Bristle Software Computer Security Tips

This page is offered as a service of Bristle Software, Inc.  New tips are sent to an associated mailing list when they are posted here.  Please send comments, corrections, any tips you'd like to contribute, or requests to be added to the mailing list, to tips@bristle.com.

Table of Contents (links to this and other pages):
  1. Fred's links page
    1. Internet Security
    2. Cybersecurity
    3. Cyberwar
    4. Privacy
    5. Microsoft Woes
    6. Viruses
    7. Hoaxes
    8. Blockchain
    9. Web Service Security
    10. Realtime Blacklist (RBL) Tools
  2. Unix Security
  3. Email Security
    1. Who sent this e-mail?
    2. Detecting phishing attacks
    3. Beware funky chars in URLs
    4. Avoid clicking shortened URLs
    5. Beware email "security" software
  4. Webinar, Video Conference, Screen Sharing Services
    1. Jitsi Meet
    2. Zoom
    3. Crowdcast
  5. Beware "free" software (unless it's Open Source)
  6. Why should I care if I've been hacked?
  7. FOSS (Free and Open Source Software) is safe and secure
    1. Who writes FOSS (Free and Open Source Software)?
    2. Who reviews FOSS (Free and Open Source Software)?
    3. What if a bug is missed in FOSS (Free and Open Source Software)?
    4. How big are FOSS (Free and Open Source Software) projects?
  8. Beware installing software, especially on Windows
    1. Beware the Microsoft "Power Toys"
      1. The browser wars
      2. Why I installed the MS Power Toys
      3. What the MS Power Toys did to my PC
      4. It was an effective but sleazy Microsoft strategy
      5. How I recovered
    2. Warning: "Uninstall" is just a suggestion
    3. "Install" programs are not needed
      1. Installing Java
      2. Installing Python
      3. Installing on Unix
      4. Installing on Linux
      5. Installing on Mac
      6. Installing on DOS
      7. Installing on Windows
      8. Installing on VAX/VMS
      9. Installing on phones and tablets
Details of Tips:
  1. Beware "free" software (unless it's Open Source)

    Original Version: 10/14/1991
    Last Updated: 3/11/2021

    My friend Jeff asked me today about "Pi currency".  Said he hadn't put any money into it.  Just installed an app on his phone and it mines Pi by itself.  Another friend pointed him to it.  Over the past few weeks, he's accumulated about 50 units of Pi currency at no cost.  Pi doesn't actually have any dollar value yet, but he's hopeful that it will someday.

    Sounds great, right?  MAYBE NOT...  Here's what I told him.

    I don't know anything about "Pi currency" specifically, but I NEVER install any software like that on my computer, laptop, phone, or anywhere else.

    Remember, whenever you get a "free" service, you're not the customer, you're the PRODUCT.  The fact that you've installed the software on your phone is paying off for someone.  Your friend got a bonus of some additional free Pi currency for recruiting you (the product) for them (the buyer).  And the folks paying him are certainly getting something out of it.

    Once you install software, it can do ANYTHING IT WANTS to or with the device you installed it on:

    1. Access your bank accounts
      Can search the device for bank account numbers, passwords, etc., to steal from you.   Not likely in this case.   Too easy to get caught, and it's much more profitable to do the things below instead.

    2. Steal your identity
      Can search the device for your name, birthday, social security number, etc. to steal your identity.

    3. Break other software
      Can purposely sabotage a competing product that you previously installed on your device.  Microsoft did this to me at least once.   Or can accidentally break "unrelated" things on your device.  Microsoft did this to me LOTS of times.

    4. Contact or infect your friends
      Can read your address book and contact your friends, as though it's you, getting its hooks into them also.  In fact, are you sure that your friend pointed you to it?  Or did an automated message from his phone do so?  Does he even know you've been recruited?

    5. Use your CPU for profit
      Can use the CPU of your device to do distributed computations that the supplier of the software gets paid for doing.  Round up a bunch of phones for free, instead of buying a supercomputer.

    6. Manipulate the stock market
      Can use the CPU to monitor stocks, buying and selling to make a profit.  And flood social media with posts under various accounts to trick other people into buying/selling also, to artificially move certain stocks up/down.  Without the supplier of the software having to buy its own computers.

    7. Join a bot net
      Can be part of a "bot net" used in coordinated cyber attacks on companies, government agencies, power/water/gas utilities, US military computers, etc.  The best way to do such an attack is from thousands or millions of small computers (or phones) each attacking from a different IP address.  That's much harder to block than an attack from a single more powerful computer.

    8. Install a back door
      Can intentionally install a "back door" to allow others to get in.  Or to allow itself back in, if you uninstall it.

    9. Disable your security
      Can disable your security defenses (firewall, virus scan, intrusion detection, etc.) and accidentally allow other bad actors in.

    And for most of these, you'll never even know it's happening.

    Bummer, eh?  That's why I NEVER install such things.  Unless they're Open Source.

    Remember, if you're not paying, you're not the customer, you're the PRODUCT.  If you don't see any obvious source of revenue for them, like lots of ads popping up in your face that someone is paying them to show you, you have to wonder what they're getting out of it.

    The Pi currency mining app may or may not be malicious in any of these ways.  I have no idea.  Maybe it's just using your CPU to mine Pi currency, giving some to you and keeping the rest for itself.  But it's sure to be making a profit somehow.

    I did a quick Google search for "pi currency malware", just to see what people are saying:

    I found LOTS of posts on various social media sites, assuring you that it's harmless, and encouraging you to use their special code so they get the bonus when you install.  Can you guess what their motivation is?

    I also found LOTS of posts warning about various other forms of "cryptomining" and "cryptojacking" malware, that may have snuck on to your phone, tablet or computer without you even realizing it.  See:

    Same deal.  They're all using your CPU to mine cryptocurrency, and making a profit by doing so.  At least the app my friend installed is sharing some of the profit wth him.

    The one exception to my "beware free software" warning is FOSS (Free and Open Source Software) which IS safe.

    --Fred

  2. Why should I care if I've been hacked?

    Original Version: 10/14/1991
    Last Updated: 3/11/2021

    If you've already been hacked, you may not even have noticed.  Your computer, tablet, or phone may have been part of a "bot net" for years.  Since it's not really affecting you, you don't have to care, right?

    It's just using spare CPU cycles that you didn't need anyhow, right?  Yeah, you're being taken advantage of, and someone is perhaps making a profit off of you, but what's the real harm?  It's not doing any real-world damage, to you or to anyone else, right?

    NO.  There's more to it than that.

    Steal your identity later
    When you someday find that your identity has been stolen, you'll probably have no idea that it was the hacker's software that stole it.

    Break other software
    When some "unrelated" app stops working or some other problem occurs on your device, you'll have no idea that it was caused by the hacker software.  Could happen immediately, or months or years after you got hacked.

    Contact or infect your friends
    When a friend someday tells you that they've been hacked, had their identity stolen, and all of their retirement savings stolen, you'll have no idea that the hacker got to them through you.

    Manipulate the stock market
    When your 401(k) drops in value, or goes up less than it should have, you'll have no idea that your phone was used to manipulate the stock market and skim off profits that your investments would have made.  Tens of thousands of dollars stolen out of your own pocket, and you'd have no idea.

    Same for the hundreds of millions of other 401(k) holders, and anyone else who owns stock or mutual funds.  If your phone, along with all the others in the bot net, is used to manipulate the stock market, each of those people could lose tens of thousands of dollars.  And no one would have any idea.  I'm sure it happens all the time.

    Join a bot net
    You may hear on the news that a bot net attacked some hospital and demanded a ransom to get their data back, or to regain control of their medical equipment, lights, power, etc.  And meanwhile some people died.  Or that a bot net attacked a major company, ruining its sales, to the benefit of its competition.  Or attacked a utility company or government agency.  Or brought down the US anti-missile defenses while some country was launching missiles at us.

    You'll probably have no idea that your phone, and those of many of the friends in your address book, were foot soldiers in the attack.

    How much value did you get from installing that "free" app?  Is it worth taking all those risks?  I'd say no.

    Bummer, eh?  That's why I NEVER install such things.  Unless they're Open Source.

    --Fred

  3. FOSS (Free and Open Source Software) is safe and secure

    Original Version: 5/3/2010
    Last Updated: 3/11/2021

    FOSS (Free and Open Source) software is safe and secure.

    FOSS is software that's not only "free", but also "open source", which means that anyone can read the source code of the software, and see exactly what it's doing.  So, the supplier of the software can't hide malicious or self-serving stuff in it.  And anyone can spot accidental security holes that the original author might not even have been aware of.

    In fact, the word "free" doesn't just mean "free of cost" though it usually is that also.  More importantly, it means "free to modify".  Anyone in the world is free to make improvements to the software, and funnel them back to the original author, or just distribute them to others directly.  The only restriction is that the source code of the improvements must also be "open source" so that everyone in the world can keep an eye on it.

    The alternative to "open source" software is "proprietary" software.  That's software owned by one person or company.  They may license it to you to use, but they don't allow you to see the source code.  So you have to trust them to not be doing anything sneaky.  And to be competent enough to not have left any security holes.

    The combination of "free" and NOT "open source" is particularly bad.  What's the motivation of the supplier to hide the source code, but not charge any money?  They're probably making their profit somewhere.

