All posts by remotehelpexpert

Computer Security FAQ

Computer Security

1. What is the best antivirus?

Find the answer here.

2. How do I find out if my computer is infected?

Read the signs.

3. I have an antivirus program installed. How come it didn’t catch the virus that infected my computer?

Because you don’t have enough security measures in your computer. How to handle.

4. I think my computer has a virus. What do I do?

Follow these steps.

5. Why would anybody create viruses in the first place?

Find out why.

6. I never click on suspicious email attachments or download programs from the internet. So why would I need an antivirus?

Because.

7. I heard I shouldn’t update my Windows operating system, because it only causes problems. I also heard that those updates are used by Bill Gates to help the government keep track of all the computers in the world and invade my privacy. Is that true?

Yeah, and I’m the Easter Bunny. True data.

Fake Antivirus Programs

Computer Security, ,

Fake or rogue antivirus programs, also called scareware (you’ll see why in a moment), are applications that pretend to detect and get rid of viruses, while actually being malware themselves, or being completely useless other than to scare the user into paying to download or unlock the full version of the “antivirus” to “remove” the “infection” the computer is plagued with.

Be very careful with this, as it is currently the most common type of infection going around – a rising trend. Assuming you have an antivirus solution in place – and I hope you do – know how it behaves and learn to recognize that it is not what is making an alarming pop-up window come into view all of a sudden and tell you there is an infection in your computer, and maybe prompts you to do a scan or simple starts a fake scan with lots of alarming results.

Once you’ve learned to recognize a fake antivirus in action, you have only two valid choices, and I’m deadly serious. The choices are based on your personal knowledge of malware and how to get rid of it. A) If you’re not sure what to do, save any open files, turn off your computer and contact an expert. B) If you know what to do, well, do it!

I’ll tell you what are NOT valid choices though: 1) Clicking on the “OK”, “Scan”, “Yes”, “Download” button that the suspicious window contains, 2) Even clicking on the “X” on the upper right corner of the window to get rid of the pop-up, 3) Entering your personal and credit card information to purchase the “antivirus” so you can disinfect the computer, 4) Ignoring it hoping it will go away and continue using your computer. All those are invalid options.

July 2011 note: Due to some variations of fake antivirus programs that have emerged since this article was originally written, in some cases, part of the removal procedure includes allowing the fake antivirus to perform its fake scan, so that it will allow the next steps in the removal process.

Here’s a list of trusted antivirus software vendors – you can use it as a starting point to recognize the legit ones: http://www.ccssforum.org/trusted-vendors.php

Hope this helps.

A Rapidly Trending Method to Infect your Computer

Computer Security, ,

Malware creators, cyber-criminals and other such scum are aware of where most of the internet activity is: Use of search engines (Google, Bing) social media websites (Facebook, MySpace, Twitter, YouTube, etc) and therefore try to use those trends to infect your computer. How?

Black Hat SEO techniques: SEO: Search Engine Optimization. Simply put, Black Hat SEO techniques are those used to illicitly manipulate search engine results in order to drive up the search ranking result of a particular website. This can then be used to make iwillinfectyourcomputer.com be in the first few results of any search. You search Google for “Michael Jackson death” and there it is, a fake quote on that subject and a link to take you to the website where that quote is. Looks legit too. Even the website name can look legit, like “KYWA-News.com”, but if you click on that search result to go to the website, it either takes you to that website and it’s a fake news website, or worse, when you click on the link it re-directs your computer to land in another website. Either way the result is the same: you land in a website and by virtue of it your computer gets infected, if you don’t have the proper protection and system updates in place.

A new client  with an infected computer told me recently that there was no antivirus installed in his machine because he figured if he never opened any suspicious email attachments… I rapidly disabused him of the idea, shortly before I disinfected his computer of some nasty malware. With these new infection techniques, you can get infected just by what used to be considered normal web-surfing. But that client’s comment also told me that users at large might not be as aware of this phenomenon as they need to be. Hence, this article.

So, 1) Get or improve protection in your computer as covered here, 2) Make sure your computer is updated with the latest security patches as covered here, 3) Just be aware of the above ongoing phenomena and be extra careful when clicking on search results links, or any phony looking links posted in social media websites.

Choosing Your Next Computer – What to Look For

Technical Tips

So your faithful computer, which has been with you for years, is starting to show the signs of  age. You don’t particularly want to change to a new one because a) you don’t have a money tree you can just prune and get $900 out of, b) you don’t even want to think about the pain of migrating all your documents and applications c) you’re a hardcore XP user and have heard horrible things about Windows Vista plus d) you  don’t want to have to learn all the shortcuts and ways to do things in a totally new operating system after all the time you spent learning the ways of XP.

