Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, August 30, 2008

Automatic Update of IE8 Beta 2

There has been a lot of talk lately about the newest beta software for Internet Explorer 8. Most of the talk has been very positive but I haven’t been one of those to have the greatest luck.


My new IBM ThinkPad didn’t like IE8 beta 2 but thanks to the system restore applet I was able to back to where I was. I tried to update but all it did was remove IE7 from my system. I had to reinstall IE7 using Firefox so it’s a good thing Microsoft now supports FF on their websites. The Gateway desktop machine had a more mysterious experience.


Today, Windows update told me I had new software to download. I was extremely surprised it told me the update was Internet Explorer 8 Beta 2. I hope this isn’t typical behavior but on my desktop Microsoft was telling me to install beta software as a normal Windows update. I really hope people with updates set to automatic aren’t getting beta software without asking for it.


Auto Update of IE 8 beta software


I decided for the sake of my readers it might be worth checking out IE beta 2. Downloading beta software, especially system software is not something I recommend to others. After spending the morning fixing my desktop machine from a failed update, I really recommend staying away from IE8 beta 2 for now.


I can’t explain why yet but after my update, my system was downgraded to Internet Explorer 6.


Downgraded to IE6


After that I started to receive new update messges including the upgrade to XP Service Pack 3 which I had already performed. My computer refused to boot after this next step so I went back to my last working configuration to save my sanity. Hopefully, the only reason I received an update was because I had previously installed IE8 beta 1.

I really want to see the new features in IE8 beta 2 but for now I’ll read about them online. I recommend you all do the same.


Labels: , ,

Share on Facebook


Monday, August 25, 2008

What's Wrong with Toolbars?

Our good friend Donna who manages Calendar of Updates have been keeping an excellent list of which software installers have been sneaking additional software on to our systems. It’s called the Installers Hall of Shame. The list includes folks who insist on installing not only toolbars from Ask.com, Google and Yahoo but also browsers, video players and more. Click here to see the list. I’ve added it to my Favorites so I check it regularly.

Examples include:

  • Cyberlink PowerDVD 8 - Google Toolbar and BETA of Moovielive
  • DivX - Yahoo Toolbar
  • Shockwave Player - Norton Security Scan or Google Toolbar
  • Webroot SpySweeper - Ask Toolbar
  • Windows Live Installer - Windows Live Toolbar & Sign-in Assistant
  • Winzip - RegistryBooster


  • I also see that Donna just posted an article specifically about the Ask.com toolbar; Update on Products with Ask Toolbar. It was a timely post considering just last week I heard back from IAC/InterActiveCorp asking if I would re-consider adding the Ask.com toolbar to WinPatrol. I was told that I wouldn’t have to include MyWebSearch or promote other infamous FunWebProducts from IAC. “We’re not really connected to them” I was told. As I did in the past, I said “No thanks”.


    It’s still surprising that programs like Zone Alarm, SpySweeper and Comodo Firewall install the Ask.com toolbar while other security programs still flag it as undesirable, suspicious or even adware.


    Donna has some great points and screen shots but even if not for suspicious behavior what’s the big deal you ask? One the worse arguments I hear is “It’s the users own fault if they don’t see the pre-checked option”. Well, suppose when you upgraded to WinPatrol PLUS I default the number of licenses to 10. Can you imagine the anger from people who would be charged $299 USD instead of $29.95? I’ll bet a few people wouldn’t even notice it on their credit card bill and pay it. Is it their fault or would I be scamming them?

    Bottom line: No installer should include a default option to install additional software.


    Labels: , , ,

    Share on Facebook


    Tuesday, August 19, 2008

    Where did my Spyware come from?

    Most folks will immediately blame another family member using their computer especially if they have teens in the house. In most case, it’s nobody’s fault if a machine is infected with some kind of spyware/malware/virus/badware, what ever you call it. So how the heck did your computer turn into such a mess.


    Social Engineering
    The number one method the bad guys have used for years is to just plain trick you. I’m sure you know not to reply to Email from the former ambassador to Nigeria but what if you get an alert message from Microsoft that says they found three viruses on your computer and you must download ie_update.exe?

