Security or obscurity

I used to say I dont use or fix Win boxes, but in recent years I’ve adopted Windows as a gaming platform, so hard to use that excuse.

Using W7 at work and them having W8 or W10 helps – “different interface, don’t really get this stuff” “too old to learn new stuff” :)

So spyware is fine as long as MS or Google are doing it, it seems.

No, it’s just American, some sort of compulsive need to share everything. Met an American girl in McDo a while back. She said “AWESOME!” a lot (in caps, in bold, with an exclamation mark). I don’t recall what exactly she was doing in rural France. Too busy trying to get around the fact that she’s glad she wasn’t at home because everything is crazy thanks to her father’s… what was it… hepatitis I think. Oh yeah, and she’s a lesbian and she really digs French chicks.

Now, I have no comment on her father’s medical issues. I have no comment on her sexual preferences. My comment is who the hell would blurt out that sort of information to somebody they bump into in a fast food joint several thousand miles from home?
I know which of the waitresses she’d like to snog (not the one I’d have chosen…) but I don’t know her name. WTF?

If you extrapolate her mentality to an entire population, suddenly the likes of Facebook and Instagram make sense. Suddenly the idea of rampant snooping on everything makes sense. From my sample of one (!), it seems to be “sharing is caring” is built into their genetic code.

Those of us who still understand the concept of privacy (and for this I’ll have to look to Germany because TheMay is doing her best to follow in the footsteps of the NSA) will not only be worried about the sorts of data that is being collected, but also what purposes this data is going to be used for, and of course the degree of accuracy of said data. While Google and Facebook make a console so you can read “information held on you”, neither give any indication of data obtained via profiling. And I know Google have been at it, as half of my adchoices embedded adverts (on devices that don’t block) are written in Japanese… Well, okay, they worked out that association (gee, that was difficult, right?). Fine… However I have a right to access and correct data held on me. Who do I get in touch with?

(P.o.S machines etc)

Piece of s….? ;-)

Actually, as Steve’s statement shows, there are updates […] I believe the registry hack is easy to find.

Given Microsoft’s propensity for sneaking stuff in via the update mechanism (Genuine Advantage, serial drivers that will bork clone devices¹, and endless “YOU WILL INSTALL WINDOWS 10” malware), I would probably rather leave the updates to be vetted manually.

Unfortunately people think because I use a Mac I can fix iPads and iphones.

I used to get “Oh, you have an Android phone. My <something else> is not working, can you take a look at it?”. As a known geek, I would also get asked to look at a broken machine after other lesser people have “had a go” at it. And then, if the problem comes back, I was expected to fix it for free as I clearly didn’t do it right the first time. We just can’t discuss the seven year old brat that can’t do anything wrong and has zero willpower when it comes to “click to install”. Ever seen XP’s Start menu take four columns? That’s any machine that brat is let loose on.

So… My rules are very simple.
It’s €85 per hour (or part hour). Work done gets checked and signed off immediately. Nothing gets taken home to be looked at. And I simply won’t touch a machine that is not running an up to date antivirus.

There’s a nice rant about it here: https://www.heyrick.co.uk/blog/index.php?diary=20141102 (halfway down)

Accordingly, once I mentioned that, I got some extremely rude comments and now people don’t bother me to look at their broken machines. You know what? The €85/hour isn’t because I’m a wizard. It’s because outside of work, transport, and sleep I don’t have much free time and I’d like to use the time that I do have for my own things. It doesn’t matter. Writing this rubbish, watching animé, staring at the wall. My time, my choice. If something is going to disrupt that, I expect it to be something worthwhile. I figure €85 an hour as being worthwhile. If somebody is willing to pay that, they can have some of my free time.

Otherwise… mission accomplished.

☺

¹ Not entirely MS’s fault, FTDI gave them the updated drivers and they deployed ’em everywhere.

“too old to learn new stuff”

I’m not even 30. I don’t think that would work for me, and people know I’m a mega nerd so that doesn’t help.

are written in Japanese

Same here. I check out latest Love Plus game, and JP ads stalk me for weeks. I hunt down an OSS 117 film, and never have to worry about a French ad.

not running and up to date antivirus.

