Computer Care and Safety Guide
by the Computer Care and Learning team
This is by far the best and most important step you can take to protect your hard work and your precious time.
Backup your data thoroughly and check your backup carefully. At least one recent backup should be tested and then taken offsite, and we strongly recommend you keep more than that. Check your backup: are all the subdirectories there? Number of files makes sense? Size looks right? Can you open a recent document?
That is the basics of backups, but actually doing them effectively is a bit of an art. Below we'll walk you through our way of doing this, but we urge you to work with a trained computer person to review your situation. As always at Computer Care and Learning, we want you to do as much as you can yourself, but we want you to have us, or another good computer company, in your loop, to make sure your process is as safe as it can be.
Interestingly, the first step to a good backup is a good backup password. We'll help you with passwords and using a password safe in detail in step 2, but for now you must choose a good backup password so that you can get on with your backups. You may have some passwords you use all the time, but we urge you to start fresh. Pick a song or a poem or a saying that you like, and take the first letter of each word, or use the words themselves. Add a punctuation mark and a change of case. For example, using the song Row Row Row Your Boat:
To be safe, tweak the song a little, so someone who tries to break in can’t try a bunch of songs successfully:
So instead of Row row row your boat, gently down the stream, you could make it Row row row your boat, gently up the river
This is hard to crack, easy to remember, and easy to give a helper over the phone.
Now you have a good strong password, and you're ready to backup.
We are huge believers is multiple layers of backup. This is not from some ideology, but from hard experience with computers-- we have found that very often, several systems fail at once. (Isaac Asimov, in his Treasure of Humor, tells a joke about Cecil B. De Mille that captures this truth-- http://tinyurl.com/asimovDeMille)
We recommend two layers:
1.Winzip to flash drives
2. Acronis (for Windows users) and Time Machine (for Mac users) to external hard drive.
Instead of the Winzip to flash drive backup, some customers choose to use online backup, such as Carbonite or Mozy.
Winzip with flash drive backup details:
We use Winzip with strong encryption to make a vital data backup to a flash drive daily. This backs up your data only, but does it in an extremely convenient, safe and accessible way. This way allows lots of offsite backups, which is essential to protect against violent viruses like Cryptolocker.
We use two flash drives, and alternate them each day, and carry them with us. We also make a weekly backup, and keep it offsite for a month, and a monthly backup, and keep it offsite for a year. So you have:
Flash drives 1 and 2-- one attached to the computer, one in your bag.
Flash drives week1, week2, week3, week4, week5-- kept offsite, and recycled monthly
Flash drives January, February, March, April, May, June, July, August, September, October, November, December-- kept offsite and rotated yearly.
Keep one drive offsite for each year.
Winzip is from www.winzip.com. Winzip Standard is fine, for about $30. Once you have installed it, go back to http://www.winzip.com/prodpagecl.htm and download the command line utility. We use this to make a simple batch file that will zip up your files, encrypted, into one Zip file and copy it to your flash drive. We recommend that we do this for you, or show you how, as it takes some machine knowledge to make it work properly. For those who want to do this themselves, read on: the command line utility provides a help file with syntax. We use a batch command that looks like this:
wzzip OurData.zip c:\companyData\*.* -rP -sRowrowrowyourboatKiwi!
Notice that winzip uses target first, then source, an ancient legacy from its parent, PkZip.
the -rP means do paths with recursion, which gets all the subdirectories. -s lets you do a password (unfortunately in the clear, one of the flaws of this system. Winzip professional lets you hide this somewhat, but seems to have other problems).
One subtle detail: when you encrypt with Winzip, filenames are still displayed and can be seen without entering the password. If the filenames contain confidential data-- say, client names in a law firm-- run winzip a second time:
wzzip Locked-OurData.zip CompanyData.zip -rP -sRowrowrowyourboatKiwi!
This creates a second layer, and the filenames are protected.
THE ACRONIS IMAGING LAYER: We strongly recommend that all PC/Windows customers “image” their machines, using Acronis True Image Home Premium http://www.acronis.com/en-us/personal/computer-backup/
for about $50. You get a discount for two or more machines. Mac users use the built-in Time Machine with encryption turned on.
Acronis, or Time Machine for the Mac, make an exact, encrypted copy of your entire hard disk, and stores it on an external hard drive, so it can be quickly and correctly recovered, if you know the correct password, in the event of a hard disk crash or a serious malware infestation.
Acronis and Time Machine both require you to get at least one external usb hard drive, and we strongly recommend you get at least two, and rotate them on and offsite weekly. We suggest you get 2 terabyte (2 TB) size drives, which hold 2,000 gigabytes, and are usually large enough to back up a single machine with plenty of room for lots of redundant backups. We usually use Seagate Freeagent drives (Western Digital and Fuji are also fine), which these days you can get for about $90. They are very convenient, using just a usb cable, and are the size of a smart phone.
This is one of the simplest, least expensive ways to protect your machine from data loss, virus infestation, and hard drive failure.
