Understanding Web Hosting Bandwidth, and How Much of It You Need

Bandwidth is a term that’s bandied about fairly regularly in the digital world these days, and not surprisingly given how not enough of it can mean the ‘lag’ that nearly everyone has major difficulty tolerating. Truth is a lot of people that might be decrying a lack of it may not actually know what it is, and are more simply regurgitating what they’ve heard others says when voicing similar complaints.

Sufficient bandwidth is an absolute necessity for providing reliable web hosting, and here at 4GoodHosting we’re the same as every quality web hosting provider in Canada in that the success of our business depends on having it to the extent that it’s needed for websites hosted with 4GH. Nothing out of the ordinary there, but what is worth mentioning is that – in addition to having a basic understanding of web hosting bandwidth – there are measures that webmasters can implement themselves to increase available bandwidth.

All of that to come here in today’s blog entry, but first let’s have a basic look at what exactly web hosting bandwidth is and why you certainly can’t do without it

What is Web Hosting Bandwidth

Nearly all of you will be familiar with what it’s like to be driving in rush-hour traffic, or even observing it from a distance. We can think of bandwidth like the lanes of a highway and each vehicle represents the web traffic moving towards your site. Too many of them on those roads leads to long delays and frustrated drivers, while at the opposite end too many lanes mean excessive infrastructure costs for the city and a network that’s difficult and expensive to maintain on the taxpayer dime.

To the point, web hosting bandwidth is the amount of data that a website can deliver to its visitors over a certain period of time. We can conceptualize bandwidth as the capacity or diameter of any one or more of the ‘tubes’ of the internet – high bandwidths mean stronger, larger connections that can deliver more traffic and data, while low bandwidths mean more restricted connections or networks that often result in backlogs and slower loading speeds.

Web hosting providers (like us) typically describe the bandwidth associated with a certain hosting plan by relaying it as how much data can be delivered in a specific period of time, and most commonly in terms of gigabytes or terabytes per-month. As to be expected, you’ll pay more for extra bandwidth, but it’s also pretty much the norm that if you need it it’s not an added expense you can realistically avoid.

Unless backlogs and slower loading speeds aren’t going to be problematic for your visitors.. right then.

How Much Bandwidth Will Do?

This of course depends on the size, structure, and nature of your website. The reality is that bandwidth is a less adjustable component of web hosting, and so it’s important to find a web hosting plan in Canada with just the right amount of it as you certainly don’t want to be paying for a higher-priced hosting package that is more than you need.

It might be appropriate to say it’s better to err on the side of caution here and that too much is better than too little. While that’s probably true, there’s no reason why you shouldn’t or can’t find a package that gives you exactly the amount of bandwidth you need.

The Formula

We certainly didn’t create it, but we’re happy to share this simple formula for calculating how much bandwidth your site consumes; take these factors:

  • Average number of visitors each day
  • Average size of a page on your website, in kilobytes
  • Average number of pages viewed by each visitor
  • 31 days in a month

And multiply them all together.

That number will be the amount of bandwidth you can expect to approximately consume each month, in kilobytes (divide by 1,000,000 to calculate gigabytes). If your intention is to have people downloading files from your site, you’ll also want to multiply the average daily number of downloads and the average file size and add that number to your total.

It’s also a good idea to multiply your bandwidth estimate by roughly 1.5 to give yourself some flexibility with these projections.

Unlimited Bandwidth?

Not surprisingly, global internet traffic is reported to be increasing by roughly 22% each year. This growth is far outpacing the ability of telecommunications and internet service providers to supply the amounts of bandwidth required for many sites to retain their status quo when it comes to website performance. In response we’re seeing increased numbers of packages coming advertised as offering unlimited bandwidth.

That’s going to be misleading like that, as it’s not really unlimited. A better term here would be unmetered. Generally speaking, it’s only unlimited if every site hosted in that shared hosting arrangement is operating within their established bounds. We won’t go any longer, but just be wary of any such offer for unlimited bandwidth.

What Makes Bandwidth Important for a Website?

We can create an analogy here between bandwidth and a pair of shoes. Even Usain Bolt won’t be streaking down the track effectively if his cleats are several sizes too small. But in more literal performance terms, bandwidth is instrumental to your site’s speed and overall performance. You want it to be ‘firing on all cylinders’ as the expression goes, and having enough bandwidth is absolutely essential if your site is to be doing that.

First and foremost with all of this is page load speed. Web browsing individuals are impatient, so enough said about that. Insufficient bandwidth = poor page load speeds. Dynamic content needs more bandwidth too, and it’s a big part of why VPS hosting is increasingly popular these days

Is it Possible to Increase Bandwidth?

It is, and the primary way to do so is by conserving it. What we mean by this is reducing your site’s bandwidth usage. Here’s the most common ways of increasing available bandwidth for a website:

  • Look for external sources or storage for images and videos (or optimize image files for web)
  • Enable compression for HTTP, CSS, and JavaScript
  • Implement caching and a content delivery network to store static content on servers closest to your audience
  • Outsource RSS feeds to third-party applications or plugins

Alternately, you can – as mentioned – consider moving to a VPS hosting package.

Most well-made and well-situated websites backed by solid web hosting can expect to see 10% to 20% more traffic each month. Given this likelihood, even those of you are absolutely content with the amount of bandwidth available to you may find yourself needing more of it in the not too distant future.

