Category: Software

Buying Free Software

Recently some people have been tricked into paying for OpenOffice.

OpenOffice is a free alternative to Microsoft Office. You can download it for free from here: http://www.openoffice.org/ . Don’t download it from anywhere else other than the official site.

If anyone asks you to pay for this then they’re trying to cheat you. There’s no reason to pay for the software, and there are no subscriptions you need to use it.

Disclaimer: while the software is free for anyone to download and use, you need to have an internet connection, and most people pay for their internet. This is just common sense. If this is a problem, sometimes computer magazines download it for you and put it on a DVD bundled with the magazine. Again the software is free but you have to pay for the magazine. This too is common sense. And it’s completely legal to copy it from someone else.

Mobile Spy on iPhone

surveillance camera This one of those legal spyware programs I mentioned recently. Mobile Spy is used to secretly record SMS and calling data on a phone. It already existed for Symbian and Windows Mobile phones – now it’s available for iPhones.

They claim it runs in a stealth mode to make it difficult to detect. It silently records all SMS text messages and information about all calls. It then uploads this information to a private account on the web.

Apparently future versions of this program will also capture GPS information and details of any emails sent or received.

Why is this legal?

I can’t really comment on the legal side, and it would be different in each country. The company that makes it, Retina-X Studios, is selling this product to worried parents or employers to monitor their children/staff.

How is it installed?

Someone has to have physical access to the iPhone to install it. They need to purchase the program (US$99), and it seems the phone needs to be "jailbroken" – a hack that voids the phone’s warranty.

How can you prevent it?

Firstly, don’t lend your iPhone to people or leave it lying around.

I’m not aware of any anti-virus programs for the iPhone that detects this yet but I have my bets on F-Secure, they’re fully aware of what’s happening here. I’ll post an update when something new comes up.

Critical Update for Internet Explorer

Microsoft’s Internet Explorer is used by over 500 million people (all Windows PCs have this). A vulnerability was recently discovered and today Microsoft has released a patch to fix it.

It’s important for everyone to apply this patch (Windows users only). Run Windows Update to receive the new patch, or if your PC is configured to update automatically just follow the prompts that will appear today.

mines The vulnerability is activated when you visit a web site that’s been hacked. So far 10,000 hacked web sites have been discovered that will use this vulnerability to install malware on the PC viewing it.

The odds of infecting your PC from browsing innocent web pages are fairly high so apply the patch now. If you need help Microsoft’s security page has some useful links, http://www.microsoft.com/australia/security/default.mspx

Opening Documents

Can you get a virus by opening a .DOC file? How about .RTF or .WRI? Yes, even if you don’t have Word installed.

On Windows these files are traditionally opened by Microsoft Word, and if you don’t have Word installed Windows uses WordPad to open these files.

A new exploit has been found that attacks WordPad. This affects most Windows users, in particular those who don’t have Word or Office installed.

How it works:

  • You see a link to open a document, or you receive an email with a document attached.
  • You open the file (the file name ends with .doc, .rtf, or .wri)
  • It opens a connection across the internet for a hacker to log onto your computer
  • The malicious hacker can do anything from your computer, such as installing more malware, using your computer to commit other crimes, or just watching what you do on your PC.

What you can do to avoid this:

  • Perform regular Windows updates. Microsoft will be publishing a patch to fix this problem soon.
  • Use a good anti virus package. This attempts to prevent you from downloading infected files.

Microsoft has published a document on this vulnerability here.

Multi Function Anti Malware Toolkit

Anti-Malware Toolkit is a package produced by Lunarsoft. It helps you download 37 different tools you can use to protect your PC from all kinds of malware. A few of the tools it can install are quite useful, such as:

Spyware Blaster, CCleaner, RogueRemover, SUPERAntiSpyware, Malwarebytes, Spybot, Hijack This

multi_function_knife I’d recommend this to more experienced PC users. General users are better off investing in commercial products, such as Trend Internet Security (there are a few good packages out there, Trend is just one). I say this because commercial products do most of the thinking for you and for a lot of people security is better this way.

The Anti-Malware toolkit can be downloaded from Lunarsoft’s site: http://www.lunarsoft.net/downloads

Note that it’s for Windows computers only.

