Tag Archives: Prevent

Defeat Internet Browser Exploits With Malwarebytes Anti-Exploit

imageCybercriminals design malware to exploit vulnerable systems without user interaction being required – on the one hand, and craft attacks that take advantage of unaware (untrained) computer users, in which user interaction is required – on the other hand.

The second part, of this two part attack approach, can only be defeated if the computer user is aware of current Internet threats. So, knowledge and experience, are critical ingredients in the never ending and escalating battle against cybercriminals.

In order to defeat attacks which rely on exploiting vulnerable systems, the preferred method to do so is – the implementation of a layered security approach. Employing layered security should (I emphasize should), lead to the swift detection of malware, before any damage occurs on the targeted system.

Let’s talk real world:

Given existing technology, no single security application is capable of providing adequate computer system protection. Gaps exist in protection capabilities in even the most sophisticated security applications.

Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing those gaps. Keep in mind however, that even the best layered protection strategy will not make up for the lack of experience, and intuitiveness, of many computer users.

So, stopping the bad guys from gaining a foothold has to be a primary objective of that layered defense strategy that I mentioned earlier. And, part of that strategy includes, raising barriers at the doorway to the system – the Internet browser.

The Modern Malware Review (March 2013), a statistical analysis performed by Palo Alto Networks which focused on malware that – “industry-leading antivirus products” failed to detect – noted a persistent trend.

From the report:

90% of unknown malware delivered via web-browsing

Given that the samples were captured by the firewall, we were able to identify the application that carried the malware. While web-browsing was found to be the leading source of malware both in terms of total malware as well as undetected malware, the application mix was very different between the two groups.

For example, SMTP accounted for 25% of the total malware, but only 2% of the fully undetected malware. Comparatively, web-browsing dominated both
categories, accounting for 68% of total malware, but over 90% of undetected samples. This clearly shows that unknown malware is disproportionally more likely to be delivered from the web as opposed to email.

Another brick in the wall:

Malwarebytes Anti-Exploit (formerly Zero Vulnerability Labs ExploitShield) – a free “install and forget” Internet browser security application (which I installed several days ago) – is designed to protect users from unknown “zero-day” vulnerability exploits aimed at Firefox, Chrome, Internet Explorer, Opera……..

As well, protection is also included for selected browser components – Java, Adobe Reader, Flash, and Shockwave. Added protection is incorporated for Microsoft Office components – Word, Excel, PowerPoint.

Fast facts:

Malwarebytes Anti-Exploit protects users where traditional security measures fail. It consists of an innovative patent-pending application shielding technology that prevents malicious exploits from compromising computers through software vulnerabilities.

Malwarebytes Anti-Exploit is free for home users and non-profit organizations. It includes all protections needed to prevent drive-by download targeted attacks originating from commercial exploit kits and other web-based exploits.

These type of attacks are used as common infection vectors for financial malware, ransomware, rogue antivirus and other types of nastiest not commonly detected by traditional blacklisting antivirus and security products.

Installation is a breeze and, on application launch, a simple and uncomplicated interface is presented.

image

Clicking on the “Shields” tab will provide you with a list of applications protected by Anti-Exploit – as shown below.

image

As a reminder that Anti-Exploit is up and running, a new Icon – as shown in the following screen shot, will appear in the system tray.

image

System requirements: Windows 8, Windows 7, Windows Vista, and Windows XP.

Download at: MajorGeeks

The good news: Each of us, in our own way, has been changed by the world of wonders that the Internet has brought to us. Twenty years on, and I’m still awestruck. I suspect that many of us will be thunderstruck by applications and projects yet to be released.

The bad news: The Internet has more than it’s fair share of criminals, scam and fraud artists, and worse. These lowlifes occupy a world that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software.

When travelling in this often dangerous territory, please be guided by the following: Stop – Think – Click. The bad guys – including the corrupted American government – really are out to get you.

The Modern Malware Review is a 20 page PDF file packed with data which provides a real-world perspective on malware and cybercrime. I recommend that you read it.

Advertisements

28 Comments

Filed under Browsers, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Malwarebytes’ Anti-Malware

Sandboxie! – Think INSIDE The Box!

imageWouldn’t it be terrific if, following a mistake which led to malware making its way on to your computer, you could wave a magic wand, utter the words – “get thee gone” – and, quick as you like – no more malware infection?

Luckily, you can do just that. You don’t have to be a mage or a magician – you don’t have to deliver a magic enchantment – but, you do need to be running a sandbox based isolation application.

And that, brings me to Sandboxie (last updated December 16, 2012) – the King of isolation applications in Geek territory. Rather than geek you into the land of nod – today’s review is what I like to refer to as a “soft review”.