3 Guaranteed Effective SEO Booster Moves

There’s a whole spectrum of people who have to have at least some level of familiarity with search engine optimization. Those that have SEO anywhere in their job title are a given, but there’s a number of other people who need to be catering to SEO realities with their work. Those of us who create content are a good example, but there’s others too.

Even if you’re an absolute lay person when it comes to this stuff, you’ve probably heard how Google and other search engine powerhouses prevent people from becoming complacent with all this by constantly changing the algorithms that determine the value of SEO.

Here at 4GoodHosting, as a top Canadian web hosting provider this stuff is very much front and centre for us nearly all the time. We know it has some serious importance for a good number of you too. Page rankings are serious stuff if you need to have your business as visible as possible online, and as such many people make an effort to really stay on top of best SEO practices.

Now we don’t claim to be the best of experts, but here are 3 guaranteed effective SEO enhancing moves you can make to help your website climb to higher spots in SERPS (search engine result pages)

Move 1: Publish Better Long-Form Content More Frequently

You’ve probably already heard the expression ‘content is king’, and likely more than a few times too. Fact is it’s as true as can be. Google rewards quality long-form content provided it is written in ways which benefits the users of the site. To ensure this, you need to review your service pages and give them priority. With a top-to-bottom, most important to least approach. you can identify spots where you can add informative sections of FAQ to expand the value of upon page.

Why FAQs though, you may be asking. They are an excellent means of naturally working in keywords – and especially for FAQ questions that you can foresee being made with voice searches more frequently.

Testimonials are another useful resource for this that many people won’t be aware of, and working with the same principles. Search engines increasingly regard the highest-quality content to be that which is useful for the visitors of the site, and they also have more and more of the AI to accurately identify this type of content.

Longer more-detail and ^useful^ blog posts are good too, and it may be that one longer and more developed post once a month may be better than 3-4 shorter pieces published during that same time frame. Another option is to include the posts of long-form along with short ones that you’ve written to create long-form posts that go once or twice a month.

Other tips? Quotes from the experts, with relevant images that are ideally original and also about the how-to videos with some of the additional resources for the readers are known to be effective SEO boosters as well.

Move 2: Beneficial Link Building

Link building is well understood and a widely-embraced component of content marketing. The key is in creating linkable content assets and then knowing how to market them to the types of people who will find it informative and valuable enough that they consider sharing it.

The general rule of thumb for content marketing has been that you should direct half of your resources to developing content, and the other half goes towards marketing those assets. The smart shift for SEO today is to tilt that in favor of creating strategic content, and even to as much as a 70/30, or 80/20 extent.

Start by analyzing to what extent you have developed relationships with those you consider to be reliable sources of backlinking. If you’re fairly well established in that regard then you might be able to spend about 80 percent of the content marketing and link building time for creating linkable content assets.

If not, you then need to alter the ratio to spend more time working towards marketing your link assets more effectively.

Move 3: Earning Quality Online Reviews Consistently

For a good long time it’s been the case that doing what it took to receive a regular supply of Google Reviews was all the thought you needed to give to getting quality online reviews for your business. Nowadays, however, it’s just not enough because – as mentioned – Google is now just that much more developed and sophisticated when it comes to analyzing the real values out there in the digital world; they have means of determining that which indicates that customers genuinely appreciate companies.

No real ‘trick’ of any sort to relate here – good old fashioned ‘quality products and / or services and putting the customer first’ sort of stuff that’s very necessary for ensuring your business is review favourably online nearly all the time.

It is also now understood that Google will reward sites with reviews that are much more diverse than Google and Yelp.

Get Help if You Need It

It’s likely quite fair to say that well more than half of the people who’ll say they know SEO ‘enough’ really don’t and are likely putting their web presence and online identity at a disadvantage because of it. It’s perfectly fine to admit this, and we’re happy to help any of our customers who are finding their website isn’t where it needs to be as it relates to ranking for keywords.



New Malware Campaign Targeting 11 WordPress Plugins

If you were to take a poll of everyone who has their own personal website for ‘self’ ventures – whether that’s a blog, a forum for ideology, or anything else ‘self’-oriented in a similar way – you’d find that the majority of those sites were built on WordPress. Despite the fact that it’s as old as one can imagine in the world of web publications resources, it’s still as present as ever in the online world.

This makes it so that it’s worthy of mention anytime an external force threatens the well being of websites built on WordPress. This isn’t the first time the software suite has been the target of hackers, and it very likely won’t be the last.

Here at 4GoodHosting, we think part of being a leading Canadian web hosting provider is keeping our valued customers up to date on developments that may influential to their online well being. Considering we can go ahead and assume that a good many of the sites hosted through us are WordPress sites, we’ll dedicate today’s blog to making those of you aware of this new risk.

The Skinny

These new serious vulnerabilities in at least 11 plugins for WordPress started to be seen last month, and it appears they are currently being used in an ongoing malware campaign. This was reported on in the circles where it needed to be, but what’s new with all of this is that that the hackers appear to have changed their tactics over the course of the last two weeks.

The first instance of this featured malicious code being injected into sites to prompt them to show pop-up advertisements, or – worse – redirect the visitor to rogue websites.

Then about 3 weeks ago, on the 20th of last month, the hackers changed their code and it is now also able to determine if a visitor has the rights to create user accounts on the site. Should someone with admin rights log in, the malicious code then is able to created a new admin account that won’t be noticed the principal authorized user.

To catch this, be on the lookout for email addresses reading as wpservices@yandex.com, along with the password w0rdpr3ss.

What the hackers do in this instance is use this admin account as a back door to enter at a later date when – ideally – suspicion of anything being amiss is at its lowest.

The Eleven Plug-Ins Affected

At this point the hackers focus is on old vulnerabilities with 11 plugins. First to be identified as at-risk and insecure several weeks ago were Yuzo Related Posts and WP Live Chat Support. They’ve been joined by 9 others that have since then also been identified as potentially at risk:

  • Bold Page Builder
  • Blog Designer
  • Live Chat with Facebook Messenger
  • Visual CSS Style Editor
  • Form Lightbox
  • Hybrid Composer
  • All former NicDark plugins (including nd-booking, nd-travel and nd-learning)

Update and Security Precaution Information

It needs mentioning as well that the plugin developers have since released patches that repair the vulnerabilities. That’s great, but the problem of course is going to be that there are users who do not use that plug-in’s latest version. A lot of them too.

Updating plugins to the most recent version is recommended, but even still admins should check the user accounts on their website. If unknown admin accounts are found, deleting them immediately is important. It is subsequently also important to verify the files to ensure that there are no ‘back doors’ where the malware can gain re-entry if it needs too. If you are unsure, restoring a backup is your best bet.

For Non-technical users who uncover unauthorized access to their website, it may make sense to hire a security consultant who can assist with the disinfecting of your WordPress website if it’s an expense you can assume. It’s likely not as expensive as you think, and it should provide you with greater peace of mind.

No Go: Reviewing Parental Control Software for Smartphones

Fair to say that these days – more than ever before – it’s necessary for parents to establish some boundaries as to where their children are able to go on the Internet. We imagine that’s fairly apparent, even for those who aren’t parents. Impressionable minds do need to be kept safe from bad influences, and accordingly more and more Moms and Dads are actively seeking ways to restrict their children’s use of their mobile devices and where they ‘go’ with them.

Many of us here at 4GoodHosting are similarly minded, and as a Canadian web hosting provider we know it’s safe to assume that this is a priority for a good many of our customers too. For this reason we’re choosing to make a review of the best parental internet browser controls our topic for the blog today. And considering most parents are extremely busy people who’d prefer to spend as little time as possible on any one task, we imagine this review will be well received.

The Pocket Problem

It’s easier to keep tabs on your children’s browsing habits when you’re at home, and parental controls for desktop and notebook computers are much more commonplace and understood. When it comes to putting constraints on what they can do with their smartphones, however, it’s much more of a grey area and more challenging as a result. It’s something of a pocket problem, because they can be accessing data or finding a Wi-Fi connection pretty much anywhere, and not only are you not around to oversee them, but you may have thought there’s nothing you can do to their device to put restrictions on it.

Fortunately, that’s not the case. There are good smartphone parental controls out there, and so let’s not waste any more time in getting to discussing which ones are best. The best parental control apps offer ways to limit time spent on devices, track usage and location, and block apps or games. There are some free parental controls built into most devices nowadays, so you may not need to pay for a third-party app at all. There’s Google’s Family Link, Amazon’s parental controls are excellent, and Apple offers some parental controls too.

Alright, here’s our list:

  1. FamilyTime (Android and iOS)

This parental control app does everything, allowing you to explicitly customize what content your young ones will have access to, set time limits, track location, and more. Tool let your incorporate homework and bedtime limits, or create overall time limits. You can also get geofencing support that sends alerts when that phone enters or leaves a specific area, plus location tracking that allows you to see where your child is. You can also block or control on an app-by-app basis, place internet filters, monitor calls and texts, and overviews contact lists on the device.

There is a free version of this one, but you only receive a small subset of features. Premium ones for FamilyTime come with different plans available. $27 per year will set you up in full for one device, and $69 per year will do the same for up to 5 devices.

  1. Qustodio (Android, iOS, Kindle, Nook)

Qustodio gets high marks for user-friendliness and efficiency, and is a very good choice for parents for whom time is a scarce commodity. Its dashboard is particularly impressive, showing you all recent mobile activity for any of the connected devices. Reports include time spent on specific services like Instagram or Twitter, and you can set time limits, track texts, filter out sites you deem inappropriate, as well as block games or apps.

Add a host of customization options and it’s a great parental control app to use when managing devices for kids of multiple ages. Lastly, it works on Kindle or Nook devices, and is one of the only ones that does.

Qustodio costs $55 annually for the five-device plan. However, there is a free version with limited controls that you can use on just 1 device.

  1. ESET Parental Control (Android)

ESET is quite a good parental control app, but it’s limitation is that it’s only for Android devices. The free version lets you engage in app blocking, time limits on games, and basic reporting. The premium version allows website blocking, tracking location, parental messaging, and more detailed reports about what the smartphone user is doing.

ESET does have one especially smart feature – the parental message feature. It allows you to send out a message that your child must respond, otherwise they will not be able to continue using the phone. There’s a free 30-day trial for premium features, but following that it costs $30 per year, per device.

  1. Web Watcher (Android and iOS)

Web Watcher may be the best choice for those of you who see keeping tabs on your child’s text messaging as a priority. You’ll see all of them, including deleted texts, as well as photos, web browsing, call log, and location. Web Watcher also lets you oversee their activity on certain apps, including Tinder, WhatsApp, Kik, and Viber. Setting time limits and even capturing screenshots of your kid’s phone screen are also possible.

One of the things about Web Watcher is that because it’s essentially spyware, with a stealth mode, it has to be installed outside of the official app store. Be aware that serious security permissions are required, and it’s very invasive. However, it’s true that that is what some parents are after. It’s also far from cheap – it starts at $130 per year per device.

  1. Norton Family Premier (Android and iOS)

Norton is the premier name in antivirus software, and Norton Family Premier is a smartly designed program for restricting and monitoring what children do online. Family Premier offers parents a variety of features that are easily managed with the clean interface. Number 1 among its useful features is its robust web supervision; you can block sites entirely, or keep a general log of sites visited. You can make it so that warnings will be issued for sites that you choose not to ban outright, but where you would prefer your kids to proceed with caution.

You’re also able to set time limits, prevent device operation during specific hours of the day or night, and of course block apps too. The cost is $50 per year, but there’s no limits to the amount of devices you can use it with.

  1. Net Nanny (Android and iOS)

This feature-packed parental control allows you to track location, block apps, set time limits, and get a real-time feed of your child’s activity. You also have powerful web filtering controls for cutting out pornography, weapons, drugs and other content that is indisputably inappropriate for young people. Net Nanny does not allow for call or text snooping or monitoring of messenger apps, but you can see when they’re using them plus review their web searches.

Net Nanny costs $55 per year for up to five device pass, and can be used for non-mobile internet browsing devices too. There’s also a 20-device pass for $90 per year.


We’ll conclude here today with some helpful tips – When picking a parental control app, writing down your password or login information isn’t advisable, no matter how well you think you can hide it. Creating a news alert for the software you choose to help keep an eye out for any new vulnerabilities or workarounds is also wise. Keep in mind that some software can be bypassed with phone resets, customer service requests, and other tricks. There’s plenty of information online regarding this.

SSL Certs: Which One is the Best Fit for You?

Shopping online is pretty much a ubiquitous activity for people all over the world these days, and – not surprisingly – so much so that it’s now the preferred means of shopping for many people. Especially for certain goods, and not only do these people want selection, good prices, and the like, but they also want to be able to enter their credit card information and not have to worry about it being exposed.

Offering that peace of mind is absolutely essential if you’re in the e-commerce world, and nothing is more important in this regard as having your online transactions guarded by an SSL certificate. Even if you may not know exactly what these are, you’ve probably seen the ’##-Bit Encryption’ tag prominently on display once you get to the checkout when you’re shopping online.

Here at 4GoodHosting, not only do we offer very competitive prices on highest-quality SSL Certificates but like any good Canadian web hosting provider we have plenty of customers who are trusting our web hosting to ensure they’re ‘open’ for business 24/7 and all day, everyday.

Probably safe to say that there’s few if any of those folks who don’t already have their SSL Certs in place, but for those of you who are new to your business online then we thought we’d dedicate one post here to discussing SSL certificates and what you need to know to choose one for yourself.


There is a plethora of certificate types, and several categories and plenty of CAs. In advance of highlighting the different SSL certificates and how to choose the right one, we’ll first discuss why an SSL certificate is so important nowadays.

The reach and strength of cyber crimes has grown rapidly over recent years. So much so in fact that cybersecurity has become the #1 concern issue for both web users and website admins. The truth of it all is that cybercriminals can cost online businesses millions. The worldwide economy loses unimaginable amounts of money every year due to cybercriminal activity.

What SSL certificates do to protect agains this is that they enforce a secure connection between a server and its web users. They don’t only protect the sensitive information that is transmitted between a web user and a web server, but also boost ranking, improves brand credibility and go along way to boosting conversion rates.

Choosing the Best SSL Certificate

Knowing what SSL will be best for your online storefront can be a challenge. They’re generally categorized according to their validation level, warranty, technical support and domains support.

So what factors do you need to consider? These ones:

  1. Validation Level

Nearly all SSL certificates provide data encryption and session security services for websites. The validation level of each is where the primary differences between them are established. The validation level will determine how much information about a company will be shown in browsers or to the web users. The three main levels of validation are Low / Medium / High

Domain Validation (DV) SSL certificate – Low

These ones are also referred to as a low assurance, and are commonly used to protect standard websites, single domains, and blogs. The simplest form of validation is done where the website registration and administration approval are confirmed to issue the certificate. Processing time is anywhere from a few minutes to a few hours.

These certificates are suitable for low traffic websites or informative sites where financial transactions are not conducted. If you’re selling online, this type of cert will be insufficient for you.

Organization Validation (OV) SSL certificate – Medium

With medium certificate validation, an authorized agent verifies the domain ownership and company’s identity. This includes verifying the company name, city, state, and country. Web owners must submit some additional business-related documents for verification. As you’d expect, there’s more of a delay to all of this compared to a domain certificate.

Medium certificates provide appropriate security for medium-sized businesses that conduct standard (-$500 o/a) financial transactions and wants to provide assurances for customers that they can shop entirely safely within the site.

