Rss

Archives for : Malware

How can you get better performance with your Internet connection?

You’ve seen the scam artist advertisements for software programs that do nothing more than install junk-ware on your system.

TV Ad for software that did little to help novice PC users

The thing to remember is that many times your PCs Internt connection is slow becausee of your DNS provider.

Now you might be thinking “what is DNS John?” and I would tell you that this is a good question .

DNS means Domain Name Service. It operates on your computer’s port 53 and acts as the phonebook for the Internet. Here’s how…when you want to order a pizza for dinner, you may have to look up the number to the pizza place online or from an ad that they placed on your doorknob. You do not instinctively know the phone number to the pizza place and that’s okay. It’s normal.

Well in the same way you do not have every phone number that you may need in a day memorized, computers do not keep a track of every possible web site you might want to go to in a day stored in them either. Sure, some days you may bounce from a cable news site to a cable weather outlet to an Internet storefront and finally finish up at an Internet movie house like Youtube.

All of these have an IP address and yes, the sites you visit the most often you might want to save their IP addresses in your hosts file. This can be found in a Windows system in C:\Windows\System32\Drivers\etc\hosts (and note that this file DOES NOT have a file extension).

You can save them in this format:

tech.jchampion.com            50.87.150.160

Now for you to have a better list of sites that are available worldwide on a DNS server. You are no doubt using one of the ones that your Internet service provider told you to use. These DNS servers may use tricks so that in the event you mistype a domain name, you are redirected to a relatively safe site that is hosted by the ISP or the DNS service provider. Any link that appears on these pages that you click on, make money for the service provider and likely put some sort of tracking cookie on to your computer to follow your movements to similar sponsored sites across the vast internet.

One way to speed up your experience and maybe avoid the whole tracking thing, is to use a new DNS provider. I’ll bet you did not think that you could do that but you can?

Simply go your Internet settings on your computer (Control Panel\Network and Internet\Network Connections and choose whichever icon matches your Internet connection). Right click on this icon and select properties. Now select Internet Connection version 4 from the window that pops up and then click on the properties button that highlights directly below that selection box.

Another window will pop up that will give you some options on things to fill out. Leave the top of this window alone if your Internet/network connection is working fine. What you want to fill out is the section that says “Use the following DNS server addresses” — and now you get to fill in any of a series of numbers you like. It looks like this:

The bottom part of this General IP Properties page that has DNS information is what you'll want to fill out.

The bottom part of this General IP Properties page that has DNS information is what you’ll want to fill out.

The IP addresses to populate those boxes are 208.67.222.222 and 208.67.220.220

Google also has a DNS service that is available for the public to use and you can certainly use their IP addresses, 8.8.8.8 and 8.8.4.4 . With these addresses you get away from your ISP’s control but at the same time Google does not provide any level of service to help control or customize your own experience.

A list of other IP addresses for publicly accessible DNS services are listed here — just be sure to check the companies providing the IP addresses that you can use before you use them. You never know what information they could be pushing you to. There is such a thing as DNS poisoning and it is bad.

By bad..I mean that you could think that you are paying for an Amazon or Bank payment service and instead your traffic is directed through JimBob and Bubba-Sue’s scam site that culls your credit card or payment information before passing it along to Amazon or your bank so your purchase goes through and you are unaware anything went wrong, until you see your credit card bill or get that dreaded call from credit card security services.

It’s something to be aware of but do not be afraid. Forge ahead.

My goal in giving you this information is to teach you how to improve things for yourself without needing to spend money on software that does nothing but further bog down your system and worse, entices you to remove files your computer needs to run.

Have fun, be smart, and be independent. There will be more tips coming soon!

 

 

Windows 8 Tips and Shortcuts

Bugs Bunny -courtesy of Warner Bros.

Bugs Bunny -courtesy of Warner Bros.

One thing is definite in the world of IT: change.

Windows 8 is a massive step away from the way we were doing things just four or five months ago. As our laptops and desktops age, and we turn to retail sales outlets to provide us with our much needed “tech fix,” we also get saddled with Windows 8. While it is possible to downgrade your system to Windows 7, provided the company who made your system provides drivers for each component, it is simply easier to adjust and roll with Windows 8.

