NonSuch Security Blog

Beware of Internet Images!

2011-04-16T12:59:00.000-07:00

While viewing or attempting to view an image hosted on a webpage a box may pop up, masquerading as a helpful warning from your computer's Security Center or from an anti-virus, informing you that your computer has been infected with a long list of trojans and other assorted malware, and instructing you to let it start a scan and remove these malicious threats.

DON'T DO IT!!!

That pop-up box has NOT been generated by your operating system's Security Center, nor your anti-virus, nor did it come from any other friendly source. As a matter of fact, it's not any sort of anti-malware scanner at all! What is it? It's malware, and it's asking you for permission to infect your computer.

Believe nothing it tells you. Everything that's shown in that box is a lie. The pop-up's sole objective is to panic you into clicking anywhere on that box... anywhere at all... because anyplace you click on that box will permit the malware to load itself on your computer. You don't have to tell it to scan in order to get infected; you can click "no" or "exit" or click on the "X" to close the box... it doesn't matter. Anything you select, anywhere you click, the malware will load. So, whatever you do, don't let it trick you into clicking anywhere on that box!

So, you're stuck, and you can't click anywhere for fear of unleashing malware. What to do? Use the keyboard combination Alt F4 to get the heck out of there! It will shut down your browser and that nasty little box as well.

Next, it would be prudent to do a full scan with your anti-virus and with an anti-spyware application such as Malwarebyes, just to verify that nothing is lurking on your system.

If you're reading this too late, because you already clicked on that nasty little box, then register on a free help site, such as MalWareRemoval and follow the instructions for posting a log for your machine, then wait for a helper to assist you.

Be patient, don't try experimenting with fixes on your own while you're waiting as that may only complicate the issue and make removal of the malware even more difficult.

Are you still using Internet Explorer 6?

2010-12-29T00:44:00.000-08:00

You could be rolling out a red carpet invitation to malware if you're continuing to use Internet Explorer 6.

Internet Explorer 6 was released in 2001. IE6 was a big improvement over IE5, but it was never regarded as a highly secure browser. Over time, its exploitation by malware writers has become almost legendary, while web developers have long decried the difficulty of creating websites that are compatible with IE6 without degrading the experience of users who are utilizing more modern browsers.

Many computer users have switched over to alternate browsers for their primary web surfing needs; however, there are some sites that may not render properly in those browsers, and that's when Internet Explorer is useful, even if it's not your primary browser of choice. Therefore, even if Internet Explorer is not your primary browser, it's very likely to be your secondary browser. As such, you should be using the most secure version of Internet Explorer available, and that version isn't IE6.

Vista came with IE7 and Windows 7 with IE8, and now Internet Explorer 9 has been released to excellent reviews, so much better choices than IE6 are available. Unfortunately, many XP users, for some unknown reason, still cling to IE6... even some users who have updated XP to Service Pack 3 are still slogging along with IE6, perhaps because it came with Windows XP or perhaps because they just don't realize the dangers inherent in using this obsolete browser. Although XP users cannot upgrade to IE9, they certainly can and should install IE8.

Recently, Google started phasing out support for IE6 for their various services, including YouTube. A vulnerability in IE6 was exploited by hackers who used it to launch a cyberattack against Google and other companies. Governments in China, France, Germany, and other countries as well, have advised users to move from IE6 to a more secure browser.

Microsoft will continue to support IE6 on XP computers with SP3 installed. However, there are plenty of hackers and malware writers who will view IE6 users as easy prey and will therefore continue to search for and take advantage of the vulnerabilities in this obsolete browser.

Remember, Microsoft has made better and more secure browsers available for your use, so take advantage of their availability and use them: If your operating system is Windows XP, then IE8 should be your Internet Explorer choice. If your operating system is Vista or Windows 7, you should install IE9.

http://en.wikipedia.org/wiki/Internet_Explorer_6

http://news.cnet.com/8301-30684_3-10444574-265.html

http://www.tomshardware.com/news/Google-IE6-Browser-YouTube-Support,9737.html

Surf smart.

Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

Attention XP and Vista Users!

2010-04-09T12:40:00.000-07:00

WARNING!!!

If you are running a version of Windows that will soon be unsupported, you need to be aware that once an operating system is no longer supported there will be no further Microsoft Updates issued for that operating system. If you are running XP SP2, or running Vista with no Service Packs installed, be forewarned that those unpatched operating systems will soon become prime targets for malware infestations unless you take steps to bring them up to date by installing the required Service Pack for your system.

What Does End of Support Mean?

Support for Windows Vista without any service packs will end on April 13, 2010. To continue support, make sure you've installed Windows Vista SP2.

Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010. To continue support, make sure you've installed Windows XP Service Pack 3 (SP3).

IMPORTANT: The above mentioned Service Packs should only be installed on a malware free computer.

NOTE: 64 bit Windows XP SP2 will still receive security updates as there is no SP3 for 64 bit XP.

Support for Windows XP SP1 ended on October 10, 2006.

So, if you haven't updated to the latest available Service Pack for your operating system, DO IT NOW!

Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

So, how's your antivirus doing?

2010-01-30T19:52:00.000-08:00

If your antivirus is outdated and/or your subscription to virus definition updates has expired, do not make the mistake of thinking that as long as the antivirus product's icon is showing up in your system tray your computer is protected, nor should you lull yourself into thinking all is well because you scan your computer regularly with your outdated/expired antivirus.

Some people manage to convince themselves that they don't need an antivirus because they're "careful." They don't go to "bad" sites. They never open an e-mail attachment unless they know the person who sent it, and so on. Well, sorry... although those are all good practices, none of those things are enough to keep you safe without the use of a good antivirus. Every system needs an antivirus... an active antivirus. If you are running the same antivirus product that came with your three-year-old computer when it was brand new, and the subscription for virus definitions expired ages ago, you need to take action, NOW!

There are good paid antivirus products on the market and several free ones as well. I would advise that before you make your final selection you search the internet for reviews and opinions by everyday users of the various products. Paid ads are meaningless when making such selections.

You should also install a good antimalware product... one that can catch the things that an antivirus may not be designed to catch, such as spyware, adware, and various trojans. While a computer virus is malware that can copy itself and infect a computer without the permission or knowledge of the owner, trojans, just like the one in the Trojan War for which they are named, do not just come barging into your computer with a full frontal attack, they instead trick you into opening your gates and bringing them inside. Once inside, they do their dirty work.

New malware infections are discovered every hour of every day. Antivirus companies write "definitions" (like vaccine) for those infections as quickly as possible; however, it is understandably extremely difficult to create a definition to stop an infection that has not yet been created. Many antivirus developers try to do this to a certain degree by using heuristics, whereby the antivirus product looks for certain "earmarks" and, if found, may sound an alert and/or quarantine the suspicious file. It is not advisable to make these heuristics overly sensitive, lest they begin to erroneously identify good files as bad files.

It is important that we do not regard our antivirus and/or antimalware products as bullet-proof protection against any and all malware, as that only serves to give us a false feeling of security and makes us much more vulnerable to malware attacks. There is no antivirus, nor security suite, nor antimalware product that can protect us against the biggest danger faced by any computer... the person sitting in front of the keyboard. We must, therefore, be ever vigilant.

If you have a preference for a particular antivirus product, then use that one. Personally, I like an antivirus that is not bloated and has a small "footprint." If an antivirus slows my computer down, or is too intrusive, then that one is not for me. Use the one you like, but whichever one you choose, no matter how good it is, it will immediately become useless if its definitions are not kept up to date, so the subscription must never be allowed to elapse.

Surf safely.

Let's backup that data!

2010-01-30T16:59:00.000-08:00

So, are you backing up your data? No? Why not? It's not really that hard to do and it can save you a world of misery.

