Security

Now that Dr. Data is back from the beach and Labour Day is history, I thought that I’d kick off Sept. with a little bit of advice concerning software installation. In particular, free software. It goes without saying that the concept of “free software” is irresistible. Like the TV advert for the hotel chain says, “Everyone loves free stuff.” The problem is that a lot of the time, the free stuff isn’t really free and you may be unwittingly paying for it in ways that you wouldn’t think of.

Many publishers of free and useful software help pay the bills by allowing advertisers to include a graphic/link on their site and/or including options in the utility’s installation package to install additional “free software”. This additional software can be anything from a search engine’s toolbar to something much more complex and difficult to remove if you don’t really want it. One of the favourite bits of add-on software is the toolbar for Ask.com. Ask – it used to be “Ask Jeeves” – is a legitimate search engine that I use from time to time. This toolbar can be useful for directing your searches to Ask but such toolbars may or may not track your searches and even skew the results based on your prior searches. There’s nothing particularly wrong with that but you ought to know just what is or is not going on with your PC.

When  faced with the dilemma of installing or not installing some bit of add-on software, it’s typical for a user to say “Whats the harm in it? I may even find a use for this toolbar/widget/etc.” Odds are, however, that most users will soon forget the add-on was installed and the gizmo will continue to live on, requiring service from the operating system, consuming a bit of memory and being just one more thing that needs to be loaded every day at start-up. Over all, the presence of this one widget may not have a very noticeable impact on your system, but consider the multiplicity of search engine tool-bars out there – Yahoo, Google, Bing, Ask, Glary, etc. – and not paying attention to what you’re about to install can have a devastating impact on your system’s performance. Factor in the possibility that some of these gizmos may “push” additional software on to your system as time goes by and your PC’s performance will go down the proverbial tubes.

There is one more thing to consider. Some of the add-on software may have their own add-on bits that they want to load. In other words, here’s what happens:

  1. You want to install the XYZ utility
  2. The XYZ utility offers to install the Wombat toolbar
  3. The Wombat toolbar offers to install the Diogenes file-finder
  4. The Diogenes file-finder offers to install the Kleen-Machine utility
  5. And so forth
  6. And so forth
Dr. Data has observed no less than 5 installers open at one time; All wanting to add something to your PC and all originating from that one, gotta-have, free utility. Factor in the probability that one or more of these bits will want to push additional software on to your system in the future – often with little or no warning – and your PC will be down on its knees, coughing up blood before you know it.
To show a real-life example, I’m going to show you what could have happened when Dr. Data tried to install the Glary Utilities earlier today. I should state right at the beginning that Glary is one of the free-ware tools I recommend to my clients. It’s good, reliable software that does the job for you.
One of the early panels that appear in the installation process offers to:
  1. Install the Glary toolbar and have Glary Search loaded as the default page every time you open a new tab in Internet Explorer or FireFox.
  2. Make Glary Search the default search engine on Internet Explorer, FireFox and Chrome.
  3. Make Glary Search your homepage on Internet Explorer, FireFox and Chrome. In other words, every time you open one of these browsers or create a new tab in the same, Glary Search will be what you see first.
There’s nothing illegal about this as Glary has every right to promote their products and offer you add-ons.  The text highlighted in blue tells you exactly what’s going on which is something that may be OK with you . . . or not.
    If you don’t want this to happen, simply un-check/deselect/de-tick  the boxes highlighted in green. In fine, you need to read everything when you install software  and decide whether you want the add-on software installed or no.
A subsequent panel shows the following:
Besides creating desktop and quick launch icons, the installer wants to add an icon for Filepuma.com to your desktop. This site is a software aggregator which contains links to the latest editions of many of the popular free-ware utilities. There is a brief description of Filepuma at ideamarketers.com. This addition is probably innocuous but I am citing it here as a simplistic example of how you can wind up getting more than one piece of add-on software if you don’t pay attention.
If you’ve stayed awake during this rant, here are the take-aways:
  • Too many “free” gizmos can have a deleterious effect of your PC’s start-up time, available memory and processing speed
  • Some “free” gizmos can – over time – load additional software to your system thus slowing things down even more
  • In many cases, these “free” gizmos can ride in on the back of legitimate freeware utilities, etc.
  • While this is legal, you may get too much of a good thing if you don’t watch out

