Call on Ken

Email: “Click here to…”

2012-01-14T14:07:00.000Z

There has been a recent spate of email messages arriving saying nothing more than "Click here to see the attached photos” or "Click here to read this message”.

These emails generally seem to come from someone you know and trust and so you might be tempted to "click here" to see what it's all about.

Typically you then get taken to a web site where you are offered the chance to win some great prizes and before you know it, you've been tempted to dial or text some number and very soon you find that it's cost you several pounds! (Remember calls and texts from mobiles may be considerably higher!)

The thing that makes it so bad is that the email seemed to come from someone you know and trust!

IT DIDN'T!

Someone’s got hold of an address book and is sending out lots of these things. It's extremely easy to send out emails claiming to be from anyone... there's nothing magic about emails... it's just a lot of text which includes (among other things) a line saying 'From: BillGates@microsoft.com', or whatever address you care to put in there.

So how did they get hold of an address book with your name in it? You remember all those 'fun' emails or 'warning' emails that say, "send this to everyone in your address book"? By complying with this you send out the contents of your address book!

As a basic principle, NEVER copy emails to lots of people in this way. If you are responsible for sending out, for example, a newsletter, always use Blind Copy (BCC) for the list of recipients. In that way you won't be sending out lots of email addresses!

Beware of Dust!

2011-07-17T10:52:00.000+01:00

Dust is a great insulator and stops things (like your computer) being kept cool.

If you don’t keep it cool then it runs for a while and then suddenly switches off and then often won’t start and stay running unless you leave it a while to cool down. Sound familiar?

Dust may be your problem.

Open up the machine and use a large, fluffy paintbrush to clean out all the dust you can see. Especially round the processor fan. (don’t use a vacuum cleaner – it’ll kill the machine!).

You may even need to take the fan apart to clean it properly but then you’re better off calling me because there’s “technical stuff” in putting it back together involving thermal paste and such.

Your computer is infected - please buy our product!

2011-05-29T14:26:00.001+01:00

What is it?

For several years there have been malware infections around which fall into the category of 'Fake Alert' programs, that is they purport to have detected infections on your machine and offer to scan it for you. This process takes only a couple of minutes and then it confirms it has found LOTS of things and your security is at risk, and it offers to fix them for you but you need to pay them money! Some common names for this include XP/Vista/Windows7 Antivirus/Antispyware 2011 (or some other year) and It will often tend to change its name to match your system!

Of course it's a scam - there's no way it could have scanned your computer in only 2 minutes and the only infection you can be certain you've got is this rather nasty piece of malware.

The reason I'm bringing this up now is that there has been a recent increase in this type of infection and it can be VERY troublesome! It will very often prevent any programs from running which makes getting rid of it a bit problematic!

Usually the following approach works. I'm not going to explain this in terms that the non-computer literate can understand, for once, because if you don't understand the instructions then you probably shouldn't be trying it!

How to Fix it

First thing is to boot into safe mode with networking and download Malwarebytes Anti Malware, install it and let it get the latest updates and then run a quick scan. This SHOULD get rid of the infection and when you reboot normally you should find it's no longer popping up. Very often, however, you'll find that you can't run any programs and that's because it's messed up the registry. To fix that you need to create a file called, for example, fixexe.reg and containing the following lines:-

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

and then double click on it to run these commands against the registry. With any luck you should now be able to run your programs again.

How did you get infected?

It's very hard to say exactly what happened, but you almost certainly did it to yourself! Did you ever get a message saying a web page needed a component to be downloaded in order to view its content? That's a very common way of tricking you into downloading dodgy software!

Turn off the power!

2011-03-31T11:57:00.002+01:00

Sometimes I get called about a computer that seems 'dead'. There are often lights are on but the screen is blank or it was on but now nothing's happening. This is particularly common with laptops.

A very common cause of this is that it's gone into standby mode and won't come out. This is where the computer saves what it's doing to memory and closes itself mostly down... basically 'going to sleep'. What is SUPPOSED to happen is that pressing the power button should wake it up and it should spring back to life.

This doesn't always happen as it should and the computer stubbornly refuses to come back on!

The solution is just to turn it off. It does mean that you'll lose anything you hadn't saved (but you wouldn't have left your computer in that state, would you?)

And before you say, "but I can't turn it off!", YES YOU CAN!

Hold down the power button for at least 15 seconds and the computer will almost certainly turn off.

In the unlikely event that this doesn't work, remove the mains and, for laptops, remove the battery. That'll stop it! I've not met a PC which can operate without power!

Good Passwords and Keeping them Safe

2011-02-26T14:30:00.000Z

Increasingly I'm finding problems with people's passwords.

Very commonly they don't know what they are because the computer always puts it in for them. Of course that normally means that it's easy to get the computer to tell me what they are!

Worse than that, though, is that they CAN remember because they always use the same one.

This is a very BAD idea!

So let's have a look at some of the issues...

Use a GOOD Password

It's tempting to use a password that's easy to remember like 'john', 'rover' or '550321' (your name, your pet's name or your date of birth) but that information is ridiculously easy for a determined hacker to obtain.

