Pensacola Computer Help Technoblog

On today’s internet, you can never be too careful about what you view or download. A good antivirus is essential for anyone using the internet for more than the most basic of tasks, but there are many options available, and they are not equal in the quality or degree of protection they provide.

Two of the most popular Antivirus software’s are Norton’s antivirus and Mcaffee, unfortunately, due to their popularity and the fact that they are pre-installed as trial versions on so many computers, these are often the first two Antivirus software’s that virus writers work to disable and this greatly reduces their effectiveness. While there are quite a few advanced security suites that are fee based, the comprehensive solutions too often bombard the user with constant pop-ups asking what to do, and for most people these become such an annoyance that they either just click on them to get them out of the way, or disable them, which defeats the purpose of having those features in the first place. Generally for most users, a free version of one of the current Antivirus software’s will provide adequate protection with minimal annoyance.

A good choice, and one that comes without costly subscriptions, is Avast Free Antivirus [http://www.avast.com/en-us/index]. Avast is a very old brand, originating in 1988 as a tiny program designed by two Czechoslovakian university students to remove the then-common Vienna virus. Today, it is a major competitor in the antivirus market, with over 150 million users. The latest iteration of the software has three versions (Free, Pro, and Internet Security) [http://www.avast.com/en-us/free-antivirus-download]. The Pro and Internet Security versions come with some additional features, such as spam blocking and an integrated firewall, but for the majority of users, the free version provides enough security.

The most basic component of Avast (and any antivirus) is the ability to scan your computer for malware and then to remove any that is found. In this field, Avast can hold its own with other similar products. What makes Avast great, however, is the inclusion of so many extra features. First, there’s an entire suite of real-time scanners, checking websites, network connections, emails, and even scripts running in the background. If any signs of malware or suspicious behaviors are found, Avast will alert you and provide options to terminate the connection or process before damage can be done. Also included is “sandbox mode”, which isolates programs from accessing any important system files until you approve them as safe. Avast also makes use of cloud streaming technology. It uses this technology both to stream updates to your computer and to keep a database of programs. When a program is run, Avast checks against the cloud database to see what the reputation of the program is. If the program has been marked as dangerous or is unknown to Avast, it will warn you and offer to run the program in sandbox mode until you decide whether to risk it.

For our Pensacola area readers, if your computer does become infected with a virus, there are a few posts here you might want to read such as “Pensacola – Why do I keep getting viruses and malware on my computer?, and “Pensacola Computers Presents – How to Use System Restore in XP”

Alas, if you cannot get past a nasty virus, please visit http://pensacolacomputers.com where you can find information to help you or contact info for immediate computer service and repair.

Unfortunately, in my job I see a lot of computers that have gotten a virus or malware and need to be fixed (and not just PC’s but Mac’s as well lately). While some infections are due to lack of adequate protection – up-to-date antivirus and antimalware/antispyware software, others are due to people falling prey to social engineered malware (fake links on facebook etc), or people accidentally clicking on things, or one of the ones I really dislike – a virus coming in through one of the mass forwarded emails.

It is a misconception that just because you have antivirus/antimalware software that it will protect you 100% – even the best software is hard pressed to protect a computer when someone allows something to come in by clicking ok, yes, or installing questionable software or downloading questionable files (yes, all of the people using limewire, frostwire, or torrent software – you all are at risk every time you download a shared file!). Many times a virus or malware will get onto a computer because someone has installed some ‘toolbar’, ‘searchbar’, screen-saver, coupon printer, rebate searcher, or other such program like those worthless ‘speed up my computer’ programs that are either badly written or are actually malicious and downloads other bad software behind the scenes. **Special note: Almost ALL of the speed up my PC programs are basically worthless and can often do much more damage to your computer than good. Anything that messes with the Windows Registry can damage your Windows installation if it remove the wrong things, and many of them do that!

So what can you do to better protect yourself and your computer from these nasties? Here is a short list of things that I always recommend following to eliminate the most common ways that a computer can get a virus, malware or spyware.

