Archive for the ‘Malware’ Category

New version of Microsoft Security Essentials available

Wednesday, January 5th, 2011

Microsoft Security Essentials, the free anti-malware software that I recommend, has an upgrade available, although you wouldn’t know it by visiting the site.  You’ll kind of know it by looking at the program as it has slightly changed its appearance.  Not greatly, so you’ll just have to pay close attention to see the changes (I won’t spoil it for you).

A key reason I’ve recommended Security Essentials is that it’s light on the system.  One of the reasons that I don’t like the well-known brands (e.g. Norton, McAfee, Trend Micro, Panda, etc.) is how much of the system resources they use to do their job.  For the big guys, I see this as a combination of a pretty interface and trying to outdo each other by making sure magazine reviews show them with lots of check marks (i.e. does it do this, that, and the other thing).

Security Essentials 2.0 has become more efficient at its job and is even lighter than the previous version.  I’ve already installed it and I’ll be steadily updating my clients as I see them.  For the time being, Microsoft hasn’t rolled out an automatic update of Security Essentials.  I imagine that they’ll do so in the next month or so.

One potential downside of upgrading is that the installation may change your Automatic Updates setting to install automatically.  If you’ve set Automatic Updates to a setting which requires you to manually install or initiate, you may have to set it back to your desired setting after updating to Security Essentials 2.0

The bottom line is that this is a worthy upgrade.  If you have another free anti-malware software that you’re using, I recommend that you give Security Essentials a look.  If you’re using an anti-malware that costs money, let its subscription run out and then give this one a look.

Something good to say about Microsoft Internet Explorer

Thursday, December 30th, 2010

I’ve been a proponent of using any browser OTHER than Microsoft Internet Explorer for as long as I can remember.  In fact, I used Netscape Navigator from before Internet Explorer came about and continued using it until some time after it was purchased by AOL and its development stunted.  Once it was clear that Netscape’s browser would no longer be improving, I switched over to Mozilla Firefox.  At first it was a step back, but it has quickly become one of the best internet browsers that I’ve ever used.

I’ve said in the past that you can browse the internet more securely using Firefox compared to Internet Explorer.  However, a report has recently been issued that puts Internet Explorer ahead of other browsers in protecting against socially engineered malware.  This kind of malware convinces you to click on something so as to install a program.

Now, this isn’t an overwhelming reason to switch to using Internet Explorer, but it’s a good enough one that I don’t have to twist the arms of my clients to move away from it.

A good overview of the results and some of the dissenting commentary is available from this article at InfoWorld.

I’ll say what I’ve said in the past with regard to this kind of malware.  If you get a popup that says you’re infected with untold amounts of bad software, it’s likely to be a lie unless you can see clearly that it’s the anti-malware software that you know was already installed on the computer.  Following this advice should save you from a good percentage of the malware out there regardless of which browser you use.

I’ve been hacked!

Monday, December 27th, 2010

The reason why you haven’t seen any updates to the blog in a while is that it had been hacked.  I don’t know who or why, only the fact of the hacking.  At first I thought it was a problem with my hosting provider, but that turned out not to be the case.

Over 700 PHP files in my blog’s directory had code inserted into them.  The details of the code are a bit over my head and don’t really spell out what it’s supposed to do, but I was able to find some information with the help of Google.  Some details about this attack are on this site, this site, and this site.

I’m still working with Dreamhost to see what I can do to prevent it from happening again.  In the mean time, while I can, I’ll post updates a bit more frequently until I’m caught up.

I did find a great, free utility to help with the cleaning process.  Replace Text by Ecobyte Software.  I was able to feed it a directory of files and have it search for the hacked code and replace it with clean code (thankfully, the hack involved ADDING something and not REPLACING anything).  It worked so well that I wish the author continued to support it with Windows 7 and beyond.

So, look forward to a couple of posts tomorrow.

Advertising can be dangerous

Saturday, December 18th, 2010

Advertising on the internet has become something which we all must manage.  It’s the primary way that most commercial (non-merchant) web sites get revenue.  Depending upon the site and ad structure, the revenue is generated when you see the ad, when you click on it, or when you purchase something after clicking on the ad.

Because of this, it’s hard to recommend blocking ads.  Think of this, if everyone blocked every ad on every site, there would be no revenue for these sites and eventually they would go away.  Quite a disapp0inting prospect if you enjoy a particular site for its content.

There is a downside in that we cannot necessarily trust all the ads coming through.  While most ads are for legitimate vendors, the occasional fraud does appear.  Recently DoubleClick (a part of Google) was used to distribute an ad that installed software on a visitors computer without that person clicking on anything to install the software.  I read an article about it here with more details here.  DoubleClick is quiet possibly the largest advertising network.  If a malware producer can get on there, it could mean a lot of it is spread in short order.

The exploit initially used a vulnerability in Microsoft Internet Explorer.  As I’ve mentioned previously, I strongly recommend that you use a browser other than Internet Explorer for most of your browsing.  This isn’t complete safety as the exploit next used vulnerabilities in Java and Adobe Reader to get the installation to occur.  Just another reason why I recommend Firefox with the NoScript add-on.  You can read about that in my previous post here.

I’ll go into more detail later, but one of the big reasons any of these so called drive-by downloads occur is our common tendency to run our computers as an “administrator.”  In so doing, we (and the programs we run) have full access to everything on the computer.

These malware programs can be largely prevented from installing by using a browser other than Internet Explorer, keeping all your software up to date, and running the computer as something other than an administrator.  While staying out of the “deepest darkest” recesses of the internet can help as well, this malware was distributed on a commonly used advertising network so care needs to take place even on “good” sites.

It’s spying on me!

Sunday, December 5th, 2010

We’ll round up our malware primer with spyware in which I’ll include the lesser category of adware.  With these little buggers, there is some supposedly innocuous piece of software that’s watching what you’re doing, where you’re going, and what you’re typing in order to provide you with ads.  Some of these may even show you ads to sites where you already are (basically, you’ll see a pop-up ad for a merchant where you are already in the process of checking out your selection of goods).

That last bit doesn’t seem to make a bit of sense.  What is the reason for popping up an ad for a merchant you are already patronizing?  Well, for the ad revenue or affiliate commission!  That’s right, some unknown entity is going to get credit for the purchase you’re about to make even though that entity had nothing to do with encouraging you to buy.  In fact, if you’d already received the lead from somewhere else, this pop-up is now going to effectively steal the commission.

Why should you care about this?  Maybe it doesn’t matter to you who gets the commission for a purchase you are making.  However, many of the spyware out there are monitoring each and every step you make and sending that information to some unknown place.  By “each and every step” I include login and password information for any site you visit, including your bank.

What I’ve found with spyware today is that it is either relatively easy to remove (some of the fake antivirus/antispyware titles tend to be this way when they first appear) or so deeply ingrained that the only reliable way to remove it is to completely reformat your hard drive and reinstall the operating system (this is best done after a backup which you’ll use to restore your data after the reinstallation).  I haven’t seen any in recent years that put up a fight but that I can eventually vanquish.  It’s either easy or wipe clean and start over.

There I go mentioning that word “backup” again.  I’ll go into more detail in a day or so.

Back to the spyware.  I believe the reason much of it is now next to impossible to remove is that there is money behind it.  Remember how I said above how a commission for a sale was possibly being stolen?  That’s the source of the money.  With the money, a talented programmer will paid to write these insidious pieces of malware.  Prior to that, viruses and the like were written by someone with either too much time and too little self-control or by someone with some kind of agenda to advance.  In either case, since there wasn’t any money involved, there was little incentive to write the program well or  to pay someone to do it.

Prevention is still your best bet with this kind of malware.  The use of an antivirus program should be considered secondary to your own wariness of what’s going on.  If you visit a web site and Windows (Vista and newer) activates its User Account Control (the screen goes gray and a dialog appears in the middle asking you if you want to proceed), there is a good likelihood that something bad will happen if you allow it (this assumes you didn’t actively try to install something).

Check my previous entry on the lure of free software for additional ways these bad guys can get in.