GEConsult LOGO
GEConsult BLOG   blog app ver. 6.1 by GEConsult.ca
± Safe Computing± Safe Computing  Comment 
 posted by Gary Eikenberry2022-03-12

I've been asked if, in light of the war on Ukraine, should Kaspersky AV be trusted? While I can't necessarily give a definitive answer, I can suggest reading this post: https://basic-tutorials.com/news/ukraine-war-can-we-still-trust-kaspersky-co
Comment  posted by Lam Fong2019-11-19
If you're like me and tend to do online banking or anything else that requires you to log in on your phone when you're connected via a public wifi hotspot or using your G4 or whatever data connection you shouldn't place too much trust in that "secure connection" padlock icon. Using a VPN service adds a much greater level of protection as well as defeating trackers.
Why make it easy for the nasty side of the internet to turn you from a user to a victim?
Comment  posted by Gary Eikenberry2019-11-14
"I think we've been hacked." The call came from a family law firm. In fact the problem started with a "click bait" email which compromised one of the partner's address book followed by an email appearing to be from a client with an attachment which, when opened, installed a key-logger giving some unknown third party access to all manner of passwords, sensitive files and other information.
They were relatively lucky this time. The mistake was detected, passwords were changed and, although some data was compromised, they weren't hit with ransomware and security holes were plugged.
Sometimes anti-malware apps can give a false sense of security. There is no substitute for informed and vigilant users and safe-computing practices.
Comment  posted by Gary Eikenberry2019-09-08
Many people think of a VPN as nothing more than a way to circumvent geo-restricted content, but a VPN can be just as important for safe computing as your anti-malware software. I you don't know why, take a look at https://www.forbes.com/sites/leemathews/2017/01/27/what-is-a-vpn-and-why-should-you-use-one/#4be73ed14b8f
Comment  posted by Gary Eikenberry2018-12-12
We live in an era where the vast majority of individuals seem to be more than willing to trade privacy and data security for connectivity -- or at least what passes for connectivity on social media, all to often leaving themselves easy marks for insidious click-bait.
More and more of the recovery operations we've had to do on clients' devices recently aren't due to hacking but ill-advised clicking. Please think before you click and back up regularly.
Comment  posted by Gary Eikenberry2018-12-12
We live in an era where the vast majority of individuals seem to be more than willing to trade privacy and data security for connectivity -- or at least what passes for connectivity on social media, all to often leaving themselves easy marks for insidious click-bait.
More and more of the recovery operations we've had to do on clients' devices recently aren't due to hacking but ill-advised clicking. Please think before you click and back up regularly.
Comment  posted by Gary Eikenberry2018-11-13
In our current political and economic environment it would be naive to assume that any government or large organization (criminal or otherwise) wouldn't be concerned, not only with protecting their own data, but also exploiting the vulnerabilities of their competitors.
Comment  posted by Gary Eikenberry2018-10-08
Is your hardware safe? If Meltdown & Spectre and NSA back doors weren't enough now there's the Bloomberg Report of Chinese infiltration of a major server supply chain. What should you fear? https://www.servethehome.com/bloomberg-reports-china-infiltrated-the-supermicro-supply-chain-we-investigate/
Comment  posted by Glen Holman2017-10-16
Take this seriously! My organisation was hit. 3 users lost a week of email and about 50 documents. Gary's team got us back up and running at a cost that amounted to less than the demanded ransom. But even if it had been more, better that than supporting the criminals who may or may not have coughed up the encryption keys. Only the fact that our file server doesn't run on Windows saved us from more devastating circumstances.
Comment  posted by Gary Eikenberry2017-10-15
A recent ransomware crisis we were called upon to help remedy resulted in > 30 billable hours of support time and 2 days of lost productivity. In the end there was minimal data loss because of a solid backup strategy and a quick realization and response. But this was far from trivial.
2 days later we received a call from another client who had been hit by the same exploit. They weren't as quick to realize what they were facing and their latest backup was compromised, resulting in 2+ days of downtime and 6 days of lost data.
