Tag Archives: Security

Weird MacOS X Installer Problem

At the moment, this particular Mac problem has me totally stumped. It only affects one Mac, and doesn’t seem to affect the day to day operation of the computer, it only seems to affect one particular dialog, and even then the dialog works perfectly okay, it just looks a bit odd.

The problem is that when I run an installer, if the installer needs elevated permissions in order to install, the dialog asking me to enter my password comes up like this:

Screen Shot 2013-08-26 at 13.28.27

What appears to be happening is the variable bits of text on the dialog are being put in in what appears to be arabic, if I enter my password it all works fine. Run the same installers on another Mac and the dialogs come up properly. It may well be that I’ll need to do a clean install of MacOS and rebuild the computer from a backup, but I’d rather work out what’s caused it in the first place!

I have the same question open on the Apple Stack Exchange site also.

Microsoft Word Fast Saves

This morning I had a plea for help with the computer in our Church Office. Our Parish Administrator had tried four times to send a Microsoft Word document to my fellow Churchwarden, and every time it had come back with a weird failure message. Taking a look I tried resending the message, and after about five minutes of disk thrashing and network traffic it again produced the error message, saying that the upstream mail server had broken the connection.

What was slightly more weird was that other messages were being sent and received without problem, so I took a look at what was actually being sent. On the surface it seemed relatively innocuous – a little bit of an accompanying message, along with a four page word document. The document included a couple of pictures and some clip art, but nothing out of the ordinary. Then I looked at the size of the file – 16MB!

A quick dig around the options on the install of Microsoft Word found the problem – ‘Allow Fast Saves’ was turned on.

A bit of explanation, Fast Saves is a feature in Word that does exactly what it says on the tin – makes saving your document faster. The way it does this is pretty simple, rather than recreating your entire document file from scratch, it instead attaches a new block to the end of the file detailing the changes you have made since the last save. If you’ve got a very big document, and only make small changes it’s quite a neat little trick, however conversely if you have a relatively small document that changes a lot, the file can get significantly bigger, and here’s the rub – our Parish Administrator was trying to send a document that goes out monthly, and the way she does it is by taking the document from last month, and changing it – and this month she’d done quite a lot of inserting and removing graphics, all of which were embedded in the document. As a result, when I turned off the ‘Allow Fast Saves’ option the file size plummeted from 16MB to a paltry 73k – over a 99% reduction in the size of the file!

So, if you’re not writing vast multi-page documents in Microsoft Word – and really most people don’t – it’s worth going into your Options panel, looking under the Save options, and if ‘Allow Fast Saves’ is checked, turning it off.

One other thing to consider about what Fast Saves does too, especially if you’re dealing in company confidential data, nothing you delete from a document is every really deleted if it is turned on, it’s all still sitting there in the old data that sits around in the document, and can quite easily be retrieved…

Vista Update Problem

Has anyone who is running Vista had any problems with the 8th January security updates? All of my XP machines updated fine, but I had a call from a friend running Vista saying that their machine had locked up, and when they managed to get it restarted they were getting errors that Security Center was unable to start. Going on to their machine with Remote Assistance all the Security Center services were disabled. Starting those up manually seemed to resolve the problem with Security Center errors, and didn’t seem to cause any other adverse reactions (yet) – so I’m assuming something went wrong in the update. Anybody else had any similar experiences?

US Baggage Screening 1 – Laptop 0

You might remember my posting recently over the effect of the new hand baggage restrictions on those who travel with laptops. Well last week one of my colleagues at work had a good demonstration of this, or more precisely what effect the restrictions have when combined with the US policy of searching checked baggage behind the scenes without having the owner of the bag present, and also the ban on Dell laptops on some airlines.

Because of all the restrictions, my work colleague decided to pack his laptop into his checked baggage rather than carry it. As a laptop is a fairly fragile thing at the best of times, he was careful to pack it in the middle of his suitcase, made sure it was padded on all sides, and also that nothing solid was close that could potentially damage the machine.

However in the course of the journey, US security cut open his suitcase and rummaged through. Did they pack it with the same care as he had done? Of course not – these guys are searching hundreds of bags a day, and need to get the job done as quickly as possible, so they just shoved everything back into the case. The result? One laptop with a busted screen thanks to the repacking carried out at security, which resulted in the top of the laptop getting squashed down and the screen getting cracked.

Nutcase Features

Sometimes you find a feature of something that you really can’t see a benefit for. I’m not talking about, for example an estate agent selling a house as having ‘good transport links’ when it is on a major road, something that you really just can’t understand. I have to say quite often you find such features in bits of software, and they just leave you scratching your head as to why the feature was included.

There is one such feature on the Golf, and a number of other VW cars too aparently, whereby if you hold the open button on the key fob down for three seconds or more, it opens all the electric windows in the car. Conversely if you hold the close button, it closes all the windows. Bear in mind that the car also has one-shot opening and closing of all the windows anyway, so it is a lot quicker just to use that rather than stand around holding the button down once you’ve got out.

