Universal Folder Access?

On 24/08/2018 22:15, Bill in Co wrote:

Java Jive wrote:

In summary, Step 5 gives ownership of the entire heirarchy to,
preferably, the Administrators group, thus allowing you, either as now
signed on as Administrator or later using raised privileges as a normal
user, to perform step 6 which is what you really want, the granting of
full access to an appropriate user.

Well, ok, I will take this under advisement! But boy that seems like a lot
of work, just to get access to folders, like I had back in XP. Again, I'm
the only user, and here at home.

With your personal folder under Users, that is ...
C:\Users\username
.... you will hopefully only ever have to do it once. Once the
Administrators group has ownership and full access rights to its entire
heirarchy, you should be able to elevate privileges at any time to do
anything you want. Thereafter, for personal folders, it may well be
safe to use the GUI (rt-click folder and choose Properties, Security,
as in XP), but do NOT use the GUI on any heirarchy which includes a
folder for your anti-virus program(s) unless you know what you are
doing, nor the Windows or any other system folders, because *replacing*
permissions throughout this heirarchy will almost certainly break things.

But here's a question for you: Since I am the only user of this computer,
and programs seem to have access to such folders anyway as they are being
installed online

Eh?

what is the big problem with simply using the simpler
Everyone folder with full access method?

Because it's like leaving your front-door unlocked at night.

And ALL of the above are important to me (except Cookies), for program
settings, etc. For example, if I want to add something to the Send To list,
that is just another classic case of these undue restrictions.

Yes, but now you know how to get around them.

Yet \Program
Files and \Windows is not so restricted.

On the contrary, on an unmodified build, they are more restricted.

"Bill in Co" wrote

| But here's a question for you: Since I am the only user of this computer,
| and programs seem to have access to such folders anyway as they are being
| installed online, what is the big problem with simply using the simpler
| Everyone folder with full access method?

You have to decide for yourself. People who use
computers at work are trained to think in terms
of user security. There's also a slight risk of malware
getting more access if you run unrestricted. Basically,
by tying your own hands you tie the hands of any
malware that makes it onto the system. And by
using the "user" system you ensure that anyone
logging on can't access your doccuments folder or
change your browser settings.

There are pros and cons with both approaches.
Personally I avoid all restrictions. But I also know
how to watch for problems. At the other extreme,
some people will tell you that you need a 20-
character password even if you live alone on a
desert island.

You're not going to find a single answer. You just
have to decide what's best for you.

In message , Wolf K
writes:
[]
By "access to a folder" I surmise you mean "Can read any file in that
folder". This will do it:

Control Panel - Folder Options - View tab
a) click on Show Hidden Files ....
b) untick Hide Protected operating system files...

I don't know if the above is such a situation, but I've encountered
situations where I can see that a file exists, but not open it (even to
read).
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Her [Valerie Singleton's] main job on /Blue Peter/ was to stop unpredictable
creatres running amok. And that was just John Noakes.
- Alison Pearson, RT 2014/9/6-12

Wolf K on Fri, 24 Aug 2018 15:17:39 -0400 typed
in alt.windows7.general the following:
On 2018-08-24 11:23, pyotr filipivich wrote:
and every path name starts with that long
"C:\users\owner\directory tree" - as you say, really messes with
where stuff is. (I have a number of documents with subdocuments.
"C:\users\owner\directory tree\ProjectA\SD_boilerplate1.wpd"
"C:\users\owner\directory tree\ProjectA\SD_standard inclusion3.wpd"
Gets difficult to figure out which is this when what shows up is
"C:\users\owner\directory tree\proje..." (it is all there, just not
displayed.) I hacked around that by
Subst S: "C:\users\owner\directory tree\ProjectA"
and "defaulting" to drive S: for word processing.

But I might just try creating a directory c:\WorkingArea and
seeing what blows up. When I get back from the trip.

Thanks.

If I could get a copy of XP in 64bit, I might try and revert.

tschus
pyotr

You can specify everything in WordPerfect. No need to go with the
default folders.

