boot13Version 51.0.2704.84 of Google’s web browser was released on June 6. The announcement doesn’t list any changes, but points to the full change log. The log lists about sixteen changes, mostly minor bug fixes. Although it’s not explicitly stated, some of the changes appear to be related to security, so we recommend updating Chrome as soon as possible.
TeamViewer: security risk
The free-for-personal-use remote control software TeamViewer is currently under intense scrutiny. Large numbers of users are reporting unauthorized access to their computers, theft of login credentials, and in some cases, access to online financial systems and theft of funds.
It remains unclear exactly how these unauthorized intrusions are happening. TeamViewer officials are so far denying that the software has been hacked, insisting that the current surge in TeamViewer-based attacks are the result of password re-use, combined with the recent publication of several databases of stolen credentials.
Until we know for sure what’s going on, we recommend removing TeamViewer from all computers on which it is installed.
If removal is not an option, as may the case for some support setups, then you should configure TeamViewer to not start with Windows, only start it when asked to do so by support staff, and then close it when their work is complete.
You should also avoid using fixed, personal passwords, relying instead on the temporary passwords TeamViewer generates when it is started, or at least make sure that your personal passwords are strong and unique. Oddly, there’s no way to disable a fixed, personal password, once it’s set up, so your only option in that case is to set it to something very long and random.
Criticism of TeamViewer is building, and the company’s response to this issue has been somewhat less than stellar. If they are convinced that the problem is re-used passwords, why have they not forced a password change for all TeamViewer accounts?
TeamViewer’s makers also seem unwilling to consider the notion that the software itself has been hacked in some way, instead focusing on TeamViewer accounts. An account is not required to use TeamViewer, and exists only as a master address book for people who use TeamViewer to access many different computers. If your TeamViewer account is compromised, an attacker will then have full access to all computers in your account.
To their credit, Teamviewer is working to add new features to the software that should beef up its security. But the new features only affect TeamViewer accounts. If you don’t have a TeamViewer account, you won’t see any benefit.
Update 2016Jun06: TeamViewer management continues to insist that the problem only affects TeamViewer accounts, not the TV desktop client. We recommend avoiding TV accounts if possible. If that’s not an option, make sure you enable two factor authentication (2FA) for the account, and use a complex, unique password.
There’s a lot of discussion about this over on Reddit. One post contains reports from users who have experienced TeamViewer-related intrusions. Another provides instructions for determining whether your computer has been accessed via unauthorized use of TeamViewer.
Meanwhile, we’re wondering whether it might be helpful if TeamViewer showed a large red warning when setting up an account, like this:
WARNING: if there's only one site or service where you use a strong password, let it be your TeamViewer account. Because if someone gets access to your TeamViewer account, they will also have full access to all of the computers you access through your account.
Vivaldi 1.2 released
The people who make Vivaldi were happy enough with a recent developer snapshot of the browser to release it as version 1.2.
Whether or not you agree that Vivaldi is ready to be your main browser (I don’t), it is improving. Version 1.2 adds custom mouse gestures, per-tab zoom level, and new settings related to the ‘new tab’ page.
Chrome 51.0.2704.79
Another batch of security fixes highlights the release of Chrome 51.0.2704.79. At least fifteen security issues are addressed in the new version, so if you use the browser, you should make sure it’s up to date. The full change log (only about three dozen entries this time) provides additional details.
Opera 37.0.2178.54
Opera’s latest release is version 37.0.2178.54. The new version includes a few bug fixes related to the new pop-out video feature, as well as some security updates by way of a new version of the Chromium browser engine. The full change log provides additional details.
Vivaldi: not ready to replace Firefox
Well, I tried. I used Vivaldi as my main web browser for a month, and while there’s a lot to like, I found I had to change the way I work to get around its limitations and problems.
The biggest problem is Vivaldi’s inconsistent and confusing handling of links, bookmarks, and tabs. The Vivaldi developers have apparently failed to grasp that links should behave differently, depending on their context.
The bookmark editor is extraordinarily clunky, which is surprising, given that it should be a simple feature to code.
A lot of basic functionality that I take for granted in Firefox and other browsers is still missing from Vivaldi. Dragging and dropping bookmarks (eg. from the address bar to the bookmark sidebar) doesn’t work. Hovering the mouse over a bookmark doesn’t show the full URL. There’s no way to edit bookmarks directly in the bookmark toolbar. The right-click context menu for images doesn’t include a ‘Properties’ option. And so on.
Vivaldi’s developers seem to be aware of these issues, and have been working on them in developer ‘snapshot’ versions of the browser. I started using the snapshot versions in the hope that I’d get some relief from the problems I mentioned, but instead ran into even more problems.
Meanwhile, I’ve switched back to Firefox. I’m still optimistic about Vivaldi, but for now I’m only using it experimentally.
Latest Hard Drive reliability report from BackBlaze
Backblaze provides online backup services. The core of their service is an enormous collection of hard drives of various makes, capacities and models. Backblaze tracks the reliability of the hard drives in their systems, and publishes their findings yearly.
This year’s report shows that HGST (Hitachi) drives are still the most reliable, but also shows substantial improvement in Seagate drives over previous years.
Chrome 51.0.2704.63
It’s a new version of Chrome, and there are at least 42 good reasons to install it, namely the 42 security issues Chrome 51.0.2704.63 addresses.
The release announcement doesn’t mention any new features, so although the full change log is another massive, browser-killing abomination, I’m going to leave parsing it as an exercise for readers.
Ads in Windows 10 to increase in July
Microsoft recently announced that it will double the number of advertisements on the Start page in Windows 10 starting around July 2016. Does anyone still doubt that Microsoft’s long-term strategy is heavily focused on advertising? Or why Microsoft has been pushing people so hard to upgrade to Windows 10 its new advertising platform?
Relief for Windows 7 update headaches
As if in response to my recent post about the joys of updating new Windows 7 installs, Microsoft has just announced a solution. It’s effectively Service Pack 2 for Windows 7, but Microsoft is calling it the Windows 7 SP1 convenience rollup.
The new package will install all post-SP1 updates up to April 2016. After you install Windows 7 with Service Pack 1, you need only install the April 2015 servicing stack update for Windows 7 (KB3020369), a prerequisite for the rollup, then install the rollup, then install any updates published after April 2016.
I haven’t yet tried the new rollup, but it’s difficult to imagine how it could fail to be an improvement.
Microsoft also plans to provide monthly non-security update rollups for Windows 7 and 8.1.