It’s always kind of surprising to me how many people don’t really bother to maintain their PC. A lot of folks seem to think that they can simply let their computer run without any sort of user intervention at all. The trouble is, it doesn’t work that way. As with one’s vehicle, which needs timely maintenance, so does your computer. Your computer’s is a complex, intricate machine, and it needs to be well-cared for in order to properly function, if not you will suffer problems down the road.
What’s more, it’s not just the hardware of a system that has a tendency to degrade over time. Modern computers are complex, intricate pieces of technology- fifty years ago, people wouldn’t have even dreamed this sort of stuff existed. As with any complex system, sometimes things tend to go wrong. A glitch in the software here, a misplaced line of code there, and boom. What’s shocking isn’t the fact that there’s literally thousands of ways a computer could break down and simply stop working. No, what’s shocking is that most of these issues, most of these errors, are preventable. Windows users suffer through lot’s of problems, this is why I openly advocate Linux.
Here’s a few exercises (primarily meant for Windows users) that you should do, to ensure that your computer is in top working condition.
Want to make your Windows PC run faster and smoother? These are some small tips which make great impact on the performance of your computer. Everybody wants a PC which runs the way we want. A newly bought computer just impresses you, with its fast interface, quick reactions, negligible garbage, in short just like what a new computer should.
But after using your computer for about a year or so, like me, you would also face some minor problems with your computer performance e.g. takes more time to boot up, hangs up very frequently, you see a large cluster of useless icons on your desktop, applications run slower, some even refuse to run. Innumerable problems are faced by all of us. This happens from how Windows is designed, the filing system used (NTFS) is sloppy, as opposed to EXT3/4 journaling file system as used on Linux distributions.
Now all of us won’t buy a new computer just for this reason, so what would you do? Format your hard disk? Probably, but who wants to lose precious data? There are many small things that PC users, don’t know about, or though being aware of them don’t prefer to use them as they require investment of time. And who has free time?
I am going to tell you, what I do to my own PC, to achieve the performance level I want from it. This doesn’t require much effort to follow these simple tips, nor do they require much time, but surely they increase our PC performance, your PC would surely run smoother and faster. (more…)
In a move that is likely to anger the antivirus industry, Microsoft is adding security features from its Security Essentials program to Windows 8. This is good news for consumers, but bad news for the antivirus industry. Microsoft should have been doing this since the release of Windows 95. While many of us do simultaneous facepalms and giggle at a decade-late decision, others question the legality of doing so. A multi-billion dollar industry has grown, based on the absolute porous operating system that is Microsoft Windows.
That’s right. Microsoft this week began offering U.S. customers its free antivirus program via Windows’ built-in update service, a move one major security firm said may be anti-competitive. Microsoft is adding features from its Security Essentials program, which is currently available as a separate download for Windows users, to the Windows Defender package already built into Windows. This means that Windows 8 users will get out-of-the-box protection against malware, along with firewall and parental controls from within Windows without requiring users hunt down a separate download or buy new software. (more…)
What many users don’t realize, however, is that the Web browser is the most important security defense our computers have — and yet 60 percent of the browsers accessing the Internet today are outdated. An outdated browser ends up impacting everyone’s security, privacy and performance.
I wrote about Microsoft warning us *rolls-eyes* last week, in that we were not using a “secure” browser like Internet Explorer” GASP!..the horror of us ignorant consumers!
To help users understand the importance of the browser you use, the Online Trust Alliance (OTA), a Web-industry trade group based in Bellevue, Wash., that promotes security and trust in online marketing and commerce, recently unveiled the “Why Your Browser Matters” initiative.
“The ‘Why Your Browser Matters’ initiative provides users overall recommendations to upgrade their out-of-date and legacy browsers for a more safe, more private and more compelling online experience,” said Craig Spiezle, executive director of OTA. “The Initiative is all about communicating with computer users to make them realize that an updated Web browser is one of the most important security steps you can take. It’s as important as running anti-virus/anti-malware software.”
Spiezle is quick to point out that while there is no magic bullet when it comes to computer security, the browser is on the front line of defense because it is used so frequently.
“Modern browsers detect malicious websites and phishing URLs, analyze downloads and support a broad suite of privacy features,” Spiezle said. “It’s critical to have these at your disposal when it comes to protecting yourself online, as well as protecting your machine in general.”
Modern browsers try to provide security for users in three different ways, explained Roger Thompson, chief emerging threats researcher for ICSA Labs in Mechanicsburg, Pa.
For example, said Thompson, all modern browsers have “blacklists” of known malware sites and try to prevent users from visiting them. This method works well if the malicious sites are well-known, but online criminals try to move websites around by changing domain names and IP addresses faster than security researchers can update the blacklists — so sometimes this doesn’t work.
