When Free Doesn’t Mean Free

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

Remember the good old days when the “free” in freeware meant exactly that?

I started writing about freeware back in the days when Clif Sipe (aka Clif Notes) and Ian (Gizmo) Richards were pretty much the freeware gurus. Those were the halcyon days when innovation was rife and there was always some new and exciting freeware to write about and discuss. When good old Spybot Search & Destroy was pretty much the only antimalware – long before anyone had even heard of Malwarebytes Anti-Malware – and the awful Adobe Acrobat was the ubiquitous PDF reader.

I still vividly recall when Ian Richards first wrote about a new program called “Sandboxie” back in 2004. Sandboxie intrigued me no end and I thought it was the greatest thing since sliced bread… still do. However, back in those days, the concept of an “isolated virtual environment” was pretty much unheard of and trying to explain it, even to experienced users, was no easy chore. Alas, Gizmo’s original Freeware Newsletter is no more and Clif Sipe has long retired to a well-deserved easier life.

Fast forward to today and the freeware scene has changed dramatically. Not only has just about every avenue for freeware innovation been well and truly covered, creating a scarcity of material for freeware writers, but the entire concept of “free” has also taken on a whole new meaning.

Today, it seems very little is actually free and there is usually some sort of trade off involved  –  limited features, upgrade nag screens, download wrappers, advertising modules, bundled PUPs, toolbars, etc. Writing a freeware review today is as much about the potential safety and bundling issues as the actual program. While I can’t blame developers for seizing the opportunity to monetize all the work involved with developing and maintaining their software, I do wish they would be totally transparent about it, plus perhaps consider a system of opt-in rather than opt-out.

The trend has become so prevalent that it has actually spawned a whole new category of freeware tools – such as Unchecky and  AdwCleaner –  which are specifically designed to help users deal with bundling and PUPs (Potentially Unwanted Programs). A pretty scary indication of just how predominant this practice has become. Even the once pristine Open Source software has been sullied by SourceForge’s flirtation with DevShare, an adware supported download wrapper which was eventually discontinued after SourceForge changed hands in 2016.

There are still developers who remain true to the original spirit of freeware of course. Nir Sofer and his excellent collection of free portable NirSoft tools and utilities readily spring to mind. Unfortunately though, true unadulterated freeware is fast becoming as scarce as rocking horse manure and, sadly, today’s users need to approach all so-called freeware with a heightened sense of “let the downloader beware”.

Breaches, Hacks, and Lessons to be Learned

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

Seems every new day brings news of yet another database breach or two. There was a time when I followed news of these hacks and breaches with interest but they are now so frequent that, unless one is personally involved, it has all become rather mundane.

However, the whole situation begs a couple of important questions and, at the same time, re-enforces the critical nature of how we choose and manage our passwords.

Important Questions

1) Why are companies/site owners not treating users’ data with the utmost care?

I don’t know about you but I am fed up with the lax way in which companies and site owners treat sensitive data which is entrusted to their care.

In today’s internet world, database breaches are a matter of fact yet site owners continue protecting sensitive data using outdated and weak security protocols. Only just recently a new breach came to light involving 40 million passwords extracted from over 1000 sites associated with a Canadian company called VerticalScope. What security protocol did the sites employ to hash and encode users’ passwords… MD5… a known weak and insufficient algorithm.

2) When will governments legislate to ensure that companies/site owners are accountable?

Surely it is incumbent upon these companies/site owners to protect their patrons’ data with the best and most effective security protocols available. However, as many (if not most) seem apathetic to this most basic of duties, then perhaps it’s time for legislators to consider introducing serious punitive measures for  those who fail to do so.

By the way: in response to news of the breach mentioned earlier, VerticalScope’s vice president of corporate development Jerry Orban was quoted as saying:

“We are reviewing our security policies and practices and implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”

How many times have we heard that pathetic  response – I believe it’s commonly referred to as shutting the stable door after the horse has bolted. Message to site owners: perhaps these steps might be better implemented before a breach rather than after.  Duh!

Lessons to be Learned

How many times have you read the following advice regarding passwords:

· Choose strong passwords and use a different password for each log-in/account.

· Change passwords for critical accounts, such as banking,  PayPal, etc., frequently.

· If two-factor authentication is available, use it!

If there’s one lesson to be learned from all these breaches and hacks it is the absolute need to follow these basic principles. Remember, if you use weak passwords and/or the same password across multiple accounts, if one account is hacked all the rest are at serious risk.