Ha! I’ve not run AV for 15+ years (with the exception of Windows Defender because that thing is annoying to remove) and I’ve never had a virus or any malware on my personal machines. You should check out No. 2 here

who the hell would blurt out that sort of information to somebody they bump into in a fast food joint … ?

Forty five years ago I spent a week in Urbana, Illinois. I was puzzled because it seemed to consist only of suburbs – pleasant leafy suburbs, but I could find no town centre apart from an Italian restaurant, a hardware store and a Fire Station. A pretty young girl served in the restaurant, who told me that she was about to go on holiday in Europe. She had never been out of Urbana before. I did not know what to say. She lacked totally any of the social defences (privacy) which survival in Europe demands; she was utterly naive, totally innocent and with no sense of irony. I realized that I had no way of explaining to her what problems she might encounter.

What advice would you have given?

I’ve never had a virus or any malware on my personal machines.

Probably ‘cos you aren’t a prat. Basic security measures are more common sense than antivirus, but then perhaps antivirus (etc) might be useful for those lacking common sense?

So… Find a machine. Have it run “the blue e”. Don’t run antivirus. And give it to the sort of child that will traumatise teachers.

I guarantee it’ll be a cesspool of badly interacting malware by the end of the day.

What advice would you have given?

Well… Gee… That’s actually really difficult, for those things that seem normal to us will be about as alien to her as she would seem to us. I mean, we could not exactly say “don’t share private things with strangers” as maybe in her culture, it’s okay to talk about those sorts of things with people you’ve only just met?

I guess my “crash course” in being a Brit (also applicable in other parts of Europe if you speak the language) is to communicate with the least number of words possible. Simple Yes/No answers. If people ask what you are, you’re an American. Nobody gives a damn if you’re Irish-American with one parent descended from Cherokee. If somebody should ask “what do you think about”, they are probably looking for a very specific answer to a very specific question. Don’t add loads of superfluous details. Be aware of sarcasm. It’s a mainstay of British humour. If people regularly comment on what you’re wearing, they’re probably taking the piddly.

This isn’t to say that we don’t have fun and detailed conversations. Steve P, in his job, may well have overheard the stuff nurses can talk about while eating lunch. The difference is, those sorts of things just aren’t discussed in the presence of strangers. We just don’t share like that.
I mentioned here, briefly, that I was ill a couple of weeks back. It got another brief mention in my first Eurovision write-up (in the context of “I wish this was a week later”). Nothing else has been said, nothing else will be said. I could talk about the weird way the French Sécu works, or the rather nasty side effects of the antibiotic ¹, but you’ll notice there’s actually not much personal-private stuff on my blog. If my foot goes mouldy or I have puss coming out of my sexual appendage², then I think “sharing this news” with random strangers is about the last thing I’d want to do… Well, maybe I’d do that before lopping the affected organ with a rusty hacksaw, but really it’s a close call.³

¹ I will share one symptom in case any of my messages from the time in period were very weird. It gives chronic insomnia. I took it for a week. By day six I was practically hallucinating from lack of sleep. And those few times I did sleep, very pleasing nightmares that I’d turn into fiction stories if I could figure out a good way to write them down.

² For the record, no on both counts.

³ Practical demonstration of sarcasm.

“what do you think about”

This would probably get a puzzled stare from me at most.

^{^}
Kind of why I mention I’ve been sick, busy, or driving a lot. Under those circumstances things that may make sense to me may not quite match reality in this universe.
I could never be an interstate truck driver. I have no idea how they do it!

Although I don’t have any Windows devices with SMB shares I have some linux devices with them. I think anyone infiltrating would just about send me a bill for wasted time gaining access to them. My shares point to directories on USB HDDs connected to a random SBC almost entirely consisting of source and other resources downloaded from GitHub and similar. Completely worthless data to anyone else. However to me it’s not because my internet connection benchmarks well on known benchmark sites, but in reality is absolute rubbish. So my shared files are closer to a selective local cache.

