Save $20 on PCmover Professional! The ONLY software that automatically moves your programs, files and settings from an old PC to a new PC. Save $20 now

Editor’s Dossier

Piggyback downloads hog your PC

Greeting VSNers,

We will be publishing only two issues of VIPRE Security News this month, so get ready for a mini-avalanche of information. You may have been hearing a great deal about Carrier IQ lately, and the controversy promises to continue. I have found some interesting Carrier IQ articles that should be of help. You can find them in the Dirty Tricks section.

I want to alert you to a recent (and not so recent) rash of piggybacking on software you are installing. One of our readers wrote, “I got the Adobe update but almost installed Google bar by mistake. I hate it when those items are checked on by default. I know it was not your issue but on Adobe site. Keep up the good work!” I could not have said it better myself. Just be careful when you install downloads or you’ll end up downloading something you did not personally select. Check out the Operations section for additional info and tips.

We also have part two of our interview with Mark Patton, general manager of GFI Software’s Security Business Unit, where he shares his insights into the past, present and future of malicious software.

This week in Deb’s Deep Dive, our most knowledgeable Contributing Editor Deb Shinder discusses the Trusted Platform Module.

Enjoy the latest issue of VIPRE Security News. And remember, stay safe out there.

Best,

Larry Jaffe
Editor, VIPRE Security News

P.S. You can write to us at any time. We want to know how you feel about Internet
security and if you have any ideas for articles or subjects you would like us to
cover. Email us at: feedback@vipresecuritynews.com

The Man behind VIPRE – Part 2

A VSN Q&A: Mark Patton, General Manager, Security Business Unit, GFI Software

VSN: How would you describe the past year in malware and computer security?

MP: Malware volume continued its exponential increase over the past 12 months, just like it has for the previous 5 years. Our antivirus lab delivers new malware detections for tens of thousands of new malware samples every day.

In addition, the sophistication of threats is increasing. Recently, the source codes of several sophisticated threats have either been posted or leaked, serving as training material for a whole new batch of malware writers.

However, there is some good news. Due to recent arrests of members of a scareware or “rogue antivirus” ring, there has been a slowdown in the number of active rogue families (from as high as 45, we are now seeing only 8). But while we have seen a drop in overall rogue activity, we are seeing an increase in bot activity. Perhaps these guys have changed focus.

Based on our own search testing, Google has also made strides in addressing SEO poisoning over the last six months that have greatly reduced the likelihood of search results linking to scareware. This was a huge problem, because even innocuous search terms like the names of trees or air conditioning services were being poisoned with malicious results.

VSN: What do you see happening today?

MP: Vendors are offering more choices, with a shift toward suites that include firewalls and web filtering (blocking bad sites), and bundling of extended features. Of course, the next frontier is to provide protection for mobile devices, and many are bundling offerings to make it even easier for users to protect themselves online – no matter what device they are using.

VSN: Which brings us to the future of malware, what are your thoughts or predictions?

MP: Malware in general will continue to become even more sophisticated and stealthy, including the ability to spread infections from mobile devices to desktops to tablets and so on. With the massive proliferation of smartphones and tablets, there will be huge shifts in malware to attack these devices, no question.

Best bet is to run VIPRE and keep it up-to-date!

Eyes Only: Your Viewpoint on Security Issues

Jaws friendly VIPRE

“I really enjoy reading the newsletter. I’m a Jaws screen reader user, and I find VIPRE to be very compatible and “screen reader” friendly. Most of my visually impaired friends and coworkers plus my company Horizons for the Blind use and prefer VIPRE. Just the other day, my cousin, who’s sighted, downloaded a program called Media Monkey – he thought it would help me organize my music files. Well first of all, Jaws couldn’t read the music listing. To make things short; Jaws and Media Monkey were not compatible, so he removed the program. That night when VIPRE was scanning, Jaws started talking away, asking for my full attention. VIPRE found a cookie and classified it as malware. So I read details and then hit the cleanup button. When using Avast, my computer caught a virus and it cost me $300 to replace the hard drive and so on. I guess it’s wise to beware of free downloads, even though my cousin has and uses this program Media Monkey, something apparently infected it.” – CB

Microsoft phone scam

“On five occasions, I have received the urgent phone call that the caller must fix my Windows. I say, “WOW!” then I pretend that I am doing what they tell me. On each phase (as I am sitting there with my computer off) I say, “OK.” They ask what I see. I say “The interface.” They ask “What?” I say, “You are a Microsoft tech, you must know what the interface is.” Sheepishly, they say, “Yes,” and go on with their instructions with me seeing the interface each time. Finally they again ask what I see. I say, “I see the word SCAM” and hang up.