So don't use Your partner, child, or pet’s name, possibly followed by a 0 or 1, 123 or 1234 or 123456, “password”, Your town or college, football team name, Date of birth – yours, your partner’s or your child’s, “god”, “letmein”, “money”, “love” - statistically speacking that covers probably over 20% of passwords in use!

If I set YOUR computer to finding a typical password of 8 characters, trying every combination, it would probably find it in around 30 hours. Of course, if I used 10 computers to do this (and that's not a problem to do), it'd only take 3 hours! This is assuming you're only using lower case letters. Put in upper case and numbers and special characters then the time is now being measured in centuries!

So here are some things to do...

Substitute numbers for letters that look similar, eg. number 0 for letter o, 4 for A, etc. Even better substitute special characters like '$' for 's', @ for 0. Make up your own substitutions that make sense to you!

Use capital letters as well as lower case.

Think of something significant to you, maybe a place or an event but NOT a person's name and then make the substitutions.

Here's an example. A place I visited when young was arberlow, but let's make it a bit longer and use "arberlow stones". Note that already there's a special character, the space.

Now for some substitutions, how about, "Arb3rl0w St@ne$". That that IS a strong password!

You can check out password strength at passwordmeter.com

Use a Different Password for each login

This should be obvious but if a hacker can get at one password then you don't really want them to get at all of them! It can be surprisingly easy for hackers to get at some passwords and the easiest way is for them simply to ask you! You've probably seen those emails which say something like your account has been compromised and you need to fill in a form with all your details in order to reactivate it. Obviously you would NEVER respond to such a request, would you? They are ALWAYS scams and are just someone asking you to give them control of your account!

And don't think that the password to your e-mail box isn’t important because there's nothing sensitive! Have you ever lost a password and applied for a new one, say from your bank? The method is that they send you a new password by email so if I can get at your email, I may be able to get your bank to reset the password and email it so then I can get at your bank account. Scary!

How to Remember all those Passwords

OK, so you're now using lots of secure passwords but now can't remember which works with what! It's a problem and you COULD write them down in a special note book, provided you're sure no-one can get at it, hoever a better approach may be to use a piece of software known as a password vault. A couple of free such products are AnyPassword and KeePass.

With this software you store the passwords (and user names and other things) but you can only get at it if you remember the master password to open the safe. The passwords are stored using high quality data encryption so even if you lose the database, without the master password (which should be a good one!) it's useless.

How to get your accounts hijacked

2010-10-15T08:33:00.001+01:00

A recent incident has reminded me that the easiest way to discover someones password is simply to ask them! OK, it's not as blatant as that but sometimes amongst all your spam emails you may find something which is doing just that.

In this case someone received an email about their Gmail account. It claimed to have come from Gmail and looked very credible and said that they believed the account had been compromised and asked for such things as full name, date of birth, PASSWORD, etc. These were duly given.

In this case it has resulted in no longer being able to access that Gmail account and the account being used to send out whatever emails the bad guy wants. There is also the potential that emails had been sent or received containing sensitive data!

There was another case a few years back where one of my clients had exactly the same scam pulled on his eBay account. This time it was slightly more serious because some money was spent from the account.

Although eBay had methods in place to quickly deactivate the account, with Gmail it is proving to be a lot harder so it's probable that the account will be lost to the user. How awkward would it be if that happened to you? Would you lose all your emails? Contacts? Calendar?

So the basic rule is NEVER give your password to ANYONE unless you are ABSOLUTELY SURE who they are and whether they are justified in needing it. Organisations who are running things for you (banks, eBay, Gmail, Hotmail, etc) don't need your password to access your details.

DANGER - the latest scam...

2010-08-09T11:14:00.000+01:00

The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise.

Read more at PC-PRO: The unstoppable "tech support" scam

Don't be taken in by people cold calling in this way! Don't be fooled if they seem to know about problems you think you've been having like, "have you noticed your computer seems to be running more slowly that it used to?" - this is true of all computers!

Can't get on the internet (broadband)!

2009-03-28T12:14:00.014Z

Probably the single most common problem I'm asked to resolve is the user who can't get on broadband internet ("my broadband isn't working!").

Here I'm going to attempt to explain the basic diagnostic steps I'd take to find out what's going wrong. Do this yourself and you could save yourself the cost of calling me out! But first - most importantly -if you're having problems getting on the internet then you won't be able to read this so be prepared and print it out and tuck it away somewhere safe!

There's a lot of text in this article so get yourself a nice cuppa and settle down... alternatively, just print it out and file it away until you need it. Of course, by then it'll be too late to ask about anything you didn't understand!

Before we get going it's probably worth while saying that many problems are fixed by simply rebooting the router (not the main computer!), i.e. turn off the power, wait 5 seconds and then turn it on again. It'll spend a couple of minutes with its lights flashing but eventually will settle down and you might just find the problem has gone away!