Why do you need to back up your data? Well, it's because sooner or later some calamity will befall your computer and your data may be lost, corrupted, compromised, or just plain unavailable. There can be a number of reasons for this... perhaps you have a hardware failure, e.g., your hard drive dies. Maybe your operating system becomes corrupted, or your files cannot be accessed due to malware taking over your computer. Regardless of the reason, the outcome will be much happier if you have been backing up your data on a regular basis. If all else is lost, but you still have your data, it can easily be restored to a freshly formatted drive, a new hard drive, or even a new computer if it comes to that.

What's the best way to back up your data? That depends... you have to decide what method works best for you, and what suits your wallet as well.

Online Storage works well for those whose data is subject to frequent changes... you're always editing it or adding to it. Services, such as Carbonite and Mozy for example, can provide you with ample storage and automated backup and restore capability for a relatively low cost.

Network Attached Storage, or NAS, is something you may want to consider if you have multiple computers that require backing up. A NAS drive has a processor and will also have its own operating system. This device will allow all your computers to backup their data as well as share their data. It can also be set to perform automatic backups, which is a big plus.

An External Hard Drive may meet your needs if your data does not change frequently and/or you do not have the need to backup data from multiple computers. An external hard drive can simply be connected to a USB port on your computer and you can add your files to it as often as needed.

CD, DVD, or USB Flash Drive storage is adequate for smaller amounts of data. It's a simple matter to just drag and drop your files to the CD, DVD, or USB Flash Drive. This is a quick way to handle small amounts of data but isn't practical if you have gigabytes of frequently changing data.

Decide which method is the best one for you... or you may want to use a combination of methods. Whatever you decide, just make sure that it's something that's easy and convenient for you to use. The best backup media in the world will be completely useless if it's not the one that's right for you.

Remember, if you can't or won't use it, it's a poor investment.

Let's speak of shoes and ships and sealing wax, cabbages and kings... and Service Packs too!

2009-01-12T17:19:00.001-08:00

Service Packs, Service Packs... it seems like every Operating System and every iteration of Office has them. Why does it seem that way? Well, it's because they do... that's why.

Why Service Packs?

Contrary to what some may think, Service Packs are not created by evil gnomes, with the goal in mind of messing up our systems and making our lives a hell on earth. No, indeed... Service Packs can be magnificent beasts, packed full of tweaks, updates and fixes for your Operating System or other applications. However, for our purposes, we're addressing Operating System Service Packs and Office Service Packs.

First, a caveat or two...

Housekeeping: When is the last time you got rid of all the accumulated flotsam, jetsam and dreck that can clog up a hard drive and slow it down? No, I'm not talking about dust bunnies... I'm talking about all the temporary files, ancient logs, unused files, folders, and sundry other stuff. It's a good idea to get rid of the garbage before installing your shiny new Service Pack. You'll be glad you did.

Although you can rid your system of a lot of this stuff by going to > Start > Run and typing in "cleanmgr" (without the quotes) and selecting the categories you want to clear out, there's a nifty little program called CCleaner that does a faster and, in my opinion, a much more thorough cleaning job. The program is very easy to use and works on Windows 2000, XP, and Vista as well as older Microsoft Operating Systems.

Although CCleaner is offered free, donations, even small ones, are welcomed.

http://www.ccleaner.com/

After you've cleaned out the junk, it's time to defragment your hard drive. If you have Vista, it will automatically defrag itself on a regular basis. However, if you're using Windows XP, you'll need to see to this task yourself. If you haven't defragmented your hard drive in a long time, or maybe even never, it may take a number of hours to get the job done, but it will pay dividends in computer performance, so it's well worth doing. Just go to > Start > All Programs > Accessories > System Tools > Defragment. Again, if this is something that hasn't been done in a long time, be prepared for it to take a long time, and don't try to use your computer while it's being defragmented as that will only slow down the process.