Some browsers, such as Google Chrome, also run applets and executable code in a “sandbox,” meaning that the code and applets can’t affect other parts of the browser or the operating system. Again, this doesn’t always work.
And all modern browsers have a somewhat regular patch cycle, in which developers fix vulnerabilities to prevent direct attacks.
A good illustration of how a browser can act as the first line of defense is with regard to shortened URLs, or Web addresses.
URL-shortening services such as bit.ly, tinyurl.com or is.gd are handy to use when including links in instant messages, text messages or Twitter posts. Unfortunately, URL shorteners also mask the actual URLs they lead to, and give no warning that links might be drive-by downloads or exploits waiting for unsuspecting victims.
Fortunately, some enterprising software developers have created a way to find out where you’re going.
“There are plug-ins available for Chrome and Firefox that will automatically expand short URLs to their actual address when viewing pages containing such links,” said Harry Sverdlove, chief technology officer of Bit9, a Web security company in Waltham, Mass. “These are useful when using Facebook or Twitter from a browser, common places where malicious links are hiding in short URLs.”
How to protect yourself
As Thompson pointed out, browser vendors are good about providing updates and patches that improve security by fixing vulnerabilities that bad guys exploit. But after that, it’s up to the user himself to take action by actually downloading the updates, or upgrading the browser to the latest version.
You can check the version number of your browser by going to the Help button on your browser’s menu and checking the “About” section. (On a Mac, click the name of the application next to the apple icon in the upper left of the screen.) Often, the “about” pop-up window will prompt you to check where there might be updates available.
For those who use Internet Explorer, Spiezle has this important piece of advice: ”If it says Internet Explorer 6 … run, do not walk to the nearest free download of Internet Explorer 9.”
(If you’re still running Windows XP, update to Internet Explorer 8, the latest version you can install.) Which is the highest version you can run on Windows XP, unless someone figures out a hack for it, which they will. I rather you run Google Chrome.
Internet Explorer 6 has been the target of a number of malicious attacks over the past decade; newer versions of Internet Explorer are much more secure.
Does it matter which browser you use? Spiezle and Thompson disagree on that question.
While Thompson said that today’s browser upgrades have leveled the playing field when it comes to security, Spiezle pointed out that there still are differences among them, and each user has to assess which is best for his own uses.
“You need to look at not only the security features, but also privacy features, as well as support for the latest technologies,” Spiezle said.
Here is the link for a good start, https://otalliance.org/browser/ At first I was thinking that this was another Internet Explorer centered website, but at least they mention the alternatives.
“When criminals are able to get your password from one site that they’ve hacked into, they then take it and try to use it on other common services to see if they can get more access to your personal information,” said Chester Wisniewski, a security expert at security firm Sophos Ltd. “So they’ll go to Facebook and use the same password you used on [the site they hacked into] and they’ll go to your Gmail account.”
If it sounds too good to be true, it probably is. “We see all these survey scams on the Internet all the time where you’re asked to fill in all this personal and private information and enter to win an iPad,” Wisniewski said.
The problem is most of them are frauds and scams. “No one is getting an iPad,” Wisniewski said.
Instead of entering a sweepstakes, what you’re really doing is handing your information over to criminals who might sell it off to someone else or use it to commit identity theft.
Be cautious about sharing information, even if it seems harmless. Don’t give out information such as your birth date on social media or other sites that ask for it.
“Unfortunately, the way we work in the real world, these things may be used to identify you,” Wisniewski said.
Instead of giving away your identity, make another one up.
Keep your anti-virus software up to date. Anti-virus software comes pre-installed on most computers. But after the initial free trial period is over, either shell out for a subscription or install free anti-virus software. You’ll need it.
“It’s not a bulletproof answer because things still get by anti-virus software,” Wisniewski said. “But keeping it up to date improves your safety dramatically. And there are great free solutions out there — namely Linux.
Keep all regular software up to date to ensure it’s secure. If you do, you’ll lessen the chances of experiencing a security breach.
Trojan horses, viruses and other forms of malware evolve every day. When a bug or hole that could harm your computer or let in the bad guys is found in a piece of software, the software company will usually release an update. It’s very important that you run these updates to minimize the opportunities for criminals to steal or misuse your information.
“For example, if you get that little balloon in the tray in Windows, that says ‘Hey, there’s an Adobe update available,’ click ‘yes,’” Wisniewski said.
Keep your browser up to date. If you’re using an outdated browser, you’re also running the risk of being scammed or having your identity stolen. Up-to-date browsers have much better protection against cyberattacks than older versions.