Extended Validation (EV) – High

These ones offer the highest level of security for websites, with a more rigorous validation process that verifies the ownership of the server and the legitimacy of its owner. Generally, the CA verifies the legal, physical and operational existence of the company, official government records, and databases, and confirms that only the genuine company is authorized to be in ownership of the extended-validation SSL certificate.

What you’ll see with these ones is the browser will show a green address bar with a verified name of the organization. The EV certificate is used by major players, like Amazon and Flipkart for example

Further, having an EV SSL really legitimizes the domain name.

  1. Domain Support

Next up you’ll want to determine how many domains you want covered with a single certificate. There’s three categories here:

Single Domain Certificates
Fine for protecting a single domain with its all subpages. Example:






Wildcard Certificates

The wildcard certificate allows its users to protect all the first level of sub-domains under an FQDN. It supports only DV or OV. The best instances are:





Multi-Domain Certificates
Also referred to as SAN or UCC certificates. They allow users to protect multiple FQDN domains along with multiple sub-domains. This choice will be ideal for you if you’re running multiple websites with single or multiple company names. All DV, OV, EV support this category.




  1. Warranty

The warranty attached to your SSL certificate should also be a consideration – it shows your customers how serious you are about protecting customer information. An EV Cert provides a a more extensive and better warranty, with coverage between $1,0000-$1,000,000 being possible within the warranty.

  1. Technical Support

The more expensive the Cert, the more technical support you will receive from an SSL provider. Free certificates generally never have technical support. However, with an EV or OV technical support is provided while installing and validating the certificate. Make sure the support is available via different sources like email, live chat, contact us page, phone, social media resources, etc.

  1. Price

It’s not uncommon for web admins to think they should invest big bucks even with the option to get a free certificate – the ‘you get what you pay for mentality’. That’s solid thinking most of the time. Free certificates are valid only for a few days, and then after that you must renew them. If not, the browser will show your users that the website is insecure. The price of paid SSL certificates start at $10 and can go up to $350, depending on the type of SSL certificate.

  1. Vendor

Different vendors provide different price ranges and security elements for each certificate. Before choosing any SSL vendor you should verify that they have a good reputation. Do that by watching their reviews and consumer’s feedback on their website.


Microsoft Bug Bounty Program: How Does 30K Sound to You?

Most people have claimed a reward of some type at some point in their lives. Return someone’s smartphone to them, for example, and they’ll probably think your honesty in returning it is worth $50 at least. Or maybe you return someone’s precious pet to them and get a whole lot more than that for your effort or, more likely, good fortune in having it cross your path or end up in your backyard. But what if there was up 30K in reward money to be had?

Well, up to that amount is what software development mega-giant Microsoft is offering anyone who can find flaws in their newest Chromium-based Edge browser. Now the likelihood of most people – myself included – even having the ability to do that is pretty slim, but for those who are web development savvy it’s definitely something worth taking note of.

Now to be sure, just as it would be for any Canadian web hosting provider we’ve got some talented people on staff who do have the wherewithal required for something like this. They’re aware, and now you are too so let’s get into discussing what exactly all this is about and whether or not this would be not just easy money, but a LOT of easy money.

Beta Stage Bonuses

Microsoft recently released the beta version of its Chromium-based Edge and then introduced the Insider Bounty Program along with it. As mentioned, there’s apparently up to $30,000 to be had for those who find out unique vulnerabilities in this beta version of their new browser.

Yes, that’s what you can do when you have deep pockets to this extent. You’d have to find a thousand+ lost phones and pets to come even close!

To clarify though, 30K is only available if you find a flaw that is a vulnerability that leads to escape from the WDAG container. The majority of would-be rewards included in the Microsoft Edge Insider Bounty Program are in the range of $1,000 to $3,000, depending upon the bug’s severity and – take note – the quality of the submission (see thoroughness – less work for them = more $ for you).

Quality Control & Then Some

Microsoft has stated that the goal of the Microsoft Edge (Chromium-based) Insider Bounty Program is to dig up vulnerabilities that are unique to the next Microsoft Edge and have the potential for a direct and demonstrable impact on the security of their customers. Quite admirable, and not out of the ordinary for software developers in as far as the aim itself is concerned.

Attaching big money $ to that, however, is out of the ordinary.

It is true that Microsoft has a lot riding on the success and widespread adoption of it’s new Edge browser, particularly given the success of Google Chrome that the current Edge is very much playing second fiddle to.

It is reported to have features unique to Chromium Edge like Internet Explorer mode, PlayReady DRM, Sign in with Microsoft Account (MSA) or Azure Active Directory (AAD), Application Guard and a few others.

Growth of the Bug-Finder Business

Turns out discovering unique bugs on the latest version of Edge can be a big business. As mentioned, Microsoft will issue rewards in various tiers, and these are the ones:

  • Spoofing and tampering related security impact – between $1,000 to $6,000, depending on the quality of the report
  • Information Disclosure and Remote Code Execution (RCE) can get you between $1,000 to $10,000 depending upon the severity of the report
  • Vulnerability resulting from Elevation of Privilege (EoP) will get you between $5,000 to $15,000
  • And again, the biggie – 30K for vulnerability resulting in escape from the WDAG container to the host

As you’d expect, there are Terms and Conditions for participating in the Microsoft Bug Bounty Program. The report submission must also include tangible proof, and have sufficiently demonstrated the vulnerability exploitation and the potential impact it might have on users.

