01The HP Pavilion g6-1d46dx was a decent mainstream laptop in its day, and you could replace it with something very similar. There have been lots of changes at the low end of the windows market, with touch-screen tablets and 2-in-1s, and at the high-end, with super-thin laptops with high-resolution screens, like the latest Dell XPS 13 and Microsoft’s new Surface laptop. But 15.6in laptops have not changed much, and they still sell by the truckload. Today’s mainstream laptops are thinner than they used to be – your HP g6 is 1.4in thick – and cheaper. However, the standard specification remains much the same. Your current laptop, for example, has 4GB of memory, a 500GB hard drive, a 1366 x 768-pixel screen and Microsoft Windows. That’s still the most common specification. Some 15.6in laptops now have touch screens, but those are optional. You’re probably not going to use a 15.6in laptop as a tablet, so you’d be better off spending the extra cash on an external Bluetooth or USB mouse. One thing that has changed is that three brands now dominate Windows PC sales in the USA, where you live. In the fourth quarter of last year, according to Gartner’s market research, HP had 30% of the whole PC market (including Apple), with Dell on 25% and Lenovo on 14%. Acer and Asus had about 4% each. There’s been a lot of consolidation in a declining market, which means non-specialist (and non-Apple) buyers rarely look beyond the top five suppliers. Both HP and Dell sell PCs from their online stores, so you can look at those for special offers. If you buy online, both companies offer reasonably-priced support contracts that you won’t get from a retailer. I am based in the UK, so I’m not very familiar with the American retail market, and I don’t know if you live within range of any particular stores. I’m therefore going to restrict my links to Amazon.com. However, you can search for alternative sources. The processor is usually the most expensive part of a mainstream 15.6in laptop and has the greatest impact on both price and performance. Your HP g6 has a 1.6GHz AMD A6-3420M quad-core processor, which is slow by today’s standards. But while your g6 is old and slow, some of today’s 15.6in laptops are new and slow. For example, based on benchmark results, the HP 15-F222WM’s Intel Pentium N3540 quad-core processor probably runs even slower than your g6, and I’d expect the version with an AMD A6-7310 to run at about the same speed. These machines sell because they are cheap: they cost only $266.98 (£207) and $258.95 respectively. For a little extra money – from $30 or $40 more – you can get dramatically better performance from a 15.6in laptop with an Intel Core i3-6100U or i3-7100U. These chips are much faster, and will provide a much more satisfying experience. The 6” in the i3-6100U indicates that this is a sixth-generation chip and a year older than the seventh-gen i3-7100U. The newer chip has slightly more powerful graphics, but in practice, you wouldn’t be able to tell them apart. Other things being equal, it’s better to have an i3-7100U, but it’s not worth paying much extra to get one. The i3-6100U is fine. Some laptops have 8GB instead of 4GB of memory, and 1TB instead of 500GB hard drives. Both are improvements, and very nice to have, but not essential for your purposes. Some laptops now have 1920 x 1080-pixel screens, which means you can see more data at once than on your 1366 x 768-pixel screen. It also means that everything looks smaller, which may not suit you. However, Windows has a built in scaling system to make text, apps and other elements bigger on your screen. To find it, type scaling” into the Windows search/run box in the bottom left. You can try 125%, 150% or 175% and pick whichever you like. (You can actually try up to 500%; not recommended.) Higher-resolution screens are better for viewing photos and watching movies, but you didn’t mention either in your emails.
02A Google Docs scam that appears to be widespread began landing in users’ inboxes on Wednesday in what seemed to be a sophisticated phishing or malware attack. The deceptive invitation to edit a Google Doc – the popular app used for writing and sharing files – appeared to be spreading rapidly, with a subject line stating a contact has shared a document on Google Docs with you”. If users click the Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to continue in Google Docs”. Clicking on that link grants permission to a bogus third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts. Google has said it is aware of the issue and investigating it. The company encouraged users to report the email as phishing within Gmail. We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.” The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated. Numerous journalists have reported receiving the phishing email, including multiple Guardian reporters. One message to the Guardian came from a maryland.gov account associated with law enforcement and was addressed to [email protected]”, and blind-copied the reporter. Reporters at BuzzFeed, Hearst, New York Magazine, Vice and Gizmodo Media have also reported receiving the scam. Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages. As the Verge noted, Wednesday’s attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but instead is working within Google’s system with a third-party web app that has a deceptive name. If users have already granted permission through the phishing email, they can go to their settings and revoke the app. More people are reading the Guardian than ever, but far fewer are paying for it. Advertising revenues across the media are falling fast. And unlike many news organisations, we haven’t put up a paywall – we want to keep our journalism as open as we can. So you can see why we need to ask for your help. The Guardian’s independent, investigative journalism takes a lot of time, money and hard work to produce. But we do it because we believe our perspective matters – because it might well be your perspective, too.
