ISSUE 16.46.0 • 2019-12-16

Help: customersupport@askwoody.com

In this issue

GOOGLE CHROME OS: The Chrome OS FAQ, Part III: You’ve got a Chromebook. Now what?

BEST OF THE LOUNGE: Phishing with a browser’s security icon as bait

LANGALIST: New laptops prompt new concerns

PATCH WATCH: Closing out the patching year …

CLOUD SERVICES: When moving to the cloud goes really bad

GOOGLE CHROME OS

By JR Raphael

So now that you’ve read Parts I and II of our Chrome OS FAQ, you’ve worked out what Google’s operating system is all about — and possibly picked out the Chromebook that’s right for you.

Whew! It’s been a busy couple of weeks. (If you missed the first two parts of this series, no worries: just head over to issues 16.44.0 (2019-12-02) and 16.45.0 (2019-12-09) to get all caught up.)

Now we’re ready for the really fun part: taking your first steps into the world of your shiny new Chromebook. Getting around Chrome OS is mostly self-evident — especially if you’re an experienced Windows user — but there are some initial steps you’ll want to take to get everything set up and configured the way you like it.

Without further ado, let the questions begin!

Installing Android apps on a Chromebook is essentially no different from installing Android apps on a phone: you start by clicking the Google Play Store icon, which should be present within your Chromebook’s app drawer (accessible by clicking the circular Launcher icon in the lower-left corner of the screen or by tapping the matching key on your keyboard).

Next, enter an app title in the search bar or browse the list of apps to find whatever strikes your fancy (see Figure 1).

Figure 1. The Google Play Store on a Chromebook.

And if you’re signed in to your Google account, you can even open up the Play Store website on another computer and send an app to your Chromebook from there. As long as both devices are using the same Google account, the Chromebook should show up as an available option.

Just open up the Apps section of the Chrome Web Store. (Note that the Apps section is available only on Chrome OS devices. If you try to access it from any other type of system, you’ll see only Extensions and Themes for the Chrome browser.)

Nope! Not at all. You can run Web-based services such Gmail, Google Calendar, Google Drive, and so on — just as you do in Windows — entirely within your Web browser. For frequently used webapps, click the three-dot menu icon to the right of the address bar and select More tools followed by Create shortcut (see Figure 2).

Figure 2. Shortcuts aren’t limited to webapps; you can turn any site into an app-like shortcut.

Shortcut webapps and sites can have any name you like. You can also have shortcuts open in separate windows — in other words, each will exist in its own box instead of looking like a browser tab. Once you finish the process, the shortcut will appear on the Chromebook’s shelf (the taskbar-like interface at the bottom of the screen).

Excellent question. For shortcuts that are already on the shelf, you can click their icons and then drag-and-drop them in either direction to change their placement. If you want to remove an item from the shelf completely, right-click it (or two-finger click it, on a trackpad) and then select “Unpin” from the menu that appears. (This should all sound familiar to Windows users.)

If you want to add an item to the shelf, click the Launcher and then select the up-arrow icon to open your entire list of available apps. Find the item you want, right-click it, and select “Pin to the shelf.”

You sure can! Just drag-and-drop any icon to a new position — or drag-and-drop one icon onto another icon to form a folder. Once a folder’s been formed, select it and then click its name (probably “Unnamed,” by default) to rename it.

Figure 3. You can easily reshuffle app icons in the Chrome OS app drawer to fit your preferences.

Just right-click the app’s icon — either in the app drawer or on the shelf (if it’s there) — and select Uninstall or Remove from Chrome in the popup menu.

Put bluntly, installing Linux apps is a complicated can of worms, best left to advanced Chromebook owners. You have to navigate through a somewhat dense command-line jungle.

If you’re up for the challenge, I’ve posted a step-by-step guide to get you started.

For system-level settings, select the screen section that includes the clock (lower-right-hand corner of the screen) and then click the gear icon at the top of the window that comes up.

Figure 4. The Chrome OS system settings can be a bit hard to find at first.

