URGENT ALERT! For users of any Apple thinghy!

Hi y'all and thanks for reading this.

If you or someone in your household has any piece of equipment from Apple, like an iPhone, iPad, iPod or the like then

 this is for you!

Since iPhones a.s.o. are so common nowadays the crooks are targeting you. Look at the email I just got in a partial screen shot of the Thunderbird screen:

 

I have marked the give-away items with colored rectangles as follows:

Blue: I don't have an Apple account! Ha, ha, ha.

Purple: The email does not even come from Apple!

Green: My cursor pointing to the "Verify..." button.

Red: The URL (web site address) that the "Verify..." button actually is pointing to; it has NOTHING AT ALL to do with Apple.

To be addressed as "Dear ejheinze@att.net" is so unprofessional this alone would be reason enough to click on the Delete button!

The item in the red rectangle I see only because I told my email program to show this and because the cursor is on the "Verify..." button. I believe none of this needs further clarification. Should you have any questions please feel free to ask me, preferably in an email.

A general remark: 

If the program you use to read your emails
does not show you any of the information in blue, purple and red
then you potentially endanger your computer!

Any Questions? Please feel free to ask me, preferably in an email. 

Stay safe.

Microsoft Edge and Google Chrome vs. Firefox

And again it is a customer's question that triggers me to write on this blog. The customer, thank you Steve H, asked simply "What is your opinion of Microsoft Edge vs Firefox?".

Here is my reply:

I strongly advise against using any web browser from Microsoft!

I collected some articles for your enjoyment that can give you some background for my various reasons. The articles quotes are in no particular sequence.

Test Link

Microsoft Edge introduces new security risks in Windows 10     https://betanews.com/2015/07/30/microsoft-edge-introduces-new-security-risks-in-windows-10/

IE, Edge Users at Risk from Serious Browser Security Flaw      https://www.tomsguide.com/us/edge-ie-flaw-no-fix,news-24565.html

Windows 10 users ignore Edge for a reason     https://betanews.com/2015/10/19/windows-10-users-ignore-microsoft-edge-for-a-reason/

Windows 10's new browser Microsoft Edge: Improved but also new risks     https://blog.trendmicro.com/trendlabs-security-intelligence/windows-10s-new-browser-microsoft-edge-improved-but-also-new-risks/

Before you ask let me please preempt the question about Google Chrome vs. Firefox:

So far the main argument for Chrome was "it is faster". That was and is a phony argument that shows a deplorable lack of knowledge by the people using it. I'll give you an example.

Let's assume from the moment you click on a link to having the new web page in front of your eyes it takes all together 10 seconds.

90% of that time is needed to get the many little files that comprise a web page from the server these files reside on to your computer. We and/or the web browser have no way to make that faster.

The last 10% of the time is used by the web browser to "convert " the many little files into the picture we see; this process is called rendering. And that actually was where Chrome was faster.

MS Edge, the new version of Firefox and others have closed and/or eliminated that speed gap.

If Chrome were 30% faster in rendering the web page that would be only 0.3 seconds. Even in a direct A/B comparison we would not be able to experience that difference.

Additionally: The Chrome web store, from where you'd download any browser extension you might want or need, has been plagued by rogue extensions (only one example here, there are many more!). You may find way too late that the extension you downloaded and installed was rogue.

So for me it is clear:

No to Google Chrome and ANY Microsoft browser; IMHO the only well supported alternative is Firefox.


Stay safe.

Virus Check BEFORE Download

I assume that you know about Virustotal (VT). If you still don't now than I am at a loss of words- which rarely if ever happens to me. But enough of my puny attempts on being funny.

With VT you can check any reasonably sized file (up to 64MB) that already is stored on your computer for viruses. What if you want to check a file for viruses before you actually download it?

If you use a web browser other than Internet Explorer you could install an extension.

• In Mozilla Firefox you can install the VTzilla extension.
• In Google Chrome  you can install the VTchromizer extension.
• In Opera you can install the VTopera extension. 

Thesae extensions make it possible to right click on a download link before you start the download. In the context meny that opens you will see an entry like shown here; the example was taken from VTzilla in Firefox:

 

VT will upload and test the file in it's usual manner and presto you have a good idea whether the file in question is "clean".

If you feel challenged by the idea to install an extension in Firefox don't despair, I can do that remotely. 

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Warning: Old Fiend With New Muscle

In the title I say "old fiend" and it is an old adversary in new clothes and with significantly more muscle. 

Instead of repeating the background story please first head over to my September 2012 article and come back here after you have read it.

So what's new?  Besides the new name, Crypto Locker, a couple of major improvements have been made to that nasty piece of maliciuos software:

• The encryption is now "NSA grade", meaning there is no way out! Your data files most likely will remain lost!
   
• The ransom has been raised in some variants of this malware  to close to $1000.
   
• Now even files on other than the system drive C: will be encrypted. That renders restore partitions useless.
• Is your backup disk permanently connected to the computer? Then the files on this drive get encrypted as well and all your backups are totally useless!
   
• Now even files on network connected other computers can get encrypted.
   
• Many victims that actually did pay the ransom got a decryption key that did not work! Their files remained inaccessible and were totally lost.
   
• To pay ransom in some instances credit card information was given to the obviously wrong people; credit cards got maxed out in minutes! That is much more trouble than the loss of years of pictures, emails and other files!
   
• Many attempts to save files turned out to be more expensive than a brand new computer would have been, Even with a new computer your files remain lost!

So far, and that may change soon, CryptoLocker 

• arrives on victims computers in an email from an arbitrary sender they often don't know.
   
• arrives on victims computers as an email attachment; this requires the victim to explicitly execute the attachment, that is double click on it and eventually even ignore the warning from Windows about running a downloaded program.
   
• arrives on victims computers after the victim clicked on a link in an email without first checking the link and it's real target.

You say you don't do either of these arguably fairly dumb and dangerous things? Good for you! Are you 100% certain that everybody who eventually uses your computer is as careful, as attentive and as cautious? Think about your sweet teenage granddaughter, your kid's friends, visitors and so on.


You ask why your anti virus program did not catch the bad program? Simply because this form of CryptoLocker is new. It requires time and quite some effort to design detection methods and find secure ways to neutralize these modern and very sophisticated threats.

As of this writing we all are unprotected and need to use due diligence. Always wear your common sense hat!

The only currently known "protection" against damage by CryptoLocker is to have a recent image backup of your system drive and/or to have a set of restore DVDs that were created when the system was still functioning correctly.

If you need to use either of the aforementioned a System Repair disk is required. Did you already create one?

If you need help to set up a sensible backup routine and/or to create the disks mentioned above please contact me. You find a useable email address in the left sidebar at the end of the text titled "Welcome".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
 

How A Rogue Program Gets On Your Computer

Folks, this is really important because rather sooner than later your computer will get nailed! if you don't know what to look out for, here is an excellent example to learn from. 

I am a (paying!) subscriber of the Windows Secrets newsletter. The latest issue begins with an article on LizaMoon, the newest mass threat from the internet. The article begins with these words:

A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.

The author describes in detail what happened and that he had to deliberately co-operate four times(!) for the real infection with that rogue program to take hold on his computer.

I highly recommend the article to all who read this!

If you want to know how to avoid LizaMoon (or other rogue programs) if it shows up on your computer reading this above mentioned article is a must!

Now that you know how to spot this sort of thing you want to know how to combat it? Firstly, know how to close these kind of program windows without giving them a chance to interpret your action as an invitation. This kind of infection needs your cooperation and at least one click on the "wrong" link or button. Please read this article here in this blog for more information. One of several methods to "kill" these attacks is detailed after the heading "How do I stop the attack that just started?" towards the end of the article.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Malicious Software - Definitions

Personally I do not assign a lot of importance to differentiate the many kinds of malicious software I encounter almost every day. I take the general approach “It is malicious and we don’t want it on your computer; remove it.”

But sometimes customers ask if it was a virus or a worm and I find it hard to explain the difference in terms accessible to a lay person.

I my web travels I found Squidoo and on Squidoo I found some hopefully useful definitions; I felt I had to mostly copy the definitions and use them as boilerplate for my own text because the same site recommends commercial anti virus and security software that I tell my customers NOT to use.

Rogue Security Software
Currently this class of malware is an outright epidemic. Rogue software is a form of malware that manipulates and scares people into buying a so called “full version” of fake applications, mostly supposed virus removal software. Rogue software displays bogus scan reports and alerts to trick the user into paying good money to the crook who got the rogue program on your computer. In the process of paying you give your credit card information directly to the crook as well! These rogue programs can take over the whole computer system to prevent their removal and in most cases block other applications including legitimate anti-malware programs from running. Some rogue programs are relatively easy to remove but some use stealth techniques that make removal very difficult and time consuming. 

Browser Hijacking
Hijacking is a form of malicious software behavior. Browser and network settings on the user's computer are changed; user activity is redirected to web sites of choice of the Hijack’s creator. Usually you will be redirected to start pages and search pages for paid advertising and/or web pages that attempt to install other malicious software.

Rootkits
A Rootkit is the sum of software and techniques that allow itself and some other, mostly malicious piece of software to be hidden from detection with regular means of the operating system. The hidden malicious components of rootkits often are Key Loggers or Trojans that allow backdoor access to the computer. Rootkits are among the most difficult to remove pieces of malware. Some rootkits are so well hidden and protected from ANY access that re-building the operating system from scratch is the only viable solution.

Key Loggers
Key Loggers are programs created to monitor user keystrokes; the information is logged and reported to the person or organization who installed the key Logger. They may be used by organizations to monitor employees activities. Key Loggers are also used as spyware to steal confidential information and commit identity theft. The logging of keystrokes takes place long before “classic” security measures like encryption can be employed.

Computer Viruses
A computer virus is infectious and sometimes destructive software that can replicate itself and go on to infect other computers. A computer virus is usually executable software. Computer viruses can be contacted through downloads and various modes of email and instant messaging attachments. The virus then attaches itself to existing programs on the target computer. The main aim is to corrupt the computer system. 

Worms
Similar to a computer virus, worms are infectious and self-replicating; they replicate on computer networks and via email. The worm utilizes a computer network or email to send replicas of itself to connected computes on that network or to email addresses. 

Trojan horse
A Trojan horse program (or Trojan for short) is a form of computer malware that gets installed on a computer system through deceptive means. Trojans often are presented to the user as a form of free software or an add-on. However, once installed, the Trojan gives it’s creator access to the computer; then the hacker can carry out their mostly criminal operations using the infected computer without any knowledge of the computer’s user.

Spyware
Spyware is a form of malware that collects and sends information about computer usage and other confidential and personal data to it’s creator. It generally gets installed secretively through deception such as free online scanning, a browser add-on or plugin, dubious websites and/or infected images or PDF files. Even search results have been “poisoned” and abused to install spyware.

Adware
Adware is short for Advertisement-supported software. These programs are designed to display advertisements on a computer system. Most adware programs are secretly collecting information on what you do and look at on the Internet so they can show you “relevant” ads; therefore they can also be classified as spyware. 

Please stay tuned as I intend to publish an updated article on how to avoid the all too common obstacles and dangers posed by malicious software.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.