Yep. Now it is set to look for and work in S:\

Which can cause trouble when I open a file from Explorer and not
from the program.

When you want to Open an existing file it will show you the last folder
you accessed (Open/Save/Save As).
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

"Mayayana" on Sat, 25 Aug 2018 08:09:50
-0400 typed in alt.windows7.general the following:
"Bill in Co" wrote

| But here's a question for you: Since I am the only user of this computer,
| and programs seem to have access to such folders anyway as they are being
| installed online, what is the big problem with simply using the simpler
| Everyone folder with full access method?

You have to decide for yourself. People who use
computers at work are trained to think in terms
of user security. There's also a slight risk of malware
getting more access if you run unrestricted. Basically,
by tying your own hands you tie the hands of any
malware that makes it onto the system. And by
using the "user" system you ensure that anyone
logging on can't access your doccuments folder or
change your browser settings.

There are pros and cons with both approaches.
Personally I avoid all restrictions. But I also know
how to watch for problems. At the other extreme,
some people will tell you that you need a 20-
character password even if you live alone on a
desert island.

You're not going to find a single answer. You just
have to decide what's best for you.

Trade-offs. The most secure computer is one which is unpowered,
inside a metal box, inside a safe embedded in concrete. Unfortunately,
it is not very useful.



--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

"Mayayana" on Fri, 24 Aug 2018 13:48:42
-0400 typed in alt.windows7.general the following:
"pyotr filipivich" wrote

| I haven't
| opened the documents folder for years.
|
| Hmmm - this sounds like something I might try.
|
| Now to see what blows up when I do.

I wouldn't anticipate problems. Documents
isn't anything special. It's only notable aspects
are that you have permission there and some
programs (MS Word is a notable example) save
files there by default.

I don't anticipate much in the way of problems, save for batch
files which will be looking in "C:\idiotically long
pathname\Subdirectory" when it is now "C:\Mine\SubDir\"; and the need
to relocate "default" locations in programs.

I always just use SaveAs for new files, so
I don't even really need to think about program
settings. But I think most programs will let
you choose the default location.

I started a "Save Image as" directory just to save the images. It
has grown to its own sub-tree, as I save comics here, cat pictures
there, serious over there, and so forth.

I like to have redundant storage, so I often
save to the desktop and then drop the file onto
shortcuts for other partitions.

"Next". Some Day. "Not today"
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

On 24/08/2018 14:39, Mayayana wrote:

You can't really avoid having programs like
Firefox put your settings in your personal folder,

Yes, you can:

1) Copy ...
C:\Users\user\AppData\Roaming\Mozilla\Firefox\pr ofiles
... to the desired location on your data drive

2) Backup ...
C:\Users\user\AppData\Roaming\Mozilla\Firefox\pr ofiles.ini
... and then edit it to read something like ...

[General]
StartWithLastProfile=1

[Profile0]
Name=user
IsRelative=0
Path=Data Drive and path\Firefox\profile name
Default=1

This also works with FF clones such as Pale Moon. In this fashion, I've
got the all the browsers that I actually use other than for testing to
save all their cookies, history, etc on my data drive.

but aside from that I find it's best to avoid the
whole mess. You don't actually need to use
locations like your documents folder. In fact,
I already avoid the whole mess on XP. I have a
shortcut to get to app data when I need to do
things like editing browser settings. For anything
else I make sure that no software defaults to
storing files anywhere in that mess. I haven't
opened the documents folder for years.

Agreed, I used to be employed to create standard Windows builds to go on
every UK PC in an international firm, and one of the significant
requirements was that all user data should go into a given directory, so
that support staff could know that all they had to do to back up a
user's data, say for a PC upgrade, was to copy off the contents of this
one directory. Later I adapted the techniques I'd learned to put all
data on a different partition, allowing the OS to be upgraded in situ
without endangering the user's data on a separate partition. The
procedure I developed may still be of interest to the OP and others, but
they should not be put off by the page describing the process for W2k,
the underlying principles are the same for any version of Windows, and
in fact I applied them to this very W7 PC I'm using now. Every piece of
software that I actually use stores it's data on the data drive. This
means I can back up the system drive using disk imaging software - I
use Ghost because I like being able to use Ghost Explorer to extract
just a few files to restore from a backup, but many seem to like others
such as Clonezilla or Macrium - and then if something happens to f*k
the system disk, I can restore that partition without losing any data in
the data partition.

It's a glaringly
bad design in one very irritating respect: The
path to both the desktop and app data/docs is
very long and contains spaces. That makes for big
hassles in scripting, command line, etc.

Yes, and why 'Program Files', when 'Programs' would have been perfectly
adequate? The 'Files' is completely redundant anyway, what else are you
going to put in a computer folder, aardvarks? The presence of that
brainless space has broken things like Perl ever since.

You can also create FAT32 partitions for storing
clean files. FAT32 doesn't support file restrictions.
You probably don't want to do that on a computer
in an office that others have access to, but
personally I find that on my computers, in my
own home, file restrictions are effectively just
faulty design.

No! You've been told before that this advice is misguided. Stop
passing it on as advice to others! As already explained, it's like
leaving your front door unlocked at night. If the PC is connected to
the internet, even worse, it's like leaving your front door unlocked
when you know that you live in a dodgy crime-ridden neighbourhood.

Unfortunately

Fortunately

Vista/7 is blocked from installing to
FAT32, so that option is out post-XP

Damned good thing too.

Sorry, forgot link ...

On 27/08/2018 14:07, Java Jive wrote:

The
procedure I developed may still be of interest to the OP and others, but
they should not be put off by the page describing the process for W2k,
the underlying principles are the same for any version of Windows, and
in fact I applied them to this very W7 PC I'm using now.Â* Every piece of
software that I actually use stores it's data on the data drive.Â* This
means I can back up the system drive using disk imaging softwareÂ* -Â* I
use Ghost because I like being able to use Ghost Explorer to extract
just a few files to restore from a backup, but many seem to like others
such as Clonezilla or MacriumÂ* -Â* and then if something happens to f*k
the system disk, I can restore that partition without losing any data in
the data partition.

http://www.macfh.co.uk/JavaJive/Wind...eBuilding.html

(Obviously the details for Win2k image building can be ignored, it's the
process of divorcing data from software that is relevant here!)

pyotr filipivich on Sun, 26 Aug 2018 14:33:18
-0700 typed in alt.windows7.general the following:
"Mayayana" on Fri, 24 Aug 2018 13:48:42
-0400 typed in alt.windows7.general the following:
"pyotr filipivich" wrote

| I haven't
| opened the documents folder for years.
|
| Hmmm - this sounds like something I might try.
|
| Now to see what blows up when I do.

I wouldn't anticipate problems. Documents
isn't anything special. It's only notable aspects
are that you have permission there and some
programs (MS Word is a notable example) save
files there by default.

I don't anticipate much in the way of problems, save for batch
files which will be looking in "C:\idiotically long
pathname\Subdirectory" when it is now "C:\Mine\SubDir\"; and the need
to relocate "default" locations in programs.

And that is what happened.

A couple batchfiles got rebuilt - as in "why try to change all the
code in this batchfile, when the only difference is the final command?
cut forty plus lines and replace with
Call _1load.bat
SHUTDOWN /s /t 5 /c "Shutdown in five, four, three - run for your
life!"


I always just use SaveAs for new files, so
I don't even really need to think about program
settings. But I think most programs will let
you choose the default location.

I started a "Save Image as" directory just to save the images. It
has grown to its own sub-tree, as I save comics here, cat pictures
there, serious over there, and so forth.

I like to have redundant storage, so I often
save to the desktop and then drop the file onto
shortcuts for other partitions.

"Next". Some Day. "Not today"
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

"Java Jive" wrote

|Every piece of
| software that I actually use stores it's data on the data drive. This
| means I can back up the system drive using disk imaging software - I
| use Ghost because I like being able to use Ghost Explorer to extract
| just a few files to restore from a backup, but many seem to like others
| such as Clonezilla or Macrium - and then if something happens to f*k
| the system disk, I can restore that partition without losing any data in
| the data partition.

I do something similar, using BootIt. But I only
keep a couple of fresh installs as disk images, with
software already installed, and then back up app
data and a few other things periodically. For that,
app data doesn't need to be on another partition,
which carries its own risks. I can see the value in your
scenario but for most people it's not an improvement.

But this is not for the faint of heart. Firefox
will create a folder with a new name if it's reinstalled.
OE6 will create a new GUID-named Registry key. PSP
16 puts a lot of program files in the all users app data
folder! Acrylic DNS proxy stores config in the program
folder, which is where I'd like it all to be, but that
confilicts with the IT religion du jour, so it won't
happen with most programs. In short, there's no
simple way to be sure everything is always backed
up AND that it can be successfully put back after a
re-install.

| You can also create FAT32 partitions for storing
| clean files. FAT32 doesn't support file restrictions.
| You probably don't want to do that on a computer
| in an office that others have access to, but
| personally I find that on my computers, in my
| own home, file restrictions are effectively just
| faulty design.
|
| No! You've been told before that this advice is
| misguided. Stop
| passing it on as advice to others!

Or? I'll be put in the town stocks and have
rotten fruit thrown at me?
Sometimes one is reminded that living
in a relative democracy, where one is free
to hold an opinion, is actually a profound
luxury.

This is why I posted the reminder to Bill,
below, to take advice with a grain of salt and
decide for himself. He's repeatedly stressed that
he's on a computer by himself, in his own house,
and that convenience is paramount. But you
don't hear that. Most IT people are the same.
They only understand the corporate structure
where a number of IT people manage a much
larger number of lackey employees who have
no knowledge of security and who can't,
themselves, be trusted.

You might take the same approach with a
basement workshop or even your kitchen: All
tools must stay locked. All saws must have
blade guards. All stove burners must be protected
by a combination lock. Only approved people
may access the tools or the pans. Those are
good ideas.... if you have young kids. But you're
applying these rules with no context. If your
wife needs to remember a combination to cook
her breakfast then you'll need extra money for
couples' therapy. Yet it won't help protect her
from injury. And if you need to enter a combination
every time you make a cut on your table saw then
you might just get impatient and cut off a finger.

| As already explained, it's like
| leaving your front door unlocked at night. If the PC is connected to
| the internet, even worse, it's like leaving your front door unlocked
| when you know that you live in a dodgy crime-ridden neighbourhood.
|

You're right that these discussions have run
before, but I repeat my view because I'm pretty
much the only person speaking for the SOHo user,
while a battallion from the Church of The Holy IT
dependably repeats the corporate party line. It's
worthwhile getting the different views into the
public record.

The shortcoming of your view is that you
come from a corporate IT background, where the
general design is precisely to leave the front door
open. Then you lock every inside door and cabinet
and you have to take out your key every time you
want to do anything. The basic premise is that
it's safe to leave your door open (to the intranet)
but people using your computer are not trustworthy.
That's a good approach for corporate, but it's not
relevant in a SOHo scenario.

The SOHo approach is the opposite. It assumes
that the front door is solid, the network is the risk,
and the sensible design inside the house is to make
things accessible. It's your house, not your work office.
I don't need a lock on my frig or my desk because no
one I don't trust has access. If I have something
*really* secret I won't leave it out at all. I'll
hide it.

Of course, some people have a locked home office and
a locked desk; with video cameras, a safe, and a gun
in their office. But those people are mostly on TV.
Most of us don't have such important things in
our home office.

By the same token, I don't have credit card numbers
or bank statements on my computer because I
don't use it that way. And I'm very careful with
the front door. I use a firewall and browser restrictions.

