Bogus error messages and Win10-blocking options

Protecting your backup files from ransomware

Ransomware covertly encrypts user files and then demands payment for the key. Here’s how to ensure that backup files remain safe, if an infection takes over your main PC.

Plus: A “Windows Hello” biometric/fingerprint sign-in system fails after a Win10 upgrade and updated suggestions for Win10 file management.

Keeping ransomware out of your backup files

With recent headlines highlighting successful ransomware attacks on businesses, there’s good reason to worry about your data. The best way to recover quickly — and avoid paying a ransom — is to keep clean backups of your data. Reader Kees van der Pot wants to ensure that his backups are safe.

• “I’m afraid of ransomware, so I’m looking for a way to protect my backups from infection.

  “My backups are stored on a networked drive that’s actively connected to my PC only once a week, when my system is making a new backup.

  “I use Acronis True Image, giving me backup files named backup.tib.

  “Because ransomware looks for data files to encrypt but otherwise leaves your system running, I think that renaming my backup files to backup.exe should make them safe.

  “Is this a good idea?”

Disguising your backups by renaming would seem to be a good plan, but I don’t think it’ll result in any meaningful extra protection.

Although this approach might fool simple malware, well-coded exploits will find the files they’re looking for. It’s trivially easy for the malware to look past a file name or file-extension to see what’s actually inside.

The same is true for another clever-sounding trick: placing data files in nonstandard locations. But, again, that would fool only the most rudimentary forms of malicious code.

In short, simple tricks of that sort simply won’t protect you.

But there is an additional step that can help ensure that no malware of any type gets saved into your backups.

The backup method that Kees uses is already quite secure. The only time the backup files are vulnerable to new infection is during the relatively brief time when the drive is actively on line and connected to the Windows PC. When the drive is disconnected and offline, its files are totally safe.

But for maximum safety, do this: Before bringing the backup drive online and running the actual backup, thoroughly scan your system with a good anti-malware tool. Ideally, use a scanner that’s not part of your full-time anti-malware setup. Use of a different brand of scanner will help catch any infections that might have slipped past your primary defenses.

For example, I use Win10’s built-in Windows Defender (info) and Malwarebytes Pro (site) for the daily defense of my PC’s files and its ongoing File History backups. But before running my monthly whole-system backups (to a different external drive), I verify that the PC is truly clean by scanning with a separate tool such as ESET’s online scanner (site).

Those extra scans are the key: Once you know that your PC is malware-free, you can then connect a drive and perform your backup, confident that you’re not spreading any infection to your backup files.

Biometric/fingerprint sign in lost after upgrade

Al Christie is trying to use Win10’s biometric sign-in options, aka “Windows Hello” (more info).

Al is using a fingerprint scanner, though it could just as easily be a facial- or iris-recognition device.

• “Hopefully Fred Langa can explain to me how to resolve my lost fingerprint-scanning sign-in process. I upgraded from Win8.1 to Win10, and now my fingerprint scanner won’t work. I can’t find any useful answers via online searches.”

Like PC trackpads, cameras, microphones, and similar hardware, a fingerprint scanner is technically a type of peripheral device, even though it’s built into your PC. Like almost all peripherals, fingerprint scanners require their own drivers, and those drivers must be compatible with the current operating system.

Because your scanner was working fine until the upgrade, the problem is almost surely that the original drivers aren’t Win10 compatible or they suffered some kind of software mishap during the upgrade.

If the scanner is built into your PC, visit the PC maker’s support site. Download and install Win10-compatible drivers for your specific PC model and fingerprint scanner. If no scanner-specific drivers are available, install new Win10-compatible mainboard, system, or chipset drivers.

If you have a stand-alone, plug-in fingerprint scanner, visit the manufacturer’s site and obtain the latest model-specific drivers there.

Once you have the correct drivers installed, your fingerprint scanner should start working normally again.

For more information, see the WinSupersite.com article, “Using Windows Hello and a fingerprint to log into Windows 10.”

Win10 file-management best practice?

Stan Lenci has been using Windows for many years. He’s wondering if it’s time to update his long-standing practice of manually setting up his user files on a different partition from the operating system.

• “I’ve been a faithful follower of Fred Langa’s articles on Windows file-management methodology.

  “In the early days of Windows, he said that the easiest way to prevent damage from a major Windows system crash was to have one partition for the OS and another for applications and data.

  “He later discussed how a nondestructive recovery process will keep applications and data intact; no need to resort to a full image-recovery process.

  “Win8’s File History introduced a new backup process, and Win10 followed suit.

  “With all these changes, it appears there’s no longer a need to establish separate partitions for the OS and applications/data. Am I right on this?”

You’re correct, Stan. It’s no longer necessary to separate the OS and the user files — I haven’t recommended doing that for years.

It made sense with early Windows versions; built atop a DOS foundation, they could be quite unstable. It wasn’t unusual for a Windows setup to require a complete, from-scratch reinstallation — possibly several times a year! Some heavily-used Windows setups even required full reinstalls/rebuilds every month or so!

Under those conditions, keeping your data files separate made good sense. You could rework the entire OS without affecting any of your user files.

But Windows has steadily improved, version by version. By the time Win7 arrived, the OS was a rock-solid workhorse. With good, routine maintenance, a Win7 setup could run for extended periods of time — years, even — without requiring a full-blown, from scratch reinstall.

And as Stan pointed out, when a Win7 reinstall was required, a skillful user could perform a nondestructive reinstall that left data files and already-installed software in place. (For more, see July 14, 2011, Top Story, “Win7’s no-reformat, nondestructive reinstall.”)

With more stability and nondestructive repairs, the whole rationale for separating the OS and user files more or less goes away.

Win8 and Win10 have an automated, nondestructive reinstall option built right into the OS — just a click away. Plus, both Win8 and Win10 allow for automatic, ultra-safe, redundant user file backups in File History and OneDrive.

For more information, see “A ‘no-reformat reinstall’ for Windows 8” (Aug. 15, 2013, Top Story), “Mastering Windows 8’s backup/restore system” (Jan. 15, 2015, Top Story), and “Best of breed: Win10’s hybrid backup system” (Oct. 15, 2015, Top Story).

Leaving all your files in their default locations also helps to ensure that Windows’ increasingly automated self-maintenance and recovery systems can operate as intended — as background processes that require little, if any, user intervention.

In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum. To rate this or other stories, click over to our polls page.

Bogus error messages and Win10-blocking options

Running System File Checker in Windows 10 can give you an unwanted — and unnecessary — worry.

And Gibson Research posts its option for blocking Windows 10-upgrade notifications.

Win10’s faulty System File Checker error message

Recently, I was trying to solve an issue with my Windows 10 test system. I ran one of the operating system’s most basic troubleshooting tools: the System File Checker (sfc.exe /scannow). When the process completed, I received one of those infamous non-answer answers. SFC reported that my system had corrupt files that SFC was unable to fix. Great! You now know you have a problem, but you still have no idea what it is — or how to fix it.

As it turns out, the problem might not be with your system files but with SFC. As noted in a Microsoft Community thread, the company is trying to resolve a problem with SFC in Windows 10 1511. According to a MS support engineer:

“When you install Windows, it installs a version of opencl.dll. However hardware drivers may also install their own version of opencl.dll, and if the driver version is different than the one installed by Windows, SFC may report this as file corruption and may not replace the file.

“When this happens, the opencl.dll file is not actually corrupt. It is not necessary that you take any action — the report that opencl.dll is corrupt can be safely ignored.”

OpenCL is essentially a programming language that allows common code to run with different hardware setups. Graphics hardware will often install its own opencl.dll files. And there has been a bit of history of missing opencl.dll files causing problems with Windows systems.

Apparently, there have also been issues with bogus third-party opencl.dll download sites. While researching this topic, I ran across a purported MS fixit site that did not look like the usual Microsoft page. Floating my cursor over the link for downloading the tool displayed a URL that looked suspicious — or, at least one that did not link to Microsoft or some other known vendor.

Various options for blocking Windows 10

A Window reader sent us a note asking about Gibson Research’s Never10, an alternative to GWX Control Panel, which has been recommended by Windows Secrets on numerous occasions.

The bare-bones, Microsoft-recommended option, described in MS Support article 3080351, is to change two Registry settings; one to block the upgrade in Windows Updates, and the other to block for the app — GWX.exe — that adds the Get Windows 10 icon to your taskbar. That will work, though in some cases only temporarily. Another Windows update might come along and restore the Windows 10-upgrade settings.

We’ve recommended the free GWX Control Panel (download site) because it blocks the upgrade for as long as you like and provides a detailed, easy-to-use control panel (see Figure 1).

GWX Control Panel’s information section gives you a quick snapshot of Win10-upgrade–related settings and events in your Win7 or Win8.1 PC. And various buttons let you quickly disable — or re-enable — the Get Windows 10 elements. The tool also lets you enable a Monitor Mode, which pops up a notification when new Win10-upgrade activity is detected. That should help block any future Windows updates that re-enable Win10-upgrade notifications/installs.

Gibson Research’s Never10 (site; Figure 2) is a simple tool that doesn’t install any software; you just download and run a small app. Never10 basically automates the Registry changes recommended by Microsoft. Simply put, clicking the tool’s one button disables automatic updating in the current OS (Win7 or Win8.1). It also removed the Get Windows 10 notification on the taskbar — sometimes. If you change your mind, you can then click the button again to restore auto updating.

The Gibson site notes that the tool is good for “inexperienced” Windows users. But most nonexperts have Windows Update set to automatic for a good reason: They’re unlikely to keep on top of critical updates it they have to go into Windows Update and approve new patches. (The Gibson site also claims that GWX Control Panel is too complicated.)

There are other similar tools from lesser-known vendors floating out on the Net. They probably work much like Never10. The reader who sent the note asked whether it helps to run more than one of these tools. The answer is no — just one will do.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum. To rate this or other stories, click over to our polls page.