Updates 2018-08-14

Hi, Folks!

The next build of macOS, Mojave (10.14), is on the horizon. It will be released next month, and this means that devices running El Capitan (10.11) or older will no longer be supported. Your options are to either upgrade to at least Sierra (10.12) or replace your device. Mojave will not run on all Macs, just as High Sierra and even Sierra made some devices unusable. If in doubt whether your device will be able to support an operating system upgrade, be sure to perform a full disk backup prior to upgrade.

This last month has also brought an enormous increase in phishing attempts worldwide. More about phishing and what you can do to protect yourself in an article due soon.

Now back to our regularly scheduled program. Today is Patch Tuesday and it’s a big one.

The typical computer should see roughly 3gb in updates today. Let’s get started.

Microsoft released updates to Windows, .NET, Internet Explorer, Edge, Flash, and MSRT (~3gb). This includes security updates. A reboot is required.

Apple released macOS High Sierra 10.13.6 Supplemental Update for MacBook Pro. This is a security update. Use Apple Software Update to install these updates. A reboot is required.

Google Chrome OS 68.0.3440.87 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 30.0.0.154 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of the Windows 10 (1803) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients at The Farmory, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 17.0.9.1 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver Update 3.5 improves reliability, adds support for newer hardware and NUCs, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Logitech Gaming Software 9.00.42 adds support for newer games, adds support for newer hardware, and resovles bugs. This is not a security update.
https://support.logitech.com/en_us/software/lgs

Logitech Options 6.90.138 resolves bugs. This is not a security update.
https://support.logitech.com/en_us/software/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 68.0.3440.106 resolves several bugs. This is not a security update. Use Menu, Help, About to install the most current version.

Firefox 61.0.2 resolves several bugs. This is not a security update. Use Menu, Help, About to install the most current version. This build introduces automatic restore of browser tabs, which means that you will no longer be able to simply force-close Firefox to escape the trend of Fake Security Warning sites. I recommend changing this option to False (unfortunately, it defaults to False or True currently based on the whim of Mozilla). Instructions to make this change can be found here.

SeaMonkey 2.49.4 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.37 resolves a bug with GOOG records. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 60.0 is a major new update with many new features and bug fixes. This is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

DynDNS Updater 5.4.6 updates the installation signature and improves compatibility. This is not a security update.
https://www.dyndns.com/

FileZilla 3.35.2 improves compatibility and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.3 improves logging, adds new macros and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201808 is a data refresh.
https://dev.maxmind.com/geoip/geolite

BrowsingHistoryView 2.17 adds support for using environment variables in settings. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Java 8u181 is a security update. If you actually use Java, install the update immediately. If you are unsure if you use Java (or think that Java and JavaScript are the same thing), then remove Java.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

MusicBrainz Picard 2.0.3 updates libraries, resolves several bugs, and improves stability. This should be treated as a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.24.5022 resolves many bugs. This is not a security update.
https://www.origin.com/en-us/download

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Experience Manager (all versions) has security updates available.
https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html

Adobe Creative Cloud Desktop Application 4.5.5.342 is a security update.
https://creative.adobe.com/products/download/creative-cloud

Adobe Reader DC 18.011.20058 is a security update. Use Help, About to install the most current version.

IcoFX 3.2 adds support for High-DPI, resolves several bugs, adds support for new formats and improves features. This is not a security update.
https://icofx.ro/

LibreOffice Still 6.0.6 resolves several bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.5.8 resolves several bugs and improves stability. This is not a security update.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

Avast! Home Edition 18.5.2342 resolves several bugs and improves notifications and user interface. This is not a security update.
https://www.avast.com/free-antivirus-download

Wireshark 2.6.2 is a security update.
https://www.wireshark.org/

DNSQuerySniffer 1.71 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

SmartSniff 2.28 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/smsniff.html

RogueKiller 12.12.31 adds detections. This is not a security update.
https://www.adlice.com/softwares/roguekiller/

Intel-SA-00086 Detection Tool 1.2.007.0 improves detection of SA-00086 vulnerability. This is a security update.
https://downloadcenter.intel.com/download/27150

SuperAntiSpyware 6.0.1260 improves stability, and resolves bugs. This is not a security update.
https://www.superantispyware.com/download.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 12.4.1 is a security update.

