Herb Hartley made a smart and excellent catch on a newbie submitting posts with a suspicious link that looks like phishing attempt, or ransom ware trap.

Which got me to thinking.

We click on a lot of links around here with blind faith.

People I don't know, who have no name, and no identity, and no face post "interesting threads" here all the time.

I am extremely careful when I click on anything outside of songs on this forum, but now I am interested to know what safeguards there are on this forum and I would like to hear it from PG Music, if possible, just out of plain old curiosity. It may be impossible, but my curiosity has been raised.

Some of the "interesting links" could lead anywhere, or be linked to anything.

Are there protections against clicking on any link here on the forum? I would guess NOT--but I don't know much about web forum security other than I think it is smart to keep running Norton.

Even a soundcloud link can be spoofed, right? Email accounts are spoofed all the time.

Theoretically, any one of them could lead to a ransom site, malware site or phishing site right?

The suspicious looking link info Herb found came out as a red flag for me and something to be more super cautious about in a day and age when Internet treachery continues to escalate.

Could the entire forum be an open ransom ware landmine, or are there protections??

I would like to hear from PG Music, if possible, to see how similar concerns might be addressed from the other side. I don't know what I don't know.

I don't know the answer to your question David, but suspect that it might be difficult for PGmisic to totally monitor every link on forum, unless like some forums who don't permit new users to post a link for a given time frame.

I am sure you might have heard of,

https://www.sandboxie.com

And what it does, it can totally sandbox your browser activity and even if some malware is let loose it will only affect within the sandbox itself, which with a few click you can delete the sanbbox.

Best of all its free with a 5 second nag screen once a day I believe.

If you download it, it will usually provide a right mouse click to a browser such as Chrome to run sandboxed.

Browser speed is no different to normal, if you move mouse near top of chrome you will see a yellow outline that shows its running sandboxed. You can check from sandboxie window which opens from the taskbar as well.

Great program which I wouldn't do without, it was actually Solidrock from the forums here that posted about it, so credit to him/her.

Sorry if this doesn't answer your question and I have gone off on a bit of a ramble.

I find it sad that this kind of thought exists after all every new person to the forum is a stranger. As are all the veteran users strangers to the newbies. In the words of Wayne and Shuster “who is that beside you”. “Why it’s you”. “Ah but can I be trusted”. I would suggest never go to a new site unless you check it out first but encourage discussion, comments and help on the Forums.

My thoughts

Tony

+1 musiclover Sandboxie !!

I don't see how PGM could protect us unless they take away our ability to post links.

I think everyone needs to secure their own browser using AV and malware tools. Or just don't click links you are concerned about.

Musiclover's suggestion is interesting but that introduces other concerns such as them tracking your every move.

Bottom line...if you're gonna ride the bull you're gonna risk getting hurt!

Tony,

I think you misunderstand my message. I am not paranoid, I am reacting to a thought about a potential threat I had not thought of before. As you may have noticed, I have read and responded to thousands of posts from people all over the board in good faith as a trusting soul for years. Love this community.

However, over Christmas one of the largest publications in the country was shut down and unable to print for the first time in its history because someone clicked on an innocent looking link. Ransomware immediately infected all of the servers and the printing press shut down. Everyone's computers were infected.

SO, not as a paranoid person, just as normal thinking person, I think I had a realization when Herb spotted what was clearly a threat. It has nothing to do with being suspicious one of one's Internet neighbor on the PG Forums.

It just made me realize for the first time in five years that I NEED to be careful.

And I think THAT is sad.

Also, not knowing how servers like this work, I was just asking if safeguards COULD be put into place because I don't know. I was just asking, which is what I always do when I don't know the answer to something. I ask.

Hope that makes sense.

https://forums.sandboxie.com/phpBB3/viewtopic.php?t=8983

You can also right click on an exe you are not sure about and run it sandboxed in an isolated environment.

