Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

Ransomware

Computer Security

Ransomware. Such funny coined word for such fun times we live in. A type of malware, ransomware  holds either a computer or its data hostage, and asks the user for a ransom in order to “release” the hostage. This type of malware (malicious software) has existed for some time but its newest variant is proving to be a bit of a challenge in terms of recovering the lost information and it’s been detected as circulating in the wild since late November.

Its name is Trojan-Ransom.Win32.GpCode.ax.

How can you recognize it? Users who become victims of this new variant will often see a pop-up window in their screen, or have their desktop background replaced by this message: “ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!” The ransom message ends with, “REMEMBER: DON’T TRY TO TELL SOMEONE ABOUT THIS MESSAGE IF YOU WANT TO GET YOUR FILES BACK! JUST DO ALL WE TOLD.”

What does it do? It encrypts the files in your computer’s hard disk drive, making it impossible to access or recover them. Past threats about the encryption strength have been bogus in some cases. Not this one. So as of this writing, there is no known way to decrypt the data to recover it.

What can you do about it? There are three actions to take. First is the usual preventive one. Have a good security setup so you don’t get infected in the first place, and have a frequently updated data backup to be ready for the worst. The second action is under the category of damage control. If you see any message on your desktop like the one above, turn off your computer as fast as you can. And I don’t mean go through the usual shutdown procedure. I mean press and hold the power button of your computer until it turns off (usually takes about 5 seconds of holding the power button to force a sudden shutdown) or just yank the power cable (If your computer is a laptop obviously yanking the power cable is not an option 🙂 ). The reason for this second action is, if you act fast enough, you might be able to abort the encryption process that is destroying your information. Don’t turn the computer back on. The third action is a corrective one. Contact an expert so the necessary steps can be taken to remove the threat before it can resume its destructive work.

For Firefox Users – HTTPS Everywhere

Computer Security, Technical Tips

Computer security is as strong as its weakest link. Nowadays, the weakest link is, frequently, the user himself. That’s partially why I write these articles, in an effort to do my part to improve the general knowledge level of the average computer user. What is HTTPS? It’s a secure method of HTTP. And what the … is HTTP? an acronym that means Hyper Text Transfer Protocol. Simply put, the method your computer uses to display websites. OK so back to HTTPS now. HTTPS is therefore a secure method of displaying websites. How does that affect you?

Well, with the Internet becoming more and more interactive, the communication from your computer is not just from the internet to it (like what happens when you make your computer’s web  browser go to a website) but also from your computer to the Internet. So it’s becoming more and more a two-way street. That takes us to a recent problem. Recently somebody created Firesheep, a plug-in that allows any user using the Firefox web browser to “steal” login information from other users logging in to sites like Facebook, as long as the victim is using a public wireless connection and is nearby. You might have read about it, it made the news recently. As a result, the attacker can impersonate the legitimate user at which point he/she will have total control over your account and can do anything the legit user can do.

Ok so that’s the bad news. What’s the good news? Actually, I didn’t say there were any. But in this case you got lucky, because there are. At least if you use Firefox as your web browser. There is a counter-measure plug-in called HTTPS Everywhere. This one forces the use of HTTPS in several well-known and frequently use websites, resulting in being invulnerable to the Firesheep plug-in attack. Again, you can only install this plug-in in Firefox. You can find HTTPS Everywhere here.

Note: Using the plug-in might have adverse effects in some minor functions in certain websites. For example it breaks the functionality of Facebook chat. The bug is not in the plug-in, but in Facebook’s website, so it’s something Facebook would have to fix.

Some of the popular websites HTTPS Everywhere works in include:

  • Google Search
  • Wikipedia
  • Twitter
  • Facebook
  • bit.ly
  • GMX
  • WordPress.com blogs
  • The New York Times
  • The Washington Post
  • PayPal
  • EFF
  • Tor
  • Ixquick

Wishing you a safe surf.

To Scan Emails or Not to Scan Emails, That is the Question

Computer Security, Technical Tips

The content of this article might make some readers think I’ve lost my marbles. Regardless, here we go. As most users know, antivirus protection usually includes email scanning. What that means is incoming and outgoing emails are scanned (assuming you use an email client of course, as discussed in this recent article) by the antivirus software installed on your computer, to detect and eradicate any known threats from all emails. So here’s my advice: Turn email scanning off.

First, let me explain why, then I’ll explain the benefits of it.

Let me start by telling you that most antivirus programs have what is call “real-time protection” or “active shield” or some other similar name. In an antivirus, this is a function that scans every file you access in your computer. So when you open a document, a picture, a video, a new program, sometimes even a folder that contains such files, the antivirus scanner function quickly gets in the way and examines the file for anything that would make it be classified as malware, and if the results are positive, the antivirus will take action, the action taken largely depending on what it has been set to do. It might alert you of the threat and ask you for a decision on what to do, or quarantine the file in question, delete it, and so on. If after scanning the file the results for any malware trace are negative, the scanner naturally allows normal access to it. But the point is, providing the real-time protection is enabled, the email scanning function is redundant, for the email scanner will do the same than the real-time protection scanner, but with emails and their attachments, which are after all, just files.