The telco has been hard at work installing FttC infrastructure, so eventually we can enjoy the same speeds at even higher cost, bless them. It’s sad but the thing I find exciting about it is I could set up an IP phone so we could have a properly functioning telephone during and the days following rain.

I love reading stories about when younger people come to visit my sunburned country. The number of them that are in shock because we don’t have X, or can’t do X, is amazing. Then there’s the visitors which don’t quite grasp scale and or inherent danger of travelling. Places they want to visit can be a very long way away with no lifeline if something goes wrong. Pack supplies, extra fuel, pack lots of water, and have some protection against the elements or you might die. It’s just commonsense! To me at least.

I’m glad this is in Aldershot.

Security through obscurity is valid to a degree. If someone can gain any sort of remote access to a RISC OS machine I can pretty much guarantee they’d have no idea what they are looking at. Especially because 99% of them are just script kiddies running things they downloaded from dodgy places.
The 1% are still the concern with anything connected for the world to see. Speaking of which…

A few years back at least I messed up our router bad enough to need a factory reset. I was tired and wasn’t paying attention. I’d logged in and was about to start making changes when I realised the web UI looked unfamiliar.
What had happened was I’d left the notebook on WiFi, which had decided to connect to a neighbour’s network, and I’d accidentally logged into their router because it was still using hardware defaults.
Security? What’s that!?

she was utterly naive, totally innocent and with no sense of irony.

So American…

I’d logged in and was about to start making changes when I realised the web UI looked unfamiliar.
What had happened was I’d left the notebook on WiFi, which had decided to connect to a neighbour’s network, and I’d accidentally logged into their router because it was still using hardware defaults.

That is hilariously brilliant.

but then perhaps antivirus (etc) might be useful for those lacking common sense?

I’m not going to say it isn’t, but I’ve also not seen much benefits of running AV in the real world.

Hackers have access to the same AV software and they test their malware on machines running it. Now a lot of malware is covert (unlike the 90s with malware opening pornographic popups every 60-120 seconds) so it can takes a while for researchers to find it.

Once found, they reverse engineer it, grab its signature, and push update to AV software. Meanwhile, MS has patched the flaw that allowed it onto the PC, stopping the virus from spreading. If you don’t have Win updates turned on, you’re a muppet.

Further, since XP (SP2?) Microsoft have the mrt tool designed to remove malicious software. I believe it runs itself every month with a quick scan, but if you want to run it and do a full scan, open a run dialog (Windows Key + R) and type in “mrt” without quotes. This works on all Windows since XP SPx.

I never tell people to uninstall AV, because you cant educate people to use a computer securely, imho, but I will scare them into not feeling foolishly safe with AV.

I’d accidentally logged into their router because it was still using hardware defaults

That reminds me of my teenage years travelling with my WinMo PDA and logging open WiFi APs with GPS coordinates using WiFiFoFum (still around I believe) I had a massive map of “free” WiFi in Newbury. Then they ISPs had to start shipping with security already enabled and passphrases printed to the bottom of the router and ruined all the fun. sighs

7 and 8 consumers had a free window to Win10 for a year

You can still get this free, but you have to engage in a pretence. I recently updated an 8.1 machine.

the end result has been regular swearing from the other side of the living room

The initial experience with updating W8 to W10 a couple of years back was not so good, but following the major update, W10.1 if you like, things have been fine.

XPe isnt same as XP, so you might get some updates

I understand that the difference is not large. I get regular updates and things have worked fine for quite a while. Cue major disaster. ;-)

I understand that the difference is not large. I get regular updates and things have worked fine for quite a while. Cue major disaster. ;-)

Do you get latest mrt? If you run it, it should say May 2017.

I’ve also not seen much benefits of running AV in the real world.

I have. From time to time Avast blocks stuff that my browser is trying to fetch. Ironically the worst incident I had (a pile of warnings) was from a cross-stitch site looking for a pattern for my mother. I guess it was targetting people who were considered less likely to understand online security.

with malware opening pornographic popups

I noticed that. Kind of amusing ’cos my content blocking rejects everything that they try to load.

