Scareware and ransomware -- What to look for

Today we are going to talk about another type of malware out there that to me is one of the worst. It is the malware that reports that your computer has been compromised and then wants money to fix the problem. It comes in two main types - one is ransomware and it is blatant that your data has been captured and you will need to pay money to get your data back. The second is more commonly called scareware and it acts in a more subtle, but still fraudulent manner. The goal of both is to get your money to fix what they created to start with.

Ransomware is nasty and illegal and it has been around for a very long time. The first documented incident occurred in 1989. Ransomware takes control by either locking down the computer display or an essential service which keeps the computer from working properly. The second method is to encrypt the user's data files, keeping the user from accessing any of their data. Recent cases of ransomware encrypt the users files with an unbreakable 1024 bit code and demand $120 from the user in order to receive the code which will decrypt the files. There are reports that even after you pay the money you will not get the proper information to get your files back.

Scareware works by infecting the target computer and then looking as though it is a legitimate anti virus software that has detected an infection on your computer. The "free version" of the AV software can only detect the infection but cannot remove it. In order to remove the "infection" the user is given a link to website and instructed to buy the full version of the security software. If the user does not buy the full version, the infection gets worse and causes the infected computer to behave worse and worse, potentially causing permanent data loss. Unfortunately, even if the user buys the full version, the infection is not usually removed.

There are ways to remove both ransomware and scareware but there is no reliable way to recover data files that have been affected. The only good defense for this type of attack is to make frequent backups and stay vigilant. If anything pops up on the screen alerting you to the fact that your data is about to be lost, the best thing to do is to pull the plug and consult an expert. It is possible to use one of the Boot CD cleaning tools to remove the infection. However, this will only clean the infection and will not recover data that has been affected.

Fortunately for all of us, ransomware so far is rare because it is obvious extortion and is illegal everywhere. Scareware is still illegal but because of its subtle approach, it is unknown how many users pay for the full version without ever knowing they have been taken.

Computer security is like an onion - or a parfait!

As Donkey in Shrek said so succinctly, "Everybody loves a parfait". The discussion in the movie was about layers and that is the best security philosophy to protecting your computer as well.

The first layer that you should use to protect your home network and computers is a good hardware firewall. Most routers have a firewall built in but you must check out the configuration because the default settings may not be protective enough. You really want to lock the firewall down hard and only poke pinholes in it where you absolutely have to. Think twice, no three times, before you make those changes and open up a hole in your firewall. A properly configured hardware firewall provides layer one security for your entire network inside the firewall, both wired and wireless.

The second layer to be used is a software firewall. All modern OS versions today including MS, Linux and Mac come with a firewall built into the default configuration. For information on the default firewall for your OS, click on these links for Windows, Linux, and Mac. A software firewall provides a second barrier to unauthorized access to your computer and can be customized for the needs of each machine. You can allow software to function on a selective basis. These are called exceptions and these changes will open ports on your computer and allow data traffic in and out of the computer to permit programs to function properly. This way you only open the holes on the computer where you need that kind of access

The third layer is a comprehensive security software. There are many programs out there from many vendors, including free and open source options as well as commercial paid options. The choice is up the user, but on my 7 computers at home I use a combination or free and paid security software. Just make sure that whatever you choose, you keep it updated and keep an eye on it. Do not assume that it will keep itself current, perform regular checks and verify its operation. Configure the security software to perform regular full scans and keep it as tight as you can live with.

Because no vendors security software can possibly protect your computer from everything, I recommend using one or more of the available online scanners on a regular basis to double-check to security of your computer. Many vendors have free online scanners that are easily used to check for possible infections. I use two or three of them at least once a week. These offerings change quickly but a Google search of "free online virus scanner" will guide you to them. Make sure you pick those offered by the big name AV software vendors to make sure you do not get compromised by something malicious masquerading as a AV scanner.

And finally, for those who are true geeks, there are more advance security tools that can detect and clean malware from a system without even using the installed OS.

Do not let yourself be lulled into a false sense of security just because your computer came with AV software installed. Be proactive and make sure it is working properly, and check your layers of security to make sure that you and your family are protected. Everybody may love a parfait, but nobody likes an infected computer.

Is having Android Market online a good thing?

Now you can browse the Android Market on the web, buy, and then trigger the install of apps all from your browser using your google account. Technically if someone else compromised your password they could screw up your phone and buy apps you do not want. But those of us who use google for our stuff keep strong passwords on our account.

Use common sense folks; as more and more stuff moves to the cloud we must realize passwords are like money. Keep them safe and secure. Use a long complex password to protect your accounts and then change them often. This will go a long way to protect your Android market account and the rest of your google informatino also.

Do not blame Google for opening up the functionality of the Android platform, just keep your passwords good ones.

Microsoft reports new IE security flaw

Recently Microsoft reported a potentially serious security flaw in Internet Explorer in every currently supported version. This means that those of us that still use IE for any Internet access are at risk. The vulnerability affects MHTML and although their is published code that proves the vulnerability can be exploited, no cases of this method being used in the wild have been reported.

Microsoft has provided both automated "Fix It" and manual procedures to fix it yourself in this MS knowledge base article. This does not actually fix the flaw but locks down the MHTML system to prevent an attack from being successful.

If you still use Internet Explorer please click on the links above and read the advisory and then implement the workaround for your system. It only takes a minute to do but will help to secure your system.

Remember, security is not a passive activity and requires vigilance and persistence to defeat the attacks.

Microsoft Security Essentials -- Is it good enough?

I have installed MS Security Essentials on the computers of several family members and so far it seems to do its job. It has detected and stopped several attacks before they become infections.

Like so many of us who have been in the technology field for a long time, I am hesitant to put too much power in the hands of one vendor and MS is no exception. Granted, the state of computers would probably not be where it is today without MS but I like to keep my options open. I would like to believe because MS now has released their own security product that it will be great because of the negative press a failure would bring them. But, I do not know if I am ready to put that much faith in their hands. From some of the testing I have seen, MS Security Essentials seems to fair ok but I guess time will tell.

What do you think about MS Security Essentials and what would you recommend to those looking for a free or low cost security solution?