1. Never click on links from social networks such as facebook, or links in emails – regardless of what a link says it is, it can easily be made to hide something else. What you can do is right click on the link, select ‘copy shortcut’ then paste that into the address bar of your browser to see what it really is (or if you have the status bar in your browser enabled, you can often see it there) – if you don’t recognize the link or it looks suspicious – DON’T GO THERE!

2. Never open email attachments unless you specifically know that the specific person who sent you that specific email was sending you that specific attachement – too often people will get an email from a friend or family member that has an attachment and that attachment is a virus that a virus on their computer sent without them even knowing about it. If you don’t know what it is, and weren’t expecting it – DON’T OPEN IT!

3. Don’t download songs, software, videos etc from file sharing networks – when you use software such as Limewire, Frostwire, Vuze, or other torrent or file sharing software to download things you always take a big risk because you have no way of knowing where exactly the files are coming from, or if they have been altered – even a song can hide a virus or malware within it and it won’t activate until you play it. Also the majority of software ‘cracks’ or ‘activators’ have malicious viruses in them. Not to mention that downloading copywrited material is also illegal

4: Keep your antivirus and antimalware/antispyware software as well as your operating system software up to date! It is always important to update your system regularly as the software updates often carry fixes for security issues that have been found and without them you are much more vulnerable. Also update your OS to the latest version (yes, if you are still running Windows XP you might have to get a new computer, but XP is 11 years old and was never designed to handle today’s internet).

5: Beware programs like coupon printers, rebate searches, search toolbars, browser add-on’s, screen savers, and especially the fix all or speed up pc programs. Many times these programs are either malicous themselves or are so poorly coded that they make it much easier for bad things to get onto your computer – IF IT ISN’T FROM A TRUSTED SOURCE – DON’T INSTALL IT!

If your computer does get a virus, try to remove it with your antivirus/antimalware/antispyware software, or you can try to do a Windows system restore to a time before you got the virus (as opposed to a full computer factory restore which will wipe all your data).

Got a virus or malware and not sure what to do? If you run into something particularly nasty or need some advice on how to get rid of something, or just need great computer service or computer repair, visit http://pensacolacomputers.com and give us a call.

Microsoft has just released Security Essentials 2.0 (MSE 2.0), which includes a number of enhanced features. In this latest version there is a updated and reportedly much better hueristic scanning engine for viruses and malware (heuristics look for virus/malware like behavior on your computer). Also included is improved integration with Windows Firewall, and new network traffic inspection.  The firewall enhancements are only available to those running Vista or Windows 7 as Windows XP does not have the needed platform to run (if you are still on XP, it is really time to seriously consider upgrading as XP is now 10 years old and was never designed for today’s internet or programs).

Microsoft Security Essentials integrates with Internet Explorer to protect your machine from Web threats like malicous scripts. With the increasing number of viruses and malware spreading to all computers from social networking sites like Facebook, and the constant email bombardment, it is imperative to make sure that you have active and updated anti-virus and antispyware/antimalware software on our computer  (yes, even Macs and Linux machines are now getting infected with viruses and malware).

The best part of Microsoft Security Essentials is that it is free for home users as well as being free for small businesses with 10 PC’s or fewer. While only time will tell how effetive this latest version is, I would certainly recommend using it in place of software like Nortons or Mcaffee (both of which are often first targets for virus and malware writers).

You can download Microsoft Security Essentials free directly from Microsoft here: http://www.microsoft.com/security_essentials/
*Note: Microsoft Security Essentials, like most antivirus software cannot be installed with other antivirus software as well as some other security software, so make sure to remove other security software before installing it.

For links to other free security software or help with Malware, Spyware and Virus removal, visit Pensacola Computers Tech Support page

This past week, Facebook has once again been the target of a massive malware attack, this time through a huge emailing campaign that sent out millions of fake emails that read “Because of the measure taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document.” – Of course, the attachment is malware that includes password stealing Trojans, downloaders and scareware fake antivirus software. Opening the attachment is of course on of the big no-no’s in computer security – you should never ever open an attachment unless you specifically know the person and that they have told you that they were sending you an attachment. Facebook continues to be one of the highest used vectors for the spread of malware, and a lot of the danger comes from the inadequate security measures that Facebook takes in regards to its users.