Now I’m not a fan of the OS. It’s got a learning curve and while it’s not ridiculous, it’s not exactly intuitive. So the trick is to make Windows 8 work for you and you alone.

Here is the first step… getting your start menu back. There are three ways to do this. Methods 1 & 3 are free. Method 1 requires you to do some keyboard work. Steps 2 and 3 require you to download and install software on to your computer that will create a start menu for you.

1) a) right click anywhere where there is empty space on your Windows task bar (that’s the thing on the bottom of the screen with the icons for all over your open and running programs).
b) hover your mouse up to the Toolbars and select New Toolbar from the resulting Window.
c) copy and paste this line and paste it into the select folder Window that pops up: %ProgramData%\Microsoft\Windows\Start Menu and click on Select Folder.
d) Now you have a no-frills and free Start Menu with a list of your programs. You will have to move it over to the corner of the Task Bar wherever
you want it to reside.

2) Go to Stardock.com, pay $4.99 and download Start8. Install it and you’re good to go with something very similar to your old Windows 7, Vista, or XP start menu. It comes complete with file histories to make it easier to open files that you think are lost on your system.

3) Go to and download a free copy of ClassicShell. It not only gives you a Windows Start menu but it also gives you a chance to get rid of the Metro UI start screen. Again…it’s free and it works.

If you find anything else pretending to do the same thing, please be careful. A lot of malware is disguising itself as a free start menu or Metro UI interface remover.

Next time..we’ll talk about keyboard shortcuts that you can use to speed up your Windows 8 and maybe even your Windows 7 experience.

Time to clarify what Geico, State Farm, and OnStar are selling you

No to in-car monitoring

Progressive claims this tool is used for discounts only

“You’ll save with our snapshot discount,” “State Farm has identified you as driving a vehicle with OnStar built into it. We are offering you a discount for having this service.” and there are many other examples of this.

Let us get to the heart of what this is.

For those of you who like to drive all over town but tell your insurance carrier that you drive to work and back only, these devices will root your out and you will receive a hefty price increase instead of the promised price decrease.

Someone would have to be nuts to allow any insurance company to monitor your activity, your driving habits, or let OnStar share your driving information with anyone. Why?

Simple…if you have ever heard of the term “red lining,” which is taking the crime statistics from any community and drawing a red mark on a map and anyone living or working in those areas get to pay higher car insurance rates because you are more at risk than someone who lives and works in a more affluent part of town.

That means that, in terms of odds, you are more likely to have something happen to your insured vehicle. It also means that the insurance company is more likely to see a claim from you.

So enter this world of “snapshot”,”OnStar”, and the various other devices insurers are trying to dangle in front of you attached to a word, “discount”, in order to get you to bite.

And enough people are biting on this lure and companies like Geico, Progressive, State Farm, All-State, and many others are trying to do anything to get you to let them spy on you more than they already are.

But the information that those devices record about your driving habits are tied into your computer. So if you change cd’s or the radio station while driving, if you change lanes without signaling due to a driver or animal moving into your path, or even something as innocuous as braking too severely will count against you and your discount will eventually morph into a significant rate increase.

From the Snapshot provider’s website about the device:

“Data We Collect:
The Snapshot device records vehicle speed and time of day, and when the device is connected and disconnected from the vehicle. It also records the Vehicle Identification Number upon installation. Other information, such as miles driven and rates of acceleration and braking, is derived from the speed and time information recorded by the device.”

Think about this…insurers tie your credit record into your auto insure rate. They tie in things like non-fault accidents into your rate. That’s not to mention the number of times you’ve been uninsured or placed into a high risk pool.

In short…don’t do it. Keep insurers out of your car unless of course, you are the perfect driver and you never drive anywhere except to home and work or home and school.

And for the record…this is, in my opinion, a polite way of asking “can we please put spyware on to your car’s computer to monitor you?”

MyLife.com–why you should avoid it

You see the commercials on TV that someone may be looking for you. It seems like you have old boyfriends/girlfriends lining up to talk to you after all this time and they are doing it at the MyLife.com website.

Well…I accidentally clicked on the MyLife.com site when Google returned it in a search for a former coworker’s email address. What happened next was eye-opening.

