Category Archives: Anti-Virus

Consumer Infosec Tech is Hard – No Wonder So Many are Pwned

I’ve been a MacBook Pro user for close to fourteen years now, both at home and at work. At home, I write my many books and conduct supporting research on my personal MacBook Pro.

Since I’m an infosec professional, I’m aware of threats to MacOS and associated components, so I run several security tools, among them Cylance, Malwarebytes, and Sophos. I use privacy-centric browsers and search tools.

Starting yesterday morning, my browser (Brave) started acting up quite badly: new pages simply would not load, and the browser would throw nonresponsive page errors left and right. I also use Firefox, which continued to function normally, Safari too, so I was pretty sure the problem was with Brave itself.

I cleared all cache and cookies, tried building a different profile in Brave, and even removed and reinstalled Brave. No go. I posted an entry in the Brave Community in the hopes that someone else would recognize my problem in case I could not fix it. I am somewhat tied to Chromium-based browsers, but prefer not to use Google Chrome. SRware Iron is an alternative, but they don’t update it frequently enough for my needs.

Since other browsers were working normally, I could dismiss my Internet connection, my local network, and DNS as possible culprits.

Next, I turned to my security tools. I had noticed that Cylance had been using about 90% of a CPU core for a few days, so that was my first object of study. I shut down Cylance, and immediately my Brave browser problem was solved. I turned Cylance back on, and the problem returned. Gotcha!

I removed and reinstalled Cylance, hoping that this would solve the problem. That was a few hours ago, and Brave is happy as a pig.

Retrospective: I cannot imagine ordinary consumers going through troubleshooting like this. My decades of daily hands-on software / network / systems / OS / security engineering on Unix and other OS’s helped me zero in on this fairly quickly. I shudder to think that most consumers just turn security tools off when things stop working, and go unprotected thereafter.

Protect your Black Friday and Cyber Monday shopping with a quick PC tune-up

Before embarking on online shopping trips, it’s worth the few minutes required to make sure your computer does not enable the theft of your identity.

Tens of thousands will have their identities stolen in the next few weeks, because malware was able to help steal valuable information from you such as credit card numbers, online userids and passwords. A few minutes work will go a long way towards preventing this.

That, or you can do nothing, and potentially have to take days off of work to cancel credit cards, write letters, get credit monitoring, and get back to where you are right now with perhaps forty hours’ work.

It’s up to you.

Ready?

1. On your PC, connect to http://update.microsoft.com/ .  Go through the steps required to check that all necessary security patches are installed.

Note: If you are able to connect to Internet sites but are unable to successfully install updates at update.microsoft.com, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

2. To eliminate the need to periodically visit update.microsoft.com, confirm that Automatic Updates are properly set. Use one of the following links for detailed instructions (all are Microsoft articles that open in a new window):

Windows XP | Windows Vista | Windows 7 | Windows 8 (automatic updates are turned on by default)

Note: If you are unable to successfully turn on Automatic Updates, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

3. Ensure that your PC has working anti-virus software. If you know how to find it, make sure that it has downloaded updates in the last few days. Try doing an update now – your anti-virus software should be able to successfully connect and check for new updates. If your Internet connection is working but your anti-virus software is unable to check for updates, it is likely that your PC is already compromised.

Note: if any of the following conditions are true, it is important that you seek professional help immediately to make sure your computer is protected from malware.

a. You cannot find your anti-virus program

b. Your anti-virus program cannot successfully check for updates

c. Your anti-virus program does not seem to be working properly

Several free anti-virus programs are worthy of consideration: AVGAvastZone Alarm Free Antivirus + FirewallPanda Cloud Anti-VirusI cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program on their computer at all times.

New Year’s Resolutions: safer Internet usage

Celebration of the New Year is a time of looking back at the closing year and looking forward to the new year. This is often a time when we set new personal goals for improving our lives in meaningful ways.

Given how much we all use personal computing (you do if you are reading this), all of us can stand to make one or more improvements in our computing hygiene, making us safer and better off.

This article contains categories of ideas that you can choose from. Read through these and decide which of them will be best for you to adopt as a resolution.

Home computing

  • Back up your data, so that you can recover it in case of theft, disaster, or other loss.
  • Keep your anti-virus working and healthy.
  • Configure your computer to automatically download and install security patches.
  • Use an online virus scanner to scan your computer, in case your install anti-virus misses one.
  • Use different user accounts for each family / household member.
  • Use OpenDNS to help prevent visiting phishing sites.
  • Use OpenDNS to restrict the types of sites that can be visited from your home (or office) network.
  • Tune up your home firewall (which may be in your DSL router or cable modem).
  • Use different passwords for each online site you log in to; use a password vault to remember your passwords.

Safe smartphone usage

  • Choose a good unlock password for your smart phone. If you insist on using numeric only, use 8 or more digits.
  • Set your smartphone auto-lock to 15 minutes or less.
  • Keep track of where your smartphone is at all times.
  • Install a “find my smartphone” app to discover its location if lost or stolen.
  • Do not save any passwords on your smartphone.
  • Limit your access to sensitive / valuable information (e.g. online banking) from your smartphone, especially if it is Android.

Protecting your identity

  • Keep your anti-virus working and healthy.
  • Check your credit report at least once per year (or, more ideally, every four months by checking your credit report for a different bureau each time).
  • Be conscious of where and how you provide personal information (name, address, date of birth, etc.) to online sites.
  • Resist the urge to click on links or documents in suspicious looking e-mail messages. If it sounds too good to be true, it probably is a scam.
  • Carefully review all financial statements from banks and credit cards. Consider closing some accounts if you have too many.
  • Get a home safe or use a bank safe deposit box to store valuables such as passports, birth certificates, seldom-used credit cards, and other valuables.
  • Use a home shredder to shred documents containing sensitive or personal information.

If you feel you need to starting doing all of the above, I suggest you choose the few that are most important and establish them as good habits. Then, return to this list and choose a few more to implement. If you attempt to make too many changes at once, you might become frustrated by all of the changes and revert back to your old ways.

New Christmas computer, part 2: anti-virus

You are savoring your new PC and visiting your usual haunts: Facebook, Netflix, Hulu, and more.

But if this new PC does not have anti-virus, a firewall, and other precautions, the glitter will soon be gone, and you’ll soon wonder why the problems you’re having in 2013 are related to that new PC.

New machines are a good time to develop new habits. Sure, there’s a little trouble now, but you’ll save hours of grief later.  Think of this as the moments required to fasten the seat belt in your car and perhaps a bit of discomfort – but compare that to the pain and expense of injuries incurred in even a minor crash if you weren’t wearing it. Minor decisions now can have major consequences later.

Habit #2: Install and configure anti-virus

While many new computers come with anti-virus software, often it’s a limited “trial” version from one of the popular brands such as Symantec, McAfee, or Trend Micro. If you don’t mind shelling out $40 or more for a year (or more) of anti-virus protection, go ahead and do so now before you forget. Granted, most of these trial versions are aggressively “in your face” about converting your trial version into a full purchased version.  Caution: if you get into the habit of dismissing the “your trial version is about to run out!” messages, you run the risk of turning a blind eye when your trial anti-virus is no longer protecting you.  Better do it now!

If your computer did not come with anti-virus software, I suggest you make that the first order of business. There are many reputable brands of anti-virus available today, available online or from computer and electronics stores. For basic virus (and Trojan, worms, key loggers, etc.), all of the main brands of anti-virus are very similar.

My personal preference for anti-virus programs (in order) are:

  1. Kaspersky
  2. Sophos
  3. AVG
  4. Norton
  5. McAfee
  6. Panda
  7. Trend Micro

Note: if selecting, installing, and configuring anti-virus seems to be beyond your ability, consult with the store where you purchased your computer, or contact a trusted advisor who is knowledgable on the topic.

Key configuration points when using anti-virus:

  • “Real time” scanning – the anti-virus program examines activity on your computer continuously and blocks any malware that attempts to install itself.
  • Signature updates – the anti-virus program should check at least once each day for new updates, to block the latest viruses from infecting your computer.
  • Periodic whole disk scans – it is a good idea to scan your hard drive at least once a week. If you keep your computer on all the time, schedule the scan to take place when you are not using the computer, as a scan can slow down your computer.
  • Safe Internet usage – many anti-virus programs contain a feature that will try to warn you or steer you away from sites that are known to be harmful.

Many anti-virus programs also come with a firewall and other tools. Some of these may be useful as well – consult your computer retailer or a trusted advisor to see what’s right for you.

Part 1: password security

Part 3: data backup

Protect your Black Monday shopping with a quick tune-up

I cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program running on their computer at all times.

[updated December 1, 2012]
Before embarking on online shopping trips, it’s worth the few minutes required to make sure your computer does not enable the theft of your identity.

Tens of thousands will have their identities stolen in the next few weeks, because malware was able to help steal valuable information from you such as credit card numbers, online userids and passwords. A few minutes work will go a long way towards preventing this.

That, or you can do nothing, and potentially have to take days off of work to cancel credit cards, write letters, get credit monitoring, and get back to where you are right now with perhaps forty hours’ work.

It’s up to you.

Ready?

1. On your PC, connect to http://update.microsoft.com/ .  Go through the steps required to check that all necessary security patches are installed.

Note: If you are able to connect to Internet sites but are unable to successfully install updates at update.microsoft.com, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

2. To eliminate the need to periodically visit update.microsoft.com, confirm that Automatic Updates are properly set. Use one of the following links for detailed instructions (all are Microsoft articles that open in a new window):

Windows XP | Windows Vista | Windows 7 | Windows 8 (automatic updates are turned on by default)

If you are unable to successfully turn on Automatic Updates, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

3. Ensure that your PC has working anti-virus software. If you know how to find it, make sure that it has downloaded updates in the last few days. Try doing an update now – your anti-virus software should be able to successfully connect and check for new updates. If your Internet connection is working but your anti-virus software is unable to check for updates, it is likely that your PC is already compromised.

Note: if any of the following conditions are true, it is important that you seek professional help immediately to make sure your computer is protected from malware.

a. You cannot find your anti-virus program

b. Your anti-virus program cannot successfully check for updates

c. Your anti-virus program does not seem to be working properly

If you are not sure whether your anti-virus software is working (or if you computer even has anti-virus software), you may wish to download and run Microsoft Security Essentials. This is a free anti-virus program from Microsoft. While some professionals may argue that this is not as effective as any of the commercial brands of anti-virus software (Sophos, Symantec, McAfeeTrend Micro, Panda, etc), it’s better than having nothing at all.

December 1, 2012 Update: Microsoft Security Essentials has lost its certification as being an effective anti-virus program. Full test results available here in an easy to read chart. Note the absence of the “AVTest Certified” logo next to Microsoft Security Essentials.

Several free anti-virus programs are worthy of consideration: AVG, Avast, Zone Alarm Free Antivirus + Firewall, Panda Cloud Anti-Virus. I cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program on their computer at all times.

Block Javascript in Adobe Acrobat

Simple how-to instructions for blocking Javascript in Adobe Acrobat Reader in Windows, Linux, and Mac systems.

Reducing the attack surface in Adobe reader is an important step in reducing malware attacks. The vast majority of all PDFs do not contain Javascript, but Javascript-embedded PDF files is a well known method used to attempt to compromise end user systems. This can occur in phishing scams where e-mail messages contain infected PDF files, or links point to infected PDF files hosted on web sites.

Adobe Reader on Mac. Click for full size image.

Here is how to block Javascript in Adobe Acrobat 10 for Mac. Go to Acrobat > Preferences > Javascript and uncheck Enable Acrobat Javascript.  Then click OK.

Similarly, in Adobe Reader X on Windows, go to Edit > Preferences > Javascript and uncheck the Enable Acrobat Javascript, then click OK.

Likewise, for Adobe Reader 9 on Linux, go to File > Properties > Javascript and uncheck Enable Acrobat Javascript, then click OK.

Adobe Reader on windows. Click for full size image.

Click the thumbnails to view screen shots for Mac, Windows, and Linux.

Adobe Reader in Linux. Click for full size image.

Social media safety during the holidays

The late-year holidays (Thanksgiving, Hanukkah, Christmas) are known for travel, visiting with friends and family, and gift giving and receiving. Any time of year is a time for sharing some details of our lives with others through social media outlets such as FaceBook, Twitter, MySpace, and personal blogs.

During this time of year, it is especially important that you protect yourself from online threats, some of which are caused by others, and some of which are caused by you! Follow these steps to keep your property and your online presence safe during the holidays:

Don’t announce your travel in advance. If you post something like, “leaving home for Philadelphia for five days”, you are announcing to the world that your home may be vacant for extended periods of time, inviting burglaries.  Make your posts more vague, such as “spending Christmas with brothers and parents”, which might be where you live, or not.

Don’t gloat about your gifts. Similarly, if you talk about your new Kinect,  Wii, or iPad online, you may be sharing news of your loot with too many outsiders. Instead, be more discrete and share news about your new things more privately.

Limit FaceBook exposure. Check your privacy settings in FaceBook. Consider setting up one or more groups of family and friends, to limit how wide your announcements are sent. My wife and I have “immediate family”, “family”, and other groups of highly-trusted individuals with whom we may share things about travel, gifts, and other personal matters, so that the entire world doesn’t know that we might not be home at the moment.  Similarly, limit the FaceBook applications that you allow to access your personal data. Some FaceBook applications are malevolent and are designed to steal your information and use it against you.

Get a security tune-up. Follow easy steps to ensure that your anti-virus and firewall are working, and that your patches and browser are up to date. Do this before you shop online, to limit the chances that your credit cards will be compromised.

Secure your home Wi-Fi. Find the instructions to improve the security of your home router or Wi-Fi access point. Change from no security to WEP, or better yet, WPA.  While WEP is not as secure these days, it’s better than nothing. WPA or WPA2 are far better, and most PCs (and even gaming consoles) supports WPA and WPA2 these days.

Limit use of public Wi-Fi hotspots. From road warriors to housewives, we roam with our laptops from hotspot to hotspot at our favorite coffee shops and other public venues.  While it’s okay to check the news and get shopping information, it is not okay to check e-mail, log on to FaceBook or Twitter, or perform high-value activities such as online shopping from an open WiFi hotspot. Easy to use tools are widely available that permit even the unskilled to hijack your session and compromise your personal information.

Check your credit. U.S. consumers can check their credit three times per year for free (once per year for each of the three credit bureaus). Check your credit report carefully, looking for any accounts that you may not have opened, or for changes in accounts you may not have authorized.

Use a separate online shopping credit card. Rather than using your primary credit/debit card for online shopping, open a second account and use only that one. Keep a low balance to minimize your exposures.

Choose “credit” when using debit/credit cards. Whenever you are making purchases with your debit/credit card, choose “Credit”. Then, if your credit card number is later compromised, you may enjoy additional protection (such as the $50 liability limit) on your account. Many banks do not offer the same protection for compromised debit card numbers.

Preventing browser hijacking

Browser hijacking occurs when an intruder is able to successfully exploit a vulnerability in a user’s browser program.  When a browser is hijacked, the intruder is able to control how the browser operates. Examples include changing the default home page, as well as other settings.

Why is this a problem?

Some browser settings can cause all of the traffic between your browser and Internet web sites to be routed through the intruder’s system. This allows the intruder to follow your every move, and it may also allow the intruder to capture passwords you enter at sites such as online banking and e-mail.

Are you concerned yet?  You should be! If your browser has been hijacked, you could become a victim of fraud or identity theft.

Quick Fixes
(assumes you have a Windows computer)

  1. Turn on Automatic Updates. This will cause your system to automatically download and install all the latest security patches for Windows and Internet Explorer
  2. Install Microsoft Security Essentials or other anti-virus program.  AVG has a very good free anti-virus program.
  3. Scan your computer for malware using your on-board anti-virus program.
  4. Scan your computer for malware using one of several good web-based anti-virus programs, such as: Panda, Symantec, Trend Micro.
  5. Turn on Windows Firewall.
  6. Update to the latest version of Internet Explorer, which has a better design and better security controls.
  7. If you don’t want to update Internet Explorer (or if you already have the latest), reset your IE settings.
  8. Manage and disable add-ons. A lot of browser hijacking is the result of add-ons.

Even after you do these things, you’ll still be running a combination of software that is vulnerable by design and requires constant vigilance. Read on.

Long-Term Fixes

If you are running Windows, I highly recommend you stop running Internet Explorer altogether. Use it ONLY for running Microsoft Update, online virus scans (from step 4 above – most require IE), and those occasional website that do not render well in other browsers.

For greatest security when browsing on Windows, use Firefox with the NoScript and FlashBlock add-ons. This combination is the safest possible browsing when using Windows. You’ll still have to run anti-virus and automatic updates, though.

Paradigm Shift

Most people use Windows, but few people HAVE to. There are two excellent alternatives:

  • Linux. The “ubuntu” release of Linux is highly reliable, easy to use, and secure. If you have a good PC, you can download ubuntu, burn it onto a CD, and try it out on your own computer. If you really, really like it, you can install ubuntu Linux onto your computer and say goodbye to Windows forever. We have done this on two systems here. Linux runs so much faster on a PC than Windows that you will think you got a hardware upgrade!
  • Linux in a virtual machine. If you *have* to run Windows (because of that expensive software that runs only on Windows), then I recommend you download VirtualBox and install Linux as a guest. Then, do all of your Internet browsing from the Linux machine (running Firefox, Noscript, and Flashblock as described earlier). You can run it in full screen mode, which is the next best thing to running Linux on your hardware. Another nice thing about this method is that if you do get malware on your Linux system, you can reset your Linux system back to an earlier state (I have never had this happen, but if I did mess something up in the Linux system, reverting to a recent snapshot is still a nice feature).
  • Mac OS. If your PC is not that great and you want to upgrade to new hardware, this is a great time to buy a Mac. While they may initially seem more expensive, you get excellent value and performance. On Mac OS, you can download Open Office, which is free and compatible with Microsoft Office. We have three Macs at home (a Mac Mini, a MacBook, and a MacBook Pro) and are totally satisfied with them. They are great computers.

Note regarding purchasing a Mac computer: do not get caught up in feature comparisons (e.g. a Windows system with a larger screen for less money than a Mac).  A Windows system is still just a Windows system, vulnerable by design and more expensive in the long when when you consider all the time you have to spend to keep it secure / make it secure. These videos say it better than I can:

Switch to Kaspersky

After using AVG Free anti-virus for many years, we have switched all of our home PCs to Kaspersky Internet Security 2010.

AVG served us faithfully for five years. It never malfunctioned. Still, it didn’t far so well in a recent high-profile test of anti-virus products.

Kaspersky Internet Security 2010 can be installed on up to three home computers. It comes with (of course) anti-virus software, plus a firewall, parental controls, and the ability to run selected applications in a sandbox. It has other features that I will write about in future blog posts.

If you’re on a budget, the free version of AVG is still good, and way better than nothing. I still recommend AVG for people who simply don’t have the cash for Kaspersky or another product.

Clean up your PC while watching the Emmy’s

Bookmark This (opens in new window)

This would be a great time to multi-task and get the gunk out of your computer. During the Emmy awards, there are plenty of slow moments when you can get to more important things like scanning your PC for malware (viruses, worms, Trojans, spyware).

Get New (Free) Anti-Virus Software

If the license has run out on your Norton, Symantec, McAfee, or other brand of anti-virus, don’t renew it. Instead, download AVG anti-virus. It’s a great anti-virus program, and it’s free.  We use it on our Windows systems and recommend it to our friends. Several businesses we know of use the commercial versions of AVG as well. Get it here:

http://free.avg.com/

Scan Your Computer, Twice

After you install AVG (or if you are still using another brand, which is working well and up-to-date), you need to scan your entire hard drive for viruses. Each brand of anti-virus does this a little differently. Make sure you scan the entire hard drive; if your computer has more than one hard drive, scan them all.

There are also several good online virus scanning programs available. Scanning your PC with your local anti-virus scan and an online virus scanner is like getting a second opinion. There are several good online virus scanners, here:

…all of the above companies are commercial organizations of the highest quality.

Most or all of the above online virus scanners require you use Internet Explorer. Most of my readers know that I strongly recommend Firefox with the NoScript and FlashBlock add-ons for the safest online browsing, but once in a while it’s necessary to run IE.

Set Up Weekly Scans

It’s a good idea to have your anti-virus program automatically scan your PC every week. This provides an added protection, by having your anti-virus program search for viruses that may have somehow gotten by your anti-virus program.

I recommend you have the scan run overnight – have it start well after you go to bed, but give it enough time to complete before morning. On some larger (and older) PC’s, a virus scan can take a few hours.

Include safe computing in your list of New Years Resolutions

Bookmark This (opens in new window)

The New Year is a time of reflection, and traditionally a time to consider changing one’s habits.

Our reliance upon computers and networks has exceeded our means to safely use and control them. Every computer user has some responsibility to make sure that their computer and use of the Internet does not introduce unknown and unwanted risks. By following these recommendations you will greatly reduce your risk to fraud, identity theft, and other risks related to Internet usage.

1. Change your passwords. Use strong passwords, which cannot be easily guessed by others, even those who know you. Do not share your password with any other person. If needed, store your passwords in a protected vault such as Password Safe or KeePass. I recommend you not use an online vault for password storage: if their security is compromised, so are your passwords.

2. Scan for Viruses and other malware. Configure your anti-virus software to scan your entire computer at least weekly. Make sure that your anti-virus software is checking for updates at least once per day. Also scan your computer with one of several online virus scanners at least once per month.

Panda: http://www.pandasoftware.com (look for the ActiveScan link on the home page)

Symantec: http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym

Trend Micro: http://housecall.trendmicro.com/

Kaspersky: http://www.kaspersky.com/virusscanner

CA: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

3. Block spam, and don’t open spam messages. The majority of spam (unwanted junk email) is related to fraud. Spam messages advertise fraudulent or misleading products, or lure you to websites that contain malware that will attempt to take over your computer (without your knowing it) and steal valuable information from you.

4. Get a firewall. If you use Windows, turn on the Windows Firewall. Ask your broadband service provider to upgrade your modem/router to one that contains a firewall (most newer modems / routers do have firewalls or other similar protection).

5. Remove spyware. Obtain a good anti-spyware program and use it to find and remove spyware from your computer.

6. Update your software. Obtain up-to-date copies of browsers and tools on your computer, as many older versions are no longer secure. This includes Firefox, Internet Explorer, Opera, Microsoft Office, OpenOffice, Java, and other programs.

7. Install security patches. If you are using Windows, turn on Automatic Updates, and configure it to automatically download and install security patches and updates.

8. Use separate accounts on shared computers. If more than one person uses your computer, set up separate accounts for each user. Make each user an ordinary user or power user, but never an administrator. Making each user an administrator makes the entire computer more vulnerable to malware (viruses, etc.).

9. Browse Safely. Change to Firefox and use the NoScript add-on. This is the only combination designed to block the new “clickjacking” vulnerability present in all other browsers. Also consider using Flashblock (works only with Firefox) if you want to control the use of Flash content in your browser.

10. Protect your wireless WiFi network. The old an still-common “WEP” protocol designed to encrypt your wireless traffic has been broken, and is no longer safe. Upgrade to WPA, even if it means buying a new wireless access point.

11. Back up your data. All kinds of bad things can happen, from mistakes to hardware failures. If you cannot afford to lose your data, then you need to copy it to a separate storage device. External hard drives and high capacity USB thumb drives cost well below US$100. You’ll be glad you did, sooner or later.

12. Encrypt your hard drive. Mostly important for laptop computers, but also important for desktop computers. The TrueCrypt tool is by far the most popular one available, and it’s free. If you don’t encrypt your data, then anyone who steals your computer can (and will) read all of your private data.

13. Check your credit reports. Fraud and identity theft can result in thieves opening new credit card and loan accounts in your name. They run up a balance and then never pay the bill, making that your problem instead. Consider a credit reporting service as well, which will alert you to inquiries and changes to your credit accounts, limits, and balances.

Annualcreditreport.com

Federal Trade Commission information on free credit reports

Equifax

Experian

Transunion

Recommended Tools:

Secunia Personal Software Inspector – free tool that examines your computer and alerts you to all of the unpatched and older versions of programs that need to be upgraded.

Password Safe – safe and secure storage of all of your Internet passwords. Also remembers userids and URLs.

NoScript – the only way to control third-party javascript and clickjacking. Works only with Firefox.

TrueCrypt – safe and free encryption of your PC’s hard drive.

Fraudulent Microsoft Update

Bookmark This (opens in new window)

There is lots of activity around an email and a fraudulent Microsoft Update web site (that the email directs you to), claiming that there is an urgent Microsoft update.

The web site looks like a legitimate Microsoft site and contains an “Urgent Install” button that, when clicked, attempts to download and install malicious software on your system. The file that attempts to download is not signed by Microsoft and is called “WindowsUpdateAgent30-x86-x64.exe”.

This web site is using fast flux DNS for its web hosting. That make it hard to track and close down, so we expect it to be around for awhile.

Please advise your users, if they receive this type of email, they should just delete it. Microsoft does not distribute updates by sending emails directly to individuals or distribution lists.

Credit to NW WARN for the contents of this advisory.

Five ways to improve your laptop security while you watch the Super Bowl

Bookmark This (opens in new window)

You have a laptop computer and you know the security on it is terrible or nonexistent. You’ve got spyware and viruses and don’t know what to do.

Here are three steps you can take while watching the Super Bowl. You won’t miss any of the game.

Install Free Anti-Virus

Most users don’t need fee-based anti-virus programs like Norton or McAfee. Instead, consider using AVG anti-virus. It’s free, easy to install and use, and just as effective as the big boys.

AVG from Grisoft: free.avg.com

Then run a scan of your entire computer. Double-click the AVG anti-virus icon in the systray. Click Test Center, then click Scan Computer. This will take a while – now you can watch the game.

Do an Online Virus Scan

Not sure if your installed anti-virus program is finding all the viruses on your computer? Go to one or more of these sites to get a free online scan – like getting a second opinion on the health of your computer.

Panda: http://www.pandasoftware.com (look for the ActiveScan link on the home page)
Symantec: http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
Trend Micro: http://housecall.trendmicro.com/
Kaspersky: http://www.kaspersky.com/virusscanner
CA: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Any of these will take just a few minutes to set up, and then the scan will take as long as an hour or more. Enjoy the game while the scan is running.

Install a Free Personal Firewall

A firewall can block incoming threats like worms and bots that can otherwise harm your system and steal your data. Like the other tools on this page, these two products are both free. Firewalls require a little more knowledge, so you might want to find a power-user friend to help.

Zone Alarm: www.zonelabs.com
Comodo: www.personalfirewall.comodo.com

Scan for Spyware

Spyware, adware, and other unwanted software lurks in spam and on websites. Anti-virus stops some, but not all.

Spybot: www.safer-networking.org
Spyware Blaster: www.javacoolsoftware.com
Microsoft Defender: www.microsoft.com

Install one or two of these packages, then follow the instructions to scan your entire computer for spyware.

Install Software Patches

Okay, software patches should be free, and free they are. It is very important to stay up to date with Windows and Office security patches. If you run Windows, get your patches straight from Microsoft. Unless you’re an IT pro, I recommend you set up Automatic Updates so that patches are installed automatically.

Microsoft update: update.microsoft.com (only works with Windows Internet Explorer)
Learn about automatic updates: www.microsoft.com

Bonus tip: Get a Free Credit Check

U.S. citizens can get free credit checks once per year. You can get them from all three credit reporting bureaus all at once, or do one every four months, picking a different bureau every time. By monitoring your credit, you are more likely to discover fraudulent use of your identity.

Annualcreditreport.com
Federal Trade Commission information on free credit reports
Equifax
Experian
Transunion

Make 2008 the year for safe computing

Bookmark This (opens in new window)

Safer computing and Internet usage begins with us. We can take some simple steps to make our computers much safer, which will result in a much lower incidence of fraud and identity theft. Each of these steps is easy to do:

(click on the step for instructions and more information)

1. Protect your computers with a firewall.

2. Get the spyware out and keep it out.

3. Keep your PC’s security patches up to date.

4. Make separate user accounts for shared computers.

5. Change your Wireless network to WPA.

6. Clean out your old programs.

All of these steps are free. You do not need to spend a cent to make your computers significantly safer. Longer article on this website explains each of the above steps in detail:

http://peterhgregory.wordpress.com/2007/12/26/make-a-new-years-resolution-safe-computing/

viruses.jpg

Learn more about safe computing. Order a copy of Computer Viruses for Dummies – this is a smaller-format Dummies book that talks about Viruses and also spam, spyware, firewalls, and other steps you need to take to make your computer safer.

Purchase hardcopy from Amazon.com

Purchase e-book

Make a new year’s resolution: safe computing

Father Time

Bookmark This (opens in new window)

I have an idea for a New Year’s resolution this year. You’ll still be able to eat what you want and walk by the bathroom scale with no pangs of guilt, and you can leave your mess in the garage and the junk drawer so full you can barely open it.

Make your computing safer in 2008. This is a lot easier than you think. You’ll be protecting yourself against potentially painful experiences such as credit card fraud and identity theft.

Follow these steps. In some cases, I’ll link you back to tips I’ve written in the past couple of years.

1. Protect your computers with a firewall. You might have a firewall already and not know it – your DSL or Cable modem may have a firewall built-in. Look on the label to see what kind of device you have. Log in to your Internet provider’s web site and check whether your modem has a built-in firewall. If it doesn’t, ask to be upgraded.

You can also install a personal firewall program on each PC in your house. If you have Windows XP or Vista, a firewall is provided with Windows but you need to activate it.

Instructions: Activate Windows XP firewall. Activate Windows Vista firewall.

Or, you can install Zone Alarm or Comodo firewall. Both are easy to install and use.

Zone Alarm: www.zonelabs.com
Comodo: www.personalfirewall.comodo.com

Test your firewall to see if it is working: Site 1: (www.auditmypc.com), Site 2: (www.grc.com/) (You can consider these to be trusted web sites).

2. Get the spyware out and keep it out. Spyware is used to snoop on your PC and Internet usage – most people find it offensive and a violation of their privacy. Install one or more of the following anti-spyware programs. Scan your computer now, then scan monthly after that.

Spybot: www.safer-networking.org
Spyware Blaster: www.javacoolsoftware.com
Microsoft Defender: www.microsoft.com

3. Keep your PC’s security patches up to date. Failure to install security patches is a major cause of computer break-ins, especially for home computers, most of which are not protected by firewalls. I recommend you take a look at your Windows Automatic Updates setting and change the settings so that security patches are downloaded and installed automatically (if you are more of a “hands on” computer user, then you should set Automatic Updates to automatically download security patches and then inform / ask you to install them).

Install patches now (www.update.microsoft.com) (you must use Microsoft Internet Explorer for this)

Instructions: Configure Automatic Updates for Windows XP. Automatic Updates for Windows Vista.

4. Make separate user accounts for shared computers. If any of your computers are shared among family members, make separate user accounts for each user. Put passwords on each account and do not share your passwords. Make only one account an “administrator” (you – since you are reading this!) and make all other users a “Limited account”. Turn off the Guest account.

Windows KeyWhen a family member is done with the computer (even for a minute), get everyone into the habit of locking the screen, which requires a password to unlock. Click here for instructions.

5. Change your Wireless network to WPA. I have written in the past about how the old wireless WEP protocol is no longer safe. You need to upgrade your WiFi access point and the computers in your house that use WiFi from WEP to WPA. The WEP protocol that is still the default on most WiFi access points and routers can be easily broken by any clever computer user with a few simple tools.

Instructions: upgrade your router and computers from WEP to WPA.

6. Clean out your old programs. Take some time to remove old programs that you no longer use, and upgrade the programs and plug-ins you Secunia PSIdo use to current versions. In Windows XP, go to My Computer > Control Panel > Add or Remove Programs (in Vista it’s slightly different) and remove each program you no longer need. Maybe you have old toolbars and other things you tried out but didn’t like. It’s a good idea to just get rid of them here.

Consider getting a copy of Secunia Personal Software Inspector (PSI). This nifty program will look at all of your installed programs and tell you which ones are old and unsecure. PSI will also tell you what patches are needed on your system.

Get PSI here: psi.secunia.com

viruses.jpg

7. Learn more about safe computing. Order a copy of Computer Viruses for Dummies – this is a smaller-format Dummies book that talks about Viruses and also spam, spyware, firewalls, and other steps you need to take to make your computer safer.

Purchase hardcopy from Amazon.com

Purchase e-book

Give the gift of safe Internet use this Christmas

Bookmark This (opens in new window)

Internet use can be far safer for most home computer users through the use of free tools and services that help protect computers from malicious code that can lead to identity theft and fraud. In this article:

  • Free anti-virus
  • Free online virus scan
  • Free DNS filtering
  • Free personal firewall
  • Free rootkit detection
  • Free anti-spyware
  • Free patch updates
  • Free file eraser
  • Free disk encryption
  • Free password storage
  • Free encrypted e-mail
  • Free credit check

All of the tools represent the best of the best – they are all popular and renounced for their quality and effectiveness. If you doubt any of these, google these topics yourself and see where these tools appear in your search results.

Note: I have been using many of these tools for years, and am very happy with them. Data security is my profession; I am paid to know this stuff. Happy Holidays!

Free Anti-Virus

Most users don’t need fee-based anti-virus programs like Norton or McAfee. Instead, consider using AVG anti-virus. It’s free, easy to install and use, and just as effective as the big boys.

AVG from Grisoft: www.grisoft.com (you’ll have to hunt around on their site to find the free version. Keep looking.)

Free Online Virus Scan

Not sure if your installed anti-virus program is finding all the viruses on your computer? Go to one or more of these sites to get a free online scan – like getting a second opinion on the health of your computer.

Panda: http://www.pandasoftware.com (look for the ActiveScan link on the home page)
Symantec: http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
Trend Micro: http://housecall.trendmicro.com/
Kaspersky: http://www.kaspersky.com/virusscanner
CA: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Free DNS Filtering

By configuring your system (or home router) you can make sure that your system won’t be able to visit sites containing unsafe or undesired content.

OpenDNS: www.opendns.com
ScrubIT: www.scrubit.com

Free Personal Firewall

A firewall can block incoming threats like worms and bots that can otherwise harm your system and steal your data. Like the other tools on this page, these two products are both free. Firewalls require a little more knowledge, so you might want to find a power-user friend to help.

Zone Alarm: www.zonelabs.com
Comodo: www.personalfirewall.comodo.com

Free RootKit Detection

Rootkits are a new kind of malware (like viruses etc) that seek to evade detection from regular anti-virus programs. These are free and easy to install and use. More info here.

Panda Anti-Rootkit: www.pandasoftware.com
AVG Anti-Rootkit: www.grisoft.com
Sophos Anti-Rootkit: www.sophos.com
McAfee Rootkit Detective: www.mcafee.com

Free Anti-Spyware

Spyware, adware, and other unwanted software lurks in spam and on websites. Anti-virus stops some, but not all.

Spybot: www.safer-networking.org
Spyware Blaster: www.javacoolsoftware.com
Microsoft Defender: www.microsoft.com

Free software patches

Okay, software patches should be free, and free they are. It is very important to stay up to date with Windows and Office security patches. If you run Windows, get your patches straight from Microsoft. Unless you’re an IT pro, I recommend you set up Automatic Updates so that patches are installed automatically.

Microsoft update: update.microsoft.com (only works with Windows Internet Explorer)
Learn about automatic updates: www.microsoft.com

Free File Eraser

Did you know that “deleting” files on your Windows computer doesn’t really delete the information at all? It’s still there for any clever intruder to find – even after you empty your trash can. This free tool called Eraser safely *wipes* your deleted data so that it cannot be discovered. Read this tip.

Eraser: sourceforge.net/projects/eraser/

Free Disk Encryption

If your laptop (or desktop) computer is stolen, thieves are going to be able to steal all of the data on your hard drive. You can encrypt your hard drive, which will result in thieves being unable to access your data. Read this tip.

TrueCrypt: www.truecrypt.org

Free Password Storage

I have mentioned in the past that you need to be careful how and where you store your passwords. If you store them in your computer, intruders can find and exploit them by logging in to your websites. Please do not use your browser to store passwords! Instead, use one of these two free tools to securely store passwords. More info here.

Password Safe: passwordsafe.sourceforge.net
KeePass: sourceforge.net/projects/keepass/

Free Encrypted Email

If you are sometimes concerned that a third-party may be able to read your e-mail – you’re right and you’re not alone. Sending e-mail is like sending postcards through the mail: others can easily see what you are saying to your friends and colleagues. Hushmail safely encrypts e-mail with world-renowned PGP (and your power-user friends who use PGP can send and receive encrypted mail with you). Best of all, it’s free, like the other tools on this site.

Hushmail: hushmail.com

Free Credit Check

U.S. citizens can get free credit checks once per year. You can get them from all three credit reporting bureaus all at once, or do one every four months, picking a different bureau every time. By monitoring your credit, you are more likely to discover fraudulent use of your identity.

Annualcreditreport.com
Federal Trade Commission information on free credit reports
Equifax
Experian
Transunion

Learn more about computer security

Computer Viruses for Dummies – teaches all the basics, not just about viruses but online Internet use and many tips to stay safe online

VirusTotal scans with 32 AV products

VirusTotal scans with 32 AV products

Bookmark This (opens in new window)

In case you are really paranoid – or just want to compare the ability for various anti-virus products to detect viruses, a new service may be of interest to you.

VirusTotal lets you upload a file, which they scan with 32 different anti-virus products. They tell you which (if any) anti-virus products detected malware in the file you upload.

http://www.virustotal.com/

Policeware: the spyware that aids law enforcement

Bookmark This (opens in new window)

Policeware is the new term to describe spyware that is used by law enforcement to gather evidence in law enforcement investigations.

It is highly likely that anti-virus and anti-spyware software will look the other way if they detect policeware. Or, more likely, they won’t carry signatures for policeware at all.

So will it be possible to detect policeware? Possibly. I think that policeware will be the backdrop for the next cat-and-mouse game between law enforcement and the underworld.

Hackers are anxious to get a copy of CIPAV, the investigative tool (that gets installed on a suspect’s PC) used by the FBI to log outbound TCP/IP connections. Certainly they will device tools to detect and block CIPAV and other such tools. In fact, this may be history as I write this – the capability to detect and remove CIPAV may already exist. And given that Magic Lantern and Carnivore have been around for several years, I can’t help but wonder if tools exist to detect its activities.

FBI implanted spyware leads to arrest of bomb threat suspect

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect’s computer, other information found on the PC and, notably, an ongoing log of the user’s outbound connections.

My earlier blog entry on whether anti-virus can detect law enforcement-installed malware.

Entire story here:

http://news.com.com/8301-10784_3-9746451-7.html

AV vendors will block law enforcement key loggers, for now

Bookmark This (opens in new window)

Updated 7/19/07: FBI nabs bomb threat suspect with spyware
Updated 7/19/07: Policeware: the spyware used by law enforcement

A recent case that was heard by the U.S. Court of Appeals involved law enforcement use of a key logger on a suspect’s computer. The case involved a suspected illicit drug maker that was under investigation by the U.S. Drug Enforcement Agency (DEA). The DEA obtained permission from a judge to install key logging software on the suspect’s computer in order to harvest passwords for PGP and Hushmail encryption.

This case highlights a question that I’ve been thinking about for years: would my anti-virus program alert me to the presence of key logger software, even if it was installed by law enforcement? C|Net News interviewed representatives from several anti-virus/malware companies and got answers to that question. Would the following vendors’ programs detect key loggers even if installed by law enforcement?

▪ Grisoft/AVG: Yes
▪ Checkpoint: Yes
▪ Computer Associates: Yes
▪ eEye: Yes
▪ IBM: Yes
▪ Kaspersky: Yes
▪ McAfee: Yes
▪ Microsoft: Yes
▪ Sana: Yes
▪ Sophos: Yes
▪ Symantec: Yes
▪ Trend Micro: Yes
▪ Websense: Yes

C|Net News also asked these vendors if they had ever received requests from law enforcement (including subpoenas) that their products not inform a specific user of the presence of a law enforcement installed key logger. Some of the companies have a policy to not discuss specific dealings with law enforcement – and the rest said they had received no such request.

I am wondering just now – what would McAfee, Trend, Symantec, or any of the others do if law enforcement DID request / require that their products not report the presence of a key logger. How would they accomplish that feat? I can imagine a number of scenarios on how that would be accomplished:

  • The specific anti-virus vendor would design in a mechanism that would silence the software’s alert of a key logger if it received a specific signal from the vendor’s update service. To accomplish this, the vendor would have to know precisely which PC should be silenced, and be able to do so silently.

Other, less serious, alternatives come to mind:

  • Law enforcement could sneak into the suspect’s computer and run a program that would disable anti-virus programs’ ability to detect or report the presence of the key logger. I can easily imagine malware that would perform the same disabling feature in order to hide its own key logger. Some malware already has the ability to completely shut down anti-virus programs, firewalls, and so on, so this capability is not that far-fetched.
  • Law enforcement could send an e-mail to the suspect, where the e-mail either contained an executable, or a URL to a law enforcement website. “Please run this program or visit this web site so that we can install a key logger for you.” Uh huh.

Remember: anything that law enforcement can do, hackers can do. In fact, hackers are often one step ahead of law enforcement, experienced with the illicit installation of key loggers.

Anyway, I can imagine a future where law enforcement may have the ability to get key loggers onto computers, and at the same time get anti-malware programs to look the other way. But I expect that there will be capabilities of detecting and disabling such key loggers: hackers are notoriously anti-law enforcement and they would quickly fill the need to detect and block law enforcement key loggers.

In the meantime I can think of a few countermeasures:

  • Regularly scan your computer with one of several available online malware scanners (see this tip for more information).
  • Run one or more anti-rootkit programs to scan for rootkits (I feel that key loggers and/or the means for blocking anti-malware’s alerting it may be done by rootkits).
  • Switch your OS: use MacOS or Linux instead of Windows.

I have a feeling that the Electronic Frontier Foundation and the ACLU will be watching these developments.

Links to stories:

http://news.com.com/Security+firms+on+police+spyware%2C+in+their+own+words/2100-7348_3-6196990.html?tag=st.num

http://news.com.com/8301-10784_3-9741357-7.html