Category: security

Malware’s third party path

How to take care in a changing world of cybercrime.

One of the few constants with computer security is that threats are constantly evolving.

Malware – malicious software like computer viruses, worms or Trojan horses – are the most common security threat the ordinary technology home or business users will encounter on their PC, laptop or smartphone.

During the big computer virus epidemic of the early 2000s the main target were Windows 98 or XP machine running Internet Explorer as these were so easy to infect.

Today, it’s harder to infect Windows systems and the malware writers have become more sophisticated in the tools and methods they use to catch victims.

Right now, we’re seeing the malware writers focusing on  weaknesses in third party software such as Java, Flash and Microsoft Office.

Mac users have been affected by the Flashback worm which used flaws in the Java computer program and now Adobe have released an emergency update to their Flash application to fill a security hole that could affect all operating systems.

Along with being more sophisticated in their methods, today’s malware writers are also more organised with real criminal objectives as opposed to the earlier generations that were derided as “script kiddies”.

So there’s real risks in not taking basic steps to protect your computer system.

Have the latest updates

When your system asks you if you want to install updates, do so. Both Macs and PCs have an automatic update function which you should enable and pay attention to.

Individual software packages like Java, Flash and Microsoft Office have their own update reminders which you should also pay attention to.

Sometimes though the malware writers distribute fake updates to fool people into installing their software so if you are suspicious about an update, check online to see if you have the latest version.

Run computers in Restricted User mode

One of the big weaknesses for all systems is there is a tendency to run as an Administrator. In older Windows systems this gives almost complete control over the system and can still create problems in newer systems as well as with Mac or Linux systems.

Every user should be run as a Restricted User and this can be set up in the Windows Control Panel or Mac Preferences.

Have an antivirus

While the antivirus industry loves flogging overpriced and overfeatured software that generally slows your computer down as much as it protects the system, it’s still worthwhile having.

For Windows users, the free Microsoft Security Essentials is fine for most users. For Mac users, the free ClamAV or Sophos Anti-Virus for Mac are good choices.

Use a third party browser

Generally using the built in web browsers – Internet Explorer in Windows and Safari on the Mac – tends to amplify security risks. So use a third party browser like Firefox, Google Chrome or Opera.

Be careful

Malware writers, like all crooks and conmen, try to exploit human weaknesses so their tricks often appeal to our greed, fear or lust.

Try to avoid websites offering pirated software, movies, music or pornography and never click on emails or pop up adverts that claim you’ve won the lottery or been infected with a virus.

Cybercrime is real and growing although we should keep in the threat in perspective and not fall for the hysterical headlines we often see in the media.

The risks are going to continue to evolve as the crooks move onto trying to exploit weaknesses in smartphones, social media platforms and cloud computing services.

Despite this, most people won’t be affected by malware or other computer crime by being careful. Just don’t count on being lucky.

Similar posts:

Are we prepraed to embrace risk?

The world is a dangerous place, can governments protect us?

It’s safe to say the Transport Security Administration – the  TSA – is one of America’s most reviled organisations.

So it’s notable when a former TSA director publicly describes the system the agency administers as “broken” as Kip Hawley did in the Wall Street Journal on the weekend.

 More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.

The underlying question in Kip’s article is “are Americans prepared to accept risk?” The indications are that they aren’t.

One of the conceits of the late twentieth Century was we could engineer risk out of our society; insurance, collateral debt obligations, regulations and technology would ensure we and our assets were safe and comfortable from the world’s ravages.

If everything else failed, help was just an emergency phone call away. Usually that help was government funded.

An overriding lessons from the events of September 11, 2001 and subsequent terrorist attacks in London and Bali is that these risks are real and evolving.

The creation of the TSA, along with the millions of new laws and billions of security related spending in the US and the rest of the world – much of it one suspect misguided – was to create the myth that the government is eliminating the risk of terrorist attacks.

It’s understandable that governments would do this – the modern media loves blame so it’s a no win situation that politicians and public servant find themselves in.

Should a terrorist smuggle plastic explosive onto a plane disguised as baby food then the government will be vilified and careers destroyed.

Yet we’re indignant that mothers with babies are harassed about the harmless supplies they are carrying with them.

It’s a no-win.

This is not an American problem, in Australia we see the same thing with the public vilification of a group of dam engineers blamed for not holding back the massive floods that inundated Brisbane at the end of 2010.

While we should be critical of governments in the post 9/11 era as almost every administration – regardless of their claimed ideology – saw it as an opportunity to extend their powers and spending, we are really the problem.

Today’s society refuses to accept risk; the risk that bad people will do bad things to us, the risk that storms will batter our homes or the risk that will we do our dough on what we were told was a safe investment.

So we demand “the gummint orta do summint”. And the government does.

The sad thing is the risk doesn’t go away. Risk is like toothpaste, squeeze the tube in one place and it oozes out somewhere else.