If we need a 'wake-up call' just search TED TALKS under Internet Security. Even benign picture formats can carry terrible viruses and malware.

I believe that my sister-in-law's address book has been hacked and she is inadvertently spreading malware. It becomes necessary to know and recognize what would be NORMAL communication from even our family members.

Don,

You have hit the nail on the head and that is exactly what I am talking about.

In the publication hack I was talking about, no one could have known the email with the bad link in it was fake. It was a perfect forgery. But one click shut down a major organization. Bam.

I get emails all the time from major companies that look exactly like they came from the known company except I find ONE misspelling that tips me off--like a British spelling I know what not have been made by an American company.

It is scary.

I basically don't click on anything in emails anymore. I even ask my wife if she sent me something before I click.

It is scary and malicious and growing trickier even day. It's not just me. My friends are tech writers for media giants. They talk about it all the time.

So, I am down to basically clicking on nothing. Very sad, but it can ruin your life.

I just spent the better part of 2 days trying to clean up my computer. Finally got it done after spending weeks putting up with a slow running computer that consistently tried to direct me to download Adobe Flash, Mackeeper etc. My “music” computer is offline 99% of the time an as a result I haven’t had a problem.

Good points, David. Good for Herb, being on alert.
As I thought about it, one of the pitfalls is that we might be drifting into a false sense of security, because the PG forum is such a laid back friendly place, here we are, throwing links around, nonchalantly.
Something tells me there must be a company that will allow forum operators to route inquiries through a safe proxy. Yes, kind of on the order of Sandbox or a VPN, where the inquiry becomes anon.
Not too long ago I started a forum on the topic of rural development. Let me tell you, forum operating is no country for old men. Almost immediately, I started getting registrations, 12-14 of them, that just did not look right. Even as little as I know, I was able to trace the registrations to a school server in the Orient.
I wouldn't conclude the worst, but one thing I knew, I was over my head; so, I bailed.

I'm not sure what you mean when you talk about spoofing here. With regards to emails, spoofing typically refers to using fraudulent headers in the email. For example, it is very common and easy to spoof the "FROM" header in an email message, and that's why spammers can send you an email that appears to come from your friend or whatever.

It seems like you're just talking about the url that a link is pointing to. Maybe this link for example.

A link is just a link - If you're unsure about it, don't click on it, just hover your mouse over it and look at what url it points to, usually the lower left corner of your browser window. Or you can right-click on the link and select "copy link address" (or similar) and paste into notepad. The vast majority of the time it is dead simple to tell if the link is valid or if it's just someone trying to get you to go to their site. You can do the same thing with your email messages. The only way it can really be spoofed is if the link is made to APPEAR it's a valid site because of it's similarity to a well known url. For example, www.pgmusic.biz or www.pgmmusic.com. (the spammer would have registered the similar domains and created a site)

There are tons of spammers that try to post messages on forums, and in their message they include a link to some site. Typically they want to increase traffic to the site so they can make money from ads. Our forum doesn't allow any new user to post a link without being moderated, and there are lots of other criteria that needs to pass for a post to get through unmoderated.

The recent spammer was quite smart it seems, in that they seemed to be trying to troubleshoot an audio recording problem. Although we did miss a few obvious things about that user, and let him through when we shouldn't have (Still his links didn't seem "malicious" in the sense of phishing /viruses.)

Andrew,

Thanks. The simple explanation that you are monitoring this kind of thing makes me feel better already.

Thanks again.

It's just a crazy world out there now, and like I said, I don't know what I don't know, but I have seen some frightening stuff happen in recent months from people I know.

Thanks for the lessons and reassurances--and tips.

Andrew,

Of the several sites that I frequent, PG forums are the best moderated among them.

We have had a few trolls disrupt things over the years but they quickly disappear when they see the family atmosphere and talent to be found here.

Kudos to the moderators for keeping this a great place to visit.

It's a crazy world in my sandbox.

Knock wood but I never click on a link if I don’t recognize the source w/o doing what Andrew suggested, i.e., vetting the link. I get virtually no unsolicited email, no spam in over a year and I always use a new email addie for any company or entity that I must give an email addie to. One spam or weird email from that addie and I kill it. And I am a Mac (generally safer than the Windows environment) but I still use anti virus/malware software. Yeah, it could all blow up tomorrow but I do my best to avoid the worse. I don’t find it much of a hassle but then I’m long into retirement and can keep my contacts limited.

Bud

I'm very careful about clicking links. I read in a respected computer magazine than you have to treat the Internet as if everybody is out to get you. Most aren't of course, but when you drop your vigilance you can get snagged.

But I know more savvy people than myself have been duped so....

1) I make an Acronis disk image at the end of every day to an external, removable 'toaster' drive. The external drive is never on when I'm working so the malware people can't write to it.

Of course I could be backing up an infected drive so I make sure I have at least a half dozen backups before the oldest gets erased. So I have almost a week's worth of disk images.

2) I also use another removable drive that I put in the 'toaster' once a month and backup, and I keep more than 9 months of complete disk images on that drive. It's removed from the system except for backup time.

So if I get malware, I can go back to a point where my computer was before it got infected. Disk images are not like simple backups, they 'clone' the disk itself.

3) But what about my data? If I restore my computer to its state a few months ago, what will I lose? Hopefully nothing because I also use Microsoft's free SyncToy app to backup my data every day. That includes every folder that I think the data changes on like documents, pictures, e-mail, music, etc.

The Acronis Disk Image and SyncToy backup can be run at the same time but I found it's better to start SyncToy about a minute before booting Acronis. It usually takes about an hour, and Acronis can turn your computer off after the backup is finished.

Backing up your computer and data are like going out to sea with life jackets and life boats. Chances are you will never need them, but if you find yourself in a situation where you do need them, you will be very glad they are available.

Insights and incites by Notes

PGMUSIC:

I keep my ENTIRE BIAB installed on my D Drive along with various data files and my OS on my C Drive.

If I need to reinstall my OS for some reason (upgrade, corruption, drive failure, a dreaded virus, etc...) what should I save from the C Drive (if possible) before reinstalling the OS so my BIAB keeps it's activation.

I have multiple computers at my house (2 desktops and a laptop for traveling) so I have used all 3 activations and cannot afford to loose one.

This question has always puzzled and worried me. I know there are activation tickets and can those be backed up to a thumb drive for safekeeping in the event something catastrophic happens to one of my computers?

Notes,

You are truly a man after my own OCD heart.

In every way.

jcland,

The Support Staff is great about getting you going again in such cases.

After you reinstall your OS you would need to activate BB again. This should not use up another activation because it is the same computer. However, you can contact us to get an additional activation if you need.

We have seen an increase of links in emails, especially commercial. If it is something like "Staples Preferred Customer," I usually bite. Now, though, it seems like everyone wants to include a link.
The thing that has saved me, by reminding, has been gmx.com email feature that stops that practice dead in its tracks. New Years Resolution -- no more unknown clicking, regardless.
I also think google avoidance is a good idea.

Be interesting to see what/which SW (BB - probably not, iLok SW, Steinberg SW, and others) thinks I have a new "machine" when I swap out CPU's on same MoBo later this week and whine about needing to re-authorized

Larry

You forgot Windows. Microsoft will probably want to activate with that major a hardware change.

Thanks.

But I confess, not in every way.

Only in the things that seem important to me.

Data is important to me because it is impossible to replace.

---

I used the life boat/life jacket analogy because I used to own a sailboat, and I also worked on cruise ships for 3 years.

If the boat/ship you were on was in distress, you can't stand on the front lawn and watch your ship disappear.

So when anyone boarded my sailboat I showed them where the life vests were stowed and made sure they knew how to use them.

