Links above are to Ask Leo! articles based on the transcript below.
Download the mp3 [18M]
Welcome to AskLeo! Answercast #158. I’m Leo Notenboom and I’ll be answering questions that people are asking out at askleo.com.
Today’s Answercast is brought to you by Saved! Backing Up With Macrium Reflect. Prepare for the worst and bounce back from the inevitable. You probably know that I talk a lot about backing up on Ask Leo! As I say at the end of every Answercast, it really is the closest thing to a silver bullet. When it comes to computer problems, most especially including malware, nothing can pull your behind out of a fire like having a proper and recent backup ready to go.
Macrium Reflect is my go to backup program. Saved! Backing Up With Macrium Reflect is my book that walks you through downloading it, installing it, setting up your backups, making them automatic – and then walks you through testing those backups, restoring those files and restoring your entire Windows system if need be.
But wait, as they say, there’s more! Once you register the book, using a link that’s inside the book, you’ll have access to a complete set of companion videos that show you how to do each of those things. But regardless of how you buy it, registered owners also get access to digital copies in pdf, mobi and epub formats for your e-readers.
Check out Saved! Backing Up With Macrium Reflect today! Go to askleo.com/macrium for more.
What’s a dynamic disk?
Leo, first, thanks for all I’ve learned from your newsletter and your books. A couple of weeks ago I bought Saved! Backing Up With Macrium Reflect and began learning how to use Macrium Reflect. I registered the book and downloaded the pdf version. A few days ago, I downloaded and installed on my Windows 7 laptop the trial version, version 5.2. Now that I’ve succeeded in creating the rescue CD and booting from it and creating several daily scheduled full backups on a 1 TB external drive, I decided to purchase it.
But when I went to the website to buy a personal version for home use, I found that there are two options. A standard version 5 or a professional version 5. The web page explains that the professional license offers the features of the standard license plus “Dynamic disk support” and “Restore images to new hardware using Macrium ReDeploy”. I think I understand why Macrium Redeploy might be very helpful sometime in the future but dynamic disk support begs a few questions. What is a dynamic disk? Does my Windows 7 laptop have a dynamic disk? What is dynamic disk support? Does a home user, like me, need dynamic disk support for a Windows 7 laptop?
You know it seems like a disk would be a really simple thing. I mean you put some data on it, a little organization around it to find that data and your done. Right?
The good news here is that most folks really don’t need to care about dynamic disks. But they are kind of interesting.
Basic disks are the disks you’re familiar with already. Essentially a basic disk pretty much matches the relatively simple idea that I mentioned. The basic disk typically contains one or more partitions, the partition contains one or more volumes and those volumes are formatted using one of several different types of file systems like FAT 32 or NTFS. While there are several layers to this scheme, the approach is actually pretty straightforward.
Dynamic disks differ in several different ways. For example, rather than having a partition table to determine where all those partitions physically are on a disk, they actually have a partition database. That database implies that you might be able to do a few more things with dynamic disks than you would with a basic disk.
Consider this really common scenario. You have a disk with two partitions and some unused free space. It’s partition A followed by partition B, followed by that free space. With a basic disk, if you want to use that free space to increase the size of partition A, you must first rearrange things so that the free space is actually next to partition A. That typically means moving partition B so that you end up with, instead, partition A followed by the free space followed by partition B.
You could then merge the free space into partition A next to it so that partition A takes up the total. You’re left with a larger partition A followed by partition B and that’s it. And to be clear, there are several partition management tools out there that can do exactly what I’ve just described – and in fact later versions of Windows; the disk management tool itself can usually do this kind of thing.
With dynamic disks, the possibilities are actually slightly more flexible.
Rather than move anything, you can create a partition, of sorts, out of the free space and then simply say that partition A is made up of the area in front of partition B and the area after it. Your disk then looks like the first part of partition A, followed by partition B, followed by the second part of partition A.
To your computer it looks like two partitions – pretty much as normal. But on the disk the partition is actually broken up and lives in two different places.
Now, the technical term for those parts of a partition is “extent.” And as we’ve seen, extents don’t have to live next to each other to be used to create a single volume. So, that partition A that we just talked about is made up of two extents. One before and one after partition B.
But wait, it actually gets better; extents don’t even have to live on the same physical drive. The simplest case is taking two hard drives, setting them up as dynamic disks and then creating a single partition that encompasses both disks. Your system now sees one partition. The fact that it’s physically implemented as two separate drives is hidden. This is what they call a “spanned volume” since it spans multiple, physical disks.