Simply put, Sandboxie, when active, creates a virtual environment (of a sort), on a computer by redirecting all system and application changes, to an unused location on a Hard Drive. These changes can be permanently saved to disk or, completely discarded.

A case in point for isolating web surfing:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in an isolated environment with Sandboxie active; the system changes made by this parasite could be completely discarded – since the attack occurred in a – “I’m not really here” environment .

An obvious part of reviewing an application is, providing a technical breakdown of just how an application gets the job done – or, in some cases how/why an application doesn’t quite get it done.

It’s not often that I get caught between the proverbial “rock and a hard place” in terms of illustrating an application’s aptitude in getting the task accomplished. In this case however, Ronen Tzur, Sandboxie’s developer, has taken the expression – a picture is worth a thousand words – and definitely run with it.

From the site: Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally.

The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Fast facts:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

The developer has provided a clear and concise Getting Started tutorial – which includes:

How to to use Sandboxie to run your applications.

How the changes are trapped in the sandbox.

How to recover important files and documents out of the sandbox.

How to delete the sandbox.

System requirements: Windows XP, Vista, Win 7 (32 and 64 bit), Win 8 (32 and 64 bit).

Available languages: English, Albanian, Arabic, Chinese (Simplified and Traditional), Czech, Danish, Estonian, Finnish, French, German, Greek, Hebrew, Indonesian, Italian, Japanese, Korean, Macedonian, Polish, Portuguese (Brazil and Portugal), Russian, Spanish, Swedish, Turkish, and Ukrainian.

Download at: Sandboxie

A Caveat: You may run with Sandboxie free of charge – but, once past the initial 30 days, you will be reminded that a lifetime licensed version is available for € 29 (approximately $38 USD at today’s conversion rate).

10 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Don't Get Hacked, downloads, Malware Protection, Virtualization

NoSleepHD Keeps Your External HD Spinning

imageWe all have those “damn, that drives me crazy” moments with computing, I expect. My particular “damn, that drives me crazy” moment, repeated throughout the day, day in and day out is, waiting for the auxiliary Hard Drives (non-OS drives) on my system, to spin up.

Most Hard Drives feature a firmware auto spin down function, independent of the OS, that shuts down the drive after 10 minutes, or so, of inactivity. A primary Hard Drive, of course, can be controlled by adjusting power options in the OS’s advanced power settings menu. But, not auxiliary Hard Drives.

So, dealing with a repetitive non-responsive time lag of 3/5 seconds while my D, or E drive spins up – short though it may be – is annoying. Particularly, since I need to save my work periodically to drive D, or drive E – and, it’s generally outside the 10 minute spin down window.

I found a small (22 KB) free (open source) application, NoSleepHD, which I hoped might solve this annoyance. Despite the fact, that this small application is designed specifically to keep external Hard Drives from entering sleep mode, I gave it a try. Alas, it was a “no go”. So, I’m on the hunt for a freebie application which will solve the “damn, that drives me crazy” daily refrain.

Still, NoSleepHD is a simple, but nonetheless impressive little application, that writes a blank text file every few minutes (selectable 1 to 15) to an external Hard Drive (which effectively prevents the drive from entering sleep mode), which might come in handy for those who run with external Hard Drives.

Here’s a quick overview:

A simple GUI.

image

Click ‘Info’ tab to view drive information.

Monitor multiple drives by selecting, more drives in ‘Configuration’ tab. (Up to 5 External Hard Drives).

Hard drive monitoring can be stopped if necessary. (Which would allow the drive to go to auto-sleep).

Application can sit in the System Tray or simply minimized.

Auto-run at start-up can also be enabled.

System requirements: All versions of Windows.

Download at: Softpedia

4 Comments

Filed under downloads, Freeware, Open Source, Software, System Utilities

Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report

imageI’m often asked why I host this Blog on WordPress.com – why I don’t self host, and maybe make a few dollars, while I’m at it, by running ads. So, I’ll start with the back-end first.

It’s not about money – far from it. I write this Blog to have a little bit of fun; to help keep my mind sharp (often a failing exercise  Smile  ) – and, to be part of a community which recognizes the need to educate computer users that the Internet is not all sweetness and light.

That’s the back-end – but, it’s the front-end that’s most important. WordPress does all the heavy lifting. All elements are taken care of: setup, upgrades, spam, backups, and site security. Site security might be last in the previous sentence but, it was the most important factor in my decision to use WordPress as my blogging platform.

Just a few of the security reasons:

Potential harmful activity is constantly monitored.

Blog PHP code can’t be modified.

Plugins can’t be uploaded.

JavaScript embed codes and CSS, are restricted.