Know your stuff? Scour over the Beta of Microsoft’s newest edge and see if you can earn the largest reward you’re likely to ever receive in your life!

Overcoming Issues with Most Recent Windows 10 Update

A while back we had discussed some of the particulars with of the latest revisions available to people running desktop and notebook running Windows 10. Needless to say that encompasses a great many of them purring away at any given time all around the world, and it’s for that reason that some frequent undesirable occurrences seen with the most recent Windows 10 update are sufficiently noteworthy to the point that it makes sense for us to write about them in this week’s blog.

Here at 4GoodHosting, a part of what makes us a leading Canadian web hosting provider is the way in which we’re proactive in sharing information that’s easily identified as having value to our customer base. Given how ubiquitous the Windows OS is for personal computer users and the reality that’s unlikely to change, we’re going to discuss more than a few problematic issues that users are encountering quite frequently with the most recent Windows 10 update.

Reason enough to have less faith in the OS? That’s for you to decide.

The Issues

Where there’s smoke there is fire. While there had been rumblings about shortcomings with the latest Windows 10 update for a while, the way it is in the biz is that you don’t really take heed of these sorts of things until these sort of expressions of dissatisfaction become a little more numerous than just a few people here and there.

That’s the case now, and the consensus is that the latest update for Windows 10 is causing a string of issues for users. The update comes with patches against two critical vulnerabilities, but it seems they’re leading to problems. Among them are random reboots and inexplainable installation failures.

The update was made available on Tuesday of last week, and was created as a defense against a pair of remote code execution vulnerabilities which were deemed ‘wormable,’ – which means they are able to jump from one infected computer to another. Microsoft owned up to these vulnerabilities and informed users about the patches in a blog post, with users being encouraged to update their operating systems without delay.

Primary Problem 1, with Fix

Some users, however, have encountered difficulties when trying to apply the latest update,. To their credit, Microsoft has acknowledged that there ‘known issues’ with the update do exist.

Most notable among them:

A small number of devices may deliver a black screen on start up during the first logon after installing updates, and that this would be disconcerting for users.

The good news is there is a very simple fix for this;

  • Using Ctrl + Alt + Delete on the black screen and then using the Power button in the bottom right of the screen to select Restart. This should prompt the PC to boot normally.

Primary Problem 2, and NO Fix (Yet?)

The other significant problem with the update is the way it seems to be able to break some Visual Basic applications. More than a few users have reported that after installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) are seemingly no longer responding to basic requests and coming with them is a ‘invalid procedure call error.’ As the header there suggests, at this point at least there is no fix for this problem.

Similar feedback shared via a number of online discussion spots have also talked about repeated instances where the update causes random reboots to their systems. Others still are having problems downloading and installing the update itself. Microsoft reports that it is working on a solution for these issues, and those solutions should be rolled out in a future update.

What You Can Do

If you’ve gone with this recent Windows 10 update and are encountering one or all of these issues then the advice from the source is to update your operating system, and do so even if you’re worried about update issues with the security vulnerability being patched in the way it has been. It’s good advice, but be forewarned that you might see some issues with the update process.

If avoiding the update issues altogether is preferable for you – and you haven’t taken the update yet -, plus you’re okay with some risk, then there’s also this option; pause Windows updates until Microsoft announces a fix to this one.

40+ Different Device Drivers Found to Have Malware Security Flaw

The scope and extensiveness of malware risks for computing devices is more pronounced than ever before, and that’s pretty much the story from one month to the next these days. At a recent security conference in Las Vegas, the Eclypsium security research team announced they had dug up some serious security flaws in at least 40 device drivers from 20 different vendors. These vulnerabilities could increase the likelihood of devices being infected by malware.

While this type of development in itself is nothing out of the ordinary, what makes it noteworthy is the sheer number of different drivers that may be affected. Here at 4GoodHosting, we’re like any other reputable Canadian web hosting provider in that we strive to make our customers aware of risks to their digital security when they arise. When one is as potentially far reaching as this one, we’re almost always going to make some sort of announcement regarding it.

The Latest

The research team’s report is stating that this malware targets system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component. By doing so what the attackers have done is take the same tools used to manage a system and then turn them into powerful threats that can escalate quickly on the host.

Once the driver is infected it then provides the attacker with optimized access for means of launching malicious actions within all versions of Windows, and Windows Kernel most notably.

Do note that all these affected drivers are ones certified by Microsoft:

  • American Megatrends International (AMI)
  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

The Why

All of this is related to a specific design flaw in Windows device drivers. They have a functionality that can be taken advantage of to perform a read/write of sensitive resources without being restricted by Microsoft. Some are suggesting that bad coding practices are to blame for this, and while that can’t be substantiated it is true that there is a more pressing need for better ones these days and older work can be suspect.

At present, the understanding is that Microsoft will be using its HVCI (Hypervisor-enforced Code Integrity) capability to create a blacklist of drivers that are reported to them. The only problem there is that the HVCI feature is only available with 7th gen Intel CPUs along with newer processors only. The situation for older operating systems would be the need for manual installation, and this would also be true for newer ones where HVCI can’t be enabled.