But, there’s more! Striped volumes are like spanned except that instead of putting, say, the first part on one drive and the second part on another, the data is actually intermixed. Chunks of data alternate between one drive and the other. Now while this sounds kind of confusing there’s a very good reason for it. It turns out that when you distribute your data evenly across the drives like this, it’s actually faster to read and to write the data to and from that combination of drives.
Mirrored volumes, on the other hand are exactly the opposite. Two drives are used but the amount of data represented is equivalent to one drive. Why? Well, when you write data to the drive, it’s written to both so that if one fails its mirror can continue on without data loss. Again, two drives, but to the system it looks like a single partition.
And of course, RAID-5 is a little bit of everything so far – and RAID-5 can be implemented using dynamic disks. Three drives are used; two for data and one for error checking. As it turns out, when done properly, any one of those three drives can fail without data loss.
As I said, chances are, you have a basic disk. Particularly, if you have only one drive you almost certainly have a basic disk and chances are that you don’t need the functionality offered by dynamic disks. Even if that functionality actually is kind of cool.
Is anti-virus dead?
Hi, Leo. Do you have any observations, comments or advice about the recent Symantec talk given to Wall Street Journal? They seem to say that only 45% of anti-viruses are caught. Are we as home users more prone to attack nowadays, or is this comment mainly directed to companies as an earnings increase tactic? I’m sure we’ll be interested in their falling profits.
Yea, this actually made the headlines a couple of weeks ago. The headline that was being generated of course, was “Antivirus is dead”.
No. Antivirus is not dead. This is just another case, in my opinion, where somebody chooses an exceptionally sensational headline or position in the hopes that it will get people talking. Apparently, they succeeded because here I am, talking about it.
I actually have no idea where the 45% figure comes from. I have a hard time believing it’s a reflection of anti-malware tool effectiveness. What I could believe is that it’s the result of some kind of combination of people not keeping those tools up to date, or intentionally ignoring their warnings, or perhaps not even not running them at all. So exactly what it means is unclear.
But if it’s a global statement of overall effectiveness of the tools, well, I disagree.
But let’s say, just for a moment that it’s right. Let’s say that you really only have about a 50/50 chance of malware getting caught by your anti-malware tool. And again, to be clear, I do not believe this is the case; I’m just letting it slide so I can make my next point. If there’s any point to really take away from the discussion then, it’s this: anti-malware tools are only a part of the solution anyway. One thing I can agree with is that you cannot rely 100% on anti-malware tools to protect you from everything.
First, not all tools catch everything; I’ve said this before. There is no perfect anti-malware tool.
Second, not everything that we might call malware is in fact, malware. Consider the recent rise of what we’ve come to call “foistware.” These are the toolbars and other things that get installed kind of behind your back as you install something else. Technically, they’re not malware and yet to most people, they are. Anti-malware tools may or may not even try to catch these so-called potentially unwanted programs or PUPS.
Third, no anti-malware tool can stop a user from doing something that that user is intent on doing. It’s been referred to as the “dancing bunnies” problem. If you get something that promises you a video of cute, dancing bunnies, you’re going to do everything in your power to see the dancing bunnies you’ve been promised – even if that means circumventing the security systems on your computer, and even if the promise of dancing bunnies is a lie. I’ve seen many, many kinds of posts and scams on Facebook that really leverage this dancing bunnies problem.
The fact is not much has changed. Anti-malware tools were never 100% solutions though I’ll certainly claim that it’s more than a 45% solution.
No, the real solution is, and has always been, a combination of things that I actually mention here fairly regularly and a combination of things that you already know. Yes, use anti-malware tools and keep them up to date but use a firewall; keep all your software, especially your system software as up to date as possible. Don’t open email attachments that you aren’t absolutely sure of. Secure your network; back up – but above all, be skeptical because by far, the single most important anti-malware tool in your arsenal is you.
I see lots of failed attempts to login to my account, should I do anything?
Hi, Leo. I was changing my password tonight on Hotmail and went into a section I never noticed before called recent activity. I was shocked to see that in the past two weeks there were a ton of failed attempts from nearly every country on the map that had tried to login to my Hotmail account. Is this normal? Should I be scared? Should I close the account? I’ve had this account since 1997 so it has lots of information about me in different folders. Thanks.
Honestly, no, what you’re seeing just doesn’t surprise me. I do have some suggestions on what you should do, but closing your account isn’t one of them.
