Start here

August!

I have been watching the numbers on the site for years.  This month we have broken almost every record for the site’s history.  A couple of hours ago The World According to Mitch welcomed its 20,000th visitor for the month of August.  That is by far a record… and considering today is only the 28th, the bar will be set VERY high! :)  Thank you to all of my readers! -Mitch

It Was 20 Years Ago Today!

I was in the army and did not own a computer.  I had vowed to put the world of computers behind me.  But twenty years ago today, on August 24, 1995, Bill Gates got on to the stage and launched Windows 95.

Microsoft Windows was, of course, already ten years old at the time; Windows 1.0 was released in 1985 with very little fanfare or acceptance.  Windows 2.0 was really only used by people who wanted to use Ventura Publisher (a desktop publishing package).  Then when Windows 3.0 (and later 3.1 & 3.11) came out there was already a bit of an uptake.  But it was Windows 95 that really made a difference.  Before that day the majority of the mainstream had no idea who Bill Gates was… but they know now.

Thirty years after the launch of Windows and 20 years of Windows 9x and everyone knows who he is.  Microsoft changed the world, although whether it would have changed without them is a fair debate.

Happy birthday Windows 95… Many happy returns!

Not In It For the Money…

It is almost ten years since I started blogging.  It is hard to believe that it has been that long, but there it is… A little over twelve years ago I registered my first domain and opened my own website, and I used that as a pulpit from which to to ‘speak’ to the masses.  I was thrilled when I got 20 hits in a week.

Although my blog has moved a few times (and has been renamed once) I have always said that I do not do it for the money… mostly because there has never been any.  I have never sold an ad, never accepted money to post an article.  Don’t get me wrong, the fact that I have a site with nearly 900 articles on-line does lend to my professional credibility, and I am sure that has brought me business over the years.  My reasons are not entirely altruistic.  Primarily so, but not entirely.

imageSometime in 2014 I followed a friend’s advice and posted a ‘Donate’ button.  It took me a few minutes on PayPal figuring out how to even do it, but I did… and then I forgot about it.  Why?  Because nobody ever clicked it, but mostly because I have never blogged for the money, and was not going to start now.

It happened last week.  I got an e-mail from PayPal notifying me that someone had sent me $5.  I assumed it was a refund I was waiting for from eBay.  I went to see if I was right, and I was not… someone had found one of my articles very useful, and made a donation!  I was elated!

Of course, over the years I have received hundreds of thank-yous for different articles; people have left comments, I have had people buy me drinks, and dinners, and coffees, and once a small stuffed animal.  But after a decade this was the first time I had reaped financial gains from the blog.  Yes, it was only $5… but that is $5 more than the reader had to send. 

I don’t want any of you to think that this is a whole ‘I have my hand out’ article… that is not the intent.  I was just happy about it… and happy is a good way to end a week.  Happy Friday!

The Ways of Small Business IT

Over the years I have consulted for many companies, from really small to really large.  I have managed organizations of five users, and of fifty thousand.  I realized a long time ago – and have never been shy in saying – that while the two are very different, the truth is that while Enterprise policies can be modified to SMB (Small & Midsized Business), the opposite is hardly ever true.

I was reminded of this recently when a friend of mine who manages a small company lamented to me that he couldn’t get his users to lock their computers when they leave their desks.  This is certainly a subject that I am familiar with, and have seen it happen many times in businesses large and small. 

In large companies it is easy to decree, and more often than not an IT Manager will get corporate buy-in.  The truth is, it is impossible to know who in a large company may be on their way out, or looking for ways to embezzle, or a hundred other scenarios that would cause people to see an unlocked workstation as a prize.

But what about in a smaller company?  Say, a company with ten employees who are all family, friends, or at least very friendly.  The type of organization where everyone knows everyone’s business not because of gossip, but because everyone shares?  The type of organization where everyone trusts everyone and for good reason.  Should the policy be any different in this type of company?

Let’s face it: unless you are an IT service provider then chances are that most of the people in the company will not understand IT; they will simply use their computers for their needs, and assume that their computer come on because that’s the way it is.  They do not understand IT… and they frankly do not need to understand IT, as long as their computer keeps coming on.

So in a large organization with written Policy & Procedure statements for proper computer usage, it is easy to mandate how users may use their computers.  If they are curious about a policy that does not make sense to them then they are free to ask IT about it, but at the end of the day they are not allowed to simply ignore the policies that they do not like, understand, or agree with.

In a smaller organization things can be trickier.  For one, there is seldom a written document outlining how people can use their systems, and when there is one, it is usually harder to take any real action against someone, unless the IT department has complete executive buy-in… and how often do you think that is?

When I was at Microsoft there was a written rule that anyone leaving their computer unattended for any period of time must lock it.  There was another written rule that we were forbidden from touching anyone else’s workstation for any reason.  There was, of course, a third rule that nobody was allowed to enter the office who did not belong there.  Okay, we should be covered.  On the odd occasion when someone did leave their workstation unlocked, the worst that might happen is that someone on the team would send out an e-mail from that person’s computer that they (the person who had left their unlocked workstation unattended) were buying beers for the team.  More often than not, it wasn’t even that.

There used to be a website called www.unlockedworkstation.com.  It was a common tool used by IT tricksters to remind people who had made the mistake once to not make it again.  I was quite fond of that particular trick… but the page disappeared at some point, and what can you do?

All of these tricks that people play may be cute and funny… but what are the real ramifications of leaving a workstation unlocked?  Lost or stolen or otherwise compromised data, people reading compartmentalized documents that they should not be able to, not to mention what they could do if you have passwords saved for your accounting or HR or any websites including banking.  It can be costly or disastrous.

Are any of these likely or possible in a smaller, family-type company?  Probably not.  However there are best practices in IT, and if the Enterprise best practices that apply to large corporations are applied to a smaller organization are generally a good idea… especially when people take their laptops out of the closed and safe confines of their locked office.  If they are not used to locking their workstation every time they stand up from their desk, are they sure to remember to do so when they stand up to go to the restroom in a cafe? What about when they are at a client meeting, or trade show?  When an action is drilled into you, eventually it becomes a habit that you will do the same every time, whether in private or in public.

I have known a lot of IT Pros throughout my career, and most of them are not megalomaniacal power-hungry fiends who impose rules just to show that they have authority.  The policies that they set are not meant to prevent users from working, they are meant to protect the company, and to enable the worker to work safely.

So should a seemingly useless policy like forcing end-users to lock their computers be enforced in small businesses?  The answer is yes… just like they should have to change their password every 30-60 days, they should have to have a screen saver, and they should not be allowed to leave corporate secrets on the table at Starbucks.  It’s just common sense.

Now getting them to comply… that’s a different fight!

Windows 10 have VD! No, it’s not what it sounds like…

When I first got into IT after the army my boss at the time was big into Linux… which didn’t bother me at all, because I wasn’t really ‘in to’ anything.  I certainly knew Windows better than I knew Linux, but I was just happy to be there.  There was one concept that I had the hardest time understanding, and that was virtual desktops.

It didn’t come up very often, but when it did (especially at one particular customer) he would show it to me… but it took me the longest time to finally understand… we were working on the same computer, and the prompt (bash) looked the same… but when we pressed that magic key combination we were all of a sudden working in a completely segregated memory space; so if we had a process running on Desktop 1, we could port into Desktop 2 and continue working.  I really just didn’t get it.

I finally got it of course… I never really used them much beyond that though, because I left Saturnus and spent most of the next twenty years working with Microsoft technologies… and of course Microsoft did not have Virtual Desktops.

Of course they probably had a decent rationale… with Windows you did not actually need to segregate desktops because you could run multiple applications simultaneously, and just minimize the ones you weren’t using.  I suppose that made sense… but when Linux implemented a GUI and they still had virtual desktops (I specifically remember seeing a Novell implementation of it) even with the ability to minimize apps.

Well guess what… they do now!  In Windows 10 Microsoft has implemented a new technology that the Linux world has been using since at least the mid-1990s.  I can now, on the same computer (logged on as a single user) segregate what I am doing between desktops… in other words, I can have all of the applications I run for my personal use – say, blogging and Internet banking – running on a single desktop, and have all of my work applications – say, e-mail, Excel, and Hyper-V – running on a separate desktop.

This all sounds good… and I like how it works.  It took me a few minutes of playing with it to figure out how to have two instances of the same program (say, Microsoft Office Word 2013) running on separate desktops.  It does work, but it’s a bit of a workaround.

Stop talking and show us how!

Yes, I know… I am verbose.  Here’s how you do it:

To create a new virtual desktop simply click Ctrl + WinKey + D (Get it? New Desktop).  Alternately you can open the Task viewer and click the New Desktop icon in the bottom right corner (see screenshot).

image

Switching between desktops is also pretty simple.  From the keyboard simply hit Ctrl + Winkey + left-arrow or right-arrow. 

(I would have loved to be able to set different desktop wallpapers for each virtual desktop, but so far I haven’t figured that out).

To move a running app between virtual desktops, open the Task view, then right-click on the app you want to move. 

image

As you see, you will have the option to either close it or move it to another existing or new desktop. 

And so how do you have two instances of the same program open in two different virtual desktops?  Simple… open a second instance of it in the existing desktop, and then move that second window to the different virtual desktop.  You would think there would be a cleaner way…

Deja Vu…?

Okay, this is all very nice functionality… but is it really new to Windows?  If you are a regular reader of this blog you probably know a thing or two about SysInternals (https://technet.microsoft.com/en-ca/sysinternals). There has been a SysInternals tool called Desktops (https://technet.microsoft.com/en-ca/sysinternals) for several years that does exactly this.  So is it really new?  Or is it another case of Microsoft saying ‘Okay, we have this new OS… what can we add in to make it look better, without spending a lot of time coming up with something new?’  Don’t get me wrong, I like the functionality… but to call it New is kinda pushing it.  Linux (free) has had it since 1995, SysInternals (also free) since 2010… and now it’s in Windows so we should be excited.  Okay, I’ll get right on that… tomorrow.

Don’t get me wrong… I like Windows 10, and I like Virtual Desktops.  But calling them a new feature is pushing it a little.  Next thing you know they will include BGInfo and ZoomIt in Windows 10.1 and we will all be expected to jump up and down.

Tsk Tsk Lenovo……

Raise your hand if you hate CrapWare.  Yes, CrapWare (or BloatWare) are those programs that come with your OEM-installed PC.  Most of the time you don’t want it (or don’t even realize it is there).  Depending on the variant, it can the OEM (original equipment manufacturer, such as HP or Dell or Lenovo, to name a few) thinking they know what you might want; often it is the OEM in a financial agreement with a software vendor installing it for you.  Either way, most of us hate it (hence the term CRAP).

I seldom have to put up with CrapWare for the simple reason that I usually wipe the hard drive and install the operating system from scratch when I get a new PC.  Those of us who do this will have a clean PC completely free of CRAP…

…Or will we?

It was discovered recently that Lenovo (who make spectacular laptops) has been preventing that solution using a dirty little trick: They have been hiding the CrapWare in the BIOS (the Basic Input/Output System of every device).  When you delete the CrapWare (as many people do when they get their PC) it re-installs it for you when you reboot your system.

Naughty Naughty Naughty.

You can read the details here, but the basics of it are that if your Lenovo laptop is running Windows, the CrapWare will be there, no matter what you do to uninstall it…including re-installing your operating system from scratch.

According to The Register (www.theregister.co.uk):

Owners of LSE-afflicted computers urged to update their firmware

A tool quietly released on July 31 will uninstall the engine if it is present in your machine: it is available here for notebooks, and available here for desktops.

On Tuesday this week, Lenovo published a full list of affected desktop and notebook models. Desktop machines built between October 23, 2014 and April 10, 2015, with Windows 8 preinstalled, have the LSE inside them.

Think-branded PCs did not include the LSE, we’re told.

Ok… while I do have a Lenovo T420s on my desk, it is a ThinkPad, so it will not include this rootkit-like code.

It just goes to show you… companies are getting sneakier and sneakier in how they foist their CrapWare on you; fortunately for us the other side are getting better at discovering them, and companies will eventually be caught in their deceptions (remember the Sony Rootkit?)

Ransomware Sucks.

A few weeks ago I started receiving resumés from what looked like legitimate job seekers.  The only problems were a) I am not currently hiring, nor have I put out any feelers that might be misconstrued as I am, and b) There was no cover letter – just a quick note like this:

Hi, my name is re: Les Williamson
I have attached my resume for your consideration.
Thank you,
Les Williamson

There was a file attached of course – a .zip file instead of a .doc or ,pdf file.  I deleted most of them, but I kept one (from Les-Williamson@mhs.novell.com.  I am not sure why I kept it – I had a feeling I would find a need at some point.

Sure enough, I got a call from someone one morning saying they had a very disturbing full-page message explaining what happened to his suddenly inaccessible files:

What happened to your files?

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.  Morel information about the encryption keys using RSA-2048 can be found here: (link)

What does this mean?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?

Especially for you, on our server was generated the secret key pair RAS-2048 – public and private.  All your files were encrypted with the public key, which has been transferred to your computer via the Internet.  Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do?

Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.  If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

The bottom half of the page gave the links for the sites where the customer could pay the ransom.

Why is it called Ransomware?  Imagine the e-mail were to read like this:

What happened to your daughter?

We have moved your daughter to a secure, undisclosed location for her safe keeping.

What does this mean?

This means that your daughter has been taken from you and imprisoned and you will never see her again… unless you follow our clear instructions.

How did this happen?

After seeking out someone who was vulnerable and had everything to lose, we followed your daughter until she was alone and unprotected; we knocked her out, bound her hands and feet, gagged her, and moved her… somewhere.

What do I do?

DO NOT CALL THE POLICE.  If you do then you will never see your daughter again.  If you ever want to see her alive, do exactly as we say and when we tell you.  If you do not – if you delay, if you call the police, if you try to find where she is being held, we will move her, and make it a lot more expensive (and painful) for you to recover her.

Yes, I am sorry to say… your daughter data has been kidnapped, and is being held for ransom.

So what do I do?

My customer had a lot of very good questions about the attack. 

‘If I pay what they ask will they give me my data back?’

It sounds reasonable… but the phrase Honour Among Thieves went out of fashion a long time ago.  There is no morality to the people who hijacked your data, and there is no way to know for sure if you will get your data back.  What is more likely is that once you have used whatever method of payment you use (credit card, bank account, Paypal, etc…) they will go the next step and steal more from you, except this time they will have a direct line to your bank.

Can we just recover my contacts or some of my non-encrypted data?

No.  Here’s the thing: Your data is encrypted because your computer is infected.  Even if we were able to decode the data, your computer is still going to be infected.  And even if we clean out the infection, your data is still going to be encoded.

The image I want you to bring to mind is of one of those hospital shows where everything is fine, and then Patient Zero comes in with a weird cough and rash, and the entire hospital goes on lockdown and everyone is walking around in space suits.  This is some very seriously scary stuff, and I don’t want it anywhere near my live environment, or my lab environment.

Can it be hacked?

In a word: No.  If we had the computing power of the National Security Agency (NSA) in the US, then it is possible that they have a way to decrypt it; but a 2048-bit private-public paired key combination is not something you are going to crack in your basement… it was designed to make sure that the secrets you want kept stay kept.CryptoWall

This is a screenshot of the bottom half of the message… the ‘how to conveniently pay us’ part of the ransom note.  I have altered it so that the personal page of the actual victim is obfuscated, but otherwise this is what you would see.

If you navigate to any of the payment servers, you will see the following:

image

While it is nice and intimidating to see a padlock similar to the one I used on my high school locker, I can assure you that this is not just a screenshot that you can dig in behind and hack.  The parent sites are all registered at reg.ru, and if you navigate to them without using a translator site (like www.microsofttranslator.com) then you will get a Russian language page.  Being fluent in Russian will not get you anywhere… you have to pay up and then maybe you will get your data back.

If you don’t think these criminals are serious about their security and anonymity, I invite you to read up on the TorBrowser.  It is part of the TOR Project, or The Onion Router, which bounces your connection through over 6,000 relays rendering the source virtually untraceable.  A recent NSA document referred to it as “The king of high-secure, low-latency anonymity.”

The Silver Lining

In preparation for this article I wanted to play with the package; I wanted to actually watch it work.  I formatted an air-gapped PC with Windows 10, downloaded the package, and extracted it.  Immediately Windows Defender popped up the warning that it had detected and eliminated malware.  Yay Windows Defender!  However in this case I do not want you to protect my PC… so I disabled Windows Defender and the file extracted properly.

I let it run… nothing.  It popped up a Javascript error (yes, the package is a .js file within the .zip file, and any of you who are willing to open this when e-mailed from a stranger probably deserve a kick to the derriere). 

Windows 10, out of the box, protected my PC from this malware using several tools, not the least of which was the fact that Java is not installed, and scripts cannot run, and all sorts of other good stuff.

The Bad News

Most of you are not running Windows 10 yet.  You are probably running Windows 8, or more likely Windows 7.  I will over the next few days play around with this malware on those systems, but let’s for the time being assume that your computer is vulnerable… unless you use some common sense.

Conclusion

For years I have been warning users against opening e-mail attachments.  It has always been a bad idea; this relatively new threat has escalated the threat and made it very real.  Most malware can be cleaned out, either by Malware removal Tools or whatever.  This new threat encrypts your data, and if it is not properly backed up somewhere then you are going to have a very bad day… and so will your IT Department.

Ransomware really does suck.  It is not just compromising your data, it is holding it hostage.  If you never saw any other reason to make sure your systems (and knowledge and common sense) were up to date, this should be a wake-up call.

By the way, my client was not out in the middle of Asia or Africa… he was in Toronto.  This is a threat here… wherever here is to you.

DONATE

%d bloggers like this: