Entries Tagged as 'Virus / Malware / Spyware'


Blackhats. Hackers who use their skills for explicitly criminal or other malicious ends, such as writing malware (malicious software) to steal credit card numbers and banking data or by phishing; a.k.a. the Bad Guys.

Phishing. The practice of sending out fake email messages that look as if they come from a trusted person or institution-usually a bank-in order to trick people into handing over confidential information. The emails often direct you to a website that looks like that of the real financial institution. But it is a fake and has been rigged to collect your personal information, such as passwords, credit card numbers and bank account numbers, and transmit them to the Bad Guys.

Man-in-the-middle. An attack in which a criminal hacker intercepts information sent between your computer and the website of your financial institution and then uses that information to impersonate you in cyberspace. The hacker is able to defeat even very sophisticated security measures and gain access to your account.

Botnet. Botnets consist of large numbers of hijacked computers that are under the remote control of a criminal or a criminal organization. The hijacked computers-a.k.a. “zombies” or “bots” (short for “robots”) – are recruited using viruses spread by email or drive-by downloads. Worms are used to find and recruit additional computers. The biggest botnets consist of thousands and even millions of computers, most often unprotected home computers.

Virus. A malicious program that usually requires some action on the part of a user in order to infect a computer; for example, opening an infected attachment or clicking on a link in a rigged email may trigger a virus to infect your computer.

Drive-by Download. A kind of malware that installs itself automatically when you visit a booby-trapped website. Symptoms of a drive-by download include: your homepage has been changed, unwanted toolbars have been added, and unfamiliar bookmarks appear in your browser.

Worm. Self-replicating malware that, for instance, hunts down unprotected computers and recruits them for criminal or other malicious purposes. Unlike a virus, worms do not require any action on your part in order to infect your computer.

Fake Anti-Virus. Fake anti-virus software purports to be a helpful program than can find and remove malware, but in fact it is malware–the very thing that it’s supposed to eliminate. After taking over your computer, it pretends to do security scans, tells you it has found malware, and then asks you to pay to have the non-existent malware removed. Whether or not you pay, fake anti-virus is likely to install more malware.

Whitehats. Hackers who use their skills for positive ends, and often for thwarting blackhats. Many whitehats are security professionals who spend their time identifying and fixing vulnerabilities in software that blackhats seek to exploit for criminal or other malicious purposes.

Security suite. A set of software applications designed to protect your computer that consists of anti-virus, anti-malware and a personal firewall.

Anti-virus and anti-malware. Helpful software applications that scan your computer for certain patterns of infection. The patterns they scan for are the signatures, or definitions, of known forms of malware. Since Bad Guys are creating new forms of malware continuously, it is important that you keep your anti-virus and anti-malware definitions updated. See the “Patches and Updates” section below.

Personal firewall. Software that monitors incoming and outgoing traffic on your computer and checks for suspicious patterns indicating the presence of malware or other malicious activity. A personal firewall alerts you to these threats and attempts to block them. Like anti-virus and anti-malware software, personal firewalls require frequent updates to provide effective protection.

Updates. Security software relies on frequent updates in order to be able to counteract previously undetected forms of malware. Consequently, your computer may suffer a “window of  vulnerability” between the time a new form of malware is identified and the time when your security software can block it or remove the infection. Set your security software to update automatically.

Patches. Operating systems, like Windows and OS X, and software applications, such as Internet Explorer and Firefox, may be found to contain security flaws or holes that make your computer vulnerable to attack. Their makers release patches to plug the holes. The fastest and surest way to get these installed quickly is to use auto-updating via the Internet. Some software applications require manual updating. See the “Patches and Updates” section below.

Black Tuesday a.k.a. Patch Tuesday. On the second Tuesday of each month Microsoft releases security patches for Windows, Internet Explorer, Office and its other software products. You can have these installed automatically using Microsoft Update. See the “Patches and Updates” section below.

Auto-updating. A software tool built into Windows (“Microsoft Update”) and OS X (“Auto Update”) and many other applications which can download and install important security updates and patches for software installed on your computer automatically. See the “Patches and Updates” section below.

From SANS Institute

Originally posted 2010-11-21 02:00:26.


A couple weeks ago my avast! anti-virus popped up a Window that wanted to reboot the machine, then indicated to me I had NO protection.

Apparently my one year (actually fourteen month) free subscription was up, and it wanted to enter a new registration code.  The software takes you to a screen where you can purchase a subscription, or you can navigate to the free avast! site and request a new registration code (that’s good for another fourteen months).

Now I think a great deal of avast!, it seems to find more mal-ware than most of it’s competitors, is clean and easy to use,  doesn’t try to take over your computer, and you can’t argue with the price.  But I think it’s a HORRIBLE thing for a anti-virus program to just stop working.  I don’t have any problem with it prohibiting updates of the program or signature file until you update; and I certainly don’t have a problem with it popping up a warning every time you boot (or even including  a warning right above the systray like it does when it detects a potential virus) — but to stop providing the service that you depend on it for without any warning before hand… that’s just wrong.

I certainly hope the avast! people reconsider this draconian behavior; I can’t continue to recommend avast! as a good anti-virus solution if it’s just going to leave you high and dry without a reasonable warning.

Originally posted 2009-02-25 01:00:39.

Computer Tid Bits; Malware

Computer viruses, worms, trojans, etc are on the rise… if your computer is connected directly to the internet (or on a public wireless network) you’ll definitely want to have a firewall enabled.  The firewall in Windows XP SP2 (or better) and Vista is reasonably good (so there’s no reason to spend money on one).

Also, you should definitely consider running Windows Defender (free from Microsoft) and a Virus scanner.

Two good free Virus scanners are Avast and AVG.

Avast is extremely thorough, but can put a bit of a load on lower end systems.  AVG isn’t as thorough, but a great deal lighter on CPU.  Also, Avast will require you to register for a key — you can use a throw-away email address (from my experience they don’t seem to SPAM).



Originally posted 2008-05-09 18:20:12.

Anti-Malware Programs

First, malware is a reality and no operating system is immune to it.

Malware is most common on operating systems that are prevalent (no reason to target 1% of the installed base now is there); so an obscure operating system is far less likely to be the target of malware.

Malware is most common on popular operating systems that generally do not require elevation of privileges to install (OS-X, *nix, Vista, and Server 2008 all require that a user elevate their privileges before installing software, even if they have rights to administer the machine).

The reality is that even a seasoned computer professional can be “tricked” into installing malware; and the only safe computer is a computer that’s disconnected from the rest the world and doesn’t have any way to get new software onto it (that would probably be a fairly useless computer).

Beyond exercising common sense, just not installing software you don’t need or are unsure of (remember, you can install and test software in a virtual machine using UNDO disks before you commit it to a real machine), and using a hardware “firewall” (residential gateway devices should be fine as long as you change the default password, disable WAN administration, and use WPA or WPA2 on your wireless network) between you and your high-speed internet connection; using anti-malware software is your best line of defense.

There are a lot of choices out there, but one of the best you’ll find is Avast! — there’s a free edition for non-commercial use, and of course several commercial version for workstations and servers.

My experience is that on all but the slowest computers Avast! performs well, and catches more malware than most any of the big-name commercial solutions.

For slower computers that you need mal-ware protection for, consider AVG (they also have a free version for non-commercial use); I don’t find it quite as good as Avast! at stopping as wide a range of threats, but it’s much lower on resource demands (and that helps to keep your legacy machine usable).

Originally posted 2009-01-02 12:00:01.

Grasping at nothing with billions

Intel paid 7.7 billion dollars (US) for McAfee Associates.

WTF is up with Paul Otellini?

Does he really think that having pathetically outdated security technology is going to help keep Intel in control of computing in the ever changing landscape of mobile computing?

Clearly Intel must be in the dark about how modern software is built from the ground up to resist the security issues that plagues the old cobbled together systems of the past (ie Windoze).  Obviously, though, Intel understands that their dominance in the computing arena is likely to fade — but spending this kind of money is just insane.

One thing is clear — Intel is massively over charging for it’s processors if they can afford to dump nearly $8B US into the trash can.

Originally posted 2010-08-27 02:00:20.

Microsoft Security Essentials

Almost six months ago I wrote a BLOG post that was largely indifferent to Microsoft Security Essentials.  In that time I’ve begun to use Microsoft Security Essentials on more and more machines.

I migrated my Windows XP Professional virtual machines running under VirtualBox and Hyper-V  to Microsoft Security Essentials because I noted it seemed to take less CPU than Avast.

Since I was running both Avast and Microsoft Security Essentials I could test to see if each of them found the same malware, and I didn’t see any differences (don’t take this as a comprehensive comparison — I only see maybe a half dozen pieces of malware in a year).

When I installed Windows 7 I felt Microsoft Security Essentials was the “natural” choice.

I really grow tired of Avast expiring it’s free license key every years (come on, there’s nothing to be gained by it — and it’s a major annoyance when you have a library of virtual machines that you only use occasionally).

The only thing I really wish Microsoft would do is allow it to be run on Server (at least on Windows Server 2003)… and they could simply say it’s free only for non-commercial use and I’d be fine with that; or just make their money by charging for their monitoring service, not the core anti-malware.

Microsoft Security Essentials

Originally posted 2010-03-23 02:00:10.


I’ve mentioned the Internet Crime Complain Centerbefore, but the US Government also sponsors OnGuard Online with the slogan


While most savvy internet users should be aware of most everything on the site, there’s no harm in taking a minute out and visiting it to see if there’s any suggestions that might make your online experience safer.  You may also want to recommend that your bank, credit union, and credit card company link to them.

Originally posted 2009-01-07 12:00:50.

Virtualization Best Practices, Using UnDo

One of the most powerful features of virtualization is the ability to use undo disk (also called snapshots and checkpoints).

What this allows you to do is set the machine in a mode where you can decide at a later date whether or not you want to keep the changes — which is a great way test out new software in a virtual environment (NOTE:  Acronis TrueImage provides a similar capability in physical machines).

The penalty of using undo disks is that you have to commit all the changes or none of the changes; and the system will run slower.

An alternate to using the built in undo technology of the virtualization system is to copy the disk before you start the machine (it’s just a file on your hard drive), and restore it back afterwards.  Sometimes this is a better solution, particularly if you need the virtual machine to run as fast as possible and you’re not worried about the time it takes to make a copy of the disk before you run the virtual machine (NOTE:  you can simply delete the modified disk and move the copy into place when you’re done — that’s almost instantaneous).

One other thing you’ll want to be sure of is that you start the machine with undo disabled when you want to update the operating system and do maintenance.  You’ll also want to make sure that any checkpoints the operating system has created (Windows calls them “restore points”) are deleted before you complete your maintenance cycle; there’s certainly not any reason (generally) why you’d want multiple levels of “undo”.

I often use the “undo” feature to try out software I download from the internet.  I have a test machine setup with a virus scanner and I can monitor the changes the installation and running of the software attempt to make to the machine.  Plus I can try out the software and decide if it’s something valuable of not.  And there is the case where I will only need to run it once (or very rarely) and don’t want it polluting my real machine.

Developing the discipline of using virtualization with “undo” enabled can save you from a number of headaches, and is in itself a great reason to consider installing and using virtualization technology.

Originally posted 2009-01-14 12:00:42.

Get a free PC safety scan

Microsoft is offering a free scan utility to check your PC for malware (viruses); get rid of junk on your hard drive; and improve your PC’s performance.

It’s part of the Windows Live offering, and an on-demand utility.  You can purchase continuous protection from Microsoft with Windows Live OneCare.


Originally posted 2008-09-03 23:48:46.