Hacking not needed

To access your bank account…

About 10 years ago a company called hak5 produced a WiFi gadget called a pineapple the intended market being for penetration and security testers, but anyone can buy one for around $100. The way the device works is simple, just connect it to your laptop & it scans for wireless access points and mimicks them. Then it scans for clients wanting to connect, offers connection but then forces http only connections (as opposed to https) even when https is demanded. All data passing through the pineapple is made available to the operator. Yup, thats everything including any log on details…

Hopefully, you’ve just sussed that the pineapple is the perfect ‘man in the middle’ attack and you dont have to be in Sainsburys or any other public WiFi place for an attack to succeed.

This is because your laptop or phone retains WiFi credentials if it can detect a public wifi network, such as that presented by the pineapple then it will attempt to connect to it.

Oh fuck! This really is fairly serious…

So how do you prevent this?

  1. When using a public WiFi connection, accept that everyone can see everything so never use your credit card or access your bank account or do anything remotely sensitive security-wise that involves a log-in.
  2. Avoid open networks – use only those that are WPA encrypted as the pineapple cannot impersonate them and check for https as opposed to http in public WiFi spaces, if you dont see a https connection then switch off WiFi.
  3. Use a VPN as a pineapple cannot sniff the traffic.
  4. Avoid public wifi and remove from settings any that you do, on a Mac its:
    1. System preferences
    2. Network
    3. Advanced
    4. Select any where security = none & click minus sign
  5. The browser add in HTTPS Everywhere It will force https where available so may assist in defeating such an attack.

Further reading here I intend to do some testing with iStumbler soon.

Le Moulin Rocheservière

Should you ever visit Daheron for some classic Loire valley wine tasting then Rocheservière is just a few kilometres away and Le Moulin is well worth a visit for lunch. Don’t let their web site discourage you as many French web sites are to be honest, utterly terrible. Poor layout, awful fonts and no telephone number on the ‘contact’ page! Anyway it’s: 02 51 48 92 78

Thankfully, everything else including it’s picturesque location is really very good. Set near the river Boulogne in the village with an outside terrace overlooking the weir, it’s a popular spot in summer. The interior is nicely restored with a modern extension and additional tables upstairs. It gets very busy at lunchtimes so booking is essential.

There are several menu options of which we chose the three courses for 13 euros (June 2019) with three choices of plat de jour. What followed was excellent and along with some wine, a coffee afterwards bought the total to less than 19 euros per person which we considered very good value. Its worthy to note that despite being busy with every table occupied, service remained excellent. This was our fourth or fifth visit, for yet another very enjoyable lunch. The price remains very good value and the quality has improved steadily, Le Moulin is thus highly recommended and well worth a visit.

Restaurant Le Moulin Tel: 02 51 48 92 78

1, Rue de la Malcoute, 85620 Rocheservière

Another grand day out

Our next trip featured two Loire valley chateaux in the Saumur region, first up is Chateau Langlois. The chateau is grasping the benefits of wine tourism with an Ecole du Vin, restaurant and well appointed tasting room.

After a refresh in the geology of the area and the scale of economies producing wine under the AOC system, we were given a guided tour of the wine production facilities which were very modern with much automation.

Our guide showed us the 1 Km long caves below, housing hundreds of thousands of bottles. During this, we were shown the method champenoise and how the lees are ingeniously removed by freezing, then opening the bottle.

Of the wines we tasted the Domain Langlois-Chateau Saumur rouge – cabernet franc was considered the better, the whites and roses were good but just seemed a little over priced for what they offered.

Lunch: A short distance away was the restaurant La Table des Fouees, carved into the rock like the storage cellars, it remained a very pleasant temperature. The menu was very good with further opportunity for enjoying the Langlois wines. Regrettably, we were whisked away before chance of a digistiff as the afternoons visit to Chateau Parnay was already behind schedule.

Chateau Langlois
3 rue Léopold Palustre
Saint Hilaire Saint Florent
49400 Saumur
Tel: 0033 (0)2 41 40 21 40

E-Mail : contact@langlois-chateau.fr

Château de Parnay: A jewel in the crown of the AOC Saumur Champigny and a UNESCO world heritage site which has a enjoyed a very prestigious history supplying wines to Edward VII and the Tsar of Russia. Edward VII once wrote to a former owner, Antoine Cristal: “If the alchemists of the great work had known your wines, they would not have gone any further in search of drinking gold”.