Are you connected to a network? Do you enable
such things as file sharing, remote desktop, etc? Do
you allow script to run in webpages? Do you do
online banking? Shopping? Do you allow software to
call home and update itself, unsupervised? Do you
have browser plugins for Adobe or Silverlight?
(I'm only talking about security here, not even
getting into privacy issues, like allowing Google
to conduct constant surveillance.)

In that case, you're well advised to lock yourself
out of your own computer. Having done that, your
only risks will be 0-days, "spear phishing",
disastrous security updates, and hacks into online
servers storing your personal data like charge card
numbers...
But that's OK. That stuff almost never happens.

If that's what you're doing then you're not safe.
You're a sitting duck. Operating with your hands tied
is just fooling yourself. It's likely that *every* hack and
compromised Windows computer in the past several
years has been running with file restrictions on NTFS.
Probably most use AV.

I've never had malware and don't run any kind of
AV. I run mostly on XP, installed to FAT32 to avoid
all the file restriction hassles. I'm careful about who
I let in the front door, using a firewall, browser
restrictions, reading only text-based email, etc. If I
did get hacked my main concern would be to change
passwords quickly. I have backups to deal
with something like ransomware. And the files I have
on my computer are simply not very important. I'm
not a senator and I don't have any patents pending.

I also have a semi-crippled Win7 computer that's
a pain in the neck with its restrictions, even with
UAC turned down. I use that if I need to do
something online with freewheeling script
permissions. I don't want to take my secure
computer to a whorehouse with nothing but a
swiss cheese condom.

--------

Apropos of this, it might provide a little perspective
to be reminded of how the majority see these issues.
The following was sent to me by a retired doctor
who gets impatient with tech tedium. She's
a very sharp person and almost unbelievably
accomplished by popular standards, and
yet....

Title: Why people don't change their passwords

*WINDOWS:*

Please enter your new password.

*USER*:

Cabbage

*WINDOWS:*

Sorry, the password must be more than 8 characters.

*USER:*

Boiled cabbage

*WINDOWS:*

Sorry, the password must contain 1 numerical character.

*USER:*

1 boiled cabbage

*WINDOWS:*

Sorry, the password cannot have blank spaces

*USER:*

50damnboiledcabbages

*WINDOWS:*

Sorry, the password must contain at least one upper case
character

*USER:*

50DAMNboiledcabbages

*WINDOWS:*

Sorry the password cannot use more than one upper case
character consecutively.

*USER:*

50damnBoiledCabbagesShovedUpYourAssIfYouDon'tGiveM eAccessNow!

*WINDOWS:*

Sorry, the password cannot contain punctuation.

*USER:*

Really****edOff50DamnBoiledCabbagesShovedUpYourAss IfYouDontGiveMeAccessNow

*WINDOWS:*

Sorry, that password is already in use

"pyotr filipivich" wrote

| A couple batchfiles got rebuilt - as in "why try to change all the
| code in this batchfile, when the only difference is the final command?
| cut forty plus lines and replace with
| Call _1load.bat
| SHUTDOWN /s /t 5 /c "Shutdown in five, four, three - run for your
| life!"
|

You sure do seem to have fun.

On 27/08/2018 16:20, Mayayana wrote:

"Java Jive" wrote

No! You've been told before that this advice is
misguided. Stop
passing it on as advice to others!

Or? I'll be put in the town stocks and have
rotten fruit thrown at me?

Metaphorically, yes.

Sometimes one is reminded that living
in a relative democracy, where one is free
to hold an opinion, is actually a profound
luxury.

Yes, so don't abuse it by giving irresponsible advice to others.

This is why I posted the reminder to Bill,
below, to take advice with a grain of salt and
decide for himself. He's repeatedly stressed that
he's on a computer by himself, in his own house,
and that convenience is paramount. But you
don't hear that.

You don't hear that his house is connected to the internet, and
therefore your advice to use an outmoded OS with almost no security is
grossly irresponsible.