Safe computing practices and personnel policies to teach them and make them mandatory are absolutely critical in the current IT environment. If you use email or a web browser (and who doesn't?) you are vulnerable. If you don't take steps to protect yourself your are naive.
Comment  posted by Gary Eikenberry2017-05-19
The recent media uproar about the WannaCry exploit has, once again, brought the issue of computer security to the forefront but some clarification is called for. First, this was not a case of hacking as it has been mislabeled. It was, in fact, a particularly virulent example of malware which, by all indications, required user action, such as opening an email attachment or a web link, to launch the code that did the damage.
If anything, the damage done in this case should serve to underscore the basic tenets of safe computing:
1. Regular backups are critical.
2. All systems should be kept up to date. Old and unpatched operating systems and software are as dangerous to computer networks as broken floorboards or windows are to a house.
3. Policies and user training to prevent the user actions which invite malicious code into networks are equally important: the best locks and alarm systems for your home aren't much help if its residents open the doors indiscriminately to anyone and everyone who comes along.
Comment  posted by Peter Fenstermachlenburg2017-02-23
Don't trust Apple to keep you safe! An ill-advised click on a website that was probably bogus in the first place created a real mess.Malware designed for Windows can't harm OS-X, but a Java applet launched by a click doesn't care what your operating system is.
Comment  posted by Dave Canus2016-12-05
Today we were hit for the second time in less than a month with "fake" ransomware. Fake because the files on the PC aren't really encrypted but you can't get past the message that says they are. By removing the hard drive and accessing it as an external device Gary was able to save the files and then restore the PC from a cloned image before reloading the files copied from the drive before it was re-done.
Fake or real, ultimately the only solution to these attacks is a good drive clone and/or backup.
Whatever you do, don't pay these idiots to encourage this scourge.
Comment  posted by Gary Eikenberry2016-08-14
Overheard in a pub: "This whole computer virus thing is just a protection scam perpetrated by the guys that make the software." Malware is indeed a big business but the ones getting rich are not the anti-malware software companies. Ransomware, on-line identity and credit card theft are major revenue streams for organized crime and terrorism. Failure to protect yourself with safe computing habits amounts to aiding and abetting.
And most anti-malware software, especially the free versions that most people use, will not, on its own, protect you from things like phishing exploits and clicking sketchy links or "OK" buttons without understanding what you're accepting or agreeing to.
Comment  posted by P. MacAuslan2016-08-11
Good point! Ask yourself "How much does a good backup strategy cost?" Then ask yourself "How much would it cost us to recover from a ransomware attack or some idiot unplugging a running server to plug in a hoover?" You can buy anti-malware products but they aren't foolproof. To protect yourself from fools (or machine failure or nasties that slip through the anti-malware gaps) you need backups!
Comment  posted by Glen Holman2016-06-29
The importance of backups can't be over-emphasized. One of our laptops was hit with ransomware. Probably from opening an email or a website. Fortunately it was discovered before anything got introduced to our server. Even though paying to have the laptop recovered cost less than paying the ransom the most recent backup for the laptop was almost 2 months old so the lost data also represented a cost.
Comment  posted by Dave Canus2016-05-29
Take this seriously. Failure to do so can cost time, money and loss of opportunity. Believe me. I'm speaking from experience.
Comment  posted by Gary Eikenberry2016-05-28
It's important to stress that running something other than Windows can no longer (if it ever did) keep you safe. Lately we've been seeing a number of web-based exploits that are what we refer to s operating system agnostic, which is to say that they attempt to do their dastardly deeds regardless of what system you're booting. If you use a browser and are connected to the Internet you are potentially vulnerable. Of course this type of threat generally requires that you visit a compromised website, but without the proper protection you won't necessarily know that the site you're visiting is compromised.

