«

»

Oct
27

Trick or Tweet: Social Networking Nightmares

by

Editor’s Dossier

Trick or Tweet: Social Networking Nightmares

Greeting VSNers,

Happy Halloween everyone! This year let’s make sure that your computer is immune
to dirty tricks and only treats you well. But sometimes the unthinkable happens
and your computer gets infected. Maybe one of your kids downloaded some music or
games from Facebook and tucked inside was a bit of malware that is now playing
havoc on your computer. Or maybe your browser got hijacked when you were not
looking. It could be that some rogue security software is holding you hostage.
What are you going to do? This stuff happens. First thing is don’t panic and
read “Boo” our Halloween Guide to Tricks or Tweet in Operations below. There are
things you can do despite what the bad guys say or do.

We had quite a bit of controversy regarding last week’s article on updating
programs. Check it out in Eyes Only.

This week in Deb’s Deep Dive, Contributing Editor Deb Shinder has put together a
great article on how you can monitor your system’s security. Check it out below.

I am eliminating Dirty Tricks from this issue as all of the above info is taking
up mucho space and I don’t want to rag on your patience more than I have to. It
will return to its usual insolent space next week.

Enjoy the latest issue of VIPRESecurityNews. And remember stay safe out there.

Best,

Larry Jaffe
Editor VIPRESecurityNews

P.S. You can write to me at any time, I want to know how you feel about Internet
security and if you have any ideas for articles or subjects you would like us to
cover. Email me feedback@SunbeltSecurityNews.com

Eyes Only Your Viewpoint on Security Issues

Hello Microsoft Calling

Today I “supposedly” had a call from Microsoft in New York telling me that they
have been getting mega error reports from my machine and they would like to help
me fix this issue I was having, just for your information, I have not sent any
reports anywhere let alone Microsoft. Now the gentleman on the other end of the
phone had requested me to go to my computer and he would assist me on cleaning
up a lot of dangerous viruses that were on my machine. He asked me to go to my
start button and then press Run from there type in INF and this would take me
to a screen where I could see all the harmful viruses. Of course I didn’t do
anything he asked me to do because I wasn’t feeling comfortable with processing
what he was asking of me. – BH

Editor’s Note: You handled it perfectly.

Updates Oh My!

I have just read your most recent security news where you recommend keeping
Adobe and Java updated. I haven’t noticed a Java update lately, but the recent
Adobe update notice asks that I suspend my anti-virus system/change my security
settings, or some such thing before I update. Is this normal? I do not like to
suspend my anti-virus or change my security. – GW

Editor’s Note: We spoke to Trip Armstrong, our Security Response Supervisor and
the guy in charge of malware removal here at GFI and this is the lowdown.

There are some instances of fake adobe updates. This sounds like one of them.
You should not have to disable AV protection to allow it to install unless you
see a notice up on the Adobe website.
To be certain you are not downloading the wrong product please use
http://www.adobe.com/downloads/ for any adobe updates. For Java you should use
http://www.java.com/getjava/.

This is from Java, and should give you a pretty good idea of how vulnerable
outdated products make your system. Pay attention to the section in red
letters.
http://www.java.com/en/download/faq/remove_olderversions.xml

Why should I remove older versions of Java from my system?

The latest version of Java is always the recommended version as it contains
updates and improvements to previous versions. You can confirm that you have the
latest version by visiting the Java Verification page.

Over time, you may have installed multiple versions of Java to run available
Java content. In the past, each Java update was installed in separate
directories on your system. However, Java updates are now installed in a single
directory.

Should I remove older versions of Java?

We highly recommend users remove all older versions of Java from your system.
Keeping old and unsupported versions of Java on your system presents a serious
security risk. Removing older versions of Java from your system ensures that
Java applications will run with the most up-to-date security and performance
improvements on your system.

How can I remove older versions of Java?

You can safely remove older versions of Java from your system by following the
instructions on Java uninstallation instructions for Windows page.