Check for the latest news about the Service Pack you are about to download. You will want to do this in order to see if there are warnings regarding your particular computer model and the Service Pack. Sometimes, a particular brand of computer will not play well with the latest Service Pack and there may be a workaround that will allow you to address the issue that is causing the problem. XP's Service Pack 3 encountered such an issue when installed on some HP computers with AMD processors. Microsoft MVP, Jesper Johansson, has put together a very informative and helpful article on XP SP3 issues:

https://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx

Here's a Microsoft article about things you should know before installing XP's Service Pack 3:

http://support.microsoft.com/kb/950717

There's also an article about things you should know before installing Vista's Service Pack 1:

http://technet.microsoft.com/en-us/library/bb968859.aspx

If you've checked, and there are no known issues with installing the appropriate Service Pack on your computer, and you've cleared out the junk and defragmented your hard drive, download the Service Pack. Before allowing it to install, disconnect from the Internet and disable your anti-virus, any third-party firewall, and all anti-spyware software.

Install the Service Pack. Reboot. After everything has loaded, reboot again. Before reconnecting to the internet, make sure that your anti-virus, firewall, and all anti-spyware software are functioning.

Keep your system well maintained and updated, you'll be glad you did.

--
Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

The Irresistible Cuteness of Wallpapers and Screen Savers - sigh

2008-12-28T21:11:00.001-08:00

It's such a temptation when we see some of the wallpapers and screen savers that are geared for the holidays. It doesn't matter much which holiday it is... Valentine's Day, St. Patrick's Day, Independence Day... but the Christmas wallpapers and screen savers are the ones that are really, really enticing.

Normally, I can resist this sort of stuff because, like sweets, I know they aren't really good for me or my computer. But, this last Christmas season was particularly difficult. I have never seen so many tempting wallpapers and screen savers. I was passing by a colleague's desk one morning and saw that he had this really great animated Christmas wallpaper. The smoke was curling out of the chimney, snow was on the ground, and bunnies, deer and birds were frolicking in that winter wonderland. It was lovely. I expected carolers to come 'round the corner of the beautiful country home at any moment. Each time I had to pass his desk, that wallpaper called out to me. Finally, I asked my colleague where he had found his holiday wallpaper, and he gave me the address of the website. I jotted it down and decided I'd take a look at home that evening.

Well, I keep my home computers locked down pretty securely, and one of the things I use for security is the MVPS Hosts file, which keeps known bad sites from loading. When I tried to access the website in question, my Hosts file blocked it. That was a big "Ooops!" Things weren't looking too promising for my adorable holiday wallpaper at that moment.

Determined not to be so easily deterred, I decided to look around for another wallpaper site. Surely, I reasoned, there had to be a site that had wallpaper that was both adorable and safe. Right? Sure there was... I found exactly what I wanted on what looked to be a clean website, downloaded it, and then I started to install it. At that point, my trusty anti-virus, NOD32, reared up and said, "Oh, no you don't!" and promptly quarantined the installer file. Ooops! again. Two "ooops!" in one day were just too much for me. I decided I could live without the adorable holiday wallpaper. I didn't need it enough to risk infecting my computer.

The next day, I noticed that a number of people had my colleague's holiday wallpaper on their computers. Apparently, my colleague had been generous in sharing the bounty of his discovery. That was the last day before Christmas vacation. Oh well, at least by the time I returned, I reasoned, the holiday wallpaper should be long gone and I could stop obsessing about it.

I was right. The wallpaper was gone on my return. What wasn't gone were the unpleasant things that came along with the wallpaper. It seems those computers that were running the adorable holiday wallpaper were not equipped with a Hosts file nor protected by an anti-virus as strong-willed as mine. To make a long story short, for two or three days, there was a lot of computer clean-up going on.

There's a lesson here... although cuteness is often very tempting, it's important to keep in mind that cuteness may be masking something very ugly. Malware vendors discovered quite some time ago that they can get the public to click on or install just about anything as long as it's cute enough, like dancing pigs and flying monkeys. But cute just doesn't do it for me... not unless it's both clean and cute.

You can learn more about the MVPS Host file here:

http://www.mvps.org/winhelp2002/hosts.htm

--
Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

The Importance of Installing Security Updates

2008-10-19T12:31:00.001-07:00

Is Your Windows Operating System Secure?