While Kip Hawley is right in that we need to change how we evaluate and respond to risk, it assumes that we are prepared to accept that Bad Things Happen regardless of what governments do. It’s dubious that we’re prepared to do that.

Similar posts:

Ending the era of Mac complacency

Does the Flashback bug end the Mac’s virus free status?

The news that the Flashback Trojan has infected an estimated 600,000 Apple Mac computers has been greeted with joy by the dozens of industry experts that have predicted a virus holocaust for smug Mac users for nearly a decade.

While the Flashback malware – the earlier versions could be described as a computer Trojan Horse while the later editions are more like a computer worm – is a real risk to Mac users and it’s important to take this risk seriously.

The Netsmarts business site looks at how Mac and Windows users can protect themselves from Flashback and its variants.

One of the key things in the advice is to make sure anybody using the computer has limited rights; as a Managed User on the Mac and as a Limited User in Windows. This dramatically reduces the opportunity for bad things to happen while online.

I’ve discussed previously while user privileges are one of the reasons why the Mac has historically been less prone to infection to virus infections than their Windows cousins.

Microsoft made the decision in the 1990s not to tighten Windows’ security settings and their customers paid the price for the next decade. This was compounded by some poor implementations of various technologies in Microsoft Windows.

This isn’t to say the Mac, or any other computer system, doesn’t have security bugs. Every operating system does and it’s a conceit of everybody immersed in new technologies, be it cloud computing back to horse drawn chariots, to believe their products are magically infallible.

Part of the crowing from the security experts and charlatans who’ve been desperately predicting a “Macapocalypse” for nearly a decade overlook this.

Even with the proven problem of the Flashback virus, its unlikely we’re see the deluge of malware like that of the early 2000s simply because the Mac OSX, Windows 7 and all the other mobile and computer operating systems don’t have the structural flaws that Windows 98, ME and early versions of XP had.

Much of the Mac versus PC argument in security is irrelevant anyway; the main game for scammers and malware writers has moved to social media services like Facebook and this is where computer users need to be very careful.

However the stereotype of the “Smug Mac” user was true, one caller to my radio show claimed he didn’t have a problem with spam because he had a Mac. Nothing could convince him that email spam wasn’t related to the type of computer you used.

To be fair to Apple they never made the claim their computers were invulnerable to malware, apart from the odd dig at Microsoft. Their users did it for them.

That type of smug Mac user are those who do need a wake up call. For the industry though, it’s business as usual although some will be feeling a little smug their hysterical predictions of the last decade came true in a small way last week.

Similar posts:

702 Sydney Weekend computers: April 2012

Join Paul and Simon Marnie to discuss the tech that affects your home and office

On ABC 702 Sydney Weekend computers this Sunday, April 8 from 10.15am Paul Wallbank and Simon Marnie will be looking at the end of innocence for Apple Mac users, the DNS Changer Virus and how political campaigning is coming to a Facebook site near you.

Some of the topics we’ll discuss include;

If you’d like to learn how to protect your Mac or Windows computers from malware, visit our Netsmarts article on the Flashback virus that explains the security settings and suggests some free anti-viruses.

Listeners’ Questions

While we had a great range of calls from listeners, there was only one we promised to get back to. Kay clearly has a virus infection on her Windows computers and we recommend the free MalwareBytes program to clean it up.

Our IT Queries site has more instructions on cleaning up a virus infection if you’re worried about a sick computer.

We love to hear from listeners so feel free call in with your questions or comments on 1300 222 702 or text on 19922702.

If you’re on Twitter you can tweet 702 Sydney on @702sydney and Paul at @paulwallbank.

Should you not be in the Sydney area, you can stream the broadcast through the 702 Sydney website and call in anyway.

Similar posts:

Navigating the Internet jungle

When we’re in the wild, we need to keep our wits about us.

I usually don’t pay much attention to stories about Apple malware given that most hysterical stories about Mac viruses are written by charlatans spruiking third rate security products.

The story of the Flashback Trojan is an interesting one though, not because the malware is particularly original or that it comes with the usual hysterical claim of being part of the coming wave of viruses that will wipe the smug smiles off Mac users’ facers.

Flashback’s interesting because it combines all the tactics of a modern computer virus or malware, bringing together unpatched vulnerabilities and some social engineering with the intention of stealing user passwords.

These are risks regardless of what type of computer, smartphone or tablet you use. It illustrates how the security risks have moved on since the first epidemic of Windows computer viruses just before the beginning of the century.

Similarly, the motivation for writing viruses and malware has evolved. Where it was once an intellectual exercise for bored, highly skilled young code cutters, today it’s a lucrative criminal enterprise aimed at getting access to victim’s bank accounts and other assets.

Which is the reason why it’s a good idea to have different passwords for various online services – no more using the same password for your online banking, Minecraft and Facebook accounts.