Also this week, the cybercriminals have targeted college basketball fans and celebrity gossip watchers (specifically the Jesse James/Sandra Bullock story).  These criminals have very slickly optimized their malware infested webpages for the search engines. Security biggee Mcafee reported that 5 out of the first 10 hot searches on Google Trends were sites that had been hacked to serve malware. Most of these sites are not dangerours to systems that are protected, however there are many people who do not keep their antivirus/antispyware software up to date and are vulnerable.

The greatest defense to all of these things is of course to not visit such sites – however that is not always practical. Keeping up to date security software, and never EVER downloading software without knowing the source, and never EVER opening attachments in emails without first verifying the source and content are important practices to follow. Remember, if you get a pop-up saying to update your Flash player, or Quicktime or anything else, Do NOT allow it to install anything – instead go to the source of the software, ie: Adobe.com for Flash, or Apple for quicktime etc.

Here in Pensacola, approx 60% of the computers I have had to clean malware and viruses off of got infected from Facebook, so for users of this popular social networking site, I advise extra caution. One of the easiest ways to get infected on Facebook is from a friend who has had their account hacked (usually because of using an easy to guess password – make sure to always use a complex password on such sites!).  One an account is hacked, the hackers send out messages to all the friends on the persons lists, usually with links to infected websites, so be careful even of messages from friends!

For links to great free and paid for antivirus and antispyware, visit Pensacola Computers.Com Tech Support page

Win Antivirus 2009, it’s not an antivirus program, rather it is a particularly nasty piece of malware that will infect your machine, tell you that your machine is infected (all the stuff it says you are infected with is bogus), and will try to get you to purchase something that will ‘clean’ your system, when in fact it will just infect it further. What is particularly nasty about this program is that it often bundles even more garbage on your system and the resultant infection can be almost impossible to remove. Besides hitting you with constant popups telling you that your system is infected, it will slow your internet browsing to a crawl, redirect your web searches, and it, or one of the other bits of crap it installs, can disable your antivirus, block you from downloading products that can actually detect and remove some parts of it, disable your system restore points, replace critical system files, install other nasties like keyloggers which can steal your passwords, infect your email program and send off copies of other malware to your contacts, and generally just make your system unusable.

While I have read of many different methods to remove this infection, due to the nature of it, the only guaranteed way to ensure a clean system after a nasty infection like this is to wipe the drive and reinstall Windows. This is often the cheapest (in terms of time) and pretty much the only sure fire way to make sure your system is clean.

So how do these infections spread? There are a few ways that such nasty malware is spread across the internet, some of the more popular ways are through email attachments (never open attachements unless you know specifically that someone was sending you something, as even if the email comes from a friend, they themselves may be infected, and it is the virus that sent the email and not them), another way is through false ‘updates’, like if you go to a website that says something like “in order to view this content you need to update your flash player, or quicktime, or you need some kind of codec” – when you get something like this, NEVER install from that site. If you actually do need an update to flash, go to adobe.com, for quicktime, go to apple.com, for other codecs, go to the manufacturer. Once you have the latest update, or if you already do, and you still get those kind of popups, then you can be pretty much assured that it is a scam. These kind of things can also come from some spoofed Ecard sites, ie: you get an email from a known friend or associate that has a link to view an ecard they sent you, and when you go to the site, it says something like “click here to install the ecard viewer” – this is most commonly another way to install garbage on your computer.

Most importantly, make sure you are running current antivirus and antispyware programs. If you are unsure of something, don’t click on it. If you do get infected, as soon as you experience symptoms, try to do a system restore to a point before you got infected (sometimes you can’t as the system restore points are removed by the virus). In cases where you can’t get rid of it, take it to a professional, or if you are comfortable doing it yourself, back up all your important files, and reinstall Windows (a fresh install of Windows can be a good thing in terms of bringing back the speed to your system). Just make sure to update Windows with all the patches and service packs before venturing back out onto the internet!