What makes the feature even more bemusing is that it doesn’t work in tandem with the rest of the locking system. The remote central locking has a feature to cope with accidental unlocks. For example since it works by radio, my key fob will unlock the car from inside the house – so with my keys in my pocket it is possible to accidentally unlock the car. Having said that, if nothing else happens, like for example a door or the boot being opened, the car will then lock itself. However this doesn’t apply to the windows. If you squash the key for more than three seconds, the doors will unlock, and the windows will open, nothing else happens, and then the doors lock again, but the windows stay open.

Now I’ve done this once before. I was at work when the car was parked next to the building, and by chance level with my desk. Although I was on the second floor, I managed to open the windows remotely. I came out to the car after work in a rain storm to find the windows half open, and was totally bemused. However, having looked through the manual, I found details of the feature, and managed to replicate it from my desk the next day. After that I was always pretty careful.

However, last night I managed to do it again. I think I did it when I was lubricating a sticking door catch in the kitchen. In the process of bracing the door I think I must have managed to squash the key fob – so this morning I went out to find the windows of the car open – good job it’s a relatively safe area!

Anyway, apparently a Volkswagen dealer is able to disable the feature relatively easily – I can’t see a reason for the feature, so unless someone can come up with a persuasive argument, I think I’ll be getting my dealer to disable it just in case I manage to do it again!

Filling You With Confidence

You may have spotted on the news at the weekend that Shell have suspended the use of Chip and Pin following discovery of a £1,000,000 fraud where money was being syphoned out of customer accounts. Of course, the report is pretty non-specific as to what the problem was, with only a statement from a spokeswoman at APACS, who are behind Chip and Pin, about how the pin pads are supposed to be tamper resistant.

However, today the BBC News site posted an item containing advice from Frank Abagnale, whose exploits were immortalised in the film Catch Me If You Can, on how to avoid ID theft. Alongside his advice to not use cheques – they have all the information on them that an ID thief needs, he also laughs at Chip and Pin, highlighting that the fraudsters at Shell got their information from the un-protected magnetic strip on the back of the card. As I mentioned way back in January last year, whilst APACS will tell you how wonderfully secure the chip is, they always skip over the fact that in order to remain compatible with older terminals and cash points, all the relevant information is still in the magnetic strip on the back. I’m just surprised that it’s taken someone this long to pull off a big scam in that way.

The Abagnale article also highlights some other security loopholes with the new system. Take those snazzy wireless terminals that you often see in restaurants, those helpfully decode the information off your card, and then send it over an unencrypted radio connection back to base. Not surprisingly he has little confidence in the governments supposed foolproof ID card system – he gives it six months before someone replicates it perfectly, and with that, everything you need to pretend to be someone else is in the one place. Fills you with confidence really.

Sometimes it is Good to be Reminded

Craig Murphy has posted a great article highlighting the general lack of concern home PC users have over security under the title “PC security is not the first thing on the mind of a home user�.

He is absolutely right, PC’s are sold, and most people buy them in the same way as they buy anything else like a TV, a kettle or even a car. They expect the PC to sit there, allow them to read their e-mail, write a few letters and just work, in the same way that they expect that their kettle won’t suddenly burst into flames. Essentially with all of them they are bought to just work. The description of what happens is spot on too – the free security software never gets extended, and people put up with a lot – I know of people who quite happily clicked through about 20 porn filled pop-up windows to get to a browser window to do their online banking, without even considering what else could be on the machine onto which they are typing all their important financial details. I’ve also known a number of people who maintain that they don’t need anti-virus or security software because they don’t view dodgy sites, and don’t open attachments from unknown sources – all of them have ultimately found out to their cost that their are nasties on the Internet now that will transfer onto a PC without any intervention at all from the user, and generally ended up having to spend a lot of time and/or money getting their machines sorted out.

In fact, in general I tend to find that many people don’t start taking PC security seriously until they have had a problem like this. However, it’s not too difficult to protect yourself. Craig has some good advice and recommendations for both paid for, and free alternatives for the various essential bits of software that you need before you let your PC near the Internet. I also strongly back up his advice to go get a proper router instead of using a USB based ADSL connection. The added protection by having this extra layer between you and the internet makes a big difference.

Of course, the one suggestion I would make that Craig wouldn’t, is to consider whether you really need a PC at all. Want to read some e-mail, browse the web, do your online banking and write a few letters? You do all of those on a Mac – I do – our PC gets used for games mainly, everything else is on the Mac. Go along to somewhere with knowledgeable staff, like John Lewis or even better one of the six Apple Stores around the country to see one in action. If you can’t get one of those, get hold of a Mac magazine such as Mac Format or MacWorld – you’re even going to be able to pick up a Mac from Tesco now! Of course, I’d still recommend getting hold of a virus checker, and following Craig’s good practice, even with a Mac, but currently it’s a much safer platform to work with, and certainly not buried under nearly so much of the spyware and viruses that attack PC’s.