Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

“Should I Turn Off my Computer at Night?”

Computer Security, Technical Tips

If I had a penny for every time I have been asked that question… I’d be writing this article from a bungalow in the Bahamas.

But I don’t. So, to the question at hand.

People in favor of turning the computer off at night bring up valid points, the main one being power consumption. But did you know that properly set power management settings reduces idle power consumption around 70%?

Others reason that with the computer off when not in use during the night the possibility of a hacker intrusion attack is reduced. True but if that is the concern, you can disconnect the computer from the internet (through disabling the network adapter, or a switch for many laptops with wireless, or disconnecting the network cable, or turning off the router, or…). And the truth is, it is relatively easy to repel hacker attacks if you have a sound computer security setup in place.

So now that we have those out of the way, let me tell you what is good about leaving your computer on at night.

There are several routines that traditionally computers are scheduled to perform after hours, when the computer is idle. These include: virus scans, hard disk defragmentation, system restore points, Windows updates, system backups, among others. When you turn your computer off at night, all these routines are not performed and to that degree your system is running in a non-optimum state.

And did you know that over time, it is more taxing for the electronic components of the computer to go from room temperature to operating temperature to room temperature to operating temperature than to remain in the same relative temperature range?

One last thing. Just about the only thing that is good about shutting your computer down at night and restarting it in the morning is that all memory errors and such are cleared up. The maxim “when in doubt, restart” applies here. So if you are one of those users that turned your computer off at night and decided to change to leaving it on, I recommend a restart at least every few days, to clear such errors accumulated over time. It will do for a smoother operating computer.

This subject has people that advocate for either of both possible answers and thus I expect some percentage of people to disagree with my position. If so it is your prerogative and I respect it. But the above is my take on the subject, based on over 25 years of experience with computers. Up to you to follow it or not.

The Ultimate Malware Protection Tool for Web Surfing

Computer Security,

A few weeks ago I covered in an article the best protection model for a computer when it comes to malware. You can find that article here.

However, good as it might be, with the advances in malware technology there is still a chance your computer will get infected while browsing through websites, if you’re not careful.

For those who need and want ultimate protection while web surfing, the answer is virtualization. Simply put, virtualization in this context refers to the creation of a  separate operating space within your computer, which can then act as a sandbox. In other words, it’s like a computer within your computer. While not strictly correct, this is the easiest way to portray it for the non-advanced user. But the point is that while you are browsing, you can choose to turn virtualization on and thus everything that might impact your computer in terms of malware can be discarded at a press of a key once you finish your browsing session.

There are several programs that achieve this, perhaps the most known is Sandboxie, http://www.sandboxie.com/

Other programs have a built-in feature that can be used as a sandbox. For example, I use Acronis True Image Home 2009, a backup application. It has a function called “Try and Decide” which is simply an implementation of the mentioned virtualization function, with the same results.

So when is it recommended to use one of these programs? For example, if you are required to browse the web constantly and you often do searches and you are not sure of whether or not a malicious website might come up in the top search results, effectively infecting your computer when you click on that search result.

Virtualization or sandboxing is something that can be turned on or off selectively. In other words, you can have a sandboxing program installed and only use it when you deem it necessary.

And in some instances it can be proven to be very necessary.

Spam and Links in E-mails

Computer Security, Technical Tips

The CAN-SPAM Act, a law that sets the rules for commercial emails, includes a requirement to tell recipients how to opt out of receiving future email from businesses. This is why, when you get a commercial email, it is supposed to give a way to stop receiving such emails. Methods can include replying to the email and putting a certain subject such as “unsubscribe” or have it in the body of the email itself when replying, etc. Some emails come with a link that you are supposed to click on to unsubscribe. While in the past this has been a legitimate way to unsubscribe to certain emails, this is now superseded by a more basic rule of email handling, DO NOT CLICK ON LINKS IN EMAILS FROM UNKNOWN SENDERS.

Why? because this is one of the easiest ways to infect your computer. All you have to do is click on that “unsubscribe” link and it takes you to a malicious website that will try to infect your computer just by virtue of accessing the webpage your web browser will land on.