Malicious Firefox Add-On

One of the best things you can do to avoid falling victim to malware is to use an alternative browser.

poppies Microsoft’s Internet Explorer (IE) is very popular. Not long ago almost everyone used IE, it comes setup with almost every new PC sold (Windows PCs). And malware writers targeted IE because they could attack a majority of users just by concentrating on exploiting one browser. You could call it tall poppy syndrome.

Today Firefox is extremely popular. It’s gone from a small minority of people using it to an amazing 44% (depending on which statistics you read – I used this one). This makes for a fairly large demographic, and malware writers are taking notice.

There’s a new trojan that hides in a Firefox add-on. Once installed it waits for you to go to an online banking site. When it detects that you’re using online banking it starts recording your actions (account details, your password). Then it sends this off to cyber criminals who auction off your details and eventually someone can log into your online banking and transfer money. This isn’t good.

There are a few things you can do to avoid this:

  • If you want to install an add-on for Firefox, make sure you get it from a well known site. This is the official Mozilla site for Firefox add-ons: https://addons.mozilla.org/en-US/firefox/
  • Use a good anti-virus package (it’s a small investment you make to protect your PC). Make sure it’s kept up to date.
  • Once a web browser becomes too popular it’s time to start looking at less mainstream alternatives. At the moment you should consider Opera, Safari and Chrome (these are available for all the popular platforms)

In summary, Firefox is a very secure browser. It’s also fast and powerful, explaining why it’s become so popular. You just shouldn’t take its security for granted. Most malware infections happen when users are tricked into clicking something they shouldn’t have.

Malicious Messages on Facebook

Some people have received a message on Facebook with the following title:

You look just awesome in this new movie

The message also has a link you can click on. When you click on the link it takes you to a page that looks like a video site, with a title similar to "Secret video by Tom". The page shows an error message asking you to download something to view the video.

If you proceed and click on the download link it downloads (a malicious) file to your computer.

If you continue and install the file it downloads it gives you another error message saying that it didn’t work. What it actually does is install malware on your computer.

By this stage most people wouldn’t suspect that they just downloaded and installed malware, with all the error messages they’ll probably give up and forget about the whole thing.

The malware sits quietly on your PC and when you’re searching for using normal web sites such as Google or Yahoo it then takes you to other malicious sites that install further viruses on your PC. This way you’ll always be installing more and more viruses without realising where they all originate from.

What can you do?

If you get spam in Facebook don’t click on the links. Delete the message.

Don’t fall for tricks such as secret videos of you. They’re designed to pique your interest and encourage you to click on the link provided.

Use a good antivirus package that filters out malicious web pages.

Keyloggers

A keylogger is a small program that sits on your PC quietly capturing each key you press on your keyboard. It either logs each keystroke to a file, or sends it off somewhere on the internet.

It’s used to spy on people. By capturing keystrokes your login and password can be revealed, as well as other confidential information. And usually they’re what’s known as “stealthy” programs – most of the time you wouldn’t know it’s there.

Where do they come from?

There are quite a few keyloggers available. Most are written by hackers (the bad kind). A few are written by commercial software companies (more on that below). 

Are they legal?

Usually no. They’re used as spyware to capture your passwords which is illegal in most places.

How can you detect them?

Use a good anti-spyware program. Most antivirus packages come with this feature these days, others are available separately. There are free ones too. Search Google for current a list.

But there’s another kind of keylogger that you can’t detect this way. You can buy a little plastic device that plugs in between your keyboard and your PC. Since it’s directly connected to the cable hanging off your keyboard it can detect every key stroke and record it. Someone has to have physical access to your PC to install it (and to later remove it). You need to look at the back of your PC where the kayboard plugs in to detect it. Search here for a list of these devices.

News

Recently a US court has looked at a commercial keylogging company called CyberSpy and decided it’s illegal. They’ve ordered CyberSpy to stop selling their software (called RemoteSpy). Unfortunately there are too many alternatives for people keen on spying and stealing passwords. More on this here.

Asus Eee Box PC comes with a virus

Asus usually makes good computers but they messed up with this one. Their new PC, called the Asus Eee Box PC, has been shipping in Japan with a virus called “recycled.exe”. The virus copies itself to removable drives (such as USB flash drives) and attempts to download more malware when it’s connected to the internet.

Only the ones sold in Japan have been affected. Asus have recalled the computers and are fixing the problem. If you bought one already then scan it for viruses.