Microsoft is now recommending that its users work with Windows Defender Application Control or turn on memory integrity for supported devices in Windows Security. This should block malware in software and drivers.

The Motivation for Developing Malware

Many people ask what exactly is in it for these malware developers to spend as much time as they do creating this infections and releasing them onto the world. Not sure there’s a clear answer to that, but it’s a good question. After all, people will assume that there’s nothing really to be gained by creating malware other than perhaps an individual sense of deranged satisfaction in messing with people and businesses.

This would be an incorrect assumption, however. The truth is that these people go to the effort to make malware because there’s money in it. For example, a botnet; a network of thousands – or even hundreds of thousands – of computers belonging to everyday people that have been infected with software that usually work to send out LOTS of spam.

Once a botnet network is established then it can be rented by individuals and organizations who want to send out spam promoting whatever it is they want promoted. Botnet owners make money, and same goes for keyloggers – they capture usernames and passwords and sell this information to whoever would like it and for whatever purpose.

These are just 2 examples of many. Long story short, the reason there’s people working to make malware is because – strangely enough – it’s profitable in one way or another.

Facebook Set to Introduce its Own Cryptocurrency

With the fact that they barely blinked then slapped with a $5M dollar fine recently with the Cambridge Analytica scandal, it’s a reminder that Facebook is as deep-pocketed as one can be. Not surprising that the world’s social media mega giant is so wealthy, and as such we can also assume that they have the bucks needed to get into whatever venture they choose to. The fact that they’re doing so in cryptocurrency is one, however, where they sheer magnitude of what this could mean within the world of online e-commerce.

Here at 4GoodHosting, being a quality Canadian web hosting provider put us in a more natural position than most to be attuned to these kinds of developments and what they can mean for the ‘general public’ of the 21st century digital world. We’ve talked about Blockchain here in our blog before, and it’s on this game-changing piece of fintech (financial technology) that this – and all types of cryptocurrency – are based on.

This kind of industry disruption is one of the more defining aspects of the digital world these days, and the ‘disruption’ that could come from this is really one to talk about. No doubt the banking world won’t be particularly enthusiastic about it.

So what’s this all about?

New Way to Pay

Facebook’s digital currency-to be will be called Libra, and the ‘crypto wallet’ you’ll use to carry it is called Calibra. What you’ll do is download the Calibra digital wallet application, purchase the Libra digital currency through a financial network, and then exchange payments with peer-to-peer digital money transfers through Calibra standing alone as an app. It’s reported that users will also be able to do the same thing through Facebook’s subsidiaries WhatsApp and Messenger.

The Libra platform is expected to launch sometime next year, in 2020, and it’s being promoted as a cryptocurrency app that will let Facebook users send, add or withdraw money as weill as allowing someone to fill their wallet, cash out or split a restaurant tab all using Messenger. Further, you may eventually be able to pay bills, buy a cup of coffee with the scan of a code, or taking transit without needing to have cash or a metro pass in your pocket.

For exchange rates between fiat currency and Libra, Calibra will show them as well as what it will charge to convert it back again. The key is that blockchain is serving to cut out the middleman, in this case a central bank or clearing house. With that goes the majority of costs associated with these types of financial transactions.

Facebook is promising that their transaction fees will be low-cost and transparent, and particularly so if you’re sending money internationally. By cutting fees made possible by utilizing blockchain, Calibra promises to leave more money at your digital disposal.

Powerful and Safe

The blockchain transactional network on which Calibra will exist will be able to handle thousands of transactions every second, and data on those financial transactions will be kept separate from data about the social network. This assurance will of course be very important to users. Calibra will not share account information or financial data with Facebook or any third party without customer consent, meaning account information will not be used for customers’ account information. Nor will financial data be used to improve ad targeting on the Facebook family of products.

Libra is reported to be different from other cryptocurrencies like bitcoin, in that it is backed by fiat currency. This means its value is not simply determined by supply and demand like the others. It’s also going to be designed so that it will be interoperable with other cryptocurrency wallets because they’ll run on top of the same blockchain network.

Facebook will secure financial transactions made through its digital wallet app in a number of different ways; for starters, they will not be in charge of governing the blockchain network. Instead, that will be handled by the Libra Association, which is made up of dozens of other companies – Visa, MasterCard, PayPal, and Uber among them. Additionally, all accounts and transactions are verified and fraud prevention is built in to the app. Accounts are verified with government-issued IDs, such as a driver’s license, so users can be certain other users are who they say they are.

Calibra will also have an in-app reporting function and dedicated customer service.

Facebook’s Libra Project appears to be a hybrid blockchain one that is a mix of permission and public ones. What this means is that it connect to banks to verify and onboard users (permission) and then uses a public blockchain to enable the users to transfer or spend funds.

Where’s the Profit?

Long story short, there’s huge potential for Facebook here to generate via ad revenue, with the understanding that there will be more conversion of consumers who view ads. It should also be a more attractive e-commerce marketplace that gains sellers and buyers in growing economies where access to e-money services for transactions may be limited.

A stat that speaks to that – almost half of all adults globally don’t have an active bank account. These numbers are worse in developing countries, and even worse for women.

All of this is very much in its early stages, but make no mistake about it – Social media’s colossus is going to be one of the ‘early birds’ getting the worm when it comes to cryptocurrency.

Understanding Smart Contracts, and Their Relation to Blockchain & Bitcoin

It seems Bitcoin and all the hubbub about cryptocurrency is ‘back on’ now, and there’s a renewed general interest in mining for digital currency. The one takeaway anyone who’s developing an interest in this should take is that this is not a way to get rich quick, and that bitcoin mining is much more labour-intensive than you think. Blockchain technology is integrally important to managing cryptocurrencies, so f you’re still not dissuaded and you’d like to start amassing cryptocurrency for yourself then you’re encouraged to read on.

Here at 4GoodHosting, we join every other Canadian web hosting provider in understanding the way many of our customers have real interest in taking advantage of everything that’s there for discovery in the digital world. It’s likely more than a few are taking more than a passing interest in cryptocurrency mining, so today we’ll share some information these folks are going to find valuable.

Smart contracts have the potential to be one of the most useful tools associated with blockchain, and it’s almost certain that they’re going to take off right along the cryptocurrencies they’re designed to manage. So what exactly are smart contracts then?

No Administration Required

Smart contracts are self-executing, business automation applications that run on a decentralized network, such as blockchain. The appeal of them is specifically in the way they’re able to remove administrative overhead. Indeed, smart contracts are one of most attractive features associated with blockchain technology. Blockchain functions as a database, and confirms that transactions have taken place, while smart contracts execute pre-determined conditions at the same time. They’re not unlike a when a computer executes on “if/then,” or conditional, in programming.

The way all of this works is once certain conditions of a smart contract are met – and related to our discussion here that’ll be two parties agreeing to an exchange in cryptocurrency – they can automate the transfer of bitcoin, fiat money, or the receipt of a shipment of goods that makes it possible for them to continue on their journey.

The workings of that will reveal a blockchain ledger that stores the state of the smart contract.

Tokens and Smart Contracts

The different applications for smart contracts are pretty much endless. Let’s take the insurance industry; an insurance company could use smart contracts to automate the release of claim money paid out for events like large-scale floods, hurricanes or droughts. Another example would be when a cargo shipment enters a port and IoT sensors inside the container relay a confirmation that the contents have been unopened and stored properly along the entirety of the journey.

This means a bill of lading can then be issued without any manual – and time consuming – inspection of the goods being required.

As mentioned, smart contracts are also now creating the basis for the transferring of cryptocurrency and digital tokens. Which function as a representation of a physical asset or utility. The best-known example these days is Ethereum blockchain’s ERC-20 and ERC-721 tokens. Both are smart contracts.

However, don’t think all smart contracts are tokens. It’s possible to have smart contracts running on Ethereum that trigger an action based on a condition without an ERC-20 or ERC-721 being involved.

How Smart Contracts Mimic Business Rules

For all intents and purposes, smart contracts are business rules translated into software. If you compare them to business rules automation software or stored procedures, smart contracts can support automating processes stretching across corporate boundaries and involving multiple organizations in ways the automation software can’t.

The major functional difference is that rules can be applied not only within the corporation that coded the smart contract, but to other business partners approved to be on the blockchain.

Importance of Good Data, and ‘Oracles’ in Smart Contracts

Smart contracts are great, but each one is only as good as the rules that dictate its automating processes. Quality programming is crucial, as is the accuracy of the data fed into a smart contract. The nature of smart contract rules make it so that once they’re in place, they can’t be altered in any way. After a contract is written, no on – not even the programmer – can change it.

If it tuns out that the data isn’t true – and being on a blockchain doesn’t necessarily make it so that it is – the smart contract will be unable to work properly.

Why is this? Well, data fed into blockchains and used for smart contract execution is sourced externally, and from data feeds and APIs most notably – a blockchain is not able to ‘fetch’ data directly. Real-time data feeds for blockchains are referred to as oracles.

Little Disputability with Smart Contract Data

Oracles have traditionally transmitted data from a single source, and as such there is no data that’s entirely trustworthy. It can be benignly or maliciously corrupted due to faulty web sites, cheating service providers, or even by unintentional mistakes.

The way regular contracts function today can be problematic. This is because one party may perform a task, but after that the other party may decide not to pay, or there may be assumptions made by one of the parties about complexities of the contract that may not even be true.

The issue here is that those contracts are not rigorously enforceable, but smart contracts are. A smart contract is deterministic, and can absolutely be enforced as long as the events related to its contractual clauses happen.

Edge Computing, IoT and future of Smart Contracts

Within the next 5 to 7 years we should see a massive growth in IoT connected devices spurring greater use of smart contracts. It’s projected that the majority of the estimated 46 billion industrial and enterprise devices connected in 2023 will be dependent on edge computing. Addressing standardization and deployment issues will be crucial.

How smart contracts will benefit here is by offering a standardized method for accelerating data exchange and enabling processes between IoT devices. Essentially they’ll be removing the middleman – the server or cloud service that acts as the central communication spoke for requests and other traffic among IoT devices on a network.

Add this to blockchain ledgers decreasing the time required to complete IoT device information exchange and processing time, and the collective promise between both technologies becoming prominent is something to definitely keep an eye on. With the focus on process efficiency, supply chain and logistics opportunities smart contracts will almost certainly become more ubiquitous in the years ahead.