Studio711.com – Ben Martens

A laptop recently landed on my desk full of some lovely viruses. I won’t say who it was, but really, you shouldn’t be too embarrassed. These virus writers are good at what they do and it’s easy to be tricked. As I fixed up the laptop, I thought about a short series of blog posts that might be of interest to many of you readers, not just the household that got hacked. I’ll cover how virus writers try to get you through your browser, how they attack via email, and then what to do after you suspect you’ve been hacked.

The most common viruses get onto your machine because you clicked something. It’s pretty difficult to have a computer sitting idle with no human in front of it and get a virus. We are the weakest link. So when hackers try to attack you via websites, they’re going to present you with something that is out of the ordinary, but just plausible enough that you’ll click on it. These popups might seem fairly legit. Here’s an example:

A geek will look at this and know it’s fake, but to the general populace, this seems like something serious that should be fixed by clicking Accept and Install. How can you tell it’s fake? That’s tricky but some basic ways are that this installation box is inside of a browser window. That’s your first red flag. What video player is it trying to update? If it’s going to install something, it should be pretty specific. If you have questions you could take that product name and search for it.

But really the best way to defend against this type of thing is to know the legitimate ways you’ll be warned about this type of thing and then be incredibly suspicious of anything that tells you to install something or “click here to fix your computer.” These days, nearly everything that is needed to fix your computer happens automatically in the background via Windows Update. You might see some notifications from Microsoft Security Essentials when you haven’t run a scan in a while but that’s about it.

You should also have Windows User Account Control enabled. Whenever a program tries to install on your machine or access protected areas of the operating system, it will pop up a warning dialog that asks if you’re sure you know what’s going on. Unfortunately if you believed something like the image above then this probably won’t stop you, but it’s a good backstop to really think about what you’re doing.

So if you get a popup that says you have a virus or that is asking you to install something unexpected, just stop. It’s probably a lie, but just in case it’s legitimate and Microsoft Security Essentials is trying to save you, snap a photo with your phone and email it to your favorite geek. Ask them if it’s legit and what you should click. You might save yourself a lot of trouble.

My project at work is called Power Query for Excel. We released our first version last summer and now our second version is available as part of a larger offering called “Power BI for Office 365.” BI stands for Business Intelligence. The offering includes a bunch of tools that help you make sense of your data, create nice reports and then share them out with your colleagues. This marks the first time that something I’ve worked on at Microsoft is available for purchase!

But never fear home users, while the collaboration and sharing features require payment but you can use some of the pieces for free. For example, you can download the latest version of Power Query from the Microsoft download center.

It’s exciting to see all our hard work available for public use and we love getting feedback! Please use the smile/frown buttons on the Power Query tab in Excel or leave feedback in the Power Query forum (or one of the other Power BI component forums.)

The marketing department put together a nice Power BI overview video. The Power Query specific part is in the “Discover” section around the 36 second mark.

I don’t know about you, but I’m an email packrat. Steve Gibson, the security genius behind grc.com, recommended mailstore.com and I’ve been really impressed with it so far. It runs locally, sucks in mail basically any source you might have (online mail, local Outlook, Exchange, etc), removes duplicates and then indexes it all for crazy fast searches. I love having everything in this nice clean searchable format across all my various accounts through the years. It’s so much cleaner than my old mess of saved PST files and multiple web mail accounts. This also lets me delete all my old email from GMail and Hotmail. There’s no longer a compelling reason for me to let them see all my old data.

I’m still dusting off some old email archives and finding more lost messages, but right now I have 110,000 messages in this database and it only takes up 3.6GB (and that includes attachments.) Searches return results almost instantly, and if for some reason I don’t want to keep using this program, there are easy options for exporting to a wide variety of locations and formats. The only complaint I have is that it can’t detect duplicates that are loaded from the same source. So if I have a piece of mail that gets loaded from GMail and also from my Outlook cache, it will show up twice.

They have a paid corporate version but there is also a version that is free for personal use. There are probably other solutions out there, but I’m loving this one and I give it two thumbs up!

I’m sure Facebook has some business reason for forcing me to view my news feed in the “Top Stories” order, but it’s really frustrating to me. I don’t care about what they think are the top stories. I just want to see things in the order they happened. Thankfully they change the URL when you change your sort order, so if you want to always view your news feed in “Most Recent” order, change your bookmark to https://www.facebook.com/?sk=h_chr.

I have about a dozen Windows Phone and Windows 8 Store apps. They’re all paid apps, mostly because I’m too lazy to mess around with advertising and it’s nice to get a little money, even if it’s just a few bucks, for my hobby. CascadeSkier makes up about 90% of all my downloads, but even that one isn’t huge. I decided to open the kimono a bit and share the results of a recent experiment where I offered both apps for free for three days.