To avoid PC Slow-downs due to too many toolbars, etc., you should do the following:

  1. Take your time installing software. Racing through the installation by clicking “Next” on each panel can lead to trouble
  2. Read each panel carefully. Offers to install “free” widgets can appear anywhere
  3. Be aware of what you already have installed on your system
  4. Remember that you have the right to not install any or all bits of add-on software.

Dr. Data will discuss how to be aware of what is already installed on your system and how to effectively uninstall stuff that you don’t want in a future post.

Internet service Providers (ISPs) are reporting that the Domain Name Changer trojan has had a minimal impact since the FBI shut down the servers belonging to the criminal enterprise at 12:01 AM on Monday. Service providers such as Verizon and Comcast have been reporting only a relative  few calls for help concerning the sudden loss of internet access on Monday.

Before we consider the DNS Changer to be a non-event, users and service providers will do well to keep in mind that not everyone uses every PC every day. There is a significant number of users who only power up every few days, have a second PC or Laptop that sees only intermittent use, etc. These casual users are also some of the most likely to have paid scant attention to the warnings about the DNS Changer over the past months.

Even though the FBI has shut down those servers, ISPs have taken over by redirecting requests for those addresses to what is in effect a “walled garden”.  Here, the hapless user is informed of the situation and what is needed on their part to remedy the problem. While some news outlets have reported that anti-virus software has taken care of most of the infections, there are still plenty of people out there who refuse to either purchase security software or keep it up to date.

Several months ago, Dr. Data published a warning about the DNSchanger Trojan. Well, D-Day – July 9th – is almost here. In case you missed it, here are the main points about this whole affair:

  1. Back in November of 2011, the FBI shut down a criminal operation that would direct unsuspecting users to the operation’s servers
  2. There were about 100 servers all told
  3. These machines were infecting millions of PCs with the DNSchanger Trojan
  4. The DNSchanger would alter the PC’s DNS (Domain Name System) so that websites would redirect users to servers run by the criminal operation
  5. The FBI obtained a court order that allowed the FBI to keep those servers running while users checked their machines for infection by the DNSchanger
  6. The servers were supposed to be shut down on March 30th
  7. The deadline was extended to July 9th
  8. On the 9th, the servers will indeed be shut down. This is it!
  9. While a lot of clean-up has been done, there are still about 300,000 PCs that are still infected w/ the trojan
  10. 70,000 of those machines are in the US. Is yours one of them??
  11. If your machine is infected, you will probably lose access to the internet on that day.
  12. No more FaceBook, etc.

There is a simple way to tell if your PC has been infected. Point your browser to www.dns-ok.us. If your PC is clean, you’ll see a Green background. If there is a potential problem with your connections, you’ll see a Red background. If you’re colour-blind, find someone who isn’t!! The average user should seek the help of a computer professional – like Dr. Data – to help with the clean-up. If you want to have a go at resolving the problem on your own, here are some suggestions on how to trouble-shoot.

The full story is on the PC Magazine website. A more succinct explanation of why DNSchanger victims deserve to lose the internet may be found on ZDNet.

Time’s a wasting. Check your PC by going to www.dns-ok.us. I just did and my PC is clean. How about yours?

 

For years, I’ve watched Apple and Microsoft duke it out – either thru corporate ads or via their legions of fanboys – over PC security. You probably remember the “I’m a Mac/I’m a PC” ad campaign that Apple launched touting, among other things, that Macs – or rather OS X – just didn’t do virus or malware infections. (Dr. Data repeatedly thought: : Just you wait, Steve Jobs. Just you wait.”)

In the wake of the Flashback Trojan and other attacks – both real and potential – Apple has quietly changed its tune according to an article on the PC World website. What Apple has done is replace the claim on its website that MACs don’t get PC viruses with another stating that OS X is built to be safe. (Take a look at a comparison of the two messages.) Actually, the original claim was quite true; Indeed,  MACs do not get PC viruses. Instead, they get MAC viruses.

In line with that change, came an announcement reported on ZDNet that OS X’s Mountain Lion release would feature silent security updates. The advent of these silent patches indicates that reality has finally caught up with Apple.

It all depends on your age.

Baby Boomers worry about a lot of things; Hair loss, retirement vanishing over the horizon, dentures and . . . computer security. While those of us who are . . . umm . . . somewhat more secure tend to think that those “kids” in “Generation Y” are more computer savvy than the rest of us, that apparently is not the case when it comes to security. While there are differences between the ways each generation uses their computers, there is no denying that Boomers are more likely to have security features in place.

Zone Alarm, a manufacturer of internet security products, posted in graphical form on its website, the results of their analysis of just who employs computer security and how much. Fifty-eight percent of Boomers believe that security is more important than productivity, entertainment, etc. Only thirty-one percent of Gen. Y think the same way.

The really frightening thing to be found in all this is that, as a whole, 71% of all age-groups do not  follow best practices in security like having a two-way firewall in addition to anti-virus software.

Just something to think about.

 

If you watch CBS’ 60 Minutes or follow any reliable and responsible news outlet, you will have heard of the Stuxnet worm which bedeviled Iran’s uranium centrifuges a while back. The Ars Technica website recently confirmed that Stuxnet was a joint venture involving both the US and Israel. This worm consisted of 500K of code and took the Kaspersky organisation several months to analyse.

Well, there’s a new kid on the block named “Flame” and he weighs in at 20 Megabytes of code. Kaspersky estimates that Flame will require at least a year for a through analysis. Like Stuxnet, Flame appears to be the project of some nation-state.

Both Stuxnet and Flame have been around a while with the latter being first identified in the wild back in 2010. While Apple is not considered to be a nation-state – yet – Flame does attack the defences of  its biggest rival, Microsoft, by targeting its Update System. This time around, you won’t have to be operating a host of uranium centrifuges out in the garage in order to be vulnerable. Flame has the potential to be an equal opportunity virus by using Microsoft Update as a malware delivery system.

Microsoft has issued a warning as well as a security patch. IT Professionals have been advised to start applying this patch immediately. Ordinary blokes like you and me should run Microsoft Update early and often to make sure that this patch has been applied. In other words, don’t put it off.

Some years ago, the mailing list for a Scottish society in Washington, DC was being turned into a spam machine by at least one person on that list. After a bit of detective work, the issue was traced to one member who had not applied any MS security updates – ever – because that sort of thing just wasn’t for him. Dr. Data advises one and all to apply their security updates as soon as the announcement shows up on your PC. Remember, cyber security is everyone’s business.

For more Flame’in information, have a look at PCWorld and Tech Republic.

Apple is at it again . . . or rather, not at it again. In the wake of the vulnerabilities uncovered via the Flashback Trojan, Eugene Kaspersky – of Kaspersky Anti-virus fame – had asked Apple to develop a security solution (a.k.a. an App) for iOS, Apples mobile operating system. If you didn’t already know, you have to develop and build an app & then ask Apple “pretty please” if you can put it in the App Store. Apple declined the offer. In essence, Apple puts its fingers in its ears and says “La la la la la – I can’t hear you” whenever the issue of security comes up.

While it is admittedly more complicated/difficult to infect a MAC, the fact that it has been done shows that it can be done and no one likes a challenge more than a hacker. Even as a “good guy” software developer, I relished proving that something could be done when “they” said that couldn’t. Indeed, those were amongst the happiest times in my career. Given that, you can imagine how hackers must feel about this challenge and they are, no doubt, queuing up for a crack at the big MAC.  With the market share for iOS hovering around 30%, hackers are looking at iPhones & iPads as the next juicy target.