XSplit Broadcaster 3.4.1806.2229 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

XSplit Gamecaster 3.3.1805.0406 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

CDex 2.07 improves compatibility and resolves several bugs. This is not a security update.
https://cdex.mu/?q=download

DVDFab 10.2.0.7 resolves several bugs, improves reliability and performance, adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.12.3 improves support for mastering defects, adds support for new encodings, resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

NTLite 1.6.3.6400 improves compatibility, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

GoodSync 10.9.6 improves stability and performance, resolves several bugs, and improves licensing. This is not a security update.
https://12pd.com/click?goodsync

Beyond Compare 4.2.6.23150 improves cloud service reliability and stability. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.16.2 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

CPU-Z Installer 1.86 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 5.55 resolves several bugs and adds compatibility with the current beta of Windows 10. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

CrucialScanner 20180810 improves compatibility. This is not a security update.
https://www.crucial.com/systemscanner/index.aspx

DiskMaker X 7.0.1 resolves many bugs, and improves user experience. This is not a security update.
https://diskmakerx.com/

DMDE 3.4.4.740 adds GUI versions for macOS and Linux, resolves several bugs, and improves reliability for EOF scanning. This is not a security update.
https://dmde.com/

IsMyHdOK 1.44 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NetworkTrafficView 2.15 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

SearchMyFiles 2.85 adds compare mode for duplicate name search. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

OSForensics 6.0.1004 improves reliability. This is not a security update.
https://www.osforensics.com/download.html

PointerStick 3.21 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Autoruns 13.91 improves stability. This should be treated as a security update.
http://sysinternals.com/

TaskSchedulerView 1.42 now restores to the previous position and size. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 13.2.5287 resolves several bugs. This is a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 4.33 improves duplex capability detection for HP and Epson scanners. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

MySQL 8.0.12 is a security update.
https://www.mysql.com/downloads/installer/

Web Package Updates

These are likely to be of interest only to web developers.

TinyMCE 4.8.2 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.5.6 is a security update.
https://drupal.org/download

MailEnable 10.18 resolves several bugs and updates third-party libraries. This is not a security update.
https://www.mailenable.com/

ScreenConnect 6.7.19388.6796 resolves several bugs and improves performance. This is not a security update.
https://www.screenconnect.com/Download

Joomla 3.8.11 resolves many bugs. This is not a security update.
https://www.joomla.org/

WordPress 4.9.8 improves privacy controls. This is not a security update.
https://wordpress.org/

Contact Form 7 5.0.3 improves cosmetic behaviors and adds several new features. This is not a security update.

Custom Facebook Feed 2.7.2 improves reliability but requires rekeying authentication for unowned Facebook pages. This is not a security update.

Postie 1.9.24 improves logging. This is not a security update.

Redirection 3.4 improves redirect detection and adds compatibility warnings. This is not a security update.

Theme My Login 7.0.10 resolves several bugs including fatal PHP compatibility. This is not a security update.

WooCommerce 3.4.4 fixes many bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-04-10

Hi, Folks!

It’s April 10th and the next build of Windows 10, v1803 aka “Redstone 4,” is supposed to be released today. This is a 6gb download that introduces a few new features and controls, but is not yet widely tested. Don’t be the guinea pig. For at least the next month, when you’re prompted that “the new version of Windows is ready,” just say no! I’ll report here when I believe it is safe for most users.

It’s Patch Tuesday and it’s a big one.

The typical computer should see roughly 2gb in updates today. Let’s get started.

Microsoft released updates to Windows, MS Office, Edge, Internet Explorer, Flash, and MSRT (~1.2gb). This includes security updates. A reboot is required.

Apple released updates for macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, Security Update 2018-002 El Capitan, iTunes 12.7.4 for Windows, iCloud for Windows 7.4, and Xcode 9.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 11.3 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 4.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 11.3 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 65.0.3325.209 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 29.0.0.140 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of the next build of Windows 10 (1803) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients at The Farmory, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Intel Driver Update 3.2 adds support for newer hardware and improves compatibility. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Display Driver Uninstaller 17.0.8.5 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 65.0.3325.181 is a security update. Use Menu, Help, About to install the most current version.