    [3/11/2021 update]
    My friend Geoff Wilson asked why I believe that people take the time to review FOSS source code.  What motivates them?  Why assume that bugs and security holes are being looked for?  Good question!  Thanks, Geoff!

    I wondered about that for a long time too.  But it turns out that there really are lots of people in the world who review FOSS software.  Many are paid to do it, as their full-time job.  See the tips below.

    --Fred

    1. Who writes FOSS (Free and Open Source Software)?

      Original Version: 5/3/2010
      Last Updated: 3/11/2021

      Much of FOSS is written by employees of large corps on fully authorized company time.  The company finds it cheaper to donate a few employees than to maintain a larger team to write and support it themselves.  Often they wrote it in the first place, to fill a need of their own, and to have an advantage over the competition.

      But it's hard to turn down the free work by others in the world, to add more and better features.  And to support the existing product with documentation, tuturials, videos, etc.  Even if the competition does get to use it. 

      If you don't open source your own internal tools, someone else will do so with theirs.  And their software will grow in functionality and in market share while yours withers.  So, you'll be able to hire new people who already know their software, but not people who already know yours.  And those you hire, and even your own current employees, won't want to use your less full-featured and less well-documented software.  So, you end up switching to theirs.

      But theirs will do things a little differently, since you weren't on the team that developed it.  So, it's less useful for your own internal business processes than it could be.  So, you end up donating some people to join the open source team anyhow, to maximize its value to you.  And abandoning your own in-house version.  Better to just open source your own first.  IBM, Intel, Oracle, SAP and others figured this out 10-20 years ago, and recently even Microsoft is learning the lesson.

      --Fred

    2. Who reviews FOSS (Free and Open Source Software)?

      Original Version: 5/3/2010
      Last Updated: 3/11/2021

      Most FOSS projects these days are hosted at Bitbucket, GitLab, GitHub or some other Git repository.  They use "pull requests" as the mechanism for people to make additions or changes.  The team appoints one or more people who know the software well to process all pull requests.

      If you've never done a "pull request", here's how it works.  If you want to make an addition or change to a FOSS project, you:

      1. Git "clone" the entire project repository onto your own computer.
      2. Make changes, update the docs, add or update test cases, etc.
      3. Git "commit" the updates to your local repo.
      4. Git "push" your repo to Bitbucket, GitLab, GitHub or somewhere.
      5. Issue a "pull request" at the original repo site -- a request for someone there to do a Git "pull" to merge your changes into the master code base.

      They don't agree lightly to do the pull.  They're very protective of their existing code base.  Why risk letting you break it?  They do a careful review for:

      1. Bugs
      2. Security holes
      3. Standards violations
      4. Things that don't fit the overall architecture
      5. New code without a corresponding new test case
      6. etc.

      They also run your code against all the tests in the existing automated suite, including your new test(s).

      Most pull requests are rejected, at least at first.  They tell you to make changes based on the review, and to issue a new pull request.

      --Fred

    3. What if a bug is missed in FOSS (Free and Open Source Software)?

      Original Version: 5/3/2010
      Last Updated: 3/11/2021

      If someone did manage to accidentally or intentionally cause a problem, it would eventually be discovered.  At that time, Git would clearly identify who made the change, and who performed the pull.  Both of those people would be blamed, and would lose privileges on the project in the future.  Also lose standing in the worldwide developer community.  And maybe go to jail.

      Git has lots of tools to support this.  For example, if you already know which line of code causes the problem, the Git "blame" command tells you who last modified that line and when.  The Git "log" command shows you the history of changes over time.

      If you don't know which line caused the problem, the Git "bisect" command can tell you.  Give it a starting commit before the problem was added, and an ending commit after the problem was noticed.  It does a binary search to find which intervening commit caused the problem.

      It can automatically run your regression test suite at each search point.  Or allow you to manually say whether that point looks good or bad.  Once you know which commit is to blame, you can see who created the commit and who pulled it.  As Ricky Ricardo used to say, both of those people have "got some 'splainin' to do!"

      --Fred

    4. How big are FOSS (Free and Open Source Software) projects?

      Original Version: 5/3/2010
      Last Updated: 3/11/2021

      FOSS projects range in size from tiny (100 lines of code or less) to HUGE (Linux operating system, Java language, Apache web server, etc.) 

      The Linux operating system is probably the biggest FOSS project in the world.  It was originally written in 1991 by Linus Torvalds.  But now, it's:

      • Tens of millions of lines of code
      • Written by thousands of programmers
      • Used by billions of people every day
      • Running 100% of the world's 500 top supercomputers
      • Running 90% of the world's cloud infrastructure
        Note:
        • That includes Microsoft Azure which runs on Linux, not on Microsoft Windows.
      • Running 96% of ALL of the computers and devices in the world
        Notes:
        • Almost every single household in the world runs Linux in at least a few places (on their routers, cable modems, cars, phones, tablets, appliances, IoT devices, etc.)
        • By contrast, Microsoft Windows, which runs about 75% of all desktop and laptop computers, runs only about 2% of ALL computers and devices

      Other FOSS projects have produced large-scale, complex, enterprise-level software tools, including:

      1. Web servers like: Apache, nginx -- run the vast majority of all web sites worldwide
      2. Programming languages like: Java, JavaScript, Ruby, Python, etc.
      3. Application servers and web frameworks like: Django, Node.js, etc.
      4. JavaScript frameworks like: Angular, React, Vue, etc.
      5. Programming tools like: Eclipse, Jenkins, Ansible, Puppet, Chef, etc.
      6. Databases like: MySQL, MariaDB, PostgreSQL, MongoDB, etc.
      7. Office software like: LibreOffice, OpenOffice, etc.
      8. Hundreds or thousands of other Apache projects
      9. etc.

      These were all originally in-house projects at some large corporation, but were open sourced and came to dominate the world.

      The Git version control tool is also FOSS.  It was written by Linus Torvalds himself, to coordinate the efforts of the thousands of people working on his Linux project.  It's now used by most of the FOSS projects listed above.

      --Fred

  4. Beware installing software, especially on Windows

    Original Version: 10/14/1991
    Last Updated: 3/13/2021

    Each time you install software on a phone, tablet or computer, you're taking a risk.  Especially on a Windows PC.

    When you run an install program, you give it complete access.  The rights to do anything to the computer that you can do yourself.

    You expect it to create and update files, change system settings, etc.  But you can't prevent it from also doing anything else it wants to do. 

    And with a Windows install program, you can't even read through it first to see what it's going to do.  Have to take it on blind faith that it was written well, so it makes no mistakes.  And written honorably, so it doesn't do anything malicious or self-serving.  Those are big assumptions!

    I got burned by that once. Here's my tale of woe...

    Why run such install programs, when they're entirely unnecessary?  Just say NO!

    --Fred

    1. Beware the Microsoft "Power Toys"

      Original Version: 11/30/1997
      Last Updated: 3/13/2021

      On Nov 30, 1997, I made the mistake of installing some "free" Microsoft software.  Never again!  See details below.

      --Fred

      1. The browser wars

        Original Version: 11/30/1997
        Last Updated: 3/13/2021

        It was the height of the "browser wars".  See:

        The Internet had existed for over 2 decades.

        It allowed people to send email between computers, transfer files, login remotely, etc.  But it was used mostly by universities, government agencies, and large companies.  By highly trained computer programmers, academics, and scientists.

        There were a few commercial services for average users.  CompuServe, America Online (AOL), and various bulletin board systems (BBS) used the Internet behind the scenes.  They allowed subscribers to send email, post public messages, view content, etc.  But they were all private "walled gardens".  Did not give access to the Internet as a whole.  Just to their own private content.  And only to paying customers.

        The World Wide Web changed all that.

        It made the entire Internet accessible to anyone with a Web browser.  They no longer needed to know the names of all the servers.  Or the syntax of commands for FTP, Gopher, Telnet, and Unix.  Anyone could just point and click with a mouse.  Could navigate from site to site by clicking links.  Could see text and images, hear sounds, play videos, etc.  Even fill out forms, submit data, and interact with web apps.

        But Microsoft didn't notice.  It really missed the boat.

        Bill Gates thought the Web was a passing fad.  Had no interest in Web browsers.  He was focused on "set top boxes" that would sit on top of a TV set and allow you to interact with FTP, Gopher and other Internet servers, download music and movies, etc.  Things that are all done today using Web browsers, Web formats, and Web protocols.

        He wanted people to do it all through Microsoft proprietary formats and protocols.  And most importantly, with licensed Microsoft products.  Didn't realize the world was already doing it for free, with open standards and tools.

        The Web was growing by leaps and bounds.  Thousands of new sites appearing every day.  Directories and links pages to categorize them.  Search engines to help find things: Excite, Yahoo!, WebCrawler, Lycos, Infoseek, AltaVista, etc. 

        Netscape was the dominant web browser, with 90% or more of a rapidly growing market.  Mosiac, Opera, Lynx and others shared the rest.  See:

        Finally, Microsoft woke up.

        Someone or something smacked Bill Gates upside the head.  Woke him from his coma.  He issued a 9-page memo to his executive staff and all of his direct reports entitled "The Internet Tidal Wave".

        He said he now realized that the Internet was critical to the future of the company.  "The most important single development to come along since the IBM PC."  The one thing for all departments to focus on.  He wanted "every product plan to try and go overboard on Internet features".  Listed various Microsoft products that were doomed if they didn't.  "[Microsoft] Word could lose out to focused Internet tools."  See:

        He named companies that they had to catch up with at all costs, specifically Sun, Adobe, Apple, Netscape, and others.  Those companies had products far better than Microsoft's.  And were members of worldwide standards committees, deciding the format and protocols that would run the Internet for decades to come.  Microsoft needed to hurt those companies any way it could.

        And needed to block those standards.  Join and manipulate the standards committees.  Impose Microsoft standards instead.  Give away code for free if necessary, to ram Windows-specific protocols and formats down their throats.  The strategy was "Embrace, extend, and extinguish".

        Shortly thereafter, Microsoft bought a web browser from a company called Spyglass, Inc., and released it as "Microsoft Internet Explorer", but it wasn't getting any traction.

        Netscape was making Windows irrelevant.

        Microsoft was desperate to catch up because Netscape was making them irrelevant.  More and more was being done on the Internet with a simple Web browser, and that same Web browser ran on any operating system (Windows, Mac, Linux, etc.).

        The trend we see today was beginning.  You can get all the same functionality on any other operating system that you get on Windows.  So the operating system becomes irrelevant.

        In the previous 10 years, it had become true that no one really cared whether they had a PC from IBM, Gateway, HP, NEC, Compaq, Dell or any other manufacturer.  Windows ran equally well on all of them.  So, there'd been a massive price war, and PC hardware had gotten much cheaper.  Lots of companies eventually gave up on making a profit, and stopped selling PCs.  A few went out of business entirely, or got bought cheap by competitors.  When's he last time you heard of a PC from IBM, Gateway, NEC, or Compaq?  They're all HP, Dell, and Lenovo.

        Now the same thing was starting to happen with operating systems.  It was starting to be true that no one really cared whether they used Windows, Mac, Linux, or any other operating system.  Web browsers, document processors, email programs, file managers, PDF viewers, and other apps all ran equally well on all of them.

        So people could stop shopping for Windows-only functionality.  There wasn't any.  And could even stop shopping for the familiar Windows user interface.  Mac and Linux desktops looked pretty much the same as Windows, with the same use of icons, windows, folders, mouse, etc.  Those concepts were all based on work done at Xerox PARC (Palo Alto Research Center) in the 1970's.  Mac, Linux and Microsoft had all copied the ideas.  So Microsoft couldn't patent any of them.

        Instead, people would start shopping for price, reliability, speed, capacity, etc.  But Microsoft couldn't compete on any of those fronts.  Linux was free.  And both Mac and Linux were far better in terms of reliability, speed, capacity, etc.

        Microsoft gives away Internet Explorer for "free".

        This had to be stopped.  Microsoft started giving away their Internet Explorer browser for free.  They could afford such a "loss leader" since it only ran on Windows, which was one of their cash cows.  And they couldn't afford NOT to, since the Netscape browser was competing with Microsoft Word, their other cash cow.

        Netscape was a much smaller company, with only the browser (which included an email client), a web server product, and its netscape.com web site.  But it had no choice.  Most people wouldn't pay for a web browser when there was a "free" alternative.  It started giving its browser away for free too.

        Microsoft pressures vendors.

        Microsoft also started forcing PC makers to install its Internet Explorer browser on all new computers.  Or they were not allowed to install Windows at all. 

        Some people started uninstalling the browser after they bought their computer.  So Microsoft built it into the Windows operating system so it couldn't be uninstalled.

        This put more pressure on Netscape.  Most people wouldn't bother to install a 2nd web browser when there was one already installed.

        But somehow Netscape hung on.  Microsoft was desperate.  They were willing to do ANYTHING to remain relevant.  To maintain their desktop monopoly and their profits.

        If only I'd realized...

        --Fred

      2. Why I installed the MS Power Toys

        Original Version: 11/30/1997
        Last Updated: 3/13/2021

        Meanwhile...

        I wanted a way to right-click on a folder in Windows Explorer and open a command line in that folder.   Microsoft offered "DOS Here".  Great!  Looked like exactly what I wanted.  So far, so good...

        But...

        I couldn't get "DOS Here" by itself.  It was a feature of "TweakUI".  Doh!

        And I couldn't get "TweakUI" by itself.  It was bundled in the "Power Toys".  Double Doh!!

        I had no choice but to download and install the entire "Power Toys".  It was "free" and I hadn't yet developed such a healthy distrust of Microsoft, so I installed it.

        I started using "DOS Here" and it worked fine.  Again, so far, so good...

        But...

        --Fred

      3. What the MS Power Toys did to my PC

        Original Version: 11/30/1997
        Last Updated: 3/13/2021

        But...

        Netscape immediately stopped working!

        Coincidence?  No.  Definitely not.

        I was in the habit of using Netscape Navigator (the Web browser) and Netscape Messenger (the email client) all day every day.  So I'm sure they both worked fine immediately before I installed Power Toys, and both stopped working immediately after.  In fact, the last thing I did before installing was to browse the Web to find and download Power Toys.  And the first thing I tried to do afterwards was to check my email.

        I tried to uninstall Power Toys, but there was no uninstall program.  Triple Doh!!!

        I found out later that the install had updated some of the shared Windows system DLLs with intentionally defective copies.  But there was no way to know that beforehand.  And no easy way to fix it afterwards.  Grrr!!!!!

        --Fred

      4. It was an effective but sleazy Microsoft strategy

        Original Version: 11/30/1997
        Last Updated: 3/13/2021

        For most users, when something like this happened to them, they perceived it as "Netscape stopped working.  Must be a bug in Netscape."  So, they switched to Microsoft's Internet Explorer.  Which was conveniently already installed on their PC.

        Microsoft tactics eventually worked.  They did aggressive marketing, gave the browser away for free, forced PC makers to preinstall it on all new computers, made it impossible to uninstall, and sabotaged Netscape on computers like mine.

        Microsoft's market share skyrocketed.  2 years later, in 1999, it had risen from 10% to 99%.  No one was using Netscape any more.

        Finally, Netscape went broke.  Complete financial collapse.  It open sourced its browser and email client, creating the Mozilla Foundation (an extraordinarily effective, but not profitable solution).  The rest of the company was sold off in scraps to AOL (Netscape.com web site), Sun ("Netscape Enterprise Server" web server), etc.

        Much of what Microsoft did was not only unethical, but actually illegal.  The US Departmant of Justice (DOJ) went after them with an anti-trust lawsuit.  But Microsoft's lawyers fought them off for many years.

        Long after Netscape was gone, the anti-trust suit was settled quietly.  Microsoft pleaded guilty to doing all of the above on purpose and paid a big fine.  But the fine was much less than the money they'd made by sabotaging Netscape.  See:

        A few years later, the browser re-emerged as Mozilla Firefox, and the email client as Mozilla Thunderbird.  But it was a long hard fight for Firefox to eventually re-establish dominance over the entrenched Microsoft Internet Explorer.

        And Thunderbird never took off the way it should have, because people were starting to use Microsoft Outlook.  Outlook would never have been able to compete with the much more powerful Thunderbird.  But Microsoft had bundled it into "Microsoft Office" with its popular Word, Excel, and PowerPoint products, offering a lower price if you bought the entire suite.

        As usual, it's hard to get people to install a 2nd email client when there's already a "free" one on their PC.  And since most people were relatively new to email, they had no idea what they were missing.

        Since then, Outlook has become of the most widely used email clients in the world, despite its limited functionality.  And despite its failure to follow basic Internet email conventions.  And despite all if its security holes.  I claim that Outlook is the biggest security hole ever installed on any computer.

        --Fred

      5. How I recovered

        Original Version: 11/30/1997
        Last Updated: 3/13/2021

        I couldn't afford to switch to Microsoft's Internet Explorer. I was heavily dependent on Netscape at the time.  I used Netscape Navigator as a Web browser, with lots of features that Internet Explorer didn't yet have.  More importantly, I used Netscape Messenger as a very powerful email client and news reader.  Much more powerful than Microsoft Outlook.

        Also, I had 15 years worth of email archives (yes I was using email in 1982) that I used with Netscape.  Sorting, filtering, replying, forwarding, filing email messages in dozens of email folders.  (10 years later, I moved to Mozilla Thunderbird, the successor to Netscape, and I still use it today to manage my 30+ years of email messages.)

        I REALLY needed to get Netscape working again.  But there was no way to find out what Microsoft had done to sabotage it.

        Finally, I wiped the entire disk, reinstalled Windows and all my apps, including Netscape (but NOT Power Toys), and re-applied all my customizations and security settings.  It took a few days, but I had no choice.  Fortunately, I had good backups and was able to restore all my files.

        Still wanting "DOS Here", I searched the Web and found that adding something to the right click menu of all folders is a simple registry entry.  A single line of code.  I wrote a tip on how to do what I called "CMD Here".

        It turned out that ALL of the TweakUI features were simple registry edits.  One line of code per feature.  Microsoft could have sent me a simple REG file, to apply the changes to the registry.  In plain old regular ASCII text format.  No need for a binary-formatted "install" program.  Except to hide their true intentions.

        Here's what I later said (in addition to the above) to someone who pointed me to a Microsoft blog post about TweakUI, and asked what I thought of it:

        You already have all of the Windows tools you need, delivered as part of Windows, which you paid Microsoft for.  Do you really want a "free" download from Microsoft running on your computer?  Think about why Microsoft "gave" it to you for "free".  What's their motivation?  I'd suggest always searching the Web for the quick registry change you need, and making it yourself.  You can undo it if you don't like the result, and you know it isn't causing any malicious side effects.

        Yeah, the blog post is a funny read, but that's because it's intended to be funny, and to create the impression that TweakUI is a good thing by implying that a bunch of other Microsoft folks are jealous of its "success".  Very effective form of propaganda.  Don't be fooled.  Read the "use at your own risk" disclaimers in the article.  Basically, they say "we gave it to you for free and are in no way responsible".

        --Fred

    2. Warning: "Uninstall" is just a suggestion

      Original Version: 10/14/1991
      Last Updated: 3/11/2021

      What if you've installed something on your phone, tablet or computer that you later regret?  No problem, right?  Just uninstall it.

      NO.  It may be more complicated than that.  It may have already done some damage.  Even if it hasn't, it may refuse to uninstall.

      A software "uninstall" is often just a suggestion.  The software is asked to uninstall itself, and may simply refuse.  Or may pretend to uninstall itself, but just get rid of the parts you can see, and keep the small self-serving part that was the whole point all along.  How would you know?  So, uninstalling it right now might be a good idea.  Or might be pointless.  It may be too late.

      Bummer, eh?  That's why I NEVER install such things.  Unless they're Open Source.

      --Fred

    3. "Install" programs are not needed

      Original Version: 10/14/1991
      Last Updated: 3/11/2021

      Binary executable install programs are dangerous and NOT necessary.

      Microsoft Windows was the first operating system I ever used that forced me to run such programs.  All other operating systems and environments allow you to "install" things by simply copying files into place.  Then you can "uninstall" them by simply deleting the files.

      Here's how installs are done on various operating systems and environments.

      --Fred

      1. Installing Java

        Original Version: 7/30/1997
        Last Updated: 3/11/2021

        To install the Java Runtime Environment (JRE) also known as the Java Virtual Machine (JVM), or to install the Java Development Kit (JDK) which includes the JRE/JVM:

        • Download any version of Java as a ZIP file, unzip it into any folder, and run it from there.

        Notes:

        1. Create as many different folders as you like, each containing a different version of Java.
        2. Can also create different folders containing the same version of Java, but with different configurations of versions of various tools, libraries and frameworks.
        3. Run different versions at different times, or in different situations, as desired.
        4. Set the JAVA_HOME environment variable to point to one of the folders if you want that version to be the system-wide default.
        5. Set JAVA_HOME to different folders in different situations so you can run different versions of Java concurrently in those different situations.
        6. Stop using any version of Java by changing JAVA_HOME to never refer to it.
        7. "Uninstall" any version of Java by simply deleting its folder.
        8. This works fine on any operating system (Unix, Linux, Mac, Windows, etc.) because they all support trees of nested folders.  And all support trees of nested processes, with each subtree at each level having its own values for environment variables.

        --Fred

      2. Installing Python

        Original Version: 9/14/2012
        Last Updated: 3/11/2021

        To install the Python interpreter:

        • Same as Java, but using PYTHONPATH instead of JAVA_HOME.

        Notes:

        1. There's extensive tool support for "virtual environments" that make it easy to switch from one installed version or configuration to another.

        --Fred

      3. Installing on Unix

        Original Version: 7/20/1987
        Last Updated: 3/11/2021

        To install an app on Unix:

        • Download a ZIP file, unzip it into any folder, and run it from there.

        Notes:

        1. Create as many different folders as you like, each containing a different version of the app.
        2. For simple apps (like shell scripts or simple binaries) that need only one file, don't bother with a folder.  Just put each in a separate file.
        3. Run different versions at different times, or in different situations, as desired.
        4. Set the PATH environment variable to point to a list of folders that contain apps.  Or put app files in folders that are already on the PATH.
        5. Set PATH to different lists of folders in different situations and/or for different users, to run different versions concurrently in different situations and/or for different users.
        6. Stop using any version of an app by removing it from the PATH.
        7. "Uninstall" any app by simply deleting its file or folder.
        8. Some complex apps come with "install" scripts that copy various files into various standard locations, so that their help files, config files, and other secondary files can be found in standard ways.  You can read such scripts before running them to make sure they don't do anything unexpected.
        9. If you run an install script without reading it, and later find a problem, you can go back then and read it to see what it did.