Fair enough, you might say, let’s assume for a moment the above is right; However the more protection the better and so if I get a file scanned twice, there’s no harm in it.

That’s true. Well no, actually, it’s not. And here’s where the benefit part comes in. The truth is, an email scanner is likely to cause a corruption in the files your email client uses to store emails, and that will cause problems with the normal functionality of said client. Ironically, email scanners are more often responsible for inbox corruption in an email client than malware! So when you look at it that way, it doesn’t seem so beneficial anymore, does it?

I sometimes even wonder why antivirus program vendors still sell antivirus software with email scanners. It seems like a vestigial function that somehow is still there even though it’s not really needed and is more or less famous for causing trouble.

So turn off your antivirus email scanner if it’s on. And if you don’t know how to do that, ask an expert for help.

Adobe Releases Newest Version of its Reader, with New Protection

Computer Security

Regular readers have seen several articles in the last few months about different patches, updates, hot-fixes (same thing) in several programs, Adobe’s PDF reader amongst them. This article is not about another one of those patches.

Now that we have made clear what this article is not about 🙂 , let’s take a look at what it IS about. Adobe released, a few days ago, a new version of its reader, version X (latest prior version was 9, get it?). The highlight of this new version is the fact that it incorporates sandboxing capabilities. Sounds good, right? Well maybe, if one knows what in the name of all that is Holy “sandboxing” is.

This article from last year covered the subject. But in a few words, it is a special protected mode. When Adobe Reader X runs in protected mode it provides an added layer of security. In this mode, malicious PDF documents can’t launch arbitrary executable files or write to system directories or the Windows Registry, activities that usually malware attempts to perform to infect a computer.

You can download Adobe Reader X from this location. At this time, users of earlier Adobe Reader versions will not be offered the new version’s download automatically. it needs to be downloaded manually (meaning initiated by the user, i.e. click on the above link!).

To check the status of protected mode, open Adobe Reader X, then choose File > Properties > Advanced > Protected Mode.

Protected mode is enabled by default. If for whatever reason you want to turn-off protected mode:

  1. Choose Edit > Preferences. The Preferences dialog box appears.
  2. In the Categories list select General.
  3. Deselect Enable Protected Mode at startup.

Adobe is hoping that this new version’s handling of vulnerabilities exploits will take  the pressure off  having to constantly issue patches to, well, patch them. I hope so too.

Another Handy Tool; This One Will Check Your Whole Computer for Vulnerabilities

Computer Security,

Vulnerabilities and programs updates as part of computer security is an interesting subject. Savvy computer users realize early on that patching their computer programs plus having a good security setup (preventive maintenance) is better than having to deal with a malware infection (corrective maintenance) or with a possible resultant data loss or identity theft (just plain damage control). Last week’s article provided readers with a tool to check their web browser for out-of-date plugins that could open the door to hackers exploiting existing vulnerabilities to gain remote control of your computer. This week we’ll move on to a more embracive tool  tool that will check your whole computer for vulnerabilities and similarly generate a report of out-of-date programs in your computer that pose potential security risks with links to newer, more secure versions. This tool is free for personal use. It’s called Secunia Personal Software Inspector (PSI).

Users with Windows XP installed in their computers can download it by clicking on the following link:

ftp://ftp.secunia.com/PSISetup1501.exe

Users with Windows Vista or Windows 7 can download it by clicking on the following link:

http://secunia.com/PSISetup.exe

Warning: Use judgment when updating the versions of your different programs. Given the individual configuration of computers, sometimes a newer version of a program might present a problem that did not exist before. Example: I recently tried to update Skype in my laptop. The newest version of Skype did not recognize some of the hardware I was using for audio recording/playback. Had to revert to the earlier version and wait for a future version that will fix that bug. Moral of the story is either be able to use judgment and undo what you update as needed, or have an expert available to help if needed.

If you so wish, once you have scanned your computer and brought all the programs to their latest version, you can uninstall PSI.

Handy Tool to Check your Web Browser Security

Computer Security

There are two ways attacks from hackers can be executed when it comes to your web browser (Internet Explorer, Firefox, Chrome, Safari, Opera, etc.). One is the through vulnerabilities in the browser itself and the other one is through the vulnerabilities in the plug-ins your browser uses. To minimize how vulnerable they both are, it’s recommended to keep them up-to-date to their latest version which includes all the patches for different exploits.

Here’s a tool to check the plug-ins your web browser has installed and see if they need to be updated or not, PLUS the web browser itself. Click on the below link and then in the landing page click on “Install Plug-in” and follow the directions. Once the plug-in is installed, click on “Scan Now”. You’ll see if your browser is not up-to-date and which plug-ins need newer versions and links to the respective websites to update them all. Repeat for all web browsers you have installed, if you use more than one:

https://browsercheck.qualys.com/

Record Number of Windows Updates Released Today

Computer Security, Technical Tips

This number of monthly updates released today (October 12) by Microsoft is a record one at a total of sixteen. Windows updates can have 3 different enhancement purposes: stability, performance and security. In this case, the whole batch is classified under enhanced security. Products affected include both the operating system and the Office products (all versions actively supported currently on both); even, in the case of Office, Macs.