Firefox 59.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 52.7.3 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 52.7.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.1.0.14 resolves several bugs, and improves HiDPI support. This is not a security update.
https://www.trillian.im/

Adobe Shockwave 12.3.2.202 is a security update.
https://12pd.com/click?shockwave

WinSCP 5.13.1 is a security update.
https://winscp.net/eng/index.php

Evernote 6.11.2.7027 resolves several bugs. This is not a security update.
https://www.evernote.com/

MaxMind GeoIP Data 201804 is a data refresh.
https://dev.maxmind.com/geoip/

Nmap 7.70 resolves several bugs, adds fingerprints, scripts, and improved service diagnostics. This is a security update.
https://nmap.org/

Npcap 0.99-r3 resolves a couple bugs. This is not a security update.
https://nmap.org/npcap/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.7.4 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.16.49299 resolves download manager and chat bugs, improves stability and TTS behavior. This is not a security update.
https://www.origin.com/en-us/download

Technic Launcher 4/360 improves stability. This is not a security update.
https://www.technicpack.net/download

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice Fresh 6.0.3 resolves several bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice 5.4.6 resolves several bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.5.6 adds previous and next buttons to find, improves monitoring behavior, and resolves 2 crash bugs. This is not a security update.
https://12pd.com/click?npp

OpenOffice Dictionary 2018.03.01 is not a security update.
https://extensions.openoffice.org/en/project/english-dictionaries-apache-openoffice

Adobe PhoneGap Push Plugin 2.1.0 is a security update.
https://helpx.adobe.com/security/products/phonegap/apsb18-15.html

Adobe Digital Editions 4.5.8 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html

Adobe InDesign 13.1 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb18-11.html

Adobe Experience Manager 6.x Cumulative Fixes are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Security Software Updates

One or more of these is likely to be of interest to most people.

QubesOS 4.0 improves security, improves reliability and privacy, with new behaviors targeting imposed security by design. This is a security update.
https://www.qubes-os.org/downloads/

Avast! Home Edition 18.3.2333 improves performance, redesigns the password manager, resolves a fatal data loss bug in the virus chest and allows email on IPv6. This should be treated as a security update.
https://www.avast.com/free-antivirus-download

Wireshark 2.4.6 is a security update.
https://www.wireshark.org/

RouterPassView 1.72 improves file type detection. This is not a security update.
https://www.nirsoft.net/utils/router_password_recovery.html

OpenSSL 1.0.2o is a security update.
https://openssl.org/

OSFClone 1.3.1000 updates libraries, resolves checksum computation bug, and improves compatibility. This should be treated as a security update.
https://www.osforensics.com/tools/create-disk-images.html

RogueKiller 12.12.12 adds detections. This should be treated as a security update.
https://www.adlice.com/softwares/roguekiller/

SuperAntiSpyware 6.0.1258 resolves several bugs and improves engine. This should be treated as a security update.
https://www.superantispyware.com/download.html

Capture Updates

These are unlikely to be of interest to most people.

XSplit Broadcaster 3.3.1803.0505 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

XSplit Gamecaster 3.3.1802.1515 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

CDex 2.00 improves stability and compatibility with newer operating systems. This is not a security update.
https://cdex.mu/?q=download

DVDFab 10.0.8.8 resolves several bugs, adds support for newer encodings, and improves compatibility. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Synergy 2.0.9 adds Raspberry Pi support, improves reliability, and resolves several bugs. This is not a security update.
https://symless.com/synergy/downloads

RoboForm 8.4.8 improves extension compatibility and installation, and resolves several bugs. This is not a security update.
https://12pd.com/click?rf

1Password for Mac 6.8.8 resolves a couple bugs. This is not a security update.
https://1password.com/downloads/

1Password for Windows 6.8.534 improves two-factor authentication integration. This should be treated as a security update.
https://1password.com/downloads/

GoodSync 10.8.4 improves service compatibility, improves performance and reliability, and resolves several bugs. This is a security update.
https://12pd.com/click?goodsync

CPU-Z 1.84 adds support for Spectre detection, newer hardware support, timers and bench testing. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

NTLite 1.6.0.6122 resolves a couple bugs. This is not a security update.
https://www.ntlite.com/download/

DesktopOK 5.12 resolves several bugs and improves reliability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

HWMonitor 1.35 adds support for newer hardware, and improves monitoring. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

