Windows Update Settings

Many ransomware and spyware programs get into your computer by exploiting vulnerabilities in the operating system. One thing that can help protect your Windows system from malware is making sure that Windows Update is working and applying security updates and bug fixes from Microsoft.

Here are the best settings for Windows Update on Windows 10, Windows 8.1, and Windows 7. (If you are still using Windows XP or Windows Vista, my advice is to upgrade to Windows 10. If your computer is too old to run Windows 10, seriously consider replacing it soon.)

Windows 10:

Microsoft has made Windows 10 to be fairly assertive about always installing Windows Updates, so if you do nothing, it will download and install updates on its own — even in the middle of the day. It’s a good idea to set it so that it does its updates and restarts when you’re not using the computer. Do this by setting your active hours, and also set Windows Update to finish updates when you’re not there to sign in. Here’s how:

  • Select the Start button, select Settings -> Update & security  > Windows Update
  • Click on the “Change active hours” link
  • Set the start and end times to reflect when you’re most likely to be using your computer
  • Click “Save”
  • Now click on “Advance options”
  • Make sure the checkbox for “Use my sign in info to automatically finish…” is checked.


Windows 8.1:

The 8.1 update to Windows fixed a number of interface problems with Windows 8. Oddly, the update to 8.1 doesn’t come via Windows Update, but through the Windows Store. The procedure for doing this update can be found here. Then follow the procedure below.

  • On the keyboard, hold down the Windows key and “C” at the same time to open the sidebar on the right side of the screen
  • Click on “Settings”
  • At the bottom of the Settings panel, click on “Change PC Settings”
  • The PC Settings screen will open; In the left sidebar, click on “Update and Recovery”
  • In the Windows Update screen, selct “Choose how updates get installed”
  • The “Important updates” drop-down menu at the top has four options; pick one of the first three — my recommendation is “Download updates but let me choose whether to install them”
  • Check the boxes for “Recommended updates” and “Microsoft update”
  • Click “Apply”


Windows 7:

Microsoft release Windows 7 in 2009, and replaced it with Windows 8 in 2012, so as these things go, it’s getting a little old. However, it is still supported by Microsoft, and by nearly all software publishers, so there’s no immediate rush to upgrade. Here’s how to manage Windows Update:

  • Select Start->All Programs->Windows Update
  • Click on the “Change settings” link in the left sidebar
  • The “Important updates” drop-down menu at the top has four options; pick one of the first three — my recommendation is “Download updates but let me choose whether to install them”
  • Check the box for “Give me recommended updates the same way…”
  • Check the box for “Give me updates for Microsoft products…”
  • Click “OK”

What’s a DDOS, and why can’t I get to Twitter?

We don’t yet know who is behind today’s massive disruption of Internet services, but it’s pretty clear how they’re doing it. They’re using people’s unprotected routers, smart doorbells, smart thermostates, security cameras, and other “Internet of Things” devices as a zombie army.
I’ll give an explanation of what’s going on, but first, let me urge you to make sure that any network-connected devices you have in your business or home network is NOT still using the default, factory-original password, but that you’ve set good, smart passwords for everything. If you do that, it’s less likely your device can be used as part of a “botnet” — a group of devices that have been compromised.
There are two main parts to what the attackers are doing. First, these hackers have used programs to rapidly scan through thousands upon thousands of Internet addresses to see if they can find a way into a private network, and into the devices on that network. If these automated hacking programs find networks and devices that aren’t properly protected, they plant their own malicious software on the devices, but leave the devices operating normally, so the users don’t know anything is wrong.
Once the devices are compromised, then the hackers send instructions to the malicious software, and tell it to start sending as many requests as it can to particular servers on the Internet, in order to flood those servers with more traffic than they can handle, effectively shutting them down. The term used is a Distributed Denial-of-service attack, or DDOS.
In today’s attack the servers that are being attacked aren’t web sites, but DNS servers – Domain Name Servers. They’re essentially directories, matching the names of websites and other servers (like www.<insertnamehere>.com) to the numeric Internet addresses of the actual servers those sites exist on.
Here’s an analogy: Imagine a receptionist in a large office building, who is frequently asked by people coming into the building for the office number of one of the building’s occupants. On a normal day, the receptionist gets a few questions an hour, and things go smoothly. Now imagine that for some reason, a hundred protesters crowd the lobby, all asking over and over for office numbers, just to be obnoxious. The poor guy can’t possibly answer everyone effectively, nor can he tell who is one of the protestors, and who is someone who is legitimately trying to find a business in the building.
That’s not a perfect analogy, but you get the picture. You’re just trying to use Twitter, or stream some music from Spotify, or connect to the cloud-based system you use to run your business, but your computer’s request for the address of the Internet site is getting lost in the crowd of all the bogus requests from the compromised devices, so it can’t make a connection.
The current cyberattacks are being investigated by the FBI and the Department of Homeland Security. I don’t expect they’ll say anything about the source of the attacks until they’ve taken some direct action about it. For now, the company that has been the primary target has taken steps to protect themselves. However, it’s not likely that this is the last time we’ll see such a widespread disruption.
Update your passwords, folks! Don’t know how? Feel free to use the contact form here on my website to ask any questions you might have.

MacKeeper Isn’t Worth Keeping

MacKeeper is a program that bills itself as a utility to help you keep your Mac running smoothly. Originally, it was a good program. The publisher showed up at all the Mac-oriented trade shows, and the program was given high marks by the tech press for its usefulness and design.

Then it changed hands; the original publisher sold it off to another company, which had different plans. While they retain some of the functionality of the program, and have continued to add features (though these features aren’t really helpful), they’ve also made it an advertising tool, delivering intrusive popup ads to users’ web browsing. Instead of speeding up your Mac, it can actually slow it down.

If you have MacKeeper, you might be able to easily uninstall it, though sometimes it doesn’t want to go quietly. refreshed an article this week (they edited it after its initial publication earlier this year) on how to remove it, and it’s worth looking at, if you want to remove MacKeeper. It’s also worth reading some of the comments in the article, to see what kinds of problems it has caused for users.

My recommendation is that you DO remove this program, if you have it. If you paid for it recently, you may be able to get a refund from the publisher.

The MacWorld article also mentions MalwareBytes Anti-Malware for Mac (free), which can be used to remove MacKeeper and other problem software. There aren’t many viruses for Mac, but they’re out there. I’ve trusted MalwareBytes to clean up Windows systems for years, and their Mac version is just as useful. Run it once a week, or whenever you think there’s a problem with malware or viruses on your computer, and it can help keep things cleaned up.

Questions? Comments? Use the “Contact Me” form on the right.

Can You Keep Malware Out of Your Computer?

You never open attachments in emails, you don’t click on suspicious-looking links, and you don’t download programs from random websites – so why is your computer getting viruses, adware, and a LOT of popups?

(And by the way, if you DO any of those things – STOP IT!)

You might not believe it, but a very large number of infections come from advertisements that have been hijacked on perfectly legitimate websites.

Internet advertising is a complex business, and a complex technical environment. By the time an ad shows up on a page you’re looking at, a dozen or more different systems on the Internet could have had a part in making that ad appear. Each of these component systems are big targets for hackers, who try to break into the process, so that some malicious bit of code gets into your system. That code can either get you to install something you think you need, or even install unwanted programs without you knowing about it. These programs can do any number of things, from generating popup ads on your screen to infecting your computer to act as a part of a network of computers that do bad stuff to other computers.

Here’s a recent article from ComputerWorld about how this works, if you want a little more detail.

So the question is, “How do I keep my computer from getting this junk?”

First and foremost, use good antivirus software. My favorite commercial antivirus software is ESET NOD32, but you can get reasonably good protection using the free versions of AVG or Avira. If you already have antivirus software, make sure it is being updated regularly.

If you’re on Windows, can I suggest that you DON’T use Internet Explorer? Because it is so tightly tied into Windows, it makes it easier for malware to get through the web browser and into your system. Google ChromeFirefox, and Apple’s Safari are great alternatives – my favorite is Chrome.

One other thing that can help is to install an ad blocker into your web browser. These programs do just what you’d expect: They keep ads from showing up on web pages you visit, whether on Facebook, in your web-based email, or on your favorite motorcycle enthusiast or celebrity gossip sites. They’re not always 100% effective, but they really do help reduce the ads you see, and reduce your exposure to infected advertising.

The most popular ad blocker is AdBlock, and it’s free — though if you want to donate something to help its developers, that’s great. AdBlock works with Firefox, Chrome, and Safari, on both Windows and Mac OS X.

Another option for Chrome is µBlock, which works similarly, and uses a little less memory.

If you must use Internet Explorer, use AdBlock Plus – which, oddly enough, is unrelated to AdBlock, mentioned above. It’s the only reputable ad blocker for Internet Explorer.

This is a bit of a controversial topic. Most websites make money from the ads, and if you don’t view them, they don’t get as much money. So they don’t want you to block the ads. Until the online advertising environment deals with their security issues, though, most computer security experts still advise ad blocking software.

If you have any questions about ad blocking, or are having trouble with malware – no matter where it came from – feel free to contact me using the form here on my website.