Mathias Levron & Régis Vincenot took over in 2006 with a determination to restore the chateau and its wines to former prestige and glory and so far have done an admirable job. Ch Parnay was certified organic in 2013 and frequently win medals and awards at wine fairs. One of their many ambitions is to produce a wine from every variety of Loire grapes.

Most noteable on their estate is a walled section of the vinyard, with chimens – walls interspaced with three lines of vines. It was built at the end of the 19th century by Antoine Crystal and now classified as a historical monument. Ingeniously planted with the root on the shady side of the wall with the stem fed through a hole allowing leaves and grapes to bask on the sunny side. This not only provides shelter from frost but also protection from Phylloxera, a small aphid that feeds on the leaves and sap of the vine. Vinyards in Burgundy are often walled, noteably the 6 Hectare La Tache – probably the finest Romanee Conti which saved their vines during the outbreak towards the end of the 19th century which affected most of Europe.

Back at the chateau we were shown a maze of troglodyte caves and cellars housing maturing barrels, after which the modern tasting room a few hundred metres away beckoned.

First up: Chemin des Murs and very good it was too. The nose typical of a refined Chenin Blanc with fresh citrus fruits and a hint of quince. To the palate smooth, round with citrus fruit aromas, lasting with good length and six bottles were ordered. Not everyone agreed but wine is a personal thing with Chenin Blanc a favourite white grape of mine. I was extremely tempted by the Clos D’entre les Murs but it’s understandably expensive. A red was also tried, whilst very smooth, was unfortunately lacking and we all agreed the Langlois Cabernet Franc the better.

Chateau de Parnay
1 Rue A Crystal
49730 Parnay
0033 (0)2 41 38 10 85

Mac in your business?

The Mac is achieving acceptabiliy in business. Privacy issues, update failures and security concerns regarding Windows 10 mean other OSs such as Mac offer a better alternative. For years creative professionals in graphic design used nothing but Macs, a superior solution for rendering, image editing and also for musicians. Stability and simplicity make Mac a good choice for smaller businesses without in house IT support. It’s a matter of choice, would you rather swim at a pool with ozone filtered water clean enough to drink or at the local sewage works ? I thought so, with the later your’e going to get a fairly serious virus. Out of the box Mac security is fairly good and can be improved dramatically with a little effort. Furthermore, It’s easy to recover should things go wrong, providing you have made a back-up!

Some of the benefits, myths and issues: In 2006 I got rid of all the PCs in my business. Vulnerabilities, failed updates, device drivers (sigh!) and inconsistencies caused huge frustration and since then have been Mac based. I really like the simplicity of the Mac OS, its a better choice with greater compatibility, providing excellent value as most of my Macs have lasted over 10 years. The mini is brilliant and probably best value. It just works.

Its not Microsoft! Major benefit as there are over 300,000 exploits for Microsofts operating system and not getting any better. Despite the hype, the buzz and hysteria Windows remains a big fat vulnerable target with MS stating they wont fix issues with Outlook not helping. Despite being promised ‘a ground up re-write’ almost every version of Windows is rammed full of legacy code which is not good.

It wont spy on you: I find it hard to believe that people use Windows 10 with all its data slurping and telemetry for the greater good. Forced updates that fail due to lack of testing don’t help and both of these are a good reason to dump windows forever.

The GUI is consistent! another benefit, OSx & OS are easy to master and the user interface is a model of consistency, no more oh no what have they mucked now? The Mac OS looks and works more or less as it did 10 years ago.

There are no drivers! they are installed again OSx & OS just does what it says on the tin, easy to use, simple to configure and a drag and drop UI that actually works.

But it’s not compatible is it? A myth of mis information and totally incorrect, your Mac will actually read more file formats out of the box. Firstly, lets not forget it’s Microsoft who can’t adhere to their own standards in docx with errors in its own ODF format. Pages, Numbers & Keynote will open, read, write and save as their Microsoft equivalents. Preview the Mac PDF viewer also opens about 30 different file formats, some I’ve never heard of. There’s also Ability Office which is free so no budget sucking Office365 subscription required.

Although Office360 might be more apropriate based on current outages.

For the truly paranoid for file compatibility theres Office for Mac 2019 with Word, Excel Powerpoint & OneNote. But again, buy the software don’t subscribe as its always much cheaper long term.