During this I have also wasted a lot of time pretending that I was lost and asking how to spell stuff. I am retired and have free time so I figure that my fooling around has cost at least an hour and a half of the scammers time ending in frustration for them. Too bad everyone didn’t have the time to lead them on a merry goose chase.” – SM

Frozen hard drive

“Within the past month or so, I have had 2 different people bring their laptops to me because they can’t use the computer. Both show in the BIOS that the hard drive password is ‘Frozen’. Neither set a password, neither knew what set it. The 2nd, (my son), said that his computer had just updated Flash. Could there be some connection? Everything I see points to the fact that ‘the laptop MUST be stolen. No one would forget a password they had to type every day’. I disagree with that statement….neither has EVER set the password and both have been owners of the laptops for months – if not years. Any ideas?” – JJ

Editor’s Note: Our intrepid Security Response Supervisor Trip Armstrong did some research on your behalf JJ and this is what he found:

“It’s not an infection. Based on what I could gather from the Google, it is either a password has been set at some point and forgotten about, or the drive is failing: http://bit.ly/ujcxhr”

Operations: What You Need to Know

Keep the piggies off your back

It is so annoying! There you are, casually downloading an update, when you suddenly find that you’ve also downloaded an unwanted toolbar… or worse. It’s called piggybacking and it’s an industry phenomenon that enables other software to “piggyback” on software your download.

Yes, you must opt-in to receive the “selected” software, but many opt-in checkboxes are preselected [to make your life easier, I presume (sarcastic)]. If you are like me, you feel taken advantage of and immediately go and uninstall the intruder. But what a waste of time! Opt-ins should just not be preselected. Here are a few tips to avoid piggybacks:

1. Pay attention – Some software distributors are sneaky. Yahoo, Microsoft, Google, Ask.com and many other companies have toolbar piggyback programs that software distributors sneak onto users’ computers.
2. Manage updates – Piggybacks are often included in software updates, like the Sun Java Update (Carbonite or Microsoft Bing Bar), Adobe Flash Player/Reader (Google Toolbar or McAfee Security Scan), AVG Antivirus (Yahoo Toolbar), CCleaner (Yahoo! Toolbar), Foxit Reader (Ask Toolbar and eBay Desktop Shortcut), RealPlayer (Google Toolbar or Google Chrome), Skype (Google Toolbar), WinZip (UniBlue RegistryBooster), etc.
3. Uncheck the checked – You have the right to decide what is on your computer. If you see a pre-checked box opting you into unwanted piggyback software, uncheck it!
4. Remove piggybacks – Use the Windows Control Panel software removal feature to uninstall piggyback software from your computer.

Free support

The VIPRE support team is at your service! You don’t have to call in, send emails or wait in line, just fill out this support request form for free technical support:
VIPRE Support

Stay on top of all the real-time threats:
http://research.sunbelt-software.com

Deb’s Deep Dive

Trusted Platform Module: What’s that all about?

You might have heard of something called a TPM chip, especially if you’ve looked into using the BitLocker full disk encryption technology that’s built into the high-end editions of Vista and Windows 7. But you might not be sure about what it is, what it does, or whether your computer has one. This week, we’ll take a look at the Trusted Platform Module (TPM) and how it works to enhance security.

A TPM is a chip that comes built into many modern laptop computers, especially those designed for business use. Standards for TPMs have been developed by the Trusted Computing Group. The computer’s BIOS and operating system have to be able to recognize and work with the TPM, in order to use it for platform security. The TPM is a dedicated device that generates and stores encryption keys. Each individual TPM has its own secret key that is hard-wired into it and can’t be changed. This provides for security that goes all the way to the hardware level and makes it harder to defeat. System builders can incorporate a TPM into the computers they build or use motherboards that have the TPM onboard.

When you set up BitLocker to use a TPM, it protects the keys that BitLocker uses to encrypt the volumes on the computer’s hard disk(s). This key is encrypted and stored on the TPM chip. When you deploy BitLocker, the computer uses a small (100 MB) alternate boot partition that stays unencrypted, while the operating system files go on another partition (typically C:). Then you can encrypt the partition that holds the OS.

So what does that do for you? It protects the OS, registry, temp files, hibernation file, page file, etc. from prying eyes. An attacker who has physical access to your computer can’t install another operating system, such as Linux, in a dual boot configuration on your computer, boot into that OS and read the files on your Windows partition. Because the TPM creates keys that are “sealed” to a specific computer, the attacker also can’t just take the drive out and put it in another computer and read the files, because they’re encrypted.