Well I’m here to make your transition less painful. Maybe even enjoyable!

Let me start by saying that if you are a total novice on computers I suggest you seek the advice of an expert who DOESN’T work for the company you’re trying to buy the computer from. He’ll help you suggest a system that dovetails your needs.

If you are an intermediate user and understand the basics of computers, this article is for you.

The first choice you need to make is whether to get a desktop or a laptop. Traditionally desktops are cheaper for the same performance, and are more configurable (things like an audio or video card, modem and other devices can be exchanged). Laptops on the other hand are mobile and don’t use as much space. It’s interesting however that with the advances in processor technology in recent years, laptop prices have gone down while performance and battery life have gone up, and for the first time last year (2008) there were more laptops than desktops sold worldwide. The reason for this is simple: a relatively economical laptop can now perform good enough for most users basics needs of browsing the web, handling email and documents, maybe watching the occasional movie, even to some degree graphic demanding software. So if for whatever reason you have to be able to take it with you – even to the occasional Starbucks to relax and write in peace, you might want to consider getting a laptop for your next computer. If mobility is not an issue at all, stick with the desktop.

Next choice is operating system. Since I’m a Windows type guy I will only cover all the different versions of Windows. As of this writing, and providing you pay extra, you can still get a new computer retrograded with Windows XP. But the most common current choice is Windows Vista. Vista brings 5 versions: Starter (not available in developed countries) Home Basic, Home Premium, Business and Ultimate. The basic thing to know about these is that home basic and premium are not designed for a company’s usual network setup. And I’d suggest between the home versions, choose the premium one – I’ll explain why in a moment.

The choice of operating systems expands as of October 22 with the release of the next operating system: Windows 7. From now and until then if you buy a new computer with Windows Vista Home Premium or higher you can upgrade to Windows 7 for free (Now you see why the choice between Basic and Home Premium). For those XP fans, you’ll be glad to know that many of the characteristics of XP that you came to love are present in the new Windows 7, while retaining the good points of Windows Vista. Reviews of the test versions have been positive, and I have myself tested it and was very pleased with how it performs.

Now the last set of choices, what processor, of what speed, how much memory, what size and speed hard disk, dedicated versus integrated graphics. I’m not going to go into details on each of these; otherwise this article will become a booklet. But there is one thing I want to mention on this, which is true whether you’re choosing a computer, a new stereo system, a new car, etc.:

The different components must complement harmoniously for the overall system to function best. Like I’ve mentioned in another article, the computer is only going to be as fast as its slowest component. So don’t waste your money in the fastest processor available in the market if you’re putting it in a computer with a low access speed hard disk drive.

So when choosing a new computer, if it comes pre-configured, learn to recognize poor choices made by the vendor and avoid those, and if it is configurable, know how to configure  all different components so there is a harmonious synergy that results in a powerful computer which increases efficiency and productivity.

Your kids and computers

Computer Security, Technical Tips,

Computers are powerful production tools. They can also be entertaining. Sometimes too entertaining.  Access to online games, pornography, file sharing and other questionable activities can make your computer a liability more than an asset for you as a responsible and caring parent.

Let me start by stating the obvious: your kid probably knows more about computers than you do. Nothing wrong with that per se, except that there might be things going on with your computers at home that you are not aware of, or are aware of but don’t know what to do about. That’s the subject of this article.

This is not a rhetorical discussion and I’m not speaking from hypothetical experience. It happens every day. A recent  client was puzzled by her teenage son’s sleeping pattern (sleeping a lot during the day). In doing a routine check on one of the client’s computers at home, the reason became evident: the kid was sneaking into the computer late at night, like 1 am or so, and then accessing inappropriate websites until 4 or 5 am and then sneaking back to bed. And this was otherwise a good kid, no other particular bad habits, etc. But the parents were absolutely clueless. So it can happen to anyone.

Let’s assume you are at the stage where you don’t think there are unethical activities going on with your computer(s) at home, but would like to keep an eye to make sure it stays that way. Some sort of monitoring software would be in order. An example of this is Spector Pro 2009, which you can find here: http://www.spectorsoft.com/. With it you can monitor what websites are accessed in a computer, incoming and outgoing emails, downloads, instant messages, even key stroke logging (recording of all input via the keyboard) is available.