If you really do need Windows, theres VM Ware Fusion for the very few aplications with no Mac equivalent it runs windows on your Mac like another program. Theres also Boot Camp but Windows on ‘bare metal’ is unpredictable and best avoided or Parrallels. However, I consider VM Fusion the best way to run Windows on a Mac or a PC. It integrates well into Mac OS and it’s very easy to recover when Windows BSODs and wont re-start.

Issues – sorted: There are very few programs with no Mac equivalent like Microsoft Access which is not widely used although I still support a few databases created in it. There are programs with which you can view your tables and queeries but you can’t modify your code. See here (external link) for Access alterantives on a Mac. If you need something that wont run on a Mac then VM Fusion solves that problem.

I hate spam

I think spammers and spambot blog posters should be shot. I deploy a very effective way to reduce the latter to zero. Bots get nowhere on this site, if a bot is detected Anti-spam by Cleantalk stops it in its tracks following which the operators IP address is blocked. Regrettably, e-mail spam is more persistent and seems to be increasing. Did Mr Gates not say it would be a thing of the past with their not so clever SPDF DNS strings – which was nothing to do with spam anyway?

This post may help you control and reduce spam.

Currently, I have a spam filtered e-mail box, with virus scanning that works quite well. But with just a strength of filtering 1-10, with actions: ‘Indicate in subject line’ or ‘delete imediately’ when a spam mail is detected, it’s effectiveness is limited. There is also a white/black list for friends/spammers. You also can also add *@somespammer.com to block an entire mail domain but it’s time consuming to configure.

Recently the ability to block entire domain extensions has been added. For example if you dont want any mail from Russia and to be honest its usually loaded with malware then just add *@.ru to your block list. So now you can dump mail from all those crappy domains like *@.bid *@.icu *@.date and so on. Excellent, that is all.

As a standard feature of every mailbox, I would like: block by IP with a plug-in RBS facility, block by country. Thanks for nothing, ICANN. It’s important to control spam as many people insist (aaagh!) on using vulnerable mail clients such as Outlook – But it has a calendar, you know? WTF, it’s a total horrid, nasty half baked POS. Making it the hackers favourite attack vector of choice.

So, options: to process mail before downloading, there is an excellent program called mailwasher which you can use to examine the contents of your inbox, toggle good/spam, set friends etc. However it dosn’t actively prevent or reduce the stuff arriving. You just see less of it. It’s very good at what it does. Mailwasher is for PC only, Firetrust promised me a Mac version but sadly, none yet.

Mailbox filters: Most e-mail client support the use of filters, I use Thunderbird. By far the best mail client I’ve ever used and simple to configure a filter, on the menu it’s: Tools > Message filters the rest is obvious. Whilst this works well, it dosn’t stop rubbish arriving…

Then there is Spamcop which is a reporting service. I was rather pessimistic about this, but thought I’d give it a try. With Spamcop the idea is you copy and paste the message header and body text and submit it. Spamcop then analyses and produces a message sent to the abuse@spamdomain administrators of the relevant domain, who should act on it…

Knowing the pump and dump tactics of spammers, I was even more pessimistic but decided to give it a go anyway. At the start of April (ha ha) I started reporting and after a week or 10 days, the volume of spam recieved reduced. A month later it had diminshed significantly.

Update 14/05/2019: This really does work! I’m now getting very little spam now, so I reduced the filtering strength to allow more through to report. Anything that reduces spam has to be a good thing!

Mac Myths and other nonsense

I hear a lot of complete nonesense about Apple Macs:

  1. Macs are more secure – Maybe but attention required: As I no longer trust anything to be honest. I’d say out of the box, Macs are similar to Windows (ish). Although fundamental differences between Mac OS & Windows make Mac OS harder to break providing its configured accordingly. Windows has demonstrably poor security with Edge, IE & Outlook favourite hackers targets. Anyone installing ‘Adobe Flash Player’ makes any PC or Mac much less secure. Without a lengthy explanation installing flash scores a good 9/10 on the stupidity scale. If you must watch flash videos with buggy software, as Adobes software is legendary for security holes, at least install ‘Click to Flash‘ into Firefox so you have to grant flash permissions to run. You need to check firewalls are configured and permissions set on personal directories and perhaps consider using file encryption. I also consider a good antivirus like Sophos security suite is required whilst NoScript hardens your web browser but thats basic common sense. For further information on improving Mac security here.
  2. Macs are more expensive – Myth: I really don’t get this, people will spend thousands because a car does an extra 3 miles to the gallon, but shun a Mac with excellent longevity. I typed this article on an 8 year old MacBook Pro which looks and works like new. Five years was overtime for a PC, even buying top of the range at a similar price point to Apple. Second hand PCs are near worthless whilst Macs retain some value. Accountants fail dismally, they see bottom line but cannot comprehend through life value. My 12 year old Mac Pro is in daily use, that’s excellent value. Further more, if you have to faff around with your PC because something won’t work, or all too often an update failed, then it’s poor value. If I had a pound for every every hour wasted on a PC, I’d be a rich man.
  3. Macs are more restrictive – Myth: This is total, utter crap, just mis-information my Mac is much more flexible than any PC Ive ever owned – Wake up, smell the coffee. Mac apps my be a little different, that is all. Much easier to install and manage the Mac offers massive choice with better file format compatibility out of the box. Whats more virtually all software is written cross platform for Mac, PC and generally Linux too. PDF? create, edit, save, print and read them out of the box without Adobes bug riddled software. You also get Pages and Numbers with MS file compatibility out of the box. Whilst not as powerfull as Office, I’ve never found them lacking with Keynote being exceptional, it’s superior to Power Point in every respect. For another good Office choice, try Ability Office.
  4. Fact: There are a very small number of aplications without a Mac equivalent, MS Access is one, just load VM Fusion and run Windows in the safety of a virtual machine. It provides a better environment with more control over Windows than running it ‘bare metal’. VM Fusion has been my choice for many years. VM Fusion overcomes the PC to Mac upgrade for the paranoid, as the old PC can be exported to a virtual machine and run on the Mac.
  5. Fact: Mac software is better written My opinion, reached after many years, with more consistency and less crashes – IT JUST WORKS! And above all, my blood pressure just seems lower.
  6. But I have to learn a new operating system? Just like each new version of Windows with all its faults. Why bother? why not use one that works? Every time Microsoft update Windows it’s a cock up of ‘what have they done with…’or my printer wont print because no drivers work. Simple stuff you relied on gets re-invented by Microsoft but something fails – the latest victim being Paint. Paint is 34 years old and appeared in Windows 1.0 . It’s one of those simple programs that is very good at specific jobs and dosn’t occupy much space. So why do Microsoft have to replace it with paint 3D? Is creating problems that previously diddn’t exist a USP for Microsoft? MS, please leave paint alone! Guess what? those moronic monkey fiddlers at Microsoft have even mucked up textedit, what the hell for, leave the fekking things alone, just create another aplication you utter morons! Its another perfectly good programme that needs preserving from the likes of the imbecile mentality of ‘everything must be messed up for the hell hole of the Microsoft Store’ they must implement. If it does a good job leave things alone, if you must create an ‘improved’ version create someting else. Here, the Mac user interface is a model of consistency which reigns supreme. Looking back to the Panther, Tiger, Leopard era, it hasn’t really changed that much. Meanwhile Microsoft can’t decide but removes choice, stupidily forcing the much hated Windows 8 GUI upon users and removing the start button and populare rising menu – sigh. Classic Shell to the rescue, it provides a better GUI like XP or W7.
  7. Search: “We may never get MS search as good as Spotlight”. So said a Microsoft exec and Spotlight remains supremely good for finding files efficiently and does a fine job. I turn off the way it searches the Internet – I have duckduckgo.com because Bing is crap and Google horribly intrusive with a severe invasion of privacy.
  8. Device drivers: Apple got this right and never seems to fail as most drivers are supplied with the OS. With Windows it’s the archillies heel and your PC will BSOD because of device drivers at some point, usually quite badly. Microsoft retains the gold standard for failing consistently in this area if they analysed half of the data they slurp they would have sorted it long ago, bit oh no, that would mean fixing something. In 14 years I’ve only had to download two device drivers or kext files for Mac: For SMART monitoring of USB connected drives with DriveDX and for a 1998 Epson scanner, yes you read that right: Over 20 years old and still supported on a Mac, what excellent value? Value, if you want value for the love of God, give a PC with Windows 10 a very wide berth.

Speed up your Mac!

