Thursday, December 4, 2014

Urgent Alert - Caution!


I just saw that Micro$oft offered as an optional update the Windows 10 Technical Preview!

Are they completely nuts?

I am afraid that many of my customers will not be sufficiently attentive and just think oh, an update, and hit install.

That will become an awful mess because they likely will ruin their perfectly well working Windows 7 or Windows 8 computers.

PLEASE, please check every optional Update and hide the "Upgrade to Windows Technical Preview".

You hide the update by a right click on it and then left click on "Hide Update".

I hope and pray that you see this post early enough to avoid this huge (2.7GB!) and totally superfluous update.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
  

Monday, December 1, 2014

2014-12-01 WTKM Talking Points (December 1st. 2014)


USPS hacked. Personal data of 500,000 full time and 178,000 part time employees stolen including SSN numbers! Plus names, addresses, telephone numbers, email addresses and other information of people dialing in to one of the USPS’ call centers between Jan 1st. and Aug. 16th of this year. Credit card information was not compromised.

Microsoft's own language says it:
"Remote code execution if an attacker sends specially crafted packets"
"remote code execution if a user views a specially crafted web page using Internet Explorer"
Original quotes from MS bulletins for November's Patch Tuesday.
I preach for many years: Don't use IE.

New flaw in VERY IMPORTANT and ubiquitous security software got quietly patched. In this context a prominent MS security researcher said:
"It is of critical importance that all versions of Windows are updated ...”
Sad that we still need to be reminded – and sadder yet that some still don't do it.

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements your computer
already needs to be cleaned!

Microsoft's newest “... Security Intelligence Report” makes it clear: Not up-to-date or expired security software does NOT protect in any way!And I thought that was a no brainer; Silly me.

Adobe pushed out its own Patch Tuesday updates. .. [they] released Flash Player fixes that squash four pretty bad flaws.

Poodle: An understandable explanation and instructions on what to do are here.

Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Win 10 Technical Preview updated to build 9879.

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

Hot off the press this morning: TheWeather Channel web site open to simple, primitive attacks if you click on any link in that web site!


Sunday, November 2, 2014

2014-11-03 WTKM Talking Points (November 3rd. 2014)


The
Poodle bug:

The gist of it is: SSL is buggy, outdated security (encryption) protocol and only still supplied for backward compatibility. You can protect your computer relatively easy.
An understandable explanation and instructions on what to do are here
Google and Microsoft will kill SSL in upcoming browser updates.
MS warns explicitly to upgrade older versions of IE. 

Windows 8 will have to be upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Windows 10 Technical Preview got updated to build 9860.
Very big (= LONG download and install times, think hours; In a VM or an a computer with only 2GB think many hours)!


Windows 10 will probably bring significant security improvements and/or new security features.

Brace yourself, the good old password will be “reborn”. Look up Two Factor Authorization. You likely will either have to carry some gadget or a smartphone to be able to log on to your computer.

Surely sounds tedious but it's MUCH safer.
Computer prices in stores have crept up; about + $100 compared to three months ago.. Do dealers prepare for Black Friday "rebates"?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.


Monday, October 13, 2014

How To Spot Socially Engineered Emails


For quite some time I wanted to give information about how to spot spam emails. That is quite a sizable field and I wavered too long. This time to my  and I believe to your advantage the wait pays off.

I discovered that KnowBe4.com already had done an excellent job and published the result as a one page fact sheet much better and more concise than I could ever have done it. The paper is called Social Engineering Red Flags. This link should show the information in your browser or in your reader application for PDF files.

I recommend to print it as a handy reference guide.

And here is a real life example; just this morning (10-20-2014) I received an email that looks on first glance like it came from Facebook, optically quite convincing. It is such a "classical" example that I took a screen shot to show it to you:


For me it goes without saying that I do NOT just click on a link in ANY email, no matter who the sender is supposed to be, no matter how "familiar" it looks.

The first clue is the sender address. Bad, simple forgery, not even an attempt to disguise the forgery; maybe that is even the miscreant's real email address. This is one of the times where I regret not to be a security researcher because I would love to mess a bit with this guy.

Then I did what for me by now has become second nature: I rested my mouse on the link (see the cursor). The translation of where the link would have taken my computer to in the status line (bottom left corner of the picture) confirmed my suspicion: The link goes to a web site in Russia. Did you see "http://pemoht-tb.ru/rand..."? ".ru" is the country code for Russia!

If you handle your email with programs or techniques that do not show you all the information from this example then you live dangerously. Imagine a teenager; they would blindly click on the link and voilĂ , the computer is infected and maybe you even loose all your files!

Oh well, more work for me... (tongue in cheek!_).


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.




Monday, October 6, 2014

Java - Yes or No?


On January 14 2013 I wrote about Java. This artcle should explain what Java is.

There mainly are two opposing views about Java on home computers around.

The first one says that Java is needed so rarely that it should not be on a home computer at all.

The second one just delivers it pre-installed on all computers sold over-the-counter in case you need it.

My personal view about Java is the following:
Have it installed for the (maybe rare) case that you need it.
My reasons are:
  • If we are about to do something and get interrupted we tend to react somewhat frustrated. At this time we are very likely to get directed to the "wrong" web site for the download and we will probably get some sort of "blind passenger" or gunk software that we really neither need nor want.
    You doubt that? See the real life examples in this article.
     
  • Over the years I had several very frustrated customers calling me and asking why Java was not installed. In every single case some well meaning but ill advised relative, friend or computer technician had removed Java.
     
  • The few MB of disk storage space that Java needs are not an argument anymore; we are in  the age of 500GB and 1TB disk drives that a home user never will fill up. It is many years since I have seen a really full disk drive.
The price we have to pay is simple:
Keep Java up-to-date - and use common sense!

In What To Update from September 18 2011 I wrote:
Here is the list of the most important things that have to be kept up to date.
Added for this article:If you don't have any of these programs installed just ignore the entry in this list:
  1. Windows (better: all Microsoft software)
  2. Security programs
  3. ‏Firefox web browser 
  4. Firefox add-ons
  5. Java
  6. Adobe Reader
  7. Adobe Flash
  8. Adobe Shockwave
  9. Thunderbird email client
  10. Thunderbird add-ons
My conclusion:
  • It is very easy to keep Java up-to-date when you do that regularly anyway and are not stressed.
     
  • At a time where you will be frustrated and impatient (you want to get back to what you were doing when you got interrupted!)  you are more likely to get tricked to inadvertently allow some unrelated gunk to get on your computer.
For the non-technical home user I install Java and admonish the user to keep it up-to-date.

Naturally it always is my customer's computer so in the end the customer has to decide if they want to live with or without Java. Uninstalling Java is easy:
Control Panel > Programs and features > Highlight Java > Right Click > Click Uninstall.

Please uninstall all versions of Java that you eventually see. Old out-of-date versions are a HUGE security risk!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.



Sunday, October 5, 2014

2014-10-06 WTKM Talking Points (October 6 2014)


Windows 10 announced. I am really impressed by the preview that I have running.

PLEASE check your Firefox web browser and Thunderbird email program for updates.
FF
needs to be at least at version 32.1.2 and TB at version 31.1.2
A really serious bug in some common, standard encryption code was updated.


S
hellshock bug in Linux/Unix:
At first I assumed the worst, we’d have to buy new routers. But home routers are not at risk!
We do not have to worry about Android or Apple phones from this - so far at least and if we use common sense.

If you have a cloud-enabled NAS device you are potentially at risk. Switch off remote access until the manufacturer releases updated software.
Mostly enterprise systems running Linux or Unix are at risk.
It is a good idea to check your home router for firmware updates anyway.

For-Pay Windows maintenance tools worthless

Home Depot got stripped of 56 million customers credit card data

  • It ignored security warnings from staff
  • It failed to update Symantec Anti Virus since 2007
  • It did not consistently monitor its network for signs of attack
  • It failed to properly audit its eventually-hacked payment terminals
  • It's executives reportedly told pleading staff that "we sell hammers"
  • Former unnamed HD security staff were so concerned of the poor state of IT systems that they warned friends to 'use cash' instead of credit cards.
JP Morgan (Chase bank plus nine! othe banks) attacked. Chase alone got stripped of 84 million customers personal data but no logins stolen. Personal data? Including SSNs? No word...

Have these banks been as sloppy as Home Depot? See above.

As I repeatedly have said: Management, management, management.


Can your account be pwned? Check on Have I been pwned? Well, HD and Chase cases probably not yet included.


Why do people create virus programs? MONEY!
CryptoWall alone cashed over six months more than $1.1 million

 
Apple Mac security programs: Only three of 18 very good, a few good. Fuhgetabout the rest. 17,000 Macs in just one botnet.

Marriott fined $600k for JAMMING guests' Wi-Fi hotspots
Posh hostel borked guests' networks to sell their pricey WiFi

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.
 

Friday, October 3, 2014

Windows 10


Wow, Microsoft, I am impressed!

I have done my first baby steps on the Windows 10 Technical Preview that was released today.

All I can say is:

         Windows 10 is Windows 8 done right!

I can hardly wait for next year's final release; we do not have an  official release date yet; it will be some time next year.

This is the system I will upgrade my everyday "work" computer to.

EVERYTHING of "old" software I tried so far works flawlessly, even system utilities, Libre Office and Google Earth. And the system is only a "preview" that still has some rough edges..

Running the risk to repeat myself, I am impressed.

Do you still have Windows Vista running on a a well equipped machine or one that could easily be upgraded to at least 4GB of RAM? Windows 10 is the system to upgrade to!

Be warned, do NOT attempt an in-place upgrade, always do a full install! This advice has nothing to do with Windows 10, it comes from experiences with six generations of upgrading Windows to newer versions.

As usual I welcome suggestions and comments right here in the blog. Please no hidden adverts for commercial software and please only language that your little kids could hear.

Click here for a categorized Table Of Contents.

Wednesday, October 1, 2014

Why Me?


Recently I got asked by a prospect one too many times why he or his friends should prefer my computer services over some other person or big company. Thank you Larry P. for the question. Here is my answer:


I sell only my experience, my know-how and my time.

I have worked professionally as a programer and administrator
     with computers since July 1st 1964
     with Microsoft software on CP/M computers since 1977
     with PCs since February 1982
     with Microsoft Windows since version 3.1 in 1992

I neither sell material goods nor any software.

I do not charge sales tax.
I have NO contractual ties to any product, manufacturer or wholesaler.

I recommend and install only freely available and functionally proven programs.

No added “hidden” cost for the home user.
Even a proven alternative to Microsoft Office® is officially available free of charge.

I do not get any kickbacks from any manufacturer, wholesaler or dealer.

I have absolutely no hidden financial interest or other commercial bias.
I receive absolutely no kickbacks of any kind, no matter where and what the customer buys.

Generally:
I prefer real-life usability and experience over personal opinions and commercial “tests”.

I abhor industry shenanigans and trickery and warn my customers.

I can explain technically complex concepts in layman's terms.

I do not mince words but rather say it as I see it.
 As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Saturday, September 27, 2014

Wipe or Repair


Over time some computers tend to slow down compared to how they worked when they were new; that even can lead to the computer “freezing p” and become totally unresponsive. There are many potential reasons for these effects. Here are a few examples:
  • During regular use temporary files do not get deleted when no longer needed.
  • Too many “background” programs accumulate and run unnecessarily.
  • Unscrupulous companies, programs and web sites literally trick the user into installing unnecessary and often outright pernicious programs, so called PuPs.
When this this gets too bad some people just buy a new computer but in most cases this is not necessary. Other people ask a computer repair shop or technician for help. And here is where it gets tricky for the end user who usually is not a computer geek.

Provided that the hardware of the computer in question is still working correctly these “repairs” can be done in two fundamentally different ways:
  1. The computer can be wiped or reset to factory-new state as it was originally delivered.
  2. Offending files and programs can be removed and eventual damage repaired.
Among computer repair technicians the question “repair or wipe” is one of the most controversially discussed topics of all. More often than not these discussions in online forums are based mostly on beliefs and habit than on facts.

My personal take at this question is this: It very rarely is in my client's best interest (or mine!) to wipe and reload the operating system. I know this in stark contrast to what businesses like Best Buy and others say and do but I write this for my average clients, home users that want their computer “to just work”.

A successful repair is, among others, defined by:
  • All viruses, malware, PuPs and so on have been completely removed.
  • The cleanup is actually accomplished in about 2 hours.
  • After the cleanup the computer runs reliably at normal speed.
  • For a reasonable period of time the computer remains free from malicious software - provided the user cooperates and avoids mistakes that are all too common.
Especially larger support organizations routinely apply the wipe-and-reload method. They usually claim one or more of the following reasons as their justification:
  • It’s the only way to be sure all infections are removed.
  • It’s the fastest way to resolve the problem.
  • This process also gets rid of other clutter.
IMHO much more to the point, this one-size-fits-all approach doesn’t require much skill, training or experience on part of the technician who is doing the work; thus the bigger organization saves money on training and wages for better qualified employees.

Most certainly the wipe-and-reload solution is not in the customer’s best interest; here are some of the reasons:
  • The rarely understands that their computer will look and feel very different after a reload.
  • The customer will have to manually reload drivers, reset the fonts he got used to and now “wants”, select colors, margins, standard folders and file associations; he/she may have to install printer(s) and apat other system settings that have been building up over time since the computer was new.
  • Some programs or data files will get destroyed or lost; if they are infrequently used that may show up only weeks or months after the “repair”.
  • The user will be without the computer for as long as the reload takes which could be several days.
  • Very sophisticated viruses may return after a reload unless very specific measures prevent such reinfection, for example after MBR and/or BIOS infection.
Here are some of the reasons why this approach is not in the technician's best interest, especially if I am the technician doing the cleanup:
  • If I “wipe and reload” then the client doesn’t need me, he/she can do it themselves or,
    worse yet, use the techie kid next-door to do it for the cost of a pizza.
  • Some programs, drivers, settings and user data will get lost.
  • The computer will not “look and feel the same” as it did before the repair.
  • The work involved will require much more time than I can honestly charge.
The only way to resolve issues caused by viruses or malware is to find and remove all such nasty programs, their activation methods and associated files and to repair eventual damage to the operating system.

A good cleanup must include improved preventive measures to avoid future success of another malware attack.

I am fully aware that this sometimes is next to impossible; modern malware almost always relies on social engineering tricks to get on a computer. In the end it depends on the user to always follow my Ten Commandments Of Safe Computing, now more than ever before.

Again opposed to common methods I prefer the on-site visit for a clean up job. Only on-site I can convey to the customer some training, show him/her the time proven tools and methodology I recommend to follow and get a feeling for how well they understand my appeals to use common sense.

There are situations when wipe-and-reload is appropriate, for example and IMHO if all these conditions are met:
  • You have a recent full-image backup of that computer.
  • There are only one or two user(s) set up on the infected computer .
  • There is no (or very little) locally-installed software on the infected computer.
These conditions are hardly ever met in a home environment. Only if these conditions are met I will consider a reload. In eleven years of “fixing” home computers I have had to reload the operating system only on two occasions.

I see no acceptable alternative to intelligently and methodically removing all malware infections and repairing any damage they may have caused. 

And I am well aware of the fact that on rare occasions malware may have done so much damage to the operating system that there may be no other way but to wipe and rebuild; but, as I said, luckily these cases are becoming more and more rare.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Monday, September 8, 2014

2014-09-08 WTKM Talking Points (September 8 2014)



Linksys and Cisco routers unsafe! Updating does NOT help.
Any other router: Turn WPS off (known since 2011)

Cloud Storage: Another example of lost access and no recourse.

For-Pay Windows maintenance tools worthless

Infectious” USB drives on the horizon. So far only drives with a certain type of controller but that might change.
But they don't tell us what brand controller is affected.


14 antivirus apps have security problems.
    After finding basic boo-boos in security software researcher says vendors just don't care.
Avira, BitDefender, ESET and Panda (
among others) in “hall of shame”.

The skinny: The more a security app does the bigger the attack surface
and
the more it slows down the computer.

Why do people create virus programs? MONEY!
CryptoWall alone cashed over six months more than $1.1 million

Did Home Depot get hacked? Whether yes or no,
currently do not use ANY card at any retail stores.

Firefox enhances security with new version 32. Upgrade!

Mac security programs: Only three of 18 very good, a few good. Fuhgetabout the rest.

As usual I welcome suggestions and comments right here in the blog. 
 
Click here for a categorized Table Of Contents.

Monday, September 1, 2014

Details on CryptoWall


This article assumes that you are familiar with my previous article CryptoLocker - Revisited.

Detailed information was released about CryptoWall, one of the CryptoLocker variants.

Between mid-March and late August CryptoWall infected almost 625,000 systems; on these systems it encrypted more than 5.25 billion files.

The US seems to have the most CryptoWall infections: 253,521 (or about 40 percent), followed by Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582.

The US likely got targeted more often because CryptoWall's got distributed through spam emails sent from the Cutwail botnet which targets English language computer users.

Researchers collected data directly from CryptoWall's  payment server such as the exact number of paying victims and the amount of payments. Of nearly 625,000 infections and over about six months 1,683 victims (0.27%) paid the ransom for a total of $1,101,900.

CryptoWall seems to have  a home-made problem by accepting payment of ransom by Bitcoin only. Many average computer users will have problems paying with Bitcoin and reseachers assume that this is part of the reason that only 0.27% of CryptoWall's victims paid compared to 1.3% of CryptoLocker victims; CryptoLocker allowed payment by MoneyPak as well.

As sad as it is, these numbers clearly show that cyber crime pays.


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.




Tuesday, August 26, 2014

CryptoLocker - Revisited



In December 2012 I wrote for the first time about the back then new relatively virus CryptoLocker.
In October 2013 I wrote again about new variants of this virus. Now I have new information that warrants to visit CryptoLocker again.

This family of viruses is by now one of the most destructive threats I have seen. Much of the news regarding CryptoLocker is rather negative but there is at least a bit of positive news as well.

CryptoLocker has evolved

Very shortly after the original CryptoLocker had appeared the first variant was discovered; on first glance it appeared to be similar to the original version. It almost was a look-alike, the method of infection was the same, the encryption seemed the same and the message on the infected computer's screen was very much like the original's. There were only two obvious differences: The original CryptoLocker demanded $100 for information to decrypt the user's files and it offered two payment methods (MoneyPak or Bitcoin); the “look alike” demanded $300 and accepted Bitcoin only.

Time consuming and detailed analysis uncovered significant internal differences. Specialists found that the second version most likely was written by a different programmer or even programming team. It was written in a different programming language and many other internal differences were discovered as well.

In the meantime we know of at least six other virus programs that work similar to CryptoLocker. They are called “encrypting ransom ware” (in the following ERW), they are actively distributed, modified and improved. Most likely they were created and are being run by different groups of malware creators and distributors. Some names I have run across:
  • CryptoLocker (the original)
  • CryptoLocker 2 (the first imitator referenced above, my naming))
  • Critroni
  • CryptoDefense
  • CryptorBit
  • CryptoWall (see this new article for details)
  • CTB Locker
  • PrisonLocker or PowerLocker
  • TorLocker
The newer versions of ERW viruses have become increasingly sophisticated, hard to detect and difficult to remove.

How these infections spread

Many infections happen when the user attempts to opens an e-mail attachment that then in turn launches the ERW. By now almost any file type can be abused in this way; you just can't trust so called “safe” file types any longer.

Over time I have received many emails about supposedly failed deliveries of goods. Some of these emails were made professionally and looked at first glance almost authentic. It made no difference whether the email seemed to be from DHL, FedEx, UPS or the US Postal Service; there always seemed to be some legitimate sounding reason to open the attachment.

In all cases attention to detail and applied common sense protected my computer better than any security program could have done; I simply avoided that one fatal click to open an attachment.

Another increasingly often encountered way for ERWs to spread are “drive-by downloads”. They come from compromised websites and compromised web servers. These sophisticated attacks take advantage of known vulnerabilities in almost ubiquitous software like Windows, Adobe Flash, Adobe Reader, Java and so on. Since these vulnerabilities are known there is only very little excuse to get caught by a drive-by download. To get the computer infected by a drive-by download is very unlikely if the user keeps all software up to date.

Protection?

On the positive side we have to my knowledge three options, some free and some with premium versions for a charge. These programs do not interfere in or conflict with common anti virus or security software. I warn against running any two of these programs concurrently due to the likelihood of conflicts with each other.

1. CryptoPrevent
2. MalwareBytes Anti-Exploit
3. HitmanPro Alert with CryptoGuard

If you are interested to learn more please follow the links.

To make it perfectly clear: I am convinced that the best protection is our own attention to detail, caution and applied common sense. No software in the world can replace our watchfulness!

ERWs on non-Windows computers

To make a bad situation even worse there are reports of ERWs on other, non-Windows platforms like tablets and smart phones with the Android operating system. There was talk about a popular NAS system (Network Attached Storage) being targeted as well. Only Apple systems seem to be not affected, so far at least; as we all know that can change any moment.

A bit of good news

Fairly recently, I believe it was in early August 2014, two software companies announced that they have jointly developed a method to decrypt at least some of the files that were encrypted by the original CryptoLocker. The companies and their web sites are The companies offer their program free of charge to people who still have files encrypted by the original version of CryptoLocker who wants to attempt to recover them.

The companies are FireEye (www.fireeye.com) and Fox-IT (www.fox-it.com). These companies apparently did not crack the encryption, they gained access to some of the command and control servers where some private keys were stored that the original CryptoLocker virus had used.

Much detailed sleuthing, dis-assembling, re-engineering and analysis of the original virus enabled them to write a program called DecryptCryptoLocker that can decrypt affected files when the were encrypted using any of the recovered private keys. At https://www.decryptcryptolocker.com/ you can read how this works. There is a decent chance that this program will recover encrypted files but there is no guarantee.Some so far encountered obstacles that may prevent decryption are:
  • It works only on files encrypted by the original version of CryptoLocker infections; it may or may not work on files encrypted by later versions of ERW.
     
  • Nobody knows if the servers accessed by FireEye and Fox-IT contained all private keys CryptoLocker had used.
     
  • The original CryptoLocker was effectively eliminated late in May, 2014; any later infections will most likely have used different sets of private keys.
Despite these obvious limitations of the procedure FireEye and Fox-IT deserve a lot of credit and big kudos. Anybody who still has files encrypted by the original CryptoLocker should try the procedure and see if it works for them.

My personal conclusion

It is primarily user behavior that protects the computer by always keeping Windows and all other regularly used programs up to date. If all this is accompanied by attention to detail and applied common sense then the computer will most likely remain “healthy” and safe.

In the worst case scenario, that is after your computer got hit by CrypyoLocker or a look-alike having a recent clean backup will be the best medicine against sleepless nights.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

 

Tuesday, August 12, 2014

How to Use Malwarebytes Anti-Malware


In my article 2014 Update On Malicious Programs I promised to write about how to correctly use Malwarebytes Anti-Malware (MBAM). Here it is.

Allow me to repeat the short installation instructions:

MBAM is a time proven product and available in a totally sufficient free version. You have to watch during the original install and when you install a program update. The last window of the installer looks like this:



Please pay attention to the marked entry; it's check box is preselected! That means the “trial version” will be activated and after the trial period ends you would have to pay for using the program.

You have to uncheck this check mark.

Eventually the program itself needs to be updated; the installer will run again and again you have to pay attention to this little detail to avoid the for-pay version!

And now to what the title promises.

After you start MBAM you see this window:


I recommend to always click on Update Now; this is where the cursor points in the screen shot. Let the program work until you see that the database has been updated:


Do you see the check mark by Database Version (see the cursor).

Then you click on the big green button labeled Scan Now.

The program window will show the progress:


When MBAM finishes scanning it may either show that no traces of malware were detected:

 

Or it shows this window listing encountered traces of malware (a real life example from a customer's computer):


The free version of MBAM does not allow to select different action(s). Experience has shown that the program's suggested action is appropriate.

My recommendation is to follow MBAM's suggested actions and to click on Apply Actions. When that action has finished you can close MBAM.


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents. 
 

Friday, August 8, 2014

2014 Update On Malicious Programs


As far as malicious software is concerned much has changed since I last wrote about it. So here is an updated report on the current situation (summer 2014) ans my personal advice on how to stay safe on the Internet. I will talk about
  • Definitions
  • Protective tools for the home user
  • How to avoid these troubles and a
  • Conclusion

Definitions:

Malware: Short for malicious software. It is a general term used to describe all viruses, worms, spyware, and pretty much anything that is specifically designed to cause harm to your PC, steal your information or throw never ending torrents of advertisements at you.

Virus: A program that copies itself and infects a PC, spreading from one file to another, and then from one PC to another when infected files are copied or shared.

Spyware: Any software that collects your information without your knowledge and usually sends that information back to the creator(s) so they can use that personal information in some nefarious way.

Scareware: A relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license. Of course, these scareware applications are nothing more than malware that holds your PC hostage until you pay for the “full” version. In many cases you can't uninstall them and/or the render the PC unusable.

Trojan horses: Applications that look like they are doing something innocuous, but secretly have malicious code that does something else. In many cases, trojans will create a backdoor that allows your PC to be remotely controlled, either directly or as part of a botnet—a network of computers also infected with this trojan and/or other malicious software. The major difference between a virus and a Trojan is that trojans don't replicate themselves—they must be installed by an unwitting user.

A computer worm uses a network to send copies of itself to other PCs, usually utilizing a security hole to travel from one computer to the next, often automatically without user intervention and often via email.

Ransomware usually encrypts your files that then are useless to you and some even “lock” your computer. The software requests an often quite substantial payment for the means to restore your files into usable form – which even after payment sometimes fails. 


Protective tools for the home user

You will always want to run a specialized anti virus program and a specialized on-demand only malware removal tool. I will recommend the only two programs I have learned to trust over the years – and that are easy enough to handle for the home user.

Anti virus: The release of Microsoft Security Essentials has changed the landscape of antivirus software. We finally have a completely free application that protects against viruses, spyware, and other malware without killing system performance like some of the "suites" tend to do. In my extensive personal experience it barely slows down even relatively slow machines and it's user interface is the easiest to use of all I know.

Don't only take my word for it. AV-Test.org found that it detects 98% of their enormous malware database and AV-Comparatives (a widely known anti-malware testing group) found that MSE was one of only three products that did well at both finding and removing malware.

Anti malware: Modern malware, mostly called PuP (potentially unwanted program), is very different from classic viruses. Most anti-virus programs can not detect PuPs and thus do nothing about it. And, as if to add insult to injury, most of them come on the computer because the user got tricked into allowing their installation.

I recommend Malwarebytes Anti-Malware (MBAM for short). Please download it from these two links only (they both go to the same destination).

MBAM is a time proven product and available in a totally sufficient free version. You have to watch during the original install and when you install a program update. The last window of the installer looks like this:



Please pay attention to the marked entry; it's check box is preselected! That means the “trial version” will be activated and after the trial period ends you would have to pay for using the program.

You have to uncheck this check mark.

Eventually the program itself needs to be updated; the installer will run again and again you have to pay attention to this little detail to avoid the for-pay version!

See this article on how to correctly use MBAM.


How to avoid all these troubles

When it comes to protecting yourself, it's laughable how many people install multiple antivirus applications but don't keep their system updated with the latest patches for the operating system.

If everybody would simply keep their system and all programs up to date, we wouldn't have to worry so much about these problems. If the constant rebooting action of Windows Update has you frustrated, you can always temporarily delay the reboot; remember, only after the reboot the patches are completely installed and active to protect your computer..

Keeping your applications updated is critically important to protect your computer's security. Your firewall won't protect you, and an antivirus software is unlikely to help if you're using an old, vulnerable version of Adobe Flash or Adobe Reader.


Conclusion

In the end, good browsing habits and common sense should be your first line of defense against any kind of malware. I recommend to always run a good security suite like MSE and additionally to use MBAM as an on-demand scanner. That way you're as well protected as easily possible and you can scan your system for malware whenever you want.

So here's the bottom line: In my not so insignificant experience MSE and the on-demand free version MBAM work very well together . Coupled with good browsing habits and common sense this a good combination of security tools and judiciously using them should keep you well protected.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.


Monday, August 4, 2014

2014-08-04 WTKM Talking Points (August 04 2014)




Linksys and Cisco routers unsafe! Updating does NOT help.
Cisco comment: “There are currently no known workarounds available for this vulnerability."
You could possibly switch your router to safer firmware by installing OpenWRT or the EFF's OpenWireless Router. Beware: This is not for the faint of heart!



Bitdefender enterprise endpoint security is unsafe!
Where does that leave the home user?
Remember, the company and their support are in Romania!



Cloud Storage: Another example of lost access and no recourse.



Passwords



InfectiousUSB drives on the horizon. So far only drives with a certain type of controller affected.
That will change!



New RAT (Remote Access Trojan) targets Bank of America, Citibank, Natwest, RBS and Ulsterbank (last three in GB) but there may be more.

AVG search revenue from freebie scanners dries up. Significant drop in income from search!


14 antivirus apps have security problems. After finding basic boo-boos in security software researcher says vendors just don't care. Avira, BitDefender, ESET and Panda (among others) in “hall of shame”.The skinny: The more a security app does the bigger the attack surface –  and the more it slows down the computer.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.