I’m not suggesting that WordPress can’t, or won’t be hacked (nothing on the Internet is invulnerable to cyber criminals) – but, should sites hosted by WordPress.com fall to  the bad guys, those of us who rely on WP, will at least have a fighting chance to recover. This is not always the case for self-hosted sites.

Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming. And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.

More particularly, according to the Commtouch/StopBadware report – “about half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.”  Not a very effective method of discovering one’s site has been hacked. As opposed to WP’s – “Potential harmful activity is constantly monitored.”

Highlights from analysis of the survey’s responses include:

Over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.

Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.

Twenty six percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.

Forty percent of survey respondents changed their opinion of their web hosting provider following a compromise.

The report includes several examples of hacked websites, as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.

The following graphic illustrates why cyber criminals target web sites.

image

Courtesy – Commtouch

The full report is available for download (PDF format) at:

Commtouch

StopBadware

10 Comments

Filed under Blogging Tips, Cyber Crime, Malware Reports, Reports, Web Hosting

Give Malware The Old Heave Ho! – Trap It With Sandboxie!

imageWouldn’t it be terrific if, following a mistake which led to malware making its way on to your computer, you could wave a magic wand, utter the words – “get thee gone” – and, quick as you like – no more malware infection?

Luckily, you can do just that. You don’t have to be a magician – you don’t have to deliver a magic enchantment – but, you do need to be running a sandbox based isolation application.

And that, brings me to Sandboxie – the King of isolation applications in Geek territory. Rather than geek you into the land of nod – today’s review is what I like to refer to as a “soft review”.

Simply put, Sandboxie, when active, creates a virtual environment (of a sort), on a computer by redirecting all system and application changes, to an unused location on a Hard Drive. These changes can be permanently saved to disk or, completely discarded.

A case in point for isolating web surfing:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in an isolated environment with Sandboxie active; the system changes made by this parasite could be completely discarded – since the attack occurred in a – “I’m not really here” environment .

An obvious part of reviewing an application is, providing a technical breakdown of just how an application gets the job done – or, in some cases how/why an application doesn’t quite get it done.

It’s not often that I get caught between the proverbial “rock and a hard place” in terms of illustrating an applications aptitude in getting the task accomplished. In this case however, Ronen Tzur, Sandboxie’s developer, has taken the expression – a picture is worth a thousand words – and definitely run with it. Well done Ronen!

From the site: Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally.

The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Fast facts:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

The developer has provided a clear and concise Getting Started tutorial – which includes:

How to to use Sandboxie to run your applications

How the changes are trapped in the sandbox

How to recover important files and documents out of the sandbox

How to delete the sandbox

System requirements: Windows XP, Vista, Win 7 (32 and 64 bit).

Available languages: English, Albanian, Arabic, Chinese (Simplified and Traditional), Czech, Danish, Estonian, Finnish, French, German, Greek, Hebrew, Indonesian, Italian, Japanese, Korean, Macedonian, Polish, Portuguese (Brasil and Portugal), Russian, Spanish, Swedish, Turkish, and Ukrainian.

Download at: Sandboxie

A Caveat: You may run with Sandboxie free of charge – but, once past the initial 30 days, you will be reminded that a lifetime licensed version is available for € 29 ($38 USD at today’s conversion rate).

My good buddy from Portugal, José – a super geek – is of the opinion that Sandboxie is in a class of its own. I couldn’t agree more José.

16 Comments

Filed under Anti-Malware Tools, Cyber Criminals, Don't Get Hacked, downloads, Malware Protection, Virtualization

Take A Scheduled Break From Computing – Free Workrave Reminds You When It’s Time

Workrave logo.pngThere’s an old joke that goes something like this – If I knew I was going to live this long, I would have taken better care of myself. I’m sure there are a lot of guys my age who can relate. All those “little” injuries I suffered back in the day – the busted shoulder, the dislocated knee, the groin injury, the slipped disc ….., bother me every day.

Until a year ago or so, I exacerbated all those old injuries by bad computing habits – the type of habits that virtually all computer users have, including:

Slouching, rather than sitting upright (This used to be my favorite position).

Barely moving (except for hands and eyes).

Incorrect screen height and positioning.

Poor keyboard placement.

NOT taking breaks away from the keyboard. (I was totally guilty of this one).

In July of last year, I discovered a neat little freebie application – Workrave – an application that’s designed to prevent computer users from developing, or aggravating, occupational diseases such as carpal tunnel syndrome, repetitive strain injuries (my problem), or myopia.

Since I installed this application, I’ve used it religiously to force myself to take micro-pauses, and longer rest breaks. The most important break being – walking away from the computer at regular intervals.

I have to admit, that while I haven’t had to deal with the back problem that was the catalyst for me in installing this application – I still creak a little, early in the morning.   Smile

One of the more impressive features of this application is a set of onscreen exercises that you can use to help you heal injuries, or as in my case, to help me get all the kinks out of my muscles.

Miss Workrave, illustrating  just two of the exercises.She’ll expect you to join in.

image

image

Application setup goes relatively smoothly since the user interface is “follow the bouncing ball” simple.

You can enable/disable each timer, modify the time between breaks, and set the break durations from within the Preference menu.

image

While taking this screen capture, as you can see, I was prompted to take a micro- break as per my schedule.

image

The application can keep track of your computer activity and breaks.

image_thumb[24][4]

Bonus: By using Workrave’s built-in networking feature, you give everyone on the network an opportunity to relax, or exercise on a scheduled basis. A neat feature, I thought.

Available modes:

Normal – “Normal” mode is for normal usage. It will prompt you to break and, if so configured, force you to take the break.

Quiet – “Quiet” mode is pretty much like normal mode, in that it will still register your activity, and notice that you need to take a break, but it will not actually prompt you to take one, nor block you from using the computer. This is typically used when you want to show something on your computer to someone else. You are using the computer doing the explaining and the showing, but you do not want to be interrupted by breaks.

Suspended – In “Suspended” mode, Workrave no longer records your activity. This is typically used when someone else is using your computer for a brief time. In these cases, you may not want to quit Workrave, and you also don’t want the activity recorded, because it isn’t yours, and hence you will not need to take any “overdue” breaks. When someone else is using the computer for a longer time, it is best to quit Workrave altogether.

If you want to prevent injury, or other unpleasant consequences from too much time on the computer, or you need a reminder to take a break for any reason, Workrave could be just the right tool to help you do this.

I will say, it took some time to get the idea into my head that I had to become more responsive to the aches and pains, and other unpleasant consequences from too much time on the computer. I finally accepted the idea that a reminder program might be part of the solution and, as it turned out, Workrave was the right tool.

System requirements: Windows or GNU/Linux.

Download at: Workrave

Additional resources:

Computer terminal work and the benefits of microbreaks

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts.

6 Comments

Filed under downloads, Freeware, Geek Software and Tools, Living Life, Open Source, Software, Utilities, Windows Tips and Tools

SpywareBlaster – Still Worthwhile After All These Years

spywareblaster_largeSpywareBlaster was one of the first free antimalware applications I installed on Windows 95; it’s been around that long. You might wonder if an application which was released when I was running a system with 6 MB of memory (versus 4 GB today), has value as an effective antimalware application – but it does. Perhaps less so if you’re a high level user, but for casual users, it can be an important addition to a layered security approach.

SpywareBlaster prevents ActiveX-based spyware, adware, dialers, and browser hijackers from installing on a system by disabling the CLSIDs (a method used by software applications to identify a file or other items), of spyware ActiveX controls.

image

SpywareBlaster, once installed, doesn’t use any services, or drivers, and does not use memory or processing time. You just open SpywareBlaster, set your protection, close it – you’re protected. SpywareBlaster continues to provide protection without the need for user interaction.

image

A secondary, but equally important function offered by SpywareBlaster is its ability to block spyware/tracking cookies and restrict the actions of spyware/adware/tracking sites in Internet Explorer, Mozilla Firefox, Netscape, Seamonkey, Flock and other browsers.

image

Since SpywareBlaster doesn’t scan for, or clean spyware, but as stated earlier, prevents installation only, you should use it in combination with your active malware protection applications.

SpywareBlaster is definitely low maintenance and the only thing you need to remember is to update the database, which contains information on known spyware Active-X controls, regularly. Automatic update is also available for an annual fee of $9.95 USD.

A bonus feature included with SpywareBlaster is – System Snapshot. You can take a snapshot of your computer in its clean state, and later revert to this state, undoing any changes made by spyware and browser hijackers that have infected your system despite the security in place. I recommend that you take advantage of this important feature – just in case.

image

Fast facts:

Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.

Block spying / tracking via cookies.

Restrict the actions of potentially unwanted or dangerous web sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

System requirements: Windows XP, Vista, Win 7 (32 bit and 64 bit).

Browser compatibility: Internet Explorer, Mozilla Firefox, Netscape, Seamonkey, Flock, K-Meleon, and browsers that use the IE engine.

Download at: Javacool Software

Need answers? Visit the SpywareBlaster Forum

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Browsers, Don't Get Hacked, downloads, Free Security Programs, Freeware, Internet Safety Tools, Malware Protection, New Computer User Software Tools, Software, System Security, Utilities, Windows Tips and Tools