Macs require very little maintenance, however if you’ve upgraded your OS a few times and installed and removed different software, it may be time to check whats running and prune out unused software. Usual rules: Back up your Mac first! All information is offered ‘as is’ with no liability see our terms

  1. Remove any un-wanted aplications: Go to the aplications folder and drag any unwanted aplications to the recyle bin and thats it! However it may be desirable to remove all traces of a program using knock knock which will show you what’s persistent.
  2. Update your aplications: I’m undecided here, it makes sense to use the latest vesion of a program unless it’s version specific for your operating system or there are other reasons for retaining an older version. However later versions can sometimes be more demanding.
  3. Check your start-up programs: Click System Preferences > Users & Groups. Select your account and click the Login Items button. Check the apps loading are the ones you want.
  4. Repair disk permissions – not required with later OS – Run disk utility, select your HDD & click repair permissions and allow to run.
  5. Run Onyx – This is very deep cleaning software so be sure to BACK UP YOUR DATA FIRST and read and understand the instructions and FAQ then download the correct version of Onyx for your Mac OS. Onyx is very powerful software that performs maintenance operations on your Mac, each OS has its own version so it’s essential to use the correct version, be aware of what you are instructing it to do and let each sequence complete.
  6. Avoid files and folders on the desktop: Your Mac indexes anything on the desktop so minimising these and creating aliases to folders located under documents will help.

Speed up your hardware: Change your rotating disc to an SSD and add more ram. I changed my MacBook Pro 2011 to 16Gb of memory and it made a huge difference. Following this I fitted a Corsair MX500 SSD and again, there was a significant improvement.

Other updates I have performed involve changing a 2014 MacBook Pro retina from an AHCI drive to a Samsung 970 EVO NVMe using a carrier. The improvement was dramatic. Unfortunately, RAM is hard wired from 2013 so cannot be changed, but the NVMe blade installation worked very well.

Most iMacs, older MacBook Pros and Mac Minis are straight forward to upgrade, but check first to see if your Mac can be upgraded as later models have hard wired components. An SSD with more ram will usually boost performance dramatically.

The best and easiest by far is the Classic Mac Pro 5.1 where it is extremly easy to access all components. The MacPro construction is outstanding quality and very modular. Upgrades I have undertaken include:

  1. Change boot disc to NVMe on a PCi-e card – for blistering speed
  2. Add more disks as the MacPro can take 4 internal plus two from the e-sata bus and up to 4 NVMe blades with a suitable raid card
  3. Add more ram – 32Gb being a usefull amount for the MacPro
  4. Add obscene amounts of ram!
  5. Adding PCi-e card for USB 3.0 and 3.1 ports
  6. Adding PCi-e card for USB-C Thunderbolt ports
  7. Adding PCi-e card for SSD disc
  8. Change graphics card

Other Mac Pro 5.1 upgrades include changing processors and processor tray to go to dual CPU. The classic Mac Pro has lots of potential to make it a superbly capable and powerful machine for years to come.

Finally, when you have completed your upgrades, download GeekBench and see how much you have improved your Mac! My bench marks here

All information is offered ‘as is’ with no liability please see our terms


Windows on your Mac

Many users prefer Windows 7 over versions 8.0 and 10 which remain unfit for business due to numerous problems, regrettably misguidance and bullying from Microsoft with forced updates brings the threat of Windows 10 ever closer. It’s a good time to consider alternatives:

VM Fusion provides a way to preserve any version of Windows you wish to run by converting your PC to a virtual machine or create a new installation of Windows on your Mac. VMWare Fusion runs most versions of Windows: XP, Vista, 7, 8.1, 10 – see compatibility here and other operating systems such as linux without re-booting. You can install your windows software and isolate it from external interference, preventing Microsoft from forcing updates for example. This is very important where systems depend on specific versions of software or operating system requirements.

For example: As well as a systems analyst and network engineer, I’m a VBA programmer for Microsoft Access. In 2006 Macs replaced all my PCs since then, I’ve used successive versions of VM Fusion from Version 1 to 10 to run various versions of Windows: 2000 and 2003 server, XP and 7 on my Macs. Windows loads in its separate space like another programme and I can quickly and easily switch spaces to my word processor or spreadsheet running under the Mac OS. I keep my databases in a secure strong encrypted vault on the Mac from which XP reads once the vault is opened. In all this time, I’ve had just one irrecoverable (from Windows) BSOD about 8 years ago which took a minute to recover from the last Fusion snap shot.