If your computer is using an operating system that is no longer supported, such as Windows 95, 98, or ME, updates are no longer being provided, and you should strongly consider the value of installing a more current operating system if your computer can support it. If you are using Windows XP and you do not have Service Pack 3 installed, updates are no longer being provided for your system, and you are urgently in need of installing Service Pack 3 so you can install those needed updates. If your operating system is Windows Vista, Service Pack 2 is now available, although not yet required for obtaining other updates; however, Service Pack 1 is required. (Be aware that support for Windows Vista Service Pack 1 (SP1) will end on July 12, 2011. To continue support, make sure you've installed Windows Vista Service Pack 2 (SP2).

If your computer is running an operating system that can no longer be updated, and you are accessing the Internet with that computer, it will become infected. Infection is inevitable unless you upgrade and/or update your operating system so that it is able to receive important security updates. Those updates will help secure your computer against the vulnerabilities inherent in an unpatched operating system.

It does not matter how careful you are. It doesn't matter that you never open e-mail attachments.   It doesn't matter that you use a good firewall, antivirus and anti-spyware. It does not matter if you sprinkle yourself with chicken blood and chant naked by moonlight. If your operating system is unpatched, sooner or later it will become infected.

If you have an operating system for which security updates are available but you're not taking advantage of the availability of these updates, you need to remedy that situation as quickly as possible. Go to the Microsoft Update site and download and install all critical updates. If you haven't been updating, this may take quite some time, but it's time well spent.

For Windows XP Users:

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Windows Update or Microsoft Update?

Note that the above link is for Microsoft Update rather than Windows Update. Although obtaining your updates from Windows Update will provide you with the updates for your operating system, it will not offer you updates for other Microsoft software such as Microsoft Office. Microsoft Update will. Microsoft Update will offer you updates for more than your operating system. If your system has Microsoft Office components installed (Excel, Word, Outlook for example) when you scan for updates, you will also be offered the available updates for those products. There is an exception, however. If you are running an older version of Office, e.g., Office 2000 or older, you will need to go directly to the Office Update site to scan for updates for those products.

Once you have verified that your system is ready and capable of receiving updates, set it to do this automatically. Just go to your computer's Control Panel, open the Windows Security Center and verify that Automatic Updates is turned on and set to receive and install all future updates.

For Windows Vista and Windows 7 Users:

Go to Start, Control Panel, then click on the Windows Update icon to open the applet. From the menu in the left-hand panel, select "Install all updates automatically (recommended)." All the boxes should be checked but the last one, which is optional. When finished, select "OK" to approve your new settings.

What about other updates?

OK, when is the last time you updated Java, Adobe Reader, QuickTime or any of the many other applications that are probably installed on your system? If the answer isn't that you're 100% certain that all your applications are updated and secure, then please use the link below to access the Secunia Software Inspector for a free scan that will tell you if your applications are in need of an update.   No, they won't try to sell you something or sneak something onto your system that you don't want, and they're not going to put you on a mailing list and send you SPAM.

Why update? Where once you only had to be concerned about opening an e-mail attachment, visiting a bad web site, or clicking on a link, it is now possible to get infected just by visiting a good site that unknowingly has had a bad Java applet planted that is now running and infecting visitors to that site who are using a vulnerable version of Sun Java.

Unless you're 100% certain that all your applications are updated and secure, use the link below to access the Secunia Software Inspector for a free scan that will tell you if your applications are in need of an update.   It doesn't cover everything, but it does cover a lot.

Secunia Software Inspector:

http://secunia.com/vulnerability_scanning/online/

The Secunia Software Inspector (online scanner version requires Java) covers the most common/popular end user applications:

Internet browsers
Internet browser plugins
Instant messaging clients
Email clients
Media players
Operating systems

It's a good thing.

--
Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

Vista

2008-10-10T19:48:00.001-07:00

Vista... love it or hate it?