ImageUSB 1.3.1006 does not provide a changelog, so should be treated as a security update.
https://www.osforensics.com/tools/write-usb-images.html

SearchMyFiles 2.83 resolves a search trimming bug. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

OSFMount 2.0.1001 resolves several bugs and improves compatibility. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

OSForensics 5.2.1007 resolves a couple bugs. This is not a security update.
http://www.osforensics.com/download.html

PointerStick 3.03 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

SystemRescueCD 5.2.2 is a security update.
https://www.sysresccd.org/

TeamViewer 13.1.1548 resolves several bugs, improves UI, adds integration with Active Directory, and reports in servicecamp. This is not a security update.
https://www.teamviewer.com/en/download/windows/

Ultimate Boot CD 5.3.8 updates libraries and included applications. This should be treated as a security update.
http://www.ultimatebootcd.com/download.html

WinScan2PDF 4.16 resolves several bugs, improves reliability, and optimizes output. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WSUS Offline 11.2.1 resolves several bugs. This is not a security update.
https://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.1.1.0 is a major update with many new features and improvements. This should be treated as a security update.
https://developer.android.com/studio/index.html

SQLite 3.23.0 resolves several bugs, improves consistency, language constructs, and overloading SQL statements. This is a security update.
https://www.sqlite.org/download.html

Web Package Updates

These are likely to be of interest only to web developers.

DigiCertUtil 20180330 doesn’t provide a changelog so should be treated as a security update.
https://www.digicert.com/util/

TinyMCE 4.7.10 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.5.1 is a security update.
https://drupal.org/download

phpMyAdmin 4.8.0 resolves dozens of bugs. This is not a security update.
https://www.phpmyadmin.net/home_page/news.php

MailEnable 10.15 resolves several bugs, improves chat integration, and updates antivirus engine. This should be treated as a security update.
https://www.mailenable.com/

ScreenConnect (aka ConnectWise Control) 6.6.17081.6648 adds support for Chrome OS and Android, improves keyboard controls, and resolves many bugs…but not the one that forbids you from creating custom extensions without sharing the source code with ConnectWise. This is not a security update.
https://www.screenconnect.com/Download

WordPress 4.9.5 is a security update.
https://wordpress.org/

Autoptimize 2.3.4 resolves a couple bugs. This is not a security update.

BuddyPress 2.9.4 resolves several bugs. This is not a security update.

Custom Facebook Feed 2.5.2 resolves several bugs. This is not a security update.

myStickymenu 2.0.4 adds option to hide for large screens. This is not a security update.

NextScripts Social Networks Auto-Poster 4.2.1 resolves compatibility issue. This is not a security update.

Postie 1.9.19 improves paragraph detection. This is not a security update.

Sucuri Security 1.8.14 resolves several bugs, improves setup and authentication. This is not a security update.

WooCommerce 3.3.4 resolves several bugs. This is not a security update.

WP Edit 4.0.3 improves sanity checks and reduces warnings. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Why you should delay iOS upgrades

Today is September 9th, 2017 and iOS 11 was released! Yay! This version has several new features that Apple fanboys are going gaga over. It’s exciting, it’s new, and in about a month you should install it on your device. For years I have advocated that major iOS upgrades should be delayed at least 3 weeks. Why? Math.

This simple timeline demonstrates Apple’s history with patches for iOS upgrades:

1.0.1 was released 32 days after 1.0.0. It was a security update.
1.1.1 was released 13 days after 1.1.0. It was a major stability update.
2.0.1 was released 14 days after 2.0.0. It was a major stability update.
2.1.1 was released 3 days after 2.1.0. It was a security update.
3.0.1 was released 44 days after 3.0.0. It was a security update.
3.1.1 was released the same day as 3.1.0. It was a security update.
3.1.2 was released 29 days after 3.1.1. It was a major stability update.
4.0.1 was released 24 days after 4.0.0. It was a major stability update.
4.3.1 was released 16 days after 4.3.0. It was a security update.
5.0.1 was released 29 days after 5.0.0. It was a security update.
5.1.1 was released 61 days after 5.1.0. It was a security update.
6.0.1 was released 61 days after 6.0.0. It was a security update.
6.1.1 was released 9 days after 6.1.0. It was a major stability update.
7.0.1 was released 1 day after 7.0.0. It was a security update.
7.0.2 was released 7 days after 7.0.1. It was a security update.
7.1.1 was released 43 days after 7.1.0. It was a major stability update.
8.0.1 was released 7 days after 8.0.0. It was a security update – and was so bad they pulled it.
8.0.2 was released 1 day after 8.0.1. It was a major stability update.
8.1.1 was released 28 days after 8.1.0. It was a security update.
8.4.1 was released 44 days after 8.4.0. It was a security update.
9.0.2 was released 14 days after 9.0.0. It was a security update.
9.2.1 was released 133 days after 9.2.0. It was a security update.
9.3.1 was released 10 days after 9.3.0. It was a major stability update.
10.0.2 was released 10 days after 10.0.0. It was a stability update.
10.1.1 was released 7 days after 10.1.0. It was a security update.
10.2.1 was released 42 days after 10.2.0. It was a security update.
10.3.1 was released 7 days after 10.3.0. It was a security update.