Having the latest security patches installed is also important, particularly with third party products like Adobe Flash, Java or Microsoft Office, so don’t ignore those warnings as a caller to one of my radio slots boasted.

We also need to keep our wits about us online and watch out for the sneaky tricks used to fool us into opening malware, it’s a jungle out here on the web.

Similar posts:

ABC702 Weekends: Facebook and your Family

How do we use social media safely and effectively.

For the first 702Sydney Weekend program for the year ABC 702 Sydney Paul Wallbank and Ian Rogerson looked at how to use Facebook safely.

Facebook and other social media services are becoming an increasingly important part of our lives, so it’s important we understand the benefits and the risks involved in using the web.

All the details of what we discussed in the program are available at the Facebook and Your Family post.

One listener’s question we said we’d get back to was Emma who asked about Microsoft Word stopping her Mac from closing down.

This is usually due to problems with an office plug in or the normal template. To attempt to fix the template, follow the instructions at the Word Mac site.

As Ian suggested, it may be time to consider a more up to date program as Office 2001 is seriously outdated.

Similar posts:

Facebook and Families

Family use of social media can be problematic

As the Internet has become a normal part of our family lives, social media services like Facebook are becoming important in the way people, particularly our kids, socialise and communicate.

Most of this web use is positive however there are risks with these online tools so we do need to know how to manage social media services and reduce any problems we may have in our families and businesses.

Understand the risks

Facebook is an online service and all web based platforms share the same risks such as stranger danger, bullying, fraud and offensive behaviour – both kids and adults need to understand the risks.

A good start is sitting down with younger kids and using some of the online resources available, the US Virginia Department of Education has a good interactive presentation on online safety.

For Australian specific content, the Federal government’s Cyber Smart website offers advice to families at all ages; from grandparents to kids.

Respect the rules

All online services have rules that govern behaviour, one of the most common is a restriction on under 13s. This is partly because of the US COPPA law that restricts websites and social media services from advertising to children.

Of the other rules that can cause problems Facebook has bans on hate speech and an almost pathological obsession with nudity. It pay to read the terms and conditions so you know what is acceptable.

Under 13s should not use Facebook

While for many kids Facebook is the way to talk to their friends online, parents should resist the pressure to sign their kids up until they are of the legal age.

Regardless of what you think of the rules, many kids don’t have the maturity of to understand or deal with the issues of using social media sites. For that matter, neither do many adults.

Should Facebook find out that an account is owned by a child under 13, they will shut it down immediately.

Choose your friends carefully

Everybody – kids and adults – should be cautious about friends they make online. Just accepting friend requests from anybody, or from those who look cute or cool, can lead to problems later.

Set your privacy

In Facebook you should set your default privacy settings to “Friends”. You can do this by clicking the arrow pointing down in the top right hand corner of the Facebook screen and selecting privacy.

Having set your default privacy settings to Friends, you may want to further improve your privacy by continuing down the privacy screen and selecting functions like not allowing friends to post to your Facebook wall.

Be careful what you like

Liking products and pages can have consequences, at the very least others know what causes you’ve joined.

Joining hate or bullying campaigns or pages is not a good look, so don’t do it if you think you may upset people around you.

You are what you post

Anything you put online is in writing against your name. If it’s going to upset people or cause trouble then don’t do it.

In the United States one teenager found this out the hard way when her father discovered a Facebook post criticising him and her mother. He shot her laptop and then posted the video onto her Facebook page.

Practice Safe Computing

Services do get hijacked, so have strong passwords, up to date virus checkers and make sure the computer is fully up to date with security patches.

Never share passwords with friends or siblings and use different passwords on each service so if Minecraft gets compromised, Facebook or email doesnt’ as well.

Put computers in common areas

Kids’ computers should be in common areas and use of any Internet enabled devices like iPods and mobile phones in places like bedrooms should be strongly discouraged.

Be open to talking

If anyone in your family seems to have a problem with computer use such as getting upset, socially withdrawal or acting unusually then talk to them. This happens with adults as well.

One thing to remember is that punishing people, particularly kids, rarely works well with these technologies so it’s best to make it clear they won’t be in trouble if they come to you with a problem they are having on the net.

It’s not just kids

We have to remember its not just kids who get into trouble online, there’s no shortage of adults who have created problems for themselves and their families through irresponsible online behaviour. So parents need to watch their own social media usage as well.

Should someone in your family be having a problem, then don’t hesitate to talk to the school, employer or Internet provider if there’s issues that need to be addressed.

There’s lot of online services services and resources such as Cybersafe listed above. Also don’t hesitate to call any support lines such as Lifeline or Beyond Blue if you are seriously concerned about a family member’s wellbeing.

On balance, the web and social media are positive influences on most people’s lives so by using commonsense and playing safely, the majority of families will avoid the really terrible stories we hear about online problems.

Similar posts: