Computer Care and Safety Guide
by the Computer Care and Learning team 617-522-1049
Table of contents: (click to jump to the details)
This is by far the best and most important step you can take to protect your hard work and your precious time.
Backup your data thoroughly and check your backup carefully. At least one recent backup should be tested and then taken offsite, and we strongly recommend you keep more than that. Check your backup: are all the subdirectories there? Number of files makes sense? Size looks right? Can you open a recent document?
That is the basics of backups, but actually doing them effectively is a bit of an art. Below we'll walk you through our way of doing this, but we urge you to work with a trained computer person to review your situation. As always at Computer Care and Learning, we want you to do as much as you can yourself, but we want you to have us, or another good computer company, in your loop, to make sure your process is as safe as it can be.
Interestingly, the first step to a good backup is a good backup password. We'll help you with passwords and using a password safe in detail in step 2, but for now you must choose a good backup password so that you can get on with your backups. You may have some passwords you use all the time, but we urge you to start fresh. Pick a song or a poem or a saying that you like, and take the first letter of each word, or use the words themselves. Add a punctuation mark and a change of case. For example, using the song Row Row Row Your Boat:
To be safe, tweak the song a little, so someone who tries to break in can’t try a bunch of songs successfully:
So instead of Row row row your boat, gently down the stream, you could make it Row row row your boat, gently up the river
This is hard to crack, easy to remember, and easy to give a helper over the phone.
Now you have a good strong password, and you're ready to backup.
We are huge believers is multiple layers of backup. This is not from some ideology, but from hard experience with computers-- we have found that very often, several systems fail at once. (Isaac Asimov, in his Treasury of Humor, tells a joke about Cecil B. De Mille that captures this truth-- http://tinyurl.com/asimovDeMille)
We recommend two layers:
1. 7Zip or Winzip to flash drives, or a good online service like Backblaze or Carbonite.
2. Macrium (for Windows users) and Time Machine (for Mac users) to external hard drive.
7zip (get from Ninite.com for free) or Winzip (Winzip.com --$30) with flash drive backup details:
We use Winzip with strong encryption to make a vital data backup to a flash drive daily. This backs up your data only, but does it in an extremely convenient, safe and accessible way. This way allows lots of offsite backups, which is essential to protect against violent viruses like Cryptolocker.
We use three flash drives, and rotate them each day, and carry them with us. We occasionally trade them with colleagues to keep some offsite.
Keep one drive offsite for each year.
Winzip is from www.winzip.com. Winzip Standard is fine, for about $30. Once you have installed it, go back to http://www.winzip.com/prodpagecl.htm and download the command line utility. We use this to make a simple batch file that will zip up your files, encrypted, into one Zip file and copy it to your flash drive. We recommend that we do this for you, or show you how, as it takes some machine knowledge to make it work properly. For those who want to do this themselves, read on: the command line utility provides a help file with syntax. We use a batch command that looks like this:
c:\companyData\*.* -rP -sRrryb,gutr
Note that winzip uses target first, then source, an ancient legacy from its parent, PkZip.
the -rP means do paths with recursion, which gets all the subdirectories. -s lets you do a password (unfortunately in the clear, one of the flaws of this system. Winzip professional lets you hide this somewhat, but seems to have other problems).
One subtle detail: when you encrypt with Winzip, filenames are still displayed and can be seen without entering the password. If the filenames contain confidential data-- say, client names in a law firm-- run winzip a second time:
wzzip Locked-OurData.zip CompanyData.zip -rP -sRrryb,gutr
This creates a second layer, and the filenames are protected.
THE MACRIUM IMAGING LAYER: We strongly recommend that all PC/Windows customers “image” their machines, using Macrium Reflect
Go to this webpage, and choose the one to the left, Standard one-time purchase
for free. Be aware, the free version does not allow encryption. Mac users use the built-in Time Machine with encryption turned on.
Macrium makes an exact, encrypted copy of your entire hard disk, and stores it on an external hard drive, so it can be quickly and correctly recovered, if you know the correct password, in the event of a hard disk crash or a serious malware infestation.
Macrium and Time Machine both require you to get at least one external usb hard drive, and we strongly recommend you get at least two, and rotate them on and offsite weekly. We suggest you get 2 or 4 terabyte (2 TB) size drives, which hold 2,000-4,000 gigabytes, and are usually large enough to back up a single machine with plenty of room for lots of redundant backups. We usually use Seagate Freeagent drives (Western Digital and Fuji are also fine), which these days you can get for about $60. They are very convenient, using just a usb cable, and are the size of a smart phone.