First off..you must understand how malware-laden sites work. You visit a site with malware loaders, a popup comes up on your screen telling you that you have a virus and need their “anti-virus solution” or worse, the computer seems to lock up and there is nowhere to click except on a yes or no box on the popup.

If you are smart, you know that clicking on either box, or even on the circle x in the upper righthand corner, to close the window, will result in something being uploaded to your computer without your knowledge. It’s one of the reasons why I found and re-published instructions for creating a shortcut for immediately closing Internet Explorer without triggering any loaders (see this link: http://tech.jchampion.com/?p=16 ).

Well I mention all of this because this is the exact same behavior that the MyLife site exhibits. The site “grabs” Internet Explorer and there is nowhere to click on the page to close the application except inside the popup box that pushes you to register for this pay service. And for the record, you may not be surprised to learn that not very many of your old friends, girlfriends, or boyfriends are looking for you on this site as they probably did not want to pay the fee to contact you either.

And according to Techpaul’s blog ( http://techpaul.wordpress.com/2009/03/06/just-say-no-to-mylifecom/ ), the site is more annoying than nefarious. In order to join you must surrender your contacts list and from that moment on, your friends and family will be spammed relentlessly by the MyLife servers. In addition, it appears that they turn over your contact information to any advertiser whose ad you click on. Hint–there is only one teeny tiny “no” link on those ads while the rest of the ad is a clickable surface. Sneeze and exert pressure on your mouse and the advertiser gains access to your profile/contact information and possibly that of your friends as well.

In short…please stay away from the MyLife.com site and if you have joined, perform a Google search on how to remove your name and information from social networking sites.

I’m back and posting; more Symantec code stolen; and why your Apple really needs an antivirus

After a nine month hiatus, I am back and posting. No I did not have a baby but I did change jobs. I’m no longer the DOD contractor geek but now I’m a full time college professor teaching, among other things, security.

So let’s get started…Symantec initially said that hackers may have stolen their code base but it was for old products. Well that was not entirely truthful. Symantec’s latest announcement said that source code for Norton Antivirus Corporate Edition, Norton Internet Security, pcAnywhere, and Norton GoBack had been taken. This is in addition to the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 that the company acknowledged two weeks ago.

What does this mean? Well if you are one of the many who use Symantec products, it means that you will need to be very careful about what updates for the Symantec software you download. Some of it could be fake.

Also puncturing a hole in a mythical secure operating system, is F-Secure’s announcement that the number of trojans, malware, and loaders for Apple MacOS products climbed this week.

Last year, F-Secure noted that Apple products enjoyed a roller-coaster ride of security. With some months being better than others. Best bet…if you have a Mac, get an antivirus.

And finally…I will be revamping this site a little now that I have more time to devote to it. Remember that the key to keeping crap off of your home computer is to be smart and not download or visit sites that are known for pushing malware on to user’s PC’s. Use Firefox with the NoScript add-in and above all else…stay away from porn and gambling sites.

A good read from OpenDNS

OpenDNS has taken the time to analyze a popular Facebook scam which they describe as a virus. It’s a good read and worth your time to read and understand.

Facebook is so useful and fun but at the same time without vigilance, your system can be easily compromised, your Facebook login stolen, and your friends harassed by one slip of your mouse.

The article can be found at:

http://blog.opendns.com/2011/05/05/facebook-who-views-your-profile-scam/

Also if you’re not using OpenDNS for your home’s network, take a look at how easy it is to setup and use while you’re on their site. The service is free and you can block ads, malware sites, and other types of sites from interupting your browsing session. Their site is OpenDNS.com

Clicking on an Osama picture can be hazardous to your computer

Malware purveyors keep looking for the next thing to convince you to click on download/”Look at this!” type of links. Sunday night’s announcement of Osama Bin Laden’s (I don’t really care if I spell that name right–the terrorist doesn’t deserve for it to be spelled correctly) death and the subsequent details coupled with America’s thirst for blood and gore mean that the pickings are ripe for malware purveyors.

So Facebook users…you’re up first. You are a prime target because most of you are not all that computer saavy and most click on anything that looks tantalizing…afterall if it looks salacious it must be awesome, right? And also if no one knows I clicked on the gory details link, what’s the worst that can happen? After all, there is that big “X” in the upper right hand corner of my browser right?