So if you get an email that looks like spam, and you want to handle it, do it in some other way if unsubscribing means clicking on a link. I wouldn’t even bother sending an email asking the sender to stop sending those emails, as that is a known way to harvest valid email addresses for further spamming. Block the sender if you want, mark the email as spam so your spam filter will learn to better recognize it, report it if you wish, but that’s it. Don’t fall for the trick.

Computer Security FAQ

Computer Security

1. What is the best antivirus?

Find the answer here.

2. How do I find out if my computer is infected?

Read the signs.

3. I have an antivirus program installed. How come it didn’t catch the virus that infected my computer?

Because you don’t have enough security measures in your computer. How to handle.

4. I think my computer has a virus. What do I do?

Follow these steps.

5. Why would anybody create viruses in the first place?

Find out why.

6. I never click on suspicious email attachments or download programs from the internet. So why would I need an antivirus?

Because.

7. I heard I shouldn’t update my Windows operating system, because it only causes problems. I also heard that those updates are used by Bill Gates to help the government keep track of all the computers in the world and invade my privacy. Is that true?

Yeah, and I’m the Easter Bunny. True data.

Fake Antivirus Programs

Computer Security, ,

Fake or rogue antivirus programs, also called scareware (you’ll see why in a moment), are applications that pretend to detect and get rid of viruses, while actually being malware themselves, or being completely useless other than to scare the user into paying to download or unlock the full version of the “antivirus” to “remove” the “infection” the computer is plagued with.

Be very careful with this, as it is currently the most common type of infection going around – a rising trend. Assuming you have an antivirus solution in place – and I hope you do – know how it behaves and learn to recognize that it is not what is making an alarming pop-up window come into view all of a sudden and tell you there is an infection in your computer, and maybe prompts you to do a scan or simple starts a fake scan with lots of alarming results.

Once you’ve learned to recognize a fake antivirus in action, you have only two valid choices, and I’m deadly serious. The choices are based on your personal knowledge of malware and how to get rid of it. A) If you’re not sure what to do, save any open files, turn off your computer and contact an expert. B) If you know what to do, well, do it!

I’ll tell you what are NOT valid choices though: 1) Clicking on the “OK”, “Scan”, “Yes”, “Download” button that the suspicious window contains, 2) Even clicking on the “X” on the upper right corner of the window to get rid of the pop-up, 3) Entering your personal and credit card information to purchase the “antivirus” so you can disinfect the computer, 4) Ignoring it hoping it will go away and continue using your computer. All those are invalid options.

July 2011 note: Due to some variations of fake antivirus programs that have emerged since this article was originally written, in some cases, part of the removal procedure includes allowing the fake antivirus to perform its fake scan, so that it will allow the next steps in the removal process.

Here’s a list of trusted antivirus software vendors – you can use it as a starting point to recognize the legit ones: http://www.ccssforum.org/trusted-vendors.php

Hope this helps.

A Rapidly Trending Method to Infect your Computer

Computer Security, ,

Malware creators, cyber-criminals and other such scum are aware of where most of the internet activity is: Use of search engines (Google, Bing) social media websites (Facebook, MySpace, Twitter, YouTube, etc) and therefore try to use those trends to infect your computer. How?

Black Hat SEO techniques: SEO: Search Engine Optimization. Simply put, Black Hat SEO techniques are those used to illicitly manipulate search engine results in order to drive up the search ranking result of a particular website. This can then be used to make iwillinfectyourcomputer.com be in the first few results of any search. You search Google for “Michael Jackson death” and there it is, a fake quote on that subject and a link to take you to the website where that quote is. Looks legit too. Even the website name can look legit, like “KYWA-News.com”, but if you click on that search result to go to the website, it either takes you to that website and it’s a fake news website, or worse, when you click on the link it re-directs your computer to land in another website. Either way the result is the same: you land in a website and by virtue of it your computer gets infected, if you don’t have the proper protection and system updates in place.