VM Ware Fusion provides many benefits:

  1. Permits different versions of Windows to run on one Mac – very useful for testing or overcomming specific system requirements.
  2. Permits use of ‘Windows only’ software, such as Microsoft Access.
  3. Isolate your Windows installation from interference by Microsoft.
  4. Easily recover from a snapshot if problems occur.
  5. Share your data ie read & write to Mac from Windows.
  6. No other device drivers are required.
  7. It makes running Windows SO much easier and controlled.

Requirements:

Any modern Mac with sufficient disc space and ram will run VM Fusion, each VM requires about 40Gb of HHD space. For the later versions of Windows I’d allocate 4Gb or more to ensure they run reasonably well, with XP I use 2Gb but 1Gb will do. Microsofts recomendations are the absolute minimum, so don’t starve your guest OS.

With Fusion you can harness the full power of the Mac, allocating multiple processor cores and allocate resources as you see fit. The more ram you have the better and yes, you can adjust it later although you may be forced to re-activate Windows.

Next, download and install VM Ware fusion on your Mac, I prefer version 10 as due to issues with Fusion 11 – it’s a bit too new for my liking and V10 works fine – see the version compatibility grid for detail. The current license initiates either version 10 or 11. Once Fusion is installed, you can create a new virtual machine, import your virtual machine or virtualise an existing PC and import it to your Mac. Just follow the installation instructions, the choice is yours!

See this Youtube video below for further information (no association)


Backup your VM: If your VM is important then it’s adviseable to create an independant backup as well as take snapshots. A snapshot is exactly what it says: on the fusion menu Virtual Machine >Snapshots… > Snapshots or Take Snapshot. To copy a VM go to the Virtual Machines folder under Documents locate your VM – the file will be named with the file extension: .vmwarevm ie windowsXP.vmwarevm and will be several gigabytes in size then copy your virtual machine to a seperate drive.

Restore your VM: If your Windows VM BSODs as is often the case with an incorrect driver and refuses to start, restore your VM from a snapshot. On the Fusion menu its Virtual Machine > Snapshots… > Restore snapshot.

Windows 10, spyware as a service?

No thanks to be honest, even Vista and ME were gems compared to this steaming pile of excrement. In Windows 10 Microsoft delivers the reality of 1984 of mass surveillance, controlling updates that can brick your PC with an inconsistent user interface spewing un-wanted irrelevant adverts. Unfortunately Microsoft has suffered at the hands of two very poor leaders, whose sorry eyes are just focussed on bottom line. Any other software this bad would, to be honest deleted without a thought.

As privacy concerns over Windows 10 increase, it becomes ever more important to avoid anything from ad-slinging, data-slurping companies. I’m extremely dissapointed Microsoft have chosen this as their business model in W10, but there’s plenty more I really do not like:

  1. Stop spying on users:  people don’t like telemetry and spyware which wastes Internet bandwidth. Microsofts terms and conditions state: “We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.” WTF? This is so very wrong it’s a serious security breech masquerading as theft and gross invasion of privacy. If you must use W10, protect your privacy with DoNotSpy 10
  2. Forced updates: Just when you are busy the ‘effing thing updates itself without consent. Updates can take hours to complete, then bork because of inadequate testing. You, Microsoft are supposed to be the testers, not us – This has to stop. The other joy (not) of forced updates is; if you get your PC to a state where everything actually works, it’s only a matter of time before the next opus magnum of unwanted bloatware forces itself onto your computer wrecking your set-up and the only option is to fix things that previously worked perfectly well, what utter wankers?
  3. Adverts: No one wants adverts injected into the operating system, I block them by all ways possible: by DNS, hosts file modification and the Adblocker Ultimate extension to FireFox. Will I ever accept adverts in an operating system? No, No and NO! They can be controlled see here
  4. Device drivers: One day Microsoft will realise the crappy, useless way they handle device drivers really must be changed. With each version of Windows driver installation gets worse, they really have lost the plot here.
  5. Stop decieving people: When they turn off data slurping, Microsoft turns it on again at the next update. No respect for users choices Off means off.
  6. Installing Windows 10 should carry a warning: No matter how good you think this is or how much you think you need it, in reality it’s a really bad idea. No matter how powerfull your multi core processor is with a terrabyte of ram and array of NVMe blades – it will be reduced to that of a Pentium 233 with an IDE drive and 640K of ram within weeks of installing it.
  7. Stop dissing perfectly good software: If it’s not subscription or trendy cloud based, such as Office360 subscription service over paid for Office. They are more or less the same thing, yet misleading MS adverts make you think otherwise.
  8. Oh-er, they’re leaking again… users deserve better than this.