Too many people just glide along ignoring the dangers until it actually happens to them, however, this is surely a lesson better learned from other people’s mistakes rather than from our own.

Technology – That Was Then, This is Now

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

I was just sitting and thinking the other day – you probably heard the strange ticking noises – about how far PC technology has advanced over the past few decades. I’m getting a bit long in the tooth now so these moments of nostalgia are not uncommon.

A computer of some kind or another has been a part of my life for so long and I marvel at the differences between what we thought was the bees knees 30 odd years ago to what we expect today.

I started off circa 1980 with a TRS-80 purchased from Tandy, this was a very basic machine compared to today’s PCs but at that time it was considered pretty cool. Programs came on pre-recorded tapes which were loaded via a connected tape player. They were very volume sensitive with each program requiring its own optimum volume level and users had to keep a list of what programs loaded best at what volume setting. I taught myself Basic language during that time and used to amuse the kids with little programs I’d write especially for them.

Next, I moved on through the Commodore series of computers, starting off with a good old Commodore 64 and eventually to an Amiga 500 and 600. When it came to playing games, these machines were incomparable in their day. I still have a working Amiga 500 and 600 stored away in the garage but, unfortunately, the floppies and software have long fallen victim to far too many house moves.

I can’t even recall the exact specs of my first Windows PC but I do remember they were far from spectacular. Those were the days when 20GB hard drives and 256MB RAM were pretty much the norm. I do, however, still remember the specs, if not the model number, of my first Windows XP machine purchased from Dell some 14 years ago which came with an 80GB hard drive, Pentium 4 CPU, and 512MB RAM – pretty good specs at that time but laughable by today’s standards.

I’ll tell you something; XP sure taught me a lot about computers and the Windows operating system. I think I spent most of that initial year or so with XP on Google looking up how to fix this and that. XP really was a horrible operating system when it was first released, regularly BSODing all over the place. A decade and 3 service packs later, of course, XP had matured into a pretty good OS, but people tend to forget about those formative years.

Following the Dell’s untimely demise, I built my first custom machine. This was during a period when hardware advancements really went crazy and the “norm” moved to unprecedented new heights. The new norm for hard drive capacities increased from 40-80GB to 350-500GB.  The new standard for RAM was now 2-4GB rather than a measly 512MB, and Intel had introduced a whole new range of powerful CPUs.

My latest custom built machine is even more powerful of course. I always try to build my machines to specs which offer value while still retaining at least some relevancy for a period of time. However, technology is moving forward at such a rate that this is often a fool’s errand and, even as the last screw secures the tower’s side panel, I am aware that the machine is probably already outdated.

Peripherals:

I can’t finish up without also mentioning the dramatic advancements in peripherals. I remember saving up for months to purchase an Epson LQ dot matrix printer which cost an exorbitant $599.00au, ten times the amount of today’s basic multi-function inkjets.

And who remembers the old CRT monitors, whose bulk and weight belied their small screen size?

Who would have thought that those humble beginnings would lead to a tiny portable device capable of not only making and receiving phone calls but also connecting to the internet, watching videos, playing games and music, taking photos, etc.

As I watch today’s youngsters nimbly manipulating their internet connected smartphones and tablets, I can’t help but wonder what awesome technological innovations might be in store for them during the next 30 years. The mind boggles!

Cloud Storage – Great Idea or Security Risk?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

“On no, we’ve lost all of little Johnny’s birthday snaps”, the woman cries as she holds her smashed smartphone aloft. With a knowing smile, her husband responds, “Don’t fret dear, they’re all in the cloud”. All is well, peace and harmony reign again.

Even less than a decade ago, any mention of “cloud storage” or “data in the cloud” would have almost certainly elicited a puzzled response. Today though, I’d imagine just about everyone would be familiar with the concept. “The cloud”, it’s a rather exotic term which simply means your data is uploaded to and stored on somebody else’s server, essentially on an internet connected hard disk owned and operated by the cloud service provider.

There is no doubt that the advantage of being able to access data from anywhere on any device creates a massive appeal factor, especially for multiple device users. Not to mention the automatic backup element which is clearly demonstrated in the opening paragraph.

It all sounds like a great idea, that is until you start considering what might and can go wrong. Of course, cloud storage providers take the utmost care with your data, at least according to them. They apply top notch security measures including encrypted data transfers. Trouble is, the encryption key is also stored on their machines, which means any of their staff can access those files as can any hacker who manages to break into the system.

