MURAnews - Computer/Technology

Online Forms Can Leave Credit Card Info on Your Computer

- by Marianne Van der Wel

One of my favourite web sites is Canada Helps, which allows me to make online donations or send electronic gift cards for over 83,000 registered charities. For this I use my credit card with a small monetary maximum limit. To my dismay, I noticed that when I was using another form requiring a credit card for this or another site, my credit card number was already stored on my computer, including the security code from the back of the card. This is a convenience I don’t want, preferring to retype my credit information each time. To ensure that a web site is using a secure connection when you are entering sensitive information, check the link address for an "s" after the “http” as in https://....

To remove information from your computer after you use an interactive form, clear your web browser’s history. Note that other stored information such as user names, in addition to credit card information, will be deleted by this process.

- by Marianne Van der Wel

Passwords are crucial to protecting your computer data, your money and your identity. Trying to remember your passwords is also a challenge, particularly since rules for forming passwords differ depending on the site or application.

Creating secure passwords

In the case of banking, credit cards and cell phone accounts, you are generally allowed exactly four numbers. On the other hand, for computer applications and web site accounts the rules vary tremendously. Most online computer accounts such as insurance, email, Facebook, Twitter, Myspace, blogs, meetup groups, news feeds, and sites to promote causes allow at least 6-8 character passwords. Some allow only letters of the alphabet and numbers, while others let you add some or all special characters. While nothing is 100% secure, here are some tips to help.

For computer applications, in addition to changing your password periodically and not using previous passwords, choose a password that is hard to guess. Using random characters is best since they are difficult to crack using computer software. Never write your passwords down or store them in easily recognizable files. Avoid birth dates, or family and pet names. Instead choose variations of a single password that is as random as possible and at least 6-8 characters long.

For example the Carnegie Mellon School of Computer Science suggests generating "reasonably secure" passwords by

• choosing two unrelated words such as

“unix fun”; “book goat” or “august brick”

• joining the words with a non-alphabetic character or two and then
• making at least one change, for example, uppercase a letter or add another character to one of the words, preferably not just at the very beginning or end of the password. Using this method, you could generate these passwords:

unix+fUn             bo!ok29goat      august,=bRICK

For an even more secure method, make up a phrase or sentence with punctuation that is easy to remember. Then choose the first letter of each word and the punctuation (if allowed) as your password. For example the sentence

Disturbing, confusing Life of it’s own! 

would generate the password 

D,cLoi!o!

For the four digit numeric passwords required for banking, credit and cell phones follow similar guidelines. One possibility is to choose a four letter word and use the numeric position of the letters in the alphabet as the password (e.g. “face” gives the password 6135, ”hide” gives 8945).

For more information on password security there are many more web sites such as: 

• http://www.wikihow.com/Create-a-Secure-Password
• https://informationsecurity.mcmaster.ca/password/
  

Aids for remembering passwords

There are programs with specially encrypted databases that will help you keep track of passwords. For example Mozilla's web page describes the password manager which is available if you use Mozilla's browser, Firefox.  This free, open source software is discussed in Saving Money With Open Source Software, from the Spring 2010 MURAnews. 

Similar password managers are available in most browsers you might use.

Other open source and commercial password managers are also available. If choosing a free one, it’s often better to choose one that also provides a commercial upgrade to discourage  viruses, etc.

If using a password manager is not for you and you need a record, create a computer file with a name that has nothing to do with protection (i.e. avoid words such as pass, password, protect, secure). Put the file on a memory stick and store the memory stick in a location that is not near your computer. 

- by Marianne Van der Wel

Open source software is free software available to the public that has been developed by a consortium of people sharing their time and expertise for a variety of reasons -- to gain experience, to share expertise, or to prevent commercial monopolies from taking over the net. Open source software web sites often suggest donations but I’ve never been pressured to do so. Not only is open source software free but it often rivals and, at times, surpasses the quality of commercial packages.

Open source software is available from several web sites. One of the most popular is Source Forge.

The open source packages I use are: 

Mozilla’s Firefox web browser and its Thunderbird email program, both with updated security features. 