For browser-level settings — the same options you’d see within Chrome on Windows or any other supported desktop platform — open a browser window, click the three-dot menu icon to the right of the address bar, and select Settings from the menu that appears.

With or without an active Internet connection, you’ll always be able to sign in to your Chromebook and use basic system tools. Beyond that, it’s mostly a matter of making sure each app you’ll need offline is prepared ahead of time.

With Gmail, for instance, you’ll want to head over to the regular Gmail website, click the gear icon in the upper-right corner, select Settings, and then select Offline from the menu at the top of the screen. Check the box next to Enable offline mail and follow the prompts to complete the process.

Setting up a local version of Google Drive has similar steps, but the process covers both Drive and its associated productivity services: Docs, Sheets, Slides, and so forth. You’ll also need to install the companion Google Docs Offline browser extension to ensure full functionality.

To create local copies of your Google-created files (Docs, Sheets, Slides, etc.) go to those respective services and right-click the files to select the “Available offline” toggle. (Only recently opened files are automatically stored on your Chromebook.)

For any other My Drive files that you want to make available offline — i.e., those that don’t relate to Google apps — open your Chromebook’s Files app, click the Google Drive section in the left-hand panel, then right-click a folder and select Available offline.

Other online services — for example, Google Keep and its offline-ready Chrome app — may have their own standalone, local apps . You can also browse through offline-capable apps on a Chrome Web Store page (again, it’s a link that’ll work only when opened from a Chromebook). And remember, too, that most Android apps are designed to work offline, without any extra effort.

Of course! Lots of ’em, in fact. Press the key combination Ctrl + Alt + / to see a list of available commands.

On most current Chromebooks, you can pull Assistant up by hitting the Launcher key and the a key together. The exceptions are Chromebooks made by Google, which have a dedicated Assistant key between Ctrl and Alt on the left side of the keyboard.

You can also set up Assistant for hands-free access via the “OK Google” or “Hey Google” hotwords; look for the “Google Assistant” option within the Search and Assistant section of the system settings.

Do I ever! Mosey on over to my sprawling list of Chromebook tips or explore my recent collection of worthwhile Google Assistant commands.

I cover Chrome OS constantly in my newsletter. So if you want to get fresh Chrome OS info in your inbox every Friday, feel free to subscribe. It’s an excellent complement to everything you’re learning here in AskWoody Land — but with an exclusive focus on the Googled side of mobile computing.

Journalist JR Raphael has covered Android and Chrome OS since their earliest days. For even more next-level Google knowledge, check out his weekly Android Intelligence newsletter.

Best of the Lounge

Is the lock icon in your browser’s address bar sufficient proof that the site you’re visiting is legitimate and safe?

Da Boss Kirsty shares Danny Palmer’s ZDNet article about how malicious websites are using the padlock icon — denoting a fully secure HTTPS connection — to fool visitors. The upshot: HTTPS defines the connection but not whether you’ve linked to a safe site. Join the discussion in the AskWoody Lounge.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

LANGALIST

By Fred Langa

Newly purchased PCs are raising some interesting hardware and warranty questions among users.

Here are three examples from LangaList readers: two about battery care on new devices, and one about a new kind of extended warranty that includes anti-malware and driver-update services.

Subscriber J.S. writes:

Hurt it? Not exactly. But it won’t help it.

Lithium-ion batteries give their longest service life when you keep their charge state somewhere between 80 percent and 20 percent.

Surprisingly, a disproportionate amount of battery wear occurs when charging these batteries to levels above about 80 percent — or discharging them below about 20 percent.

If you leave your laptop permanently plugged in, you’ll be charging the battery to 100 percent and then keeping it there.

A good charging circuit will stop actively charging when the battery initially reaches full charge. But it’ll then kick back on when the battery voltage drops a bit. That periodic “topping off” is more taxing on battery chemistry than if you stopped the charging process sooner. Over time, this extra wear causes battery capacity to drop more than it would have otherwise, delivering lower battery run times per charge.