Enable a firewall and configure it properly. A firewall is a system designed to prevent unauthorized access to your computer. Most current operating systems, such as updated versions of Windows XP, Vista and 7, as well as Mac OS X 10.4 and later, have one built in. Otherwise, you can get a inexpensive software firewall from your local computer store, software vendors or your Internet service provider.
“Turning the firewall on makes a big difference,” Wisniewski said, “because if something were to escape your anti-virus [software] and try to communicate with the Internet to send all your banking information, your firewall will stop that if it’s enabled and configured properly.”
The new Trojan known as OSX/Miner-D, nicknamed “DevilRobber” by antivirus vendors, is being distributed together with several software applications via BitTorrent sites.
“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers,” they explained. The software is being distributed through torrent sites. It installs a Java-based application called “DiabloMiner” that uses your Mac’s graphics processing unit (GPU) to generate Bitcoins.
The Bitcoin mining program that DevilRobber installs on infected computers is called DiabloMiner and is a legitimate Java-based application used in the virtual currency’s production. As this application is Java based, it will run on Windows, Solaris and Linux computers.
The first sign of infection is if your Mac suddenly becomes sluggish, Graham Cluley of Sophos wrote in a blog post.
“It’s becoming clearer every week that Mac users need to take malware protection more seriously by running anti-virus software,” he wrote.
The DevilRobber trojan steals processing power, which can lead to slow computer performance, as well as actual Bitcoins, which are kept in virtual wallets on the victim’s machine.
“OSX/Miner-D [DevilRobber] also spies on you by taking screen captures and stealing your usernames and passwords,” warned Graham Cluley, a senior technology consultant at antivirus vendor Sophos.
“In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history,” he added.
So far, the Trojan has been detected in a BitTorrent download for GraphicConverter version 7.4, an image editing application for Mac OS X. However, this doesn’t mean that there aren’t similarly Trojanized torrents out there.
“Clearly, Mac users — like their Windows cousins — should practice safe computing and only download software from official websites and legitimate download services,” Cluley said. He also stressed that Mac users should install an antivirus program, which is not hard to do and costs nothing.
There are several providers of free antivirus solutions for Mac and all of their solutions are more capable than Mac OS X’s default anti-malware defense mechanism, which some Trojans already bypass or even disable.
The latest patch from Microsoft Security Essentials and other Mac AV providers will detect this DevilRobber. I suggest you go one step further and use ESET NOD32.
Bitcoin is a form of virtual cash that can be exchanged by users without the need for an intermediary bank or payment service. Bitcoins are actually cryptographic hashes that get generated piece by piece using specialized programs like DiabloMiner, according to a public algorithm.
Bitcoin is a decentralized, highly controversial virtual currency that was formed by programmers in 2009. The currency is generated by programming computers to calculate highly complex math problems; the more computing power you have, the faster you can create Bitcoins. This is why Bitcoin rigs often look like massive sculptures of connected servers.
Ideally, Bitcoin resolves issues inherent in traditional currencies, like double-spending, inflation, corruption, and inept monetary authorities. But in reality, the effort is being undermined by security issues like exchange breaches, account theft, and pure FUD.
In the past we’ve also heard of Twitter-based Bitcoin bots and months ago, Symantec predicted the spawn of botnets used to mine Bitcoins.
One Bitcoin is currently valued at around US$3.20, and it is a good source of profit for both Bitcoin miners, who legitimately use their computer resources to generate them, and cybercriminals who steal them.
Students! Don’t get scammed for back to school computer shopping. There is only a few days left before returning to school and technology companies are gearing up for one of the most busiest seasons of the year.
Having a laptop is not mandatory for college studies, students often justify the purchase by saying that they need it desperately for school. Several large computer stores that have ‘Back to School’ specials for students, are just in it for the revenue and scamming the customers. These large computer stores want to extract as much money as possible from customers and are willing to go the distance in confusing students and their parents in order to make that extra profit. For example, I was told shamelessly straight to my face when buying a netbook that the company does not make a lot of money from the sale of a laptop and that I should purchase something else.
This is why all associates are forced to upsell and skew the truth. These people tell you that you need a CD created in order for your computer to have a backup. This extra service is only $60. For extra $100 they will setup your computer to be “ready to use”. This is a major scam because anyone can do this setup by themselves with only a few clicks of the mouse when they boot up their system for the first time. I was once told that I can get a recovery disc created by them for only $100, as the laptop I was purchasing did not come with one. When I asked if I could do it, I was told that it wasn’t possible, however I could bring the laptop back later on to do so. When I got home and booted the computer for the first time, it gave me an option to burn a recovery CD which was a breeze to make.
