Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

Trend Micro Titanium Internet Security – Free 3 Year License

Well regarded Trend Micro, is offering a free 3 year license to students – as best I can determine, based on a Google translation from the original French – “This license is valid only within the market of Education for the protection of personal computers of the agents used for strictly professional.”

From the site:

Utilizes Trend Micro Smart Protection Network to proactively stop threats before they reach you

Protect your PC from viruses, spyware, worms, trojans, botnets and rootkits

Fake AV Cleaner – eliminates malware posing as antivirus software

Prevent unauthorized changes to your applications

Includes a copy of Smart Surfing for Mac

Customize your Titanium with a favorite photo or image

Block downloads and access to and from malicious websites photo or image

Find and block malicious links in emails or IMs

Block email and image spam

Windows Firewall Booster

Protect your children online

Restrict Internet content and set an access schedule for your kids

Parental Controls

Maximize your PC’s performance

System Tuner improves PC performance by cleaning up browser history, cookies, temporary files, registries, and more

Protect and defend your data from loss and theft

Data theft prevention keeps your sensitive personal information, like credit card numbers and passwords safe

Secure Erase- Shred computer files with sensitive information

This offer is hosted in France but, the installer recognized my machine is “English” and installed the application accordingly.

How to get this application:

Go to http://edu.trendmicro.fr/

You will see the following form.

Insert your email address – then hit ENTER. DO NOT click.

You will receive an email with the license code and the following download links.

XP – Download Trend Micro Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/emea/TIS3264_FR.exe

VISTA – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

Window 7 – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

You’ll notice that each link includes the “global” application. In other words, the OS will determine the appropriate language.

Let me be clear – I am not advocating that you take advantage of this offer if you are not a student. Still, since we live in a world of “lifelong learning” – the definition of “student” is rather elastic.

I have no personal experience with this application and can’t offer an opinion but, reviews of Trend Micro Internet Security are available at the following links.

http://www.pcmag.com/article2/0,2817,2391436,00.asp

http://download.cnet.com/Trend-Micro-Titanium-Internet-Security-2012/3000-8022_4-10567655.html

https://www.pcworld.com/article/248895/trend_micro_titanium_internet_security_2012_review_nofrills_pc_protection.html

SSDownloader – A Free One Stop Security Software Downloader

Security Software Downloader (SSDownloader) – now in it’s second edition – is a small open source executable (669KB) – designed specifically as a bulk downloader which focuses on security applications and, security related specialty tools.

A quick walkthrough –

The tab based user interface (Free Antivirus, Security Suites (Trial Versions), Malware Removal, Firewalls, and Other Tools) is uncomplicated, and checkbox simply.

In the first screen grab, referencing “Free Antivirus”, I’ve selected three popular applications for download. Notice the languages which are available, as well as the OS “auto detect” feature.

For this test, I’ve bypassed the Trial Versions opportunity. Still, there’s a good selection of well know applications to choose from.

In this screen capture, I’ve focused on two tools which, I know from experience, can get the job done with a minimum of fuss.

From the “Other tools” menu, I’ve selected three more applications which have served me well in the past.

In testing this neat little tool, I choose a total of 10 applications for download –  and, the task was completed in just over 5 minutes.

As each download is completed, a system notification area popup, tells the tale – as illustrated below.

Note: The default download location is the Desktop. You will however, have an opportunity to select an alternative location.

Fast facts:

Download the most popular free and paid security software with a single click.

OS auto detection.

The latest version of the selected applications will be downloaded.

System requirements: Windows XP, Vista, Win 7 (32 bit and 64 bit). 

Download at: Sourceforge

In my estimation, SSDownloader is a terrific portable tool. For those of us who are geek inclined, SSDownloader (especially given its small footprint), would make a nice addition to a Flash drive toolbox.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Avoid Accidents On The Internet Highway By Patching Your OS AND Applications

This morning, I read Ed Bott’s latest (Bott is a favorite of mine) – If your PC picks up a virus, whose fault is it? Here’s a summary –

Want to avoid being attacked by viruses and other malware? Two recent studies reveal the secret: regular patching. A fully patched system with a firewall enabled offers almost complete protection against drive-by attacks and outside intruders.

While reading through Bott’s  article, I was certainly put in mind of Yogi Berra’s often quoted “This is like deja vu all over again.” Current Internet security, and the best practices associated with it, really is “deja vu all over again” – and over, and over, and over. The fundamentals haven’t changed. Common sense is as much in vogue now, as it ever was.

In his article (which is worth a read), Bott relies on two recently released studies to bolster his point, that staying safe online, begins with “regular patching …….. the single most important element in any security program”.

Since the underlying theme is something I hammer on here, on a regular basis, it goes without saying that I agree with Bott, and the data generated in the studies. With that in mind, I’m reposting an article which I wrote in July 2010 – If You Get A Malware Infection Who’s Fault Is It Really? – which underscores the importance of patching not only the operating system, but the often neglected patching of installed applications.

If You Get A Malware Infection Who’s Fault Is It Really?

The security industry, especially security analysts, and for that matter, computer users at large, love to dump on Microsoft when they get a malware infection. If only Microsoft got their act together, the theory goes, and hardened Windows more appropriately, we wouldn’t have to deal with this nonsense.

But, what if it isn’t entirely Microsoft’s fault? What if it’s really a shared responsibility split between Microsoft, third party software developers, and the user?

From time to time, I’m accused of being “too frank”; usually on those occasions when diplomacy needs to be put aside, so that realities can be dealt with. For example, I’ve left myself open to criticism, in some quarters, by stating on more than one occasion –

It has been my experience, that when a malware infection occurs, it’s generally safe to say, the user is, more often than not, responsible for their own misfortune.

Computer users, by and large, are lackadaisical in securing their computers against threats to their Internet safety and security.

Strong statements I’ll admit, but if you consider the following, which I have repeated over and over, you’ll understand why I feel comfortable making this statement.

Not all users make use of Microsoft’s Windows Update so that they are current with operating system critical updates, and security fixes. More to the point, few users have given consideration to the vulnerabilities that exist in third party productivity applications and utilities.

Unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses – it’s just plain common sense.

The just released Secunia Half Year Report – 2010, shows “an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored”, supports my view that security is a shared responsible, and blaming Microsoft simply ignores the reality.

The report goes on to conclude, “users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming. Ultimately this leads to incomplete patch levels of the 3rd party programs, representing rewarding and effective targets for criminals.”

Key highlights of the Secunia Half Year Report 2010:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.

In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.

A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The full report (PDF), is available here.

Each week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

There is a solution to this quandary however – the Secunia Personal Software Inspector (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Link: Secunia Online Software Inspector

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Consider NOT Renewing Your Paid Security Suite Subscription – Get A Free Outpost Security Suite Pro License Instead

Agnitum, the company behind the Outpost line of computer security applications (you may be familiar with their highly rated free application – Outpost Firewall), announced yesterday – it is expanding its free competitive upgrade to Outpost Security Suite offer, until September 30, 2011.

As well as the time extension – additional locations now qualify for this free competitive upgrade offer – including, the United States, Canada, the United Kingdom, New Zealand, Ireland, Australia, Germany, Austria, Switzerland, France, Belgium, Luxemburg, Japan, and the Republic of South Africa.

Here’s the offer:

For all participants (you must have an existing paid license from any of the following vendors), Outpost Security Suite Pro will be provided free of charge for one or two years – depending on the active competitive license.

If the current license is valid for more than 3 months but less than 12 months, it will be Outpost Security Suite Pro one-year license – if more than 12 months are left, the participant will get an Outpost Security Suite Pro two-year license. The Outpost license will be valid for up to 3 or 5 PCs for personal and/or family use, depending on the competing license.

Eligible competing products from –

Here’s the why:

The free competitive upgrade offer was launched to give users who were not happy with their existing security suite the opportunity to exchange that product at no cost, for the robust and lightweight Outpost Security Suite Pro 7.5 Performance Edition.

Here’s the terms:

Users of qualifying competing products are required to provide evidence of their current Internet security suite license to Agnitum by completing the web form. Only personal and family use licenses are eligible, and those licenses must be for a total term of one year or longer, and have at least three months remaining before expiration.

Why Outpost Security Suite Pro?

Combined anti-virus and anti-spyware protects PC against viruses, worms, Trojans, spyware, and rootkits.

Powerful proactive protection keeps PC secure against unknown and zero-day threats.

Inbound and outbound firewall protects PC connections and prevents confidential data leaks.

Web Control ensures fast, safe web surfing.

High-speed performance with minimal system impact.

If you’re dissatisfied with your current paid Internet security application (or, you want to save some money – you could save $100 or more),  this free offer may be just the solution you’ve been looking for.

System requirements: Windows 7, Vista, XP (32 and 64 bit).

To take advantage of this offer, go to the developers page here.

Testimonial from Virus Bulletin, April 2011.

“We have been impressed with the speed and resource consumption of the Agnitum products we have tested in comparisons lately, with the caching of previous activities making for lightning fast speeds and minimal overheads…”

Note: I have not tested this security suite. Reviews of this application have been mixed so, I suggest that you consider Google searching “outpost security suite pro 7.5 review”.

About Agnitum:

Founded in 1999, Agnitum Ltd. is a leading developer of high-quality, easy-to-use security software. Agnitum’s solutions include Outpost Firewall Pro and Outpost Antivirus Pro for securing personal and family desktops; and Outpost Security Suite — an all-in-one Internet security solution. Outpost Network Security ensures reliable endpoint protection and performance for SMBs, and Outpost Antivirus Service provides antivirus protection via subscription through ISPs.

Agnitum also offers free version of Outpost Security Suite to enable users of all backgrounds and economic circumstance to experience high levels of computer security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

With Kaspersky’s Free TDSSKiller You’ll Have A Fighting Chance To Kill Rootkits

There’s malware, and then – there’s MALWARE. In other words, all malware is not created equal. For example, Rootkits are not your common everyday piece of malware.

Rootkits are often designed to overwrite the Hard Drive’s MBR (master boot record), the first sector – Sector 0 – where the code to boot the operating system following BIOS loading, resides.

As a consequence, Rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses Rootkit technology to hide, it is going to be difficult to find.

And yes, I’m aware that major AV application developers are fond of pointing out that their products will flag and remove Rootkits. Users are expected to believe those claims – DON”T!

From a previous article (June 2011) –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

Scanning for Rootkits occasionally, is good practice and by scanning with the right tools, Rootkits can be hunted down and eradicated (maybe) – but  personally, I would never trust that any detection/removal application has successful removed a Rootkit.

If you have detected that your system has become infected by a Rootkit, I recommend that you first wipe the drive –  using a free tool such as Darik’s Boot And Nuke, reformat, and only then – reinstall the operating system.

Rootkit detectors can be difficult to work with and consequently, my good buddy Michael C., following the last post on Rootkit detection – Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors – posed the following question: “Just wondering if there is a rootkit detector for us “average users” that doesn’t require a MIT degree.”

And, there is.

Kaspersky Labs has developed the free TDSSKiller utility which is designed to detect and remove common Rootkits. Specifically, Rootkits in the Rootkit.Win32.TDSS family (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned) – in addition to regular Rootkits (now, there’s a misnomer), as well as Bootkits.

Usage instructions:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (free 7-Zip, for example).

Run the TDSSKiller.exe file.

The utility can detect the following suspicious objects:

Hidden service – a registry key that is hidden from standard listing.

Blocked service – a registry key that cannot be opened by standard means.

Hidden file – a file on the disk that is hidden from standard listing.

Blocked file – a file on the disk that cannot be opened by standard means.

Forged file – when read by standard means, the original content is returned instead of the actual one.

BackBoot.gen – a suspected MBR infection with an unknown bootkit.

The interface (as shown below) is clean and simple. Click on any of the following graphics to expand.

A scan in progress.

The completed scan shows the system is clean and free of Rootkit infections. You’ll note that the scan finished in 10 seconds.

Following the scan, you will have access to a full report – if you choose.

System requirements: Win 7, Vista, XP (both 32 and 64 bit systems).

Download at: Kaspersky

Since the false positive issue is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you need help in identifying a suspicious file/s, you can send the file/s to VirusTotal.com so that the suspicious file/s can be analyzed.

To read a blow by blow description of just how difficult it can be to identify and remove a Rootkit, you can checkout this Malwarebytes malware removal forum posting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Take That Extra Step To Protect Your Sensitive Data With Free AxCrypt Encryption

Sophisticated and  aware computer users know, that financial data and other confidential information stored on a computer, can easily be subject to intrusive viewing by those not authorized to do so.

Some examples of how this might occur:

Internet malware attack: Increasingly, statistics reinforce the fact that financial data continues to be targeted by hackers/information thieves, for the purpose of identity theft.

Contrast that reality with these facts; there is no such thing as a totally secure Internet connected computer. All Internet connected computers are subject to attack and compromise.

Lost or stolen Laptop: How often have we read the following – 200,00 (insert your own number here), bank account numbers, Social Insurance Numbers, names, addresses and dates of birth were on a laptop stolen/lost earlier this week.

In too many of these cases, negligently, the data is unencrypted. Certainly Laptop theft or loss is not restricted to organizations; it can just as easily happen to you.

Lost or stolen USB drive: Since USB flash drives are so portable, you can take a drive virtually anywhere. Just like most items that are portable and that you carry with you, this type of drive can be lost, or stolen.

To reduce or eliminate the security threat of sensitive data exposure then, the most prudent course of action is data encryption. Essentially, data encryption is a secure process for keeping your sensitive and confidential information private. It’s a process by which bits of data are mathematically jumbled with a password-key. The Encryption process makes the data unreadable unless, or until, decrypted.

AxCrypt, a free (open source) encryption application which I have reviewed here previously, takes a different approach than many other encryption applications inasmuch as it is not a stand alone executable application – instead, it’s fully integrated into Windows Explorer and is invoked from there. Integration into Windows Explorer makes it an ideal encryption application for less experienced Windows users.

As the following series of screen captures clearly show, AxCrypt integrates seamlessly into Windows Explorer’s context (right click) menu.

Right clicking on the selected file/folder in Windows Explorer, followed by selecting “AxCrypt – Encrypt”, begins the process of encryption.

Click on any graphic to expand to original size.

The next step requires the user to enter a protective password.

In the following graphic (following successful encryption) you’ll notice the green AxCrypt icon, indicating that encryption is now in force.

The decryption process is ever bit as simple –it’s virtually a mirror image of the encryption process.

The following graphic illustrates the decryption password box.

In the following graphic you’ll notice the green AxCrypt icon no longer shows – indicating that decryption has been successful.

Bonus: Built in file Shredder illustrated.

Fast facts:

Password Protect any number of files using strong encryption.

Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.

Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.

Many additional features, but no configuration required. Just install it and use it.

AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.

Available languages: English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian.

System requirements: Windows 2000, 2003, XP, Vista, 2008, Win 7 (32 and 64 bit system support).

Download at: Developer’s site (Axantum Software AB).

It’s not always possible to cover all the features and benefits of an application in a short review article – additional information is available at the developer’s FAQ page.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free FileHippo Update Checker – Excellent Alternative To Secunia PSI

I gotta love the regular readers here – they definitely keep me on my toes. Based on a recent article – Not Running Secunia PSI? Why Not? – a number of readers had the same question (both in comments and privately); what about FileHippo Update Checker? Rightfully so – FileHippo Update Checker is an outstanding application in its own right.

Luckily (whew!), I had reviewed and recommended this solid freebie back in May, 2010. Based on reader feedback, I’ve edited this previous article (including updated graphics), and reposted it here.

Free FileHippo Update Checker – A Very Cool Tool

One of the most frequently repeated pieces of advice on this site is – “Keep all applications (including your operating system) patched, and up to date”. Sounds like good, practical advice – and it is. But as those of us involved in computer security know; this is advice that is not always followed.

Experienced users are generally aware that free, automated applications, are readily available for download, that take the burden out of updating and patching.

One particular application that I have reviewed and recommended a number of times – that does just that is, Secunia Personal Software Inspector (PSI), which constantly monitors a system for insecure software installations, notifies the user when an insecure application is installed, and then provides the user with detailed instructions for updating the application, when available.

Like all applications, PSI is not perfect. The most common complaint seems to be, that after updating applications it may still report that specific applications are out-of-date, or pose a threat.

Regular reader, and IT pro, Georg L., from Vienna, Austria, has pointed out that an alternative to PSI, which is compatible with x64 systems, and which does a comparable job of checking your installed software for critical updates, and security fixes, is FileHippo’s free Update Checker.

Following Georg’s recommendation, I sparked up an older test machine, and downloaded and installed Update Checker. The test scan took only a matter of seconds. Less than 3 seconds in this test – virtually in the blink of an eye!

The updated Browser screen shot below, illustrates the results obtained following the Update Checker test scan.

For testing purposes I clicked on the green download arrow which opened the following download applet, so that I could update one of my favorite free utilities – CDBurnerXP

I must admit, I was pleasantly surprised when I noticed FileHippo’s Update Checker returned results for Beta Updates as well – as the following screen capture indicates. For those users who like to test Beta software, this is a definite bonus.

It’s important to understand that all software of this type may well have shortcomings of one type, or another. FileHippo’s Update Checker, for example, does not support all programs.

This should not be surprising, given the enormous quantity of available applications. The most popular applications, of course (the ones you are most likely to have installed), are covered.

From the developer’s site:

We work hard to include as many programs as we can in the Update Checker, but we currently cannot detect them all. This can be for various reasons, including: technical issues, publisher limitations or lack of consistent version numbering. However, we’re constantly advancing our detection methods and working with publishers to improve this.

Note: The Update Checker will not send any personal information back to FileHippo.com. The only information collected is a list of programs and their versions, along with the operating system details to help with processing.

Additionally, none of this information is linked to your IP address; the logs are deleted after processing.

Recommendation: I was quite impressed with this application’s speed, and thoroughness. A definite practical alternative to Secunia Personal Software Inspector.

If you’re inclined to do so – download both applications, take them for a spin, and form your own opinion. You’ll have a little bit of fun!

System requirements: Windows 7, Vista, XP, 2003, 2000, ME or 98. (both 32 and 64 bit where applicable). Microsoft .NET Framework 2.0 (the installer will prompt you and download it automatically).

Download at: FileHippo

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Not Running Secunia PSI? Why Not?

Despite the fact that burglaries are at an all-time high in my neighborhood, and despite the fact that the Police regularly caution residents to lock both windows and doors when not at home, one of my close neighbors always leaves at least one window open while she’s out. I have to say – it just boggles my mind.

Throughout the summer she is out of town every weekend and, you guessed it – she still leaves at least one window wide open. Her behavior, not to put too fine a point on it – is idiotic. If you’ve ever wondered why your home owners insurance policy is more expensive than it needs to be, it’s partially due to lamebrains like my neighbor.

Computer systems running insecure and unpatched applications are analogous to the open window in my neighbor’s house, and are a common gateway used by cyber-criminals to infect unaware users’ machines. Worse, unlike the aftereffects of a home burglary, which are rather self evident, a compromised computer can often remain undetected.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you close any “open windows” in your operating system, by keeping your installed applications current and up-to-date. And, Secunia, the leading provider of Vulnerability Intelligence, can help you do just that with its free application – Secunia Personal Software Inspector (PSI).

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

During the install process, you will have an opportunity to select “Auto Updates”. I suggest that you take advantage of this feature.

Again, during the install process, you will have an opportunity to select “full changes in the tray icon”. If you have selected “Auto Updates”, as per the previous window, you should select this option.

The settings menu provides a full range of adjustments so that you can configure the application to more accurately meet your specific needs.

The following screen capture illustrates a security scan in progress. The full scan took under two minutes to complete.

According to the scan results, my test machine is 12% more secure compared to non-users of PSI in my local area. This is no cause for celebration though, since the test machine is running two insecure applications. One of which, VLC Media Player, has been a recent target of cyber criminals. Ouch!

The following screen capture shows the full test results and you can readily see, that both Adobe Flash Player and the previously mentioned VLC, are both insecure. Adobe Flash Player, dramatically so. Double ouch!

Additional data on an insecure program can be gathered by double clicking on the program, as shown in the following screen shot.

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how to resolve it.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Don’t Have WinPatrol? Look What You’re Missing!

I’m often asked to describe the security applications I run on my primary home machine and, I’ll occasionally post an article which does just that. Regular readers will have noticed, that consistent with that old aphorism “the only constant is change”, my choices of security applications over the years have frequently changed. Except for one application – WinPatrol.

WinPatrol makes my indispensible program list every time – as it has for the last 10 years, or more (WinPatrol is now in its 20th version). No other security application, on any of my machines, comes close to that.

WinPatrol’s strong point is – it monitors system areas that malicious programs attack. The free version of this highly regarded application doesn’t stop there though. With WinPatrol in your system tray, you can monitor your system, startup programs, services, cookies, current tasks, and more.

If anything changes, Scotty (the system tray Icon) will alert you. Taking it one step further; WinPatrol allows you to terminate processes and enable, or disable, startup programs.

WinPatrol’s user interface couldn’t be any simpler. New users should have no difficulty following this self explanatory layout.

Selecting options is “click the box” simple.

The following screen shot shows currently running applications on my machine, at the time the window was captured.

The following screen shot shows recent activity. The right click context menu allows the user to perform a number of operations on the selected entry. I’ve illustrated this by selecting “Properties” of the highlighted .dll.

WinPatrol Free – Feature Chart

Additional Features in WinPatrol Plus

System requirements: Window XP, Vista, Win 7 ( including x64 support).

Download WinPatrol Free at: BillP Studios

If you’re currently a WinPatrol user – don’t keep it a secret. Let you friends/relatives/associates know – WinPatrol is a must have application.

BTW, Bill Pytlovany, WinPatrol’s developer, accepts and encourages donations.

WinPatrol Plus lifetime licenses are available as follows:

WinPatrol PLUS $29.95

WinPatrol PLUS Family Pack $49.95

Download WinPatrol Plus at: BillP Studios

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.