If (or once) you have detected undesirable activity such as inappropriate websites access, online gaming, off-hours activity or anything like that, you can move to the next stage and put access control software in place, such as Refog Personal Monitor which you can find here: http://www.refog.com/personal-monitor.html .

It is an unfortunate fact that a good percentage of malware infections are associated with illegal downloading of software or media, accessing inappropriate sites and use of online games. That is yet another reason why these should be monitored and controlled on your computer(s).

Contact me if you want tips on what to look for as signs of undesirable activity in your computer(s).

Why is my Computer so @!#?%^&* Slow? – Part IV

Technical Tips, ,

Hard Disk Fragmentation

Your computer’s hard disk stores all the programs your computer needs to run, plus all your documents, pictures, videos, etc.

As time goes by, your stored files become “fragmented”. You might have heard this before, but what does it mean and what does it have to do with your computer speed?

First of all, let me say that this issue is not the same in computers that have Windows XP or older, and Windows Vista and newer (Windows 7). Windows XP and older are more likely to suffer from this issue if there is no user intervention. Yet, due to the large amount of users that still have Windows XP, I’ll cover the subject.

Disk fragmentation is the storage of individual files in more than one non-consecutive physical space in the hard disk drive. Consider the following diagram, where X is available hard disk space, and F is an individual file:

XXXXXXXXXXXXXXXXXXFFFFFFFFFFFFFFFFXXXXXXXXXXXXXXX

The above shows a file that is NOT fragmented. The hard disk will be able to read it sequentially, and using minimum time. Now consider this:

XXXXXXXXXXFFFXXXXXFFFXXXXXXXXFFFFFFFFFXXXXXXXXFFF

In the above, “F” represents one file, yet it is stored in 4 different parts of the hard disk. When the hard disk reads it, it takes longer because it has to jump location 3 times to read the whole file. This is, in an oversimplified manner, what disk fragmentation means.

It is a truism that a computer is only as fast as its slowest component. Let’s take a look at some numbers. In the last 10 years, computers processing speed have increased enormously. Storage capacity (hard disk drives size) has also increased enormously. However, one thing that has not increased proportionally is the data transfer rate (the speed with which the hard disk drive reads/writes). As a result we have really fast CPUs (Central Processing Unit – the computer’s “brain”) relatively idle, waiting for data to be supplied to them to work on. So it becomes important to make sure transfer (read and write) times are minimized. This is why disk defragmentation can play an important role in your computer’s performance.

There are built-in and third-party software for Windows operating systems available to handle this aspect of your computer performance. Whichever one you use, make sure your hard disk drive gets defragmented periodically so your computer is not slowed down.

Which Antivirus Program is Best?

Computer Security,

I’ve heard that question so many times from customers and friends alike. It usually follows “Why didn’t my antivirus detect this?” right after I clean up their computers of malware (malicious software). So I figured I should write my take on the subject. Of course, I too have been intensely looking  for the answer to the same question.

Short answer: NONE. Another one: ANY. Before you conclude I’ve lost my marbles, read on. You do want to know which you should install in your computer or if you should change the one you have installed, right? (You do have something installed, correct?)  Well, here goes the full answer.

First of all, you should have read my article that goes over a brief history of viruses and malware in general.

Then read my essay on how much security is needed in your computer.

Now remember, the main principle upon which traditional antiviruses work is they’re basically programs that compare files in your computer to a signature file.  This file contains the different characteristics of all known viruses, and thus it can detect if a particular file is infected or not, AS LONG AS THE IDENTIFIABLE CHARACTERISTIC OF THE MALWARE STRAIN IS INCLUDED IN THE SIGNATURE FILE. Typically the antivirus will then try to clean the infected file, move the infected file to a place where it’s rendered harmless (quarantine) or delete the file altogether.

Here’s the little secret the antivirus companies are not telling you, which I have mentioned before: they are overwhelmed and unable to keep up with the rate with which malware is being produced in recent times, which keeps accelerating.  And there is no reason to believe it’s going to slow down. Want numbers? Here we go:

New unique samples added to AV-Test.org’s malware collection in Sept 2006: 87,577.  In May 2009: 1,078,882! *

So malware is being produced at a higher rate than the antivirus companies’ ability to generate updated signature files to recognize such new malware.

Malware techniques are also getting more and more sophisticated.  Even if the antivirus program has a particular strain of virus listed in its signature file, a virus can be delivered to target computer(s) in such a way that it stays out of view.  To make things worse, as part of its payload (what the virus does when it becomes active or executes) it can cripple the antivirus program’s ability to detect it and remove it, especially if the logged-in user has administrative privileges. Not a pretty picture.