11.0.0 was released today. How long do you think it will be before they release their mandatory security update?

With history as our guide, we can safely assume it’s going to be roughly 26 days before they release whatever security update is required of the first major release of iOS 11.

Looking at the numbers we can also see that fixes for major updates are released on average 21 days after the initial major version (n.0.x), where minor version fixes average closer to 30 days after the release of the minor version (n.n.x). If we remove the outlier (9.2.1) because it’s over 4 months and double any other period, the averages become 20 days for serious patches to major updates and 22 days for serious patches to minor updates. Again: 21 days – three weeks – becomes the minimum average for your safety.

That means you should expect a security update for iOS 11 around October 10th, 2017. Be patient. The privacy you save will be your own.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Windows 10 Upgrade: T-minus-10

Time is running out!

Microsoft’s free upgrade offer for Windows 10 ends on the 29th. That’s only 10 days away.

If you want to install Windows 10 you need to get on the ball. I can either do it for you (recommended) which will ensure that all the security and privacy settings are set the way I recommend, or I can provide you with the installation media to install the upgrade yourself, which will make it possible to upgrade on a slower connection. If you opt to install it yourself, be aware that there will be roughly 1.5gb of updates necessary to install after the Windows 10 installation completes.

I only charge for the media ($5/dvd or $12/usb) if you plan to do it yourself, or you can bring your computer to me and I can extract the installer onto your computer at no charge.

I’m having a special right now for Windows 10 Upgrades. For $50 I’ll perform an abbreviated system diagnostics, install the Windows 10 upgrade, install Windows updates and all other necessary software updates (even for software other than Windows itself). I then tune Windows for privacy and security to reduce unnecessary exposure, improve your security and minimize bandwidth consumption (very important for slow connections). If I discover other issues (such as malware, failing hardware or licensing problems) then those could incur additional costs. I will, of course, contact you before doing anything that would incur additional costs.

This offer requires you to bring the computer to me for the upgrade. I have a very fast Internet connection, which makes the upgrade process very smooth, but it still takes between 4-6 hours for most computers. In order to perform an effective diagnostic, I prefer to have the computer overnight. If you’d rather I skip diagnostics, I can usually have it finished the same day.

Come see me at The Farmory in Columbia, or call me at 209-565-1273, anytime.

Catphishing on the Rise

In the last week I’ve had three separate Facebook friends re-friend me using new accounts. A few months ago I even had a cousin re-friend me “after Facebook sent him a million dollars and he could finally afford to create a new account!” His words, not mine. He was, of course, not actually my cousin but an impostor trying to get me to click through a third party link to infect my computer. It was kinda cute. 🙂

Clients have reported that online friends they’ve known for years are now re-friending them and asking for money to bail them out of strange situations — everything from jail to “beta testing” to solar investment loans. In all cases, contacting the person directly with their (previously known) offline contact methods (phone, text, IRL) results in first surprise, then horror, as the person realizes what has been done in their name.

And that’s the real issue here. It’s not like you’re witnessing your friends falling for a scam from an anonymous Nigerian Prince. No, they’re friending you and you (in their mind) are responsible for anything that happens to them. From that moment forward, even long after they learn it was not really you, they’ll always associate you with this event. Some won’t talk to you anymore out of embarrassment. Some will blame you as though there were some way you could have prevented their folly. In any case, you’re both harmed by a total stranger using your name.