03MPs who are leaving the protection of parliament for the campaign trail will render the election significantly more vulnerable to hacking, leading security researchers have warned. According to Dr Udo Helmbrecht, executive director of the European Union’s Agency for Network and Information Security (ENISA), hackers have their best opportunity to intervene in democracies in the weeks running up to the election because parliament’s information security services are no longer overseeing their accounts. If hackers want to disrupt a democracy, elections are the time to do it, he said. As MPs head out on the campaign trail after Wednesday’s dissolution of parliament, they are no longer granted the special status of MPs and hence lose the protection of Westminster’s IT security infrastructure. This gives attackers increased opportunities to obtain data and gain access to sensitive networks. Dick O’Brien, a threat researcher at security firm Symantec, said: The nature of elections means that politicians are ripe for attack. Governments are well secured, political parties not so much. And then a campaign expands from a core party into a much more ad hoc organisations.” With thousands of parliamentary candidates nationwide, any one can be a weak spot that allows organised attackers a bulkhead from which to penetrate party machinery. If you look from a politician’s perspective or from a party’s perspective, you have different areas of concern,” said Helmbrecht. In Germany, the Bundestag was hacked. This was not a weakness in the classic infrastructure – it was naive treatment by parliamentarians.” One legislator who has been independently hacked can infect an entire network if they aren’t careful. If you plug insecure devices into a parliamentarian infrastructure, it gets infected,” Helmbrecht said. You have three areas: one is parliamentarian, where you have professional IT skills.” Against the national security apparatus protecting state IT networks, hacking attacks tend to require extraordinary means to pull off. Then you have party’s infrastructure themselves,” Helmbrecht said. Political parties, unlike parliaments and governments, tend to lack the resources for a full IT department, instead relying on commodity cloud services such as Google Apps. It was this reliance on general hardware that rendered the Democratic National Committee susceptible to phishing” in the runup to the US election: because the Clinton campaign communicated using Gmail, the hackers (known as Cozy Bear and Fancy Bear, and strongly suspected to be Russian state actors) were able to craft convincing login screens, eventually tricking Clinton aide John Podesta into handing over his password. Helmbrecht’s third area is at the level of individual parliamentary candidates. While candidates have links to the head offices of their parties, many of them operate their own IT on a largely self-administered level, hence the plethora of different website templates, email address styles and so on that an election throws up. That’s where you see people using resources, cloud services, and email, that they really wouldn’t use in a more permanent organisation,” said O’Brien. That really opens up the surface for an attack.” The researchers were speaking against the background of a report from Symantec showing that nation state-level attacks have shifted from economic espionage to more overt political sabotage. O’Brien said: I think the decline in economic espionage is motivated by the agreement between the US and China, and that seems to be holding.