A staff member for a client organisation recently thought she was clicking a link that would take her to eBay. By the time she realized that the "eBay" that the link had sent here to was not the real thing, the damage was already done. Not only had she given up her eBay account access information, but the malicious code that had run in the background had installed a downloader worm on her office workstation.
Comment  posted by Gary Eikenberry2016-05-26
Whatever your operating system or computing environment, a few simple habits can help protect you from malware and other threats which can transform your computer into a portal to a nightmare of hijacked email, ransomed data, stolen passwords or even stolen identities and other disasters. Just as I tell students in my self-defence and street-proofing classes, I don't intend to make you paranoid, but want to stress the importance of arming yourself with some information and techniques to make you safer. Have a look at
http://www.geconsult.ca/safe.php for an overview on safe computing.
± ABOUT this Blog± ABOUT this Blog  Comment 
 posted by Gary Eikenberry2016-05-26

We welcome your questions, ideas and input on Internet, Information Technology and related topics, however this is a moderated blog. Off-topic or disrespectful comments will be deleted.

± Database Tools± Database Tools  Comment 
 posted by Phil MacAuslan2017-02-23

The SQL utility that allows us to convert a CSV dump from a different table or an external database or spreadsheet, such as from a client, is a tremendous time saver, as is the utility to do a bulk import by mapping fields from one table to another. These are both things we need to do frequently. What used to require an outside programmer or specialised database manager can now often be handled in-house.

Comment  posted by Gary Eikenberry2017-02-22
We certainly appreciate Phil's praise, but feel that a little clarification is called for.
dbChameleon is a generic database management web app specifically for working with MySQL.
I would also add that we've been working with Phil and his company since the release of version 3.0.0 and many of the utilities to which he refers have been developed and refined in co-operation with him and his staff.
Comment  posted by Phil MacAuslan2017-02-20

Any business that depends on an on-line or even in-house database needs to take a serious look at GEConsult's dbChameleon.

This is a mature product which is quite accessible for regular office staff as well as more sophisticated database managers. At Coriolis Campaign we depend heavily on importing and massaging datasets from external sources for data mining and the market analysis sides of our business. dbChameleon makes this work more manageable and cuts our costs by greatly reducing the amount of custom database work we have to hire out.

± That old computer doesn't belong in the trash± That old computer doesn't belong in the trash  Comment 
 posted by Lindsay Frye2016-07-25

Most of the talk about operating system changes these days seem to involve Windows 10. After I was hit with a 3rd malware infection on my Windows notebook in less than 2 months I decided to ask Gary to replace Windows with Linux.
As a graphic designer I'm still more or less tied to my MacBook for a lot of things but for things like writing letters and proposals I tend to prefer the Ubuntu (Linux) notebook more often than the Mac and certainly more often that I did when it was Windows 10.
I seriously doubt that I'll want to go back. I'm even finding some free Linux graphic apps that might rival some of the costly commercial ones I use on the Mac.
Comment  posted by Peter Firth2016-05-29
I tried a dual boot first on my laptop. It didn't take long before I was switching my default from Windows 8.1 to Ubuntu Linux. Its Unity desktop interface has really grown on me.
Comment  posted by Victor Hamid2016-05-28
2 points:
1. You might be surprised how painless switching from a Mac to Ubuntu Linux or from Windows 7 to Lubuntu Linux can be.
2. There lots of charities out there looking for used computers that can be re-purposed for domestic low income users or for third world use.
Comment  posted by Gary Eikenberry2016-05-26
"E-waste" is a growing environmental issue. Give some thought to getting off the planned obsolescence treadmill. Even if the latest software from Microsoft or Apple requires ever-newer and more powerful (and often more expensive) hardware, there are open source alternatives which may well surprise you with how well they can accomplish everything you need on the very same hardware you're being encouraged to replace. And even if you are addicted to having the latest thing, consider the alternatives to landfill or even e-Waste disposal sites. Read our tips on Green Computing at http://www.geconsult.ca/green.php.
± Windows 10± Windows 10  Comment 
 posted by Phil MacAuslamd2019-03-19