This phenomena is called catphishing: The process of creating a fake online persona based on someone else and using it to take advantage of the target’s friends. Impersonation through, quite literally, duplicity.

Here’s the problem

She was astonished to see how her grandmother looked.

She was astonished to see how her grandmother looked.

Online service providers, such as Facebook, Google, Yahoo, Microsoft and so on, don’t exactly perform DNA testing to ensure that the guy claiming to be your neighbor really is your neighbor. If they did, nobody would use their services. Since they don’t, it’s up to you to be able to identify whether it really is your neighbor.

They don’t make it easy.

These intelligent scammers will use just about any means possible to replicate the identity of the person they’re posing as. They’ll re-use the same or similar image as their personal photo. They might crop it differently than the original that they’ve harvested from the real person’s page, but it’ll be “real”. They’ll also migrate some content, mostly copied directly from the original account, onto the new catphishing page. They’ll also copy personal details, such as dates, employment or social history, possibly even replicating the victim’s relationships with additional accounts. All it really takes, when the information is already available only a click away, is the time to copy and paste.

These types of phishing accounts are usually short-lived. Within only a few days they’ll be identified by the targets friends as a phish, though in that time dozens or even hundreds of people may be victimized. This means the attacker will have to act fast. Once they’ve created the account they’ll quickly send out many friend requests to the targets existing friends. They’ll then add or contact many, and the few that answer quickly will then be social engineered.

First a little small talk, then mentioning some great event – like being mailed a million dollars by Mark Zuckerberg, or how they just saved a bunch of money by doing something different like taking advantage of a government program or loan gimmick. They won’t waste much time getting to the pitch, though they might not be able to respond to everyone all at once so it might be a day or two before they push. When you feign interest they’ll have a link at the ready to help you “research” their pitch. It might even be a personal page on a popular site or a typo-squatted version of a popular domain. They’ll seed the idea then send you a link to infect yourself or enable you to self-hijack by posting your account information at an untrustworthy site.

While you’re giving up your information, your real friend is completely oblivious to what is happening.

So how do you protect yourself?

First and foremost, don’t just friend everyone that asks. A very effective means of security (in most things) is to let other people be the guinea pig. This means you don’t respond to friend requests or new contacts immediately. Just wait. At least a couple days, but a week or more is ideal. By this time, there’s a good chance other people would have suffered at their hands if it’s a phish, and thus the account may have either been locked or shut down by the time you are prepared to accept the friend request. Patience really is it’s own reward.

Of course, if you suspect an account isn’t legitimate, report it. Most popular websites have tools to report various contacts and requests, and these are the tools you should be using. This allows the website owner (such as Facebook) to aggregate information about these attacks to block specific types of attacks or shut down entire networks of attackers all at once, and possibly prevent some of them in the future. It’s up to you to report it properly and fully, however. Simply blocking a user will not have any effect other than eliminating their unwelcome messages to you. If you want to stop it you have to be specific in how you report it.

On Facebook you can go to the fake user account page, click the account action button (…), select Report, Report this profile, then select “They’re pretending to be me or someone I know.” Then follow the prompts.

fb-report fb-report-profilefp-report-catphish

Don’t forget to tell the person they’re claiming to be, preferably through a previously known offline contact method.

What if they’re posing as me?!

Same thing. Report them quickly and warn your friends that may have succumbed to your fake friendship.

But wait, there’s more! In most states there are laws against phishing. Here in California the law is really written only to protect businesses, but you, as a victim, can sue an impostor for a half million dollars if they pose as your business.

It doesn’t hurt to regularly search social media for your own name, too. Not your account, mind you, just your name. This will return other accounts that are using your name so you can investigate them. Even a few minutes of effort once a month can save you and your friends from a lot of hurt down the road.

Another trick is to add a Google Alert to your name for social media. This bypasses your own social account (if configured correctly) and emails you whenever your name appears on a site. First go to Google Advanced Search and fill out the form to use a search phrase such as this:

“john t example” site:facebook.com -“johntexample”

This searches for his exact name, on Facebook, but excludes his Facebook slug/username. Now go to the Google Alerts page and search for the formula you composed above. “Show options” then set the alert to contact you once per day. It’s not a perfect solution, but it might catch a phish.

Good luck, and keep it clean out there,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/