    Recently, we’ve seen updates of Internet Explorer and news videos that claim to be from CNN and MSNBC. They’re all meant to trick users into downloading badware. Convicted hacker Kevin Mitnick tells how in the old days he’d leave a floppy disk laying around public areas of a company with the label “Employee Salaries”.

    I recently spoke at a conference for the National Network to End Domestic Violence. A common trick discussed was how perps would send an online greeting card that includes an apology but comes laced with a keylogger so the abuser can spy on all future computer activity.

    The use of social engineering to try and take over your computer will continue to be number one method and will certainly improve and get more sophisticated. You’re sure to see a lot of this type before holidays and anytime there’s a huge world wide event.


    Software Vulnerability
    You probably all know about those regular software updates from Microsoft, Apple, Adobe and others. I’m not a big fan of “auto”updates but downloading security patches isn’t a bad idea. I usually wait until they’ve been released for a week or so and have been tested by the rest of the world. After that I do recommend having your system software updated with any patches available.

    A software vulnerability can install a program on your system without downloading or clicking on any suspicious links. Anytime you’re connected to the internet your computer is probed to see if it’s visible and if any vulnerabilities exist. If the right vulnerability exists when your system is polled it can become the property of the first bad guy to find you.

    I experienced one years ago when MSBlaster suddenly appeared on my computer. Luckily, WinPatrol was on patrol and I was immediately asked if this was something I had installed. I didn’t know what MSBlaster was so I removed it. This was a brand new threat so none of the anti-spyware/virus programs had any information about msblaster in their signature files.


    Music and Porn Sharing
    Seriously, I don’t have a lot of first hand research on this particular segment but I do what I have to in the interest of knowledge.

    While this may get much of the blame in many households its not as prevalent as it used to be. That’s not to say that surfing for music and porn isn’t a malware mine field, it’s just that infections are a little more obvious. You know you’re in trouble when the only way you can close the browser Window is to completely shut down the browser or reboot your machine.


    You don’t really have Spyware
    One of the main reasons people purchase new computers is because their old computer is slow due spyware. In many cases when I’ve been asked to clean up spyware I find the system is basically clean. Usually, the computer is old, and has had so many programs installed and uninstalled over the years that the version of Windows on their computer is just plain tired out. How’s that for a technical quote?


    Windows is a collection of various programs and libraries. Over many years of installing new programs different versions of Window components may be installed. This can become a big hodgepodge of files and old drivers so that no two versions of Windows are the same. We used to joke that Windows 95 wasn’t the year it was released. It meant every 95 days you should reformat your machine and reinstall Windows from scratch.


    My best advice for these machines would be clean up auto start programs, add memory, clear up as much disk space as possible, and especially clean up any temp files including the Internet Explorer cache. Others swear by defragging your disk or using registry cleaners but I’m not a big fan.


    Additional References:

    Windows Versions are like Snowflakes

    AutoUpdates are Evil

    Do I Need a Registry Cleaner?

    Your PC is NOT old

    Labels: , , ,

    Share on Facebook


    Wednesday, August 13, 2008

    Fake MSNBC Breaking News

    Last week I mentioned that I was seeing a lot of Email malware attacks with the Subject: CNN.com Daily Top Ten. This attack method came along with some teaser headlines and a fake update to Adobe Flash.  I’m sorry to say these attacks were fairly successful and too many users were tricked.


    This week they’re trying the same trick but there’s a new subject line that says “msnbc.com –  BREAKING NEWS:“ followed up a teaser headline. These Emails can be deleted immediately although you shouldn’t be worried if you just opened it up and then deleted it.


    If however you do click on the news link which appears to be from MSNBC you’ll see something like this…Fake MSNBC


    At this point your goal should be to get rid of this page by shutting down your browser.  If you click on the red X you’ll just end up in a loop. This is the time to press “Ctrl-Alt-Del” to look at the list of running “Processes” or in WinPatrol “Active Tasks”.  You’ll want to find IExplore.exe, firefox.exe or waol.exe select it and click on “End Process”. (WinPatrol users “Kill Task”)


     

    Share on Facebook


    Saturday, August 09, 2008

    Airline Travel in the Summer of 2008

    I’m on the road this week and so far all my travel has gone well. I don’t think I forgot anything but I did have a couple first time experiences. I’m currently on a US Airways Dash 8 in the first row(1C) with plenty of leg room. Luckily I don’t have anyone next to me in (1A) because they would be sitting with their knees hitting their chin. Thanks to http://www.seatguru.com which I recommend to anyone before you make a seat selection. Seat Guru Rocks!