Sure, built-in “behavioral recognition”, present  in most antivirus programs today, will try to deal with unknown, recently created malware that is not yet included in your antivirus signature file. It does so by trying to recognize the way malware behaves when active in your computer and designating it a malicious label even before the malware is in the official wanted list (signature file). That’s either limited or, if overdone, can lead to false positives where programs that are not malicious are labeled as malicious.

Some antivirus companies, such as Panda Security, have recently been approaching the problem with collective intelligence servers to speed up the detection process by making it happen on their servers and using the cloud (the internet) as one big entity to get lots of samples to analyze from. This proposes to improve the detection rate of recently created malware because of the much larger capacity of the servers sitting remotely and the much higher amount of  data being processed. Other companies have tried that approach. Microsoft  is piloting its own version of that model right now (They call this feature “Dynamic Signature Service”) with Microsoft Security Essentials. As one of the first ones using it, so far I like it (it’s been out for about a month now).

But my point is that, even with such new approaches, antivirus programs alone are no longer effective enough by themselves to keep you malware-free. Mind you, I’m not saying you should not have an antivirus program installed, and I’m not saying all antivirus are the same either. I’m just saying that NO antivirus by itself is good enough for the reasons stated above – no matter which one you choose.

I’m going to emphasize this boldly because it is the key datum to understand in this article: The big hole left open with the antivirus inability to deal with the newest malware makes the differences in their detection rates of known malware irrelevant. In other words, who cares if Brand X antivirus has a 98% detection rate of known malware and Brand Y has 99% while Brand Z has only 70%, when all of them miss about 50% of the unknown malware? These are close to actual figures by the way, not just random numbers.

So the question “Which Antivirus Program is Best?” actually becomes “What would it really take to keep your computer as close to virus free as possible?” The answer is a 4-pronged approach:

1. Install an antivirus program that can detect and remove/clean all old and relatively recently created malware. I have tried many of them. Symantec, McAfee, Trend Micro, Panda, Bit Defender, Superantispyware, Malware Bytes, Microsoft, and these are not all.  Take your pick, all good enough, none good enough by themselves. (And that doesn’t mean you should have more than one antivirus program installed at a time – don’t. For technical reasons that’s counterproductive).

2. Install a firewall to curb the inflow and outflow of unauthorized data. It’s just an additional protection layer. Different good free ones exist, like Comodo. In my opinion and specially with Windows  7, the built-in firewall is sufficient for the purpose of this layer in this 4-prong approach.

3. Install a program that will prevent unauthorized execution of malicious programs. This is the secret key I have found in my search for the complete answer: Blue Ridge Networks’ AppGuard.  I openly recommend it as a fundamental and key part of answering this newly posed question. Some antivirus companies might contend they have security suites with the same unauthorized execution prevention, but they don’t, at least not in the same way. The concept upon which this is based is, in my opinion, very clever.  It deals with the CRITICAL “zero-day exploit” problem in a very effective way, it’s very light (uses little computer resources) and requires minimal user interaction, so you don’t have to be an expert to configure it – it is more like a set-it-and-forget-it type application.  Although I recommend it, this article is not about this product, so for more specifics and how it works, go to http://www.blueridgenetworks.com/products/appguard.php.As I’m a professional in this field, I’ve purposely visited several infected Web sites to test this product, and it has protected me in every case. Kids, don’t try this at home!

And last but not least,

4.  By any means and as I’ve mentioned in a previous article:  exercise GOOD EMAILING AND WEB SURFING HABITS.

With all these 4 points in place, the probabilities of your computer getting infected are reduced to a minimum. And despite its apparent complexity, this approach actually results in the best result with the least computer resources usage.

That is my current full answer to the actual question. There might be other setups that achieve the same result. They might even be better. But this one is the best I know, and most importantly, it WORKS. And I believe in it so much that it is what I’m using right now in my own computer.

May your computer(s) live long and prosper in a malware-free zone.

 

* 6/30/11: Per the latest data available, between January and June 2011, AV-Test.org saw an average number of new malware samples averaging 1.6 to 1.7 million new unique samples per month. Click here for the May 2013 figures and prediction for the remaining of 2013.

87577

Why is my Computer so @!#?%^&* Slow? – Part III

Computer Security, Technical Tips,

This is the third article in this series. In case you missed them, here’s the first and second.

