Archive for March, 2008

Don’t believe everything you see on TV

Sunday, March 30th, 2008

Recently I’ve been seeing ads on television for FinallyFast(dot)com.  Supposedly a piece of software for Windows which will speed up your computer.  Since I’ve seen many pieces of software of this type advertised in various media, I was curious, though skeptical.

Going to the site, SiteAdvisor gives it an unknown rating at the time of this writing.  I’ve submitted it for them to review.  The site for the parent company, Ascentive, listed in the top right of the FinallyFast web site comes up red.  I used the SiteAdvisor plugin to get a report of the site and it stated that “Well-respected security researchers have analyzed the software available from this site and found that it offers little or no security protection and may use deceptive sales tactics.”  A link is then given for the Spyware Warrior Rogue Anti-Spyware list, a resource I’ve used frequently whenever I come across a new anti-spyware tool on a client computer.  It states for the Spyware Striker Pro software offered by Ascentive “ridiculous false positives; outrageous license terms; trial version uses outdated defs.”

So, how do you determine a source that you can trust for good software that isn’t going to make things worse?  That can be a huge challenge given that there are so many questionable options out there and they are pointing to themselves and other questionable software.  I could point you in a few directions but how then can you trust me?  I’ll admit that I have a business and a reputation to protect but that may not be sufficient reason.  Between flashy packaging, web site, TV ads, and your best friend, it’s a lot to take in.

As a starting point, the rogue list above also has a link to a trusted list of software.  It’s not the be-all, end-all list of options, but it’s something.  Feel free to e-mail me and I’ll let you know my thoughts.

They don’t stop trying to be sneaky

Wednesday, March 26th, 2008

A recent issue I’ve encountered recently is where the user receives the following e-mail:

 From: “Automatic Email Delivery Software” <postmaster@[ISP]>

Subject: Returned mail: see transcript for details

Dear user of [ISP],


We have received reports that your account has been used to send a huge amount of junk email messages during this week.

We suspect that your computer had been compromised and now runs a trojan proxy server.


Please follow our instruction in the attached file in order to keep your computer safe.


Best wishes,

The [ISP] support team. 

Prior to this, the user had been seeing bounce-back messages from places she had never e-mailed suggesting that either she did have such a trojan installed or her e-mail account had been hacked.  The above e-mail also included an attachment which supposedly contained instructions.

This has been seen in various configurations over the past week or so.  I was fairly confident that the trojan did not exist as the user has a Mac (although using a Mac doesn’t make you immune to nasty software, it does put you in a category of very low risk).  So, working on the assumption that the e-mail account had been hacked, I changed her passwords on every account she had with this ISP.

Some of the e-mails that she received purported to be from someone other than her ISP.  The body text was identical, however.  This made it an obvious clue that the e-mails were being sent by someone with less than honorable intentions.  The second clue is that the instructions referenced in the e-mails was an attachment.  In all cases the attachment was either a .SCR file or a .ZIP file containing a .SCR file.  The .SCR extension denotes a Windows screen saver (not likely to work on the Mac in question).  As such it is an executable file and likely contained some sort of bad thing, likely the “trojan proxy server” as referenced in the e-mail.

It is unfortunate that these kinds of bad things occur and try to snare people further by claiming to be something kind when they’re not.  Other recent scams have been the greeting card e-mails which make it seem like a friend sent you a nice electronic card but you click on the link to go to the site and all havoc is wrought on your computer as a result.

Keeping yourself safe is becoming more of a challenge these days, especially when a new avenue of attack comes around (the greeting card method grabbed many by surprise before it became published in tech industry news).  The general advice is still the same:  Keep your anti-virus, anti-spyware, firewall, and operating system software up to date; if something comes through all that and still looks suspicious, ask someone you know to be more knowledgeable than yourself to take a second look at it.

Why you shouldn’t have a screensaver

Monday, March 17th, 2008

Back in the day (which sounds odd since it’s only 10-15 years ago) monitors would suffer from a condition known as burn-in.  This is where an unchanging image on the screen (say the borders that surrounded a form you would fill in every day) would create a persistent dark spot on the monitor that could even be seen when the monitor was off.  It didn’t take much for a monochrome monitor to suffer from this, either.

Enter the screen saver.  This utility would blank the screen and possible display a changing image.  These began to get more extravagant as time went on.  The long-standing favorite was After Dark with its now iconic flying toasters.  Eventually screensavers would become integrated into the operating systems and not require a third-party software product (although After Dark was arguably more entertaining than what Microsoft or Apple included with their systems).

Today, however, screensavers are not as necessary as they used to be.  The color CRT monitor is less susceptible to burn-in than the monochrome CRT.  The now popular LCD is almost completely resistant to burn-in (I say almost because I have seen it happen once).  Even so, many people believe they have the need for a screensaver because of what history has shown us with burn-in.  Many people just simply like them as an entertainment of their own.  As such, they’ll often look for something less boring than what the operating system already has which will take them to risky places as I posted about on Saturday.

Why do I feel you should bother with a screensaver?  Simply, burn-in is less of an issue, and the power needed to drive the monitor during the screensaver when you aren’t actively using your computer is creating an expense you should be willing to do without.

Modern operating systems can be set so that the monitor can be shut down into a low-power mode after a certain time.  I usually set mine to do so after an hour figuring that if I’m not at my desk, I should have turned it off by then anyway.  This saves on both power and the wear on your monitor.  My computer will also go to sleep some time after that to save even more power and wear.

If after reading this you still just gotta have a screensaver, may I suggest Electric Sheep? I mentioned this on Saturday as well.  It has one advantage over other screensavers in that it changes constantly.  I actually do run this myself and I find it almost completely different each week.  It’s hard to get bored with it at that rate.  I have Electric Sheep itself turn off its processing when the monitor goes dark so as to encourage my computer to sleep when its time comes.

Any questions? 

The lure of free software

Saturday, March 15th, 2008

Free software can be a wonderful thing.  For just about any task you need to do on your computer, someone has written a program to do it and is willing to allow you to use it without monetary compensation.  Some of these programs are classified as open source which means that not only can you use them, but if you know how, you can reprogram to suit your needs.  What’s not to like about that?

The problem comes when you decide you want something and now it’s time to go looking but you’re not necessarily sure where to go.  Your first inclination may be to bring up your favorite search engine and and look for it.  This can be good, but you may end up with software which has a hidden cost attached to it.

Popular categories such as screensavers and fonts will frequently come with hidden extras.  Often called spyware, these extras will then monitor your every move on your computer, report back to a server somewhere, and display pop-up ads based on what you’re doing.  Install several different such things from various locations and you may have a huge mess of many programs sitting in the background watching what you’re doing slowing it down as a result.  The scary part is that you don’t know what information they’re gathering for their reports.

Protecting yourself from these is better than trying to remove them afterward.  Your anti-virus program (you are running one, right?) will catch some, but not all of them, as you try to download them.  However, you don’t have to wait to download something to have an idea as to how well you can trust it.

Enter SiteAdvisor.  Originally created as an independent plug-in for Internet Explorer and Firefox, it is now owned by McAfee, a maker of security software.  McAfee has still kept it as a free option but they also include it with their security suites.

The plug-in will put a status button on your browser to help you identify potentially bad sites. They use a color coded system to let you know how risky a site is going to be (green for low to no risk, yellow for medium, red for high, and gray for not yet rated).  When you’re on a site, the button will change color appropriately.  If you’re searching for something, SiteAdvisor integrates with popular search engines like Google and Yahoo! to let you know before clicking if one of the sites is a problem.  You’ll have icons with the same color coding scheme next to the links in a search result.

As of this writing, SiteAdvisor is available for Internet Explorer and Firefox.  I’d like to see it available for Safari as well, but Mac users currently have very little to worry about in the realm of spyware or viruses.  If you’re using some other browser such as Opera I would expect you already have an idea how to avoid bad things or you had a well-meaning friend or relative who set it up for you.

So, use SiteAdvisor, keep your security software up to date, and if you want a cool free screensaver that won’t be a problem, I recommend Electric Sheep.

Please feel free to contact me with any questions.

Look what I got in my e-mail today…

Friday, March 14th, 2008

I have many subjects that I’m itching to write about. I was trying to figure out the first one for this morning when the following appears in my inbox:

Subject: FW: Mosquito Prevention/Listerine

I got this from a friend….very interesting!

The best way of getting rid of mosquitoes is Listerine, the original medicinal type. The Dollar Store-type works, too. I was at a deck party awhile back, and the bugs were having a ball biting everyone. A man at the party sprayed the lawn and deck floor with Listerine, and the little demons disappeared.

The next year I filled a 4-ounce spray bottle and used it around my seat whenever I saw mosquitoes. And voila! That worked as well. It orked at a picnic where we sprayed the area around the food table, the children’s swing area, and the standing water nearby. During the summer, I don’t leave home without it…..

Pass it on.

We all get e-mails such as this from well meaning friends, relatives, and associates. The above was sent to about 200 people. I know the sender was well meaning and genuinely wanted to be helpful. However, I know that this kind of misinformation being spread can be nearly as annoying as spam.

Next on the list after this would be the jokes that keep getting sent. I’ve seen jokes sent by one person to a group, another person in that group sends it on to another group (to which I happen to belong), and so forth. I could see the same joke 200 times in the span of an hour because it was that good and everyone thought I would like it. To be honest, I probably did like it, but that was six months ago when I read it on rec.humor.funny.

So, how to deal with this. When I get an information type of e-mail from someone (whether it be good advice or a warning of some potential hazard) I’ll check it against a reference I trust. Most of the time, this will be Snopes. You can read what they have to say about the Listerine advice here. As you can see, it’s a waste of time.

To date, I have received exactly one e-mail forward which has any truth to it at all. You have to promise, however, NOT to spread the word out to all your friends but the details can be found here.

In addition to Snopes, you can use any search engine (Google, Yahoo, etc.) to determine the validity of any of these pieces of advice.

Any questions?