If you replace your devices or batteries every year or two, the lost capacity might not be noticeable — nor significantly impact the use of the device when on battery power. But a quick trade-in cycle is an expensive way to beat battery issues.

On the other hand, if you hold on to your devices or batteries for more than a couple of years, the best practice is to generally keep their charge states within that optimal range (about 80 to 20 percent) — and use the top and bottom 20 percent charge only when you must. In the long run, it’ll pay off in longer and better battery life and performance.

J. Fisch asks:

Sure! In general, unless the manufacturer’s instructions state otherwise, a lithium-ion device’s first charge should be to 100 percent — and it should be completed before the first power-on.

This might seem contradictory to my advice in the item above, but a device’s first charge is different: an initial full charge lets you see that a new device’s charging system (transformer, cable, electronics, battery, etc.) will work across its entire range. It also lets the device’s charging circuit properly calibrate itself.

After that first charge, the 80/20 percent rule kicks in for maintaining optimum battery life. So whenever you can, stop charging the device when the battery is around 80 percent full. Plug it back in when the battery drops to around 20 percent.

Subscriber G. Burks wonders whether an unusual kind of warranty is a good deal.

No. In fact most extended warranties are not a good investment. (I’ll come back to this in a moment.) Those “extra” PC services you cite really add nothing of value — they’re already available elsewhere for free!

For example, the anti-malware/security suite built into every copy of Windows 10 (Windows Defender et al.) is ranked among the best-available offerings — free or paid. And there are dozens and dozens of other free third-party AV options, as this Google search for free+malware+scanner illustrates.

It’s basically the same story for driver maintenance: top-quality driver support is readily available — and 100 percent free.

I’m not talking about those third-party driver-update sites; they’re notoriously unreliable and often simply go by “highest build number” when recommending drivers. (Newer drivers aren’t always better, especially as equipment ages.)

Rather, every major PC manufacturer and component maker has its own support site offering free tools and/or instructions for helping customers find and install exact-match drivers for specific brands and models.

Why pay extra to duplicate those already-free services?

As for the extended warranties, they’re typically unnecessary and might even overlap coverage you already have (but were perhaps unaware of)!

For example, if you paid for your PC with a bank card (credit or debit), there’s a good chance you automatically received free, extended warranty coverage for your purchase. (This extra coverage is often offered as an inducement to use that card.) The specific benefits vary from card to card and bank to bank, but they typically add one to three more years of repair or replacement coverage after the manufacturer’s warranty ends.

Here’s an example (with no endorsement implied — all the major cards offer similar benefits) from Capital One Visa’s guide to benefits (PDF):

Some homeowner/renter insurance policies also include warranty-extension provisions.

So you probably don’t need to buy an extended warranty at all!

Consumer Reports agrees, stating: “In nearly every case, [extended warranties aren’t] worth the extra money when buying electronics and appliances.” See the related Consumer Reports articles:

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

PATCH WATCH

By Susan Bradley

This is a busy time for Windows upgrading.

Win10 1803 officially fell into the bit bucket this past November; Windows 7 and Server 2008 R2 will suffer the same fate this coming January.

Upgrading to a newer version of Windows 10 should be relatively painless. But the shift will be far more difficult and consequential for the mass of PC users still running Win7.

Security is obviously a concern for Win7 users, but Microsoft has stated that Security Essentials updates will also end in January. However, it’s likely that third-party browsers and anti-malware apps will continue to get updates for some unknown period of time. Based on the XP experience, it could be months or years.

Many Win7 users are banking on vendors such as 0Patch to offer future security updates at little or no cost. We’ll have to see whether that pans out. In truth, businesses should be well into their plans for moving to Windows 10 as soon as possible.

Microsoft hopes to wean businesses off the expiring OS by offering security patches through January 2023 — for a modest, but escalating, fee (see “Microsoft wants to sell you security patches for Win7,” Issue 16.38.0, 2019-10-21).

