Beware of UnVirex, Fake Antivirus

A new, fake antivirus is making it’s rounds; most of the time, this rogue anti-spyware is advertised as a video codec on various questionable websites or from UnVirex’s own website – unvirex.com. If installed, this program will claim that it has detected malware and will provide a list of infections. This action is done to trick the user into thinking that their computer has been truly compromised. When one clicks the button to remove the threats, the user is then prompted to pay for the full version of the software.

Antivirus company Sophos has more information (including screenshots) available by visiting http://www.sophos.com/blogs/sophoslabs/v/post/4850

Microsft To Release Free Antivirus Software

According to Reuters news service, Microsoft will be soon unveiling their free antivirus program called Morro.

The Morro program is essentially a stripped-down version of their Live OneCare product that proved to be a commercial flop competing against other companies such as Symantec and McAfee.

Both Syamntec and McAfee don’t see Microsoft’s entry into the field with a free product as a threat because several free antivirus products are already readily available, including: Avast!, ClamWin, and the very popular AVG which is made by Grisoft.

Source: Reuters

Having Ones Head (And Data) In The Cloud

During the 1960’s and 1970’s, the cost of having a mainframe at one’s office was out of reach for most companies so many rented processing time on another’s computer. As machines became more affordable and smaller, they replaced the mainframe as the method for office computing.

Many large technology companies such as Microsoft, Amazon, and Google are leveraging their massive computing power and infrastructure and are offering the next generation of software titles not as an application that is installed on a workstation, rather, as a service accessed through the Internet. This ’software as a service’ concept has been around for some time now and you yourself may have used it unknowingly; a good example would be Google Docs or perhaps Zoho’s Productivity and Collaboration applications. There are numerous software as a service programs available via the Internet that offer subscriptions to use their services, one of my personal favorites being Picnik photo editing; this service eliminates the need for installing or saving anything on ones computer, rather, they allow you to upload the images, make the changes, and then save or publish the photos.

A term that has been receiving a lot of traction in the press is ‘cloud computing’, but what is it?

The term ‘cloud’ is nothing more than a metaphor for the Internet, so cloud computing can be explained that a client machine will connect, over the Internet, to one or more remote computers and use their data-processing and computational abilities. An excellent example of cloud computing would be Amazon Web Services for hosting various server configurations that normally would be too expensive or too technical to set up.

Do you have a MySpace or Facebook account? If so, you’ve experienced cloud computing first hand because you have probably uploaded your pictures or perhaps video to their servers for them to host and utilized their infrastructure.

There are numerous advantages to using cloud computing: cost of software, cost of infrastructure, and disaster recovery being some of these. There is one obvious downside to utilizing it; using anything over the Internet means that you have a single point of failure, so if your connectivity is interrupted, your access to the service is null. Another concern that business owners have is protecting their content from prying eyes, but mostly all companies offering their services also have encryption strategies already in place.

Could cloud computing render the personal computer obsolete? Not likely. Until the United States brings their Internet infrastructure on the level with the rest of the world, I don’t see it happening anytime soon. The average broadband bandwidth connection in the U.S. is 1.5 Mbps whereas Japan has speeds at 70Mbps with France announcing plans to offer satellite-based services that could reach speeds of 10 Gpbs.

Time will surely tell with this subject but one must conclude that it’s exciting and it appears that small businesses can now compete on levels that, up until a few years ago, were only obtainable by spending millions of dollars.

Computer-Related Injuries More Prevelant Than You May Think

In a recent article from BBC News, home-based computer-related injuries have increased seven-fold in the years 1994-2006, with children making up a large portion of those with injuries. According to the American Journal of Preventive Medicine, the injury rate went up 732% percent during the 13-year period which is roughly double that of household computer ownership.

Children under five showed the highest injury rate which encompassed trips and falls because of cables, to head injuries due to falling monitors. In one case, a 6-year old boy was badly burned when he spilled a drink on the computer in 1998.

One should always think about how the child using the computer is seated in front of it; keep cables neatly tucked away from kicking feet and be sure to instruct children to be careful with pushing away from the machine since this is often the reason for computers to become unstable and fall, potentially causing serious injury.

Source: BBC News

Maybe It Wasn’t Your Fault

Being a computer professional and dealing with the public at large, not a day goes by when I happen upon an end-user with a serious malware infection. The same scenario always seems to manifest itself, day-in, day-out, and it goes like this:

End-user: “I don’t know what I did. I haven’t been on any suspicious sites.”

Me: “You probably typed something in wrong. Just lay off the porn sites, OK?”

In reality, the joke was at the end-user’s expense because it makes them feel a little better and, truth be told, they may be totally innocent.

Today, infected emails have been overtaken by more sophisticated means of delivery of malicious software (malware for short) through numerous means. Legitimate sites are being compromised and misused to either host malicious code or to link to a website that carries such code. Video banners that are placed into advertisement networks may not be what they seem; once displayed on legitimate websites, they refer a user unsuspectingly to an infected site hosting malware. And then there is the method I discussed in an earlier post of how certain keywords or search terms may lead one to a website that contain malicious code. Some malware writers will even erect look-alike web pages that masquerade themselves as a completely legitimate site, but once visited, it drops its payload of infectious software.

As for the “porn” joke? Well, many sites hosting pornography will use the “missing video codec” to trick users into believing that a film will play once the codec is installed on their machine. These types of attacks are known as “drive-by infections” because it installs malware silently and with little to no interaction from the user.

Malware writers also employ a myriad of other methods of infection ranging from exploiting Microsoft ActiveX controls to using programs such as Adobe Acrobat to launch an infected PDF which allows them to potentially take control of your system from time-to-time. Then, there is also the numerous web browser plug-ins that can be exploited in various ways.

One of the more complex exploits is known as Cross-Site Scripting which is a vulnerability that allows script code from a hostile site to be executed inside the context of another trusted site, this allows logon credentials to be stolen by the hostile site. An exploit that is becoming more common all the time is a remote injection of script code into the response of a web server, allowing the attacker to compromise the site.

The good news is that the major browsers (IE, Firefox, and Safari) are actively patching their code to guard against these types of attacks. The way one can stay safe while browsing the web is to be sure that their browser is up-to-date and that all security patches have been applied to their operating system.

June Patch Tuesday

Microsoft will deliver ten patches next Tuesday. Six of them are rated as critical.

One of the most serious flaws affects Internet Explorer 8.

Updated versions of Malicious Software Removal Tool and Windows Mail Junk Filter will also be released.

The article at Information Week also mentions that Adobe will release updates for Reader and Acrobat during the same day. These updates are for versions 7.x, 8.x, and 9.x. Adobe promised to release quarterly security updates and this batch will be the first.

Source: Information Week

The Internet’s Most Dangerous Keywords

McAfee software has just released a report outlining the Internet’s most dangerous search terms or “keywords“. According to the report, the following keywords that are commonly searched in the United States, tend to be the riskiest:

Top 10 search terms

• word unscrambler
• lyrics
• myspace
• free music downloads
• phelps, weber-gale, jones and lezak win 4×100m relay
• free music
• game cheats
• printable fill in puzzles
• free ringtones
• solitaire

As you can see, scammers use popular culture phrases or news to lure in unsuspecting web surfers. By the time this report was ready and went to press, I can guarantee that the scammers are already on to the next news cycle or cultural meme.

An interesting find in the report was how “Work from home” was an especially risky search term catagory. According to the report, the top 5 riskiest keyword variations were:

• free work from home
• work from home for free
• work from home free
• work from home ideas
• free work from home jobs

Experienced computer experts have known for some time that free screensavers have always been problematic, especially those who feature popular television or film stars. These free screensavers often include other software that can install malicious programs (malware). This particular issue had become so serious that even Microsoft filed suit against a company offering celebrity screensavers, alleging that the program was distributing spyware:

Many of these programs are presented as screen savers showing pictures of well-known celebrities such as Jessica Simpson. However, defendants’ programs included much more than pretty pictures. Once installed, the software would ‘call home’ and surrepticiously download numerous other programs that bombard users with unwanted pop-up advertisements, track users’ Internet activity, redirect their Internet browsers to unwanted pages, add icons to the Microsoft Windows desktop, and change the users’ Windows Registry settings. Microsoft alleges that these programs were downloaded and installed without appropiate notice to or consent from users. Notably, defendants’ software installs even if users try to stop installation by choosing the appropiate options.

Source: McAfee

Protect Your Wireless Network

What I’m about to show you should bother you.

http://www.phenoelit-us.org/dpl/dpl.html

The site I’ve linked to contains the default passwords for wireless routers ranging from 3COM to Zywel. Don’t worry, those of you who use Netgear, Belkin or Linksys, these wireless routers are included as well, so don’t feel left out. If left unchanged, a person sitting outside your bedroom or house can not only gain access to your wireless network, they may be able to connect to your computer and possibly steal information or worse, they could use your network to launch a virus, or DoS (Denial of Service) attack–seemingly out of thin air.

There are hackers who drive around searching for unsecured wireless connections who are also known as “war-drivers” with the sole intention of stealing your information or taking control of your network. This can amount to quite a large problem for those who haven’t taken the proper steps to secure their networks.

I won’t mix words, war-driving tools are freely available on the Internet and can be readily downloaded. Take for example one of the more popular security tools like Kismet; this program is a wireless network detector, packet sniffer, and intrusion detection system. It is able to capture data out of thin air (via wireless), analyze, and possibly de-cloak hidden networks.

You’re probably saying to yourself, “What can I do to protect myself and my network?”