Four of the updates are classified as critical (the top classification as far as urgency is concerned). Ten are classified as important, the next level down, and two as moderate, the next one down from important. Nine of the sixteen updates are designed to prevent remote code execution (i.e. a hacker taking control of your computer remotely by exploiting a vulnerability in your computer).

If you have Windows Update set to automatically download and install updates in your computer, there is no action required (other than a restart when the updates have been installed). If you have Windows Update set to notify you but not download, or set to download but not install automatically, or turned off, installing these updates will require user intervention (Of course if you have Windows Update set to anything but automatic, you might have more than these 16 updates to install).

This Piece of Malware is a Little Scary

Computer Security

You may have read about it on the news. Stuxnet is the name of this piece of malware. Before you get the impulse of turning off your computer after you read about what it can do, let me say that this one targets specific windows based computers that manage industrial control systems (ICS), so the normal user computer is not a target, although that doesn’t mean your computer cannot get infected by it. It’s just not going to make your computer the target of its payload (what the virus does when it becomes active or executes). But even that is one of the remarkable things about this piece of malware – we’ll circle back to that.

The first unprecedented fact is the amount of zero-day exploits this malware uses: four, including this vulnerability I wrote about a little while ago. The second is the techniques it uses to infect and spread, including rootkit technology. The third is its size, unusually big for a virus. The forth is the fact that it uses two different stolen digital certificates to pretend being legit software and thus adding to its stealthiness. So it wasn’t long before it became evident that the amount of resources that came into play to generate such piece of malware, dubbed “the first cyber super-weapon” and “best malware ever”, were probably state-backed. Speculations have been flying around as to what is its country of origin. It apparently has been seen infecting industrial computer systems in Iran. It is very cleverly programmed. Although its main attack vector (entrance point) is USB flash drives, it is programmed to infect no more than 3 computers per infected USB flash drive, so it doesn’t spread too fast and thus it adds to its stealthiness.

One last thing about stuxnet, and this is the icing on the cake: the subject is so trendy that if you were to search for “stuxnet” on Google and other search engines, some of the search results are landing users in malicious websites that will infect your computer (not with stuxnet) in the usual drive-by download infection technique I’ve covered before. For the common user, it is ironically the most dangerous aspect of stuxnet.

Hotmail Password Reset Security Boosted

Computer Security

To balance the recent avalanche of vulnerabilities I’ve been writing about lately, here’s some good news on the subject of computer security. I’ve written about it in the past, but there are new security measures added to Windows Live Hotmail Web mail service to help users regain control of hijacked accounts.

Citing a trend of spammers seizing legitimate accounts, Microsoft said it was kicking off new techniques to sniff out compromised Hotmail accounts, as well as giving users more ways to reclaim inboxes snatched by criminals.

Rather than rely on an alternate e-mail address and a single secret question-answer pair for resetting an account password, Hotmail now lets a user set one or more “trusted PCs” or a mobile phone as proof that he/she is the real owner of the account.

In one of the most famous abuses of a password reset feature, University of Tennessee student David C. Kernell got control of the Yahoo Mail account of former Gov. Sarah Palin during the 2008 presidential election by answering a single security question.

Kernell was later convicted on a federal felony charge and a federal misdemeanor charge.

Instead, Hotmail users can now tag multiple PCs as proof. Users locked out of their account by a hijacker can regain control simply by logging in from one of the previously-set trusted machines.

To use a PC as proof, users must have installed Windows Live Essentials, a suite of for-free applications Microsoft offers for download.

Users can also enter a mobile number as another proof. That phone will then receive an unlocking code via a text message when the user asks for a password reset.

With those proofs in place, more users will be able to reset their passwords without help from Microsoft support.

To add additional proofs, such as a trusted PC or cell phone, to a Hotmail account, users must click “Options” in the upper right of the Hotmail screen, select “More options…” from the drop-down menu, then click “View and edit personal information” under the subheading of “Manage your account.” The proofs can be added under “Password reset information.”

Microsoft isn’t the only Web mail provider beefing up security. Last week, Google announced two-factor authorization that lets businesses protect Gmail log-ins by delivering a one-time code to a cell phone via text message.

It’s Been a Busy Summer for Vulnerability Attacks to Adobe

Computer Security

Less than a week after warning users that hackers were exploiting an unpatched bug in its Reader PDF viewer, Adobe said 8 days ago that Flash, its other prominent program, was also under fire. Adobe said that the current version of Flash contains a critical flaw already being used in the wild by criminals to attack Windows PCs. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory read. All editions of Flash, including those for Windows, Mac, Linux, Solaris and Google’s Android mobile operating system include the flaw.

The company said then it would patch Flash in two weeks. However just got word that they moved it up to today. Go to the download center at http://get.adobe.com/flashplayer/ to get the latest version.

Click here to find out what version of Flash you have installed. If it’s less than 10.1.85.3, you need to update it.

Noteworthy is the fact that Google Chrome browser users got the patch four days ago, one of the benefits of an April Google-Adobe deal. That’s one of the factors that has made Chrome my current official choice of web browser.