Do I need older versions of Java?

The latest available version is always compatible with the older versions.
However, some Java applications (or applets) can indicate that they are
dependent on a particular version, and may not run if you do not have that
version installed. If an application or web page you access requires an older
version of Java, you should report this to the provider/developer and request
that they update the application to be compatible with all Java versions.

Wrong About Adobe & Java Updates?

I had to write you after reading the latest newsletter in which you stated that
failure to upgrade Adobe and Java products was one of the major sources of
viruses. Further, you implied that anyone who failed to religiously update the
products was, at best, foolish and, at worst, almost criminally negligent. I
can’t tell you how many friends and co-workers have come to me over the years
asking me to help them recover a locked or otherwise messed up PC due to an
automatic upgrade that failed due to an inherent installation problem or a
conflict with another installed program.

What’s the difference between an upgrade that causes the computer to fail and a
virus that causes the computer to fail? From a practical point of view, there
is no difference other than the likelihood of a failed update installation seems
to be much, much higher than the likelihood of a virus, in my experience. With
this in mind, my philosophy is to avoid updates and, instead, depend on a good
anti-virus program to do the job it’s supposed to. Just a different perspective,
for what it’s worth. – BC

Editor’s Note: We once again turn to our inspiring Trip Armstrong.

I wanted to reply to you to correct any misunderstandings / misconceptions. We
are not implying that anyone that fails to update is foolish or negligent. I am
saying that if someone leaves a vulnerable piece of software on their system
because they choose to ignore update reminders, then they can expect to be made
more vulnerable to infection.

I would prefer to repair damage done from a bad update (which is usually just a
reinstall of the failed update or full product that became corrupt) over an
infection. The damage done by infections far outweighs the potential issues
that can be caused by updating.

The difference between an upgrade that causes a computer to fail and a virus
that causes a computer to fail is that when an update causes a machine to fail,
all you have to do is repair the machine. When a virus is at fault it can cause
your computer to fail, upload your personal information to god knows where,
steal your identity, wreck your credit, and potentially have you arrested for
hosting material that you had no idea was even present (we have seen this
before).

In the antivirus industry we are constantly trying to stay ahead of the bad guys
to ensure you do not become infected, but as we are literally fighting against
human ingenuity guaranteeing 100% protection is impossible. Since that is the
case, every computer user becomes personally vested in keeping their system as
secure as possible. This includes keeping all software that is known for its
vulnerability as up to date as possible to limit the risk. To put what I am
saying into perspective allow me to provide an analogy.

It would be like having a house alarm, and the house alarm company tells you
that they have found a flaw that allows criminals to bypass it using a certain
technique, but they have a free update to the system that will prevent it from
happening, and you telling them that you do not wish to upgrade to the alarm
that keeps them out because you may have to be slightly inconvenienced while
they perform the upgrade.

When they break in whom would you blame? The alarm company (Java and Adobe)?
They offered the free upgrade to protect you. Do you blame the criminal (a
computer virus)? He would have stayed out of the house had the owner applied
the upgrade. Do you blame the police for not predicting the criminal’s action
because it’s the first time he has encountered something like this (VIPRE)?

Unfortunately, the ultimate responsibility falls on the weakest link in the
armor which in this analogy would be the home owner that decided to dismiss the
upgrade.

If you have any other questions or concerns about the issues with upgrading a
product, you should check the software manufactures website to see if there are
any reports of issues being caused by upgrades rather than taking a blanket
approach of not upgrading and thereby leaving yourself vulnerable to malware.

Our mission is to protect our customers, and a large part of that is customer
education. I hope that I have helped to dispel your concerns about updating.