That's it! Coriolis Campaign is now officially a Windows-free zone.
After one last Windows Update debacle we switched the last machine in our office to Linux. For anyone out there who clings to a Microsoft dependency I will emphatically assert that LibreOffice on a Linux platform is fully compatible with MS Office files and Mozilla Thunderbird does a fine job with email - even with MS Exchange hosted accounts. And when was the last time Microsoft paid any attention to you suggestions or requests for fixing issues or "features?"
The improved security and stability are worthwhile and the learning curve is quite manageable -- even old dogs like me have learned a few new tricks that make the switch well worth it.
Comment  posted by Phil MacAusland2018-10-09
Restricting user control over the update process definitely did not "make Windows better". On the other hand, the improvements to the Ubuntu Linux update process with the last LTS release definitely made Ubuntu Linux better.
Comment  posted by G. Watson2018-10-08
Microsoft got a lot of things right with Windows 10 but the update process continues to be a source of aggravation and in spite of claiming "we're making Windows better," there are still too many instances where it breaks something, including Windows Update. On a laptop it has a habit of taking over your computer at a most inconvenient time such as a recent 10 minute plus hold up when I was trying to shutdown my system before leaving with it for an important appointment. Trust me. When it says "...don't turn off your computer," it means it. Saving a few minutes by powering down anyway meant I made it to my appointment on time but had a laptop stuck in a reboot loop which later took me well over an hour and quite a lot of bad language to cure.
Comment  posted by Gary Eikenberry2016-12-06
The ability to easily turn off Cortana and her privacy-compromising ways is gone as of the anniversary update. You can still do it with a registry hack but that isn't exactly an improvement. And Bitlocker is turned on by default, which presented some special problems on at least one dual-boot machine running Windows 10 Home. Until I found a way to disable it, every time after booting to the non-Windows OS it was necessary to enter a 48 digit "Bitlocker Recovery Key." Search the Microsoft sites & forums for information for how to disable Bitlocker and you get lots of information about how secure and wonderful it is and how to enable it but nothing about turning it off -- or at least nothing that works on the home edition post-anniversary update. I might add that the same issue cropped up on a client's laptop which had to be booted from a non-Windows USB thumb drive to clean off a malware infection, only to be told that the drive was not accessible, which meant it couldn't be scanned and cleaned until I booted to the compromised OS in order to disable Bitlocker. Somehow that doesn't strike me as making the computer more secure -- in fact, it's almost like Windows 10 with Bitlocker is a new form of ransom ware. They may not demand payment, but retrieving and entering that recovery key is, at best, a tedious exercise.
Comment  posted by P. MacAuslan2016-08-11
We run a mixed platform shop with Microsoft, Apple and Linux systems. All of our MS desktops and notebooks have now been converted and all be 2 of them have been subjected to the anniversary update. On the one hand it's more secure but on the other having to repeatedly reset our privacy settings to tell Microsoft to keep it's damned nose out of our business is a pain in the ass. And messing up McAfee on the notebooks wasn't exactly a security enhancement. I also don't like the fact that the anniversary update messed with desktop and start menu preferences.
On the plus side Windows 10 seems to integrate better with our mixed platform network with 2 Linux-based servers, one in Toronto and one in Ottawa. Windows 7 was more difficult to get and keep properly configured and Windows 8 & 8.1 on the 2 laptops we tried it on was downright obstreperous.
Comment  posted by Gary Eikenberry2016-08-08
More on the anniversary update -- in particular nasty surprises to watch out for: http://www.techrepublic.com/article/windows-10-anniversary-update-watch-out-for-these-nasty-surprises
Comment  posted by Gary Eikenberry2016-08-04
We've had reports and have encountered a few issues with the Windows 10 Anniversary Update (August 2016). In particular some anti-malware products either prevent the installation or are disabled or forced into error by the update.
An additional issue is that privacy settings and some preferences are reset to defaults by this update. We recommend carefully reading any warnings during the update and reviewing your settings and preferences following the update.
Comment  posted by Dave Canus2016-08-01
We took the plunge and had a mostly positive experience. Our accounting system will only run in 7 so 1 of those machines wasn't upgraded and the other one was but had the accounting software set up in a virtual machine. That's a little awkward but since the person on that machine only goes into accounting once or twice a month she can live with it and prefers to be on the same system as almost everybody else.
We kept the laptops used by our guys in the field on Linux because we had been having virus issues on them. Besides we would have had to pay to put Windows 10 on them since it would have been a new install instead of an upgrade.
Comment  posted by Gary Eikenberry2016-07-28
A more detailed evaluation and saga can be found at win10.php.
Comment  posted by Gary Eikenberry2016-07-26
With the Windows 10 free upgrade deadline almost upon us I'm still getting calls and emails asking if it's a good idea. Unfortunately I can't give a definitive answer. My experiences with upgrading my own systems and those I support have been mixed. My experience as a user (I'm entering this post on a desktop system running Ubuntu Linux) is also mixed. I have clients who are quite pleased with it and others who have tried it and decided to stay with or revert to Windows 7. In the final analysis my recommendation is to thoroughly evaluate your requirements and try it before committing to an upgrade. It might be right for you.
On new systems, if you're committed to or confined by circumstances to the Windows ecosystem I would rate it as acceptable and less disruptive than 8/8.1.
Of course I will continue to recommend one of several Linux alternatives if you don't have a requirement for a Windows only application with no compatible Linux alternative.
± The Googlization of Navigation± The Googlization of Navigation  Comment 
 posted by Gary Eikenberry2016-09-15