I actually didn’t know that Outlook.com would show recent activity. I’m actually pretty pleased that it does. So for those who haven’t seen it yet, click on the gear icon when you’re logged into Outlook.com; click on Options; click on Account Details and then on the left-hand side, you should see something called Recent Activity. Click on that.
Or, you can go directly to https://account.live.com/activity. You will, of course, need to confirm your password for security.
Now, I did this and I noticed that someone had attempted to access my account from France and Japan and Ecuador and the Netherlands. You know, one thing that everyone really needs to realize is that our accounts are pretty much under constant attack. Or at least, we certainly need to act like they are. Hackers or bots or who knows what else are basically trying to get in by just about any means into any account that they can find.
They’re typically unsuccessful but really it only takes once to get hacked and from their perspective, even if they try a million automated attempts to these kinds of account entries, if they even only get one, they’re successful.
The single most important thing you can do is to choose a good password. The longer the better and the more random the better. Ideally, you’d use a password manager like LastPass to remember them for you – so that you can choose something that’s completely random; so random that there’s simply no way to remember it.
And of course, the other thing you need to do is never, ever use the same password on more than one site. Very often these hacking attempts that you see here are actually the hackers exploiting data that they may have found somewhere else. Perhaps a different account has been hacked and they’re simply trying the password they found there at every other account they can think of that might possibly be related.
I also strongly suggest setting up two-factor authentication for any account that you consider to be particularly sensitive. When you’ve got two-factor authentication it’s just not enough to know the password. You can have the password and still not get in. You also have to prove that you’re in possession of the second factor. In my case, as an example, I need both my password and a number generated by an application that’s on my smartphone in order to login to my Outlook.com account. Even if a hacker gets my password, they still can’t login because they don’t have that second factor and yes, it sounds like it could be a little annoying to have to have that second factor for every login. In reality, you don’t; there are some shortcuts you can take on computers that you could use regularly.
But what’s important is that someone coming in from a brand new location elsewhere on the planet cannot use those shortcuts. They must have that second factor, which of course, they won’t.
Ultimately, in your scenario, I really don’t’ think there’s anything to be truly concerned about. It is, however, a very real reminder of just how important password and account security really is.
How can a hacker try all possible passwords if systems block the login attempts?
I understand that my password, especially if it’s not very strong, can likely be figured out by a computer driven program using trial and error. For example, all permutations, combinations of numbers, letters and special characters. What I don’t understand is this – wouldn’t a hacker, be it a person or a machine, have to actually try each and every one of these computer derived guesses on the sign-in screen of the website that they are trying to access to see if they get lucky? My experience tells me that after just a few failed attempts at entering a password, the website will not allow any more tries? So how in the heck are they able to try out all of the thousands of possible passwords that he comes up with?
What you’ve described is called a brute force attack and you’re quite right; it’s a rare system that will allow such an attack to proceed past the first few errors – but that’s not the only option a hacker actually often has available to them.
As you said, this type of attack simply involves the hacker trying to login using your ID and every possible password in turn. Most good systems will note that the same person has been trying to login unsuccessfully too many times, and it will typically lock the account either for a few minutes or perhaps for an extended period of time. This type of brute force attack is most often attempted using a computer and thus even inserting a lock of a few minutes makes even the fastest automated attack impractical. But to be honest, even when systems are operating full speed, the login process is typically slow enough on its own to make this type of brute force attempt impractical anyway.
So to put it another way, it’s not what hackers, or at least the smart ones, actually, do. If they’re going to attack via simply logging in, what they’ll do instead is stack the deck. You’ve probably seen those reports that come out every year that show the top 100 most popular passwords, and of course we use that as an example of how awful these popular passwords really are. Don’t use them. But those lists are just the top 100. Hackers can and sometimes do take the top 1000 or 10,000 or 100,00 passwords and try those in order of popularity. Given how many people use these bad passwords, it’s potentially worth the hackers’ time to try them. Even if there are periodic delays.
Just the top 1000 tried against a large number of accounts will probably get them access to a depressingly, surprisingly, large number of those accounts.
But there’s more; there’s actually a very practical and reasonable way for hackers to try every password. I’ve talked before about how many services store your password. They create what’s called a hash of the password. Think of it as a kind of a one-way encryption that can’t be undone. In other words, you can create a hash from a password but you can’t get the password from that hash. Add to that, it’s statistically impossible for two passwords to generate the same hash. So when you set your password, the service creates the hash associated with it and stores the hash.
When you login, the service again creates the hash of whatever you typed in as your password. It then compares this hash with the hash that it created when you set your password. If those two hashes match, then you must have typed in the same password this time as you did when you created the password in the first place.
