What is Scareware?
September 21, 2009
If you’re a PC user chances are you know that you need software to protect you against not only viruses, but a new class of malicious software called “Spyware”. If you’ve been reading our series of articles here at Computer Rooter you know that it’s a scary situation. The potential for fraudulent activity is high if you don’t take precautions to protect yourself online, including stolen credit card numbers, compromised passwords and even identity theft.
Unfortunately the ‘bad guys’ know that you’re worried and they’re preying on that fear. They’ve unleashed a new class of spyware that many are referring to as ‘Scareware.’ Scareware is software that makes you think you’ve been infected or somehow compromised, usually masquerading as legitimate anti-virus or other security software. These malicious pieces of software will try to scare you into purchasing them, or even convincing you to install additional malicious programs. Some of the most common infections we’ve seen are Antivirus2008, XPAntivirus and SpySherrif. None of these are legitimate computer security solutions. Microsoft reports that in the 2nd half of last year that 7 of the top 25 pieces of Spyware were members of this new Scareware category.
So the question becomes one of what can you do to protect yourself? We still strongly recommend that you have a good anti-virus PLUS anti-spyware application. One of our favorites is currently Vipre from sunbelt software, but there are many other worthwhile considerations such as Avast (free to home users), AVG Pro or Webroot. Additionally, it is very important to insure that your computer remains up to date. Make sure have enabled Microsoft’s automatic updates (found in your control panel), and that you manually check for updates on any other software you are using. Many of these ScareWare programs are installed using vulnerabilities present in older application revisions, including older copies of Microsoft Office (such as Office 2000).
What do you do if you suspect you’re already infected? First insure that your anti-virus and anti-spyware are up to date and run a complete scan of your system. You might also download the free Spybot Search and Destroy and run a complete scan with that tool. If you still have problems do a Google search online for the type of behavior you are experiencing (there are many tools that are designed to handle just a handful of infection types and they do a better job at removing the infections than the “all in one” tools). Lastly, call a computer support professional if you have been unsuccessful in remedying the situation on your own.
Protecting Yourself Online, Part 2 – Malicious Emails and Websites
September 15, 2009
Malicious emails and websites can take many forms, but with some basic information you can have a better chance of recognizing/avoiding them.
Malicious Emails often take the form of a “phishing” message, that’s a message where the bad guys are ‘fishing’ for information. Examples include:
1) Emails that appear to come from your paypal account or your bank or any other legitimate account that you may have. They will often ask you to verify your account or that the matter is ‘urgent’. Be on the lookout for any messages that appear to come from a legitmate source but that ask you for personal information (Social Security #, Credit Card #, bank account #, etc..), or send you to a website that asks for personal information. If asked to give personal details, call the institution in question prior to filling out any form or email. Your bank, paypal, ebay, etc… will never ask for personal information via an email.
2) Emails that appear to come from someone you know but seem just a little too vague. Common names first names are often used, or the email might be crafted to appear to come from your boss or colleague. Again, if any personal information is requested, do not provide it.
3) Lookout for misspellings, bad grammar and generic introductions. An example might be “Dear Customer, I am informed that you recently perchased from us. Please fill this form so that we may send you rebate”.
4) A link in the mail is different from the web address you are directed to when you click on it. For example, if a link indicates that you are clicking on it to go to paypal.com, but instead takes you to something entirely different – be suspicious. You can determine the actual address before clicking on the link by hovering your mouse over the link briefly before clicking.
5) If it is too good to be true it typically is. Be wary of emails telling you that you have unclaimed money, that you’ve won the lottery, that provide a link to unlimited free games or software, that offer a heavily discounted mortgage rate or that offer you thousands of dollars to assist in transferring money from an offshore account, etc…
Malicious websites are becoming more and more common. Grisoft research (the makers of the popular AVG Antivirus suite) estimate that 1 in every 1000 websites is currently infected or has malicious intent. They are often used in conjunction with malicious emails as noted above. There are things you can do to avoid them however:
1) Purchase a current antivirus/antispyware application. If you have an antivirus suite from a couple of years ago, chances are it’s not doing enough to protect you. Look at products such as Vipre from Sunbelt Software, or the AVG Internet Security Suite (there are many others but those are 2 of our favorites).
2) Upgrade your browser. User Internet Explorer 8 or Firefox 3. Both have features that are designed to help you avoid malicious websites.
3) Be on the lookout for typos in the domain name. For example if you thought you were visiting www.mybank.net but instead your address bar showed www.mybnk.net, that’s a sure sign that you’re not on the website you thought you were.