This is one of the simplest, least expensive ways to protect your machine from data loss, virus infestation, and hard drive failure.
In addition to providing a reliable layer of data backup, using Macrium and Time Machine can save many hours of reinstallation work in the event of a hard disk crash or infection, and can be programmed to be done automatically.
Mac users: be sure to use the Encrypt option with your strong password when you set up Time Machine. After the backup finishes, disconnect the drive and take it offsite. Bring it back to “top off” the backup weekly. If you can afford two drives, leave one plugged in, and once a week use the second drive to backup, and take it offsite.
Macrium users: We recommend that you schedule a full backup each day to an external drive. We do ours in the wee hours of the morning. We do a Monday, Tuesday, Wednesday, Thursday, Friday, Saturday and Sunday backup, a monthly backup, and we keep old backups till the disk fills up and then thin out older backups. "Thin out" means to delete backups here and there, leaving you a good trail of backups leading into the past.
In our office, we use two drives, and swap one of them offsite each week, after we've tested to make sure the backup really worked. Test the backup by clicking on the backup, entering your password, and opening a recent file. We keep the offsite drive at our neighbor's house. This turns out to have some lovely side effects. My co-worker Bill, who sadly for us has passed on, used to be in charge of taking the backups offsite. When he brought the drive, filled with a week of Acronis backups, over to our neighbor's house, he naturally had a chat or some tea with our neighbor. They got to know each other well, and our neighbor introduced him to one of their cousins, whom he married. I know online backups (which we'll talk about later) have their advantages, but none like the advantages Bill realized by taking the backup offsite in person.
We recommend you make Macrium recovery flash drive, and make the recovery flash drive for your model of computer.
Make sure all your passwords are STRONG passwords. If you’re like us, you use passwords a lot. If you don't choose a tough password, a kid with a password cracking program may be able to get access. There are a lot of kids out there with these programs, so good habits with ALL your passwords will make your work safer. Here’s the method we use and recommend:
Created passwords should be at least eight characters long. Generate a password by selecting the first letters of the words of a song, poem or saying. Please have at least one of the letters in uppercase and include a punctuation mark. For example, “Tliyl,tliml” (This land is your land, this land is my land).
This is very hard to crack, and is easy to remember. But be sure to put the password and the song in a password list (see below), as one’s memory tends to fade over time.
We recommend using KeePass Password Safe (www.KeePass.info, but easiest to go to www.Ninite.com, checkmark KeePass, and let Ninite install it for you) to keep your password list. Keep a copy of the list offsite, and accessible by someone you trust. Make sure the printout includes your master password. For home and home office users, we strongly recommend you regularly give an updated copy to your executor and other trusted close friends, who will come in to help you if you are ill or otherwise indisposed.
Windows 10 has antivirus built in, so you don’t need additional antivirus software. But we recommend doing a weekly sweep with the free Malwarebytes.
Go to www.Ninite.com. Checkmark Malwarebytes and then “get my ninite”.
Run Malwarebytes once a week-- it will update for you when it runs. If it finds anything, let it fix it-- this program has good judgment.
Install adblockplus.org. Make sure your browser is defaulting to Google search. When Ad Block Plus installs, it shows a screen that gives you a chance to disable the “allow non-intrusive advertising” option. Disable it, and you will block all google ads.
Download and install Cryptoprevent from Major Geeks, by clicking on this link: http://www.majorgeeks.com/mg/getmirror/cryptoprevent,1.html
Do the install, saying no to offers of purchase, and accepting the default. You don’t need to reboot at the end.
Install Opendns, using either the basic or the family shield. Basic shield blocks criminal sites. Family shield blocks criminal, nudity, pornography, and lingerie.
Control panel->Network & Internet -> Change adapter options→
Do the following for BOTH your local area connection and your wireless, if you have one:
Right Click on Local Area Connection or Wireless→
Properties; Uncheck Internet Protocol Version 6. Select Internet Protocol Version4 (TCP/IP), chose Properties; Click Internet Protocol (TCP/IP) and click properties, check button that says:“Use the following DNS server address” and
If you want the BASIC shield (just blocks criminal sites)
enter 22.214.171.124 in the first field and 126.96.36.199 in the second and click ok. Test by going to www.internetbadguys.com
If you want the family shield (no lingerie!)
enter 188.8.131.52 in the first field and 184.108.40.206 in the second and click ok. Test by going to www.exampleadultsite.com