It seems that many users are losing the ability to use basic website and web application navigation systems. They've become so accustomed to the Google search paradigm that they can't be bothered with nested menus or other means of organizing sites and applications, even if typing a search phrase and then scrolling through the resulting list actually takes longer than menu-based navigation.

In preparation for doing some re-design work, one of our clients recently implemented a short-term tracking project to try to understand how users moved through their site. They were surprised at the number of times someone actually left the site to return to Google to enter a search phrase that included their domain name and what the user was looking for on their site rather than using the site's internal navigation system.

They were concerned that users would jump out to Google and, with ads, results shaping and paid placement, might end up on some completely different site. A design consultant suggested that they needed a more intuitive navigation system, but in the end they asked us to build an internal site search system.

We're not sure if this "if you can't beat 'em join 'em" approach is the answer, but we're implementing the site search tools on our own site as a demonstration.
± Stop Googling and start searching± Stop Googling and start searching  Comment 
 posted by Gary Eikenberry2021-05-09

Are you tired of being tracked every time you use a web browser? Are you aware of the extent to which Google's search engine shapes your results? Google dominates Internet search engines not because it's the best, but because it's ubiquitous.
Maybe it's time you stopped Googling the Internet and started searching. How about trying DuckDuckGo? https://duckduckgo.com/ doesn't track you or share or sell your search history or shape your results based on your previous search history. Try it. You might be surprised.
Comment  posted by Gary Eikenberry2021-05-09
Are you being FLOCed? Google is running a Chrome "origin trial" to test out an experimental new tracking feature called Federated Learning of Cohorts (aka "FLoC"). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States. The The Electronic Freedom Foundation has launched a page which will try to detect whether you've been made a guinea pig in Google's ad-tech experiment: https://amifloced.org/
± Physical distance -- Virtual closeness± Physical distance -- Virtual closeness  Comment 
 posted by Gary Eikenberry2020-05-12

As the necessity of virtual meeting and video chatting continues I have taken the step of setting up a private Jitsi meeting server. To date it has been successfully used for project team and general staff meetings, meetings and consultations with clients and friends and family video chats. I'm even teaching my martial arts classes on-line using it. There was no additional hardware required although after a proof of concept on our internal server I decided it would be used enough that the modest extra cost (< $200/year) of renting a VPS (Virtual Private Server) was justifiable. It runs on a 2 core, 4GB VPS with a 80GB SSD. The installed OS is Ubuntu Server 20.04. Both the OS and Jitsi-videobridge software are free and open source.
Comment  posted by Gary Eikenberry2020-04-09
With the Covid-19 pandemic businesses, organisations and people in general are looking for ways to collaborate and stay in touch. Heavy use and security and privacy concerns of stand-bys like Skype, MS Teams and Zoom have people looking for alternatives. Take a look at the Collaboration & Remote Access section of our Links page.
Comment  posted by Gary Eikenberry2020-03-14
Recently, largely in response to the COVID-19 hysteria and legitimate concern, we've had lots of requests to set up offices and the people who work in them for remote access. There are a number of options available depending on the type of access required. Since many of the organisations we serve operate in cross platform environments our preferred remote desktop option is NoMachine (https://www.nomachine.com) which is available for Windows, Mac, Linux, iOS and Android and, of course RDP. For file access there are various cloud-based solutions as well as VPN, SSHFS and FTP strategies.