When you start your computer, the TPM will compare a hash of the OS configuration values with a snapshot that it took previously. If they match, it will release the encryption key so the operating system will boot. If not (i.e., if the boot files have been tampered with), the system won’t boot into Windows.

Setting up BitLocker to work with the TPM is easy because the BitLocker configuration wizard is designed to work with it. BitLocker can (and should) also be configured to use a PIN along with the TPM, so that you have to enter that PIN before the system will boot. This is different from your logon password that you use to log onto Windows after the operating system boots. A TPM can also work with third-party disk encryption technologies as well as BitLocker (also note that BitLocker can be used on computers that don’t have a TPM, where you can store the keys on a removable USB thumb drive instead).

The TPM’s use isn’t limited to full disk encryption. It can be used to store certificates used to encrypt email, to authenticate your computer when accessing your company’s VPN, and to serve as a built-in security token for multi-factor authentication in place of a smart card or separate token.

Not everyone trusts the Trusted Platform Module. Some folks are afraid it could be used to record your computer activities to a database, or prevent you from installing certain kinds of software (such as pirated programs). Security blogger Bruce Schneier started writing about some dangers of TPM years ago.

There are a couple of ways to find out whether your computer has a functioning TPM chip with drivers installed, by checking the BIOS and by looking for the TPM in Device Manager.

Till next week,
Deb Shinder
Contributing Editor, VIPRE Security News

Dirty tricks

Carrier IQ basics

“The rootkit (A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications) belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust…”
Source: ZDNet
http://www.zdnet.com/blog/hardware/so-theres-a-rootkit-hidden-in-millions-of-cellphones/16708?tag=nl.e539

Interesting info on the Carrier IQ site itself:
http://www.carrieriq.com/

Carrier IQ: Which phones are infected, and how to remove it

“Carrier IQ, the carrier-sanctioned keylogger and activity monitor that has been confirmed to exist on Android devices, on AT&T and Sprint networks, has been found in iOS…”
Source: ExtremeTech
http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it

Crooks using Zeus in new Facebook attacks

“A new worm spreading on Facebook is aiming to infect users with the data-stealing Trojan Zeus, security researchers have warned. The worm uses stolen Facebook account details to log in to users’ accounts and spam their contacts, according to researchers at Danish security firm CSIS, which first identified the threat…”
Source: SC Magazine
http://www.scmagazineus.com/crooks-using-zeus-in-new-facebook-attacks/article/217904/?DCMP=EMC-SCUS_Newswire

Zone: Cool Products and Other Stuff

We are always looking for some hot stuff to share with our readers and maybe you
are too. Hit us back at: feedback@vipresecuritynews.com.

The Future of Computing

A special issue of Science Times on Tuesday “takes a many-faceted look at a set of technologies that are changing the world in more ways than could ever have been foreseen. Some things are clear already: The world of innovation is undergoing tectonic shifts, and the future is likely to look less like Silicon Valley, more like China and Africa. Beyond that? As Theodor Holm Nelson points out in the essay that concludes the issue, we are definitely headed somewhere: ‘A wall? A cliff? A new dawn? We must choose wisely, as if we could.’”
Source: The New York Times
http://www.nytimes.com/science

Earth from Space in HD

“The Best HD View of Earth from Space Ever: Stunning time lapse sequences taken by the crew of ISS Expedition 28 & 29…”
Source: Flixxy.com
http://www.flixxy.com/the-best-hd-view-of-earth-from-space-ever.htm

Proximity Flying

“You know you’re pushing the limits of wingsuit flying when you can shake hands with your own shadow. One of the best proximity flying footage ever!”
Source: Flixxy.com
http://www.flixxy.com/proximity-flying-2011.htm

Dog Christmas Tree Decoration

A fun video of dogs decorating a Christmas tree
Source: Flixxy.com
http://www.flixxy.com/dogs-christmas-tree-decoration.htm

12 Things You Didn’t Know Facebook Could Do

“The designers and engineers who build Facebook are anything but complacent about their success. They face a constant threat from the career-centric LinkedIn, specialized upstarts like Instagram’s mobile photo network and now Google’s fast-growing Google+, an attempt to improve on Facebook’s core design that has picked up tens of millions of users in its first few weeks…”
Source: The New York Times
http://www.nytimes.com/2011/12/01/technology/personaltech/12-things-you-didnt-know-facebook-could-do.html?_r=1