A new client  with an infected computer told me recently that there was no antivirus installed in his machine because he figured if he never opened any suspicious email attachments… I rapidly disabused him of the idea, shortly before I disinfected his computer of some nasty malware. With these new infection techniques, you can get infected just by what used to be considered normal web-surfing. But that client’s comment also told me that users at large might not be as aware of this phenomenon as they need to be. Hence, this article.

So, 1) Get or improve protection in your computer as covered here, 2) Make sure your computer is updated with the latest security patches as covered here, 3) Just be aware of the above ongoing phenomena and be extra careful when clicking on search results links, or any phony looking links posted in social media websites.

Your kids and computers

Computer Security, Technical Tips,

Computers are powerful production tools. They can also be entertaining. Sometimes too entertaining.  Access to online games, pornography, file sharing and other questionable activities can make your computer a liability more than an asset for you as a responsible and caring parent.

Let me start by stating the obvious: your kid probably knows more about computers than you do. Nothing wrong with that per se, except that there might be things going on with your computers at home that you are not aware of, or are aware of but don’t know what to do about. That’s the subject of this article.

This is not a rhetorical discussion and I’m not speaking from hypothetical experience. It happens every day. A recent  client was puzzled by her teenage son’s sleeping pattern (sleeping a lot during the day). In doing a routine check on one of the client’s computers at home, the reason became evident: the kid was sneaking into the computer late at night, like 1 am or so, and then accessing inappropriate websites until 4 or 5 am and then sneaking back to bed. And this was otherwise a good kid, no other particular bad habits, etc. But the parents were absolutely clueless. So it can happen to anyone.

Let’s assume you are at the stage where you don’t think there are unethical activities going on with your computer(s) at home, but would like to keep an eye to make sure it stays that way. Some sort of monitoring software would be in order. An example of this is Spector Pro 2009, which you can find here: http://www.spectorsoft.com/. With it you can monitor what websites are accessed in a computer, incoming and outgoing emails, downloads, instant messages, even key stroke logging (recording of all input via the keyboard) is available.

If (or once) you have detected undesirable activity such as inappropriate websites access, online gaming, off-hours activity or anything like that, you can move to the next stage and put access control software in place, such as Refog Personal Monitor which you can find here: http://www.refog.com/personal-monitor.html .

It is an unfortunate fact that a good percentage of malware infections are associated with illegal downloading of software or media, accessing inappropriate sites and use of online games. That is yet another reason why these should be monitored and controlled on your computer(s).

Contact me if you want tips on what to look for as signs of undesirable activity in your computer(s).

Which Antivirus Program is Best?

Computer Security,

I’ve heard that question so many times from customers and friends alike. It usually follows “Why didn’t my antivirus detect this?” right after I clean up their computers of malware (malicious software). So I figured I should write my take on the subject. Of course, I too have been intensely looking  for the answer to the same question.

Short answer: NONE. Another one: ANY. Before you conclude I’ve lost my marbles, read on. You do want to know which you should install in your computer or if you should change the one you have installed, right? (You do have something installed, correct?)  Well, here goes the full answer.

First of all, you should have read my article that goes over a brief history of viruses and malware in general.

Then read my essay on how much security is needed in your computer.

Now remember, the main principle upon which traditional antiviruses work is they’re basically programs that compare files in your computer to a signature file.  This file contains the different characteristics of all known viruses, and thus it can detect if a particular file is infected or not, AS LONG AS THE IDENTIFIABLE CHARACTERISTIC OF THE MALWARE STRAIN IS INCLUDED IN THE SIGNATURE FILE. Typically the antivirus will then try to clean the infected file, move the infected file to a place where it’s rendered harmless (quarantine) or delete the file altogether.

Here’s the little secret the antivirus companies are not telling you, which I have mentioned before: they are overwhelmed and unable to keep up with the rate with which malware is being produced in recent times, which keeps accelerating.  And there is no reason to believe it’s going to slow down. Want numbers? Here we go:

New unique samples added to AV-Test.org’s malware collection in Sept 2006: 87,577.  In May 2009: 1,078,882! *

So malware is being produced at a higher rate than the antivirus companies’ ability to generate updated signature files to recognize such new malware.

