Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

Testing Security Software

Computer Security, Technical Tips

I’ve never been a computer builder particularly. Mind you, I like to specify what my computers have as far as configuration, but I like them built and ready to use when I get them. I don’t build computers for others either. But all that doesn’t mean I cannot build one, and to prove it to myself I recently bought all the necessary components to put a desktop computer together. And put it together I did.

Although that pet project did serve the purpose stated above, the real reason I got it was to have one dedicated machine just for testing purposes. So it’s completely rigged to be able to install test programs, reproduce problems clients might have with their computers, generally mess around with it and then bring it back to its initial state and start over.

With all the newly acquired latitude this new machine gave me, I set out to try a few security suites I’ve always wanted to test-drive. After trying a few, I had to stop for a moment and stare in awe at one of them: Kaspersky Internet Security 2012. Not a typo, it is 2012. I know you must be thinking, how can I test next year’s version? Well, for one, it is normally released before the end of the preceding year. But truth be told, it has actually not been released yet. It will be released in the US in about a month. But that didn’t stop me from getting a hold of a copy and taking it out for a spin.

So, back to KIS 2012.  I performed the standard test of visiting a dozen or so malicious websites (that if you’re not properly protected or don’t know what you’re doing will result in an infected computer). For the most part, KIS’ web filter component did not even allow the web browser to access the malicious links, and the one that the web filter did let go through, resulted in a download of a malicious program. Uh-oh.

Emulating a not-too-wise user, I opened the program and that program created another one and tried to plant itself in the computer (a trojan). I say tried, because then the active protection component stopped it, deleted the downloaded program, rolled back the actions the malicious program had done, and basically thwarted the infection attempt like it was nothing. So at the end the score was like KIS: 12, the bad guys of the Internet: 0. That’s pretty impressive.

KIS 2012 also comes with an anti-spam module that integrates with your email program. I tested it with a “honeypot” (spam trap) email address I have that catches dozens of spam emails every day. Without changing anything in the anti-spam default settings, KIS easily detected and correctly labeled most of the spam.

The only thing I was not able to test was how KIS 2012 behaves with an old, slow computer. Because the test machine is everything but. Otherwise I’d say as far as performance, interface simplicity and so forth, I didn’t have any complaints.

I’ll probably be writing more articles on reviews of other security products in the near future, while laughing at the hackers’ attempts to infect my test machine. So stay tuned for upcoming reviews.

Regarding the Latest IRS Spoof Emails Going Around

Computer Security

I’ve read comments, articles, and emails giving advice about a recent spoof email going around pretending to be from the IRS, a new version of an old trick.

Different opinions have been offered as to what antivirus programs are good in detecting, blocking and eradicating the rogue security software that gets installed in your computer if you do get the infection contained in these IRS emails.

The problem with all those antivirus programs is that detection still relays mainly on a signature/definitions file, and any other method of detection is eluded by these rogue security programs because they’re too similar to a legit program.

To get the full explanation on the above, read my article, written 2 years ago, on a security model that can withstand any such attacks. It was successfully stopping all known attacks then, and it’s still doing it now. And if you want to raise the security bar even more, add virtualization to it.

Hope this helps.

Computer Basics – Files in Windows

Computer Security, Technical Tips

Filenames in Windows have two basic parts. The filename itself, and its extension. Example: letter.doc. “Letter” is the filename, and “doc” the extension. The extension denotes what type of file  it is, and tells the computer what program to use to properly handle that type of file. For example, typically, files with a “doc” extension are handled by Word, the Microsoft Office document editor and word processor. It’s not hard to figure out that “doc” refers to “document”. Similarly, “txt” as an extension refers to “text” files, and so on.  Note: By default most versions of Windows will hide the extension for known types of files. So instead of seeing “letter.doc”, you might only see “letter” as a filename when looking at a list of your documents, and so forth.

But out of the files extensions list, a class stands out because of what it can do. It’s the family of extensions that allow a file to issue commands to the computer. When we talk about opening, executing a program, we’re talking about these files. Extensions that are included in this class are “exe”, “com”, “bat”, “cmd”, to name a few. If you open a “doc” file, it will show you the document. But if you open any of this class of executable files, they will execute (carry out the instructions) within it. Example: when you click on the Internet icon on your computer, the program that displays websites for you will open up in a window. If the Windows default program is the one being used for displaying websites, it is called Internet Explorer. But do you know the actual filename for it? It’s “iexplore.exe”. that’s the full filename for Internet Explorer. Because the extension is “exe”, it executes instructions when you open it. Namely, downloads data from the Internet, displays websites, sends (uploads) data to the Internet, and so forth.