In addition to providing a reliable layer of data backup, using Acronis and Time Machine can save many hours of reinstallation work in the event of a hard disk crash or infection, and can be programmed to be done automatically.
Mac users: be sure to use the Encrypt option with your strong password when you set up Time Machine. After the backup finishes, disconnect the drive and take it offsite. Bring it back to “top off” the backup weekly. If you can afford two drives, leave one plugged in, and once a week use the second drive to backup, and take it offsite.
Acronis users: We recommend that you schedule a full backup each day to an external drive. We do ours in the wee hours of the morning. We do a Monday, Tuesday, Wednesday, Thursday, Friday, Saturday and Sunday backup, a monthly backup, and we keep old backups till the disk fills up and then thin out older backups. "Thin out" means to delete backups here and there, leaving you a good trail of backups leading into the past.
In our office, we use two drives, and swap one of them offsite each week, after we've tested to make sure the backup really worked. Test the backup by clicking on the backup, entering your password, and opening a recent file. We keep the offsite drive at our neighbor's house. This turns out to have some lovely side effects. My co-worker Bill, who sadly for us has passed on, used to be in charge of taking the backups offsite. When he brought the drive, filled with a week of Acronis backups, over to our neighbor's house, he naturally had a chat or some tea with our neighbor. They got to know each other well, and our neighbor introduced him to one of their cousins, whom he married. I know online backups (which we'll talk about later) have their advantages, but none like the advantages Bill realized by taking the backup offsite in person.
Make the recovery cds for your PC. It's also a good idea to have the CDs for the critical programs you use, like MS Office and Autocad. Make copies of the critical ones, and keep the copies offsite with your backup. If your computer allows you to make recovery disks, make a set.
Make sure all your passwords are STRONG passwords. If you’re like us, you use passwords a lot. If you don't choose a tough password, a kid with a password cracking program may be able to get access. There are a lot of kids out there with these programs, so good habits with ALL your passwords will make your work safer. Here’s the method we use and recommend:
Created passwords should be at least eight characters long. Generate a password by selecting the first letters of the words of a song, poem or saying. Please have at least one of the letters in uppercase and include a punctuation mark. For example, “Tliyl,tliml” (This land is your land, this land is my land).
This is very hard to crack, and is easy to remember. But be sure to put the password and the song in a password list (see below), as one’s memory tends to fade over time.
We recommend using KeePass Password Safe (www.KeePass.info, but easiest to go to www.Ninite.com, checkmark KeePass, and let Ninite install it for you) to keep your password list. Keep a copy of the list offsite, and accessible by someone you trust. Make sure the printout includes your master password. For home and home office users, we strongly recommend you regularly give an updated copy to your executor and other trusted close friends, who will come in to help you if you are ill or otherwise indisposed.
Go to www.Ninite.com. Checkmark Malwarebytes and Security Essentials, and let Ninite install them. Skip Security Essentials if you’ve already installed McAfee, Norton, Avast or some other good antivirus program and you are happy with it. We recommend Microsoft Security Essentials because it doesn’t get in your face (Microsoft is Old Money now, and doesn’t need to come after your money in quite as obnoxious a way as it once did), and doesn’t do much harm.
Run Malwarebytes once a week-- it will update for you when it runs. If it finds anything, let it fix it-- this program has good judgment.
Make sure your browser is defaulting to Google search. Now go to your browser’s add-on command, and search for WOT (Web of Trust) and Ad Block Plus. When Ad Block Plus installs, it shows a screen that gives you a chance to disable the “allow non-intrusive advertising” option. Disable it, and you will block all google ads.
Now when you do a Google search, you will get no ads, and you will get a colored ring after each hit. Green is ok, empty is ok, red and yellow are bad. Stay away from these sites.
Download and install Cryptoprevent from Major Geeks, by clicking on this link: http://www.majorgeeks.com/mg/getmirror/cryptoprevent,1.html
Do the install, saying no to offers of purchase, and accepting the default. You don’t need to reboot at the end.
Install Opendns, using either the basic or the family shield. Basic shield blocks criminal sites. Family shield blocks criminal, nudity, pornography, and lingerie.
Setting up Opendns:
Control panel->Network & Sharing Center -> Manage Network Adapters→
Do the following for BOTH your local area connection and your wireless, if you have one:
Right Click on Local Area Connection or Wireless→
Properties; Uncheck Internet Protocol Version 6. Select Internet Protocol Version4 (TCP/IP), chose Properties; Click Internet Protocol (TCP/IP) and click properties, check button that says:“Use the following DNS server address” and
If you want the BASIC shield (just blocks criminal sites)
enter 184.108.40.206 in the first field and 220.127.116.11 in the second and click ok. Test by going to www.internetbadguys.com
If you want the family shield (no lingerie!)
enter 18.104.22.168 in the first field and 22.214.171.124 in the second and click ok. Test by going to www.exampleadultsite.com