    There’s a fun sign on the wall in front of me. It says “Please contact a USAir Express crewmember if you are not able to read, speak or understand English, or are unable to understand the graphic directions or crew commands”.  You can’t make this stuff up. These were obviously important instructions to have posted in the Exit row.


    US AirExpress Warning to those who can't read English
    Click for larger photo


    I’m also finding that more flights seem to be small planes but I really didn’t know I’d be on a plane that still had propellers. I don’t have any fears while flying but it was a little intimidating to look out the window and have a huge prop spinning a few feet away. The vibration was so bad that I was really glad I ordered my new laptop with a solid state drive and not a normal drive with moving parts.


    View from my US AirExpress Dash 8


    Overall it was a great flight and I have no complaints.  US AirExpress got me to Philly on time, the sun is shining and room service is on the way. Hopefully, my two flights tomorrow will go as well.


     

    Share on Facebook


    Thursday, August 07, 2008

    Beware CNN Top Ten and Fake IE7

    Many times new security threats are blasted out so that almost everyone in the world receives them on the same day. Some of us on many spam lists will see multiple copies for days.


    If you haven’t already, you will be getting Email with the subject line “CNN.com Daily Top Ten”. If you open the Email you’ll see a list of news headlines. Some are real, some are fake. If however you want to see news videos, go directly to CNN.com and DO NOT view any videos that arrive in an Email.


    Fake CNN.com Email with dangerous fake Flash plugin


    If you did select any of the video’s you’ll be asked to download what claims to be a new Flash update from Adobe. If you download and run get_flash_update.exe you’ll start to see some alerts from your favorite malware detector.


    Another popular Email this week claims to be an update from Microsoft with the Subject: “Internet Explorer 7”. What you’ll get if you select this download is a rogue security program called Antivirus XP 2008. It’s not pretty but can currently be removed by most anti-malware programs.


    Fake Internet Explorer


     


    Other sources:
    Sunbelt Blog: Fake CNN headlines
    miekiemoes Blog: Beware of fake email from Microsoft! 

    Share on Facebook


    Wednesday, August 06, 2008

    Domestic Violence and Computers

    National Network to End Domestic Violence
    I recently mentioned that next week I’ll be speaking at a conference put on by the National Network to End Domestic Violence. Even my friends and family have been asking what the connection is between a computer geek like me and domestic violence. Unfortunately, these days computers are often are used to spy on the activities of an estranged spouse or partner.

    You might think my first advice to someone who might be in danger of domestic violence would be to run out and get a spyware/keylogger detector like WinPatrol. Not so fast. The rules are a little different when there is any potential for domestic violence.

    NNEDV Warning

    If go to the NNEDV site the first thing you’ll see is the warning above. If a computer has been comprised it could very well be dangerous and inflammatory to look for keylogging programs while connected to the internet. The folks at NNEDV recommend the following.

    “If you are in danger, please try to use a safer computer that someone abusive does not have direct or remote (hacking) access to.”

    Read more at http://www.nnedv.org/internetsafety.html

    In fact, one of the reasons I created the portable version of WinPatrol was to help potential victims while they’re not connected to the internet. If you know someone who might be in danger a visit to NNEDV online.

    Stay tuned next week for more information and perhaps some photos with my friends from NNEDV.

    Conference Topics:

    Labels: ,

    Share on Facebook


    Monday, August 04, 2008

    Tips & Sources for Installing Free Software

    Yes, you can get something for nothing and it’s amazing how much software is available for free.  No, I don’t mean the offers you get as spam for free Microsoft Office or Adobe Photoshop. A lot of folks like myself provide software for free and a number of web sites evaluate free software and encourage you to visit their sites.


