Category: Security Tips

Windows Updates and connection performance.

We have been experiencing a great deal of complaints about connection performance, only to discover the root cause of the problem is not a problem with the connection, but with the way Microsoft pushes Windows Updates. In previous versions of Windows, it was possible to set Windows to download and install updates automatically, but you could also take control and make your own decisions. In Windows 10, it is nearly impossible to have any control over when Windows chooses to download and install updates, and their new setup for the download process hits connections with constrained bandwidth (such as anyone using our fixed wireless system) very hard.

All is not lost, however. Notice I said “nearly impossible” above? If your computer is using WiFi, not an Ethernet cable, to connect to your router, there are a series of steps you can follow which will put you back in control. Now, it is important to note that these updates may contain vital security fixes, so we STRONGLY advise everyone to use this judiciously. If you need to get work done right now, and Windows Update is preventing you from doing so, this may help you get your work done, but you should reverse the change as soon as you are able to let Windows take over all your connection again. Leaving your computer permanently unable to automatically download updates can create a very real security risk, unless you diligently check and tell Windows to install updates regularly. If that sounds a little scary, then I did make my point. There is a way to do this with an Ethernet cable connection, but it involves editing the Registry, which is definitely not for beginners, so I will not provide details here.

OK, you understand the risks, and you want to change your Wi-Fi settings to do this – here’s what you will be doing: Telling Windows that your Wi-Fi connection is a metered connection, so that it thinks you have data limitations, and will not automatically download updates. Again, this is not a setting you should leave this way forever.

First, click on the Windows button in the lower left corner, and select “Settings”
Start Menu
Next, on the Settings screen, click on Network and Internet:
Settings
Then, you’ll see the Wi-Fi screen – you’ll need to scroll down below all the listed Available Networks, and click on Advanced Options:
Top of Wi=Fi screen
bottom of Wi-Fi Screen
And when you click on Advanced Options, you should see the Wireless Network Connection screen – just turn on Metered Connection (like so):
Metered Connection
Now that you’ve done this, Windows will not download updates unless you specifically tell it to. As I said above, that can be a help for the short-term, but can be dangerous if left that way forever.

Phishing! (and e-mail security)

We have seen an increase lately of e-mails which falsely claim to be from either support@ecpi.com (which is a valid e-mail address) or helpdesk@ecpi.com (which is not). Beware of these kinds of messages!

 

These e-mails usually either have a file attached, or they have links in the body of the message – those links do not point to any of our servers. The message usually has a passage implying some sort of urgency, threatening to cut off your e-mail access, or worse, if you do not follow their instructions.

 

This is, of course, nonsense.

 

We do occasionally send e-mails to our customers, but we would never send you an e-mail asking you to provide your password, because we do have it on file already. We will never send you an e-mail asking you to click on a link to a site other than http://www.ecpi.com or http://www.westernbroadband.com or another site on one of those domains, such as http://speedtest.ecpi.com unless we have spoken with you and you asked us to do so.

 

E-mail security is mostly based on being suspicious:

  • Even though you think you know who sent an e-mail, you may be wrong: It is easy to forge an e-mail address which appears in as the sender in your e-mail program. I could change my address to george.washington@whitehouse.gov with a few mouse clicks, but there are clues in the actual e-mail headers which will help you track where the message really came from. Those headers aren’t always easy to find, but they are always there.
  • Always assume any unsolicited attached file or suspicious link has a malicious purpose: Because any file that you open on your computer can have a great deal of power, be very careful about opening an unknown file. If you didn’t know it was coming, and you don’t know why they sent it to you, it ought to be treated as potentially dangerous. Likewise, any link in an e-mail message should be checked to verify it is taking you to the destination you intend. If you haven’t done so, you should activate the “View Shortcuts” (or equivalent) option in your e-mail program. What that does is show you, at the bottom of the window, the actual destination site for the link your mouse is hovering on. If the link looks like it’s going to PayPal, but the destination is actually something like “http://paypal.cyx.hosting.ru/hacking.php?1543”, that’s a clear sign not to trust the link! It may look like the PayPal site if you click on it, but it’s just a ruse to get your account information.
  • Your browser and your mindset should be high-security: If you have your browser’s security settings properly configured, your browser may warn you that a link appears to be a phishing site, and it will ask you to confirm before allowing any plug-ins or ActiveX controls to be installed. Those are fine from a trusted site, but the extra confirmation step should help you be mindful of just which sites you are giving permission to control your computer.
  • If you get tricked, take immediate action: If you have fallen prey to a phishing scam, it is vitally important to take swift action! Notifying the actual agency which was impersonated is probably the best first step, be it a bank, a website, or us. This can minimize the impact on your life. For instance, if you have given your e-mail password to a phisher, we can work with you to change your password, maybe even before the people who got it can put it to use. Similarly, if you notify your bank ASAP, they can block the account from being accessed by the crooks.

Following those tips can help keep you safe, but if you have further questions, you can always reach us at (512)257-1077 or e-mail us at support@ecpi.com.

Safe surfing!

— Darren