Triona's Tech Tips

Microsoft has announced that it will release an emergency update tomorrow (Tuesday, March 30, 2010) for a vulnerability in Internet Explorer. This update is for users of Internet Explorer 6 and 7, and fixes a bug that could be exploited by hackers or viruses. Internet Explorer 8 is not affected.

Typically Microsoft updates are released monthly on the second Tuesday of the month, known in IT circles as Patch Tuesday. But some vulnerabilities, like this one, are considered critical enough to warrant an out-of-sequence update.

In their announcement Microsoft notes that although Internet Explorer 8 is not affected by this particular bug, they have rolled several other IE updates into one patch. Therefore, Internet Explorer 8 users may also be offered this out-of-sequence update, which is known as MS10-018.

The update will come to you automatically if you have Automatic Updates enabled. Otherwise you can visit Microsoft Update tomorrow to make sure you get it.

My Northwest Herald column this month is about rogue security software, also called scareware because it tries to frighten you into purchasing and installing it. I’ve talked about how rogues disable your real protections before (here and here), and how they take advantage of poisoned search engine results to trick you. I thought I’d show you some screenshots so you can see how rogues mimic real security software.

As you can see below, rogues look like the real deal. They pretend to scan your computer and they always display dire warnings. Note the button in the lower left corner telling you to purchase the rogue to remove the purported infections. But the real infection is the rogue itself.

Rogue security software

In this next image, the rogue is imitating Windows Security Center. Note how it claims that “Antivirus 2010″ (the rogue) is unregistered, a typical trick to get you to purchase the software.

Rogue imitating Windows Security Center

There are no limits to which rogues won’t go. Here, the rogue infiltrates Internet Explorer, displaying a false warning that claims you can’t get on the Internet unless you buy their scam software.

Rogue imitating Internet Explorer error

Another fake error message, this time the ominous Blue Screen Of Death (BSOD). Note once again the false warning claiming that you need to register (e.g. buy) the rogue to fix your computer.

Rogue faking a Blue Screen Of Death (BSOD)

Rogues will even go so far as to put messages on your Windows startup screen claiming that the product is unregistered and your computer unprotected.

Rogue hijacking Windows startup

To protect yourself, make sure your real security software is up to date, and steer clear of any advertisements or popups that claim you are infected. Be careful when searching for security tools because of poisoned search results. Your best bet is typing the name of a known software vendor directly into your browser instead of clicking on a link.

Rogues are notoriously difficult to remove, and regenerate if even the tiniest piece is left behind. Your best bet is to hire a professional familiar with how to remove rogue security software and restore your computer’s bona fide protections.

Sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Windows XP users, your days are officially numbered. Microsoft has announced that the newest version of Internet Explorer, when released, will not run on Windows XP.

How does this affect you? Internet Explorer 9 will introduce new Web technologies including HTML5, as well as other features that require Windows Vista or Windows 7 but are not supported under Windows XP. As Microsoft does so, other developers will follow suit. Web sites will be redesigned to take advantage of the new technologies, and those who don’t upgrade will be left out in the cold. Windows XP users will be forced to upgrade in order to have functional Web access. There is no official word yet on a release date for Internet Explorer 9.

We have seen this sort of planned obsolescence before. When Internet Explorer 7 came out in 2006, it worked only with Windows XP or later. People who tried to use earlier versions of IE discovered that they could no longer access certain web sites. Those who were on Windows 98, 2000 and ME had to upgrade to Windows XP.

What if you use Firefox? That will depend on whether the folks at Mozilla make new versions of Firefox compatible with Windows XP. They might… but if the technologies they need to stay compatible with Internet Explorer are not available in Windows XP, they may have no choice but to limit their compatibility to Vista and Windows 7 as well.

As I’ve mentioned before, the security risks of Windows XP are going to require you to upgrade anyway, so it’s time to start budgeting for it. This is another of those times when the computer industry drags us along by the heels whether we want to go or not.

We’re all familiar with computer security, but when was the last time you thought about security for your smart phone? With the amount of confidential data carried on these devices, security is something to consider.

Viruses can and do propagate via smart phones, although the effect is mitigated because viruses usually can’t travel between different types of phones. Even so, you might want to consider antivirus software for your phone.

Physical security is another concern. You should use your phone’s options to set passwords to protect your data. Some phones come with encryption features. It goes without saying that you should always have a backup of any data on your phone in case it is lost, stolen or broken.

Other ways you can protect your phone include turning off Bluetooth and/or WiFi when you’re not using them, to prevent unauthorized access. Bear in mind that using a unsecured public WiFi hotspot from your phone is just as risky as doing so from your computer.

Most phones allow you to clear memory and cache of potentially sensitive data. Some also have a setting that will erase all data after a specified number of incorrect password attempts. While no security measures are perfect, these tips will help you reduce the risks.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

If you use Windows, soon enough you’ll end up on Windows 7. But will your old applications work, and what can you do if they don’t?

Many Windows XP programs are compatible with Windows 7 out of the box. For those that aren’t, your first step is the built-in Program Compatibility Wizard. You can access the wizard by clicking Start, Control Panel, Programs, and selecting “Use an older program with this version of Windows.”

Microsoft also offers Windows XP Mode, a free download available for Windows 7 Professional and Ultimate. It requires Windows Virtual PC, also a free download. If these options don’t work, you might want to consider running Windows XP under Windows 7 using other virtualization software like Parallels Desktop for Windows or VMWare. Because using a virtual machine means running a true version of Windows XP, your software should work, although you may find it inconvenient to switch back and forth.

The optimal solution is to use software specifically designed for Windows 7. If there is a newer version of your program, you should upgrade instead of using compatibility options.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The real Microsoft Security Essentials is a free tool that helps protect your computer from viruses and other threats. A fake antivirus program is using the Security Essentials name to spread its infections.

Fake antivirus programs are viruses that purport to be legitimate security software. It can be very difficult to tell the tricksters from the real deal. In this case, if you run across something claiming to be “Security Essentials 2010“, stay far away.

Like other fake antivirus programs, this particular rogue hijacks your computer and prevents you from accessing the web sites of legitimate antivirus vendors. It uses hyperbole to convince you that your computer is infected, then tries to con you into paying for removal. Such tricks are becoming more common. I’ve previously written about the odious Win Antivirus 2010, a rogue that really raised the bar on how far these con artists will go in order to make money at your expense.

By itself, Microsoft Security Essentials (the real one) is not adequate security software. You need something more robust like the free or paid versions of AVG, or Trend Micro or McAfee. I’m still not recommending Norton because it’s such a memory hog, but use it if you must. Also be careful if you look for for antivirus programs via a search engine, as the con artists hijack search results to spread their dangerous look-alikes.

My tech column in today’s Northwest Herald is about how to protect your passwords and your privacy on the Internet. Remember, to create strong passwords:

• 6 to 12 characters in length
• Mix of lower- and uppercase letters and numbers
• Symbols if allowed
• Not easily identifiable (your spouse, your kids, your dog)
• Create a passphrase
  • fourscore and seven years ago = 4Score&7Yrs (don’t use this one!)
• Different password for every account
• Change your passwords regularly, at least every 3 months
• Don’t re-use or cycle through the same set of passwords
• You can write them down, but keep them in a safe place

No one is immune to having their accounts compromised, and weak passwords are often the method. So take some time this weekend to secure your world by setting strong, unique passwords for all of your accounts.

Here are links to the resources I mentioned in the article (they’re all free):

• About the Twitter worm
• KeePass password manager, available for Windows, Mac, and smart phones
• ExpandURL for expanding shortened links
• McAfee SiteAdvisor
  • and, in a similar vein, LinkExtend for Firefox

If you found this information helpful, sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.