PDFcreator, a wonderful tool that lets me create PDF, JPG, GIF and other graphical file formats from ANY program simply by printing to a virtual printer called PDFcreator. 

Open Office, developed by Sun Microsystems, provides all the same tools as Microsoft Office such as word processing, spreadsheets, database, drawing and presentation software. You will need to learn some new key strokes to do the same tasks as you are accustomed to with Microsoft, but since this package is free you can save a lot of money! Open Office is also very good at converting from and to Microsoft formatted files including the newer docx formatted files that some people cannot read with older Microsoft software. 

For the technically inclined, the source code for all open source software is freely available in addition to the executable program in case you wish to modify the program.

For more information about open source, see: http://www.opensource.org.

As of January 2010 McMaster’s new preferred campus antivirus program is Trend Micro. Since only active employees working on McMaster-owned computers are eligible to download Trend Micro OfficeScan free of charge, retirees are blocked from downloading this software.

Retirees working on or off campus on McMaster-owned computers are eligible to download Trend Micro to those computers. To accomplish the software download, University Technology Services (UTS) suggests:

1. that a support person in the retiree’s department do the download on campus, or
   
2. that the retiree contact the UTS Service Desk to arrange for a free download. Proof that the computer is a McMaster asset, such as a letter from the retiree’s department chair, will be requested.

Trend Micro can be downloaded by retirees for personal use for an annual fee of $13.50 from the Campus Store MacMicro Computer Department. 

Phone: 1 (905) 525-9140 ext. 24417
Email: macmicro@mcmaster.ca

There is also good free antivirus software available. Three such packages are:  

If you choose one of the free packages, please read the information for each package carefully to determine what protection the package offers and does not offer. For terminology related to computer viruses, please see Computer Scamming, Phishing, Adware And Spyware, from the Fall 2008 issue of MURAnews. When downloading a free package also read the instructions very carefully as it is very easy to download the professional (not free) versions. The free packages tend to provide good protection without all the bells and whistles. Some will require you to register.

Whatever you decide, please make sure you first uninstall your previous antivirus program (if any) BEFORE installing your new antivirus program, and please do not use the internet WITHOUT an antivirus program.

- by Marianne Van der Wel

a) Copying and Pasting Links

b) Making Links Shorter

Do you find yourself wanting to share web links you have discovered that point to articles of interest? Often these links are long and cumbersome and simply do not fit into your document or other means of communication.

For example, when compiling the MURAnews, we often want to show links that are very long yet must fit on a single printed line. One way is to reduce the font size so much that the links are hard to read without a magnifying glass.

You may have the same issue if you use Twitter to share a web page with your friends and colleagues. With Twitter’s limit of 140 characters including blanks, long web addresses are not feasible. The solution?  Use TinyURL. On this web site, you can enter a very long link such as https://www.washingtonpost.com/news/wonk/wp/2016/04/29/six-maps-that-will-make-you-rethink-the-world

TinyURL will generate a shorter link to the same web page such as http://tinyurl.com/y8o6vgh9, that will never expire.

c) Twitter: Useful for Sharing Links

• You do NOT need an account to read a Twitter page: Try  http://twitter.com/cbc to read CBC news articles
• Twitter provides a nice way of pointing to a variety of web sites and blogs that you may wish to share.
  
• Create a Twitter account
  

Purchasing a Product On-Line That Involves a Subscription

- by Marianne Van der Wel

A year ago I had difficulty removing a virus from my computer using the software I had installed. A friend in the computer business had recommended another antivirus program so I downloaded it, paid for the package with a credit card and tried it out. It did successfully remove the virus but subsequently brought my PC to an unusable crawl. Within two days I abandoned the second package and switched to a third, which worked much better. I totally forgot about the second package.

In August 2009 (a year later), I got an email congratulating me on renewing my subscription for another year and a charge of $39.95 USD was levied to my credit card account. Quite an unpleasant surprise!

Since the message I had received was an automated one, I could not respond directly. I did send a response to the company guessing at what I thought was their email. It went unanswered. Hence after a day or so, I called my credit card company.

The Legal Versus the Ethical

My credit card company informed me that this transaction was perfectly legal as I had implicitly agreed to have my subscription automatically renewed each year by not writing to the antivirus company to cancel. I was told my only recourse was to ask the company for a refund, and was given an 800 number to call.

I phoned immediately to discover a recorded message that this antivirus company does not offer phone support and to check out their web site. I did that next. After searching the company's web site for over half an hour, I submitted a request for cancellation to the company’s webmaster using an interactive form as I could no longer remember the original details to submit the cancellation to their sales department.

Protecting Yourself When Purchasing a Subscription Online

1. If you subscribe to anything online, save the  information the company sends you regarding your purchase.
2. When you receive the purchase confirmation notice, read the WHOLE notice. If you do not find the ”Terms of Service”, (the fine print!) which should include renewal information, check the company's web site. If you can't find it, contact the company. 

- by Marianne Van der Wel

Do you store important items on your computer such as your photos, music, tax documents or a favourite program? How would you feel if you lost any of these? Having lost two computers due to hardware failure 10 months apart, in the last 1.5 years, I REALLY appreciate having backups! Performing backups is easier and cheaper than ever.

1. Determine what data you do not want to lose (e.g. photos, documents that you have no desire to recreate, vital business documents). This is usually your "My Documents", "My Pictures" and “My Music”, as well as your "Desktop" folder and possibly your "Downloads" folder.
2. Determine how much disk space these folder use.
3. Buy an external disk that will fit your current and future needs. Allow room for growth. You have 3 basic choices: Ž

• A flash memory stick with 64 Gigabytes (GB) costs $160-$200; 32GB around $90; 16GB approximately $45 and 8GB around $30 Ž
• An external portable disk drive. These do not require an external power source and plug into a USB port with a cable. A 250GB device with the required USB cable can cost $85-$110 Ž
• A regular external hard drive. These also plug into a USB port with a cable but are generally little larger in physical size and do need a separate power supply. These drives cost $80-$150 for 500GB to 1000GB (one terabyte).

To actually perform the backups, there are many options besides your operating system utilities. Some external disks come with software that allows you to automatically back up your files as you create them. There is also free software that allows you to synchronize folders, even whole drives, and schedule the backups automatically. One is SyncBack.

If you prefer not to use a backup utility, you can use your copy command to transfer files to an external device.

Note that local email programs such as Outlook Express and Thunderbird use special databases and hence are generally not backed up and recovered using standard backup techniques. For Thunderbird, there is Moz Backup (my personal favourite!).

- by Marianne Van der Wel

No Charge Antivirus Software

Trend Micro: McMaster retirees are eligible for a preferred price on Trend Micro, McMaster University's official antivirus software. See the Campus Store MacMicro Computer Department TrendMicro Anti-Virus Licenses page.

Avira: If you are not a fan of Trend Micro, try Avira's free antivirus program that ranks on par with some packages costing $50 or more annually. Pat Foran from Toronto’s CTV recommended Avira in a CTV video presentation in September 2009.  Look for it at Avira’s web site.

Spyware, Scams & Phishing

A year ago, in the fall 2008 MURAnews, I reported on computer scamming, phishing, adware and spyware. Pat Foran’s “Secure Computers” video report on CTV in 2009 also touched on these topics. To prevent identity theft, never respond with personal information to web site addresses that come in emails (phishing). Pat’s report warned of this and, to help identify bogus sites, he recommended using McAfee’s free SiteAdvisor software.

You can also get a bogus site when you mistype a web site address. Hence, if you supply personal information, look at the site carefully for legitimacy and compare it to what you saw the last time you used it. Again, McAfee’s SiteAdvisor may help you identify bogus sites. Pat Foran further recommended Windows Defender to protect against spyware when using Microsoft Windows. Windows Defender is now built in to Windows 10.

To fight spam, use SPAMfighter, a free spam filter for Outlook, Outlook Express, Thunderbird, Windows Mail and Windows Live Mail.

- by Marianne Van der Wel

WARNING! ALERT! While computers can be a wonderful tool, they also attract the negative. There are many folks on the internet who will try to scam or defraud you! How? They’ll send you an email that, at best, will annoy you or, at worst, will - if you respond - empty your bank account or download a destructive virus to your computer. As you browse the web, your activity is being watched and you may get unwanted emails as a result as well as adware/spyware when visiting certain sites.

Some Definitions

SCAM: An annoying e-mail that asks you to buy something, or get a bigger, better widget.

PHISHING: This is generally more dangerous as the message will try to trick you into replying with personal information or downloading a destructive virus which can be in an attachment. Damage can also occur simply by opening a suggested web site in the message.

ADWARE: Wanted or unwanted pop-up windows that can be destructive. One encounter asked if we wanted to buy something. We said no! It started to download anyway and we shut the computer down immediately to interrupt the download.

SPYWARE: An unwanted program downloaded to your computer without your knowledge when visiting a web site. Usually it just tries to figure our your interests so you can be targeted by advertisers. Sometimes the program can be destructive. You may have read about people who ended up with huge long distance phone bills as a result of spyware.

Protecting Yourself

1. Be alert and ever vigilant. Never respond to an email asking for personal information no matter how authentic a message or web site looks. Such emails can come from a cable company, a phone company, a bank, a security company, an update for software, including antivirus software (that you can’t quite remember having or not) or an offer for a trip or investment opportunity. This is especially devious if the message happens to be a company you deal with. Only offer personal information if you initiate the transaction and then only what is normally required. One software company wanted a birth date along with the credit card information in order to make a purchase online. Too much information in our opinion and we did not proceed with the order.
2. Use an antivirus program: An antivirus program is a must but when choosing one ask what the program detects. Some detect only viruses while others also track adware, spyware etc. Have a program that checks your emails and make sure this feature is turned on. Also perform a full system scan on a regular basis (say once a week). Another consideration in choosing an antivirus program is the resources it uses...some can considerably slow down your computer.
3. Choosing an email and web page browser: While your best protection is being alert and ever vigilant, email and web browsers are not created equal when it comes to alerting you to scams and minimizing phishing/adware. Do look into alternatives to Microsoft’s Outlook Express and Explorer. For example: Mozilla’s free Thunderbird (email) and Firefox (web browser), both part of the Open Source consortium and Apple’s Safari which is now available for Windows. We have even noted differences in the behaviour of Yahoo, Hotmail and Gmail.

- by Marianne Van der Wel

A wireless home network can provide convenience in homes with:

• more than one computer
• printers and scanners that support wireless technology
• a laptop computer you want to use in different locations in the home.

But wireless convenience introduces security concerns. Wireless network activity is broadcasted like radio waves. So, without proper protection, anyone close to your home such as a neighbour or a person parked nearby can use your “air time”. Even worse, people with enough know-how can read your online activity and get into your computer. Your passwords, online banking activity, personal emails, etc. are at risk of being seen and copied by an outsider.

Most home wireless networks use hardware called a router which is slightly slower than high speed internet. The wireless range is about 100 feet. A new wireless standard coming on the market, designed to be faster, has an even longer range.

While no wireless network is as secure as a hardwired one, you can protect your computer and personal information on a wireless network.

How? Use encryption! Encryption is basically a formula that turns ordinary data into “secret code”.

One thing you need to know if you are installing a wireless home network is that encryption is not automatically set up when a wireless router is installed. It must be done as one of the installation steps, or as a retrofit for an already existing wireless system.

Some types of encryption provide better protection than others because they are more difficult to decode. The recommended encryption standard available today is WPA [WiFi Protected Access]. When WPA is selected during setup of the router, you will have to supply a key. The longer the key you choose, the more difficult it will be for anyone to “crack” the encryption. The older encryption standard, WEP [Wired Equivalency Privacy], is fairly easy to crack and not recommended.

Below are some web sites that explore this field further:

• How Home Networking Works
• Setting Up a Wireless Network (Microsoft)
• How to Buy Home Networking Products
• Wireless Router Guide