04Microsoft has spent a lot of time (and money) trying to make Windows self-repairing, partly because it generally gets the blame when other programs – or users – try to improve” it. Given that tens of thousands of expert programmers have worked on the code over the past 30 years, the number of safe, simple, significant and forwards-/backwards-compatible improvements may be quite small. If Windows 10 knew you had a blank or even a black screen of death, it would try to fix it. If it can’t fix it, it should switch to the Windows Recovery Environment, otherwise known as Windows RE or WinRE, which boils down to two options: 1) Start Windows in safe mode using the code on the internal hard drive, then use the troubleshooting routines to fix it. 2) Use code on an external device such as a recovery DVD or USB thumbdrive to start Windows, and then repair or replace the code on the internal hard drive. So, your first aim should be to get to WinRE. From there you can get to safe mode and use the troubleshooting and repair options. If you can’t do that, you will have to – as WinRE puts it – use a device”. Safe mode was designed to solve the chicken-and-egg problem that you need to access your PC to fix it, but you can’t access your PC if it won’t start. In theory, WinRE makes it simple to get into safe mode. That’s not working on your laptop, but you can try to force it. Windows RE is supposed to appear after your PC has failed to boot two or three times. That depends on Windows 10 counting boots correctly, as distinct from restarting from sleep or recovering from some other failure. However, you are definitely booting your PC if you start with it turned off. To make sure it is off, hold the power button down for at least five seconds. (Touching the power button usually invokes a sleep or hibernation mode where the PC can be woken up by a network connection.) In extremis, you can ensure it’s off by unplugging it from the mains and removing the laptop’s battery, if possible. If not, you can leave it until the battery runs flat then try again. Before WinRE arrived, you could get into safe mode by pressing a key such as F2 or F8. (You may need to look up which key to press.) That worked when Windows generally took from 40 to 90 seconds to start. It’s impractical with today’s Windows 10 computers, which can start in eight to 10 seconds, but you can still try it. It may bring up WinRE or the UEFI/Trusted Platform Module (TPM) screen – see below. Once you get into Safe Mode, you can use the troubleshooting and reset or recovery options to repair your PC. Since you have a blank screen problem, it may be worth updating the video graphics driver. Other troubleshooting options include System Restore, System Image Recovery, Startup Repair, Command Prompt, Startup Settings, UEFI Firmware, and Go back to previous build”, if there is one. System Restore would take you back to a setup saved before you ran your tune-up utility. System Image Recovery would depend on you having made a system image backup beforehand. (This is always a good idea.) Otherwise, Windows 10’s troubleshooters cover a wide range of topics, including the old BSoD or Blue Screen of Death. There isn’t one for the Black version, but Microsoft has some online help at Troubleshoot black screen problems.
05It’s complicated. I’ve spent more than 20 years recommending various anti-virus programs as an essential part of any Windows setup. However, Windows has changed, and the threat landscape has changed. I am no longer sure that a third-party AV program is essential, and some of them may be detrimental. Of course, needs vary. Some people are more accident-prone than others, and some are less sensitive to threats. Some venture into riskier parts of the internet. Some need to protect very valuable information. All these factors should be taken into account. A risk-aware Windows user can probably survive without any anti-virus software at all. I ran Windows XP for a year to try to prove it. Less knowledgeable users can get their PCs infected no matter how much protection you give them. Software can’t protect people from themselves. Most of the major AV products started out when many viruses were written by amateurs who were showing off. That’s no longer the case. Today’s malware is written by professionals who are in business to make money. They are less interested in viruses that replicate themselves – their delivery mechanisms are emails and websites. They don’t want to show off: they want their malware to stay hidden. They are interested in collecting financial information and passwords etc, but there’s also a trend towards ransomware. They know they can blackmail people into paying for something they value – their personal files, financial information, family photos etc – and the arrival of Bitcoin has provided a secure way to collect the cash. The best defence against ransomware is an offline backup of all your essential data. Most of the major AV products started out when Windows and its major browsers were insecure. That’s no longer the case. In 2002, Microsoft cofounder Bill Gates launched the Trustworthy Computing Initiative to make security the company’s highest priority. TCI training and methodologies changed the way Microsoft designed and developed software, and the result has been a dramatic reduction in Windows PC infection rates. Windows 10 now includes a vast array of security and threat mitigation” technologies, to the point where the main threats to Windows users come from third-party programs such as Oracle Java and some Adobe software. There has also been a huge improvement in the security of web browsers, particularly Google’s Chrome and Microsoft’s Edge. Chrome is securely sandboxed, which helps protect the underlying operating system from web-based attacks. Google also runs a bug bounty” program, which pays researchers up to $100,000 for each exploitable hole they find in Chrome or Android. It paid out more than $3 million last year, making Chrome even more secure. Further security improvements have come from safe browsing” systems, which blacklist websites that host malware. Google Safe Browsing is now part of Chrome, Firefox, Vivaldi and Apple’s Safari, while Windows 10 has its own built-in SafeScreen filter. If you are worried about a website, you can check it manually at Google’s website. The result is that Windows 10 users are not sitting ducks, like Windows XP users, as long as they keep their software up to date. This includes updating browsers and other third-party software, using a free tool such as Flexera’s Personal Software Inspector (PSI), Patch My PC, or Kaspersky Software Updater.