Triona's Tech Tips

The words “Mac” and “virus” in the same sentence? Yes, folks, Macs get viruses. In fact, Mac malware attacks are escalating to a level I haven’t seen in over a decade. Let’s talk about what you can do to protect yourself.

First, don’t assume that you can’t get a virus just because you have a Mac. All computers can get viruses, and threats like phishing scams and password harvesting affect everyone regardless of the type of computer they use. Pay attention to the advice Windows users receive on how to deal with viruses and Internet threats, because much of the same information applies to you.

Every Mac should be running antivirus software. My personal favorite is Intego VirusBarrier, but a good free alternative is ClamX AV. You also need to make sure your Mac has the latest software patches. Use Software Updates under the Apple menu, but don’t neglect to update your other software, especially Acrobat, Flash, and Microsoft Office.

Be aware that fake antivirus software has infiltrated the Mac universe just as it has the world of Windows. If your Mac displays a message saying that you are infected and need to buy some super-special software, assume it’s snakeoil. Run a bona fide tool like the ones mentioned above, and never, ever click on anything you are not certain is legitimate. When in doubt, use Force-Quit (option-command-escape) instead of the red X to quit.

The world of Internet threats is ever-evolving, so stay tuned to Tech Tips for the latest Mac security help.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews, plus notice of upcoming seminars and other events. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Microsoft provides free antivirus by way of its Security Essentials program (MSE). But MSE is no substitute for a third-party security software suite.

MSE includes basic antivirus and antispyware tools plus a firewall. It was originally designed for consumer use in the USA and as a way to cut down on rampant virus problems overseas. As such, while it’s better than nothing, it doesn’t provide the features or functionality of a genuine security suite.

One of the problems with MSE is that too many fake security programs try to emulate it. Just because something looks vaguely Microsoft-y doesn’t necessarily mean it’s genuine. Also, Microsoft is primarily an operating system and productivity software company that does not specialize in security. They may have inadvertent blinders on when it comes to securing their own products, whereas the third party vendors may have more innovation in that area because they are thinking outside the Redmond box.

There is also the danger of homogeneity. When everything on your network uses the same software, you are more susceptible to viruses and malware that exploit the vulnerabilities of that software. In other words, if you live in an XYZ Brand world protected by XYZ Brand tools and along comes a virus that exploits XYZ Brand weaknesses, you’re a sitting duck. That’s true whether XYZ Brand is Microsoft, Apple, or anyone else. Diversifying affords you more protection.

Therefore, I’m sticking with my usual recommendations: AVG, Trend Micro, Avast, Kapersky, and many of the other great security programs out there.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My article in today’s Northwest Herald talks about fake computer cleaning software scams. Like fake antivirus software, fake cleaning programs are scams trying to trick you into installing them on your computer. They show up in search engine results and are advertised via television, radio, and spam emails. You might even get a phone call urging you to purchase a fake software product. I encourage you to avoid any computer cleaning software unless you are positive it is legitimate.

My two favorite tools are CCleaner for Windows and Snow Leopard Cache Cleaner for Mac (which, despite the name, also works on previous versions of the Mac OS as well). I’m particularly fond of these programs because they work by giving you a convenient way to run the tools already built into your Windows or Mac computer. That makes them safe and reliable.

Of course, before you run any utility that might change your computer system, you should always make at least one backup (preferably two or three to different backup devices). These cleaning programs don’t run all the time like your antivirus software, but you can run them whenever you think your computer might be getting a little slow.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

I’ve seen a number of people lately whose Windows computers were infected with a particularly nasty fake antivirus scam called ThinkPoint. Please take precautions to protect yourself against this scam and others like it.

Fake antivirus software is the latest arrow in the cybercriminal’s quiver of scams. These rogue security programs mimic real antivirus programs but are actually viruses in and of themselves. They will do anything and everything to get you to buy them. I’ve written about them here, here, here and here.

What makes ThinkPoint so obnoxious is that it embeds itself by changing your Windows settings so that the ONLY thing that can run on your computer is ThinkPoint. It does this by making itself the shell, or the interface that lets you communicate with your computer’s operating system. In other words, it wraps itself around Windows like a giant eel and won’t let you in unless you buy it.  Of course, you’re not so much buying the software as paying a ransom (which is why such programs are sometimes called ransomware).

Thinkpoint spreads through a variety of means. To gain a toehold, it displays fake Microsoft Security Essentials alerts. Microsoft Security Essentials is a real program, but these alerts are generated by the ThinkPoint virus to trick you into letting it deeper into your computer.

ThinkPoint: Fake Microsoft Security Essentials window

From then on, ThinkPoint displays the following window whenever you try to start your computer.

ThinkPoint hijacking your Windows desktop

If you click the only available option, “Safe Startup,” the software will pretend to scan, pretend to find infections and then start pestering you to pay money to remove them. But the real infection is ThinkPoint itself, and any virus buddies it may invite along for the ride.

ThinkPoint pretends to scan and find viruses

There are ways to remove ThinkPoint, but it can be tricky, especially if there are other infections present on your computer. Malwarebytes is one of my favorite removal tools, but in this case you may have a hard time getting the computer to a point where you can run it. Your best protection against ThinkPoint and other fake security software is prevention. Use a reliable, bona fide security program, use secure passwords, and follow the advice I offered about what to do if your email account is hijacked.

If you’ve been infected by ThinkPoint or other viruses or malware (and are in my service area, Chicago’s north and west suburbs), I would be happy to help you remove them. You can contact me here

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My column in today’s Northwest Herald talks about the recent uptick in hijacked email accounts. Hackers hijack your account in order to prey on your contacts by sending spam, malicious links, and outright requests for money in your name. And not just your email account… Facebook, LinkedIn, and other accounts can also be hijacked.

Here are some things you can do to protect yourself, not just from hijacked accounts but also from viruses, spyware and other Internet threats:

• Use strong passwords that are unique on every system, and change them every few months. Earlier this week I posted an article about how to create secure passwords. This is the number-one thing you can do to prevent your accounts from being hijacked.

• Use a high-quality security software suite. I used to recommend free solutions for Windows like AVG combined with Spybot or AdAware, but these days I’m finding the freebies aren’t enough to protect you. Norton and McAfee will do the job, but Norton in particular tends to take up a lot of memory which may make older machines run more slowly. I prefer AVG’s paid Internet Security Suite or Trend Micro’s Titanium Internet Security or Titanium Maximum Security. If you’re using free AVG, you can get a discount on the full AVG suite if you buy through the “upgrade from free version” option.

Whatever solution you choose, be sure it is a full suite—containing antivirus, anti-spyware, and firewall—and not just antivirus. And be sure it’s real software and not one of the many rogue security programs that are actually viruses in disguise.

Mac users, you need security software too. My personal favorite is Intego VirusBarrier or Internet Security Barrier. If you run Windows on your Mac through Apple’s Boot Camp or a program like VMWare or Parallels, try Intego’s Dual Protection options: VirusBarrier DP or Internet Security Barrier DP. These include BitDefender for Windows to protect the Windows half of your computer.

• Make sure ALL of the software on your computer is regularly updated. In one of my previous Northwest Herald columns, I talked about the dangers of old software. Here on my blog I’ve also talked specifically about the risks posed by old versions of Adobe (Acrobat) Reader and Flash.

• If you’re on Windows, use a browser other than Internet Explorer. Using Firefox or Opera instead of Internet Explorer offers you that much more protection. If you must use Internet Explorer, find out why older versions of Internet Explorer pose a greater risk of virus infection.

• Watch out for poisoned search engine results and learn how to spot bad web links.

• Never click on links or open attachments in email. Always visit the site directly. For example, if you get an email saying you have a new Facebook message, go directly to facebook.com from your Web browser instead of clicking the link in the email.

• Learn about social engineering and how hackers will do anything and everything to trick you into letting them in.

• And, finally, subscribe to the free email version of Triona’s Tech Tips for easy-to-understand tips you can use to protect yourself from the latest Internet threats. You can click this link or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe.”

If you get a phone call saying you have a virus on your computer, hang up.

As reported by researcher Orla Cox on Symantec’s blog, the sellers of fake antivirus and security software have gone old-school and are now phoning victims to peddle their snakeoil. Cox posed as a computer novice to investigate:

Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, “Brian”, proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there.

[Note from Triona: That's because Event Viewer's purpose is to log what Windows is doing. These errors and warnings are part of normal operations and don't necessarily correspond to problems.]

Cox continues:

Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though… To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.

Cox was then urged to send an email with name, address, phone number, email address… and credit card details. If your red flags haven’t already been raised, that should send them to the top of the pole. No legitimate company would ever ask you to email your credit card details, that’s like a burglar asking you to stick your keys under the doormat.

Why are the miscreants behind rogue security software resorting to this tactic? Remember, it’s all about social engineering: the art of getting you to breach your own protections. Real security programs have become so good that the best way to commit cybercrime is to trick you, the person at the keyboard. Just as no security in the world can protect your house if you unlock the door, no security software can protect your computer if you can be tricked into bypassing it. That’s why these scams are called scareware — because they try to scare you into falling for their tricks.

Don’t be a victim of scareware scams. When in doubt, hang up on that fake call, ignore those phony “antivirus” warnings and pay no attention to spam emails. If you think you may have a virus use a real program like AVG’s free antivirus, Malwarebytes’ malware scanner and Trend Micro’s online House Call scanner to determine if you’re infected.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.

Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.

Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.

Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.

How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.