I realize every method is susceptible to hackers, whether the data is stored locally or in the cloud. However, which do you think would represent the most desirable target – a local disk containing only your own personal data or a mega database containing data uploaded from thousands (if not millions) of users, all in one place?

Another concern involves the future viability of a chosen cloud storage provider – just ask those who entrusted their data to Kim Dotcom’s Megaupload. What happens to your data if the company is sold, goes bankrupt, or just closes down? Then there’s the scenario where cloud storage providers can simply change the terms of their plans, exactly as Microsoft did recently when the company drastically reduced the amount of data storage available under its free OneDrive plan.

I guess though, when it comes to data in the cloud, the greatest concern for most people is privacy. While Microsoft OneDrive openly scans all your files – for illegal content of course, most providers will collect data to share with “trusted third parties”. Naturally, many of these providers need to process sensitive information, such as your name, email address, phone number, credit card details and mailing address, in order to “improve their services”. And Santa Claus visits once a year around Christmas.

Despite the cynicism, I do believe that cloud storage can be decidedly useful and I’m certainly not dismissing the practice out of hand. However, as is the case with many situations… everything within reason.

I would not, for example, store any sensitive data in the cloud, whether encrypted locally beforehand or not. Family photos, life-memories, items which are valuable only to the user and serve no purpose for anyone else… sure, no problem.

Regardless, the important thing to remember is that any backup is preferable to no backup at all. If you don’t fancy storing your data in the cloud, dust off that external drive and use that instead. Works for me.

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

Windows 10 Privacy Issues – Fact or Fiction?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

The release of Windows 10 together with news of its heightened telemetry certainly brought out the conspiracy theorists and paranoid. Publish an article about Windows 10 and, regardless of the actual subject matter, you’re pretty much guaranteed to receive a slew of comments slamming Microsoft and its new operating system for introducing these so-called privacy issues, so much so that it has gotten to the point of becoming tiresome.

The data collection in Windows 10 may be at a new level for a desktop operating system but it is pretty standard fare for mobile devices. Both Google (Android) and Apple (iOS) have been collecting this type of data for years with nary a whimper from the using public.

One has to bear in mind that Windows 10 is, after all, a hybrid operating system, designed to cater for both desktop and mobile users. Mobile by its very nature requires a lot more information than a stationary desktop in order to deliver full functionality. If you ask Cortana to find the nearest pizza shop, for example, how can the digital assistant provide that information if it has no idea where you are located?

With the increasing trend toward mobile device usage, Microsoft is merely following the age-old law of supply and demand. With Windows 10, Microsoft has produced an operating system which is suitable for both desktop and mobile users – depending on how it is configured.

That’s the whole point with Windows 10, a point which, apparently, many people have failed to grasp – the choice lies squarely in the hands of the end user. Windows 10 can quite easily be set up purely as a desktop operating system, in which case the level of data collection is substantially diminished. Sure, it may take a little time and effort to go through all the settings, but it is definitely not difficult.

Don’t want to use Cortana? Simple… just turn it off. And so on, and so on. It’s easy to disable unwanted apps/features, nobody is being forced to utilize them or the services they provide. They are simply available for those who do want to use them.

If you go through Windows 10’s Privacy settings and disable everything you don’t want or need, including setting Feedback to minimum, the level of telemetry is no more than one would expect for a desktop PC, no more than [say] in Windows 7 or 8.1.

I’m not suggesting for one minute that Microsoft hasn’t made bad decisions regarding Windows 10, just that, in my opinion, the telemetry isn’t numbered among them – more a matter of simply keeping up with the times. In fact, I’m far more concerned over the enforced updates in Windows 10 where there simply is no choice. Not to mention the constant upgrade nags and unsolicited upgrades – but that, as they say, is another story for another time.

Bottom Line:

To suggest that Windows 10 is ‘spying’ on consumers is a pretty far stretch. I, for one, don’t really care if Microsoft knows that some anonymous old geezer in Queensland, Australia regularly visits Bill Mullins Tech Thoughts blog.

Do I like Windows 10? Sure I do. Would I recommend upgrading to Windows 10 for free? In a heartbeat.

*BTW: Microsoft recently announced that the Windows 10 free upgrade offer will definitely end on 29th July as originally stated.