If Apple believes that its vetting process for apps before they are made available in the APP Store will save them, the company needs to think again. Websites tailored for access by mobile devices are the perfect virus and malware delivery system. Oftentimes, Apple will deny permission to develop software applications because it conflicts with some product that they are developing on their own. I – as an iPhone owner – certainly hope that this is the case.

The article that spawned this post is available for your reading pleasure at ZDNet’s Between the Lines blog.

For a slightly dated but nonetheless compelling rant about the sins of the Apple, have a look at ZDNet’s A Developer’s View blog.

I’ve been hard at work implementing an increased level of security for a client who has a number – more than 10 – WordPress sites. These sites were repeatedly being hit by the bad guys who gained access to her WordPress installations via brute force attacks. These attacks exploited vulnerabilities in the standard WP configuration and added a large number of  bogus subscribers.

In an effort to “harden” this client’s WP sites, I’ve been working with a tool called Better WordPress Security by Bit51. There are a large number of WP security plug-ins available – most of them are free – but Bit51’s seems to combine most of the known WP vulnerabilities that can be remedied into one package. For example, did you know that the standard WP table prefix of “wp-” is an open invitation to mischief via PHP injection attacks? A savvy hacker can cobble together a bit of PHP code  that wreaks havoc with the WP database simply because the default table prefix is very seldom changed. Bit51’s plug-in will generate a random table prefix and automatically apply it to the WP database.

This is just one example from a whole slew of tweaks and fixes in this plug-in. It can even handle database backups for you and I know from my own experience that finding a reliable backup utility that actually does what it’s supposed to can be a tall order. Many of them are half-baked at best, do not work with all server configurations or their support ceased long before WordPress 3.x came on the scene.

Some of the recommended tweaks do not work with all themes or server configurations but this package is well worth the time taken to install and configure it. Even if you can’t use some of the fixes that Better WordPress Security offers, any amount of security is better than none at all.

Better WordPress Security is “donation-ware” which means that it’s free for you to use but Bit51 would certainly appreciate any legal tender you send their way. If you’re trying to decide whether you pay the electric, gas and water bills this month, not to worry; Bit51 will gladly accept Tweets and/or posts about Better WordPress Security which is what I’m doing here. I’m also going to nag my client about a significant donation to the cause.

Go to bit51.com/software/better-wp-security/ to learn more.

My Rating:

This is going to be quick and I promise that I won’t bug any of you about Passwords for a while. You will remember in Thursday’s TechnoRant© on Freeware that I would be evaluating the LastPass password manager. Whilst I was nosing around the lastpass.com website, I ran across a blog entry on password security. The post explains how weak/poor choices of passwords is endemic amongst internet users. Weak passwords are responsible for 80% of security breaches. This post is one that is definitely worth a few minutes of your time to read.

My review of LastPass will be online in a day or so.

And I’m not talking about music here. The hackers – and hackettes since this sort of thing is an equal opportunity enterprise – have tasted the forbidden fruit and found Apple’s OS X to be quite tasty.  There is a rapidly spreading variant of  the Flashback Trojan called Flashback.S which is able to install itself  WITHOUT a password.

Like its predecessors, Flashback.S exploits a vulnerability in Java. Apple was supposed to have issued a patch for it but . . .

This article gives a pretty good rundown of the situation and even includes a download which will detect and remove all variants of the Flashback pestilence.

Dr. Data’s advice to all Mac users is to get anti-virus protection . . . NOW!!!  The article lists a number of  both paid and free security solutions for OS X.

You have been warned!

This Month’s Rants

September 2017
M T W T F S S
« Dec    
 123
45678910
11121314151617
18192021222324
252627282930  

Pipe Count

Dr. Data's Pipe Count

480 (+/-)

Dr. Data has PAD - Pipe Acquisition Disorder

Professional Reader

Subscribe to my Rants

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 222 other subscribers