Let's start by establishing what environment I'm talking about - and note that the processes I'm describing refer to Windows XP or Windows 7. It's very similar on Vista but it's up to you to find out what Microsoft have decided to call the various things in order to find them!

I'm talking of a computer which connects to the internet using a router and also that it uses the normal networking setup.

This doesn't apply if you're using a broadband modem (common ones are Thompson Speedtouch, Sagem modem and BT Voyager 100 or 105). These are small boxes connected to your computer using a USB cable).

As for 'normal network setup', if you've changed the setting you'll probably know about it. What I'm describing isn't necessarily going to be totally correct if you've set a static IP address. If you don't know what I'm talking about, don't worry - it means you probably haven't!

Step 1 - OK, so first thing, is your computer talking to the router?

To test this go to the Start button and select "Run...". This will bring up a box in which you can type a command so type in 'cmd' (without the quotes) and press enter. Now you'll get a bigger command window. In here type 'ipconfig' and press enter...

You should be presented with something like

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

There may be several such entries and it may mention 'wireless' in there somewhere (and Vista will look even more complicated!). What this is telling you (if it worked) is that your computer has an IP Address (think of it as a telephone number) of 192.168.0.2 and your ROUTER has an address of 192.168.0.1.

If that's showing OK, then it's a good start - your computer looks like it is talking to the router but we'll just confirm that so type in
ping 192.168.0.1 [but replace this number with the default gatway address above] and press enter

now you should get something like

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=2ms TTL=245
Reply from 192.168.0.1: bytes=32 time=1ms TTL=245
Reply from 192.168.0.1: bytes=32 time=2ms TTL=245
Reply from 192.168.0.1: bytes=32 time=2ms TTL=245

Assuming that you do get this then the computer and the router are indeed talking to one another and so you can move to Step 2!

Still here then? So you didn't get that stuff se we need to know why it's not talking to the router. Possible causes are (including the really simple stuff)...

Your computer's network card isn't turned on
Your computer's network card isn't working
The cable between computer and router is unplugged
The cable between computer and router is defective
The router isn't turned on (sort this one out yourself!)
The router isn't working
There's something wrong with the wireless link

Until now I've not mentioned wireless connections and they, of course, introduce a whole new set of problems so if you're not connecting to the router at this stage, try it without the wireless and connect the computer directly to the router with an ethernet cable (one probably arrived with your router) then see if the broadband is working and if not, go back and repeat step 1.

If it is then go down to the later section about Wireless Problems.

So let's look at the possible problems but first have a look at the router. There should be a light on saying something like 'LAN' which, if you unplug the ethernet cable, would go out. If this light isn't on then one of the following may be the cause...

Network card not turned on? To check this, go to the Start button and select control panel and double click on 'Network Connections'. You should see someting like "Local Area Connection ..... Connected". If it says "Disabled" then right click on it and select "Enable" then go back to step 1.

Network card isn't working? It could be a simple case that the hardware's failed!

The cable between computer and router is unplugged? If you need me to help you sort this problem then maybe you should try a little gardening instead!

The cable between computer and router is defective? Try and get hold on another cable to try. It could have become defective.

If the LAN light IS on then there seems to be a problem with the router and it's now getting very tricky to sort this out yourself! It could be the configuration of the router (DHCP settings and other such technical terms!) or simply that the router has stopped working.

Step 2 - Is the router talking to the internet?

In the command window (which you've still got open) type the following...
ping 173.194.37.104
and press enter

Hopefully you should see something like

Pinging 173.194.37.104 with 32 bytes of data:

Reply from 173.194.37.104: bytes=32 time=40ms TTL=245
Reply from 173.194.37.104: bytes=32 time=41ms TTL=245
Reply from 173.194.37.104: bytes=32 time=40ms TTL=245
Reply from 173.194.37.104: bytes=32 time=39ms TTL=245

Ping statistics for 173.194.37.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 41ms, Average = 40ms

If you do, that's great because it means that the router IS talking to the internet so go to step 3.

If you didn't get those 'ping' responses then it would seem that your router isn't talking to the internet.

Step 3 - Are full internet services available?

This time, in the command window (which you've still got open) type the following...
ping google.co.uk
and press enter

Hopefully you should see something like

Pinging google.co.uk with 32 bytes of data:

Reply from 173.194.37.104: bytes=32 time=40ms TTL=245
Reply from 173.194.37.104: bytes=32 time=41ms TTL=245
Reply from 173.194.37.104: bytes=32 time=40ms TTL=245
Reply from 173.194.37.104: bytes=32 time=39ms TTL=245

Ping statistics for 173.194.37.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 41ms, Average = 40ms

If you do, that's again great because it means that not only is the router talking to the internet but that it's able to do all the stuff it needs to access web pages.

Sadly, it also means that you've reached the end of the road because the internet IS working fully, there must be something else stopping your connection and that's a REALLY big topic!

Wireless Problems
OK, we'll assume that you're here because it all works fine with a wired connection but you can't use your wireless link.

Again there are a number of possible causes...

