Category Archives: Software

Patch Tuesday

Tomorrow, Tuesday the 13th October, Microsoft is releasing several critical updates to Windows. They fix known security problems so it’s important for all Windows PCs to download these updates.

Microsoft tries to release these updates on Tuesdays, tomorrow’s batch will be larger than usual. So as always, make a backup of your PC’s data today in case the patches cause any problems.

Microsoft Security Essentials

Today Microsoft launched a new anti-virus program called Microsoft Security Essentials. People who have tested it are fairly happy with it, it’s certainly better than not having any anti-virus. And best of all it’s free. It works on Window XP, Windows Vista, and Windows 7.

Free download of Microsoft Security Essentials: http://www.microsoft.com/Security_essentials/

Now I’ve always said that paid anti-virus programs are generally better. I still believe this because you get more security features such as web page scanning, a personal firewall and fraud detection. And with all the online fraud and scams that happen every day you need all the security you can get and that costs money.

But sometimes you really can’t justify paying for anti-virus, like a computer you’re only going to use for a month. So this fits in nicely. Also keep in mind that there are several other good free anti-virus programs out there.

I’d also like to point out that sometimes internet security companies can be biased. Take Symantec as an example. On the same day that Microsoft launches a free anti-virus program Symantec started a campaign telling people that free anti-virus programs are bad. I see it as a clearly biased argument to protect their business. Marketing is always biased, it’s always best to get an independent opinion (Fraudo is not sponsored by any companies, the ads on the right are dynamic and I don’t get to choose them).

Antivirus Comparison

There is an organisation called AV-Comparatives that tests antivirus programs and compares their performance. They’re independent from the antivirus vendors making their tests more useful. So it’s good to look through the results and see which antivirus programs are working better than others.  Below are their top 7 programs, in no specific order:

G Data
Symantec
Avast
F-Secure
BitDefender
eScan
ESET
Full details of their tests are here – click on the August 2009 report. I was surprised to see Trend Micro was missing from the tests. I tried contacting them about it but I haven’t received a response.

So when you’re ready to invest in a good antivirus program for your PC you can use the results of their tests to base your decision.
Also keep in mind there are fake antivirus programs out there, they pretend to do a scan but actually install malware.

GFI Backup

GFI Backup is a simple backup program for Windows. It has enough features for most home users, and it’s free. If you haven’t thought about your own backup strategy this would be a decent program to start with (for Windows users).

For more backup tips read here.

Where Does Spam Come From?

The technology spammers use is always changing. A report released by MessageLabs in June 2009 shows that 83% of spam is currently being sent from botnets. Now let’s explain what a botnet is.

There are people out there who hack into people’s home PCs (the PCs of ordinary people like you and me). They usually write a virus to do this, or pay someone to write the virus. Then when they’ve hacked into a home PC, they add it to a list.

After a few days they can get about 500,000 home computers on their list (yes, they work very fast). So once the hacker has hundreds of thousands of computers on their list, he writes a program that can control them all at once.

Now keep in mind that most home users won’t know their PC has been hacked. Everything still looks normal.

The hacker then sells this list of PCs to a spammer. The technical word for this list of controlled PCs is called a botnet.

A spammer buys this list of hacked computers and the program that controls them all at once. He uses also buys an email list from someone else (a list with millions of people’s email addresses). He presses a button, and all of the home PCs he’s controlling start sending out spam.

Again, home users don’t know their PC is now being used to send out spam. They might notice their internet go a little slower but most people don’t have the technical skill to work out why. It just gets ignored.

The spammer then sits back, relaxes after doing his 5 minutes of work. If anyone gets caught for sending spam it’ll be the home user, not him. The home user is ignorant of what’s going on. The hacker made his money and will do it again. And the cycle repeats again after a few days.

botnet percentageSo how much spam are we talking about?

The largest botnet in operation in June 2009 is sending 74 million spam emails a day, all of this from people’s home computers. That’s a lot of spam.

 

What can you do?

Don’t let your own computer become part of a botnet. Use a good antivirus product, scan for malware, and fix up any problems.

Web Sites That Ask For Your Other Passwords

Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.

mystery cubeOften these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.

It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:

  • Who runs Badoo? Is it some guy sitting at home with no one to answer to?
  • Do you trust the company (such as Badoo) and all of their employees?
  • What is their privacy policy? Who are they accountable to if they breach their privacy policy?
  • Do they store your MSN password? (You have no way of knowing this for sure)
  • Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)

You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.

So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.

I’d like to thank our regular reader Nick for bringing this issue up.

Fake Anti-Virus

There are many fake anti-virus products out there, they try to convince you there’s something wrong with your PC or Mac then either ask you for money to fix it or install real viruses.

This new one’s the kind that asks you for money, it’s called System Security. It begins when you download the program believing it’s a new anti-virus product. It’s designed for Windows PCs.

System Security

When you install it, it pretends to scan your PC, then informs you it found a whole lot of malware on your PC including viruses, adware and spyware. This part is meant to scare and shock you.

Then it does something truly evil, it stops you doing anything on your PC until you “activate” the anti-virus. And by activate they mean pay them money. So at this stage the only thing you can do with your PC is go to the scammer’s website (which looks nice and professional), hand over your credit card details, and they’ll supposedly make your PC work again.

If you happen to download and install this fake product and it blocks your PC from working, don’t give them your credit card details or otherwise pay for it to be unlocked. You will be able to boot your PC in Safe Mode – ask for a PC technician to help you with this if necessary. You’ll then be able to remove the fake anti-virus.

This highlights the importance of using a good anti-virus product, one that’s known and respected in the IT industry. I generally try not to recommend one product over another but below are some of the trusted anti-virus companies available today:

  • Trend Micro
  • Symantec / Norton
  • McAfee
  • F-Secure
  • AVG

There are many more and the market’s always changing. Feel free to write about your preferred products in the comments below. These days you can buy them online or walk into a computer store and buy one.

Windows 7 RC on BitTorrent

Windows 7 Release Candidate (RC) was released recently by Microsoft. It’s free for anyone to download and test it before the final version’s finished. A few days before the official release someone posted a copy on a BitTorrent network. Unfortunately this copy was infected with a trojan that downloads more malware. This is very bad. When you install an operating system such as Windows you have to trust the installation. If you can’t trust the operating system then you shouldn’t be using it. dark stranger What’s wrong with Torrents?

  • Don’t download Windows from file sharing systems such as BitTorrent. Get it from Microsoft or one of their vendors.
  • If you download free operating systems such as Linux from torrents know how to do a checksum test.
  • Don’t use pirated software. Apart from being immoral and illegal, pirated software is often plagued with malware.

What if you already downloaded Windows 7 RC from BitTorrent? The safest thing to do is to download it again from Microsoft’s site, reformat your PC, and reinstall the official version. It can be safely downloaded from: http://www.microsoft.com/Windows/Windows-7/download.aspx As a side note I’d like to point out that Windows 7 RC is a test version, it’s not the finished product. And while it’s free for now it has a couple of restrictions:

  • on 1 March 2010 it will start rebooting every 2 hours
  • on 1 June 2010 it will completely stop working.

Update: There are now 25,000 PCs infected with the malware as a result of downloading the wrong copy of Windows 7 RC. These 25,000 PCs are being controlled by hackers as part of a botnet.

Hacked Version of VLC Player

There is a hacked version of the popular VLC media player. Instead of installing VLC, it starts installing, then asks you to send an SMS to a number. They then send you a code in return to continue installation.

This is wrong. The people that hacked this installer are just trying to make money from your SMS’s. At the moment it’s been detected in the French version of VLC but it could apply to any language.

The real VLC player never asks you to send an SMS. The real VLC player can be downloaded from: http://www.videolan.org/vlc/

If you download it from anywhere else you end up putting your PC at risk. Always download files from the original vendor’s web site. You can search Google to find it.