Malware techniques are also getting more and more sophisticated.  Even if the antivirus program has a particular strain of virus listed in its signature file, a virus can be delivered to target computer(s) in such a way that it stays out of view.  To make things worse, as part of its payload (what the virus does when it becomes active or executes) it can cripple the antivirus program’s ability to detect it and remove it, especially if the logged-in user has administrative privileges. Not a pretty picture.

Sure, built-in “behavioral recognition”, present  in most antivirus programs today, will try to deal with unknown, recently created malware that is not yet included in your antivirus signature file. It does so by trying to recognize the way malware behaves when active in your computer and designating it a malicious label even before the malware is in the official wanted list (signature file). That’s either limited or, if overdone, can lead to false positives where programs that are not malicious are labeled as malicious.

Some antivirus companies, such as Panda Security, have recently been approaching the problem with collective intelligence servers to speed up the detection process by making it happen on their servers and using the cloud (the internet) as one big entity to get lots of samples to analyze from. This proposes to improve the detection rate of recently created malware because of the much larger capacity of the servers sitting remotely and the much higher amount of  data being processed. Other companies have tried that approach. Microsoft  is piloting its own version of that model right now (They call this feature “Dynamic Signature Service”) with Microsoft Security Essentials. As one of the first ones using it, so far I like it (it’s been out for about a month now).

But my point is that, even with such new approaches, antivirus programs alone are no longer effective enough by themselves to keep you malware-free. Mind you, I’m not saying you should not have an antivirus program installed, and I’m not saying all antivirus are the same either. I’m just saying that NO antivirus by itself is good enough for the reasons stated above – no matter which one you choose.

I’m going to emphasize this boldly because it is the key datum to understand in this article: The big hole left open with the antivirus inability to deal with the newest malware makes the differences in their detection rates of known malware irrelevant. In other words, who cares if Brand X antivirus has a 98% detection rate of known malware and Brand Y has 99% while Brand Z has only 70%, when all of them miss about 50% of the unknown malware? These are close to actual figures by the way, not just random numbers.

So the question “Which Antivirus Program is Best?” actually becomes “What would it really take to keep your computer as close to virus free as possible?” The answer is a 4-pronged approach:

1. Install an antivirus program that can detect and remove/clean all old and relatively recently created malware. I have tried many of them. Symantec, McAfee, Trend Micro, Panda, Bit Defender, Superantispyware, Malware Bytes, Microsoft, and these are not all.  Take your pick, all good enough, none good enough by themselves. (And that doesn’t mean you should have more than one antivirus program installed at a time – don’t. For technical reasons that’s counterproductive).

2. Install a firewall to curb the inflow and outflow of unauthorized data. It’s just an additional protection layer. Different good free ones exist, like Comodo. In my opinion and specially with Windows  7, the built-in firewall is sufficient for the purpose of this layer in this 4-prong approach.

3. Install a program that will prevent unauthorized execution of malicious programs. This is the secret key I have found in my search for the complete answer: Blue Ridge Networks’ AppGuard.  I openly recommend it as a fundamental and key part of answering this newly posed question. Some antivirus companies might contend they have security suites with the same unauthorized execution prevention, but they don’t, at least not in the same way. The concept upon which this is based is, in my opinion, very clever.  It deals with the CRITICAL “zero-day exploit” problem in a very effective way, it’s very light (uses little computer resources) and requires minimal user interaction, so you don’t have to be an expert to configure it – it is more like a set-it-and-forget-it type application.  Although I recommend it, this article is not about this product, so for more specifics and how it works, go to http://www.blueridgenetworks.com/products/appguard.php.As I’m a professional in this field, I’ve purposely visited several infected Web sites to test this product, and it has protected me in every case. Kids, don’t try this at home!

And last but not least,

4.  By any means and as I’ve mentioned in a previous article:  exercise GOOD EMAILING AND WEB SURFING HABITS.

With all these 4 points in place, the probabilities of your computer getting infected are reduced to a minimum. And despite its apparent complexity, this approach actually results in the best result with the least computer resources usage.

