Security

You’ve probably heard about it by now and I’m already tired of hearing about it;  the story broken by the UK’s Guardian newspaper – it figures -concerning the surveillance being carried on by the NSA (National Security Agency) on Verizon’s phone call meta-data as well as other aspects of internet communications like e-mail. For those of you who may not quite get it, meta-data is information about data; not the data itself.  The NSA does not give an R.A. about calls to your mistress/boyfriend or your predilection for phone sex. By the time they get the meta-data, your 3:00 AM call to Jake at Snake Farm is long over. Instead, they are looking for patterns like calls to the local 7-11 from Abbottabad, Pakistan that occur only when Achmed is behind the counter on the grave-yard shift.

There is the predictable hue and cry that this is the end of America as we know it or that the Government has done the “freshy-fresh” with the Bill of Rights. No-one seems to give a fig about the Police running your licence plate when they spot you parked at the Achmed’s 7-11 at 1:30 AM. Indeed, La Polizia have run the plates of a certain Mitsubishi pick-up with a canoe on top driven by a bearded, kilt-wearing, pipe-smoking, Scotch-drinking, hippy freak in ear-rings more times than I care to think about. They probably needn’t bother because no-one in their right mind would use a 23 year-old pick-up with an “I brake for Mermaids” bumper-sticker on the back as a get-away vehicle.

Yes, it’s a shame that things have come to this but it’s the price we pay for being under siege by sub-humans who would gladly suicide-bomb a day-care just to inflict a bit more pain and terror on Americans. Dr. Data can remember the common cries of “Protect us! Protect us!” in the wake of 9/11 and the Boston bombings. Well, the NSA, et alia, are trying to do just that. Moreover, the government has been doing that for a lonnng time. Back during the cold war, a certain female-type person with whom  Dr. Data has had a more than nodding acquaintance for nearly four decades, had relatives on the east side of the iron curtain. Letters arriving at her grand-mother’s house had already been read and redacted by both sides. Her brother – like Dr. Data – was into short-wave radio during that time and a Federal agent showed up at their house wanting to check his QSL cards . . . no doubt looking for coded messages.

So folks, let’s turn down the histrionics and hope that the NSA does its job before the next airliner flies into an office tower. If  you’re worried that the intelligence community may want to know about your relationship with that visiting professor who works part-time as a dominatrix, then do the following:

  1. Get rid of your phones – smart and not so smart
  2. Get off the internet
  3. Blow up your TV
  4. Pay for all transactions with cold, hard cash
  5. Read only old-fashioned books printed on real paper
  6. Travel only by foot or bicycle
  7. Hope and pray that Achmed does not hijack a Cessna and fly it into your house.

Resources:

NSA PRISIM programme spied on e-mails, searches

KCAPTCHAWe’ve all had to deal with them in some way at one time or another. The CAPTCHA; a brave attempt to prevent spam-bots from filling out things like the contact form on your website and sending you e-mails telling you about cheap Viagra, Nigerian Princes seeking to recover their fortune and busty blond bimbos who have been oh so lonely and are looking for a man just like you in order to have a meaningful, fulfilling relationship and/or a good time.

[stextbox id=”Information” float=”true” align=”right” width=”150″ mleft=”5″]Wikipaedia has an excellent article on CAPTCHAS. [/stextbox]Though they are there on the front lines of spam defense, they more often frustrate than protect. How many times have you filled out a web form only to be baffled by the distorted letters and numbers you are required to read and enter before you hit “Submit”. Is that a “1” or an “L”, an “O” or a “Q”, an “R” or a “K”? You give it your best guess and click the “Submit” button only to be told that what you entered is incorrect and are then redirected to an empty copy of the form that you’ll have to fill out again. Not only are they driving you mad but there are serious questions as to their efficacy.