Get rid of the following:

  1. Edge & Internet Explorer: – Microsoft will never be a broswer company and having failed dismally with Edge, proved they cannot produce a ‘secure by design’ web browser. IE is usually top of an attackers list with many zero day exploits. Third party browsers such as FireFox & Opera are more secure which can be enhanced with add-ons.
  2. The Microsoft store –  with aplications that rip you off, get rid.
  3. X-Box everything: – Steam does it so much better
  4. Versions of your operating system: Home, Professional, Ultimate, Professional for Workstations, Enterprise – why? Just one that works will do.
  5. Fire who ever came up with the idea to stop testing software.
  6. Shills regurgitating your daily bile, sorry they don’t convice anyone anymore.
  7. Patch Tuesday: – it’s a joke, providing hackers the entire weekend to exploit before your possibly botched update arrives. If you have a patch to issue (and its been fully tested) then issue it, don’t wait.
  8. Unreliable surface hardware. People who buy expensive hardware consider Apple as a value option because it lasts for many years, not something with the life span of an anorexic mayfly that borks after 18 months or so. If you’re going to do hardware, do it properly or not at all.

Things you need to do:

  1. TRUST – all trust in Microsoft is gone, you must do much better to win it back which is going to be very hard.
  2. TEST – test, test. Software testing is expensive and painful.  It means a boat load of people don’t hate your company for eternity because you borked their key business functionality resulting in a heap of people sitting on their hands for hours.
  3. PATCH THE OUTLOOK VULNERABILITY – You know the one you stated you wouldn’t patch that gives users credentials away?
  4. Mobile – Currently being wound down yet another abject failure. Bad decision, you need to lead the pack here and stop destroying Nokia.
  5. Support Windows 7  Issue SP3 for Windows 7 It remains the operating system of choice for businesses and many people prefer it.
  6. Give people choice: If they want a start menu or panes aka Win 8.0 or a Windows XP desktop or if they don’t want the brain damaged, derranged Ribbon thing in office and prefer traditional menus, let them choose.
  7. Concentrate on your operating system Make your OS sleek, fast and above all consistent and elegant. Concentrate on security, allow a choice for updates, support older versions and maintain interface consistency and by the way it should be:  ‘familiar ways to do new tasks’ not new ways to do familiar tasks.
  8. Stop thinking you know better, your current thinking is derranged and contorted, it makes Diane Abbott look like Einstein by comparison. Your operating system is not fit for modern business with it’s stupid lack of control of updates. Only a derranged idiot would use Windows 10 in a business environment in it’s current form. David Cutler summed up your thinking, when he punched through a partition wall to open the door from the other side.

Improve Mac Security

Out of the box, the Mac is reasonably secure, improving your web browser security with add ons and installing a good Antivirus package will increase security significantly.

Anti virus / security packages:
Several AV programmes feature a full security suite at aditional cost. They usually require OS Sierra or above. The following are worth considering:

Sophos home / premium is my preferred solution.

AVG is a very good free solution.

Avast very good as it supports older versions of Mac OSx from 10.6.8, for now. However it harvests data.

Knock Knock (Mac only) whilst not AV as such it does show you what is persitently running on your Mac and help identify those programs and their location.

Destroy advertising – I mean totally, utterly and completely:
Browser attacks are often launched from malware laden adverts, this technique was used to attack computers from adverts served from the BBCs website a few years ago. Whilst the Adblock Pro and U Block Origin are very good, the best way to destroy adverts is to use pi-hole DNS servers see: https://pi-dns.com for more. Some web sites detect add blockers and request you allow their adverts. No thanks Pi-hole blocks everything. There service also supports DNS over https in addition, but needs to be configured.

Your web browser and e-mail are popular attack vectors:
Attacks are frequently via e-mail with links to malware/phish sites, therefore it is essential to control spam and delete any received. It’s essential to learn to recognise ‘social engineering’ e-mail whilst making your web browser as resillient to attack as possible, locked down against malicious scripts, malware and hostile cookies. “Your account has been hacked…” – usually means nothing, bad spelling English and false claims make these stand out.

Mozilla Thunderbird (Tb) has long been my POP3 e-mail program, I’ve yet to see anything better.

Mozilla FireFox (FF) has been my primary web browser for many years and it supports a good choice of security ‘add ons’. These are easy to install and configure. Google Chrome is a privacy disaster, best avoided. Whilst Safari is to be honest, best left alone. I sometimes use it but flush all cookies afterwards.