Is the router wireless switched on? There should be an indicator light on the router, maybe with a symbol of an aerial showing that it's on. If it's not on you're going to have to refer to the section later on, "getting inside the router"!

Is your computer wireless switched on? In the case of laptops there may be a physical switch or button to turn it on or it may be done by pressing a function key (find the key - maybe with a picture of an aerial) and hold down the 'Fn' key while pressing this key.

Are you detecting a wireless signal? Assuming both ends of the wireless system are switched on, you should see an icon in the task bar of your screen (bottom right hand corner) telling you something about the wireless connection. Maybe it's saying (if you hover over it) "Not-connected, right click for more options". Equally you could look in Network Connections via the control panel as described in Step 1, "Network card not turned on". Right click and select View Available Wireless Networks. Hopefully you'll see your router there - if not and the router wireless is on, then you've got a problem that's just gone outside the scope of this article! If you can see your router then you ARE detecting its wireless signal!

Have you using the correct security details? In order to connect to your router (which SHOULD have security turned on!) you would need to provide a security key. Hopefully you know what this is and sometimes you'll find it on a label on the router itself (look for words like WEP key or WPA-PSK key), if not then you need to head for the section "getting inside the router". Assuming you do, then all you should need to do is select the network you want to connect to and click on a 'connect' button and follow what it tells you to do. If all goes well, this will make the connection but if not, did you get the key wrong? Perhaps you need to move on to "getting inside the router"!

Getting Inside the Router

By "getting inside" I don't mean actually opening it up! The router is actually a computer in its own right and provides a web-like interface which you access with your web browser (hopefully FireFox, but maybe you're still pinning your hopes on Internet Explorer). If you're doing this because you can't get a wireless connection then, obviously, you're going to have to connect your computer to the router using a cable!

You remember from step 1 you discovered the IP address of the router ... you typed ipconfig and got some information about the gateway address? Well that's the address you'll need now. In my example it was 192.168.0.1. In the address field of your browser (that's where you normally type www.somewebsite.com), type that address, eg. 192.168.0.1.

You may be presented with a status page but most probably you'll be asked for a user name and password. The trouble is that I don't know what they are and you almost certainly don't either! All routers are different and the password may have been changed by whoever set it up (even so, all would not be lost), however there are a number of well known things to try...

with a user name of 'admin', try it with no password and then with 'admin', 'password' and 'root'. If none of those work try with a user name of 'root' and try all those again. Also, if you've got broadband from sky, the password might well be 'sky'.

Hopefully one of these combinations will have got you in so we'll look at what you might be able to discover but if you're not able to get in and don't know the password you may have to reset the router and setup all your broadband details all over again. This means you'll need your broadband account name and password (and if you're with AOL you'll need to know the screen name that was used for the router connection - that's different from your normal AOL screen names!). Once you've gathered all that information then you need to reset the router and, again, routers have different ways of doing this so you probably need to find the instructions that came with it (which MAY tell you), otherwise you could find that information on the internet - if only you had a connection. WARNING if you don't know your broadband password, step away from the computer! It's presumably stored in the router and there are usually ways of retrieving it - but not if you've 'had a go' and changed it!

Inside the Router you'll see all manner of things but because they're all different, they all look different so you'll have to just poke around and see if you can find something that matches what I'm describing. I'm basing my descriptions on a Netgear DG834 router, which is fairly common.

Information about the internet connection

Probably something about this willl be shown when you forst connect to the router but if not look for links called "status". You'll see references to WAN and ADSL - that's the internet connection - and LAN which is the connection between your computer and the router.

Amongst the various status items you might find 'Connected' which probably means that it thinks it's talking to the outside world. More importantly you should find things like 'Gateway IP address' and 'Domain Name Servers' (DNS Servers) and these should be listing IP addresses a bit like you've seen in step 1, for example 62.241.161.237, 208.67.222.222 and 208.67.220.220. If you are getting those type of numbers then it almost certainly IS connecting OK.

Wireless Settings - Is it ON?

Often under a heading of 'Advanced' or maybe somewhere else there would be a section about the Wireless. The first thing you need to check is that it is actually switched on. Look for something like 'Enable Wireless Access Point'.

Wireless Security Settings

Somewhere you should be able to get at the wireless security settings. These will allow you to turn security on or off and, if on, will usually allow you to select the type of security WEP, or WPA-PSK. Presumably it will already be set and you should be able to see the key. If not, you can always save a new one. A WEP key uses the characters 0-9 and A-F and is not (normally) case sensitive, a WPA key allows you to use any characters you want and IS case sensitive. Also the length of a WEP key is determined by the WEP type:- WEP 64 bit requires 10 characters, WEP 128 bit requires 26 characters.

Well that's about it. Hopefully after all that at worst you'll have some idea where the problem lies and, at best, you might even have fixed it!

Fell free to post any comments about this article and let me know if any bits are confusing. This isn't a particularly difficult area but it IS rather complex - there are lots of bits to it.

Eventually this artcile will get put on my website at www.callonken.co.uk with all the other useful stuff.