The hey-day of the CAPTCHA may be over. Ticketmaster is dropping them in favour of entering common phrases or answering things like multiple choice questions. A New York based outfit named Solve Media claims that it takes the user half the time to comply with the new approach than it did to try and decode a CAPTCHA. Solve Media also believes that this method is better at blocking bots than the old way which often proved quite successful at blocking humans.

Only time will tell whether this approach will be the answer to a form-filler’s prayer. In the meantime, you can read all about it in PC Magazine.

Back in September of 2012, I discussed online bait & switch with software downloads and how unwanted add-on’s – such as memory and cycle sucking toolbars – can find their way on to your system without your knowing it. I’ve coined a new term for this sort of stuff: Sneakware. In other words, crapware that sneaks its way on to your system when you’re trying to install a legitimate product.

I’ve observed a fine example of this in the wild and thought I’d show you what to watch out for. I’ve also run across an article that backs up what I’ve been saying even though they don’t call it “sneakware”. I’ll endeavour to keep all this brief and to the point.

For a number of years, I’ve used an add-on called File Menu Tools by a Spanish development house known as Lopesoft. It has come in quite handy for folks like Dr. Data who do a lot of different things with individual files and I’ve recommended it as a “must-have” more than once. The other day, it was time to install the latest version and I discovered – much to my dismay – that the developer has succumbed to the siren call of sneakware.

There’s a heck of a lot of free stuff on the web and developers will often seek to augment their income of donations by grateful users by including add-on’s with their installation package. Legitimate – and sometimes not so legitimate – entities will pay developers a certain amount to simply include this entity’s product in the developer’s installation package and then will pay the developer a specified amount of  money for each actual installation of the entity’s product. Usually, both payments are a trivial amount but if your software is downloaded & installed 3 million times, this trivial amount can really start to add up.

In the case of Lopesoft, here’s what I saw:

Lopesoft1 In this first screen-shot, the user is asked to install the Babylon Toolbar which supposedly gives you access to freebies, discounts, etc. You’ll notice that not only is the option to install the toolbar checked & greyed-out, but so are the options for making Babylon the default search engine and making Babylon search you homepage. Your eye is drawn to the usual mumbo-jumbo of the licence agreement and clicking “Agree” has become motor memory. You have no doubt learned over time that clicking the “Decline” button will cancel the installation of the whole thing and thus you are led to believe  that you have to click “Agree” here in order to get the software you originally wanted.

The simple answer is “No, you can “Decline and still get the original product but how many users will see through all this? Also notice that the “Agree” button has focus so all you have to do is press the “Enter” key. To “Decline”, you’ll need to move your mouse to that button & click it.

Lopesoft2 This is the next window that will be shown to you whether you “Accept” or “Decline”. Here, the verbage mentions Chrome, Google, etc. It also throws in “Amazon”. Add in the mumbo-jumbo and the average user will think they have to agree in order to get the software to work with Google, Chrome & Amazon.

As before, the “Agree” button has focus. Declining takes an extra effort.

There you have a perfect example of how the user thinks they’re getting a useful utility and are really getting a lot more than they asked for. Do this five or six times and you’ll wonder why your system isn’t as fast as it was.

While the mechanics and payment schemes may vary, this article from ZDNET explains it all very nicely. The price of a clean machine is eternal vigilance.

Back in early September of this year, I wrote a short series of posts about the danger one faces if they are not careful about downloading; one of which was called Online “Bait and Switch. The Malwarebytes.org blog posted an article called Pick a Download, Any Download on Oct 19th. This article goes into additional detail and covers some ground that I didn’t. It is well worth your time to read it.

Although we all try to prevent the latest bit of nastiness from taking up residence on our systems, sometimes the bad guys win and we’re faced with the task of cleaning up Dodge. Some of these infections are quite clever and not only prevent you from executing detection and removal tools, but also prevent you from downloading them in the first place. There is, however, a way around that last bit.

Tech Republic has an article listing 5 portable tools for cleaning up malware and virus infections. All of them are free though some may be donation-ware or a way of advertising a more robust paid version. Nonetheless, they will help get you out of a jam and in that case, who cares if there’s an ad or two for the paid-up version of the tool.

The tools are:

  1. ClamWin Portable
  2. Sophos Anti Rootkit Portable
  3. Emsisoft Free Emergency Toolkit
  4. Vipre Rescue
  5. Spybot Search and Destroy Portable

Dr. Data is most familiar with the Emsisoft Emergency Toolkit and Spybot Search & Destroy. There are a number of people who argue that the Emsisoft product is even better than Dr. Data’s favourite tool, MalwareBytes, and he is not going to argue their relative merits here. He will say, however, that the Emsisoft tool does seem to take longer to perform a scan than MalwareBytes. Whether that is because the former is more meticulous than the latter is a topic for another day.

As for Spybot Search and Destroy, Dr. Data has used it to bat clean-up for a number of years now. Spybot will flag and remove spyware, tracking cookies, etc. but it is also excellent for cleaning up the bits of debris left after an infection is removed and can give clues as to how the infection made its way on to your system in the first place.

All five tools require the user to be proactive. In other words, you need to:

  1. Find a clean USB thumb drive
  2. Install the tools on the thumb drive
  3. Keep those tools up to date
  4. Remember where you put the thumb drive

If the infection blocks the execution of one or more of these tools, then you will have to either use a rescue CD/DVD to boot your system or remove the hard drive and attach it to another system using any one of a number of fine USB SATA/IDE bridge devices on the market and disinfect the drive that way.

Read the full article on TechRepublic.

This is a brief dispatch from the trenches. Since my TechnoRant© on Ransomware back on October 9th, a few instances have been observed of a variant that I’ve nick-named “bluffware”. Bluffware will display the ransom note saying that your hard drive has been encrypted and if you want the decryption key, you’ll need to put your credit card information in a brown paper bag and e-mail it to wherever.

The funny thing is that your hard drive is NOT encrypted and if you’re foolish enough to send the money, you’ll definitely get nothing in return. This is apparently the work of bad guys who don’t have the necessary smarts or malware code to encrypt your hard drive but nonetheless want to cash in on the latest trend.

While bluffware is more a hoax than anything else, the reality is that the malware responsible for the hoax has somehow made its way on to your system and that is no laughing matter. Your system has been infected and you need to get rid of this bit of nastiness as soon as possible. There is no way of you knowing if the bluffware is dropping some other malicious code on your system in the meantime.

It’s up to you to do everything you can in advance to prevent this for making its way on to your system in the first place and being prepared to deal with the situation if it does. I won’t repeat the recommended steps here. If you want to know what to do, take a look at the original post concerning ransomware.

The latest sensation that’s sweeping the nation is something called Ransomware. This is a particularly nasty piece of Malware that infects your system through the usual vectors:

  • Visiting infected websites
  • Opening attachments to e-mails
  • Clicking on links that someone sends you via e-mail
  • Applications such as Skype
  • Etc.

Once it’s on your PC – or MAC!! –  it will do things like encrypt your hard drive or generally restrict access to sensitive files or, indeed, the entire system until you pay a fee – read ransom – to get a key or code to unlock your files or system. The ransomware will display a fake message warning you of the problem and claiming to be the Police, FBI, etc. Paying the ransom is the last thing that you want to do because:

  1. You’ll be out however many dollars they want for the unlock key
  2. They’ll have your credit card information
  3. There’s no guarantee that there is not another piece of this malware lying underneath that will re-encrypt your hard drive or lock your system in some way once you apply the original unlock key.
  4. There is the distinct possibility that they won’t even send you an unlock key at all because once they have your credit card information, they’ll have everything they need so to heck with you.

There are ways to remove ransomware and SelectRealSecurity.com shows you one way to do it. However, since the bad guys are usually at least one step ahead of the good guys, there’s always the chance that you’ll be hit with a new version of ransomware that necessitates a new approach to removal.

The best approach is not let the stuff get on your machine in the first place. To do that, you need to:

  1. Keep a good, reliable, up-to-date anti-virus application running on your system. There are some freebies out there that offer only anti-virus protection. If you want anti-malware, etc. you will have to pay for the full registered version. This is not the time to be cheap as an ounce of prevention is worth a pound of cure.
  2. Use a secondary anti-malware application such as MalwareBytes. While there may appear to be a duplication of effort here, there is always the chance that what is missed by one will be caught by the other. You need to be thorough.
  3. Do not open e-mail attachments or links from senders that you do not recognise. In fact, don’t open e-mail messages from people you don’t recognise.
  4. Be suspicious of e-mail links or attachments sent to you by people who you do recognise but who do not usually send you such things. Address books can be hacked.
  5. Avoid questionable websites like the plague. McAfee offers a product that flags questionable or unsafe websites when you do a search. If your security software warns you of a malicious website, don’t go there even if it’s one that you’ve visited before.

Just in case something DOES find its way on to your system, Be Prepared!

  1. Keep all of the installation disks that came with your system or that you subsequently purchased in a safe place that you will actually remember. These things aren’t coasters or toys to let the kids play with.
  2. Keep a list of all of the activation keys for your software products in a safe place that you will actually remember.
  3. If you purchase software and install it via the internet, keep the installation file(s) and activation key(s) in the same safe place as # 1 & # 2.
  4. Keep a list of all of your passwords, etc. in the same safe place as # 1 & # 2.
  5. Find a good, reliable system/file back-up application and actually use it. Once you’ve completed backing up your system/files to a USB drive or whatever, detach the aforementioned device from your system. Do not reconnect it until you need to restore a file or make a new back-up.

That’s enough to get you started. Do not think that simply because you have a MAC rather than a PC that you’re safe. MACs have been shown to be vulnerable to attacks. You may not get what’s currently affecting PCs but you might get something that’s especially designed for MACs.

Here’s what we have for today:

  • Apple’s iOS maps get better – Apple has been quietly improving  the data returned by the iOS 6 Maps application. Good news for those using the latest version of the OS, but shouldn’t this have been done BEFORE  both iPhone 5 & iOS 6 launched? Dr. Data depends on maps from his iPhone and wonky data is the last thing he needs. Was it because Apple wanted to get its latest phone out there in time for holiday shopping or did someone drop the ball in QC? Read the full story from Tech Republic.
  • Apple in a post-Jobs world – It’s been a year since Steve Jobs ascended in to passed away and there have been ups and downs for the company. There are two articles that are worth reading if you follow the goings-on in Cupertino. The first is from ZDNet and the second is from PC Magazine.
  • Win 8 Kill Switch: Threat or Menace? – If you’re contemplating moving up to Windows 8 anytime soon, this may give you reason to think again. Windows 8 includes a “kill switch” which allows the remote editing of applications and the deletion of  software and possibly data. Is this Nirvana for hackers? Read what John C. Dvorak in PC Magazine has to say.
  • Windows 8 is available before its time – HSN.com – the online arm of the Home Shopping Network began offering PC’s with Windows 8 installed and ready to go. Before you decide to jump the gun, you should note that the machines are loaded with Crap-ware. These are applications that come pre-installed on a new machine and usually include a lot of things that you may not want as well as “trial versions” of software. Read the full story on ZDNet.
  • Samsung’s Apple “attack ad” – If the political season wasn’t bad enough, Samsung is airing an attack ad that touts the technological superiority of its latest   smartphone over the iPhone 5. Geek.com does a bit of fact-checking for you.

All this week, I’ve been talking about how unwanted applications can “suddenly appear” on your system and how you can get rid of them. For this final installment, I want to discuss what you can do when the bad boys infect your system.