When working on the cruise ship, I located where the life boats and rafts were. Every crew member did. But I took it upon myself to learn where the extra life rafts were and how to launch them.

It's a matter of life and death.

---

On the gig I bring all my self-produced backing tracks on a computer. I have a second computer booted and ready with duplicate tracks on it at all times. If something happens to the first computer, all I have to do is switch the USB to Audio Interface to the spare computer and the show goes on. I've had to do this twice since 2002, and the customers never knew anything was wrong.

My wind synth can cover any parts if my sax, flute, or guitar breaks on the gig, so I bring two wind controllers and duplicate sound modules. I've never had to use the spares, but if I do, it will save the gig.

---

I'm even more careful with the data my customers give me.

When you buy something from Norton Music, there is no option to save your credit card info for future use. Why? If it isn't saved in my shopping cart, there is no way someone will be able to hack it.

I don't download credit card numbers to my office computer, and I store my customers names, addresses, and e-mail on an encrypted, external drive. It's only connected to the computer when I need it. If it isn't on-line, it can't be hacked.

Even if someone breaks into the office and steals the external drive, they will have to guess a very, very, very long password key to get a physical and e-mail address and know which encryption software I use.

I just feel that's my responsibility. If one of my customers gets hacked, it won't be because of me.

---

But for things that don't matter I am pretty relaxed about them.

Hopefully I have the wisdom to know the difference between what is necessary and what is not

I think as far as my data is concerned, I have that covered.

Insights and incites by Notes.

1) Log off when finished.
2) Right click on links.
Select "copy link address."
Paste in browser, click after removing
redirects and IDs from the address.
3) Running multiple browsers can help keep them away.
4) Set CC Cleaner to run on browser close.

There are more and more quite official looking websites appearing, usually short lived, with all the logo's etc. From especially fake web shops, banks etc; be aware, they're after your credit cards, login codes and worse. And at times they get hold of your email address and passwords due hackers activities on poorly protected websites. If you're worried about your email, check here: https://haveibeenpwned.com/

I've been getting a lot of spam lately telling me my account has been hacked and wanting me to pay them in bitcoins.

They say they have been filming me with my computer's camera while I was watching inappropriate comment and if I don't pay, they will expose me.

Well, first of all, I don't have a camera on my computer, secondly I read about this scam a couple of months ago in PC Magazine, and thirdly, there was another thread here some time ago from people who got this scam before me (I think Joanne Cooper gave us the first heads-up - thanks).

There are a lot of people out there that want to part you from your money. Doing it via spam is easy because it doesn't cost them hardly anything. They buy a list of e-mail addresses, send out zillions of spams, and if one in a thousand recipients are fooled, they can make tons of money.

It's good to be aware, to never click a link in unexpected e-mail, to ask your friends before clicking a link, to have a good AV app on your computer, to add MalwareBytes to your protection, and to keep full backups including some older ones.

There is nothing you can do to keep yourself 100% safe, but by being careful, you can minimize your risk down to 1% or less.

Insights and incites by Notes

My son in law (ICT expert) says ignore those, >AND NEVER REPLY< ! You might set an autofilter and send them if possible automatically to your spam box.

I use 360 Total security paid for 2 years now, only 12$ per year; i never get them any more, and it has a lots of tools like only passing through the serious windows updates, a ransomware repair and blocker, a lot more ...

I know, never-ever reply. I tried setting up a filter at my web host, but they keep changing their tactics to get around the filter. I just shift+delete when I see them.

I know it's just a numbers game. Sooner or later they will mail to a guy who watches p0rn and is gullible enough to send a few hundred dollars in bitcoin and the scammers win.

If we all were intelligent enough to never respond to spam and scam, it wouldn't be profitable, and would most likely go away. But that will never happen. So in the meantime it's just a PITA.

Insights and incites by Notes

PS i listened to some of your fakebook demos recently; bought some Atari diskettes 25 years ago LoL. OK sounding stuff etc, but IMO not a real fakebook as with melody, chords and lyrics as i am used to buying in the past. I know, copyright issues, but most songs i don't know, and as such mean nothing to me without a melody at least ... You must have made them along a melody line probably, and threw it out later? F

I totally understand Fiddler2007.

I tried getting the rights to the melodies but ran into stumbling blocks. Many copyright holders simply refused. The ones that agree wanted to charge up to $2.50 PER SONG to use the melodies.

I wrote back, "$2.50 per song? I can buy them in a fake book for a few pennies per song." and they answered, "So buy the book".

So for almost every one of my fake 'disks' there is a link to Amazon to buy the book. You can open the book, load the BiaB file and play away reading the melody from the book. Lyrics are also included.

It's the workable and affordable compromise. My fake disks have up to 850 songs in them, that would be about$2,000 in royalties at $2.50 each, I don't think many could afford that.

You don't have to buy the book at Amazon, many are available at book stores or your local Mom & Pop music store will be happy to order it for you.

There are a few fake disks that I offer that no longer have books, as they have been discontinued by the manufacturer. If you click the Amazon link there might be a used one for sale.

Also, they no longer are physical disks, but instant download files. I started calling them "Fake Disks" when they used to go out in the mail on either 5.25" or 3.5" floppy disks. The physical disks are gone, and I just don't know what to call them if I want to rename, so "disk" hangs on in title only.

But then we dial phones when the dial hasn't been around since touch tone buttons. We honk car horns when there are no more horns but some kind of digital noise maker. And so on. So virtual disks aren't too bad.

Amazon has some of the lowest prices for these books that I've found, which is why I direct you to Amazon. Barnes & Noble is often competitive, and there are other sources.

Personally, I like reading from the book as BiaB plays, because it's easier. The entire song is visible and doesn't have to do that change screen thing in BiaB. Just open the book start the BiaB file and have fun.

And to get back on topic, the physical books can't have malware or ransomware included.

Insights and incites by Notes

Se lets dump all computers, back to the 20-ies .... Or maybe buy some of your (faky?) fakebook collections and download the melodies elsewhere, not from you of course LoL. A server stationed on some off limits Indian Territory gambling grounds?

There is good use for both old and new technology. The thing to do is to find out what combination works best for you in the situation you are faced with.

Because it's new, doesn't mean the technology should completely replace the old. In many cases they coexist nicely. Example: On the gig sometimes I use the acoustic sax (old tech) and sometimes the Wind Synthesizer (new tech) depending on the needs of the song. I even use the synth for sax parts on some songs because it's better for that song. Example: Acoustic guitars were not replaced but newer technology electric ones.

Opening a fake disk song in BiaB and reading the melody out of the book has its advantages, besides for saving thousands of dollars. In the book, the melody is usually available without turning pages. The BiaB screen updates and you can only see the number of bars that are displayed on the screen. On paper I can see the entire arrangement before starting to play, the DS or DC, the Coda, the repeats, and I also get expressive commands like ppp or ff, crescendos or diminuendos, words like dolce or sweetly, time signature changes, and other information lacking in BiaB.

There are those who love this arrangement better, and I'm sure some who wish the music publishers would allow melodies and lyrics to be put on BiaB at an affordable price.

There is more than one way to make music, and what is right for one, may or may not be right for another.

Insights and incites by Notes

I find that Notes' fake book discs are really great. I use to type in all the chords to a fake book's song then site read the lead; I have the corresponding fake books. Now I just pick a song from one of Note's discs and site read in just a matter of seconds. It's a great time savor.

Sometimes I find a song that I want to do more than just site read. I am currently working on the song "Where or When". I am trying to play trumpet 1, trumpet 2, alto and tenor sax via my wind controller and adding a guitar part. It is a learning curve but a fun one.

YMMV