Windows XP - The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE

2009-03-14T10:37:00.004Z

This article is not for the faint of heart! It is very technical and may help those doing technical support out there. If you're in the 'normal user' category, I wouldn't suggest trying this yourself! You could totally kill your system!!

The problem:

You're getting the BSOD and a message indicating that a registry file is corrupt. There are a number of these messages and you may have found your way to the Microsoft knowledgebase article KB307545. This outlines a rather long winded and very convoluted procedure to try and effect a repair using the tools that Microsoft provides. It also requires (1) that it is not an OEM installed OS and (2) that you have an original XP dsk availble. This solution doesn't have either of those contraints!

The Solution:

What the KB article is all about is getting hold of the latest backed up set of registry files and replacing the broken ones with these. In order to do this you need to start up the machine using something like Ultimate Boot CD (search Google for UBCD or UBCD4Win) - anything that allows you to boot up the machine and get access to the file system.

The files you need are the ones which are saved during a restore point creation and can be found in a folder called something like...

C:\System Volume Information\_restore{B33F2D25-8664-459C-AE54-C8D699E59CB4}\RP180\snapshot

(RP180, for example, is the restore point you want to use - look at dates and times of the folders).

There are 5 files (registry hives) that you need to copy over and these are

_REGISTRY_USER_.DEFAULT
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_SAM

They need to be copied to where the registry files live and this is C:\windows\system32\config.

Before replacing the old registry files (DEFAULT, SECURITY, SOFTWARE, SYSTEM and SAM) it's a good idea to move the old ones to a new folder somewhere or rename them (for example rename SAM as xSAM, etc) so you can go back to where you were if all goes belly-up!

Then rename the restored files to have the correct filenames, for example, rename _REGISTRY_MACHINE_SOFTWARE to be SOFTWARE.

And that's it! What you've done is perform a system restore without using Windows itself.

Of course, I've left out a lot of "how to" details that you ought to know already - like how to navigate through filig systes, copy and rename files, etc.. Like I said, this is a technical article and if you can't fill in the gaps yourself then you shouldn't be trying this!

Just one pointer though... if you're doing this from a Windows boot you may have problems getting into the "System Volume Information" folder because of access rights. If so, have a look at the Microsoft KB article KB309531 which describes ways (including use of CACLS) to get access.

SPAM - the continuing problem

2008-04-19T19:10:00.004+01:00

One of the worst problems - perhaps the worst - on the internet these days is that of SPAM.

For those of you not (yet) afflicted with this 'disease', SPAM is vary simply emails that you didn't expect to receive and don't want. They may be trying to sell you a variety of performance enhancing drugs, a load of watches or simply trying to scare you into believing that your bank account is at risk.

For those badly afflicted, this may amount to over 1,000 unwanted emails EVERY DAY! So if you went on holiday for a couple of weeks, you might find 15,000 emails waiting for you, most of which you didn't want!

So that's the problem but what's the solution?

Well, the bad news is that there isn't an easy solution simply because you can't really define that a message IS spam! What may be spam for one person may not be for another. For example, you may receive what is probably a spam email and send it to me for analysis. When you send it to me it's no longer spam; it's now what I want to receive!

Even so there are still things which can be done to make the situation a bit more controllable.

I'm going to consider the problem in three parts; avoiding it arriving, getting rid of it before you download it and handling it once it gets to your computer.

Avoiding it Arriving

In order to see if we can avoid it arriving, it's useful to understand why it did arrive.

The fundamental problem is that your email address has been discovered by spam generators. This may be because your email address appears on a website or it may be because one of your 'friends' has sent out one of those, "send this to everyone in your mailbox" messages and by doing so has let everyone know your email address!

If your email address appears on a website, the web page can be recoded so that it is not so easy to extract it so if that's the case, contact Ken and he'll help you out - the methods for doing this are beyond the scope of this blog!

As for your friends letting all and sundry know what your email address is, short of changing your friends, there's probably not much that can be done about it, although a quiet word to your friend may help.

Even so, all may not be lost. Perhaps you have an email address something like ken@ourhouse.fsnet.co.uk. Many internet providers give you this form of 'infinite' email addresses where, in fact, anyname@ourhouse.fsnet.co.uk would get to you. Spam generators tend to generate email addresses based on the domain it's found (ourhouse.fsnet.co.uk) and may generate all sorts of addresses like ayxxi@..., 123ab@..., etc. so the first step is to limit your email system so that it simply doesn't allow anything other than the email address you actually want to use. In the case ig fsnet quoted in the example (later Wanadoo and now Orange) they provide some basic filtering capabilities so that you could set up a rule which says something like

If it's TO someone
who is NOT ken@ourhouse.fsnet.co.uk
then delete it

Getting rid of it before you download it

OK, so despite your best efforts, it's still got to your mail box, so what now?

There are two ways of tackling this problem; one is to pay someone else to help (i.e. use an external spam filter like www.spamdefy.com) and one is to control it from your email client. These can be thought of the easy way and the hard way!

Using the easy way, you sign up for an external spam filter system and that feeds your emails through its own processing, identifying emails which contain viruses, emails which come from known bad senders and those which look as though they are 'baddies'. Even so, you still have to sign on to its website to monitor your emails to make sure that nothing which you wanted has been blocked, and to let it know what are 'bad' emails.

The second (hard) approach is to set up filters in your email client and the details of this are beyond the scope of this blog. What basically will happen is that you'll set your email client to download just the headers of the messages (i.e. the bits which say what the subject is, who it's to and who it's from) and then define various rules to decide whether you will delete the original message or download it fully because it looks OK. This approach is not for the fainthearted!

Handling it once it gets to your computer

So despite your best efforts, you've still got spam arriving, so what now?

In this case I'd suggest a (free) spam filtering piece of software be installed, and one such product is Spamihilator (www.spamihilator.com). This is fairly simple to understand and works on the idea that emails downloaded go through it and you train it to understand what you think are spam emails and what are OK. Eventually it gets pretty good at making the right decisions and the email that arrives in your inbox is mostly what you want. Again, you do have to check it regularly to make sure that nothing has been blocked that you wanted!

As ever, if you have any problems or questions about this topic or you need help setting up an effective spam blocking system, just Call on Ken!

Broadband connections and Microfilters

2007-04-27T15:49:00.000+01:00

OK, let's see if I can get you to save yourself some money on calling me out!

This is about the importance of microfilters to a broadband connection.

The microfilter is the little plastic box which plugs into your phone line and then your phone and/or broadband modem plugs into that.
So what does it do and why is it important?

When you talk on the phone your voice is converted into electrical signals which run at a particular frequency. Think of it as someone playing a tune on a double bass.

The broadband connection also uses electrical signals but these run at a higher frequency; that's a bit like someone playing a tune on a violin.

Both of these can be going on at the same time, just like our two string players, but it gets a bit confusing so in order to hear the individual tunes properly you'd need some sort of filter. You could use a filter which blocks higher frequencies then you'd hear the double bass OK, or you could use one which blocks low frequencies so you could hear the violin.

It's the same with the microfilter. The telephone connection doesn't want to hear any of the broadband stuff and the broadband doesn't want to have the telephone interfere with its connection! The microfilter keeps these two signals apart.

So what happens if it's missing?

Maybe you're already guessing this - or maybe you've already experienced it...

Without a filter, if your broadband is running and you use the phone you'll get a VERY noisy phone call! If you're happily using the broadband and someone phones you, you're likely to lose the broadband connection.

So now the crunch... how many and where?

How many depends on your telephone setup. I used to have quite a few installed but then I reorganised my 'phone wiring so now I just need one!

The basic rules are:

Every piece of phone equipment must go through a filter at some point.
The broadband signal must go through one (and only one) filter

That first rule doesn't necessarily mean that every phone needs its own filter; you could have a single filter going to a splitter which runs several phones. And remember that a telephone device includes anything which plugs into the phone system; fax machines, answer machines, credit card machines, even your old computer modem, if you still use that.

So consider the following situation:

Two phones and a fax machine each have a filter and the broadband connection also goes into one of those filters.

Of course, if the extension sockets themselves ran off a filter, the number of filters required would be reduced as in the next layout:

Now all the phone connections are brought together at a single point (the splitter) and that goes through the single microfilter.

Getting the filters right is very important but, with a little thought and understanding, this isn't too tricky. If you don't get it right, your system simply won't work properly!

But remember it's only actual devices that need filters - an empty extension socket doesn't matter... until you plug something into it!

Spam Emails (Phishing for Data)

2007-04-14T10:55:00.000+01:00

I know I keep going on about spam emails and how to recognise the nonsense that abounds but I thought it was time to reinforce this with an example which is going around. I'll explain some ways to spot that it's a fake and reveal something that helps to protect you!

This particular email is titled "Unable to send your reward cheque" and contains the following text...

Dear Nationwide Online customer,

The bank congratulates you as a devouted customer and rewards you with a shopping cheque of 500 pounds, but

We were unable to send your reward cheque due to a possible error your home address information.

This might be due to either of the following reasons:

- A recent change in your personal information .
- Submitting invalid information during the initial sign up process.

Consequently, we placed a temporary restriction on your account. We did this to protect your account from any fraudulent activity.

Please verify your information :

https://www.nationwide.co.uk

Thank you,

Nationwide Customer Service

It's probably immediately obvious that it's a fake, even if I were a Nationwide customer!

However, let's look a some of the phrasing...

"...congratulates you as a devouted customer...", so what's this devouted?? devoted or devout, perhaps, but real emails would be checked fo such things (not that Nationwide would ever send such an email anyway!)

"...due to a possible error in your home address information..." - how do they know it's wrong? If I were a customer of theirs then they'd certainly have correct address information, so this is a load of twaddle!

"...due to ...reasons... change in your personal information" - again, how do they know?,

"...invalid... during...sign up" - OK, if they can tell it was invalid, why was it allowed during sign-up. Just doesn't make sense.