There is a popular misconception that you have to download and install some too-good-to-be-true-and-absolutely-free software application to your PC in order to infect your system. Friends, that is not the case. In some instances, all you have to do is visit a page on a website in order to be dumped on. This is what is known as a “drive-by infection”. You could try to prevent this by doing things like:

  • Turning of JavaScript
  • Disabling Java – This is different than and separate from JavaScript
  • Not accepting cookies

The trouble is that by configuring your browser(s) in this way, you will miss out on much of the rich content on the web as well as features on legitimate sites that you have come to depend on.

There are, of course, other ways to protect yourself. Your first line of defence should always be a good firewall and anti-virus. There are more products out there than I have time to mention so we’ll leave that for another day. All I will advise at this point is that you find a good package and then keep it up-to-date. You will probably have to pay a bit as there’s no such thing as a free lunch but the small outlay will be much less than calling Dr. Data so he can tell you that your PC is hosed.

Another good toll is McAfee Site Advisor. There is both a free-ware and paid version available. While the paid version has more features, the free version is still quite worthwhile as it will flag both trusted and untrusted sites when you do use a search engine like Google.

Unfortunately, the bad guys are always one or two steps ahead of the good guys and sooner or later, your system will probably be attacked via a website that has not yet been classified or infected via malware for which there is no known signature. So, what do you do?

There are several tools out there – bot free and paid – that can help you keep the bad guys out or at least help you clean up the mess.

  1. Spyware Blaster – This is a free tool that helps prevent spyware, etc. from taking up residence on your system by using the methods available in your browser. It does not take up any memory and is quite easy to use. If you want automatic updates, the paid version will take care of that and also help fund the war effort. The only downside is that Spyware Blaster does not protect Google’s Chrome browser. 🙁  Nonetheless, you’ll most likely wind up using Internet Explorer or FireFox on occasion so it is worth your while to use Spyware Blaster.
  2. Spybot Search and Destroy – This is another good tool that is available as free-ware. It both scans your system for spyware, malware, adware & other bad stuff as well as remove anything it finds. Spybot Search and Destroy will also immunise your system against future threats from the web. There is a paid version that provides automatic updating.
  3. MalwareBytes – If you buy any protection tools then this should be one of the first. It does an outstanding job of finding malware on your system and removing it.  MalwareBytes also actively protects your system by scanning items as they come down from the web. There is a 30-day trial version that is good if you think that you have an infection because your system is running slow, etc. The paid version, which also provides proactive protection, is a small monetary outlay but it’s less expensive to pay MalwareBytes now than pay Dr. Data – or somebody like him – later.

You will probably notice that there are overlapping features between the above products. While each may claim to be the best at what they do, the reality is that no protection software can be all things to all infections. Using two or more of these products improves your chances of thorough protection. There may, of course, be some products out there that are better than the ones I’ve described but, through my long experience, these are the ones I’ve come to rely on.

A Tip from Dr. Data:  When using MalwareBytes  and/or Spybot Search and Destroy, be sure to run repeated full system scans until they come up clean. Sometimes, malware, etc. can mask other infections.

Another Tip from Dr. Data: The above tools are great but they will only work if they are used and updated regularly.

Dr. Data™ is a service mark of Parsonage Data Services.

One of the most disturbing trends – at least for someone who helps folks with their PC problems – in recent years has been the intentional misdirection, a.k.a. “Bait and Switch”, that has become prevalent on download sites. Of course, this kinda thing has been going on forever – keep in mind that “internet years” are like “dog years”, only more so – but in recent history, it has run rampant. A lot of this sort of thing appears on download sites that are supported by advertising. While the person or organisation who owns the site is somewhat at the mercy of advertisers, Dr. Data cannot help but wonder how many of them are complicit in the misdirection schemes.

My first example is from the website for The Windows Club which offers advice, technical information and some really handy utilities. The example was taken from a post about the free edition of A+ Folder Locker. (Clicking on the image below will show a full-size version of the screen capture.)

