Triona's Tech Tips

If you get a phone call saying you have a virus on your computer, hang up.

As reported by researcher Orla Cox on Symantec’s blog, the sellers of fake antivirus and security software have gone old-school and are now phoning victims to peddle their snakeoil. Cox posed as a computer novice to investigate:

Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, “Brian”, proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there.

[Note from Triona: That's because Event Viewer's purpose is to log what Windows is doing. These errors and warnings are part of normal operations and don't necessarily correspond to problems.]

Cox continues:

Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though… To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.

Cox was then urged to send an email with name, address, phone number, email address… and credit card details. If your red flags haven’t already been raised, that should send them to the top of the pole. No legitimate company would ever ask you to email your credit card details, that’s like a burglar asking you to stick your keys under the doormat.

Why are the miscreants behind rogue security software resorting to this tactic? Remember, it’s all about social engineering: the art of getting you to breach your own protections. Real security programs have become so good that the best way to commit cybercrime is to trick you, the person at the keyboard. Just as no security in the world can protect your house if you unlock the door, no security software can protect your computer if you can be tricked into bypassing it. That’s why these scams are called scareware — because they try to scare you into falling for their tricks.

Don’t be a victim of scareware scams. When in doubt, hang up on that fake call, ignore those phony “antivirus” warnings and pay no attention to spam emails. If you think you may have a virus use a real program like AVG’s free antivirus, Malwarebytes’ malware scanner and Trend Micro’s online House Call scanner to determine if you’re infected.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Facebook has introduced a FourSquare-like feature that allows you to share your immediate physical location with your friends. Unfortunately, it defaults into sharing this information whether you want it to or not.

This feature has sparked a new round of debates over Facebook privacy, with the ACLU of Northern California issuing a statement saying, “In the world of Facebook Places, ‘no’ is unfortunately not an option.”

Facebook Places allows you to share your location with the click of a button, which works particularly well with smart phones and other mobile devices. However, even if you don’t post a location yourself, a friend could still tag you with location information which would then be visible to others. Unless you intend to use Facebook Places, I encourage you to disable it. Facebook says they have made it easy to do so, but the process seems non-intuitive.

• First, go to Account, then Privacy Settings in the upper right hand corner. Click the “Customize Settings” link. Under “Things I Share,” change “Places I check in” to “Only me” and uncheck the Enable box for “Include me in ‘People Here Now’ after I check in.” Under “Things Others Share,” change “Friends can check me in to Places” to Disabled.

• Go to Account, Privacy Settings and click “Edit my settings” under “Applications and Web sites” at the bottom of the screen. Next to “Info accessible through your friends,” click “edit settings” and uncheck “Places I’ve Visited.”

I also suggest that you do not set your account permissions to Everyone, as it leaves your information wide open. In the computer security world we advise that security settings always default to maximum rather than minimum, a policy I wish Facebook would follow.

You’ll have to take your Facebook security into your own hands by routinely reviewing your Privacy Settings, because they may change as Facebook introduces new features or upgrades old ones. And remember, privacy on the Internet is a meaningless term. Expect that anything you post on Facebook or elsewhere can be revealed, and don’t say anything that you don’t want to be public knowledge.

Each year I give parents a roundup of the best parental control software on the market.

Parental control software offers automatic blocking of inappropriate sites as well as content and image filtering. You can schedule when the Internet is available to your kids, log instant messages, keep tabs on social networking sites like Facebook and MySpace, and monitor mobile communications. New to parental control software is the ability to protect from cyberbullying.

I continue to like SafeEyes, available for Windows and Mac. NetNanny and CyberPatrol have also been upgraded with new features. While Windows and Mac offer built-in parental controls, as do many security suites, they are no substitute for a dedicated program.

Hardware parental controls are physical devices that sit between your home network and the Internet. At this point there are none I recommend because they slow down your network and can easily be removed by wily kids. However, you can configure some home routers to perform certain parental control functions like content filtering.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

It may be hard to believe, but some of the best software is free. Try out these fabulous freebies:

1) AVG Antivirus (Windows)
AVG offers some of the best security suites on the market, and they make the antivirus component free for personal use. If you’re looking for greater protection, try the paid AVG Internet Suite which also includes anti-spyware and a firewall.

2) Malwarebytes (Windows)
I use Malwarebytes to rid computers of the worst spyware infections. It doesn’t offer continual protection (you’ll need a security suite for that) but it can help get rid of anything that may sneak through.

3) CutePDF Writer (Windows)
Need to create a PDF file? Try this quick, free program. (Mac users, use the built-in Print to PDF option under the File menu.)

4) Mozilla Thunderbird (Windows and Mac)
A free email program that rivals Outlook and spotlights Outlook Mac equivalent Entourage’s shortcomings.

5) OpenOffice (Windows) and NeoOffice (Mac)
Why pay for Microsoft Office when you can get the same functionality for free? OpenOffice and NeoOffice can open and save Word, Excel and PowerPoint documents with ease.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My technology column in this weekend’s Northwest Herald talks about how you can use Web feeds to organize information from Web sites and blogs. Web feeds (also called RSS feeds) allow you to organize content, much as you do with your email. For example, if you wanted to subscribe to the Web feed for this blog, you’d click on the orange RSS icon in the upper right corner of this blog, which will prompt you to bookmark the feed in your Web browser. A Web feed address looks similar to this.

http://www.guidryconsulting.com/techtips/feed/

Many email programs such as Outlook and Mozilla Thunderbird also have Web feed capabilities, although personally I prefer news software like FeedDemon for Windows or NetNewsWire for Mac. Or, you can use Google Reader which is web-based and works on both Windows and Mac.

When you access your news software you’ll see which Web feeds have updated content, and when you click on a feed you’ll see the name, date and excerpt of recent articles, as if each one were an email message. You can mark articles as read or flag them to read later. Here’s what it looks like in FeedDemon.

Web feeds are most often used to advertise blog content. So if you run a blog, be sure to include a link to the feed so people can subscribe. Most common blog platforms like Blogger and WordPress automatically set up a feed when you create your blog.

People sometimes ask me what is the point of Web feeds, and why would anyone want to use them? Feeds make following Web sites and blogs as easy as checking your email. It’s also a great timesaver. Instead of visiting each site directly, you can consolidate them in one place and see at a glance the articles you want to read. Web feeds have become the option of choice for people who want to keep up with current events, which is why they’re offered by most magazines and newspapers.

We’ve got another off-schedule emergency update, this one for Adobe Reader and Acrobat. It applies to both Windows and Mac users and will be released sometime next week. I encourage you to check for updates (under the Help menu) and make sure you install this one when it comes out. You can read Adobe’s advisory here.

The new update will take version 9 users to version 9.3.3 and version 8 users to 8.2.3. However, if you’re still on version 8, I recommend you move to version 9. And if you’re on a previous version (like the omnipresent Acrobat Reader 7), you definitely want to move to version 9. Acrobat 7 was the standard for a long time but is now obsolete and can be used as a entry point for viruses.

In case you’re wondering, the difference between Adobe Reader and Acrobat is that the former allows you to read PDF files while the latter also lets you create them. Adobe Reader used to be known as Acrobat Reader and is still referred to as plain ol’ Acrobat. So, yes, these updates apply to you regardless of whether you have the full version of Acrobat or just plain Reader.

You can also visit this web site to find the latest versions of all your Adobe products.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Today Microsoft released an off-schedule update to fix a bug in Windows that could allow your machine to be infected simply by browsing a list of files with Windows Explorer. This emergency update applies to Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. You can read the Microsoft security bulletin here.

Microsoft’s normal monthly updates arrive the second Tuesday of the month, otherwise known as Patch Tuesday. Off-schedule updates are typically only released in cases like this, where vulnerabilities are being actively exploited by viruses and malware. One particular virus is especially virulent. A variant of the Sality virus, it disables your security software and downloads more malware onto your computer.

If you have Automatic Updates enabled you’ll eventually get this update, but to make sure you are protected as quickly as possible visit update.microsoft.com and make sure you install update MS10-046 (aka 2286198).

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

If you get an email from Facebook saying there is a message for you, do NOT click on the link. Visit Facebook’s site directly instead to respond to any and all messages.

Like the Facebook update scam I dissected for you a few months ago, this latest scam tries to trick you into clicking a potentially malicious link by mimicking a legitimate Facebook message. Take a look at this screenshot and compare it to the Facebook update scam. You’ll see similarities, including the use of Facebook formatting and logo as well as a legitimate-looking link. However, the link actually redirects you to a malicious site. The site on this particular message has already been blocked as being harmful; it probably belongs to some innocent victim whose web site was hacked to deliver viruses or harvest passwords a la the Twitter DM worm. But there are plenty of other phony sites out there that may not have been blocked.

In my case I was alerted to the scam because I’d never heard of the people from whom the messages were purportedly sent, but that’s not a foolproof way to tell if a message is fake or not. Facebook accounts can be hacked, and false messages sent. This grants the fake messages an undeserved level of trust because they come from someone you know–and that’s the point. Cybercriminals know people are unlikely to click on unsolicited links and far more likely to click on something sent by someone they know. The best way, as I said, is to distrust all email links no matter who they’re from. You are far safer visiting the Facebook site directly and checking your messages from there.

Are you prepared for a disaster? This checklist will help you assess your plans for home and business.

1) Critical resources
What are your most important resources, and which ones can you do without in a crisis?

2) Backups
What is your backup strategy? Where are your off-site backups located? Do you test your backups to make sure they are valid?

3) Inventory
Do you have a complete and current list of all hardware and software, including serial numbers and documentation?

4) Network and Internet
Do you understand the layout of your network? What is the impact if your connection goes down? Consider alternate options for use in the event of an emergency.

5) Remote Access
Can you work from somewhere other than your primary location? What resources would you need to do so? Evaluate various options to find one that works best for you.

6) Security
What would you do if you had a security incident, such as a virus infection, loss of data, or identity theft? Develop a plan, including resources that can help you.

7) Fire Drills
Test your strategies to verify that they will work in a real-world situation.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.