The Tool Designed To Fool – We Don’t Want No Stinkin’ Toolbar! (Revisited)

In today’s Tech Thoughts Daily Net News column, you’ll find a link to Ed Bott’s – How Oracle installs deceptive software with Java updates. So, what’s new here? Not as much as you might think – unfortunately.

I first posted on the issue of unwanted Toolbars – or, PUPS (potentially unwanted programs) – in March 2010. Based on the indignation shown by the majority of commenters – it just might be worth another read.

—————————————————————————————————

MEMO TO: SNEAKY FREEWARE DEVELOPERS

You give me your software for free as a marketing tool, with the hope of course, that I’ll upgrade to the commercial version of your application.

That’s cool, that’s smart, (it cost you nothing by the way) – nevertheless, I’m appreciative.

But you don’t stop with just the free use of your application, you piggyback a toolbar, or some other non-essential item, as part of the install package. Listen, I understand, you want to install a toolbar because you get paid by the toolbar developer. Even that’s OK – but you do it in such a sneaky way that it really pisses me off, and that’s not OK.

Worse, if I don’t like your application and uninstall it, you open your Internet site, following the uninstall, using my Internet Browser – even if I don’t give you permission by allowing the connection. In my view, that’s a form of hacking. You need to take a refresher course in ethics.

I’ve been around the Internet for a few decades, so it’s not often I get caught in your schemes to install unwanted software on my machines, but less experienced users are often caught in your carefully laid traps.

Here’s a sample of the outrage a typical user, who got trapped by unethical behavior, feels – a comment on my site left by an outraged reader, several days ago, following her installation of Miro.

I thought I’d give this a try, since I watch Hulu quite a bit, and I’m sooo angry I did. Miro installed Bing Search toolbar, which I didn’t want or agree to install (using firefox) and it wiped out all my default search engines for Firefox.

Now I’m trying to figure out how to get Firefox back to normal. Beware!!!!!!!! I don’t trust companies that install things without your consent or knowledge.

In this particular instance it’s true that the EULA covers this situation, but here’s the question. Why does an average user need to read a Eula in order to find an alternative installation solution?

An accusation of unethical behavior doesn’t begin to cover this case – sleazy; vulgar; dishonest; sordid; are much more appropriate.

You, the unethical developer, are not alone in attempting to profit by toolbar inclusion in freeware applications. More and more, high profile developers who offer a stripped down version of their commercial applications as freeware, are involving themselves in this highly questionable practice.

So here’s a question for the “ethical” freeware providers. How many toolbars do you think an average user needs? Ten? Twenty? Thirty………….. Just so you know, a Google search for “toolbar”, returns 167 Million results!

I can already hear your answer “ but the user can uncheck the appropriate box when installing the application”. Right! Unless you’re detached from the real world (and, you may well be), you’re more than aware that a typical user does not uncheck this box. Then, over time, the user is at a loss to explain why their machine has slowed to a crawl.

Could it be because your toolbar, along with twenty others, all installed in a furtive way, become active at startup – ya think!!

So, just stop with the crapware already. If you’re pissing me off, just consider what you’re doing to an average user.

DoNotTrackPlus Gives The Boot To Nosy Internet Trackers

Several weeks back, I received an invitation from CNET to join a dating website designed especially for those that are 50 years old – or more. OK, it wasn’t exactly an invitation  – it was, in fact, an ad inserted into one of my subscribed  CNET newsletters.

So what – no big deal you may be thinking. But from my perspective, it is a big deal – here’s why.

In the years that I’ve been Internet connected – 18 years or more – I’ve never referred to, or listed, my actual age (other than to make the point, from time to time, that I’ve been at the computing game for a very long time). Nor, have I ever referred to my marital status (other than in a humorous way in re-commenting on a reader’s initial comment – perhaps).

As it turns out – I am over 50, and I am a bachelor. So, in reality, CNET targeted me precisely. The question is – how did CNET know to target me so effectively and efficiently?

A partial answer is – CNET spies. The fact that CNET spies on site visitors is hardly news. Nor is it news, that the majority of commercial websites engage in spying on site visitors.

SPYING – such a loaded word. Instead of “spying”, let me use a series of descriptors handily thrown around by those engaged in spying on my privacy.