Most IT people are the same.
They only understand the corporate structure
where a number of IT people manage a much
larger number of lackey employees who have
no knowledge of security and who can't,
themselves, be trusted.

We've been through all this before. You always go into these anti-IT
professional rants when someone takes you to task for giving bad advice.
You were wrong then and are still wrong now.

"Java Jive" wrote

| This is why I posted the reminder to Bill,
| below, to take advice with a grain of salt and
| decide for himself. He's repeatedly stressed that
| he's on a computer by himself, in his own house,
| and that convenience is paramount. But you
| don't hear that.
|
| You don't hear that his house is connected to the internet, and
| therefore your advice to use an outmoded OS with almost no security is
| grossly irresponsible.
|

Obviously his computer is connected to the
Internet. We seem to be mixing metaphors. For
some reason you and some others don't get the
idea. (Last time this topic came up, at least
one person went off on an inane argument
about what a network is.)

If you think of your "house" as either your
home computer or a work computer, there's
a front door to a house, right? With the home
computer it's connected to the Internet, so it
needs a strong, locked front door. All doors
and windows should be locked. Anyone who
comes to the front door must be checked.

At work your computer is usually connected
to an intranet. The network is relatively safe. It's
firewalled and managed at the Internet connection.
So the doors and windows are left open. Rather
than the network not being trusted, it's the
users who are not trusted. People you may not
even know are free to come and go through
that front door. And it's not even your computer.
It belongs to your boss. You only have permission
to write Word docs and check email.
So that "house" -- the corporate computer --
needs locks on all the rooms, drawers and cabinets.

Those internal locks are the file restrictions.
The front door lock is a firewall and caution with
online communications.

That's two very different scenarios.

What many people are doing is a mashup of the 2
approaches. And that high-risk mashup is what
"experts" tell them to do.

They leave the front door half-open but then try
to be secure by running with file restrictions
and AV. In other words, they shop and bank online;
they allow all script in the browser; they neglect
having a good firewall; they share files or run Remote
Desktop so that they can call their computer when
away. They're mixing two opposing paradigms.

It's far more risky than what I'm describing.

Why do people do that? Because they want
convenience. And why do experts tell them to do
that? Because that's what they learned in IT
school and because it provides a rationalization
for doing things online that can never be made
safe. Executable code is not safe. Period. But
shoppers and online stores both want to ignore
that fact. They want functionality. So people
like you will get worked up about file restrictions
but then call "tinfoil hat" at anyone who does things
like blocking script in the browser. Yet nearly every
possible attack online requires script.

You never answered my
questions. So I assume that you do, indeed, allow
script in the browser, self-updating software, and
various networking functions. Your system running
in lackey mode with file restrictions, therefore,
is far more at risk than mine running without them.

Your *only* advantage is that malware getting
through that can't bypass file restrictions will
be limited in terms of how much damage it can
do. How much self-respecting malware these days
do you suppose can't bypass file restrictions?
What would be the point of writing such malware?
So how much *real* security are you maintaining?

Since you won't even consider the requirements
of real security because they seem too much hassle,
you try to do your best by applying your corporate
training and vehemently clinging to the myth that
you're safe by following those guidelines. Then you
feel you can relax and go shopping, banking,
facebooking, or whatever.

That would be fine, as far as it goes. Running
with file restrictions is better than nothing if you
don't mind the notable inefficiency of it. But then
you fool yourself for convenience. You convince
yourself that regular updates and file restrictions
are the secret to great security. **You do that
because you're not willing to tolerate the hassle
of real security**.

That aligns with IT thinking. It also aligns with
Microsoft's wishes. They don't want people being
able to control their computers, either. Microsoft
want to become the IT dept for any SOHo users
who don't already operate under one. MS becomes
the intranet and Windows becomes a semi-kiosk
system where the main point is to buy stuff. But
more critically, it aligns with the wishes of lazy
online consumers and striving online businesses.
No one wants the wheels of commerce to be
slowed by good security, and token security is
just the ticket to satisfy all parties.