That is my current full answer to the actual question. There might be other setups that achieve the same result. They might even be better. But this one is the best I know, and most importantly, it WORKS. And I believe in it so much that it is what I’m using right now in my own computer.

May your computer(s) live long and prosper in a malware-free zone.

 

* 6/30/11: Per the latest data available, between January and June 2011, AV-Test.org saw an average number of new malware samples averaging 1.6 to 1.7 million new unique samples per month. Click here for the May 2013 figures and prediction for the remaining of 2013.

87577

Why is my Computer so @!#?%^&* Slow? – Part III

Computer Security, Technical Tips,

This is the third article in this series. In case you missed them, here’s the first and second.

Malware

Malware, or malicious software, can be defined as a program designed to harm your computer or grant unauthorized access to it. One of the possible reasons for your computer being slow is malware running in it. In fact I’d dare say, if your computer is running at normal speed and it slows down all of a sudden, most likely it’s due to a malware infection. Conversely, not all malware slow computers down. At least not noticeably. In any case it holds true that one of the signs of an infected computer is sluggish performance. Probably the worst cause of a computer slowdown is malware, because not only will your computer be slow, but it won’t be totally under your control anymore! What to do? Naturally the computer needs to be disinfected. I’m assuming you have an anti-malware solution in place. Run a full scan. If nothing is found but you still suspect your computer is infected. you can try free online scanners such as Panda’s, Trend Micro’s, BitDefender’s, Kaspersky’s, Microsoft’s, Eset’s, to name a few. These can sometimes detect what your installed antivirus missed. Note that depending on the nature and severity of the infection, the malware might block access to security companies’ websites to prevent detection and removal. So if the above links don’t work, that’s probably the reason why. Once all the normal basic routines are unsuccessful in removing a resilient infection, it’s time to contact an expert to get the computer cleaned up. This is when the handling enters the realm of advanced manual malware removal techniques. Look for my soon-to-be-released article on how to best prevent getting infected in the first place and what is the best product to achieve that. Due to how relevant it is, that will be the next article to be published, and after that I’ll continue with the rest of this computer slowness series. Update 7/29/09: Here it is.

To Update or Not to Update, That is the Question

Computer Security, Technical Tips,

Normally I wouldn’t even write about this subject because it almost seems like a redundancy to mention it, but recently came across some misconceptions that urged me to help set the record straight.

Software updates, what are they? what are they for? should they be installed? Generally speaking, the main computer software updates are its operating system updates. Since I don’t work with Macs, this means Windows updates. These updates can have 3 goals: improved stability, improved security, improved performance.

Specifically on security, the cycle goes like this: some not-so-well-intentioned fellow(s) looks for and finds a vulnerability in a current Windows operating system. That means a security hole which if successfully exploited, allows the bad guy to gain access to your computer data and maybe even gain control over it. Not good. Microsoft gets wind of the vulnerability, develops a “patch” to fix it, tests it, releases it through Windows update, it gets applied broadly, no more security hole. The cycle repeats over and over in an endless race over the zero-day exploit. The term derives from the age of the exploit. When Microsoft becomes aware of a security hole, there is a race to close it before more attackers discover it or the vulnerability becomes public. A “zero day” attack occurs on or before the first or “zeroth” day of vendor awareness, meaning Microsoft has not had any opportunity to disseminate a security fix to users of the software.

Stability and performance follow a less hectic path, but they are nonetheless also upgrades.

Other non-operating system software vendors also provide updates for their software with the same goals.

Now, some people seem to be against installing updates, partially due to bad past experiences, i.e. after installing an update, something went wrong and the computer had a new problem. Does it happen? yes. Have some updates been more damaging than beneficial? yes. Does that mean one should just not update? NO. In the overall grand scheme of things, updates will always be more beneficial than harmful.

Keep your computer up-to-date with the latest updates from Microsoft and any other applicable software vendors. It is an essential step to keeping your computer secure and healthy.

Contact me if you need help on the subject.