Predictive analytics, customer profiling, customer segmentation, predictive modeling, lifestyle clustering……. all done for my own benefit, of course (according to the intruders). There, now I feel better about being profiled, segmented, and clustered. Not!

I’m certainly not a Luddite and, I understand the cost/benefit associated with using the Internet. But, the rules (such as they were) have changed dramatically in the last year or two. The Data Miner is now on the scene, and gobbling up personal information at a prodigious rate.

Webopedia definition – The two most common forms of data miners are data mining programs that an organization uses to analyze its own data to look for significant patterns, and spyware programs that are uploaded to a user’s computer to monitor the user’s activity and send the data back to the organization, typically so that the organization can send the user targeted advertising.

In a real sense then, it isn’t so much that CNET is aware that I’m 50 plus, or that I’m single that is at issue – since CNET could not/did not develop the specific information I referred to earlier. Instead, this information was undoubtedly culled by any one, or more, of the data miners that have infected the Internet and, using “predictive modeling” rolled out a “best guess” that I’m in my fifties and single.

And that makes me feel not only “profiled, segmented, and clustered” but, as if I’ve been “diced and sliced”. I have, in essence, become a product. A product, I’m afraid, that’s closing in on its “best before date”.   

A product that LiveIntent, working on behalf of CNET, targeted based on (according to the company’s site), gender, age, geo, browser, and time of day. I should point out, that according to LiveIntent’s promotional material, the foregoing “is just the tip of the iceberg”. Of that, I have no doubt.

The other side of the coin is – and there is another side of the coin – Internet users (by and large), have been trained to accept a tradeoff in order to get access to “free” information and services. In return – they buy into the condition that each commercial site they visit has the right to spy and build a profile on their browsing habits – the type of sites they visit and revisit, time spent on sites, their shopping and spending habits, their political views, their marital status (it appears), and much more. Some tradeoff!

In the long term, the personal information gathered will be sold, bartered and traded (to bypass the disclaimer – “we will not sell your information”), so that it can be used in multiple ways that generate profit. And, that’s the upside. If there’s one thing the Internet has taught us, it’s – if information can be abused – it will be abused.

If you’re like me, and you staunchly oppose the collection of your personal information, then you’re likely aware of any number of Browser tools which claim to shutout nosy data miners. In fact, I’ve reviewed many of these tools here.

One free tool which I haven’t reviewed until now (although, I wish I had earlier) is DoNotTrackPlus – a free Browser add-on from Abine (the online privacy company).

In the several weeks I’ve been running with DoNotTrackPlus, I’ve found that this add-on lives up to it’s reputation for excellence.

The following screen captures emphasize just how pervasive online tracking has become. And, more importantly, how DoNotTrackPlus puts the boots to these invasive parasitic data miners.

A selected result, from earlier today, while reading my local newspaper online.

Cumulative results since installing this add-on. You’ll note, the rather staggering tracking company total.

Abine’s Internet privacy view:

There is a huge difference between sharing personal information and having it taken. That’s why we’ve created Internet tools and services for those who want a say in how and when their information is used. And since we think exercising your right to online privacy should be easy, our solutions allow regular people just like you to regain and maintain control over their personal information – while continuing to enjoy all the wonderful things the web has to offer.

If you find yourself agreeing with this concept – and, you want a say in how and when your privileged information is used – take DoNotTrackPlus for a test drive. I suspect that you’ll be reluctant, in future, to surf the Internet without DoNotTrackPlus in place.

Fast facts:

Free tool that puts you back in control of your information.

Stops more than 600 trackers.

When you visit a website DoNotTrackPlus blocks tracking technologies from:

· Seeing and collecting your web activity such as what sites you visit and what you view.

· Putting cookies on your machine that would continue to store information about your Internet browsing.

· Displaying ads with tracking capability, including the annoying ads that seem to follow you everywhere you go.

Compatible with Mac or PC for Chrome, Firefox, Safari, and Internet Explorer.

Automatically updates to catch new trackers.

Download at the developer’s site: Abine

Click on the graphic below to view a video of DoNotTrackPlus in action.

Additional information is available on the company’s FAQ site.

Google Gives Users The Finger One More Time

The Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel. And Google, the “Do No Evil” company has just made it easier for the bad guys to take aim at you, and me. Read on.

As I reported in March of last year – Search Engine Results – More Malware Surprises Than Ever!

Cyber criminals have bumped up the level of search engine malware.

One in five search topics lead to malware…………

Google search results produced 38 percent of overall search engine malware.

Luckily, those users in the know – were aware that steps could be taken to mitigate the risk of an infection transmitted through a bad search engine result. The tool of choice – one I have long recommended to regular readers here – has been WOT (Web of Trust).

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

You can now scratch the reputation icon associated with the Google ads shown in the previous screen capture. Here’s the bad news. Google has reversed course, and no longer (as of April 13) allows a reputation assessment icon (in other words – a SAFETY assessment icon), to be displayed on Google sponsored ads.

According to WOT – “Due to Google’s policy change, WOT and some other similar tools can no longer show reputations for sponsored links on Google’s search results, or elsewhere on Google ads.”

In the following screen capture (taken today), you’ll notice WOT’s reputation icon (the green circle), attached to generic search results. You’ll also notice, on the TigerDirect (a Google ad), a reputation assessment is no longer available.

In my view, Google can take its “Do No Evil” motto, and “shove it where the sun don’t shine”. No matter the reasoning behind this move – the net result is, Internet surfers are at more risk than they were last week. Tell me that’s not EVIL!

A big “thank you” to regular reader Michael F. for the heads up.

TuneTune – YouTube To MP3 Converter Browser Add-on

St. Patrick’s Day is over for another year – and, thank goodness for that. Along with New Years Eve, St. Paddy’s Day, it seems to me, brings out the worst in the non-drinking drinkers who load-up well past their capacity to handle the juice of the barley. As an Irishman (of some renown   ), I do celebrate St. Patrick’s Day – but, in comfort – at home – with good friends – and, a boatload of Guinness.

Traditional Irish music, along with good craic (conversation), plays an essential role in properly celebrating Ireland’s patron saint. So, this year, as in previous years, I turned to YouTube audio ripping to augment my collection of  traditional Irish music (no, not Danny Boy, When Irish Eyes Are Smiling, or the like).

Ripping music from YouTube videos is a quarrelsome question. There are those who consider anything downloaded for personal use to be legal. There are those who consider downloading anything that is copyrighted to be illegal – under any circumstances.

The YouTube audio ripping situation presents a different set of legal issues though, it seems to me. I’m not sure I see the difference between saving a YouTube video to disk (which loads of people do), for later playback – and, simply ripping the audio portion for later playback.

There are any number of ways to extract audio from YouTube videos, but many are cumbersome and time consuming. There is a solution thought, that’s neither cumbersome, or  time consuming – TuneTune, a freeware YouTube to MP3 converter. Once this browser add-on is configured, it’s one click simple – more or less.

Following installation, the add-on will append an icon to the toolbar or status bar. This icon will go from gray to color (as shown in the following screen captures), when you’re visiting a YouTube page.

Non YouTube page:

YouTube page:

Clicking on the icon will convert the video from YouTube, to MP3, in one click.

Additional choices are available in the options menu – as shown below.

Here’s a quick walkthrough which will illustrate how quick and convenient this browser add-0n is.

First up – a visit to a YouTube page hosting the Neil Diamond tune – “Hello Again.”

Since I obviously have the add-on installed, you’ll notice the TuneTune icon displayed (in the screen capture above), directly on the YouTube page. A simple click on the icon begins the conversion process – as shown below. BTW, pasting the YouTube link is not necessary.

Following the file conversion, users have the opportunity to customize the converted file, in a limited way – as shown below.

The following screen shot shows the converted file in the directory which I created specifically for this test.

Elapsed time (clicking on the icon to file download completion) – under 15 seconds. That’s fast!

Supported browsers:

TuneTune is available in multiple languages. The current language is changeable by clicking on your language of choice in the footer.

Visit the author’s site – here (TuneTune.net).

Way To Go WOT! – Now Protecting 30 Million Users

The Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel.

It’s hardly surprising then, that an enormous industry (no, not big, not large – but, enormous) has developed, based on the principal that technology can act as a counterfoil  to the most nefarious cyber criminal schemes. Criminal schemes which are, after all, technology driven.

I’ll leave it to you to decide if this has been an effective solution.

No matter the side you come down on regarding this complex issue, dancing around naked (so to speak ) on the Internet – that is, without adequate Browser protection, is akin to fumbling and stumbling through the toughest neighborhood in your area – after dark.

Internet security starts with the Web Browser (it does not end there – but, one step at a time), and WOT (Web of Trust, which passed the 30 million user mark yesterday – January 9, 2011), substantially reduces the risk exposure that comes with wandering through the increasingly risky neighborhood that the Internet has become.

Based on the way that I surf the Web, there’s no contest as to which of the 17 add-ons I have installed on Firefox, is most important to my piece of mind. The hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust).

Sure, that’s a pretty bold statement – but, since I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet, I’ll go with it.

If you’re not yet a WOT user, read the following in-depth review – you may reconsider.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 35 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

Best Free Security Applications – An 18 Month Review

Without a doubt, the most popular question that comes my way, in one form or another is – which antivirus application(s) would you recommend?

The question comes up so often, I’ve chosen to post the answer every six months, or so. Here’s round 3 – regular readers will notice I’ve stuck with the “tried and true” applications – applications which continue to maintain a strong presence in their specific class.

My response:

Let me answer this by telling you what I run on my principal home machine. But, before I do, let’s talk a bit about Host Intrusion Prevention Systems (HIPS) since, as you’ll see, more and more security applications are including HIPS – or a combination of HIPS, and behavior based blocking components.

There’s not much point in reinventing the wheel, so I’ll go with this description of HIPS/behavior blocking, from About.com:

A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.

Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry – the entire application is either good (allowed) or it is not.

Fortunately, many of these types of products combine both.

Got that? Good.  

Despite the fact that I’m provided with a free license for all the security applications I test, I have chosen to run with the following applications.

Microsoft Security Essentials (free) – an all-in-one antimalware application.

Immunet FREE Antivirus – a free Cloud based companion antimalware application.

ThreatFire (free) – this application is built around a Host Intrusion Prevention System (HIPS), and behavior based blocking combination.

WinPatrol (free) – another HIPS application with considerable additional functionality. WinPatrol is the elder statesman of this application class and, it just keeps on getting better. A must have application.

PC Tools Firewall Plus (free) – PC Tools Firewall Plus is advanced Firewall technology designed for typical users, not just experts.  The “plus” refers to a HIPS component. Generally, if the ThreatFire HIPS component is triggered on my machine, PC Tools Firewall Plus is triggered as well.

Commercial application:

Zemana AntiLogger – In my view simply the best keylogger defense available.  AntiLogger includes a System Defense module that works similarly to HIPS – to protect the whole system.

Each of these applications has been reviewed (some several times), on my site. You can follow the links below to specific review articles.

Microsoft Security Essentials

Immunet Protect

ThreatFire

WinPatrol

PC Tools Firewall Plus

Zemana AntiLogger

Finally, additional Browser protection is a critical ingredient in overall system protection. I recommend that you read the following article here – Updated: An IT Professional’s Must Have Firefox and Chrome Add-ons.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Flash Cookies – Spyware By Any Other Name

I first wrote on the issue of Flash cookies back in September 2009, and since then, I’ve watched as these obnoxious web trackers and privacy invaders multiply like a virus. Based on the number of questions I continue to get on the Flash cookie issue, it’s apparent – confusion reigns when it comes to this underhanded privacy threat.

One of the better forum comments I’ve seen referencing Flash cookies:

“I think many people may not realize how serious it is. In many ways, I see it as the virtual equivalent of dumpster diving or taping together a shredded document. It is deliberately ignoring a data owners deletion of data by an entity that has no business doing so.”

This practice of  web sites dropping Flash cookies onto your computer, which occurs without your knowledge or permission, is akin to hacking – according to some in the security community. Frankly, I agree.

Continuing developments in tracking technologies, and a complete disregard for fundamental privacy rights, should be a major topic of conversation in the security community – until such time as the issue has been resolved in favor of consumers.

In the meantime, we’re on our own. It’s up to us, as individual consumers, to take the appropriate steps to safeguard our privacy (as best we can), while interacting with the Internet.

Here’s what we’re up against – and, this is just one small example.

From Disinformation.com

McDonald’s, CBS, Mazda, Microsoft Sued For Tracking Internet Users’ Histories

In a complaint filed Tuesday with the U.S. District Court for the Southern District of New York, Sonal Bose alleges that McDonald’s and the other companies “acted in concert with Interclick,” to mine users’ Web surfing history for marketing purposes. “Defendants circumvented the privacy and security controls of consumers who, like plaintiff, had configured their browsers to prevent third-party advertisers from monitoring their online activities,” Bose alleges.

The lawsuit alleges that the companies violated the federal computer fraud law, wiretap law and other statutes. She is seeking class-action status. This lawsuit comes several weeks after Bose sued Interclick for allegedly using history-sniffing technology and Flash cookies to track her online activity.

History-sniffing technology exploits a vulnerability in browsers to discover the Web sites users previously visited. Researchers from the University of California, San Diego recently brought the technique to light when they published a paper explaining the technique and naming 46 Web sites where history-sniffing technology was being deployed. In at least some cases, ad company Interclick reportedly used the technology without the publishers’ knowledge.

Bose also says in her complaint that she believes that the defendants used Flash cookies for tracking purposes. Flash cookies are stored in a different place in the browser than HTTP cookies, and therefore, require additional effort to delete.

Flash cookie quick facts:

They never expire

Can store up to 100 KB of information compared to a text cookie’s 4 KB.

Internet browsers are not aware of those cookies.

LSO’s usually cannot be removed by browsers.

Using Flash they can access and store highly specific personal and technical information (system, user name, files,…).

Can send the stored information to the appropriate server, without user’s permission.

Flash applications do not need to be visible.

There is no easy way to tell which flash-cookie sites are tracking you.

Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application

No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.

Many domains and tracking companies make extensive use of flash-cookies.

If you value your privacy, then without a doubt you need to control these highly invasive objects, and if you are a Firefox user there is a solution – BetterPrivacy – a free Firefox add-on.

From the BetterPrivacy page:

“Better Privacy serves to protect against not delectable, long-term cookies, a new generation of ‘Super-Cookie’, which silently conquered the internet.

This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.

This add-on was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them – since browsers are unable to do that for you”.

In the following screen capture (click to expand to original), you’ll notice BetterPrivacy has deleted a cumulative total of 6188 Super Cookies.

The Options and Help tab (shown in the following screen shot), will allow you to choose specific deletion methods. You should consider selecting “Disable Ping Tracking”, which will prohibit sites from following you as you surf the Net.

Download at: Mozilla

For a more detailed breakdown on flash cookies, and the danger they represent to personal privacy, checkout The Electronic Privacy Information Center.

Google Chrome users can take advantage of the Click&Clean Extension (works with Firefox as well).

The following screen capture of Click&Clean’s Options menu, illustrates the application’s ability to deal with Flash cookies.

Fast facts:

Delete your browsing history
Clear records from your download history
Remove cookies and Empty cache
Delete temporary files
Remove Flash Local Shared Objects (LSO)
Delete private data when Firefox closes
Automatically close all windows/tabs
Clean up your hard drives and Free up more disk space – including secure file deletion
Launch external applications, like CCleaner, Wise Disk Cleaner etc. on Windows – or Janitor, BleachBit, etc. on Linux

Download the Firefox version at: Mozilla

Download the Chrome version at: The Chrome Web store

You can read a full review of this application – Clean Up With Click&Clean Firefox and Chrome Extension, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days –

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News –

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Not Using Google Shortcuts? Here’s What You’re Missing

The following article was originally posted September 6, 2010.

Comments from readers:

I have to say that is such a great plugin. It is so customizable and puts all the Google services at one place. I can even remove the separate plugins I have for Gmail and reader.

Great find, Bill. I’m going to be putting this to good use!

Looks fabulous Bill. I removed the Google Toolbar from Firefox as it refused to untick some checkboxes, so this could be a great substitute.

Despite my personal view that Google trashes personal privacy rights, I continue to use a fairly large number of Google services, including Gmail, Google Reader, Maps, Calendar, and so on.

Until now, I’ve used my Bookmarks menu in Firefox to access these services, since this method is very convenient. But, when I came across the Google Shortcuts extension for Firefox, all that changed.

An  add-on that can display over 160 Google services as buttons next to the address bar, or in a one-click popup menu, is a sure fire winner with me. And Google Shortcuts for Firefox, or Chrome, can do that – and more.

Adding this extension to either Firefox, or Chrome, is accomplished in the usual manner that most of us are familiar with (you’ll find the download links at the end of this article).

Following installation, I jumped right in – setting up the extension to best serve my particular needs.

You can place your most commonly used Google services as buttons beside the address bar in Firefox, as the following screen capture indicates. This seems like an awkward way to display – eats up a lot of screen real estate.

The option of using a dropdown menu option instead, as I’ve done here, is a better alternative – at least for me.

The number of services available is really astonishing. In fact, there are services listed here that I was completely unaware of. Hopefully, G+ will be added shortly.

Additional control options are available on the advanced options setting screen.

Requirements: Firefox 2.0 – 6.*, or Chrome

Download at: Mozilla or Google Chrome Extensions

For super convenience, this is one of the better Firefox add-ons I’ve come across – I highly recommend it.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Catch Your Online Grammar, Spelling, and Style Mistakes, With After The Deadline

Churning out two blog posts every day is hard on the eyes – not to mention the back, the wrists – well you get the point. As a consequence – I sometimes find myself looking (with crossed eyes) at words running into words, gross misspellings (easy to correct), or improper word usage (sometimes, not so easy to correct). Your versus you’re, and its versus it’s, for example, can be particularly difficult to pick up when used incorrectly.

Here’s a good example of this – recently pointed out by a reader.

Comment:

“You’re friends won’t – other than to deny that they watch it – or, perhaps to decry it’s prevalence” You’re means You are – so “you are friends won’t” doesn’t make sense, use “Your friends” instead.

“It’s” always means “It is” – so “decry it is presence” doesn’t make sense; use “decry its presence” instead.

Not a big deal, you might be thinking. Maybe not – but as often as not, common errors, particularly punctuation errors, can change the meaning of what you meant to say. I’m sure you’ve seen this example – Let’s eat, Mother. versus – Let’s eat Mother.

I write all my blog articles in open source LibreOffice (with grammar checker turned on), and then copy the articles to Windows Live Writer prior to posting into WordPress.

Despite an active grammar checker, proofreading, as time consuming as it can often be, is unavoidable. Still, I’ve learned that proofreading is no guarantee that the odd mistake will not slip through.

There is a partial solution (no technology is perfect), that can help you (and me), avoid the most common grammar mistakes, spelling errors (including contextual spelling errors), and style mistakes, in online interactions – including blog postings, emails (mistakes here can be deadly), Facebook, Twitter, etc.

After the Deadline – developed by the people behind WordPress – is an open source (free), language checker for the Web which is available as:

An add-on for Firefox.

An extension for Google Chrome.

A plugin for Windows Live Writer.

A plugin for self-hosted WordPress blogs.

An extension for OpenOffice.org Writer (still in Beta).

Following installation of After the Deadline on my system as a Firefox add-on, I found it to be reasonably accurate – but not perfect (more on this later). Nevertheless, I’ll keep it on my system – at least in the short term (for the second time).

Installation, in my case, was the usual automatic Firefox add-on install, followed by an easy Options set up as the following screen capture indicates.

The following screen shots (click to expand) show spelling errors (an unrecognized word), and style recommendations – in a previous post.

The type of recommendation shown in the screen shot directly above (change “terminate” to “end”, or “stop”), is the primary reason I deleted this add-on previously.

Consistently, higher level words were marked down as “complex expressions”. It may be popular to assume that “dumbing down” is in vogue, but not from where I’m sitting.

Fast facts:

Checks Spelling – Spell checker looks at context and uses artificial intelligence to make recommendations.

Detects Misused Words – Most spell checkers assume any word in their dictionary is correct regardless of context. This means all misused word errors go unnoticed.

Checks Style – Style checker has thousands of rules and uses context to choose the best suggestions.

Checks Grammar – The grammar checker in After the Deadline protects you from common writing errors. After the Deadline uses statistics to automatically find exceptions to its grammar rules, making it one of the smartest grammar checkers around.

Explains Errors – The misused word detector, grammar checker, and style checker explain the mistakes and suggestions to you. Click an error and choose the “Explain …” option.

Download at: After the Deadline

After the Deadline checks English, French, German, Portuguese, and Spanish text.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.