What you're doing is like someone who walks
around on busy city streets, diddling their cellphone,
never looking up, but wearing a fluorescent safety
vest. Yes, the vest might help, even if it does
make you look ridiculous. But it won't prevent
you walking into trees or falling down manholes.
And it will only help slightly to avoid getting hit
by a car. Then you tell me I'm nuts not to wear
a vest. You miss the point. The only reasonable
safety measure is to get off the phone and pay
attention. But you're not willing to do that. It's
too much trouble. The vest allows you to pretend
that you can have it both ways.
(I see people like that on the street
constantly now. Sometimes I just stop to see whether
they'll walk into me. About half do. Most of those
don't even realize it happened. They just bounce
off and continue like a mindless pinball on its way
to the next bumper, without a word. Some have
developed a kind of bat radar. They look like they
intend to push me off the sidwalk, but then they
veer away at the last moment, as my form enters
their peripheral vision, barely missing a collision.

"Java Jive" wrote

| Most IT people are the same.
| They only understand the corporate structure
| where a number of IT people manage a much
| larger number of lackey employees who have
| no knowledge of security and who can't,
| themselves, be trusted.
|
| We've been through all this before. You always go into these anti-IT
| professional rants when someone takes you to task for giving bad advice.
|

An interesting addendum to all this: I noticed
that Microsoft, after reporting they'd taken over
6 Russian website forgeries, said that they expect
the attacks to continue via "spear phishing". It
seems that most high profile attacks happen the
same. (Hillary and the DNC are examples.)

And the Iranian nuclear plants were attacked by
Israeli/American malware as a result of people
using USB sticks left laying around.

In other words, despite whatever security people
have on their systems, they often get duped by
convincing emails that trick them into visiting an
attack site or giving up a password, partially or
completely bypassing Windows security. Or by
other so-called "social engineering". (I have a
brother who cooperated with a caller he thought
was Microsoft to install remote desktop software
on his system.

I guess the only useful lesson there, again,
is to limit use of online commerce. If you don't
bank online at Bank of America or shop at
Amazon or ship via UPS then you can't be fooled
by forged emails from those companies. And if
you avoid webmail/HTML email you'll also be less
likely to see a convincing forgery in the first place.

On 27/08/2018 19:33, Mayayana wrote:
"Java Jive" wrote

| This is why I posted the reminder to Bill,
| below, to take advice with a grain of salt and
| decide for himself. He's repeatedly stressed that
| he's on a computer by himself, in his own house,
| and that convenience is paramount. But you
| don't hear that.
|
| You don't hear that his house is connected to the internet, and
| therefore your advice to use an outmoded OS with almost no security is
| grossly irresponsible.
|

Obviously his computer is connected to the
Internet. We seem to be mixing metaphors. For
some reason you and some others don't get the
idea.

We get the idea that you have no sense of the vulnerability of FAT32.

You appliance of the analogy of the front door is mistaken. The front
door is not equivalent to the firewall, because the network carries
through to the PC - as do floppies, CDs, DVDs, and USB sticks coming
in by foot-ware - and any app run on any PC can connect to the
internet through both the PC's firewall and the router's firewall unless
the user has been knowledgeable enough to disable it in either or both,
and even then (s)he still needs to run things like browsers and email
software whose primary purpose involves connecting to the internet,
otherwise there would be no point in having said internet connection.
Thus, in your (mis)application of the analogy, the network and footware
are like tunnels past the front door, and it is not sufficient to rely
on locking the front door.

There are plenty of ways for a PC to pick up malware, you mention in
your other post that the Iranian nuclear processing facilities were
disabled by USB stick-borne malware. However they enter a home, such
exploits are easier and there are more of them available if the disk
format is FAT32. Using NTFS is a relatively painless way to improve the
security of a PC, and it's also a better, more reliable disk format more
able to recover from PC crashes and similar errors without losing data.
You need to hoist this on board and quit using this ng to give ****
advice to others encouraging them to use a buggy and insecure system
like FAT32.