Friday, July 30, 2010

On Rogue programs

I found an intriguing article on TechPaul’s blog. It is so good that I venture to quote the IMHO relevant parts almost literally. Additions or edited text within the quote appear in dark blue. Paul, I hope you can forgive me.

* * * * * * begin quote
Currently there is an epidemic of fake anti-malware software on the Internet – which is collectively called “rogue anti-malware” or  “scareware”. These fake programs are ‘marketed’ under hundreds of different names, such as “Internet Security 2010″, “Online Scanner”, and “Antivirus XP 2009″.
At our current state of Internet insecurity, you will see one of these scans pop open sooner or later - if you haven’t already seen it.
This ‘rogue’ software scares people by giving false “a virus has been detected!” notifications, and then tries to deceive them into using a credit card and paying for removal of non-existing “infections”.
Worst part is, many are designed to appear to be legitimate products,  professionally packaged/presented including customer testimonials etc.
  • The user is tricked or better scared into providing their credit card information to clean infections that weren’t there before they clicked and aren’t really there now.
  • The ‘false positives’ are not “cleaned”, but more adware and spyware is installed.
  • These clever programs use the latest techniques to combat removal, and it can be quite tough and sometimes next to impossible to truly remove them.
In case I wasn’t clear:
  1. The alerts are fake.
    The scans are fake.
    The results are fake.
    Don’t fall for it.
  2. When you see these “scans” it is to late, your machine has been successfully attacked and you should start a virus removal process immediately - and/or get help. 
  3. Epidemic? You bet!
    Thousands of websites get poisoned each week and cybercriminals create bogus websites at the rate of thousands a day.
Oh, yes, I almost forgot. A new ‘variant’ of the better rogues is released on the Internet roughly twice a week.
* * * * * * end of quote

If you choose to call me, shut down your computer and do not, I repeat, do not try anything else. The more you fiddle yourself the worse it will likely get and thus the longer I will need to remove the junk. And as you well know ‘time is money’, your money in this case.

So what can you do?
  • Use and heed WOT (Web Of Trust)
    (Changed 2011 after many months of problems with McAfee's Siteadvisor) 
  • Always use Firefox or Google Chrome instead of Internet Explorer to browse the web – and see that all family members and their visitors (Kid’s friends!) adhere to this policy as well, no exceptions.
  • In Firefox:
    Use Adblock Plus with the Easylist (USA) filter list and WOT and heed it..
    In Chrome use Adblock (by gundlach). 
  • Be prepared, maybe having read and understood this article.
  • Don’t panic, use common sense!
  • Oh, did I mention it already? Be prepared!
As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Friday, July 23, 2010

Routers Can Get Hacked – Act Immediately

A newsletter for computer technicians writes about a pretty nasty attack that could open your computer to the (hacker-) world. This article goes into quite some technical detail; if you prefer to avoid this type of geek speak here is the skinny of it:

Many, many home routers can be hacked! Here is a link to a table with model numbers and information whether the specific router is vulnerable. I you have a router there is a good chance that your model is in that list.

What you can do about it? This literal quote from the newsletter says it best:

The best way to protect against this attack is to change the password on the home router and change the default IP address along with keeping firmware up to date.

A few remarks to the table with the results of the tests:

In the last column you see either Yes or No; yes means this router has been hacked successfully. If your router model is not in this list your system more likely than not is a potential candidate for being hacked this way. To be safe I would treat it as a Yes.

Sadly but understandably 2Wire routers and gateways are missing. They are fairly ubiquitous since they get often installed with ATT DSL or U-Verse service. I recommend to treat them as a Yes.

  • If you have one of the models with a Yes I suggest you act immediately, BEFORE hackers take advantage of this opportunity.
  • If you have one of the models with a No you can at least sleep in peace.
    I suggest that as a precaution you change at least the router’s password; it would be ideal to update the router’s firmware as well if applicable.

If you are technically inclined and still have your router documentation you certainly can do the password change yourself.

If you feel uncomfortable about changing the default IP address and/or updating the firmware then you know who to call, do you?

Now, if you call to make an appointment for this then PLEASE have your router’s manufacturer, the precise model number and version information available; thank you in advance (look on the underside or back of the router for this information). If you don’t find that information, no big problem, I can establish that on site.

I found it interesting that
   -   all of the five tested D-Link routers are safe,
   -   all of the two tested Netgear routers are safe,
   -   four out of five tested Belkin routers are safe and 
   -   only two out of eight tested Linksys routers are safe.
These four manufacturers likely sell the bulk of routers in our neck of the woods – but they sell many more different models not tested here.

July 6, 2008 I wrote about Wireless Router Setup. I just now have updated this article from 2008 to reflect above new information.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Thursday, July 22, 2010

Windows Live = NO Privacy At All

One of the more technically oriented newsletters I receive regularly arrived with this article: Windows Live shares your Messenger contacts

Already in April 2010 I wrote about Microsoft and Privacy. Now on top of all that comes above mentioned article from the Windows Secrets newsletter. Again, in my opinion the author is a reputable man and a very experienced computer journalist; I trust his words.

You may want to wade waist deep through the original article; if you prefer to save yourself some time here are selected literal quotes:

With the new Live format, Microsoft pays a great deal of lip service to maintaining your privacy; but my tests show you can't trust what you see on the screen.

Now, imagine my surprise when I discovered that the so-called new and improved, privacy-conscious version of Windows Live — the social-networking sphere containing Messenger and Hotmail — continues to share my personal information, even when I explicitly tell it to keep my info and communications private.

Windows Live's most pernicious form of privacy invasion is what I call third-party tattling. Here's how it works: You and Mr. A have a conversation via Live Messenger. Days, weeks, or even months later, you and Mr. B also have a conversation. In Windows Live parlance, you are now friends with both Mr. A and Mr. B.
Tattling comes into play when Mr. A signs on to Messenger or Hotmail or Windows Live and sees that "[You] and Mr. B are now friends."

I'm sure you can think up many different scenarios where that kind of sharing could be quite embarrassing (even lethal) — an informational gold mine for business rivals, political opponents, love triangles, wanted nuclear scientists; you get the picture. To put it succinctly, it's none of Mr. A's freakin' business who else I've contacted with Messenger.

Microsoft tattles — dishes up lists of my new-found Friends every time they log on to Messenger, Hotmail, or the main Windows Live page.

Microsoft has taken Hotmail and Messenger accounts and turned them into Windows Live Spaces accounts. What's more worrisome, MS has also taken the liberty of converting your Messenger contacts into Friends. It then shares information about these new Friends with each other. To try to prevent this sharing (and, based on my tests, you can't), you have to navigate a mind-boggling labyrinth of privacy settings.

It has a bad odor to it. When I use Facebook, I fully expect that other people will be able to see what I'm doing. No problem — I would never use Facebook for sensitive business communications. But when I use Messenger, I expect it to be as private as a phone call.

I hope this is enough to keep you from using ANY of Microsoft’s Live services, be it Messenger, Hotmail, cloud storage or whatever other service under the umbrella of a Windows Live ID.

Please distinguish between services and some useful programs Microsoft freely offers as part of what currently is called Windows Live Essentials.

For example I write this blog with Windows Live Writer; it is a God-sent for me. Other Windows Live Essentials programs that some of my customers use – but I don’t have any experience with:

  1. Windows Live Movie Maker to edit family videos,
  2. Windows Live Photo Gallery for photo organizing and basic editing,
  3. Windows Live Family Safety to protect kids from Internet smut.

The big risk is that these programs are offered together with Live Messenger and Live Mail and every time you update one of them you again and again will get inundated with requests to set your home page to MSN, make Live Search (and/or Bing) your main search provider and to get a Windows Live ID. User beware!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Monday, July 19, 2010

End Of An Era: Goodbye Windows 2000, XP SP2 and Vista

An era has ended it appears. An era in the Microsoft centered world of computers at least. Don’t get me wrong here, it’s not that I am bemoaning this fact, not at all!

With the end of update support for above mentioned Windows versions Microsoft applies pressure on the holdout community that IMHO not only lives in dangerous surroundings but thus potentially endangers everybody else. How so? These technically obsolete systems will most likely become hosts to malicious software that from this almost safe heaven will attempt to get into other machines as well.

I have been asked why someone would still want to run something like Windows 2000? The answer in most cases is surprisingly simple: Old application software!

Companies can fall into this trap if at the managerial level they either don’t see the need to keep the IT infrastructure up-to-date or can not update due to financial constraints. The former reason seems to me to be more of a philosophical (and/or educational?) problem, the latter being due to insufficient budgeting and planning. Over my four and a half decades in IT I have seen this scenario all too often.

Small home office and normal home users IMHO fall into this trap mostly because they got used to using some old piece of software and/or were unwilling to upgrade earlier when they were reminded.

The world of computers is likely the fastest changing field of technology ever. It appears that we are not yet adapted to thinking in update and maintenance cycles. So here is my $0.02 worth on updating from my side of the fence:

  • Computers should be updated, that is exchanged for a new one, about every five years. Depending on technical circumstances like what hardware is in a machine or what new operating system has just been released (Windows 7!) even only three years may be reasonable.
  • The operating system always and continually has to be kept up-to-date. If you are still running Windows 2000 then the time to buy a new computer is now, no matter what!
  • Critical application software has to be kept up-to-date as well. If this requires a new operating system and/or a new computer then so be it, period.

If you can’t keep up in Chicago rush hour traffic on the interstate with your nice old Ford Model T then you are endangering yourself and others! Either get off the road or get a car that can keep up in these conditions, sorry!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Sunday, July 18, 2010

What Malware Can Do

I just read an IMHO great article about the Conficker worm. Yes, I know, Conficker is a story from November/December 2008 but this article in The Atlantic magazine is not only factually correct, it is great reading.

You may not want to read through the many, many partially good and partially quite silly comments so here is the link to a website that gives you a simple optical indication if your computer is infected with Conficker or not. Note: This may not work on computers in certain types of mostly corporate networks.

Should your computer be infected, you know who to call, don’t you?

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

McAfee Siteadvisor Setup

McAfee seems to feel the heat, maybe generated by Microsoft Security Essentials?

McAfee’s IMHO very valuable Siteadisor service is increasingly being used to run with settings that help only McAfee and not the unsuspecting end user.

Here is a short tutorial on how I would set Siteadvisor’s options. This is based on the currently latest version of Siteadisor.ScreenShot001

Click on the little vertical arrow to the right of the green (or grey) McAfee icon in the right bottom corner of the Firefox window. 

Then click on Options and in the General tab set “Add color-coded highlighting…” to Yes.


In the Secure Search tab Un-check the check box by “Add Secure Search to…”.







I strongly suggest NOT to set Yahoo as the browser’s home page and NOT to use McAfee’s so called Secure Search as your browser’s default search engine.

Update July 18, 2010:

Just this moment I had to do remote support to help a customer who did not see the McAfee icon in the right bottom corner of the Firefox screen.ScreenShot005

1.   The status bar was turned off. Naturally you can’t see something that is being displayed there if the status bar is turned off. You turn it on here:


2.   Almost every add-on in Firefox can be independently disabled or enabled. In this customer’s Firefox the McAfee Siteadvisor add-on was disabled. You can check and/or change that by clicking Tools, Add-ons. You get a window like this:
Highlight Extensions and find McAfee Siteadvisor. If the marked button reads Enable then it is disabled; click on Enable to do just that. You have to restart Firefox for the change to take effect.

End of Update July 18, 2010 

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Sunday, July 4, 2010

Safe Computing in 2010

The world of computers run by Microsoft Windows operating systems has changed so much since I began this blog in 2008! The posts from May and June 2008 drew heavily on papers that I used with and for my customers some time earlier, mainly in 2005 through 2008.

In politically correct terms, the threat landscape has undergone major changes.

It is about time that I give an updated “digest version” of what I recommend now to keep a computer as safe as possible. Here it is.

  1. Use Open DNS.
  2. Use Firefox with AdBlock Plus and McAfee Siteadvisor add-ons. In Siteadvisor you have to turn “Highlight search results” on and turn the Safe Search function OFF; if Safe Search is on then do not use it!
  3. Use Thunderbird instead if any Microsoft email program! In Thunderbird version 3.x I recommend to use “CompactHeader” and “Extra Folder Columns” add-ons. 
  4. Never open any email attachment unless you are sure of the source and always virus scan the attachment first.
  5. Firewall:
    Please ask yourself the following two questions:
       A: Are you capable of and do you wish to learn about network ports and ow to configure firewall rules?
       B: Are you able to answer correctly lots of alerts and questions about the things in question A?
    If you say NO to either or both of above questions stick with the standard Windows firewall, period!
    If You answer Yes to both questions you may consider Outpost Free.
    If you do the latter be aware that you will be subject to “upgrade” offers to the for-pay version. User beware!
  6. If you are a self proclaimed “computer illiterate” home user then use Microsoft Security Essentials as your anti virus, anti malware and anti malvertisement (malicious advertisement) solution.

    More info from me on MSE: Go to the table of contents of this blog, find and click label “MSE” and read the articles that come up.
  7. Always ensure that your operating system and security software is updated with the latest signatures and patches. Try to use an automated function for this where one exists but don’t totally rely on any automatic update function. Check manually and regularly for updates! 

    You want to know what to update? Read this article on my blog.
  8. In Google search results: Never enter a site rated "Red" or “Yellow” by Siteadvisor. There will be 100s of other safe alternatives to choose from.
  9. Only download programs from trusted sources and still virus scan the downloaded file first before you actually use it! The IMHO most comprehensive scanning is done by VirusTotal and Jotti.
  10. Never run software from borrowed removable media without first virus scanning the content.
  11. If you lend your removable media to someone else virus check it when it comes back!
  12. If anything on or from the Internet looks like the offer of a lifetime then your online life is likely to end or at least massively change abruptly!
  13. Cracked software is only for cracked heads or people dumb enough to think differently.

I know, some of the above are harsh words, please forgive me. But they are the truth nevertheless.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.