Change is difficult. We all like shiny new things, but we also like the familiarity of things we've grown used to having around us. We like that sameness that allows us to perform a task quickly and efficiently because we know exactly where everything is and just what we need to do with it... and then along comes a shiny new operating system! It's pretty, and has lots of "eye candy," but it's not familiar. It upsets our apple cart. Things have been changed somewhat, and we don't like change, do we? We want everything to be nice and new, but at the same time we want it all to be in the same familiar place. That's human nature, after all.

Beta testing is different... it's a fun thing... kind of like a test driving a new car. A test drive doesn't mean you're going to buy it, you're just trying it out. Actually switching over to a new operating system is serious stuff. It's not just a test drive anymore... it's a real commitment.

At the time Vista made it's debut, I was in no particular rush to switch to a new operating system. My two desktop computers were doing just fine with XP Pro, so I felt there was plenty of time before I would need to think about a switch... at least that's what I thought. However, as fate would have it, my XP Media Center laptop determined otherwise. The display kept going blank and so my laptop was sent out for repair. After I got it back, it worked fine for a few days and then the display went blank again. The machine was still under warranty, and I was offered an upgraded replacement... complete with Windows Vista. I took it.

Well, I admit it took a bit of time to get used to the different way some things are presented in Vista; however, in the long run, I've found the layout to be more intuitive than in Windows XP. I've also found that Vista is far better at finding and fetching new device drivers than XP, and setting up and/or networking a new Vista compatible printer is a snap. Also, I was pleasantly surprised to find that I could install and network our old HP Officejet printer that originally was purchased for and used with a Windows 98 machine. I have also found that I have more and better management control with Vista than I do with XP Pro.

Vista has many features, far too many to mention here, so I'll just list a few of my fun favorites. Some of the built-in features I enjoy in Vista that are not available in XP are the Snipping Tool, Sidebar, Dreamscene wallpaper (Ultimate only) and the built-in calendar.

The Snipping Tool is a handy tool that makes quick and easy work of screen shots and also has highlighting and drawings tools.

The Sidebar is a handy place for a vast array of gadgets or just keeping up with newsfeeds.

Dreamscene (Vista Ultimate only) is just amazing if you're into animated wallpaper, such as cascading waterfalls surrounded by an abundance of trees with their branches and leaves waving in the breeze. I really like this fun feature.

The calendar is convenient and readily accessible. Not everyone uses an e-mail program that comes with a calendar. Even if you do, there may be some things you'd prefer to keep separate from your usual calendar. This will do it.

Vista is a more secure, more powerful operating system than Windows XP. It requires more RAM and a good video card. (I recommend 2 gigabytes of RAM for Home Premium and Ultimate versions). Don't buy a $300.00 machine with 512 megabytes of RAM and expect it to run Vista Home Premium or Ultimate well, because it can't... and you won't be happy with it. Don't assume that a poorly appointed, cheap machine is going to work just fine for you because, "The computer manufacturer wouldn't have built it that way if it wouldn't work right." Unfortunately, that's not true. Supply and demand often create a market for substandard devices. Save yourself a bucket of headaches by first deciding which features are a must-have for you, then you can select the Vista version that will best suit your needs. After doing that, you'll be better equipped to evaluate and determine the kind of hardware you need to properly support that version and its features.

The bottom line is, I have found that many Vista complaints are due more to the poor shopping decisions made by the consumer and less to the operating system itself. Many people have purchased substandard systems and many have upgraded XP systems to Vista without first running the Windows Vista Upgrade Advisor.

Do yourself a favor, be a smart informed shopper and you'll be a happy computer owner.

--
Jane Edwards, MS-MVP
Consumer Security 2006 - 2011

NonSuch Security Blog

Beware of Internet Images!

Are you still using Internet Explorer 6?

Attention XP and Vista Users!

So, how's your antivirus doing?

Let's backup that data!

Let's speak of shoes and ships and sealing wax, cabbages and kings... and Service Packs too!

The Irresistible Cuteness of Wallpapers and Screen Savers - *sigh*

The Importance of Installing Security Updates

Vista

The Irresistible Cuteness of Wallpapers and Screen Savers - sigh