Triona's Tech Tips

It had to happen. Macs are the latest target of fake antivirus software scams.

For some time I’ve been warning PC users about scareware scams: warnings claiming that your computer is infected and you must buy “Insert Name” antivirus software or you’re doomed. Please don’t fall for these tricks. There are perfectly good antivirus programs out there that don’t advertise via the electronic equivalent of unwanted solicitors.

My current recommendations on Mac antivirus programs are:

• Intego VirusBarrier
• McAfee VirusScan For Mac
• Avast Mac
• ClamX AV

And so you PC users don’t feel left out:

• Trend Micro
• AVG
• Avast
• McAfee
• (But not Norton; here’s why.)

I evaluate antivirus software on a continual basis, but you’ll always find my recommendations here on the Tech Tips blog (under Windows and Mac in the sidebar).

One of the nasty things about the Conficker virus (10 million PCs and counting) is its multiple methods of infection, including the way it infiltrates USB flash and network drives.

Imagine you get a flash drive from a friend, plug it in, and get the following message. Look closely. It seems like normal Windows, right? Wrong. If you pick the first choice (“publisher not specified”) you just infected yourself with Conficker.

This is the virus using a real Windows window to confuse you. Keep an eye out for any change, however small, to the usual things your computer does. In this case the virus inserts itself before the normal Windows options, knowing that most people simply click the first link without looking. You can disable Autoplay to avoid this particular trick, but there will be others.

Another nasty thing about Conficker is the second shoe it may be about to drop. Researchers say they expect Conficker to download and install a second payload that may do more to your computer than simply infect it. So patch your computer, keep that antivirus software current, and stay tuned to Tech Tips for more news.

“Why 1984… won’t be like 1984.”

We drooled over those words, us geeks with our copies of Byte magazine and the latest Heathkit catalog. Forget the TRS-80 or the Sinclair, this new computer was going to be sweet.

And sweet it was, that friendly beige box with the smiley-face at startup. Don’t get me wrong, I still loved my Apple II, but there was something about the Mac that made you want to dive in and check it out. It made people less afraid of computers. No typing, just point and click.

And the Mac kept getting better. More capabilities. Better graphics and sound. Networking out of the box, unheard of at the time. Desktop publishing software that quickly revolutionized traditional print. If you were in publishing in the 1980s, the watchword of the day was Aldus. Norton Utilities when it was still owned by Peter Norton and cared about the Mac market. System 7 comes on CD! Mac OS 8 has multithreading!

Then, the Internet revolution. NCSA Telnet and Gopher… those are called hyperlinks, ladies and gentlemen, and this new thing called the Web lets you include video and sound. Viruses that turned your Mac into a monster, and a utility called Disinfectant written by a gentleman of a programmer named John Norstad, with whom I had the opportunity to work as a student. A virus called Melissa that taught us yes, Virginia, viruses can be transmitted via email. Good days (the Mac IIci), bad days (the IIvx), confusing days (what the heck is a Type 1 error?). One glorious afternoon when Steve Jobs took the NeXTSTEP and matured the Mac’s system software to become Mac OS X.

Puma. Jaguar. Panther. Tiger. Leopard and soon Snow Leopard. Microsoft, will you please fix Entourage? Yes, Macs need antivirus software. What do you mean you can RUN WINDOWS ON A MAC?!

Cheers to my Mac users, and may you never experience the spinning beachball.

A hospital in England, infected by Conficker, demonstrates the dilemma faced by businesses when it comes to Microsoft’s Automatic Updates.

The hospital’s computers were infected because the staff disabled Automatic Updates after a computer rebooted mid-surgery. What else could they have done? This is a case where computer management is literally a matter of life or death. They couldn’t leave AU on, nor could they turn it off. Somewhere in between lies testing and careful deployment, but in reality most companies don’t have the resources for manually installing Microsoft updates. That’s what AU is for, isn’t it? Actually Microsoft steers businesses away from AU, but installing the recommended business solution is non-trivial. Most small businesses simply enable AU, until there’s a problem and it has to be disabled.

I’d like to say AU is better than no AU, but an unstable Microsoft patch can crash your computer. A few years ago there was a buggy Windows patch that disrupted wireless capability. It was hard for end users to see the connection between the patch and the problem because AU works silently, by design. The second Tuesday of the month is Microsoft Patch Tuesday, when IT shops around the world scramble to evaluate and install the latest round of fixes. Most of the time the updates are fine, but you get one with a problem and suddenly the help desk phone is ringing off the hook. That’s why I schedule my regular customer visits after Patch Tuesday, so we can deal with any problems that may arise.

If you decide to keep AU enabled, be aware of these issues. If you decide to download and notify, don’t keep clicking “later” or you’ll wind up with Conficker and its ilk. Be sure to update your antivirus software, and don’t forget to subscribe to Tech Tips for the latest computer news.

Remember that emergency Windows patch I told you about in October? A super-virulent virus based on that bug is taking over Windows computers. Known as Conficker or Downadup, it may control as many as 9 million PCs… and counting.

To protect yourself, make sure your antivirus software is up to date and that you are current on your Windows updates (try Microsoft Update). The update that closes the hole used by this virus is MS08-067, but shows up as KB958644 in Add/Remove Programs if you have Show Updates checked.

Don’t forget to subscribe to Tech Tips for this and other breaking computer news.

Am I serious? Yes, I am advising you not to renew your antivirus software.

There’s a difference between renewing and upgrading to the latest version. Many antivirus programs allow you to purchase another year’s worth of updates without upgrading the software, but it’s not worth the slight savings. Upgraded software gives better protection.

Antivirus programs use a combination of definitions and heuristics. Definitions look for known virus code. Heuristics look for virus-like behavior, meaning they can detect both known and unknown viruses. When your antivirus software updates itself each day, it’s getting new definitions to protect against newly released viruses. But it doesn’t make sense to wait for a new virus to come out, write new definitions and send them out to millions of machines. With computers these days, by the time you do that it’s already too late. What’s needed is software with better heuristics. The newest antivirus programs have the latest heuristics available to consumers, so you are better off paying that little bit extra to upgrade instead of simply renewing for another year of definitions.

While we’re talking about not renewing your antivirus software, if you Windows users are still running Norton, save yourself a headache and move to something else when your subscription expires. The 2009 versions are better but still memory hogs compared to Trend Micro, the free AVG and others (look under Windows Users in the Tech Tips blog sidebar).

In February I’ll teach you how to Break The Internet Explorer Habit. Don’t forget to subscribe to the email version of Tech Tips for the latest computer news.

Pardon me, but you’ve left an orphan out there. Orphaned accounts are email or web usernames that are no longer used but haven’t been deleted from the server. Small businesses and consumers alike would do well to clear their electronic trails of such wayward offspring.

For small businesses, orphaned server accounts can be an unseen hazard. Imagine you’ve let an employee go but haven’t deleted their account. They could log in and grab sensitive data or rig the system to self-destruct; these days you don’t need to be a computer whiz to do it. It’s wise to make deleting accounts part of your standard personnel procedures. Avoid sharing accounts and passwords; set up individual IDs with specific access instead, and don’t be tempted to leave post-its with passwords in your office. That deliveryperson could be a hacker in disguise.

Consumers should be aware of the orphans they may leave while visiting online sites. If you set up an email or web account somewhere but aren’t using it, contact the site and ask them to delete it. Ironically, you may find some sites don’t have a procedure for doing so. Talk to their tech people and request written confirmation that your account has been deleted. Otherwise you never know what someone else might be doing in your name.

Next month we’ll talk about Alternate Web Browsers. Don’t forget to subscribe to the email version of Tech Tips for the latest computer news.

A new method of phishing may be your next battle. Researchers report that scammers can now phish you–pretend to be your bank–while you’re logged into your bank’s legitimate web site.

Until now, phishing was done by emails that try to trick you into clicking links to phony sites. This new variant is sophisticated and almost invisible, because it doesn’t come through email but on the web, and only after you have successfully logged into your bank’s actual site. Then malicious code takes over and sends a realistic-looking popup window asking for your credentials. The complexity of this attack makes it difficult to avoid, and switching from Internet Explorer to another browser like Firefox won’t help.

This attack isn’t widespread (yet), but you can expect more near-invisible scams like this in the future. Be sure to keep your computer updated, and don’t forget to subscribe to Tech Tips for the latest computer news.

The word is getting out that phony MySpace and FaceBook profiles can deliver malware (malicious unwanted software, also known as spyware) to your computer. But many business professionals are unaware that similar threats also occur on LinkedIn and other business-oriented social networking sites.

At the moment the LinkedIn versions of these scams are the electronic equivalent of crayon scribbles: amateurish and easy to spot. However, you can expect them to become more prevalent and convincing. From a recent eWeek article:

[A]t the same time that LinkedIn’s image makes it unlikely that any large number of people will click on through when profiles are being advertised as celebrity porn, you have to recognize that its business focus could conceivably make the site an even more dangerous weapon in the hands of truly cunning attackers — who could, say, post a believable profile for a well-known CEO or industry pundit along with links to similarly themed malware URLs.

Bad Web links are all over the place, so please be careful when clicking on links, even on reputable sites.