Category Archives: System Security

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

wps_clip_image-25719

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

image

Advertisements

10 Comments

Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

Trend Micro Titanium Internet Security – Free 3 Year License

Well regarded Trend Micro, is offering a free 3 year license to students – as best I can determine, based on a Google translation from the original French – “This license is valid only within the market of Education for the protection of personal computers of the agents used for strictly professional.”

image

From the site:

Utilizes Trend Micro Smart Protection Network to proactively stop threats before they reach you

Protect your PC from viruses, spyware, worms, trojans, botnets and rootkits

Fake AV Cleaner – eliminates malware posing as antivirus software

Prevent unauthorized changes to your applications

Includes a copy of Smart Surfing for Mac

Customize your Titanium with a favorite photo or image

Block downloads and access to and from malicious websites photo or image

Find and block malicious links in emails or IMs

Block email and image spam

Windows Firewall Booster

Protect your children online

Restrict Internet content and set an access schedule for your kids

Parental Controls

Maximize your PC’s performance

System Tuner improves PC performance by cleaning up browser history, cookies, temporary files, registries, and more

Protect and defend your data from loss and theft

Data theft prevention keeps your sensitive personal information, like credit card numbers and passwords safe

Secure Erase- Shred computer files with sensitive information

This offer is hosted in France but, the installer recognized my machine is “English” and installed the application accordingly.

How to get this application:

Go to http://edu.trendmicro.fr/

You will see the following form.

Insert your email address – then hit ENTER. DO NOT click.

image

You will receive an email with the license code and the following download links.

XP – Download Trend Micro Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/emea/TIS3264_FR.exe

VISTA – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

Window 7 – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

You’ll notice that each link includes the “global” application. In other words, the OS will determine the appropriate language.

Let me be clear – I am not advocating that you take advantage of this offer if you are not a student. Still, since we live in a world of “lifelong learning” – the definition of “student” is rather elastic.

I have no personal experience with this application and can’t offer an opinion but, reviews of Trend Micro Internet Security are available at the following links.

http://www.pcmag.com/article2/0,2817,2391436,00.asp

http://download.cnet.com/Trend-Micro-Titanium-Internet-Security-2012/3000-8022_4-10567655.html

https://www.pcworld.com/article/248895/trend_micro_titanium_internet_security_2012_review_nofrills_pc_protection.html

5 Comments

Filed under Antimalware Suites, downloads, Free Full Versions, Giveaways, Malware Protection, System Security

SSDownloader – A Free One Stop Security Software Downloader

imageSecurity Software Downloader (SSDownloader) – now in it’s second edition – is a small open source executable (669KB) – designed specifically as a bulk downloader which focuses on security applications and, security related specialty tools.

A quick walkthrough

The tab based user interface (Free Antivirus, Security Suites (Trial Versions), Malware Removal, Firewalls, and Other Tools) is uncomplicated, and checkbox simply.

In the first screen grab, referencing “Free Antivirus”, I’ve selected three popular applications for download. Notice the languages which are available, as well as the OS “auto detect” feature.

image

For this test, I’ve bypassed the Trial Versions opportunity. Still, there’s a good selection of well know applications to choose from.

image

In this screen capture, I’ve focused on two tools which, I know from experience, can get the job done with a minimum of fuss.

image

From the “Other tools” menu, I’ve selected three more applications which have served me well in the past.

image

In testing this neat little tool, I choose a total of 10 applications for download –  and, the task was completed in just over 5 minutes.

image

As each download is completed, a system notification area popup, tells the tale – as illustrated below.

image

Note: The default download location is the Desktop. You will however, have an opportunity to select an alternative location.

Fast facts:

Download the most popular free and paid security software with a single click.

OS auto detection.

The latest version of the selected applications will be downloaded.

System requirements: Windows XP, Vista, Win 7 (32 bit and 64 bit). 

Download at: Sourceforge

image

In my estimation, SSDownloader is a terrific portable tool. For those of us who are geek inclined, SSDownloader (especially given its small footprint), would make a nice addition to a Flash drive toolbox.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on SSDownloader – A Free One Stop Security Software Downloader

Filed under 64 Bit Software, Computer Tools, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Malware Protection, Software, System Security, Windows Tips and Tools

Avoid Accidents On The Internet Highway By Patching Your OS AND Applications

This morning, I read Ed Bott’s latest (Bott is a favorite of mine) – If your PC picks up a virus, whose fault is it? Here’s a summary –

Want to avoid being attacked by viruses and other malware? Two recent studies reveal the secret: regular patching. A fully patched system with a firewall enabled offers almost complete protection against drive-by attacks and outside intruders.

While reading through Bott’s  article, I was certainly put in mind of Yogi Berra’s often quoted “This is like deja vu all over again.” Current Internet security, and the best practices associated with it, really is “deja vu all over again” – and over, and over, and over. The fundamentals haven’t changed. Common sense is as much in vogue now, as it ever was.

In his article (which is worth a read), Bott relies on two recently released studies to bolster his point, that staying safe online, begins with “regular patching …….. the single most important element in any security program”.

Since the underlying theme is something I hammer on here, on a regular basis, it goes without saying that I agree with Bott, and the data generated in the studies. With that in mind, I’m reposting an article which I wrote in July 2010 – If You Get A Malware Infection Who’s Fault Is It Really? – which underscores the importance of patching not only the operating system, but the often neglected patching of installed applications.

If You Get A Malware Infection Who’s Fault Is It Really?

imageThe security industry, especially security analysts, and for that matter, computer users at large, love to dump on Microsoft when they get a malware infection. If only Microsoft got their act together, the theory goes, and hardened Windows more appropriately, we wouldn’t have to deal with this nonsense.

But, what if it isn’t entirely Microsoft’s fault? What if it’s really a shared responsibility split between Microsoft, third party software developers, and the user?

From time to time, I’m accused of being “too frank”; usually on those occasions when diplomacy needs to be put aside, so that realities can be dealt with. For example, I’ve left myself open to criticism, in some quarters, by stating on more than one occasion –

It has been my experience, that when a malware infection occurs, it’s generally safe to say, the user is, more often than not, responsible for their own misfortune.

Computer users, by and large, are lackadaisical in securing their computers against threats to their Internet safety and security.

Strong statements I’ll admit, but if you consider the following, which I have repeated over and over, you’ll understand why I feel comfortable making this statement.

Not all users make use of Microsoft’s Windows Update so that they are current with operating system critical updates, and security fixes. More to the point, few users have given consideration to the vulnerabilities that exist in third party productivity applications and utilities.

Unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses – it’s just plain common sense.

The just released Secunia Half Year Report – 2010, shows “an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored”, supports my view that security is a shared responsible, and blaming Microsoft simply ignores the reality.

The report goes on to conclude, “users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming. Ultimately this leads to incomplete patch levels of the 3rd party programs, representing rewarding and effective targets for criminals.”

Key highlights of the Secunia Half Year Report 2010:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.

In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.

A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The full report (PDF), is available here.

Each week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

There is a solution to this quandary however – the Secunia Personal Software Inspector (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

image

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

image

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Link: Secunia Online Software Inspector

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Anti-Malware Tools, Application Vulnerabilities, Diagnostic Software, downloads, Freeware, Malware Protection, Secunia, Software, System Security, Utilities, Windows Tips and Tools

Consider NOT Renewing Your Paid Security Suite Subscription – Get A Free Outpost Security Suite Pro License Instead

Agnitum

Agnitum, the company behind the Outpost line of computer security applications (you may be familiar with their highly rated free application – Outpost Firewall), announced yesterday – it is expanding its free competitive upgrade to Outpost Security Suite offer, until September 30, 2011.

As well as the time extension – additional locations now qualify for this free competitive upgrade offer – including, the United States, Canada, the United Kingdom, New Zealand, Ireland, Australia, Germany, Austria, Switzerland, France, Belgium, Luxemburg, Japan, and the Republic of South Africa.

Here’s the offer:

For all participants (you must have an existing paid license from any of the following vendors), Outpost Security Suite Pro will be provided free of charge for one or two years – depending on the active competitive license.

If the current license is valid for more than 3 months but less than 12 months, it will be Outpost Security Suite Pro one-year license – if more than 12 months are left, the participant will get an Outpost Security Suite Pro two-year license. The Outpost license will be valid for up to 3 or 5 PCs for personal and/or family use, depending on the competing license.

Eligible competing products from –

image

Here’s the why:

The free competitive upgrade offer was launched to give users who were not happy with their existing security suite the opportunity to exchange that product at no cost, for the robust and lightweight Outpost Security Suite Pro 7.5 Performance Edition.

Here’s the terms:

Users of qualifying competing products are required to provide evidence of their current Internet security suite license to Agnitum by completing the web form. Only personal and family use licenses are eligible, and those licenses must be for a total term of one year or longer, and have at least three months remaining before expiration.

Why Outpost Security Suite Pro?

Combined anti-virus and anti-spyware protects PC against viruses, worms, Trojans, spyware, and rootkits.

Powerful proactive protection keeps PC secure against unknown and zero-day threats.

Inbound and outbound firewall protects PC connections and prevents confidential data leaks.

Web Control ensures fast, safe web surfing.

High-speed performance with minimal system impact.

If you’re dissatisfied with your current paid Internet security application (or, you want to save some money – you could save $100 or more),  this free offer may be just the solution you’ve been looking for.

System requirements: Windows 7, Vista, XP (32 and 64 bit).

To take advantage of this offer, go to the developers page here.

Testimonial from Virus Bulletin, April 2011.

“We have been impressed with the speed and resource consumption of the Agnitum products we have tested in comparisons lately, with the caching of previous activities making for lightning fast speeds and minimal overheads…”

Note: I have not tested this security suite. Reviews of this application have been mixed so, I suggest that you consider Google searching “outpost security suite pro 7.5 review”.

About Agnitum:

Founded in 1999, Agnitum Ltd. is a leading developer of high-quality, easy-to-use security software. Agnitum’s solutions include Outpost Firewall Pro and Outpost Antivirus Pro for securing personal and family desktops; and Outpost Security Suite — an all-in-one Internet security solution. Outpost Network Security ensures reliable endpoint protection and performance for SMBs, and Outpost Antivirus Service provides antivirus protection via subscription through ISPs.

Agnitum also offers free version of Outpost Security Suite to enable users of all backgrounds and economic circumstance to experience high levels of computer security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under 64 Bit Software, Antimalware Suites, Don't Get Hacked, Free Full Versions, Giveaways, Malware Protection, Software Giveaways, System Security, Windows Tips and Tools

With Kaspersky’s Free TDSSKiller You’ll Have A Fighting Chance To Kill Rootkits

imageThere’s malware, and then – there’s MALWARE. In other words, all malware is not created equal. For example, Rootkits are not your common everyday piece of malware.

Rootkits are often designed to overwrite the Hard Drive’s MBR (master boot record), the first sector – Sector 0 – where the code to boot the operating system following BIOS loading, resides.

As a consequence, Rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses Rootkit technology to hide, it is going to be difficult to find.

And yes, I’m aware that major AV application developers are fond of pointing out that their products will flag and remove Rootkits. Users are expected to believe those claims – DON”T!

From a previous article (June 2011) –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

Scanning for Rootkits occasionally, is good practice and by scanning with the right tools, Rootkits can be hunted down and eradicated (maybe) – but  personally, I would never trust that any detection/removal application has successful removed a Rootkit.

If you have detected that your system has become infected by a Rootkit, I recommend that you first wipe the drive –  using a free tool such as Darik’s Boot And Nuke, reformat, and only then – reinstall the operating system.

Rootkit detectors can be difficult to work with and consequently, my good buddy Michael C., following the last post on Rootkit detection – Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors – posed the following question: “Just wondering if there is a rootkit detector for us “average users” that doesn’t require a MIT degree.”

And, there is.

Kaspersky Labs has developed the free TDSSKiller utility which is designed to detect and remove common Rootkits. Specifically, Rootkits in the Rootkit.Win32.TDSS family (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned) – in addition to regular Rootkits (now, there’s a misnomer), as well as Bootkits.

Usage instructions:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (free 7-Zip, for example).

Run the TDSSKiller.exe file.

The utility can detect the following suspicious objects:

Hidden service – a registry key that is hidden from standard listing.

Blocked service – a registry key that cannot be opened by standard means.

Hidden file – a file on the disk that is hidden from standard listing.

Blocked file – a file on the disk that cannot be opened by standard means.

Forged file – when read by standard means, the original content is returned instead of the actual one.

BackBoot.gen – a suspected MBR infection with an unknown bootkit.

The interface (as shown below) is clean and simple. Click on any of the following graphics to expand.

image

A scan in progress.

image

The completed scan shows the system is clean and free of Rootkit infections. You’ll note that the scan finished in 10 seconds.

image

Following the scan, you will have access to a full report – if you choose.

image

System requirements: Win 7, Vista, XP (both 32 and 64 bit systems).

Download at: Kaspersky

Since the false positive issue is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you need help in identifying a suspicious file/s, you can send the file/s to VirusTotal.com so that the suspicious file/s can be analyzed.

To read a blow by blow description of just how difficult it can be to identify and remove a Rootkit, you can checkout this Malwarebytes malware removal forum posting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under 64 Bit Software, Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Kaspersky, Malware Removal, Malwarebytes’ Anti-Malware, Recommended Web Sites, Rootkit Revealers, rootkits, Software, System Security, Utilities, Windows Tips and Tools

Take That Extra Step To Protect Your Sensitive Data With Free AxCrypt Encryption

imageSophisticated and  aware computer users know, that financial data and other confidential information stored on a computer, can easily be subject to intrusive viewing by those not authorized to do so.

Some examples of how this might occur:

Internet malware attack: Increasingly, statistics reinforce the fact that financial data continues to be targeted by hackers/information thieves, for the purpose of identity theft.

Contrast that reality with these facts; there is no such thing as a totally secure Internet connected computer. All Internet connected computers are subject to attack and compromise.

Lost or stolen Laptop: How often have we read the following – 200,00 (insert your own number here), bank account numbers, Social Insurance Numbers, names, addresses and dates of birth were on a laptop stolen/lost earlier this week.

In too many of these cases, negligently, the data is unencrypted. Certainly Laptop theft or loss is not restricted to organizations; it can just as easily happen to you.

Lost or stolen USB drive: Since USB flash drives are so portable, you can take a drive virtually anywhere. Just like most items that are portable and that you carry with you, this type of drive can be lost, or stolen.

To reduce or eliminate the security threat of sensitive data exposure then, the most prudent course of action is data encryption. Essentially, data encryption is a secure process for keeping your sensitive and confidential information private. It’s a process by which bits of data are mathematically jumbled with a password-key. The Encryption process makes the data unreadable unless, or until, decrypted.

AxCrypt, a free (open source) encryption application which I have reviewed here previously, takes a different approach than many other encryption applications inasmuch as it is not a stand alone executable application – instead, it’s fully integrated into Windows Explorer and is invoked from there. Integration into Windows Explorer makes it an ideal encryption application for less experienced Windows users.

As the following series of screen captures clearly show, AxCrypt integrates seamlessly into Windows Explorer’s context (right click) menu.

Right clicking on the selected file/folder in Windows Explorer, followed by selecting “AxCrypt – Encrypt”, begins the process of encryption.

Click on any graphic to expand to original size.

image

The next step requires the user to enter a protective password.

image

In the following graphic (following successful encryption) you’ll notice the green AxCrypt icon, indicating that encryption is now in force.

image

The decryption process is ever bit as simple –it’s virtually a mirror image of the encryption process.

image

The following graphic illustrates the decryption password box.

image

In the following graphic you’ll notice the green AxCrypt icon no longer shows – indicating that decryption has been successful.

image

Bonus: Built in file Shredder illustrated.

image

Fast facts:

Password Protect any number of files using strong encryption.

Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.

Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.

Many additional features, but no configuration required. Just install it and use it.

AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.

Available languages: English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian.

System requirements: Windows 2000, 2003, XP, Vista, 2008, Win 7 (32 and 64 bit system support).

Download at: Developer’s site (Axantum Software AB).

It’s not always possible to cover all the features and benefits of an application in a short review article – additional information is available at the developer’s FAQ page.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under 64 Bit Software, downloads, Encryption Software, Freeware, Geek Software and Tools, Integrated Solutions, Open Source, Privacy, Software, System Security, Utilities, Windows Tips and Tools