I seriously hope windows users have long abandoned Edge and Internet Explorer, not fit for purpose. Microsoft were never ‘up with the hunt’ with security and the Internet.

Firefox security can be improved significantly using the add ons listed below. To search for FF add ons: In the top menu, its: Tools > Add-ons then search and install your desired add-on.

Stop browser fingerprinting: Why do companies do this? So I use the CanvasBlocker add on to prevent this unwanted activity, best known as spying.

Stop uncontrolled scripts: It is really vital to limit scripts in your browser which can connect to dozens of web sites behind your back. The No-Script add-on limits scripting activity in your browser and you have to set permissions for each site. Initially all your sites will need script permissions assigning, which can be a bit annoying but they remain and once configured No Script will only require adjustment as you visit new web sites. This add-on alone is excellent and will prevent a lot of malicious script attacks.

Ghostery: Ghostery controls tracking and advertising cookies, it already has a preconfigured database of hostile cookies and trackers and allows you to set permissions if required.

U Block Origin: Like ghostery this filters out unwanted irritating adverts that take bandwidth and waste time. There is virtually no control over advertising on the web, as the BBC discovered anyone can rent ad space and sling ransomware or anything… Can you trust the BBC? Not anymore.

Multi account containers: containers runs the selected browser tab in an isolated sandbox – nothing in and nothing out, it then deletes everything in the sand box on exit. Use containers for banking and on-line shopping or anything where improved security is highly desirable.

Smart https: This automatically changes HTTP protocol to HTTPS, where possible and if loading encounters error, reverts it back to HTTP. You might like to consider using DNS over https which Firefox supports and is being implemented in other browsers. This means DNS is resolved by encryption over port 443 as opposed to in plain text over port 53. This means that your ISPs DNS servers are not used, so it’s a bonus for both privacy and security.

Cookie AutoDelete: does just that, decide to white/grey list domains and cookies will be erased when you close the tab if set to delete. It also protects your privacy as it stops google, fb etc following every site you visit by deleting their tracking cookies.

I dont use FaceBook, you might – a disgusting invasion of privacy in my opinion, the company has lied and lied again. If you must use FB then the FF add on: F.B Purity is essential to limit FB intrusion.

Facebook Containers another nice add on for Fb users that loads Fb in its own container. When you close the tab it logs you out of FB and dumps ALL Fb cookies to help prevent their trackers following and profiling your browsing activity.

Going further…

There remains the issue of web sites connecting to all manner of servers. Today, your personal information is the product and organisations like Google and Facebook etc take everything by any devious means possible. Whilst no-script controls this to a degree, a further layer can be added with Little Snitch – Mac only . This program is wonderful, it intercepts ALL outgoing traffic from your Mac and allows you to decide and block connections to servers that you consider intrusive (Google etc), un-neccessary or hostile attack sites with malware! The rule list is easy to configure or correct if you make an error. See here for an overview tutorial – it’s American, but a good introduction. I have used Little Snitch for several years and strongly reccomend it.

So next load up a site laden with tons of garbage like The Daily Fail and see how much rubbish, adverts, trackers and other crappy scripts are stopped or blocked. DM – your advert filled trash rag makes a fine testing ground :D.

Finally, if you download your e-mail then Mozilla Thuderbird is an excellent e-mail client. It can also be configured to restrict images in an e-mail as this prevents ‘pixel tracking’.

Remove the Adobe flash player plug in. In fact most Adobe software seems fairly poor security wise but Flash is a turd, rich in vulnerabities. Flash is long overdue retirement and often the hackers first choice attack vector.

Thankfully flash will be retired in December 2020 and unsupported so get rid of it now! The Internet without Flash will be a safer and better place.

Getting slightly technical
If you really want to neuter these barstewards that proliferate on the Internet with their trashy malvertising, then consider modifying your hosts file, it’s fairly simple to do and there are plenty of pre-configured host files out there. Perhaps the most popular is the MVPs one. It simply sets a large number of known crappy websites IP to 127.0.0.1 or 0.0.0.0 and thus you will never load them in the background further reading here it’s Windows related but Macs and any other OS will use a hosts file, you just need to know how to edit it, this explanation is fairly good. However, it would be a great thing if someone could write a utility to do a host file edit.

All information provided ‘as is’ with no liability see our terms