Settings app (the gear), System, Apps & features. This includes both desktop software and so-called ‘modern’ apps. The usual caution applies: There are hardware drivers in that list–lookup anything you don’t recognize before removing it.

Windows 10 Start menu Options

There are also settings to keep Windows from adding more tiles and ads to the Start menu. Go to Settings, Personalization, Start. Turn off “Occasionally show suggestions in Start”. You might also want to turn off “Show recently added apps”. These settings are not available in every version of Windows 10.

Clocks are Changing: Test Your Backups

Newsletter Reprints

2017 Spring Clocks Change March 12th

It’s Time to Test Backups

It’s that time of year again. When the clocks change, it’s time for safety checks, prevention updates, and disaster-recovery planning. Time to update exit plans, check smoke detectors, and test computer backups. Oh, and move your clocks one hour forward on the morning of Sunday, March 12th, 2017.

Computer backups need special attention; businesses that lose their business data tend to fail within two years. Paper trails can be useful for recreating records, but they’re rarely complete, and never in one place, or organized well enough for temp employees to re-enter them.

So planning for a data disaster can reduce risks. Here are the basics:

Twice a year, Test Your Backups

An un-tested backup is like Schrodinger’s Cat. It’s either there, or half-there, or gone hunting, and you don’t know which. Twice a year, restore files as a test. On every good backup system, you can restore a few files individually. For cloud backups, log into the account, and try to restore a version of an important file from a previous week. That’s a fair test; half the restore help calls I receive are looking to restore the previous version of a file that was accidentally over-written.

Try the same test for local data backups. For these, depending on the software, you may need to log into the software first, but for all of them, the steps are to explore the backups, find the file and copy it to a new folder for examination.

Next, Audit your Office Documents

Many offices are very good about backing up their client documents, but not particularly thorough about backing up what they would need to re-build their office after a loss. Make sure that all this information is available inside your off-site backups, so that it will be there if your office is damaged somehow:

  • Insurance contacts and policy numbers
  • Photographs of each room and wall of your office, closeups of model/serial numbers where needed.
  • Contracts, leases, and other business documents, scanned.
  • Office equipment lists, with model number, serial numbers, installation dates
  • Computer equipment lists.
  • Software license numbers and software login user names and passwords.
  • Installation software backups, either as an extra set of DVDs kept offsite, or ‘ISO’ copies of important software stored on your cloud backup system.
  • Logins for cloud services and online software accounts.
  • Finally, backup your passwords.

Preparation for an emergency includes other systems as well: The worst time to find our your uninterruptible power supplies are dead is the morning after an outage. The batteries mostly last three years; I suggest testing the units twice a year. Keep a log of the tests, showing how many minutes are available; the equipment plugged in will change the available run-time.

Backup drives age; replace them every five years, or when the computers backed up on them require more space to keep multiple sets of backups. For most offices, plan on half a terabyte of backup space per computer–that’s enough for three monthly system backups, and several weeks of data backups. Exception: Offices that scan a lot, or use photographs as part of their record-keeping, will need to scale up their backup capacity based on recent usage.

Redundancy & Duplication

Multiple weeks of data backups and system backups, plus all the information needed to recreate an office from scratch is a lot of information, and a lot of overlapped backups. These should never all be needed, of course. But you never know what type of emergency you could be recovering from.

  • A fire can damage drives that aren’t connected to power.
  • Ransomware can encrypt all your data.
  • A lightning strike and power surge can fry one random network box, or blow wires out of the wall.
  • Burglars take random stuff, including backup drives.
  • Floods happen, from storms, and from plumbing failures.

There’s no one plan that covers every scenario. There’s that Black Swan model again; we plan for the disasters we know about with specific steps, but for the totally-unpredictable combination of events, that Black Swan, we plan by having overlap in backups, and plans in place for multiple types of recovery.

Should you Unsubscribe from SPAM?

Definitions, Newsletter Reprints, , ,

A reprint from the PC410 Security Newsletter:

Sometimes, yes. Sometimes, no. Here’s how to tell the difference, and why.

First, definitions: SPAM is unsolicited, untargeted email, generally selling something. It’s named after an old Monty Python’s Flying Circus sketch that featured a restaurant with vikings that repeatedly burst into song, singing about Spam, the meat product. They’re still doing it here:

There’s also HAM, which is targeted commercial email, or email that is pointed at someone who is a possible purchaser. A lot of this is completely legitimate, difficult to filter out, and safe to unsubscribe from. Most junk mail that gets past spam filters is ham, and much of the ham can be removed from your daily email.

Don’t Try to Unsubscribe from Everything

If the sender’s email in a spam is an address that has nothing to do with the product, it was probably sent out from a BotFarm of infected computers using stolen email services. Any reply to that just goes to the email server used by the infected computer. Don’t send replies; the owners of those systems have enough problems already–thousands of bounces and “I’m out of the office until…” messages are already clogging their systems. And don’t click any unsubscribe links in those messages, either; they’re either confirming that you read the message, so they can send more spam, or they will go nowhere. Just delete these messages.

If the sender is an actual company that you’ve done business with, and the unsubscribe link is to their own web address, or to a known good newsletter company, yes, click the link and unsubscribe. The best-known newsletter companies are Constant Contact, MailChimp, and MadMimi, and they take spam very seriously, and will honor your unsubscribe requests.

Some of the worst offenders are retail stores, and these are safe to try and unsubscribe from, but unless they’re using a service, their actual removal process may take weeks, or may not actually succeed. Resorting to a phone call is unlikely to work; contact your email provider for a block if the volume of HAM from any one company is annoying.

And a reminder: Float the mouse over a link, without clicking, and the destination should appear at the bottom of the screen. If it’s not going where you expect it should, it’s either evil, or it was sent by someone who doesn’t care about security. Just delete it and move on.