Now, you’ve probably heard in the news about various data breaches at large companies. A hacker gets in and gains access to things that they’re not supposed to. One of the goals of many, if not most of these hackers is to get a copy of the user account database. That’s the list of user IDs and password hashes. Once they have a copy of that database, they can then go to work.
Then on their own computers, at extremely high speed, they can literally try every possible password. With each attempt, they create the hash; they see if that is in the database they just stole and if it is they now know the password for the user account that had that hash. It’s the password that created the hash like they just did. This is where password lengthy and complexity come into play.
It’s currently quite feasible to try all possible 8-character passwords. That’s why most industry experts now say 10, or even 12 or longer, is the new minimum length of a password. The amount of time required to try them all increases exponentially each time you add a character to the length. So it’s just not practical for hackers to try all possible 12 character passwords today. It would take years, even with the best equipment and of course, adding special characters means that the hackers have to test all possible passwords that include not just letters and numbers but also those characters making it take even longer.
So, yes, there are absolutely scenarios where hackers can and do try all possible passwords. They just don’t do it by trying to login each time. There are scenarios where they pick the low hanging fruit of those people who have picked poor common passwords.
So the lesson here of course, is to choose long, complex passwords. Yes, it’s possible that even those can be compromised by malware such as key loggers. That’s why I also advise adding something like two-factor authentication to your important accounts. With two-factor authentication, even knowing the password isn’t necessarily enough to get in.
What makes a site secure?
Once, I read that secure websites should begin with https. Well, yours just starts with http. I figure it’s safe but apparently missed the distinction between safe and unsafe computer addresses.
A secure site has a very specific meaning when it comes to the internet. It’s about technology. And you are correct, askleo.com is not a secure website. It is, however, a safe website.
Let’s review what all that means.
A secure website (i.e. a website that you visit using https) means exactly and only two things:
- It is who it claims to be.
- The information you exchange with that site is encrypted.
That’s it. That’s all that https means; that’s all that a secure connection means. Here’s why those things are critically important and why we refer to them as secure.
I’m going to use PayPal as my example secure site but it could be your bank, your credit card company, your online medical records, I don’t know – any number of different things that might contain sensitive information.
It is who it claims to be. This prevents people from setting up websites that for example, respond to PayPal.com but are not related to PayPal at all. In order for a site to be able to set up a secure website, they must go through a level of confirmation that they are who they claim to be and that they have the right to ask for the security setup for a particular domain like PayPal.com.
So, assuming you are going to the proper address, like an https connection to PayPal.com, you can be assured that you are indeed reaching the real PayPal.com and not some faker trying to hack your account information. So that’s one level of security.
The other is encryption. Https connections to secure websites exchange data by encrypting it first. What that means is that no one can listen in on your conversations. That’s important because when you’re exchanging sensitive information with a site (like your login or personal information with something like PayPal) you don’t want anybody to be able to see what it is you’re saying. Encryption ensures that only you and the site you’re talking to, PayPal in our example, can actually see the data.
The way the internet is constructed, anyone who takes part in getting the data from your computer to PayPal’s, could potentially see the data. Encryption ensures that they see only noise. That’s the second level of security. So, a secure website technically only means that it is who it says it is, the domain’s not been hijacked somehow, and that no one can listen in to the information that you exchange.
That’s quite different than safety.
A scam artist could certainly set up an https secure site and try to scam people out of their life savings. Https only says that the domain name you’re going to belongs to the person it says it does and that no one is listening in on your conversation… as he steals your life’s savings. Calling something a secure website only means that the technology being used meets those secure criteria and has absolutely nothing to do with the safety of actually using that website.
Now, Ask Leo! doesn’t need to be a secure website. Why? Well, because you’re not giving me any sensitive information. There’s no incentive to hijack the domain because there’s nothing of immediate monetary, or other, value being exchanged. Similarly, there’s no need to encrypt the communications. The questions people send me are not sensitive, and the articles that I post most certainly aren’t something that need to be hidden from someone’s view. There’s no reason I would need to jump through the hoops and the expense of setting it up as a secure website with https.
And again, remember, calling something a secure website is only about a bit of technology – nothing else.
On the other hand, I of course, hope that you consider it to be a safe website. Safety is more about reputation than technology, and hopefully my reputation is such is that you feel very safe visiting my site and asking me questions and reading my answers.
How do I test my backups?