Then comes the total nonsense; "...placed a temporary restriction on your account. We did this to protect your account from any fraudulent activity...". But hold on, this is TOTALLY wrong.

None of the reasons quoted included that someone had got into the account, so there's no need to worry about fraudulent activity
They were worrying because they couldn't send me 500 squids because my address was wrong - so now they're suspending my account?
Would they really do this to a "devouted" customer; suspend the account just because they couldn't send you £500

Anyway, if they wanted to give you £500, why not just credit the account? After all, they'd hope that you pay in any cheque that they sent you!

The biggest clue of all comes when you hover over (don't click on it!) the link https://www.nationwide.co.uk and note in the status area that it actually shows http://74.164.186.235/~test/nnn.html, showing the link to be a total fake.

So what about protection?

Well, if you're using Thunderbird as your email client (and if you're using Outlook Express, then it's time to change!), the first thing is that it displays "Thunderbird thinks that this message might be an email scam"
.

The next thing is that if you DO click on that silly link it pops up the message, "Thunderbird thinks this site is suspicious....."

What's in the box?

2006-10-14T16:15:00.000+01:00

I'm sometimes caused confusion when clients describe their problems and this is down to terminology used. I get told that "the modem doesn't work", or that "the hard drive won't start" when, on further questioning, it turns out that these aren't the components that are causing the problems, just the names that some folk use to refer to their computer so I thought I'd just give a simple guide to the bits that are in a typical computer.

Firstly, note that I'm not referring to laptops (at this stage) but to the common lump of machinery that lives in some sort of case and has attachments such as keyboard, mouse and screen.

OK, let's start with the box itself. This is the case which houses all the workings and may be referred to as the "base unit", the "computer" or just the box! It also comes in different shapes and sizes but we'll not worry about that here.

Inside the box are a small number of components;

Power supply - this is the lump of electronics that takes your mains electricity and converts it into the voltages needed by the computer. It is not uncommon for these to 'die', particularly if there has been lightening around so if your computer does absolutely nothing - no whirring sounds, no flashing lights - then probably you've got a dead power supply.

Motherboard - this is the main circuit board which contains all the components that make up the computer. In fact it's sometimes called a main board. On the motherboard are a few particularly important components (well, they're all important really, else they wouldn't be there!) such as the processor (sometimes known as the CPU = Central Processing Unit) and the memory. The processor is the brain of the computer and the memory is the storage which is used by the computer when it's switched on. Note that this is not the same as the data you store on the disk drive (see later); when the computer is switched off, everything in the memory is lost.

disk drive (sometimes called the hard drive) - this is the permanent (well nearly permanent!) "memory" of the machine but it can cause me confusion if you refer to it as memory! Think of it as the computer's filing cabinet. It's where all your data is stored as well as all the programs you install. Do remember, however, that it's only a permanent store for as long as it's working! If a drive crashes then you can lose ALL of your data so make sure you have a backup of all your important stuff. Programs can be reloaded but what about those precious photographs?

CD drive (or DVD drive) - first there were CD readers, then CD writers, then DVD readers and now DVD writers are common. A modern machine will normally have a DVD writer and this will be able to read or write both CDs and DVDs. These can contain files just like on a hard disk drive or they can contain audio or video tracks which can be played in normal CD and DVD players.

Floppy Drive - once common, these drives are becoming less so. They are very unreliable and it's always best to assume that anything you write to a floppy disk (the 3.5" square thing that goes in the floppy drive) will probably be unreadable. If it's important, make at least two copies. The capacity of a floppy disk is only around 1.4MB which is about enough to hold just one photograph. Increasingly, modern machines are produced without such drives and if you want one you may have to pay extra to get it.

additionally there may be a number of "expansion cards" which provide extra facilities...

Graphics Card - this is a circuit board which plugs into the motherboard to drive your monitor. They vary greatly in capability and price and the more powerful ones have computers of their own on board (known as Graphics Processing Units). Such cards are used for high-performance graphics applications, such as modern games and prices can exceed £1000! For normal email, word processing and the like, a simple card is all that is required (probably costing around £30) and very often the motherboard will have a perfectly adequate graphicsfacility built in to it.

Sound card - In order to hear sounds on your computer (other than a few beeps from its internal speaker) it needs a sound card (although, again, this functionality is very often built in to the motherboard).

Modem - this stands for modulator-demodulator and in this context is a device which converts signals between computer-speak (binary) and some other form. In the case of a normal modem, this means into sounds which can be sent down the phone line. In the case of a broadband modem, it converts between binary and a higher frequency signal.

Disturbing email from Amazon!

2006-10-14T15:54:00.000+01:00

One of my client recently called me about an eMail received which seemed to have come from Amazon and which seemed to be costing around £2,500!

What it said was...

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop.

This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40
Order ID : 37679041

Payment by Credit card

Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ).

PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.  

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.

We hope you enjoy your order!  Thank you for shopping with us!