The FBI knew this was going to happen and issued a press release to the American public warning people about such links:

“The FBI today warns computer users to exercise caution when they receive e-mails that purport to
show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could
damage your computer. This malicious software, or ‘malware’, can embed itself in computers and
spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members.
These viruses are often programmed to steal your personally identifiable information.”

So what does this mean to you, the common user? It’s simple. Until the Obama administration announces it has released photographs and/or videos, there are no such things. You should pay full attention to the FBI’s warning. Click on nothing that you do not know. Click on only those things you were expecting and from trusted sources after using your anti-virus/anti-malware to the fullest.

Finally…if you do accidentally stumble into one of these traps…follow the regular steps to remove malware viruses from your computer. If you don’t know what these are, then you should be extra careful about the things you click on.

The Epsilon Breach Just Keeps Getting Worse

When it first happened, media from CNN, Fox, Time, NY Times, Washington Times, and other popularity driven news organizations did the lazy thing and reported the press release that Epsilon and those companies who turned over your personal information to Epsilon wrote to give the information they wanted you to think was true.

Epsilon Breach Press release

But the information contained in that release, like most press releases, is misleading at best and downright false at worst.

Here’s why…spam and spear phishing are the least of your worries in a breach of this kind. Coupled with other information email addresses, usernames, and companies you deal with can tell a lot about you and give identity thieves and identity sellers, loads of personal information to gain access into your life.

Not to mention that the folks who stole this information want you to turn over your computer to them. While they don’t want the electric bill from running it, they do want to use its CPU cycles, ram, and hard drive space to rent out to spammers, malware providers, adware servers, adult oriented material, child pornography, and let’s not forget about general mischief.

So how do you protect your from all of this sad activity?

1) Never click on links in incoming emails.
2) Use a good anti-virus/anti-malware/firewall.
3) Use common sense. Do not load photos/images just because a friend, an acquaintance, or someone else you may know sent them to you. Using steganography, a user can load javascript loaders, into the cutesie images that are sent to you and those can be used to begin delivery of malware, spyware, or other stuff you just don’t want on your system.
4) Stop sending emails that are meant to be forwarded. These give hackers an idea about which users are more susceptible to attack than others.

Finally–the reason why spam and malware continue to spread is because people are allowing the tools that come with their PC’s to expire, or just think a sofware firewall is sufficient. And let’s not forget the profit margin. Sending spam is quite profitable and people keep opening it, reading it, and responding to it.

It’s so profitable in fact, that many of the original spam factories of the 90’s are now legitimate email marketing companies.

So please…take responsibility for your computing actions. If you cannot afford to pay for the Symantec/McAfee software subscription that comes with your new computer…have a tech remove it and install Microsoft Security Essentials, AVG, Avast, Avira, or some other free anti-virus option.

Two Facebook search boxes are worse than one

FaceBook resource site, AllFacebook.com is announcing today that Facebook itself is denying testing a web search tool and additional search box on your page. The “search box” which looks like this:

Facebook fake search box from AllFacebook.com

Facebook fake search box from AllFacebook.com

 

So now the question is…what is this and what can you do about it?

Well Facebook has a tool created in cooperation with McAfee that can help you locate, isolate, and remove any malware that may be on your system.

http://www.mcafee.com/US/

If you have questions..just ask.

Video Malware attacks on Facebook

See any posts like this lately?

Example of malware video post on Facebook

Here is an example of a malware video post on Facebook

This is the latest wave of malware loaders to hit Facebook. Facebook assumes that you are a responsible PC owner and leave it up to you what you will and won’t click on.

But make no mistake…this is a trojan horse that delivers a negative software load on to your pc and may create a bigger hole for worse stuff to load on to it later down the line.

If you click on one of these links accidentally…immediate use the Kill IE button we created last night and then download a copy of MalwareBytes. Then update the MalwareBytes definitions and finally run a scan on your system.

Warn your friends and family members who are on Facebook about this and let’s stop this replication.

Be leery of videos that say “SICK” “FUNNY” or anything else that seems unusual. Also look at the url that the video is hosted on. If the video comes from YouTube, Vevo, MTV, Comedy Central or other trusted sources you are okay.

If the video is hosted on a site you have never heard of…DON’T CLICK ON IT!