        --Fred

      4. Installing on Linux

        Original Version: 9/1/2001
        Last Updated: 3/11/2021

        To install an app on Linux:

        • Same as Unix

        Notes:

        1. Linux is a form of Unix

        --Fred

      5. Installing on Mac

        Original Version: 3/8/2009
        Last Updated: 3/11/2021

        To install an app on Mac:

        • If a ZIP file is offered:
          Same as Unix

        • If a DMG file is offered:
          Download it, open it and drag the app to any folder as if you'd unzipped it

        Notes:

        1. Mac OS X and macOS are based on BSD Unix.
        2. Use a folder in the user's ~/Applications folder if you want the app to be found automatically by Spotlight, Finder, etc., for that user.
        3. Use a folder in the special /Applications folder to find it for all users.
        4. A DMG file is a "disk image" file.  Think of it as a USB drive, or a CD, DVD, Zip disk or floppy disk, or a Unix device.  Opening the DMG is like plugging in a USB drive, or inserting a disk into a drive, or mounting a Unix device as a file system.  Eject the DMG when you'e done installing.

        --Fred

      6. Installing on DOS

        Original Version: 10/14/1991
        Last Updated: 3/11/2021

        To install an app on DOS:

        • Same as Unix

        Notes:

        1. DOS is like a VERY stripped down version of Unix, missing 90% of the useful features

        --Fred

      7. Installing on Windows

        Original Version: 10/14/1991
        Last Updated: 3/11/2021

        To install an app on Windows:

        • If a ZIP file is offered:
          Same as Unix

        • If only an EXE or MSI file is offered:
          Just say NO!

        Notes:

        1. Many Windows apps are not packaged as a simple ZIP file.  Instead, you get a binary, executable, custom install program (EXE) that you have to run to "install" the app.  Bad idea!
        2. Or you get a binary MSI file that you have to run via the "Windows Installer" standard install program.  Also a bad idea!
        3. The install program (custom or standard) does all the things that you could have done manually.  Or that could have been done by a shell script (Windows batch file, Windows PowerShell script, Windows REG file, Perl script, Python script, etc.).
        4. The custom install program also does WHATEVER ELSE IT WANTS TO DO.
        5. Or the standard install program also does WHATEVER THE MSI FILE TELLS IT TO DO.
        6. In both cases, you have no way to protect yourself.  And Microsoft has no way to protect you. 
        7. What happens is entirely up to whim of the person who wrote the EXE or MSI file.
        8. The EXE or MSI file is a binary file, not a plain ASCII text file like a Unix shell script, so you can't read it in advance to see what it's going to do.
        9. And you can't read it later, after there's a problem, to see what it did.
        10. This mechanism is just BEGGING TO BE ABUSED.  It requires your complete trust in both the honesty and the competence of the person who wrote the EXE or MSI file.
        11. Even if that person is honest, means you no harm, and has no self-serving motive, there may be serious bugs in the EXE or MSI file that could do serious damage.
        12. Or the EXE or MSI file may have been corrupted by a hacker.
        13. Just say NO!  Find another way to install the app.  Or find a similar app that comes as a ZIP file.  Or abandon Windows, and use Mac or Linux instead.

        --Fred

      8. Installing on VAX/VMS

        Original Version: 2/1/1983
        Last Updated: 3/11/2021

        To install an app on VAX/VMS:

        • Same as Unix, but without the built-in support for PATH.

        Notes:

        1. You'd have to type "RUN $PATH:app".  PATH can be the name of any multi-valued environment variable.
        2. Such variables can be used anywhere, not just on the command line.  For example, when specifying a file to read, edit, delete, copy, etc.  From the command line, or inside a program, or wherever.
        3. In all cases, the first match in the list of folders is used.
        4. This is much more powerful, but not as convenient for invoking simple commands at the command line.
        5. They have the whole mechanism in place.  They should just define PATH as a special instance of such an environment variable, and have the command line search it automatically.

        --Fred

      9. Installing on phones and tablets

        Original Version: 3/4/2010
        Last Updated: 3/11/2021

        To install an app on a phone and tablet:

        • Unfortunately, phone and tablet apps seem to have gone the Windows route.  So any install can trash your entire phone or tablet, or do whatever else it wants.

        Notes:

        1. iPhone and Android phones have tried to reduce the risk by encouraging install apps to ask you for permission to access various features and capabilities of your device.  But I'm not sure how well that's enforced.
        2. iPhone has tried to force all installs to be done through the Apple App Store.  Mostly so they get their 30% cut of the sale price.  But they claim that they also review all such apps to check for security issues.  Better than nothing, but nowhere near the same kind of review that Open Source code gets.
        3. Android also encourages installation of apps through its "Google Play" app store, but also allows installs from web sites, CDs, USB drives, etc.  When apps are installed from Google Play, Google gets its 30% cut of the sale price.  And they claim that they also review for security issues.  Again, better than nothing, but nowhere near the same kind of review that Open Source code gets.

        --Fred