The Basics

• Turn off your wireless network when your not home–if it’s not on, they cannot connect to it.
• Change the administrator’s password on the router–as I showed you above, there are websites who keep a database of manufacturer’s default passwords. As a rule of thumb, your password should contain characters, numbers, and letters.
• Change the identifier on your router–a brand new router from Linksys will have the default identifier as ‘linksys’; not only are you broadcasting to everyone what kind of router you own, you are also letting the bad guys know that it isn’t locked down.
• Make sure you have a firewall–while most routers claim they use SPI (stateful packet inspection), I suggest that you get yourself a true firewall that scans connections both incoming and outgoing. A good, FREE firewall to get would be Zone Alarm 2009.
• Set up encryption–you can set up a password that will only allow users who know the password to use it. These passwords are scrambled (encrypted) so that any nefarious character who tries to intercept your connection can’t read the information. It’s best to use WPA or WPA2-type encryption since it’s been highly publicized that WEP has been broken, but it’s actually up to the manufacturer of your wireless card on which encryption it supports.

Advanced Tips

• Allow only specific computers to access your wireless network–one way to protect your computers is to restrict access based upon your MAC (media access control) address; this is more time intensive but it may be worth the extra step. Be warned though, some hackers are able to mimic MAC addresses so don’t rely on only this solution presented.
• Disable ID broadcasting–it was mentioned earlier that you should change the identifier (known as an SSID) on your router but it’s better to change this and then turn it off so that hackers will have a harder time trying to find your network. It should be known that programs such as Kismet can decloak a ‘hidden’ identifier.
• Check for wireless intruders–you should perform periodic scans for klingons (that’s a joke) or those who may be attached to your network.

If all of these suggestions are followed, you will greatly reduce the risk of someone trying to war-drive your network. If a hacker has to hunt for information because you’ve followed these instructions, they may just go and attack someone they can find.

Microsoft Announces Windows 7 Release Date

Microsoft announced today that their next version of the Windows operating system, named Windows 7, will be available on October 22nd. Like the previous versions of Windows (e.g. XP and Vista), Microsoft will be offering the chance for an upgrade from Vista to Windows 7 if one were to purchase a PC.

In related news, Microsoft will be ending the licensing for Windows XP for Direct OEM (Original Equipment Manufacturer) and Retail License come June 30, 2008.

More information can be found here.

Windows 7–What you need to know

Windows 7 is right around the corner, so here are some things you should know about the next Microsoft operating system:

Licensing

• Just like its predecessor Vista, Windows 7 comes in several different flavors.

Application Compatibility

• Vista had quite a number of compatibility issues and Microsoft is looking to fix this with virtualization technology called ‘XP Mode’. If you have the Professional, Ultimate, or Enterprise version of the operating system, you will have a virtualized instance of XP. In order to run this, you will need to have a CPU and BIOS that supports hardware virtualization extensions.

System Protection

• One of the main complaints from end-users about Vista was the annoying prompts that followed every action. Windows 7 User Access Control will allow you to control these prompts.

Encryption

• I mentioned in a previous post about hard drive encryption using TrueCrypt; well, Microsoft will make their BitLocker technology available to those purchasing either the Enterprise or Ultimate versions and will introduce an additional program called BitLocker To-Go which can be used for encrypting USB flash drive or USB-based external hard drives.

Integration With Server

• Businesses can benefit greatly by running Windows 2008 R2 and Windows 7. An exciting change will be Direct Access which will replace VPN (virtual private network) technology. The downside is that R2 is a 64-bit only release so a new server will definitely have to be in place.

Direct Access

• Utilizing IPv6, Direct Access allows an ‘always on’ connection to your internal network. This will greatly benefit those who connect remotely from home or on the road. It also allows for connections from behind a firewall. This will be available to those using Ultimate or Enterprise versions of Windows 7.

MDOP

• This is an optional, for-pay add-on for Enterprise customers with Software Assurance. The Microsoft Desktop Optimization Pack adds APP-V application virtualization (see Citrix XenApps), MED-V virtual desktop technology (see VMWare Workstation), a diagnostic and recovery toolset, and advanced Group Policy functionality such as versioning, history, and rollback (see Acronis True Image).

Help Desk Tools

• How many times have you called an Admin and said, “My computer crashed” but when the Admin tried to recreate the issue, they couldn’t? Help Desk Tools allows a user to record a session and then a textual record, along with screen shots of all steps are taken, and then zipped into a single file for analsys.

Enterprise Search Scope

• Easily locate files from servers, SharePoint servers, or Web applications across a domain. Using Group Policy, administrators can pre-populate shortcuts of commonly used resources in users’ Start menu or Windows Explorer.

Predicted Availabilty

• Microsoft has said that Windows 7 will be released “sometime in 2009″ but rumors insist that it looks like late October is when will see the new operating system on store shelves.