    While my first recommendation for everyone is to download the must-have WinPatrol program, I have some serious warnings before you go crazy populating your computer with free software. Anytime something changes on your computer you run a risk of problems so in the words of Wayne Campbell , “We fear change”.


    The worse thing you can do is go is going surfing various web sites, downloading and trying out piles of free software. Every time you install a new software you risk future problems on your computer. Not only will installations add new registry entries, and change system settings but they could also add software you never would have installed if you were paying attention. It’s still very rare to find an Uninstaller that really returns a system to its state before installing software.


    Know the software you’re downloading. Don’t just take your friends advice. Search online for reviews and recommendations. Have a complete understanding what the software will do and decide if you will use and need the functionality the software you’re installing.  Ask yourself, “Is this something I’ll really use”?


    When installing new software watch for pre-checked boxes that may have you downloading some kind of toolbar that you really didn’t want. I personally think these pre-checked boxes are evil and insulting. Suppose I defaulted my WinPatrol PLUS order form to 10 copies and then blamed users for not noticing it when they wanted their money back for 9 copies.


    Even though Microsoft has made it possible for programs to install and be removed with restarting your system, Rebooting is your friend. Even when I install or remove commercial software I like having a my system is in a predictable state. I’m also a big fan of the Windows System Restore. Creating a Restore point is easy and quick before installing something new. Create a Restore point by clicking on the Start button -> Programs -> Accessories -> System Tools -> System Restore.


    System Restore Dialog
    System Restore is your friend



    Free Software Sites


    A long time advocate and free software researcher known as (Ian Richards) Gizmo’s Tech Alert is great place to start. Ian doesn’t do fluff reviews and over the years his critical look at WinPatrol has been the source of many improvements. Ian recently joined the good folks who do the Windows Secrets Newsletter which I also highly recommend.


    Some other favorite sites include http://freewarewiki.com/ and http://freeware.it-mate.co.uk/


    CNet’s Downloads.com has long been a useful site for downloading free software. While I’m always a little skeptical of their user reviews, their editors have years of experience. My only issue with Downloads.com is their Most Popular list rarely changes because many programs remain popular just because they’re on the list.  A few years ago, CNet took major steps to clean up some borderline adware and spyware in their download libraries giving up some major advertiser$ in the process.


    Other sources I trust include the PC World’s Download This from Laura Blackwell, radio personality Kim Komando, fantasticfreeware.com/, MajorGeeks.com and BrotherSoft.com which includes many foreign language sites.


    Who do you trust for free software?  Leave a comment and share your thoughts.


     

    Share on Facebook


    Saturday, August 02, 2008

    Keylogger included with Wall-E Online Game?

    It’s always a pleasure to meet other security minded people but it’s troubling when it’s related to a new threat for our kids. My grandson Tristan went to the movies to see Disney’s new Wall-E and so did my new security friend who has the blog “Timeless Journeys”.

    Unfortunately, I was pointed to a new post at Timeless Journeys by my long time friend Wayne Porter who warned me (via Twitter) about the dangers of the Wall-E online demo.


    Disney's Wall-E Online demo

    It turns out an online demo game of Wall-E from THQ may include a keylogger best known as Spyware.Ardakey according to Norton 360 and other security programs. The software is available on a server from Cachefly who confirmed their servers have not been compromised by some outside hacking. They claim to have notified THQ so it will be interesting to find out how quickly the demo is pulled and what the response will be from THQ.

    For now stay clear of Wall-E unless it’s at the theater. Tristan did give the movie Wall-E “Six Thumbs Up” and can’t wait to see Beverly Hills Chichuahua. I’ll update this post as I hear more from Cachefly and THQ.

    Update: The opinion today by most researchers is that this report is a false-positive and there is no danger. It's not uncommon to see false-positives for keyloggers but it's rare for security programs to point to a specifically named threat. I downloaded the U.K. Wall-E demo and WinPatrol did not find any malicious software installed.

    Source:
    http://www.wayneporter.com/2008/08/02/keyloggers-games/

    http://www.timelessprototype.com/tpdc/blog/post/2008/08/Keylogger-Detected-in-Wall-E-Demo-PC-Game.aspx

    Tristan Xavier Cook



    Labels: , , , , ,

    Share on Facebook