Recently I have had a lot of people come to me with Virus and Spyware infected computers, and many people have asked me why has this happened to them, and if it is even safe anymore to go on the internet. My answer is of course not easy – it is yes, and no. Yes the internet can be safe if you take reasonable precautions. Never open email attachments (even from people you know) unless you specifically know that someone was sending you something. Many viruses will infect a computer, harvest email addresses from address books on it, and unknowingly to the computer owner, send copies of itself to all that persons contacts. Always run a current Antivirus and Anti-spyware product (usually a combination of anti-spyware products is best, though never run more than one Antivirus).  Make sure that Windows is up to date with the latest security patches (these generally are released on Tuesday’s, although Microsoft will sometimes release them on other days if it is a serious threat that they address. Never, ever, click on links in an email as they are often what are called misleading links – although the link may say something like https://yourbank.com, the actual link may be something like https://yourbank.com.imahackerinchina.cn (you can tell the actual link by right clicking on it, choosing copy link, then pasting it in a text document). These malicious links can be anything from a spoofing site (designed to get your passwords), to a site with malicious code that will try to hijack your web browser, or download a virus or spyware.

You should also run some kind of firewall on your computer to keep hackers out – the best solution is to use a hardware router with a built in firewall along with some kind of software firewall. The router solution is often the best first line of defense as a hacker will generally only see the router and not any of your computers behind it. Also, beware of file sharing sites such as limewire, and torrents. Many of the files shared on these networks, in addition to being illegal copies, are full of viruses and spyware.

Most infections on computers get there because at some point, the computer user clicked a button allowing something to be installed. All the security in the world cannot do much if a user allows something to be installed in the first place. While most good Antivirus and Antispyware products will catch malicious programs when they are downloaded and installed, when a new Virus or Spyware program is first released on the internet, it often takes a while before the Antivirus/Antispyware software will have updated definitions to find it. If you happen to allow it to be installed, by the time the security software on your computer finds it, it may well be to late as many of these malicious programs can pretty much wipe out a Windows installation (and for you Mac users out there – Macs are no more secure than Windows in any way, as a matter of fact they are more vulnerable in many ways – it’s just that there aren’t many viruses that are written to attack them - yet).

In the end, your best defense is common sense and using good security practices. The other important thing, and this is probably the MOST IMPORTANT: always, always keep current backups of your important files. If by chance your computer does get a bad infection, often a Windows Reinstall is the best, cheapeast, and easiest way to safely remove it, however if you don’t have backups, this can cause additional problems as well as costs.

Lately, one of the nastiest spyware/viruses out there causes pop-ups that tell you your computer is infected – this is just another ploy to get you to click and buy even more garbage. Unfortunately, some of these infections are very nasty because they disable your system restore, redirect your web browser, and some will even stop you from installing programs that can find and kill them.

Some of these real nasty ones are what they call polymorphic – they will recreate themselves using random file names, hide copies of themselves all throughout your files, and some will even release time bombs (applications that lay dormant for a specific period of time, making them very hard to be found and killed). While most of these infections can be removed, sometimes the removal process is very time consuming (sometimes not though), and there comes a time when you have to balance whether it is worth the time to try to kill these vermin, or if it is a better use of time to just wipe and reinstall Windows (reinstalling Windows is sometimes the only guaranteed way of ridding yourself of some of these pests for good).

So what can you do to protect yourself? First, make sure you have up to date antispyware and antivirus programs and definitions. Scan your computer regularly. Never open unknown Email attachments. And NEVER install anything that you aren’t sure of (many times these malicious files come when you visit a website and you get a box telling you that you need to install something to view the content) – generally if it isn’t something that you can get from a reputable site, like Adobe’s flash, or Windows media player, or  Java, you could be risking your computer’s health by downloading an unknown plugin or program.