If you think you’ve been pray to either a malicious email or website, first contact any institution that might have been referenced (such as your bank or paypal). It’s also a good idea to call a computer professional who can scan your computer with several tools to insure that you are not currently infected. A good technician will also give you further information on how you can avoid these pitfalls in the future.
Protecting Yourself Online, Part 1 – Passwords
September 11, 2009
Going online these days can be a scary thing. With everything we hear about identity theft, spyware, online predators and more you sometimes wonder if there’s really anything you can do to stay safe. Well your internet experience doesn’t have to be one fraught with worry and concern. In this series of short articles we’re going to discuss some basic precautions you can take to keep yourself and your computer safe online.
One of the most fundamental precautions you can take is to create a strong password and to protect it. It is so easy to use a birthdate, a spouse’s name or other easily discovered password that most of us choose to do so without thinking of the implications. Those who are out to steal your confidential information can ‘crack’ a poorly chosen password in a matter of minutes.
Now that the bad guys have your password, they can use it to potentially drain your bank account, open up a new credit card in your name and pose as you in numerous fraudulent online transactions.
The first step to protecting yourself is to choose a STRONG password. The strongest passwords are those that look like random garbage to attackers. You can create a somewhat random looking password and still make it memorable to you.
1) Use a long word or phrase that is easy to remember (the longer the password the better, never less than 8 characters, preferably over 16) (example phrase: I like ice cream).
2) Replace some of the letters with numbers AND special characters (for example replace an e with a 3, or an L with a ‘[’ ). (example: I_[ike_1c3-cr3am).
3) Continue to add complexity by making some of the characters in your password lower case and some upper case. Consider prefacing or suffixing your password with a number or special character. (example:I_[ike_1c3-cr3aM! ).
4) Check your password with one of the many online password strength checking tools such as www.passwordmeter.com. (our sample password above gets an 84%, or VERY STRONG rating)
Now you have a password that’s not that hard to remember, but nearly impossible for an attacker to guess and even harder for them to crack.
Things to avoid when creating a password:
1) Dictionary items. Using a word that is found in the dictionary is easily guessed.
2) Avoid using a single password for all of your accounts.
3) Do not use anything that can be associated with you personally (such as your spouse’s name, your house number (or a previous house #), your logon name, your anniversary, etc…).
Lastly, you need to keep your new password/passwords safe. Here are a few tips:
1) Don’t give your password out to others and never send your password in email or via instant message.
2) Be careful where you store or write down your passwords. Don’t carry them around in your wallet or put them on a sticky note next to your computer.
3) Never use your password on a public computer. For example don’t logon to your bank account at the public library or internet cafe as Keyloggers and other tools can be used to easily steal your password.
Stay tuned for the second article in the series, How to recognize malicious emails and websites.
Spyware. What is it and how can I protect myself?
October 21, 2008
Chances are if you’re reading this that you’ve had your fair share of performance issues and computer problems over time. One of the biggest causes of computer annoyances and problems these days is “spyware”. What is spyware? Spyware (or as it is sometimes referred to, “malware” (malicious software)) is similar to a virus in that it installs itself usually without your knowledge. Its purpose is multi-faceted, but nearly always malicious in intent. It may create unwanted pop-up ads, monitor your internet activity, attempt to coerce you into providing personal information (Social security #, credit card #, etc..), steal your passwords, and on and on. Not only does spyware cause performance issues, crashes, failed programs, etc.. but it can result in something as terrifying as identity theft.
The good news is that you can take steps to avoid spyware infections and prevent what can be a very expensive service call.
1 ) Make sure your computer is behind a firewall. Most home routers these days provide a strong firewall and windows XP/Vista both have built in firewalls. Make sure these are turned on and configured correctly.
2 ) Install an anti-spyware utility. There are MANY options for both virus and spyware protection on the market these days. For those on a budget, we recommend a combination of Microsoft’s Defender and AVG’s antivirus (both free products). For greater protection, look into commercial software such as sunbelt’s Vipre or Webroot’s Spysweeper.
3 ) Promptly install windows update. Microsoft releases updates frequently for windows XP and Vista. Make sure your computer is configured to automatically receive and install these updates.
4 ) Don’t use file sharing software. Peer to Peer file sharing networks are tempting as you will find software, videos and music of all types. However much of the content on these networks is illegal, additionally infected files run rampant on these networks. Avoid these peer to peer networks (such as limewire or morepheus).
5 ) Take precausions on social networking sites such as facebook and myspace. A recent security analysis of facebook ‘apps’ showed the potential for serious, wide spread infections. In addition, numerous worms have been found floating through both facebook and myspace. Don’t download or install anything from these social networks that don’t come from a 100% reliable source.
6 ) Don’t click on pop-up ads. Many popup ads disguise their “close” or “exit” or “no” buttons as software installation buttons. So you may thinking you’re clicking out of an advertisement, but instead you’ve just installed a nasty piece of spyware. If you get a pop-up, don’t click on anything within the window. Instead click on the close button (the small X in the upper right corner of the window).
7 ) Don’t visit adult or piracy sites. Both adult and software piracy website are havens for malware of all sorts.
8 ) Don’t open email from strangers. If you receive an email from someone you don’t know, do not click on any links in the email or open the attachments. Just delete it.
9 ) Watch out for “too good to be true” offers. An email or an ad that promises below market rate mortgages, free software, or anything else that sounds too good to be true probably is. Don’t click on these offers or visit these websites.
10 ) Always read the EULAs (End User License Agreement). When a website or program asks you to install something take the time to browse the agreement that pops up. These are often full of legal mumbo jumbo causing most users to skip them, but they often disclose the inclusion of adware/spyware.
11 ) Use an alternative browser. Most users reading this are probably using Internet Explorer. Microsoft’s Internet Explorer is the most used browser, and as a result the most often exploited (primarily due to the inclusion of “activeX controls”). Browsers such as Firefox or Google’s Chrome don’t use activeX and also aren’t as big of a target for malware authors.
Spyware/Malware infections are more than just an inconvenience and can have serious consequences. Take the precautions above as well as schedule a visit from a qualified computer tech to insure your computers are properly protected and up to date.
Windows XP won’t die!
October 10, 2008
Microsoft had originally announced that they would stop shipping Windows XP Professional to hardware vendors after January 31, 2009. Last week however they announced that they have extended that date to July 31, 2009.
There has been a significant backlash against Vista from both the private and corporate sectors. There are few compelling reasons for your average user to upgrade from XP (some gamers may argue that however) and many users don’t want to suffer through the learning curve present with Vista. Not to mention hardware drivers for Vista are still hard to come by for older hardware and it is almost a given that you’ll have to upgrade much of your software to be Vista compatible.
Weigh in on the subject by commenting below. How do you feel about Vista? Are you using it at home or at work? Here at Computer Rooter we are always training on the latest platforms so that we can provide our customers with cutting edge computer support, so we are running Vista on many of our workstations. XP however is still the operating system of choice on our workhorse computers that we just can’t be without.
Are you addicted to Email?
September 11, 2008
When was the last time you checked your email? If you are like most Americans, it was within the past 15 minutes. Read this excellent article from PC World on how to determine if you have an “Email addiction”: http://www.pcworld.com/article/150928/email_addiction_five_signs_you_need_help.html
Am I safe? (Viruses/Spyware)
June 17, 2008
The most frequent call we get at Computer Rooter is from people who suspect they’ve been infected with a virus. Sometimes these infections are so severe that the repair takes hours and is thus quite expensive. There are precautions you can take however to avoid getting infected initially:
1) Make sure you have recent anti-virus software and that it is up to date. Don’t assume that just because you bought an anti-virus application 2 years ago that it is still doing its job. Check the program and make sure that it has up to date virus definitions.
2) Anti-virus alone is not enough, you should have spyware/malware protection as well. Good products include Sunbelt Counterspy or Webroot Spysweeper. For those on a budget, Microsoft offers a free anti-spyware application called Defender (although this is not as good as the paid products mentioned, it is at least some basic protection).
3) Change your surfing behavior. Anti-virus and Anti-spyware applications aren’t flawless. Even with the best software it is still possible (although far less likely) to get infected. Follow these steps when you’re online:
- Do not open email attachments from people you do not know.
- Do not install plugins from websites that state “you must install this software to properly view this web page” (unless you know exactly what it is you are downloading)
- Do not visit X-Rated or Serial #/Crack sites as these are prime candidates for distributing infections
- If you do come across an X-Rated site via a pop-up or other means, do not click on any links or bookmark it.
- Do not download files from peer to peer file sharing networks such as limewire, emule, etc… Infected files run rampant on these networks.
Windows XP – Service Pack 3
June 5, 2008
Microsoft releases services packs for windows once every few years. Service packs typically offer some minor new features but mostly they encompass all hot fixes since the last release. If you are a windows XP user we recommend that you download and install Microsoft’s latest (and last) service pack for Windows XP – Service Pack 3. For a complete list of changes click here, or follow this link to download the release. You may also update your computer with Windows Update (check your start menu items for this update tool).
Computer Tips
June 3, 2008
At Computer Rooter our goal is to not only solve your computer problems, but to educate you on problem prevention. Check here often for self-help tips! If you are familiar with RSS feeds, you may also subscribe to our blog by clicking here.