I do backups of my data using Windows but it’s not maybe as retrievable as I would like it to be. I don’t know exactly how to test whether my backups are really there. It says they are but are they? I’ve had to use the system image to restore function once when my computer became infected with something. I basically just transferred the system image back to my C drive and it solved all my problems. I must say I’m thankful to you for strongly encouraging everyone to do backups. I can’t tell you how many friends and family have lost stuff – everything – because of not backing up. Pictures, important data. Loss of pictures, seems to be the most heartbreaking.
Yea, I hear those heartbreaking stories all the time and yes, it is indeed one of the reasons that I talk so much about backing up.
So, the scenario that you’ve described, this concern about not knowing whether the backups are there are not, is actually a very common concern. It’s so common that I actually make sure to include a chapter about it in each of my books that talks about backing up with specific tools. So, let’s review how you can get a little bit of confidence that what you have will be there when you need it.
The ultimate test, of course, is exactly what you ended up doing – performing a full restore.
A full restore, as you did, is perhaps the most important scenario to have work since it’s the scenario that can save you from just about any problem you might encounter. Malware infection? Restore the image and it’s gone. Hardware failure? Replace the drive, restore the image and you’re up and working again.
The problem, of course, is that as a test, a full restore is really, really risky. By definition, a full restore is a destructive operation. By that I mean, it erases what’s currently on the hard drive and replaces it with the contents of the backup image. If that fails, part way through, you’re actually worse off than when you began. You found out that your backup didn’t work but you trashed what was on the hard drive in the process. The very restore you would want, to then be able to fix that, is the restore your test just discovered doesn’t work!
So, here’s my approach to testing backups.
First, create the rescue media from your backup program if you haven’t already. That’s basically the CD or DVD that you would boot from in order to perform that full restore. Then boot from it. Make sure that it can actually see the drive that contains your backups images. This is one place where a number of folks run into trouble. In my books, I actually outline this. Do a step-by-step beginning image restore, stopping at the very last minute before the restore would begin. This verifies that your recovery disk works, and that the backup program can access what’s necessary to perform the restore.
That’s about as far as you can go without actually performing the restore. So at that point I have people cancel and reboot back into Windows but it’s actually tested quite a bit.
Next, I recommend simply restoring a single file. Most backup programs will allow you to extract individual files from your backup image. So do that. Exactly how is going to vary based on what backup program you’re running but the scenario is the same. Delete or rename a file on your hard disk, presumably an unimportant one and now go through the steps appropriate for your backup program or scenario to restore it from a backup.
If you succeed, great! Had this been an actual emergency, you would have received a relatively good level of confidence that these files can be restored. If you fail, however, you now know that you need to revisit how you’re backing up to make sure that you’re backing up what you need to and in the appropriate manner.
Now there’s one final test that I like to perform as well – and that’s simply making sure that the files you think are in your backup, are in fact in your backup.
For example, in the Maximum Reflect book, I outline how to mount a backup image as a virtual hard drive. You can do this with Windows 7 backup as well. Then you can examine the entire contents of the image to make sure it contains what you expect. Poke around in the backed up Windows folders to make sure all of Windows is there.
Poke around in the folders that contain your data to ensure the same. Basically, look around inside that image to ensure that it has what you might need should the worst ever happen.
No, these tests are not 100%. Only performing a complete restore will ever tell you that but these tests can give you a very good feeling of confidence that things that often get in the way of a working backup won’t get in the way for you.
That wraps it up for this week!
If you have a question about your computer the internet, technology, that kind of thing, head out to askleo.com to search for an answer or ask your question. You might hear it answered here on one of my future weekly Answercasts.
Sign up for my newsletter – the weekly Ask Leo Newsletter contains more answers and fixes, safety tips, and opinions, and even the occasional rant. I always try to make it educational, informative and even a little entertaining.
I have several books available out at askleobooks.com. From backing up to computer maintenance Ask Leo Books can help. Most of the books include companion online videos accessible only to those who’ve purchased the books as well as digital downloads to the books in popular computer and e-book formats.
Speaking of backing up, please do it. Seriously, just do it. I plug this every week because it’s so important. Nothing can save you from almost any computer disaster, like a proper and recent backup.
Finally, I do have to let you know that all of my answers, are based on my own personal experience and should be used entirely at your own risk. I don’t know you, your abilities, or the specifics of your machine and those kinds of details can make all the difference in the world. The Ask Leo! Answercast is a production of Ask Leo! and is copyright 2014. Thanks for listening. I’m Leo Notenboom and I’ll be back soon with another Ask Leo! Answercast.