So why am I babbling about all this today? Frankly, I sometimes miss the boat on how basic I need to go with my explanations to make clear why it’s not a good idea to download and open executable files from random sources (websites, etc). And on the other hand also to clarify that downloading an executable file from a website and executing (opening) it are two different things. A client of mine was trying to update one of her programs. She downloaded the executable file that was needed to update (bring to a newer version) what she was using. But she didn’t realize that downloading the file without opening it once downloaded would not perform any updates. She was wondering why she kept on being prompted to update the same program over and over! Once that was clarified and the downloaded file was opened (executed), she did not get prompted to update anymore.

One similar situation: somebody is told to install X program from a trusted website. What does “install” mean? it means getting a copy of the file from the website (download), and then executing the downloaded file, the “installer”. This is just a special type of executable program – Its instructions perform the needed steps to make the program being installed work. So sometimes users are told to install a program and given a website address where the program installer file can be found. They download the file, and happily report the program is installed (just because they downloaded the file that needs to be opened to install the program, but have not opened the file and thus have not installed anything). So, “download” and “install”: Two very different things.

Hope this helps.

Fake Windows Diagnosis Programs

Computer Security

I was able to see one of the newest fake Windows Diagnosis infections in the wild, and wanted to warn you about it. There are several of them and you might get all of a sudden one or more alarming windows telling you that your system or hard disk drive has several errors and a scan with an advanced module is in order, and then an attempt to coerce you into paying for that advanced module. All these alerts are of course fake and should be ignored.

One thing this infection does that might freak you out for a moment is the fact that the files in your hard disk seem to disappear. You try to access your documents, or open My Computer, and nothing shows as the contents of it. Don’t worry; The files are there, but the infection has changed an attribute in all files which hides them from normal view. This is reversible but the steps to do so plus the cleanup process are beyond the scope of this article, so contact me if you find yourself in this situation and don’t know what to do.

As usual, exert caution when clicking on links in emails, phony looking websites and any inviting, luring offers to download unknown files/programs to your computer.

Latest Flash Player Vulnerability, and Patch

Computer Security

A few days ago Adobe published a security bulletin admitting there is a new exploit spotted in the wild for Flash player. I wanted to wait until there was a patch available before writing about it, and here it is. As usual Google Chrome readers got the patch before everyone else, yesterday. The latest Google Chrome version, 10.0.648.205, contains this patch. For all other browsers users, you can go here to get the latest version of Flash:

http://get.adobe.com/flashplayer/

If you have any questions as to what version you have and which is the latest one, go here:

http://www.adobe.com/software/flash/about/

Attacks that use the exploit patched by the latest version of Flash have been seen in the wild, in Word and Excel files attached to email messages. Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China’s antitrust laws, or a Japanese nuclear weapons program. Later messages posed as corporate reorganization plans or new company contact lists.

Users beware, and install the latest version of Flash as soon as possible.

Mammoth Set of Windows Updates in April

Computer Security

This month Microsoft is releasing 17 updates meant to patch 64 different vulnerabilities in Windows operating systems as well as Office. The 17 updates tie a record set in December, but the 64 vulnerabilities they’re patching is an all-time record. Out of the 17 updates, 9 are labeled “critical”, the remaining 8 “important”.

Updates are set to be released on Tuesday the 12th at around 10 AM PDT. 6 of the updates will require a computer restart after applied. Other than that, if you have automatic updates on, no other user intervention is required. If you don’t have automatic updates set to on, it behooves you to download and install these updates.

If you were to draw an analogy, applying software patches and updates is like closing open doors and windows ( 🙂 ) that could allow access to your house by thieves. A sound security system (antivirus, firewall etc)  would be like a fence around the house that prevent thieves from entering your property. Even if thieves were to successfully jump the fence and enter your courtyard, they would not be able to get into the house if there was no open entrance.

Theoretically, a fully patched computer could get infected by a virus, but if the vulnerability the virus was set to exploit was patched, no adverse effect would ensue.

Always keep your operating system and main programs up-to-date for a better intrusion prevention security level.

 

Targeted E-mail Attacks Expected

Computer Security

Epsilon, a Texas-based company that runs marketing and customer loyalty campaigns via email for some of the country’s biggest banks, credit card companies and retailers, including American Express, Best Buy, Citibank, Capital One, Kroger, Visa and U.S. Bank, announced a few days ago that a number of names and email addresses they have used in campaigns had been stolen by hackers.

What that means is those names and emails can now be used in targeted email attacks to try and steal information from users, since there are specific, valid email address to send scam/spam emails to. This is sometimes called spear phishing attacks.

You might have received a warning from your bank or credit card company about this. Pay heed and be particularly careful when opening email from unknown sources.  Also expect a possible increase in spam emails in the near future. Click here and here for standard defensive actions in situations like this one.

Alert – Fake Emails “from Adobe” to Upgrade Adobe Reader

Computer Security

So there I was, minding my own little business, a bit bored maybe because nobody had attempted to infect my computer for a few days when I fished (pun intended but perhaps not yet obvious) a good one out of the tank. And by tank I mean the spam folder in one of my email addresses.

The “From” field in the email was “Adobe Systems Incorporated”. The subject “Action required : Upgrade New Adobe Acrobat Reader For Your PC”. The heading within the email “GETTING MORE DONE AT WORK NOW COMES IN A CONVENIENT BOX”. And then some pitch about upgrading to the latest version of Adobe Reader, blah blah blah and a link, placed twice in different points of the email, to go and “download the latest version” of Adobe Reader.

If you get such an email and are fool enough to click on that link, you will see an almost legit looking website that again promotes downloading the latest version of Adobe Reader, and there’s a button you can click on that says “download”. Again, looking very official. Except that last link will take you to a phishing website.

I was actually never able to land on the phishing website, thanks to OpenDNS, which had already labelled it as phishing and had blocked access to everyone who uses their service (see http://remotehelpexpert.com/blog/?p=2332 for data on using OpenDNS as protection against phishing). But I wanted to alert my avid and loyal readers of this fresh new scam going on.

Generally speaking, never update computer programs by clicking on a link from an unknown source that promises you to take you to the appropriate website. Rather, type the website address (for example in this case, adobe.com) and then navigate within the website to find the download location and proceed from there.

Hope this help prevents unnecessary infections and identity theft.

New Vulnerability in Adobe Flash Player

Computer Security

A vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier for the Google Chrome web browser) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android.

There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. As expected from tactics frequently used by hackers and malware creators, some of those attachment files pretend to be related to a trending subject, such as the recent earthquake and tsunami in Japan, like “Nuclear Radiation Exposure And Vulnerability Matrix.xls”, with one of the possible subjects of the emails being “Japan Nuclear Radiation Leakage and Vulnerability Analysis”.

The latest version of Flash, which includes the patch for this vulnerability can be found at http://get.adobe.com/flashplayer/. Once again Google Chrome users benefit from the deal struck earlier between Adobe and Google, where Google receives updated builds of Flash Player to be released as part of Google’s browser updated versions. After updating Chrome to version 10.0.648.134 (which has been available for some days now), the browser reports that it’s running Flash Player 10.2.154.25, a step up from the 10.2.154.18 bundled with the last update of the browser. Adobe confirmed that Chrome’s integrated copy of Flash includes the patch for the zero-day vulnerability.

To see what version of Flash you have installed in your browser, and compare it to the latest version available, go to http://www.adobe.com/software/flash/about/

Windows Updates for March ’11

Computer Security

As usual on the second Tuesday of every month, Microsoft is releasing a batch of updates this Tuesday the 8th.  A relatively small one, only 2 updates for Windows and 1 for Office are been released. 1 update is labeled critical, the other 2 important.

Worth mentioning also is the fact that in the updates department, for the past 2 weeks Windows 7 Service Pack 1 has been available for download. A service pack is a collection of security, stability and performance patches all condensed into one file. Normally service packs have respectable sizes and Windows 7 SP1 is no exception. In fact, it is arguably the biggest service pack I have seen.

I always recommend keeping your computer up-to-date on the latest Windows and any other key programs’ patches as a mean to ensure resilience to computer vulnerabilities exploited by malware creators and hackers. See this article for more information.