Malware

Malware, or malicious software, can be defined as a program designed to harm your computer or grant unauthorized access to it. One of the possible reasons for your computer being slow is malware running in it. In fact I’d dare say, if your computer is running at normal speed and it slows down all of a sudden, most likely it’s due to a malware infection. Conversely, not all malware slow computers down. At least not noticeably. In any case it holds true that one of the signs of an infected computer is sluggish performance. Probably the worst cause of a computer slowdown is malware, because not only will your computer be slow, but it won’t be totally under your control anymore! What to do? Naturally the computer needs to be disinfected. I’m assuming you have an anti-malware solution in place. Run a full scan. If nothing is found but you still suspect your computer is infected. you can try free online scanners such as Panda’s, Trend Micro’s, BitDefender’s, Kaspersky’s, Microsoft’s, Eset’s, to name a few. These can sometimes detect what your installed antivirus missed. Note that depending on the nature and severity of the infection, the malware might block access to security companies’ websites to prevent detection and removal. So if the above links don’t work, that’s probably the reason why. Once all the normal basic routines are unsuccessful in removing a resilient infection, it’s time to contact an expert to get the computer cleaned up. This is when the handling enters the realm of advanced manual malware removal techniques. Look for my soon-to-be-released article on how to best prevent getting infected in the first place and what is the best product to achieve that. Due to how relevant it is, that will be the next article to be published, and after that I’ll continue with the rest of this computer slowness series. Update 7/29/09: Here it is.

Why is my Computer so @!#?%^&* Slow? – Part II

Technical Tips

This is the second in the series of articles on computer slowness and what to do to speed it up. In case you missed the first, you can find it here.

Bloatware

Bloatware is another cause for computer slowness. There are two definitions of bloatware – both apply in the context of this article.

The first one is software (programs, applications) that come pre-installed in your computer when newly bought, mostly consisting of trials, that you didn’t necessarily asked for or will use. Nothing wrong with them except they tend to use computer resources and to that degree, they will slow it down.

Why? Contrary to common belief, a computer’s Central Processing Unit (its “brain”) cannot run multiple applications at the same time. It cannot execute more than one program at a time. In fact, it cannot run more than one instruction (command) of a program at a time. This is true of even the recent computers that come with “dual cores” that you might have heard about. Each CPU can only execute one instruction per time unit. How does the computer create the illusion of running multiple applications simultaneously?

Akin to a versed juggler, a computer can keep several balls in the air at the same time, so to speak. With several applications opened, it divides its capacity to execute programs by alternating among them. The priority of the programs running can be established so the computer executes more or less relative commands of one  before it goes to the next program. So it goes something like this: Application A: execute one command, jump to Application B, run one command, jump to Application C, run two commands, and so on. The trick is that a computer can execute commands and alternate between applications so fast that it gives the illusion of simultaneity.

What does all this have to do with bloatware or computer slowness? obviously the more applications installed and running in a computer, the less each individual application will have the computer’s “attention” and so too many programs running “at the same time” will slow down the execution of each program. So what can be done about it? I’ll circle back to that in a moment.

The second definition of bloatware is related to the “inside” of the programs (applications, software) themselves. Modern applications tend to heavily use computer resources and have features that are not needed, partially because programmers rely on modern computers being faster and being able to deal with sloppy programming as described above.

So what can you do about all this? On the first definition, uninstalling the bloatware is the obvious answer. Careful though if you’re going to try that yourself – make sure you are certain which programs are bloatware and which are essential programs your computer needs to run properly.

Computer savvy users will go as far as re-installing the computer’s operating system from scratch (a clean install)  to get rid of all the bloatware that comes with an average new computer. This is one of the reasons why (but not the only one)  reinstalling a computer’s operating system from scratch will always deliver a faster computer.

On the second definition, not much you can do about it, other than maybe pray. Seriously though, just be aware of the concept and try to choose applications that run lean on computer resources. Ask an expert as needed.

Getting rid of bloatware is another step towards operating a fast computer. Contact me if you need help doing it.

Zero-day Exploit

Glossary

The term derives from the age of the exploit (a piece of software that takes advantage of a bug or vulnerability in a computer). When Microsoft becomes aware of a security hole, there is a race to close it before more attackers discover it or the vulnerability becomes public. A “zero day” attack occurs on or before the first or “zeroth” day of vendor awareness, meaning Microsoft has not had any opportunity to disseminate a security fix to users of the software. This also applies to other software applications, not just the operating system.