The catch: The updates will available through the company’s Extended Security Updates (ESU) program and must be purchased from a participating Microsoft Cloud Service Provider (CSP; more info).

At this point, purchasing an ESU license isn’t easy. Microsoft recommends searching for a CSP through its online database. But most of those vendors are probably not interested in handling one or a few Win7 ESU purchases. They’re typically geared toward large businesses.

For example, the local CSP I use currently doesn’t offer any licenses. The closest vendors I could find were six hours away. Amy Babinchak and I are looking for the best way for small businesses and individuals to obtain an ESU license. We’ll tell you about the process once we figure it out.

Moreover, since our report in late October, the Win7 ESU offer has already had a few changes. The cost per machine was originally rumored to be U.S. $50 for the first year. (Again, the fee will increase each succeeding year — Microsoft’s carrot-and-stick approach to moving businesses off its obsolete OS.) New information now has an ESU license costing $61 per PC for the first year.

Based on a Microsoft Windows IT Pro Blog post, it appears that the ESU program will be offered only for Pro and Enterprise editions — Win7 Ultimate users might be out of luck. I’ll let you know when Microsoft releases more details.

(For more information on Win7’s end of life, see the MS Windows Support post “ITPro FAQ about the end of support for Windows 7.”)

Also keep this in mind: If you have Office 365 ProPlus installed on a Win7 system, the suite will lose support after January (more info) — even if you’ve purchased a Win7 ESU license.

Coping with an upgrade scold: No surprise: December’s Win7 patches include another Microsoft nag … ah, alert. But it should show up only on consumer systems — not on machines attached to domains. If you’re comfortable working in the Windows registry, you can make the nag disappear with the following registry key (also see this ghacks.net post).

Microsoft isn’t alone in warning Win7 users. I’m already seeing third-party software vendors adding their own alerts. For example, upon sign-in, a line-of-business application we use in my office now displays a notice of Win7’s EoL — plus how to plan for the day the app will no longer be supported on Win7.

Other business platforms are arriving, or have already arrived, at their demise:

SQL, in particular, typically needs an expert to manage upgrading to local or cloud-based Azure versions. You’ll want to contact your line-of-business app vendors to help you through the process.

Good news! The Access bug introduced in the November updates is fixed in this month’s Office security releases.

That said, it’s early days (as we say immediately after every Patch Tuesday). Woody is tracking reports of problems with mapping drives, along with servicing-stack issues. There are also reports of a possible reboot-loop problem that might be related to Microsoft’s Malicious Software Removal Tool.

What to do: Ensure that Windows is set to defer or block December’s updates — and keep an eye on askwoody.com for new developments.

If you’re still on Win10 1803 … bad dog! Not ready for Windows 10 1903 or 1909? Our own PKCano has posted the skinny on how bump up to Version 1809.

Another reminder: Before moving up to a new feature release, make sure you check for any BIOS and driver updates — especially video-card drivers.

Cumulative updates

Win10 .NET Framework updates

Once again, the latest .NET releases do not include any new security patches. And the three “fixes” are rather esoteric. Nevertheless, Microsoft is apparently pushing out the updates to systems not connected to domains (such as home PCs and many small-business machines). On domain-connected systems, the updates will show up in the “Update” category, not in “Security.”

Note that Win10 1809 gets three .NET updates. December’s .NET Framework updates include:

Note that two of the .NET Framework updates for Win8.1 have a fix for an elevation-of-privilege threat.

You have an extra incentive to defer these updates — a time-to-update nag message. I recommend taking a few moments to put in registry keys that will block the warning.

These updates still have the Cluster Shared Volume flaw.

December’s security patches include the fix for November’s Access bug. They also fix information-disclosure, remote-code-execution, and denial-of-services vulnerabilities.

Office 2016

Office 2013 SP1

Office 2010 SP2

The following Office non-security enhancements and fixes were released December 3.

Office 2016

Office 2013 and 2010

There are no new non-security updates for Office 2013 and Office 2010.

It’s a new month of patching. Once again, here are our current recommendations for patching Windows and Office. They may change as Microsoft evolves its updating process.