Operations: What You Need To Know

Boo: Our Halloween Guide to Tricks or Tweets

You have tried to be a good citizen of the Land of Internet. You don’t download
files from strangers or get fooled by their “eye-candy” (pretty pictures). You
don’t get fooled by phishing schemes. Nevertheless, the unthinkable has happened
- you got malware aka malicious software. What to do? Don’t panic! There are
some simple solutions and remedies and remember we are always here to help you
with Free Malware Removal (see below on how to avail yourself of this free GFI
service). Thousands and thousands of malicious software are released every day.
You may get struck by lightning but at least you will know what to do.

  1. Very Important: Always respond with a positive action and don’t hesitate.
    Don’t delay dealing with it. Don’t wait days or even hours. The longer that
    malware stays in there the worse it’ll get.
  2. Safe Mode Scan: If you are infected it is a good idea to scan your computer
    once it is in Safe Mode (Safe mode is a troubleshooting option for Windows that
    starts your computer in a limited state. Only the basic files and drivers
    necessary to run Windows are started). To do this, simply restart your computer,
    when the computer manufacturer’s logo comes up, press and hold the F8 key. You
    will then get the Advanced Boot Options screen, use the arrow keys to highlight
    Safe Mode with Networking, and then press Enter.
  3. Rogue Bites: Okay, you weren’t paying attention and one of those danged Rogue
    Security Software traps has caught you. (If you remember a Rogue Security
    Program is software that appears to scan and detect malware or other problems on
    the computer, but then attempts to dupe or badger users into purchasing the
    program by presenting the user with intrusive, deceptive warnings and/or false,
    misleading scan results.) Stay cool. There are two scenarios. By the way the
    info on this step would be useful for other types of infections.

    1. The user sees a window that is rendered in their browser, which wants them to
      install the rogue.
    2. The user has already installed the rogue and needs to remove it from their
      machine.

    In the first case, yes, the user should shut down the browser by pressing ALT F4
    several times; you can get out of that loop. They should not be infected. If
    that does not work do a forced hardware shutdown and hold the power button in
    for the count of 10.

    In the second case, they would follow the following steps: Reboot into Safe Mode
    and Run a Deep Scan with VIPRE.

  4. Dare I Say Updates? I realize this is not the after cure the above are but
    perhaps it is a lesson learned. Therefore – Always, Always, Always keep Windows,
    your security software and all other software including Java and Adobe up-to-date
    and patched. I cannot overemphasize this. It will keep any damage minimal.
  5. Free Malware Removal We are here to protect you. So don’t hesitate to
    contact us immediately and we will remove the malware from your computer. I have
    been saying this for quite some time but I still receive hysterical letters from
    users. Before you contact your computer guy or the geek down the street reach
    out to us. It is painless and costs you nothing. Our team is very experienced
    and removing malware. You don’t have to pay for this incredible service.
    http://vipreantivirus.com/Support/

Free Support

Like our Malware Removal Team above our Support Team is also at your service.
You don’t have to call in or send emails or wait in line, just fill out our
support page and you will automatically create a support “case”. So should you
be experiencing technical issues with your GFI product please feel free to fill
out a support request and a technician will be happy to assist you.
http://vipreantivirus.com/Support/

Stay on top of all the real-time threats: GFI Malware Research Labs

Deb’s Deep Dive

Monitoring System Security

So you’ve installed good anti-virus and anti-spyware software and installed a
third party firewall or enabled the built-in Windows Firewall. You’re good to
go, right? No need to worry about security? Well … it’s a good start, but in
today’s malware-infested cyber world, anyone who ventures onto the Internet
needs to do more. And no matter how many precautions you take – turning off
unneeded services, creating strong passwords, not clicking unknown attachments
and links – security just isn’t a “set it and forget it” thing.

It’s important to keep an eye on what’s going on with security on your system,
and that means monitoring. In Windows 7, that’s made easier by the Action
Center, a centralized interface where you can find information about your
computer’s security settings and any pertinent issues that arise. This replaces
the Security Center in Windows Vista and adds maintenance and performance issues
to the same interface for more convenient at-a-glance monitoring.

The Action Center places an icon in your taskbar notification area (a.k.a.
system tray) and when issues are detected, you’ll see a flag there to notify
you. Click it and you’ll see messages summarizing the problems, along with a
link to open the Action Center. You can also open the Action Center via Control
Panel. Either way, the Security section is at the top of the Action Center’s
main pane. Expand it and you’ll see information regarding your firewall, Windows
Update, your anti-virus software, anti-spyware software, Internet security
settings, User Account Control (UAC), and the Network Access Protection (NAP)
service (only relevant of you connect to a corporate type network that has NAP
servers).

You can configure the types of security messages that you want the Action Center
to send. For example, if you’re using a third party anti-virus program that
doesn’t integrate with the Action Center (some do and some don’t), you could
turn off messages regarding virus protection because the Action Center will
think you don’t have AV software and keep nagging you to install it. Note that
the Action Center won’t allow you to turn on one AV program until you turn off
any others that are installed. It will, however, allow you to have more than one
anti-spyware program or firewall program running.

By default, the Action Center is set to notify you about all problems it
detects. This means putting a message flag in the notification area.
Unfortunately, you can’t configure it to send you an email when a problem is
detected, so you need to check the notification area icon regularly. For
example, if your firewall gets turned off, you’ll get a notification here. Find
out more about the Windows 7 Action Center from Paul Thurrott.

For much more comprehensive security monitoring in Windows 7 Professional,
Enterprise and Ultimate editions, you can set up security auditing. Windows will
monitor security related events that you specify, such as attempts to log onto
the computer (whether successful or not), every time a user accesses a file,
when someone changes the permissions on a file, folder, or printer, and so
forth. These events appear in the System Security log in the Windows Event
Viewer (which you can access from the Administrative Tools menu in the All
Programs menu, or by typing Event Viewer in the Start menu search box).

Security auditing can provide you with a huge amount of detailed information,
including the date/time the event occurred, source IP address, user account
involved, and more. If you want to delve more deeply into security auditing, see
the Advanced Security Auditing FAQ on the Microsoft TechNet web site.

‘Til next week,
Deb Shinder, Contributing Editor

Zone – Cool Products & Other Stuff

I am always looking for some hot stuff to share with our readers maybe you are
too. Hit me back at feedback@counterspynews.com.

Quantum Levitation

Tel-Aviv University demonstrates “quantum levitation” – superconductors locked
in a magnetic field:
Watch Video

Ingenious Jump Start

How the Russians start a car with a dead battery:
Watch Video

Awesome Sound Effects

Michael Winslow performs the most awesome Led Zeppelin cover. Check this out:
Watch Video

Concrete You Can See Through

Note: Very cool stuff!

Developed by Hungarian architect Aron Losonczi, LiTraCon (Light Transmitting
Concrete) is the world’s first commercially available transparent concrete. The
translucent material is created by combining concrete and thousands of optical
fiber strands that act like aggregate. The optical fibers form a matrix between
the two main surfaces of concrete block, connecting and directing light between
the two block faces.
Read More

To Think or Unthink

UNTHINK is an all-in-one social media platform that enables you to connect with
the world around you and collaborate with others to bring the change you want to
see in the world.
http://unthink.com/

And here is a very interesting article about this new social network. Do we need
another? Read on!
Read More

Manage all your purchases

Slice processes shopping-related emails in your inbox, such as order
confirmations and shipping notifications, to help you easily track purchases.
Slice automatically organizes your online purchases. Once you’ve linked your
inbox, you don’t have to do any more work.
Read More

The Nest Thermostat Learns from You

No more programming, no more constantly changing the temperature. The Nest
Learning Thermostat programs itself in a week to keep you comfortable and save
energy. What if it could build a schedule around what you like? Or figure out
when you’re gone? Or show you how long it’ll take to warm up the house? What if
your thermostat told you how much energy it used? And helped you to save even
more? What if you could control it from your laptop and phone?
Read More

Share on TwitterShare on LinkedInSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email