However, even if you do not buy into the “setup your computer” argument the associate will tell you that there are tons of viruses out there that will destroy your precious data and you will have to buy antivirus. Another reason to try Linux Mint.
But don’t worry because its on special for just $80. Another tactic they like to use is to sell you extended warranty that is about $120 to $250. This enables you to bring the computer back to the place you bought it instead of shipping it to the manufacturer. Just a side note: Manufacturers have a great service and will replace your computer for free if its still in warranty and shipping is paid by them. I shipped several laptops back to various manufacturers and the service is very fast, professional and efficient. However, be careful with your data as you could lose everything!
After pressuring you to hand over hundreds of dollars for a laptop or a netbook, they try to sell you optical drives, mice, cases and many other peripherals. Many times I have overheard associates lying to customers about what they need just to sell the extra package so that they can get a bonus/commission or just to get their manager off their backs. Even though associates in these large stores try to be polite and smile to your face, they are scamming you for hundreds of dollars out of your hard earned money just because you are unaware about what you really need. And if that fails, many stores increase the price of the product and try to sell you the whole “better value” package, without having the option to buy the computer without those unnecessary “upgrades”.
Another money waster is when students drag their parents to an Apple store and demand the latest computer hardware for their University studies. Apple computers are very expensive but all that students see is the nice shiny box and the cool factor. Being like everyone else is not cool and PCs are hundreds of dollars cheaper and do the same thing that most Apple laptops do. Save yourself or your parents some cash and get a PC laptop instead. Apple products will not increase your grades and will not make you any cooler either. Better yet, get a decent used laptop and run Linux Mint.
Therefore, this back to school season do some serious research about what you need and don’t need and do not be pressured into buying additional things that you might regret later or realize that it was a waste of your money. Majority of these businesses are making huge profits on the ignorance of many individuals about technology and computers.
A few good examples that you should think about might include:
Do students really need the latest MacBook Pro for $2000 to type essays that can be done on a Netbook or a regular laptop?
Do you need to pay additional $130 for Microsoft Office if LibreOffice is free to download and use?
Do you need a firewall and Antivirus if you are smart about what files to open and follow some simple security rules? Or you can download AVG Free Anti-virus or Avast and many universities provide you with anti-virus for free while you are their student.
Do you need additional warranty for $200 if shipping to a manufacturer is free and can be easily set up online? How long do you expect your laptop to last you?
Do you really need to pay hundreds of dollars for an extended warranty if your netbook costs $350 and it is cheaper to buy a new one than keep fixing an old one in 3 years?
Campuses typically have computer halls brimming with computers for students to use. These typically go unused and are only full during mid-terms and finals. Part of your college tuition grants you access to some of the most cutting-edge technology and research in the world. From journal subscriptions to reference e-books to high-tech computers, you have all kinds of resources to help you with your school work, and won’t have to pay extra for any of it. So utilize it.
Try to see through manipulative associates in big computer stores that try to scam you for hundreds of dollars and make you think that you need every one of the things they offer or your computer will blow up. Play it smart and use the money you save for your books or tuition instead because those things are not getting any cheaper….
In any given week, I get dozens of requests for help. The #1 question typical is this: “How do I protect myself online?” These days I’m getting that question in equal numbers from PC and Mac owners who are concerned about the best way to avoid being sucker-punched by social engineering attacks.
Many people think that security begins and ends with antivirus software. I disagree. Should you run antivirus software? As I’ve said before, if you don’t know the answer to that question, then the answer is yes.
So let’s stipulate that you’re running a well-supported, up-to-date security program—whether you use a PC or a Mac. What else do you need to do? In this post, I share the five steps I teach to friends, family members, and clients who want to avoid malware, scareware, phishing sites, and other online scams.
If you’ve been paying attention to the current threat landscape, much of the advice in this post will be familiar, even obvious. A lot of it is just common sense, but some is unconventional wisdom. Yes, of course you should expect to be attacked if you download porn or pirated software. But just staying out of bad online neighborhoods isn’t sufficient anymore.
These days, threats can come from unexpected places: Google (and Bing) search results, compromised websites, deceptive ads, seemingly innocent downloads. You don’t have to be doing anything out of the ordinary to inadvertently stumble across one of these potential threats.
If I had to summarize my guidance in a single sound bite, it would go something like this: Pay attention to your surroundings, don’t be stupid and don’t run around on the web with full administrative rights on your computer. Better yet, give Linux Mint a try http://jet-computing.com/linux/linux-mint/
Alright then, let’s break that down.
Step 1: Don’t panic.
To borrow from a classic Monty Python sketch, the two … no, three chief weapons of online criminals are “fear and surprise…and ruthless efficiency.” Their goal is to appear when you don’t expect them and convince you to act hastily. Online criminals often play on fear (your PC or Mac is infected with malware!) or simple social engineering (try these smileys! oh, and you need this codec—fake, of course—to play an enticing video clip).