Can you find where to download this apparently terrific product? Well, Dr. Data will give you a hint; The download link is not one of those word combinations in blue with the double underscore. (Placing your mouse pointer over them will cause one of those annoying  pop-up ads to appear.) The line in blue that begins with “Stay Safe!” is incorrect as well. That’s obviously an ad for Acronis True Image. Most likely, your eye will be drawn to the big green button that says DOWNLOAD. It even looks like it’s the place to go because the OS compatibility, Language and Version # are listed beneath it. In reality, clicking the green button will take you to a page that says that your download is ready. If you read the accompanying text, you will discover that you’re not getting the above-mentioned software that you cannot live without. Instead, you will be downloading something called the Zoom Download Manager. The only people who might really need something like this are those folks who are burning up their DSL connection with perpetual downloads. This product may be legit but you don’t really need it.

N.B. The text underneath the DOWNLOAD button mentions “ZoomDownload.com” which is up for sale by one of the domain name re-sellers. The link will actually take you to ZoomDownloader.com. The fact that the text says one thing while the link takes you somewhere else makes Dr. Data feel that the whole thing is more than a bit dodgy.

In case you were wondering, the real download link is the blue text in the sentence that reads “Head over to its home page, if you want to download it.” It’s right there in plain sight but the eye is misdirected to the DOWNLOAD button first. You should also know that there is another green DOWNLOAD button a paragraph or so above the text in the example. Is this confusing or what?

For our next example, Dr. Data will give no hints. (Clicking on the image below will show a full-size version of the screen capture.)

Dr. Data was trying to download Piriform’s excellent file recovery tool, Recuva from FileHippo.com. It’s easy to do directly from Piriform’s own download site but FileHippo makes things much more confusing. Can you tell where the real download link is?

Play the Jeopardy “Think Music”

[ca_audio url=”http://howardparsons.info/wp-content/uploads/2012/09/Jeopardy.mp3″ width=”500″ height=”27″ css_class=”codeart-google-mp3-player”]

 

OK. Give up? The real download link is circled in red on the image below.  (Clicking on the image below will show a full-size version of the screen capture.)

The big green DOWNLOAD button (circled in purple) is for an audio converter that you probably don’t need and that is probably supported by advertising. The red “START DOWNLOAD” button (circled in orange) will take you the page shown below. (Clicking on the image below will show a full-size version of the screen capture.)

This is definitely not Recuva but it is for a similar product and may not be free as Piriform’s product currently is. Long story short, you have only a one in three chance of getting what you came for on the 1st shot. Given that English is read from left to right, odds are that you’ll go for the red START DOWNLOAD button first. If not, the big green DOWNLOAD button will probably be your next most likely destination. The real button to download Recuva is the smallest of the three graphics and in the right-hand column where folks are used to seeing ads.

In all of the examples above, the misdirection destinations are probably legitimate but what if they are not? What if the Download Manager contains malware?  With some malware sites, you don’t even have to actively download anything. Just visit the site and they will infect your PC for you.

Here are your take-aways:

  • When downloading software – especially freeware – always take the time to read the contents of the entire page before clicking the download link.
  • Many of the misdirection links will load something you probably don’t want or need to your PC. You may say to yourself “I’ll get rid of it later” but the odds are that you probably won’t.
  • Some of the misdirection links will take you to sites offering a similar product but not what you came to get.
  • When downloading utilities, etc. check Downloads.com first. This site is run by C|Net and is good, safe & reliable. While they do have ads and sponsored products, the download links for the software you want are clearly marked and there is no attempt at misdirection.
  • Above all, take your time. Trying to find and download software in a hurry can result in you selecting the wrong product or – even worse – downloading something that will harm your PC.

 

This Month’s Rants

December 2017
M T W T F S S
« Dec    
 123
45678910
11121314151617
18192021222324
25262728293031

Pipe Count

Dr. Data's Pipe Count

480 (+/-)

Dr. Data has PAD - Pipe Acquisition Disorder

Professional Reader

Subscribe to my Rants

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 222 other subscribers