Important Update for Adobe Flashplayer

Please click this link if you are looking for information on Windows 10.

Adobe released an emergency patch for it's ubiquitous Flash Player.

You should now be at least on version 18.0.0.194.

You can check the version in Control Panel, Flash Player; click on the Update tab.

Caution: Adobe gets paid to coax you to download and install McAfee Security Scan.

If you run your computer like I recommend (and may have set up) then you do not need/want this blind passenger!

Adobe's update web page looks like this:

Watch for the always pre-selected check box (big red arrow); please DE-select the check mark before you click on "Install now".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Bye bye Viruses, Hello Carelessness

It's almost like in the Everly Brothers song "Bye Bye Love" from 1957. They sang

Bye bye happiness, hello loneliness...

I am enticed to, no, don't be afraid, not sing but say

Bye bye viruses, hello carelessness...

In August 2014 I wrote in this blog the 2014 Update On Malicious Programs. Everything in this article is still valid today – which in the fast changing world of computers is astonishing all by itself. Self replicating viruses that "find and infect" our computers by their own accord have gone almost extinct.

What has massively changed though are the tricks and methods used by miscreants to foist their malicious junk software on our computers. It is so bad that I feel compelled to say

Do NOT click on any link in any email,
do NOT open any email attachment
and NEVER click in any advertisement.

Does that sound extreme to you? Good, because it is extreme. We are in an extreme situation and it's getting worse so extreme measures seem appropriate.

In the meantime you have learned to immediately delete emails with an unfamiliar sender address. But what about the email from that buddy of yours who always sends all the jokes? My advice is to IGNORE it! Just hit the Delete button. If that email really was from him and if he were a nice guy he would have told you in the email why and what he sends there. If he does not have the decency to do that you better err on the side of caution and delete that email; you may “miss” a joke but what is that compared to $100 or $200 cost for a good clean-up job?

Another way how modern malware (called PuPs) is distributed are dirty tricks pulled on us when we apply required updates. Even big, well known companies participate in these schemes; names that come to mind as examples are Oracle, Norton, McAfee and Adobe. Some visual examples are here.

And don't get me going on advertisements. Listen up:

If you see advertisements on your computer screen then you computer most likely already is compromised. Get it cleaned up!

And then the sneaky methods that well known download web sites like Download.com, Cnet.com and other use. You want to download that nice free little program and what they give you is a specially crafted downloader program that in turn is supposed to download the program you actually want. But what you get are one or several PuPs and then the program you really wanted.

The only method to help here is to watch for the tricks, traps and deceptions. 

In July 2013 I published my 10 Commandments Of Safe Computing. To heed the first of these has become more important than ever before; it reads:

Thou shalt read and think(!) before you click.

Be vigilant, pay attention to details and always remember: If it sounds too good to be true it usually is not true; especially in this day and age on the Internet.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Warning - W A R N I N G - Warning

On October 23rd 2013 I wrote about a really, really bad new virus called CryptoLocker.

Back then, only three and a half weeks ago, CryptoLocker was an acute danger mainly in the UK, parts of continental Europe and in some Asian countries.

This has changed dramatically. Computer users in the USA get hit with this virus increasingly often. Since a few days I receive about five emails every day that offer me "free money" or pre approved credit cards "ready to be shipped" my way. Would I ever click on a link in such an email? Would I ever be tempted to open one of the attachments? You bet not!

A free(!) protection method is available but it will interfere to some degree with normal computer operation. When this happens the computer user needs a certain amount of technical know-how to correctly diagnose the reason for the interruption and the to create an exception; this has to happen every time when it happens. If you can do that you should look at CryptoPrevent.

For everybody else I shout as loud as I can:

Disconnect your external backup drive when the backup is done!

If you don't disconnect the backup drive your backup files will be encrypted as well! They are totally useless once encrypted.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

PUPs - No Virus But Just As Nasty

Updated Oct. 27th, 2013

The latest and fast growing trend of cyber crime against the unsuspecting user of a Windows PC is a new breed of malware, so called PuP programs (Potentially Unwanted Program).

These programs technically are not viruses; that is why anti virus programs don't find them - although there are some special programs for geeks and technicians that can clean this stuff from your computer.

You can easily check your computer for at least a few the most commonly encountered names.

1. Open the Control Panel
2. Set "View by" in the right top corner to Small Icons and 
3. Open Programs and Features

You find names of PuPs that I have encountered in this list. Warning: The list is long, by it's very nature incomplete and it keeps growing almost every week. Please be aware that spelling, capitalization, prepended or appended numbers or syllables and inserted or omitted spaces are common and still denote the "main offender" as worthy of removal.

The somewhat good news: Many of these pieces of trouble can be uninstalled, that is removed, from right there in the Programs and Features window where you just found them.

The really BAD news: Even if you uninstall them successfully there will be leftovers in web browsers and other important locations in the operating system.; especially Google Chrome seems to be likely to retain some of that. These leftover entries can be numerous, affect functioning of web browser(s) and significantly hamper the computer; they can only be removed with some specially written very detail oriented clean-up programs.

Well, you know who can help, don't you?

Please remember: Toolbars are forbidden, no matter who promises what, no matter how tempting the name and no matter who made the tool bar! If you find any toolbars remove them right away.

If you find folders with names from random letters or numbers like for example:
         pgmfkblbflahhponhjmkcnpjinenhlnc
you have a clear indicator of malicious software. You know who can help, don't you?

If you wonder how all this stuff got on the computer then please read the explanation  here.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Cybercrime

If you ever wondered about the how and why of virus programs, cyber crime and all that nasty stuff then please take 18 minutes out of your busy schedule and watch this video.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Gunk - Everyday Examples

On September 16, 2012 I wrote about a very bad example of a useful program trying to trick us into installing lots of unwanted software; admittedly this was an exceptionally bad example. 

Last week I got my most beloved question about malicious and unwanted programs one too many times. It is the question "But how does this sort of program get on my computer? I certainly did not install it."

Here is my reaction to all this: Dear customer, you did it, I bet!

Let me show you some examples. Today I deliberately used the automatically appearing reminder to update Java; I used the mechanism that every unsuspecting computer user gets offered. The first program downloaded was a downloader which then in turn downloads the actual update.

This and other "download" programs download not only the real updater program that you want and need, no, they almost always offer some unrelated software sort of disguised as part of the actual update, here Java. The installer for the Java update showed several common windows to select the location for the install, agree to the ubiquitous End User License Agreement and so on. And among all these small windows was this one:

The title shows clearly that Java Setup is running, see the blue marking. If you read the text in the window, and you should read it, you see that they, whoever that may be, "... recommends insrtalling the FREE Browser Add-on from Ask, see the green marking. And then it comes:

Two lines that very clearly state what the gunk software wants to do:

• Install the Ask Toolbar and
• "Set and Keep" Ask as the default search provider.

And the check boxes in front of the text are pre-selected, naturally! Please see the red marking.

The "Set and Keep" is really tricky. Not only do they change your default search provider, they also tell the web browser not to allow future change.That means you can not just go in and set the browser back to the search provider of your choice. 


Every single of my customers has heard me saying: Toolbars are POISON for computers, no exceptions and no matter whose name they carry, no matter where they come from, no matter who made them and no matter what they promise.

We have to read these little windows, see that there are pre-selected check marks and let our common sense tell us that the Ask Toolbar and Search Page have absolutely nothing to do with Java. We need to un-check both check marks or our web browser will be messed up - and then it will get worse and worse and in the end effect some of you will call me for help.

Update 2014-01-16:

Here are more examples of the same process with different optics and different "gunk" to be foisted on our computers.

 

Updating Adobe Shockwave player would install Norton Security Scan.

Or, in different optics and different content because downloaded from a different download site:

 

IMHO the worst example because even Google employs these sneaky tactics:

This is how Google Chrome got on your computer Jerry G, you did allow it's installation.

Make no mistake, these things can happen with any installer or update of any program. Isn't it a shame that even well known big companies like Adobe, Oracle, Symantec (Norton products), McAfee and others employ these sneaky tactics trying to dupe us into installing something else than what we want?

Please save yourself the aggravation and some money, simply by paying attention!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Foistware - a BAD Example

Recently I read about the free video download and converter software FVD Suite. I thought some of it's functionality might be helpful so I downloaded and installed it.

And during installation it showed it's true colors. The Installer offered altogether FOUR pieces of typical foistware, some of it IMHO outright bad stuff. And on top of that it used a tricky switch of the method to avoid this unwanted stuff.

Here are the four installer windows that attempted to trick me into installing the additional junk.

1.  The first window has Quick Installation preselected. I am usually careful with my computer so I selected Advanced Installation. The switches to install Babylon were preselected and got greyed out immediately! That means I could not turn Babylon off anymore.  IMHO Babylon is outright CRAP! Pardon my French. it figures as translation software but why then do they need to change my default search engine and my browser's home page? Did I already say crap?

I had to switch back to Quick Installation; then I could remove the check marks in the three entries for Babylon and switch back to Advanced Installation. By then I was on high alert, trust me. 

2. The second window wanted my permission (naturally preselected!) to install Shop To Win and QwikLinx. I always think TANSTAAFL seeing this sort of garbage software.

This window required to deselect only one check mark.

3.  The third window offered PricePeep. See above, TANSTAAFL.

BUT: Since I wanted to avoid PricePeep this window required a change in the method to avoid the PricePeep gunk; I needed to click the Decline button. The graphic design of this and the next window is such that on first glance one might think that Decline would decline the installation of FVD Suite and thus click on Next Step. Which would be just the mistake the originators of this deceptive tactic want us to make. Decline affects PricePeep only. Tricky, tricky to say the least. 

4. Window #4 used the same method as #3, I had to click Decline to avoid getting WaJam installed.

Plus it had a graphic element resembling a check mark in a circle; only after reading the text behind this little thingy I realized what it meant.

 
That was this.

I hope you don't get bored by me repeating and repeating over and over again:

• Take the time to read EVERY little window when installing downloaded software
   
• Watch out for preselected check marks
   
• THINK before you click
   
•  When in doubt don't install what tries to trick you!

It is getting worse and worse every week; stay safe and keep your computer clean!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Gunk Software

This time around it was not a customer but a friend from my trap shooting club who asked a question that I want to answer here. Thank you Steve. He sent me the following text:

My new Toshiba laptop seems loaded with a bunch of Toshiba software.  It seems to want to [do] things its own way. 

If I try to use Internet Explorer as my default browser instead of Toshiba-Google Chrome, my email at SBC-Yahoo does not always seem to work well... the cursor won't respond normally and always the Toshiba browser loads anyway. 

I suspect I might have to uninstall everything that says "Toshiba." 

What are your thoughts on this?

Good that you asked before uninstalling everything from Toshiba.

In my usual complicated manner I will probably tell you more than you wanted to know but I'll do it anyway.

All the following is valid for every brand name computer marketed to consumers, no matter what manufacturer we are talking about!

Sony, Samsung, Toshiba and lately ASUS are in my experience and opinion the very worst of companies as far as dubious or questionable pre-installed software is concerned. Sometimes it takes almost criminal investigative skill to find out what the software really does that they install on their computers.

Some of these programs your computer really needs to function correctly. Other programs have questionable purposes at best and still others are outright gunk. This mix is different from manufacturer to manufacturer and within manufacturers different from model to model or series to series.

The lowdown is that you as a "normal" human being will not be able to correctly discern what is safe to remove and what needs to stay. I have personally witnessed even experienced professionals failing at that and I am VERY careful and conservative when I do that.

In your case I assume hat you can at least uninstall the existing Google Chrome version. I don't want to say more because it could be just the wrong advice in your computer's case.

Besides that I strongly recommend, no urge my customers NOT to use Internet Explorer. Use Firefox instead, but please only the original version and not Yahoo's crippled version.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance. 

Click here for a categorized Table Of Contents.

Foistware - More Than A Nuisance

The following mainly is an excerpt from my recent article "PDF Creator - Good Bye". If you have read that article you don't need to read this one.

Developers of free software always had the problem of somehow making some money; they have bills to pay too!

Quite often good free software was meant to be an "entry drug", to entice you to later buy the paid version of that software. Users of these programs were reminded at certain intervals or during certain functions like updates to buy the paid version.

Over time these reminders became more intrusive and sometimes even sneakily disguised down to the point of being outright obnoxious. Good examples of the latter are AVG and Avast antivirus programs.

To further the sale of paid versions the developers of these programs made it more and more difficult to upgrade without inadvertently switching to the paid version. 

Another method of attempting to get at least some money was and is soliciting donations from users of the program. Way too few people were willing to part from their $$ for a piece of "free" software, even if they used it daily!

Both aforementioned methods and others apparently did not have the desired effect. Software developers now are prone to look for a more direct method of getting paid.

They fall for the sales pitches of third parties and offer Foistware.

Rather than repeating all the information I point you to a very good description of foistware in this ZDNet article by Ed Bott. I recommend a look at his "Foistware Hall of Shame" as well.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

PDF-Creator Good Bye!

On most computers that I have set up in the past I did install a program called PDF-Creator. It allows very simple creation of a PDF file out of any kind of document. You simply print that document on a virtual printer and voila you have that "printed" document as a PDF file.

PDF Creator still is the same good piece of free software that IMHO it always was; but something rather nasty has happened around it. Let me explain and set the stage.

Developers of free software always had the problem of somehow making some money; they have bills to pay too! Quite often good free software was meant to be an "entry drug", to entice you to later buy the paid version of that software. Users of these programs were reminded at certain intervals or during certain functions like updates to buy the paid version. Over time these reminders became more intrusive and sometimes even sneakily disguised down to the point of being outright obnoxious. Good examples of the latter are AVG and Avast antivirus programs. To further the sale of paid versions the developers of these programs made it more and more difficult to upgrade without inadvertently switching to the paid version. 

Another method of attempting to get at least some money was and is soliciting donations from users of the program.

Both aforementioned methods and others apparently did not have the desired effect. Software developers now are prone to look for a more direct method of getting paid at least some money. They fall for the sales pitches of third parties and offer Foistware. A very good description of foistware is in this ZDNet article by Ed Bott. I recommend a look at his "Foistware Hall of Shame" as well.

You ask what all this has to do with PDF Creator? A lot since PDF Creator got loaded with OpenCandy, an IMHO classical example of foistware. So far I could easily circumvent OpenCandy during installation of PDF Creator. But now PDF Creator's developers have decided to include OpenCandy and almost clandestine offers of junk into PDF Creator's update function! Take a look at one of PDF Creator's current installer windows :

 

In the top oval highlight you see pre-selected choices to install Babylon, IMHO one of the most heinous pieces of software currently pushed on unsuspecting people. Don't take my word for it, just read a few comments by people (all original quotes from here):

"Babylon is total f***ing malware. I unchecked every box, refused every intrusion it offered, and BOOM I find it has installed itself anyway. Oh and not just installed itself, infected Firefox to the bone. It is utterly inextricable using conventional means. One must dig into Firefox system files via about:config and manual expunge each hidden piece of malware. "

"Why is Babylon software not classified as malware? My computer is infested with it; . . .  if it did not automatically install itself everywhere."

"I do not need it and I cannot get rid of it. It overrides my settings in an obscure way that seems impossible to be corrected."

"Does anybody know how to remove this stuff?"

 Now, in above example you have to do four things to avoid getting Babylon installed:

1. DE-select the check mark by "Make Babylon Search my home page"
2. DE-select the check mark by "Install Babylon toolbar"
3. DE-select the checkmark by "Make Babylon my default search" 
4. And you have to click on the Decline button.

 If you click on Agree you have done just that, agreed to Babylon taking over your web browser(s) and the settings in the check marks are ignored.

I have used PDF Creator and Babylon as examples only! PDF Creator can offer other foistware that requires other methods of avoiding it! user beware!

All this sneaky stuff happens thanks to OpenCandy being now in PDF Creator's installer!   

What to do about it:

If I have set up your computer before August 2012 you likely have PDF Creator running. Please remove it! I recommend these steps:

1. Open the Control Panel
2. Open Programs and Features (on XP it is Add/Remove programs)
3. Find and highlight "PDFCreator"
4. Click Uninstall (on XP it is Remove) and follow the prompts
5. Open the Printers folder.
6. If you still see a printer "PDFCreator" Right click on it and click on Remove device

If you want to retain the option of creating PDF files by simply printing them to a virtual printer I recommend from now on doPDF. You can download it from this web page as well; please do not use the mirror links at the end of the page. Some of these go to download portals that I recommend to stay away from.

When you install doPDF you will see the window pictured below. Please set the switch "Always use this folder" to your personal preference.

If you have difficulties doing any of that or if you feel intimidated by the tasks at hand then I would love to help; you know who to ask. 

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.