PuPs - Again and What are they?

Potentially
unwanted
Program

That exactly is what PuPs are. Now that formulation with "potentially" is a protection against frivolous law suits; every PuP does something, in the opinion of it's author definitely something positive and useful. The word potential protects everybody who has to or wants to name these programs from lawsuits.

In my opinion EVERY PuP out there is outright malware and it is sad that existing laws and court decisions force us to use the word potential at all.

I happened to run across a good article (IMHO at least) about PuPs. You can find it here.  Yes, it's three years old and I believe I have already linked to it in an earlier article. I hope you don't mind to get the suggestion to refresh your memory.

The article I linked to in the previous paragraph refers to an even older article about one of the major sources of PuPs on our computers, the so called Download Portals.
IMHO a refresher about this might be recommended as well.

Stay safe.

FINALLY - Microsoft comes to (their?) senses

FINALLY something IMHO long overdue is going to happen:

Microsoft will start to remove the worst of the bad ones!

Please read the details here.

You don't need to call me if after March 1st. your "Optimizer program" has gone missing. I will wait and see what else they (Micro$oft) will declare "coercive" and then remove.

Stay safe!

Ransomware IS on the Loose, NO JOKING!

Today I met with a customer who recently I had pointed to my blog posts about ransomware. He sort of poo-pooed my words and pointed me to his safe habits.

With his permission I looked in his (very big) Inbox with about 1,000 emails. I looked only for mails with attachments and found quite a few.

I grabbed randomly one of the attachments, a ZIP file by the way, and saved that file to the computer.

Then I went to Virustotal.com, uploaded the file and had it tested. The results speak for them selves, here they are:

Clearly this file contains a downloader and a variant of the encrypting ransomware Locky. And who knows what the downloader would do to the machine if it ever gets to run.

Currently DO NOT directly open ANY attachment from an email, no matter how "good" you think you know the sender or what ever excuses your brain comes up with.

Always save the attachment to a place on your computer you can easily access like the desktop.

Then in your web browser go to virustotal.com, browse to the file - in this example on the desktop, upload the file and if virustotal.com comes up with anything then delete the file AND the email it came from!

Better safe than sorry!

And before you ask, some of my previous articles about ransomware are here, here, here, here and here.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Stay safe.

What browser?

I got an email from a customer and believe my reply might be of interest to many people. The customer quoted an article from another blog(?) that recommended to search directly out of the URL field. Here is my reply verbatim as I sent it:

The crux with all these "easy" tips is that they all play right into the industry's game.

The more searches any given search engine gets to perform the more money they can ask for their aggregated info on what we search for. The search engine companies may not directly advertise to us but the companies that buy this aggregated search information can then advertise better and more directly to us.

• It's a fact that Bing and Yahoo (they use Bing) do NOT show us what in the search results are paid advertisements.
• It's a fact that way too many advertisements get abused to get malicious programs on our computers.
• It's a fact that some web browsers (like IE and Edge, both from Microsoft!) make it very difficult or don't allow us at all to suppress advertisements.
• It's a fact that Google does not allow us to suppress certain advertisements in Google's own Chrome browser.

All the before said and more is behind my STRONG recommendation to use only Firefox as I set it up for my customers.

And I urge my customers to search ONLY out of the little browser specific Search window:

because when you search from there you get a Google search result

MINUS any advertisement(s),
PLUS the red, yellow and green Web of Trust ratings right by every search result.
AND your search with Google has happened anonymously!

Update Jan. 10th 2017:
Sadly around November 5th 2016 Mozilla, the organization that supplies Firefox and Google have removed that piece of code from their download pages; some details are here.
If you remove the WOT extension or add-on from your Firefox browser it currently can not be re-installed!
Google recently made the WOT extension available again.

If that is not reason enough for any of my customers it's their decision and their money if I have to clean up their machine again.

 Stay safe!

2016-04-07 WBKV Talking Points

This is the first time ever in 12 years of regular radio shows that I do not have a set agenda for the 15 minutes ahead of us.

Listeners, please call in with ANY kind of question you may have around your PC and MS Windows.

Other than that only the standards;

    - Use common sense!
    - Read and think(!) before you click.

    - Update ALL programs you use.

   - Ransomware.

    - Backup your data and your system!

And stay safe.

Avoid or Mitigate Ransomware Risks

A big THANK YOU to the Emerging Threats Team at SophosLabs and their blog Naked Security for their excellent recommendations on this nasty but important topic.

I have taken the liberty to add some remarks just to help you remember important little details that are easy to forget in cursive.

• Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  
  But do not, I repeat, do not leave your backup device connected to the computer. Always unplug the backup device after the backup is complete!
   
• Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
  
  Naturally they don't tell you that the click they ask you to do will turn macros back on. They rather trick you into believing that clicking is the thing to do to be able to read what they sent you...
   
• Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s the one you want, but you can’t tell if it’s the one you want until you open it. If in doubt, leave it out.
  
  Currently I do not open ANY attachments; I call the sender and have them explain what and why they sent the attachment and even if all that checks out I additionally check the attachment on Virus Total. 
   
• Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
  
  Quite a lofty ideal as I am currently experiencing first hand.
   
• Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!
  
  Now is a good suggestion, I will have to do that!
   
• Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.
  
  As I always preach: Update, update, update.

That is it; certainly to a large part common sense but here it is, nicely packaged and in one place.

Stay safe!

2016-03-24 WBKV Talking Points

Today nothing but viruses, malware and currently acute dangers.

• Ransomware (so far mainly from infectious MS-Office documents)
  Record ransom paid; 17 million US$ 
   -  -
• now infectious advertisements on BIG company web sites with 100s of millions of visitors every day:
  - -
  New York Times (nyt.com)
  AOL.com
  ESPN.com
  MSN.com (MicroSoft Network)
  NFL.com (yes, National Football League)
  TheWeatherNetwork.com
  TheHill.com
  Yahoo.com  and many more.

I feel like a prayer wheel:
   If you see advertisements in your web browser your computer is at risk!

Firefox web browser with Adblock Plus and WOT are the browser protections you should use!

No, not Goggle Chrome, Safari or Edge or Internet Explorer!

2016-03-10 WBKV Talking Points

Part 2: Stay Safe on the Internet

Be aware that trustworthy companies, especially Microsoft and it’s affiliates, will never contact you because of a supposed technical problem of any kind.

The following will definitely be scams:

• Phone calls
• Advertisements for technical support for any software product on search engines like Google, Yahoo or Bing
• Pop-ups for tech support from social web sites (Facebook! or LinkedIn)
• Pop-ups for tech support that promote phone based tech; these usually require a previous malware infection or an unsafe web browser.

Scam avoidance 101:

1. Never completely trust someone you don’t know who called you.
   Listen to them, if you like.
   
2. Ask questions, if you feel like it, but NEVER EVER give them access to your PC
   
3. NEVER EVER give them any payment information.
   
4. Tell them that you will let your local tech look into it (even if you don’t have one).
   
5. If the caller hangs up – good for you.
   
6. If he/she gets impolite or abusive it’s your time to hang up!

Afraid of a real problem? Do the research yourself or contact a trusted tech support person.

Chances are there’s nothing to see at all.

If you have handed over payment information, you’ve just given that information to a complete stranger. Immediately put your credit card or payment provider on fraud alert. If you allowed the scammer to access your computer things can get ugly. Do NOT use the computer; you usually have no idea what they did. You need a trusted technician to check out your machine.

This IS a common scam right now and the best defense is to not fall for it in the first place.

Another currently growing threat: MS-Word, Excel or Powerpoint files sent as attachments! When these files are opened you mostly see the request “... to turn protection on ...” or similar tricks. Don’t do it, don't believe it, it's a trick!  Many very nasty ransomware viruses use this trick! If you do not have a current backup YOU PAY! You either pay the crooks to get your files back and/or a trusted technician to re-build all the software on your computer.  And if you don't have install disks for Windows  - b.t.w. they do NOT come with computers any longer - you have even more problems.

Stay safe.

2016-02-25 WBKV Talking Points

Stay Safe on the Internet

1. Always install Operating System updates
    
2. Keep your installed applications up-to-date
    
3. Do not use the same password at every site
    
4. Install and be sure to update your anti-virus software
   
   
5. Additionally install a free anti-malware scanner and use it(!) regularly
    
6. Use a firewall (the FW built-in to Windows is good enough!)
    
7. Backup your data!
    
8. Enable the display of file extensions
    
9. Do not open attachments from people you do not know (especially Word files, Locky ransomware travels in Word files! Use MS's Word and Powerpoint viewers to check files)
    
10. Delete emails that say you won a contest or a stranger asking for assistance with their inheritance or money transfer
     
11. Watch out for online and phone support scams
     
12. Ignore and close web pop ups saying your computer is infected or has a problem (use ALT+F4)
     
13. Ignore and close web pop ups that pretend to be a Windows alert (use ALT+F4)
     
14. Some types of web sites are more dangerous than others
     
15. Be extra vigilant when using Peer-To-Peer Software (torrents!)
     
16. When installing software, watch for "bundled" tool bars and programs you don't want
     
17. Read the End User License Agreement (EULA) Lol, I know!  
    
     

2016-02-11 WBKV Talking Points

Today I want to talk only (or mainly) about modern malware and how it gets in our computers.

Pull up this web page and you have the detailed blueprint for today's talk.

The 10 worst offenders are (IMHO #1 is by far the worst one):

1. Download portals
2. Fake updates (e.g. Java, Adobe Flash, Yahoo!) 
3. Installer programs (mainly from download portals)
4. PuPs downloading and installing more PuPs
5. Express installation (expressway to an infected computer)
6. Custom Install abused with confusing EULAs
7. Home page and search provider changed
8. Forced install (e.g. Inbox Toolbar)
9. Other people(!) using your computer (visitors, relatives)
10. Researching PuPs; do it ONLY in a virtual machine! 

Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them.

Disclaimer: I copied the title literally from this blog post.

And that is all I want to say here; this article is simply a MUST READ if you ever had PuPs installed or had to call me because everything got so slow or whatever problem you had.

95% or more of all computer problems I encounter nowadays are initially caused by a PuP! The authors of these PuPs have gotten very clever and constantly invent new tricks to dupe the unsuspecting computer user.

Only permanent vigilance, caution and attention to detail can ultimately somewhat protect us and our computers. 

Please note the use of the word "somewhat" in the previous paragraph! 

For the first time ever I will directly recommend a piece of commercial security software. 

If you want the IMHO best automatic protection against all kinds of malicious programs including PuPs then you will have to pay some money, currently just shy of $40 per year for a single computer. You find details about Emsisoft Anti-Malware here.

Another disclaimer: I am in no way at all associated with Emsisoft or any of their distributors or resellers!

If you don't want to pay that is fine, you just have to DIY (do it yourself). MSE or Defender in conjunction with Malwarebytes Free will do it just as well but you have to regularly do more yourself.

Whether you want to pay for Emsisoft Anti-Malware or not doesn't really matter, IMHO you simply HAVE TO READ this article.

 Stay safe.

"Free" Security programs - For A Price

I stumbled over this article on How-To-Geek.

I wan to save you the hassle and time to read this lengthy article your self and will quote a few selected and IMHO most relevant snippets.

My stance toward the remaining "free" security programs as well as the well known commercial offerings is known; I have expressed this here repeatedly. So let's begin:

1. Free antivirus applications aren’t what they used to be. Free antivirus companies are now bundling adware, spyware, toolbars, and other junk to make a quick buck.... At one point, free antivirus was just advertising, pushing users to upgrade to the paid products. Now, free antivirus companies are making money through advertising, tracking, and junkware installations.
    
2. Comodo ... change[s] your web browser’s search engine to Yahoo! and bundles the GeekBuddy paid tech support software. It also bundles other Comodo products you might not want, including changing your DNS server settings to Comodo’s servers and installing “Chromodo,” a Chromium-based browser made by Comodo. ... As the Comodo-affiliated PrivDog software contained a massive security hole similar to the one Superfish had, there’s a good chance you don’t want a bunch of other Comodo-developed software and services thrown onto your computer.
    
3. Lavasoft’s Ad-Aware pushes “Web Protection” that will “secure your online search” by setting SecureSearch as your web browser’s homepage and default search engine. Despite the name, this isn’t actually a security feature. Instead, it just switches your web browser to use a branded search engine that actually uses Yahoo! in the background — this means it’s powered by Bing.
   If you prefer Bing, that’s fine — just use the full Bing website. You’ll have a better experience than using Lavasoft’s rebranded, stripped-down search engine.
    
4. Avira encourages you to install “Avira SafeSearch Plus.” This is just a rebranded version of the Ask Toolbar, redirecting your search results through a rebranded version of Ask.com’s search engine. If you wouldn’t want the Ask Toolbar installed, you wouldn’t want this rebranded version of it installed either.
    
5. ZoneAlarm also wants you to enable “ZoneAlarm Search” as your browser’s default homepage and search engine, along with installing a ZoneAlarm toolbar that is - once again - a rebranded version of the Ask Toolbar.
    
6.  Panda {Free Antivirus] attempts to install their own browser security toolbar as well as change your browser’s search engine to Yahoo, and its home page to “MyStart,” which is powered by Yahoo. To Panda’s credit, they at least don’t attempt to trick you by offering you a renamed Yahoo search engine or home page.
    
7. avast!’s installer also tries to install additional software you might not want. We’ve seen Dropbox offered here in the past, but avast! attempted to install the Google Toolbar when we tried installing it.
   Programs like the Google Toolbar and Dropbox are high-quality software you might actually want, so avast! comes out looking very good compared to the other options here. But even avast! has done done some questionable things in the past — witness the avast! browser extension inserting itself into your online shopping.
    
8. AVG has its own suite of obnoxious utilities, including the AVG Security Toolbar, AVG Rewards, AVG Web TuneUp, and SecureSearch.
    
9. BitDefender offers a stripped-down free antivirus. ... BitDefender is still pursuing the strategy of attempting to upsell you to the paid product.
    
10. MalwareBytes doesn’t attempt to install any extra junk on your computer, although the free version doesn’t offer real-time protection. To their credit, MalwareBytes is offering a free tool that’s useful for manual scans - it even picks up and detects [and removes!] much of the adware other programs install - and encouraging you to pay for a more full-featured product.
    This tool could be quite useful in combination with another antivirus, like Microsoft’s free Windows Defender or Microsoft Security Essentials solution. But it’s not a standalone free antivirus you can depend on, as it lacks the real-time scanning.

 Not too nice a situation out there, right? You either pay up or you have to live mostly with junk you did not want in the first place.


Don't despair, a good, time proven free solution is available since about 2009.

For now over 13 years I "fix" my customer's home computers by removing all sorts of viruses and other malicious or obnoxious software. Most of my customers call themselves "computer illiterate". All of them have lived safely with mostly little or no manual effort.

The only malware infections happen now when someone "falls" for a social engineering trick; that is in effect when the customer for a moment was inattentive. And hat is just a human weakness, I know from my very own experience.

If you want to know details about this solution plese drop me a personal email; thank you.

AVG + Google Chrome = TROUBLE

Happy and healthy New Year to everybody!
... It's the first post in 2016 ...

The title describes the newest formula for disaster.

For years I have advised against using Google Chrome as your primary web browser.

For years I have advised against using AVG's free "security" programs.

Now this combination has become a wide open barn door for malicious software and/or viruses to take over your computer. You can read more about the details here.

If you use AVG I recommend to uninstall it and instead rely on Microsoft's Defender respectively Security Essentials in Windows 7. If you run into problems when you uninstall AVG you find AVG's special removal programs here. Take care to download the correct "bittedness" version for your version of Windows.

I you use Google Chrome I recommend to install Mozilla's Firefox browser; in Firefox you need to install two extensions or add-ons:

1. Adblock Plus and  
2. WOT (Web Of Trust)

After you install Firefox go to the Bookmarks manager (Bookmarks, Show All Bookmarks. Import and Backup, Import Data from Another Browser, select Google Chrome) and import bookmarks ONLY! When you have your bookmarks in Firefox please uninstall Google Chrome.

That plus some applied common sense is all you need to be and stay safe on the Internet.

If you want to do more against eventual advertisement malware and so called PUPs then download THE FREE version from here. Install Malwarebytes only AFTER you read this article about how to install and use it correctly.

Stay safe!

Yahoo! Get away from there - QUICKLY!

Although I am on vacation this is too important for quite a few of my customers. Here it goes:

If you have a Yahoo email address you need to read this! All others can relax - for now.

It has happened; this ZD-Net article has the details why for some of their users Yahoo has made it impossible to access their emails. Currently for "some users" only but what if this "test" proves successful for Yahoo? They will do it to all accounts! You can bet on that!

Why did these good people with a Yahoo email address get bloaked from accessing their emails? They used an Ad blocker because

1. they could not stand the many obnoxious ads and/or
2. they had heard about the many virus infected ads Yahoo has served in the past or
3. they just happen to be my customers.

My recommendation: Set up a Gmail account with Google. Be careful to give Google only the minimally required info about yourself.

Then set up your new Gmail account to automatically pull all mails from the Yahoo account. Google so far always has been far better at blocking malicious content from the Internet.

Let's hope that Yahoo's attempt to force feed advertisements fizzles out and becomes a big failure.

Repair Scams And New Variants - Again

Please click this link if you are looking for information on Windows 10.

I hardly can count how often I have spoken in my radio shows about repair scams and other tricks crooks use to scare unsuspecting computer users into handing over their credit card info; that is what all these and similar scams come down to.

Here is only a small selection of articles from this blog that deal with various aspects of this situation - with NO claim of completeness at all:

• June 2012 "Email Scams Getting More Elaborate"
• February 2013 "Phone Scams - Way Too Many!"
• May 2013 "Email From The IRS? No Way!"
• September 2013 "Cybercrime"
• October 2013 "How Malware Gets Installed"
• February 2014 ''New Twist - Old Scam"
• October 2014 "How To Spot Socially Engineered Emails"
• April 2015 "Bye bye Viruses, Hello Carelessness"

The newest twist in this never ending saga happens as follows: You are on a web site you have been on many, many times, let's say for information on your favorite hobby. Naturally after having used that web site for years you assume it is "clean" and the information from there is valid.

But suddenly you get a pop up window or some other kind of message informing you that "your computer has been reported" to some "Windows Security" team or it "is infected with 567 viruses" or similar.

This sort of pop up is by definition a scam!

• Do not click anywhere in this window.
• If applicable DO NOT call the toll free phone number givin in the message.
• Do NOT "x out" of this window, that is do not click on the "red X" in the top right corner of the window to close it.

The only safe way out of such windows and/or messages is to close them with Alt+F4, that is holding down the Alternate key and while holding this key down pressing function key F4.

Beside getting out of this window safely I would avoid ever again going to this web site. There is almost always some alternative.

Why did I above say "... is by definition a scam"?

1. There is no "Windows Security" team or company or anything even vaguely similar.
2. You Windows operating system does NOT report any info to anybody; only malicious software does that!
3. Neither Microsoft nor any of their partner companies care about your computer's and your well being! 

You don't even have to take alone my word for it; here are links to two very official web pages about that exact same issue: 

1. Tech Support Scams from the Federal Trade Commission  and

2. Avoid tech support phone scams from Microsoft's Safety & Security Center

Stay safe and always(!) heed the first of my 10 Commandments Of Safe Computing.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

2015-05-14 WBKV Talking Points (May 14th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

New ways to infect computers:

“… emails ostensibly sent from legitimate companies with which we might or might not have had previous business. ... often includes a link requesting to update your account. The legitimate company has no idea it’s name is being abused. Anyone who is familiar with the company might click the link and immediately have their machine attacked.”

Even small company's names are now being used.

Most malware is directed at Windows, not Mac and a phenomenal rise in malware for Android phones; Android is an open system. When installing Android apps, you give permission for the app to use various system features. Nobody who installs Android (or Windows) software reads the EULAs and permission notices; we simply accept them with a click.”
Some outrageous statements and demands have been discovered in some EULAs by people who actually read them. A list of some of the funnier ones is here: makeuseof.com.

Malicious advertising on the rise. My customers are safe if they use the computer as I recommend, that is Firefox browser with Adblock Plus extension enabled.

Windows Server 2003 will go out of support after July 14^th. You have to update! Running an outdated server is hazardous to everyone connected to it!

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Bye bye Viruses, Hello Carelessness

It's almost like in the Everly Brothers song "Bye Bye Love" from 1957. They sang

Bye bye happiness, hello loneliness...

I am enticed to, no, don't be afraid, not sing but say

Bye bye viruses, hello carelessness...

In August 2014 I wrote in this blog the 2014 Update On Malicious Programs. Everything in this article is still valid today – which in the fast changing world of computers is astonishing all by itself. Self replicating viruses that "find and infect" our computers by their own accord have gone almost extinct.

What has massively changed though are the tricks and methods used by miscreants to foist their malicious junk software on our computers. It is so bad that I feel compelled to say

Do NOT click on any link in any email,
do NOT open any email attachment
and NEVER click in any advertisement.

Does that sound extreme to you? Good, because it is extreme. We are in an extreme situation and it's getting worse so extreme measures seem appropriate.

In the meantime you have learned to immediately delete emails with an unfamiliar sender address. But what about the email from that buddy of yours who always sends all the jokes? My advice is to IGNORE it! Just hit the Delete button. If that email really was from him and if he were a nice guy he would have told you in the email why and what he sends there. If he does not have the decency to do that you better err on the side of caution and delete that email; you may “miss” a joke but what is that compared to $100 or $200 cost for a good clean-up job?

Another way how modern malware (called PuPs) is distributed are dirty tricks pulled on us when we apply required updates. Even big, well known companies participate in these schemes; names that come to mind as examples are Oracle, Norton, McAfee and Adobe. Some visual examples are here.

And don't get me going on advertisements. Listen up:

If you see advertisements on your computer screen then you computer most likely already is compromised. Get it cleaned up!

And then the sneaky methods that well known download web sites like Download.com, Cnet.com and other use. You want to download that nice free little program and what they give you is a specially crafted downloader program that in turn is supposed to download the program you actually want. But what you get are one or several PuPs and then the program you really wanted.

The only method to help here is to watch for the tricks, traps and deceptions. 

In July 2013 I published my 10 Commandments Of Safe Computing. To heed the first of these has become more important than ever before; it reads:

Thou shalt read and think(!) before you click.

Be vigilant, pay attention to details and always remember: If it sounds too good to be true it usually is not true; especially in this day and age on the Internet.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

"Tests" of Security Software

Again it is a customer question that triggers new information on this blog; Thank you Frank C.

The customer asked what I think about the results of a test of Security Software in Consumer Reports' June 2014 issue.

I am not subscribed to Consumer Reports and the contents of their publication is not available online. Luckily the customer had attached a pdf file of the article. Without permission from CR I can not publish it here.

Needless to say that Microsoft Security Essentials/Windows Defender ended up on one of the last places in the rankings. That is very relevant to me because all my home customers use either one of these anti virus programs.

Here is my reply, almost verbatim from the email.

Thank you for the question. A few points in no special order as a reply.

Who actually ran these tests?
And who financed them?
Consumer Reports certainly does not have a proper test lab; that takes years to develop and a big lot of money to finance and run.

I have seen dozens and dozens of "tests" that were paid for by manufacturers of "security software".
And guess what, the result was always that their specific product ended up on top of the list.

Microsoft Security Essentials and Windows Defender on Windows 8 are not "security" programs, they are classic anti virus programs. Anti virus programs protect against getting virus infected files on your computer. And in my limited experience of 12 years and ca. 6000 distinct home customers these two programs do an excellent job at that.

To compare the two MS programs 1:1 against security suites is ridiculously wrong and done to dupe the un-informed into wrong conclusions.

Security suites try to supervise every click and input in web pages.

An endeavor that brings additional computing burdens but is doomed to fail because most errors are or are a result of an EBKAC (Error Between Keyboard And Chair).
Please see an irreverent remark below.

Most security suites are a very noticeable additional work load even for well equipped computers.

Just today I had been called to "slow" computer. After removing the PuPs the machine was still sluggish. After removing an older version of Norton Internet Security (about 4 years old)  the computer suddenly worked just fine. It was a BIG perceivable difference; I have seen that many, many times. This effect is not specific to Norton, it applies to many brands of security suites; in my experience especially (but not limited) to AVG, Avast, Norton, McAfee and Trend Micro.

Many of these "tests" do not talk about the curse of free security suites, that is false positives. Erroneously marking a benign program as malicious leaves the non-geek home user clueless and helpless.

Avast especially has last year broken quite a few computers with insufficiently tested updates.

AFAIK only one of the programs in the CR test can even detect Poweliks, the worst and best hidden virus currently around.

AFAIK the only AV program that currently detects Poweliks is MS's Security Essentials/Defender! Although I use third party tools to remove it completely and terminally.

Re. EBKAC errors:IMHO no software in the world can protect irresponsible people from themselves.

We need to pay attention to the details and we need to heed #6 of my 10 commandments for safe computing.

Frank, please do not take the last paragraph personally; it only reflects general observations that I make all too often.

Please let me know in the comments what you think; thank you in advance

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

How To Spot Socially Engineered Emails

For quite some time I wanted to give information about how to spot spam emails. That is quite a sizable field and I wavered too long. This time to my  and I believe to your advantage the wait pays off.

I discovered that KnowBe4.com already had done an excellent job and published the result as a one page fact sheet much better and more concise than I could ever have done it. The paper is called Social Engineering Red Flags. This link should show the information in your browser or in your reader application for PDF files.

I recommend to print it as a handy reference guide.

And here is a real life example; just this morning (10-20-2014) I received an email that looks on first glance like it came from Facebook, optically quite convincing. It is such a "classical" example that I took a screen shot to show it to you:

For me it goes without saying that I do NOT just click on a link in ANY email, no matter who the sender is supposed to be, no matter how "familiar" it looks.

The first clue is the sender address. Bad, simple forgery, not even an attempt to disguise the forgery; maybe that is even the miscreant's real email address. This is one of the times where I regret not to be a security researcher because I would love to mess a bit with this guy.

Then I did what for me by now has become second nature: I rested my mouse on the link (see the cursor). The translation of where the link would have taken my computer to in the status line (bottom left corner of the picture) confirmed my suspicion: The link goes to a web site in Russia. Did you see "http://pemoht-tb.ru/rand..."? ".ru" is the country code for Russia!

If you handle your email with programs or techniques that do not show you all the information from this example then you live dangerously. Imagine a teenager; they would blindly click on the link and voilà, the computer is infected and maybe you even loose all your files!

Oh well, more work for me... (tongue in cheek!_).


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Java - Yes or No?

On January 14 2013 I wrote about Java. This artcle should explain what Java is.

There mainly are two opposing views about Java on home computers around.

The first one says that Java is needed so rarely that it should not be on a home computer at all.

The second one just delivers it pre-installed on all computers sold over-the-counter in case you need it.

My personal view about Java is the following:

Have it installed for the (maybe rare) case that you need it.

My reasons are:

• If we are about to do something and get interrupted we tend to react somewhat frustrated. At this time we are very likely to get directed to the "wrong" web site for the download and we will probably get some sort of "blind passenger" or gunk software that we really neither need nor want.
  You doubt that? See the real life examples in this article.
   
• Over the years I had several very frustrated customers calling me and asking why Java was not installed. In every single case some well meaning but ill advised relative, friend or computer technician had removed Java.
   
• The few MB of disk storage space that Java needs are not an argument anymore; we are in  the age of 500GB and 1TB disk drives that a home user never will fill up. It is many years since I have seen a really full disk drive.

The price we have to pay is simple:

Keep Java up-to-date - and use common sense!

In What To Update from September 18 2011 I wrote:

Here is the list of the most important things that have to be kept up to date.
Added for this article:If you don't have any of these programs installed just ignore the entry in this list:

1. Windows (better: all Microsoft software)
2. Security programs
3. ‏Firefox web browser 
4. Firefox add-ons
5. Java
6. Adobe Reader
7. Adobe Flash
8. Adobe Shockwave
9. Thunderbird email client
10. Thunderbird add-ons

My conclusion:

• It is very easy to keep Java up-to-date when you do that regularly anyway and are not stressed.
   
• At a time where you will be frustrated and impatient (you want to get back to what you were doing when you got interrupted!)  you are more likely to get tricked to inadvertently allow some unrelated gunk to get on your computer.

For the non-technical home user I install Java and admonish the user to keep it up-to-date.

Naturally it always is my customer's computer so in the end the customer has to decide if they want to live with or without Java. Uninstalling Java is easy:
Control Panel > Programs and features > Highlight Java > Right Click > Click Uninstall.

Please uninstall all versions of Java that you eventually see. Old out-of-date versions are a HUGE security risk!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.