The antidote to Monty Python, of course, is Douglas Adams, for whom “Don’t panic” was the secret of successful intergalactic hitchhiking.
When in doubt, stop. Think. Ask for help. If you’re truly worried, pull the plug on your Internet connection temporarily until you can call a knowledgeable friend or drag the machine in to a specialist for a thorough diagnosis.
You should, of course, have a regular backup routine. Mechanical failures (a crashed hard drive or a dropped notebook) can be even more devastating than a malware attack. With Windows 7, you can use the built-in backup program to save an image backup on an external hard drive; you can do the same thing on a Mac using Time Machine. Restoring a full backup is easy, especially if the alternative is spending hours trying to track down a well-hidden infection.
And don’t be paranoid. I can’t count the number of times I’ve heard from otherwise smart people who break out all sorts of terrible tools—registry cleaners and system optimizers being the worst offenders—at the first sign of trouble. Those snake-oil programs, in my experience, tend to make the problem worse.
Drive-by downloads and other sneak attacks are, fortunately, extremely rare. Yes, they happen, but the overwhelming majority of attacks aim at vulnerabilities that have been patched months or even years earlier.
Bad guys prey on the weak, technically unsophisticated, and ill-informed who don’t update regularly. You really,really want to avoid being a part of that group. It’s easy:
- If you use Windows, turn on Windows Update and set it to automatically download and install updates. Those updates include Windows components like Internet Explorer. If you use other Microsoft software (Office, Silverlight, Windows Live Essentials, and so on) enable Microsoft Update, which is available from the Windows Update configuration screen.
- If you use OS X, turn on Apple Software Update and set it to automatically download and install updates.
And don’t overlook potential attacks from third-party software. On any platform, it is essential to regularly update not just the operating system and its components, but also any popular Internet-connected program.That means browsers like Chrome and Firefox, utilities like Adobe’s Flash and Reader, runtime environments like Java and Silverlight and Adobe AIR, and media players like iTunes and QuickTime (on Macs, the latter two programs are included with system updates).
To make the process a little easier, I enthusiastically recommend Ninite, which automatically updates third-party software using the same URL you use to install the originals. It keeps unwanted add-ons and third-party programs at bay, too.
Since I wrote that post, Ninite has introduced a new product, the Ninite Updater, which “alerts you when any of the 92 Ninite-supported apps become out of date. It doesn’t matter if your apps were installed with Ninite or not.”
Alas, this utility is not free. The single-user package is $10 per year, and a 5-PC family pack is $30 a year. But it might be worth it for the peace of mind.
Home users can find a free alternative in Secunia Personal Software Inspector (PSI). Although it’s nowhere near as comprehensive as Ninite’s offering, it’s a good way to cover the most important threats.
3. Learn how to make smart trust decisions.
As I mentioned at the beginning of this post, social engineering is the weapon of choice for online criminals these days. Attacks can take all sorts of forms, from conventional phishing e-mails to sophisticated and convincing malicious download sites. The best countermeasure? Education.
You’re asked to make trust decisions many times every day. Some of those decisions involve programs, people, and businesses with whom you have lots of experience already. But others involve complete strangers, and still others ask you to decide with only limited information.
Any time you open an e-mail message or visit a web page, you face a possible trust decision.
Should you trust the sender of an e-mail?
Spam is one of the primary vectors for phishing attacks and financial scams, but it’s also a way to lure unsuspecting PC and Mac users to sites that deliver malware.
Spam filtering services have become very effective and can do a credible first pass on your inbox. The better your spam filter, the more likely it will recognize a fraud that could have sucked you in.
Based on my recent experience, both Hotmail and Gmail use extremely accurate spam-blocking technology. If your e-mail provider can’t properly filter spam, consider forwarding your e-mail through a Hotmail or Gmail account.
And don’t overlook the client program you use. Microsoft’s flagship e-mail programs, Outlook and Windows Live Mail, display HTML-formatted messages differently when they are in the Junk folder.
Here’s a crude but unremarkable phishing message as it appears in the Outlook Inbox folder. An unsophisticated recipient might be tempted to overlook the bad grammar and click.
But in Outlook’s Junk E-Mail folder that same message is displayed in plain text, without graphics or HTML formatting. In addition, the hyperlinks show the actual target address in the message window. That turns the once-slightly-convincing message into a laughable mess, complete with bogus hidden text.
If the message appears to be from a friend or other known contact, it’s possible that the sending account was hijacked. If you have even the slightest doubt about the actual target of a link, don’t click it. That’s doubly true if it’s from a social network.
Should you trust a web page?
When using a browser, you need to learn how to read the address bar, especially at two key decision points.
First, anytime you are asked to enter your login credentials, your Spidey sense should tingle. You need to be able to spot a website that is trying to masquerade as someone else. If you have any doubt that a login page is legitimate, close the browser window and open a new session by manually typing the domain name and navigating to a login page from there.
Both Internet Explorer and Chrome provide important information in the address bar, displaying the actual domain name in black and muting the rest of the address to a still-readable shade of gray. Here’s how it appears in Internet Explorer 9:
Second, learn how to identify a secure connection, where traffic is encrypted from end to end. Every modern browser displays visual cues (including a padlock icon) when you’re using a secure SSL connection. For sites that use Extended Validation certificates, you get additional feedback in the form of a green address bar, as shown here for Chrome.
The final online trust decision people make regularly is so important it deserves its own page…
4. Never install any software unless you’re certain it’s safe.
The biggest trust decision of all arises when you’re considering installing a new piece of software on a PC or a device. If you have any doubts about a software program, you should not install it. Period.
One great way to remain safe online is to set a high bar for software. You need solid, up-to-date information to help you decide whether a file is safe, unsafe, or suspicious. Then you need information about whether the program is reliable and useful, whether it’s compatible with other software you use, and whether it can be easily removed.
Here are the three key questions to ask about any program before clicking Yes on the installer:
Did it come from a trusted source?
It’s hard to believe that someone would actually say yes to a software installer that randomly appears when they visit a web page. But people do, which is why fake antivirus software is a thriving business. The simple act of clicking No—or forcibly closing an installer window if necessary—can save you hours of cleanup.
Is it signed with a valid digital signature?
In developing the SmartScreen technology used in Internet Explorer 9, Microsoft security researchers discovered a startling fact about the dangerous downloads they were blocking.
[T]he IE9 version of SmartScreen includes a new set of algorithms designed to test the reputation of this executable file. Has it been seen before? Is there anything about the file name or the domain that looks suspicious?
In fact, one of the most important questions to ask is this one: Is the executable file digitally signed? Microsoft’s researchers found that roughly 96% of all those red warnings are attached to unsigned, previously unseen files. The algorithm assumes that a file—signed or unsigned—is untrustworthy until it establishes a reputation. No domain or file gets a free pass—not even a new signed release from Microsoft or Google. Every file has to build a reputation.
In Windows, you can check for the presence of a digital signature by right-clicking a file and choosing Properties. Here, for example, is the digital signature information for the officially released Xvid codec installer, the rogue version doesn’t have a digital signature.
A digital signature doesn’t mean a file is safe. It does, however, mean that you have important information, and a chain of trust, about the person or company who created the file. A digital signature also guarantees that the file hasn’t been tampered with since it was signed.
In some cases, you might be willing to trust an unsigned file. You should only do so if you are confident that it is exactly what it claims to be and nothing more.
What does the security community say about the download?
If running a possible program through one antivirus scanner is good, then checking with 43 separate scanners must be, well, 43 times as effective. That’s the theory behind Virustotal (VT), a free and independent web-based service. In a matter of minutes, you can upload a questionable file and have it checked by a large cross-section of scanning engines using up-to-date definitions.
Here’s what a Virustotal report looks like:
One detail worth looking for when you submit a program is whether it’s been analyzed by VT before. If the executable file you’re analyzing is a well-known, established program, you can bet it’s been examined already. Here, for example, is what I saw when I submitted a signed Xvid codec installer, obtained from a well-known and trusted site:
If you’re uncertain about a file, one option is to set it aside for 48 hours and then resubmit it to Virustotal. That’s usually enough time for antivirus engines to identify a new strain of malware and add it to their definition files.
5. Be smart with passwords.
Has your favorite website been hacked lately? These days, it might be easier to make a list of the high-profile web sites that haven’t been broken into.
Thanks to LulzSec and Anonymous, millions of people have had the dubious pleasure of seeing their usernames and passwords posted publicly on the Internet. Last month, LulzSec snagged more than 1 million accounts from Sony Music and Sony Pictures servers. The usernames, passwords, and personal details stored there were posted on the Internet for anyone to see.
You might not be too concerned that someone can log on to your Sony account and pretend to be you. But what if someone goes to Google Mail or Hotmail and tries your email address and that same password? If you used the same password as the one on your Sony account, the bad guys are in. They can send and receive messages that appear to come from you. They can download your email archives, which can include correspondence from your bank and from online shopping sites like Amazon.com. In a very short period of time, they can do a very large amount of damage.
Repeat after me: Never use the same password in multiple places, and be especially vigilant with passwords for e-mail accounts.
It’s a royal pain to create and remember unique, hard-to-guess passwords, but that is nothing compared to the misery you will experience if a determined thief starts messing with your identity and your finances.
Sadly, an awful lot of people reuse passwords, as software architect and Microsoft MVP Troy Hunt found when he grabbed those leaked Sony files, extracted 37,000+ pairs of usernames and passwords, and did some quick analysis. The entire analysis is a good read, but I zeroed in on this part:
When an entire database is compromised and all the passwords are just sitting there in plain text, the only thing saving customers of the service is their password uniqueness. Forget about rainbow tables and brute force – we’ll come back to that – the one thing which stops the problem becoming any worse for them is that it’s the only place those credentials appear. Of course we know that both from the findings above and many other online examples, password reuse is the norm rather than the exception.
Hunt compared the contents of the hacked Sony database with identical addresses from the Gawker breach of last year and found that two-thirds of the addresses on both lists used the same password. This ratio doesn’t surprise me, and I suspect it might even be a little low.
If you’re guilty of this offense, it might seem overwhelming to try to fix your entire collection of passwords at once. So start small, by creating new, unique, hard-to-guess passwords for your e-mail and bank accounts.
What makes a good password?
- It’s at least 8 characters long, preferably 14 characters or more.
- It is not a word that can be found in any dictionary or list of common names.
- It uses at least three of the four available character types: capital letters, lower-case letters, numbers, and symbols (such as punctuation).
- It’s easy for you to remember and difficult or impossible for someone else to guess.
And one more tip: if you anticipate that you will be entering a password regularly on a handheld device, consider how the virtual keyboard on that device works. Instead of a password like Rh1ZJk#U, consider grouping the different types of characters together for quicker input: RZUUJ1hk#.
The best way to create and manage strong, unique passwords is with the help of a utility tailor-made for that job. To start I visit, https://www.grc.com/passwords.htm and picked a 8-character block from the 63 random alpha-numeric characters (a-z, A-Z, 0-9) block.
Then, to manage I use a free program called KeePass, http://keepass.info/
What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Is it really free?
Yes, KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.
The following is a list of what the absolute minimum a computer user should know, to keep their machine running as problem free. I would also say that most of, if not all of, these things are not followed by the majority of people.
- Know your operating system. Knowing what operating system and version you have is a great help for when you have problems and need outside help. It also helps for when you wish to install programs so you can choose the correct one for your operating system.
- Know your file system. It is all very well to create files but if you do not know where those files are saved, or how to look for them, then you will have problems. You will also need to know which files are yours and which ones are required for the operating system. Just deleting files you don’t know about to create space will also create major headaches.
- Perform regular operating system maintenance. This can include things like defragmenting the hard disk or scanning for malware, cleaning out temporary files or internet caches and removing old unused programs.
- Understand how to install programs. Every computer you purchase, beg, borrow or steal (just kidding) will need to have some programs installed on it. If you don’t understand (notice I didn’t use the word know) how programs are installed and where they go you can open a world of woe.
- Regularly update installed programs. Most programs nowadays have some sort of update mechanism. These need to be used and taken notice of when updates are available. Computer updates fix bugs and security problems and help keep the computer running smoothly.
- Read and understand messages and alerts shown by the computer.These messages and alerts are not just something to be clicked away and discounted. They are shown for a reason and could very well save your bank account from being siphoned off to an account in Nigeria.
- Talk the talk. I don’t mean be able to state how many nibbles there are in a byte or mix with ease in a Star Trek convention. You do need to know the difference between a cup holder and a CD-ROM drive tray. Apart from the hardware names you should also know terminology specific to the software you are using. This helps you understand when help is offered and also enables you to convey your difficulties in an intelligent manner.
- Read The Fine Manuals. Or as is most often the case, the help files which come with any professionally designed program. They are there for a purpose, to enable you to effectively use the program and give you the biggest bang for your buck so to speak. By reading the manuals or help files you can understand features which can save you many hours of wasted time. We all know time is money right?
- Take appropriate security measures. Lets face it. You have something which a lot of people want. Your identity. As the time of the Borg is not yet here and you have not been assimilated you need to protect your identity, money and even your life. This means ensuring you have the appropriate and up to date malware protection as well as some basic security measures like not using the administrative (or root) account for general computing use.
- Shutdown properly. One of the first things you should know before even using your computerfor the first time is that you should never under any circumstances turn offthe computer off with the power button. You should always shut down acomputer from the start menu button. The only time you should perform amanual shut down is when the computer will not respond to this demandfrom its start menu.