Stay safe out there.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

CLOUD SERVICES

By Amy Babinchak

Cloud computing is revolutionizing IT for small businesses, but there are still many skeptics.

That surprises me as an IT consultant and provider. A well-implemented cloud environment can provide highly productive computing solutions, detailed security, and a boost to a company’s bottom line.

Unfortunately, cloud services are not immune from botched installations. Recently, I was called in to investigate and repair a shockingly shoddy cloud implementation — easily the worst I’d ever seen.

After recovering from my initial horror, I concluded that nothing had really changed: there are still IT “experts” out there causing more harm than good. In my circles, we refer to these folks as “insultants,” a term coined many years ago to describe the people who created extremely flawed on-premises solutions — back when local IT setups were the only option. I thought those people had faded away with the arrival of the “cloud.” Obviously, I was wrong.

Here’s a cautionary tale of how some “insultants” nearly drove a small business to extinction — and I’m not indulging in hyperbole. More frighteningly, this was probably far from an isolated case.

This story is about a small, family-owned construction company that builds apartment complexes. Construction pays the bills, but it’s not the endgame. The family dreams of eventually owning one or more of the complexes, providing a reliable and steady rental income.

But there was a hitch in that long-term plan. The company called us, stating they were interested in changing IT firms. Their computing setup had problems that their current IT firm couldn’t resolve — and those issues were hurting the business.

We met with the family and listened to their dreams and concerns. Surprisingly, what they described didn’t seem so unusual — at first. By coincidence, I already had a client who was nearing the end stage of a similar plan. I was excited to come across a business that was starting down a similar path.

The new clients reeled off the following litany of problems:

When we’ve encountered those types of migration problems, it’s usually been an issue with training and communication. Our first thought was that things weren’t buttoned up as they should have been. But we soon discovered that the problems ran far deeper. It was when we watched them trying to work that the magnitude of the problem really hit us.

In short, it was a real mess. To make matters even worse, the previous IT firm had tried to mitigate these limitations by setting up a single virtual PC on the local server — plus Remote Desktop Protocol (RDP) connections to the virtual desktop. The work process of these poor people looked like this:

Imagine trying to navigate through this mess every day if you’re a project manager, cost estimator, bookkeeper, or business owner.

It did not take long to get to the root of this company’s miseries: it was the old “If you have a hammer, everything looks like a nail” problem. In this case, the cloud is the hammer and the business is the nail. Essentially, the previous “consultants” tried to fit everything into Chromebooks and online services. Moreover, they appear to have spent little or no effort to understand the company’s workflow and future needs.

They also seem to have ignored — or not grasped — the limitations of the cloud and cloud-based apps. As much as other Office suites want to be Excel, when it comes to highly complex calculations, there’s no Excel but Excel. And requiring RDP for something as basic as printing makes absolutely no sense. The same is true for not having enough cloud storage for all company files and emails.

As I said earlier, this was the worst cloud-solution implementation I’ve ever seen — and I’m a cloud fan! The cost and time needed to solve the mess — at a time when the company was hemorrhaging money due to lost productivity — nearly broke the business.

With that in mind, we set about getting the company office back up to full efficiency as quickly as possible. We migrated them to the correct cloud solutions for their particular needs, had them purchase new hardware, and set up an infrastructure that fit their workflow. (I could give the specifics, but the “solution” for one company will be different for another.)

What’s the lesson from this painful experience? Before hiring an IT firm, ask others in your industry whom they recommend. Use an IT firm with a solid reputation and a long history of successful computing migrations. And make sure you understand the fine points of any cloud solutions before you green-light the changes. It will save you money — and may even save your business.

Amy Babinchak is the owner of three IT-related businesses: Harbor Computer Services, Third Tier, and Sell My MSP. She has been working in the IT field with small and medium businesses for more than 20 years. She’s also a Microsoft MVP and has received numerous leadership awards.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2019 AskWoody LLC, All rights reserved.