While dealing with viri is a game of whack-a-mole, it helps also to be reasonable about where you go (if your favourite site deals in dodgy porn, it’s probably not a good place to be) and also simply don’t allow any executable content from unknown sources to run. Yes, this means I’m a “freetard” that refuses to accept third-party advertising, but I don’t see the site owners who serve up malware-ridden adverts offering to pay to get the damage fixed…

Do you get latest mrt? If you run it, it should say May 2017.

Good warning. It is Aug 2016, well past the demise of XP, but out of date, nevertheless.

Following through the links, it is clear that that must be the last version that will run on XP.

It is Aug 2016

Wow, I’m actually quite impressed MS went that far.

Turns out that despite initial reports, XP wasn’t actually affected that much.
Security through obsolescence? ;-)

https://www.theregister.co.uk/2017/05/20/wannacry_windows_xp/

XP wasn’t actually affected that much

Probably because most people running XP aren’t savvy enough to use bitcoin xD

Probably because most people running XP aren’t savvy enough to use bitcoin

Probably because many probably re-imaged the machines instead of paying and thereby recording a score, but you’re probably right too.

Probably because many probably re-imaged the machines

I was referring to home users. Imaging is more of a sysadmin/business network thing. I’ve not worked on Win boxes in business for 6 years now, but back then we were switching to Win7 and XP was being phased out.

I’d be surprised if medium businesses and bigger we’re still using a large amount of WinXP boxes. I’d never work for a company use lots of XP boxes because it tells you a lot about the company, the CTO and the Network Manager.

I was referring to home users. Imaging is more of a sysadmin/business network thing.

A typical HP laptop for home use would have a restore from image, indeed the rebuild of the brother in laws laptop at Xmas¹ used exactly that to restore Win8 which then spent pretty much forever updating itself to 8.1

¹ Sometimes there isn’t a convenient exit.

A typical HP laptop for home use would have a restore from image, indeed the rebuild of the brother in laws laptop at Xmas used exactly that to restore Win8 which then spent pretty much forever updating itself to 8.1

I don’t remember Windows reinstallation media appearing as an image until Windows Vista. Before it was predominately CDs. Even then, most were stored as a partition on the harddrive and I see no reason why ransomware would only encrypt 1 partition. I remember getting annoyed when replacing defective HDDs and having to hunt down the media or users destroying Win media when installing Linux but couldn’t reinstall Windows again at a later date.

I’m not to sure today, because I mostly work with W10 which is easily downloaded from Microsoft.

Sometimes there isn’t a convenient exit.

Story of my life.

Sometimes there isn’t a convenient exit.

Story of my life.

{start gagging}

If you behave like you’re moments away from blowing chunks, the only people not likely to escort you out the door is a family of nurses….

If you seem better outside, or get called on it, point out something like “Do you use {air freshener brand you noticed earlier}? That always makes me feel nauseous.”

Remember – if people (especially various extended family members) are going to be devious, there’s absolutely nothing wrong with being devious in excuses for getting out of there. Well, it’s better than getting fed up, losing your rag, and telling them exactly what you really think… :-)

If you behave like you’re moments away from blowing chunks

there’s absolutely nothing wrong with being devious in excuses

I’m quite a straight up an honest person, so I couldn’t bring myself to do that.

Well, it’s better than getting fed up, losing your rag, and telling them exactly what you really think

Never lost my temper with anyone, but I can get fed up quite quickly. I am actually more than happy to help people with their computer when they’re stuck and lost. I just hate it when they haven’t even bothered and are asking me to install Office or ringing me up asking me what to click when a dialog pops up.

Fixing *nix systems is actually a lot of fun, and I don’t mind fixing Windows on enterprise-like networks, but fixing a lazy persons Windows box drives me nuts.

Partly, I think I will always be a victim of my personality I suppose, but I might start insisting people get a new PC/laptop instead of fixing it.

I’m quite a straight up an honest person, so I couldn’t bring myself to do that.

There may come a day when you’re like – why am I doing this? I have things to do as well…

As you’ve already noticed, it’s the people who don’t even try that grate.