- Get an uninterruptible power supply. Purchasing a uninterruptible power supply for your computer is highly recommended to any user. The UPS is what prevents the computer from voltage fluctuations and from being crashed during a power outage. Despite what you may have been told before by other people, a UPS will be far more effective and much safer for your computer than any power-strip.
- Install a good antivirus application. Many people underestimate the importance of having a virus protection program installed on their computer. Without proper protection, the Internet becomes a hot spot for all kinds of viruses and other malware that steal personal information and infect the computer’s hard drive. This slows up a computer’s processor dramatically and can even destroy the motherboard completely if left untreated. Never use the Internet without the appropriate protection installed.
- Install a software firewall. Having a strong firewall program installed onto a computer is crucial for its overall health. It is pertinent to ensuring full Internet protection and is especially necessary for when you are using a faster wireless connection speed. The firewall program will prevent malicious hackers from getting into your system and taking control of it.
As you can see it is a very short list. Using a computer is not hard and getting even easier with every new operating system being released. To be able to keep using that computer as it was designed to be used then I believe the above list is an absolute must. Unfortunately, much to the chagrin of those who service computers, these things are not even remotely followed by the general public.
Who’s fault is that?
Comcast says that it is re-engineering it’s software for new customers, for installation and to start new service with the ISP. The software is unfriendly to computer users in general as it changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else. I have encountered “mandatory” software from ISPs before and have always skipped it to no ill effect. I have always hated these “internet installation disks.” Every time I have signed up for internet service, I throw the CD right into the trash. The CDs are worthless and anything but “necessary.” If you’re lucky, they simply connect to a web interface and register your router’s MAC address with the system. But nearly every one of these disks also throws in a bunch of crap that is annoying, unnecessary, and very frustrating. In my experience, the following things have been done by various “installation disks” handed out by ISPs:
- Changing your browser’s homepage
- Changing the suffix on Internet Explorer (i.e. every IE window title is “Internet Explorer — brought to you by Comcast”)
- Installing bloatware (such as “diagnostic tools” or various anti-virus and anti-spyware — not a problem unless you like to choose these products yourself and/or already have some installed and/or just don’t want them)
Those are just the things I remember seeing and it’s impossible to know what else they might be doing. They never ask permission for anything and always imply that using the disk is required to get your service working. I have never found an ISP that I couldn’t get my computer working on without their installation disk. In one case, I had to check the default gateway assigned to my router by DHCP and try connecting to it with a web browser in order to register my router. But that was many years ago. I haven’t had anything so complicated since. These days, you just need to plug in and you’re generally good to go (assuming you make use of an ISP provided modem, as I do — your mileage nay vary with your own modem, but it shouldn’t require the installation disk). In general, I consider these disks to be malware, as I do any application that makes changes to your computer under false pretense or without your express permission. I’ve helped a lot of Comcast customers — including myself — set up their new service or replace their cable modem. Activating a new modem with Comcast is still necessary to get out of the “walled garden,” from which any DNS query returns the address of the Comcast modem activation page. However, you have at least two available ways to get out of this:
- Choose the “installer” option, and provide your address and other account information. Comcast will activate the modem without a software installation, although you won’t generate a Comcast Email address (as if you care).
- Call Comcast. Tell them that you only have a work PC, and you cannot install software on it because you are not local Administrator. They will activate your modem and create an Email address for you.
My reaction would be “It’s a $25 fee to install software on my PC and $15 per month to rent the space. I take cash or credit cards, otherwise I’ll need your social security number to verify your credit.”
I heard from someone who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting. Here is the result.
Comcast initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.
“This is NOT a Firefox bug or issue,” a Mozilla spokesperson wrote in an email. “It is a Comcast method that applies preference changes to Firefox.”
Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox’s settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.
“Customers absolutely should be able to change their preferred homepage anytime,” Douglas said. “We’re obviously apologizing for any inconvenience we’ve caused users.”
I just tell them I’m not going to put their software on my computer, and insist they do it manually. You just have to remind them who the boss is, in this little endeavor. Firefox appears to be the only browser severely affected. Interesting. Even more interesting is how quickly they deleted my comment from the Facebook fanpage. This is the homepage Comcast insists I enjoy. Luckily Ryan Parman of ryanparman.com figured out what Comcast was doing and how to reclaim your homepage in Firefox. Here is the fix which worked for me. Please note the following about different browsers and what I’ve witnessed with Comcasts little sneak attack. Opera – did not show any signs that Xfinity/Comcast installed any malware on my computer nor did their installer change the home page. Safari – easily fixed by setting the home page back to the URL of your choice. Chrome – easily fixed as well by going into your preferences and simply changing the home page URL.
Word to the wise – Do not install any Comcast offered software, most specifically Constant Guard, Nortons or Symantec as you do not need it.