On the face of it, it looked as though it might be real... had someone got hold of credit card details or was it just a scam?

As ever, we start by looking at things closely for clues...

The first thing of suspicion was that it is dated October 8th but it arrived on October 13th.

The next thing was that they claimed there to be a self extracting attachment containing 37679041.pdf, however, the attachment was order_37679041.zip, which is not self-extracting. Looking at its contents with winzip reveals that it contains order_37679041.exe, not the file they mentioned.

While this could be a self extracting archive, they wouldn't then embed it in a zip file!

Further examination was done by looking at the actual message headers of the email and it contained (among other things)

X-Account-Key: account2
Return-Path: <drapery@exc.com>
Received-SPF: none (mxeu7: 201.81.59.246 is neither permitted nor denied by domain of exc.com) client-ip=201.81.59.246; envelope-from=drapery@exc.com; helo=c9513bf6.virtua.com.br;
Date: Fri, 13 Oct 2006 15:35:38 -0200
From: customercare@amazon.com
Message-ID: <27032496.48506096@swirl.com>
Subject: Order ID : 37679041

In particular we note that the return path is nothing like amazon!

So what about that attachment?

Quite simple; it contained a virus but, of course, there would have been no danger to you cos you're all well protected, aren't you?

Software List

2006-07-18T10:25:00.000+01:00

With all those nasty people out there trying to get into your machine, what software can help you to stop it? The following is a list of the things which I would normally use and, if I've been to sort out your computer, you may find already installed. Most of the software is free (and does not infect your computer)!

Firewall

The purpose of a good firewall is to stop intruders getting in and also to stop naughty programs from getting out and doing things they shouldn't. The product I tend to suggest is Zone Alarm. You may have to search the site a bit to find the free version (they'd rather you bought a commercial one!) but it is there, for home use. Information on how to use it can be found on my website.

Anti Virus Software

Forget your Nortons and your McAfees and go with the free version of AVG! I've scanned computers protected by these commercial products and still found infections! Just remember to keep it up to date! More information on how to use it can be found on my website.

Spyware, Adware and various ScumWare

Clearing these infections is currently the biggest area of work I get. It's almost impossible to avoid them if you use the internet (and clearly you do!). There are a variety of products available which will scan your system when you ask and currently Ad-Aware SE Personal and Spybot Search and Destroy are thought to be the best, but use both since they tackle the problem from slightly different viewpoints.

However... although these products are free there is a much better product which scans your machine all the time and keeps you free of infections, and that is Spyware Doctor. The slight downside is that it's a commercial product but it only costs around £20 ($30) for a year's subscription (which is a lot less than getting Ken to come a sort out your problems!). You can download a free trial.

New Addition: If you don't like the idea of paying money for Spyware Doctor, then at least get hold of WinPatrol (http://www.winpatrol.com/download.html). It's free and will monitor your machine for unexpected behaviours.

SPAM

...in other words, unwanted email messages offering you online drugs, sex enhancement products, investment opportunities and so forth. You know the sort of things I mean; there's such a lot of it about these days.

A good spam filtering product is SpamPal which requires you (like all spam filtering software) to teach it what is and what isn't spam but it very quickly starts working on its own.

SpamPal requires the emails to be loaded onto your machine so they can be filtered but there are services which filter it externally so you don't even have the cost of downloading them. Such products tend to be commercial but one which s worth looking at is SpamDefy - it only costs £0.99 per month and you can have a 60 day free trial!

Web Browser

I know Micro$oft give you Internet Explorer for 'free' but it does have very many security problems and, quite frankly, isn't really all that good anyway (in my opinion). Switch to Firefox (also for free) and on the rare occasions when you really MUST use IE, you can still run it. You'll find Firefox is just as easy to use, provides better protection and has some nicer facilities (so much so that Micro$oft are incorporating a lot of them in the new version 7 of IE!).

Email Client

OK, if you're running Outlook (the full version) and using its various calendar, task, etc. facilities then you might as well stay with it. If, however, you're running Outlook Express then you should switch to Thunderbird which provides all the same advantages that Firefox does over IE.

Remember that it's worth checking my website at www.CallOnKen.co.uk for more details about these and other products - and many other useful issues.

Introducing this blog!

2006-07-15T23:30:00.000+01:00

OK, it seems that everyone who is serious about IT has to have a 'blog'* these days so I'm creating one.

I'll try to add notes about any problems I find which might prove useful to you folks out there and also keep you informed as to any particular threats I discover out there. You minght just find something which can save you calling me out and save you my (ludicrously low) fee!

It is worth knowing that these days probably 70% of my work is now centered around sorting out infected machines and I can't think that I've come across ANY machine which connects to the internet that isn't infected (and that includes my own!). I'll try and keep you posted with what are good measures to be taking to keep your machine clean.

Feel free to add your own comments and questions and I'll try to answer any problems you tell me about and remember my main web site at www.callonken.co.uk where you can find lots of other useful information.

* Blog is short for weblog. A weblog is a journal (or newsletter) that is frequently updated and intended for general public consumption.