Windows 8 Store
This version has been out since 2012 and as of today I have 1574 downloads. This app offers a free trial for a couple days and then you have to pay $1.99 to continue using it. During the period where the app was free, I got 120 downloads so that’s a pretty good chunk considering I only have 1500 total downloads. The really interesting part is that after the free period ended, I saw another peak of about 20-30 downloads and about a third of those people bought the app. We’re not talking huge money here, but it does appear that some of the people who downloaded the app for free convinced acquaintances to buy it later.

One random stat unrelated to the free trial: over the last 12 months, 1 out of every 7 people who view the app in the store download it. 27% of those people buy the app and 75% of those people buy it without even attempting the trial.

Windows Phone
The Windows Phone app has been out since 2010 and it has 1758 downloads. During the free period I got 200 downloads but there was no follow-on peak of paid downloads.

This was an interesting experiment. In reality I probably should have done this a long time ago and maybe I’ll do it again in the future. The reviews show that pretty much anybody who uses the app loves it. So that implies that the more people that are using the app, the more people will hear about it. The flip side of this argument is that I target a very small customer base. This app only applies to skiers and snowboarders who live in Washington or the Portland area and who use Windows Phone or run apps from the Windows 8 Store. I often wonder how close I am to saturating that market.

So you’re getting rid of some old hard drives, but you’re nervous about just throwing them in the trash. If the idea of creating a USB boot key doesn’t frighten you, then you should know about Darik’s Boot and Nuke. Simply deleting files or formatting the drive doesn’t actually erase the files on the drive. You need to overwrite every sector on the drive multiple times to really be sure.

Reboot the computer with either a CD or USB key inserted and you’ll boot into DBAN. From there you can choose a number of options for wiping the drive that range from writing 0’s one time across the whole drive to doing much deeper scrubs with multiple passes. I generally default to “DoD Short Wipe” which does three passes. That could take you a day or two with today’s larger drives, but it’s nice to know that nobody is going to find my old hard drive and pick any data off it.

I’ve also been known to physically take drives apart and smash the platters with a hammer (wear safety glasses!) That’s messy and technically it’s still possible to read data if the pieces are big enough, but it’s good enough if I’m in a hurry.

P.S. If you find yourself doing stuff like this often, consider picking up a hard drive dock. It’s a lot easier to swap drives in a dock then to physically open your computer. This is the one I’ve had for a while, but you might want to consider a USB3.0 model too.

I’ve been using GMail for about 10 years. Yes, it looks like you send mail to @studio711.com and receive a reply from there, but in the background, it’s getting sent to GMail. That’s not a huge deal but I’ve always felt a little guilty for not using my own company’s offerings. Plus, with the updates over the last few years, Outlook.com is at least on par with GMail, if not a little ahead.

So why didn’t I switch? It’s nerdy, but here you go. My old email DNS records were hosted by GoDaddy and all they did was forward email from all of my domains to GMail. I’d set up my mail clients to receive email from GMail and send through GoDaddy. Sending through the GoDaddy SMTP servers meant that I could send mail from my Studio711 domain. I was unable to replicate that in Hotmail because I couldn’t figure out how to set up an account that receives from Hotmail (which uses Exchange Active Sync) but send through a custom SMTP server. However, I recently discovered that in addition to EAS, you can access Hotmail through POP or IMAP. So I was able to forward all my email to Hotmail and then use a similar setup in Outlook except I point to the Hotmail IMAP servers instead of GMail.

Microsoft also offers to take over all mail handling for your domain. This lets you sign in to Outlook.com with [email protected]. You can send and receive just as you would expect without any extra hassle. Ideally I’d just have them handle all the Studio711 email and then I wouldn’t need such a complicated setup. The stopper is that the domain solution does not allow catch-all email accounts. Right now you can email anything @studio711.com and I’ll get it. I rely on that heavily. Whenever I sign up for a new website, I give them a custom email address so I know if they sell it to anyone. It also makes it really easy to filter out junk mail that just won’t stop. So if I let Microsoft manage my mail records, I’d have to manually create an account every time I hand out a new email address. Since I already have hundreds or thousands in the while, this was a non-starter.

Are you asleep yet? I imagine there are maybe two people who actually followed all that. If you didn’t, don’t worry. The bottom line is that I’m now running all my email through Microsoft servers instead of Google servers. I’m obviously biased, but I trust Microsoft more with that information than I trust Google.