No, I Don't Want Your #^$% Toolbar

I’ve been well known to rant about software companies who trick users into downloading additional unwanted software. One of the most annoying is the Ask.com toolbar which even comes along with some security programs. In almost all the situations, the option is pre-selected so unless you’re paying attention you’ll get yet another toolbar and more.

Toolbar vendors create an internal search battle. Often
 toolbars will change your search preferences without asking

In January 2008 I wrote about my invitation from Ask.com to include their toolbar in my WinPatrol program.  Would You like Toolbar with your Software Order?

“I crunched the numbers and sure enough the revenue I could receive by including the toolbar would be huge. My overhead is low and the free version of WinPatrol has many thousand downloads even on the slowest day. If I chose to include the Ask.com tool bar I could probably retire comfortably by the end of the year.

Unfortunately, a number of people think I’m a good guy and I respect their opinion. For the last ten years WinPatrol has had a flawless reputation. I know myself, I really hate companies that install additional software that I didn’t ask for. It’s not only rude, it’s just wrong.”

I’m not alone.  You can find a list of vendors who have partnered with on the web site, Calendar of Updates. Click on Installers Hall of Shame.

Apparently, if you remove the check you lose some functionality.

At least Trillian allowed me to cancel the install but check the
terms of service.  "... the right to add additional features or 
 functions to the existing Toolbar....the Toolbar periodically
communicates with our servers....  the update may occur automatically."

So, I was surprised when I received an Email from Ask.com yesterday inviting me to partner and again consider including the Ask.com Toolbar.

It sounds like I could generate more revenue but at what cost to WinPatrol fans?  I think if they wanted yet another toolbar, they’re smart enough to find one. Thanks for the offer John, but this is a bonus I still don’t want.

 

Conficker Threat: Fact or Fiction

I’ve been writing about the Conficker worm all week and I’m pleased that nobody has accused me of over blowing the situation. My main goal has been to encourage folks to take the same steps to protect themselves as they should be doing every other day of the year.

Most of Conficker stories late in the week have been discussions on if the media has over sold the story and created an atmosphere of fear. According to The Last WatchDog on Internet Security…

“Many security experts are downplaying the significance of  millions of Conficker-infected PCs initiating an elaborate calling home sequence on April 1.

Still, concerns are growing  about the much firmer grip the bad guys are on the cusp of securing on the corrupted PCs, whether or not they choose to do anything with them on April Fools Day.”

Here are some facts I believe to be true.

USA TODAY: On that date (April 1st) all Conficker-infected PCs will begin trying to connect to 50,000 web domains to receive further instructions.

F-Secure: “The worm has some peer-to-peer functionality which means that infected computers can communicate with each other without the need for a server. This enables the worm to update itself without the need for any of the 250 or 50,000 domains.”

So, what’s it going to do?  Will the Internet be taken down?  Will a cyberterror attack be launched?  I doubt it.  What people will notice the most are news stories about Conficker. For most of the world, it will be March 31^st when computers in China think it’s April 1^st. So by Tuesday night malware researchers will be able to provide more information.

SRI Internationals Paul Porras has been quoted in many articles as saying...

“April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations…”

This evaluation makes the most sense and fits with the typical behavior of the sophisticated malware that I’ve been researching. The trend lately has been to create massive botnets or what F-Secure reports as GhostNets. The big news today is how “Canadian research uncovers cyber espionage network”. Go Canada!

Bottom line, your computer is a powerful device. Just like your automobile you need to keep your doors locked, provide regular maintenance and don’t put yourself into dangerous situations.

Security Garden: Conficker Information for the Home Computer User  March 27th, 2009

 

Real Conficker Danger is on March 31st

Yesterday, I wrote about the Conficker worm and how it was expected to launch a new attack on April 1^st.  I showed you the reverse engineered code which included a specific date stamp of April 1^st, 2009.

What I forgot, and what everyone else missed is the real danger begins on March 31^st. I woke up this morning remembering that sometime in the world, it’s already tomorrow.

Many years ago I distributed my free WinPatrol program as something called Birthdayware.  On  my birthday each year a message would pop up inviting folks to thank me by wishing me a happy birthday.

Birthdayware Easter Egg

To my surprise, the day before my birthday Emails started to flood my inbox. At first I thought a lot of people had their PC clocks screwed up. Then I looked at the Emails and saw they came from Philippines, Australia, Japan and other countries across the international date line.

It will be March 31^st in most parts of the world when it turns April 1^st across the Pacific. Most reports have indicated a majority of machines currently infected with Conficker are in China. 

Forget April Fools Day and make sure you take steps to protect yourself before March 31^st. Somewhere in the world it will be April 1^st for nearly 48 hours.

Conficker Judgement Day on April 1st

I would never want to be labeled as an “Alarmist’ but I hope my post today will make some folks take some reasonable steps to protect themselves.  After a lot of research and debate I have been convinced that April 1^st is not going to be a good day for the Internet.

I’ve written about the Conficker worm (alias Downadup) a number of times and this may not be the last time I mention it.  There are well over a million Windows PC’s which are currently infected with Conficker.  On April 1^st the infected machines will be reaching out to number of web domains to download an additional component which will contain new instructions. How Conficker will mutate is anyones guess. It could be anything from turning a machine into a spam-bot or launching a widespread cyberterror attack. My guess it will be something designed to make money.

Reverse engineering Conficker exposes April 1st

Complements of Zarestel Ferrer

April 1st will be a day that shows us who's winning the battle against malware.  If your machine doesn't already have all the Windows security patches installed ,I'd unplug from the Internet on April Fools Day. Getting a new computer?  If a new un-patched computer arrives on that day I'd wait until the 2nd before connecting it to the Internet.

So, if you’ve been planning on running the Windows Update service, this would be a good week to do it. If you don’t have a routine back-up plan you might want to back up your important data by the end of the month.

I’m really not trying to be Chicken Little and freak people out. I’m not predicting any kind of global outage. I’m just suggesting that a properly patched Window system is good idea. I’m also not trying to scare you into upgrading to my WinPatrol PLUS to protect yourself. The free version offers just as much protection against this threat.  The key point here is to make sure you have all the security patches available for free from Microsoft.

I’m actually flying to Washington Dulles Airport on April 1^st so I really hope that United Airlines has all their systems protected. 

Update: Real Conficker Danger is on March 31st
It's important to point out that April 1st begins earlier in other parts of the world.  We'll be watching for activity to begin on March 31st from Austrailia, China, Japan, etc...

Update 3/29: Conficker Fact or Fiction

References:

SRI International Conficker C Analysis March 19^th, 2009

CA Security Research Blog

The Last Watch: Countdown to Conficker...

Internet Storm Center: Third party info on conficker

Microsoft: Virus alert about the Win32/Conficker.B worm

Microsoft’s Malicious Software Removal Tool

Microsoft Security Bulletin MS08–067  October 23^rd, 2008

F-Secure WebLog Conficker Q&A  March 26,2009

Leaked Memo says Conficker Pwns Parliament

 

Good Public Relations Can Really Work

Most people use the free version of WinPatrol so I have never invested any funds in advertising or public relations. Any revenue from upgrades to WinPatrol PLUS typically goes directly back into research and development.

I thought with the release of WinPatrol 2009 I’d try an experiment. I sought help from Public Relations professional Marie Domingo (@MarieADomingo) and I wasn’t sorry. Marie knew about WinPatrol and understood that Scotty the Windows Watchdog wasn’t getting the attention he deserved.

I’ve been pleased seeing myself and WinPatrol getting a lot more mentions than normal and in some serious press.

Hackers poison PCs that Google "March Madness"

"And here’s a tip: WinPatrol offers very powerful protection. It's a terrific free tool, popular with techies since it was created 10 years ago by Bill Pytlovany, one of the original designers of AOL and a longtime open-source practitioner. The premier version, called WinPatrol Plus, costs just $30 for a lifetime subscription, which includes all updates, and is designed for the average consumer. WinPatrol takes a snapshot of your Windows run registry, and from then on blocks and alerts you to any new executable program, such as a malicious backdoor, that tries to install itself on your hard drive."

- USA TODAY   03/18/2009

---

15 free downloads to pep up your old PC
"This freebie from BillP Studios helps you stop unnecessary programs from running on start-up, and in doing so, speeds up your PC."

"...the result is a smoother-running PC"
- Preston Gralla, PC World  03/13/2009

So, I’m happy with some mention in the press and even happier that I had over 100,000 downloads around the world last week.  While word of mouth has been good for spreading the word about WinPatrol I guess it never hurts to have some professional help.

Marie also convinced me to create a Fans of WinPatrol group on Facebook which has been a lot of fun. The Opt-In Facebook group is a great way to get out any news about WinPatrol. I’ve also enjoyed getting a little more personal with friends of Scotty the Windows Watchdog. As I post this message we’re only nine new members shy of 400.

Click to join WinPatrol on Facebook

WinPatrol 2009 Available Today

It’s been too long since I’ve released a new version of WinPatrol so I’m pleased to announce the immediate availability of WinPatrol 2009. Since last year I’ve had great feedback and support from WinPatrol users. Most of the new features are the direct result of your feedback.

WinPatrol 2009: What's New

• New "Recent" tab lets you see new programs and settings recently added to your computer. Especially helpful in finding malware that comes with multiple randomly named files.
  
  As seen on Windows 7
  


• Compatibility enhancements to work with Windows Vista and Windows 7


• Monitors and alerts to any changes to User Account Control Settings(UAC)
  No matter if its malware or over jealous security programs.


• Continues to have the best performance and smallest foot print of any system monitor


• Hide individual alert messages and lock settings to prevent potential errors by other computer users.
  
  As seen on Windows XP

More Information available at http://www.winpatrol.com/upgrade.html

 

Don't Forget to Cancel Recurring Payments

I have a feeling I’m not the only one who hates it when you purchase something and a year later find out you signed up for a recurring subscription.  I’m sure there’s a reason why they include this in the fine print.

Typically, most of the complaints I get are from some of the well known security suites. Many come with new PC’s and 30 day trials. It’s also not uncommon for other web based services. Many of these may only be $5 or $10 EURO or USD but they add up. Some companies have business plans based on people not regularly checking their credit card bills.

This week it happen to me again.  Last year I tried out something called TrackPass from NASCAR.  I had to check it out because it was pretty much the same application we pitched to NASCAR about 7 years ago when I was with the ABC Enhanced TV group.

I was impressed with NASCAR TrackPass even though most weeks I watched the Sprint Cup race delayed a little bit on my TiVo. I wasn’t really thrilled with the $79 cost.  I was even less thrilled when my PayPal account was charged another $79 this year without any warning. I’ve written to the folks at NASCAR but they haven’t replied. Looks like I’ll be seeing how the PayPal resolution service works.

I thought this would be a good time to check and see if I had any other recurring payments saved in my PayPal account.  I recommend you all do the same.

It took me about five minutes but I finally found the following PayPal help.

When you get to the Profile page, you’ll see the following in the middle column of the page.

Automatic Updates and New Computers FAIL

Have you heard me rant about Automatic updates before? 
Over the years I've been somewhat critical of auto update programs including Microsoft's own Windows Update mechanism. I've always told people to wait 5-10 days before installing a new update so the rest of the world can test it and report any problems.

Of course, there have been exceptions. Occasionally Microsoft has released security patches for vulnerabilities which we knew to be out there actively attacking on the web. During those situations,  I've recommended you be the first on your block to download a security patch, typically available on Tuesday morning.

This week I had the privilege to spend some time with the folks at Microsoft responsible for automatic updates and security patches. While I've been asked not to share the exact process and procedures for creating Windows updates I can tell you I have more confidence in Microsoft then I used to.

In most cases, I will still wait 5 -10 days before installing a Windows Update, but I will be preaching to the world not to let the update be forgotten. Again, I'm not at liberty to share specific numbers but I can tell you there are too many people who aren't doing updates at all. The more machines out there not having updated security patches the more dangerous it is for the rest of us.

My new recommendation is to set your Automatic Update settings to "Download updates for me, but let me choose when to install them". Ideally, I would like this to say “Download updates for me, and make sure I don’t forget to install them”.  Your settings can be changed in the Security Center applet in the control panel.

There are far too many un-patched Windows machines in the world and their problem could be our problem. They’re ripe to become at the control of the bad guys and available to launch attacks or fill our inboxes with spam. Tell your grandmother, tell your boss, tell your dry cleaner, run the Windows updater and make sure their machine is safe. No amount of anti-virus programs in the world can take the place of a completely patched Windows operating system.

Austin We Still Have a Problem
Unfortunately, there’s still one major problem that annoys the heck out of me. When you buy a new computer, it may include the latest service pack, but it probably won’t have all the available security patches installed.  That means, the moment your connect to the internet, it’s ready to be attacked. 

Computer OEM’s need to be more responsible and they need to ship machines with all the available updates!  This goes beyond a well patched Windows OS. If they’re shipping with Adobe Acrobat, or Apple Quicktime they better not have been put on the disk image a month ago. They need to be the most currently available, patched version or they’re selling you a time bomb.  If you’re buying a new computer don’t be afraid to ask the sales rep what third party software is installed and what especially what version it is.

Things to consider before you buy…

What version of Internet Explorer is installed?
Does it come with Apple Quicktime?  RealPlayer?
Adobe Acrobat?  Flash?  Which versions?

My audience here at BitsFromBill.com isn’t that big so spread the word. Until customers start asking these questions, nobody at Dell, HP, Sony, Lenova, etc will take on the responsibility for their actions.  Expect future rants from me on this topic.

 

 

Live from the Microsoft MVP Summit

My morning photo from the Grand Hyatt in downtown Seattle

This week I’ve having the distinct privilege to meet with a number of my fellow compatriots in the world of consumer security. We’re here in Seattle to meet with Microsoft and be briefed on their plans for keeping customers safe in the future. It’s called the Microsoft MVP Summit and open to a select few who Microsoft has designated as Most Valuable Professionals.

There are almost 1500 MVP’s here in town for the event but last night I had chance to meet and get to know those of us here with a particular interest in consumer security. These are folks who aren’t in it for the money or fame.  They’re the ones who have spent countless hours pouring over Hijack logs and listening to frustrated users with the goal of just wanting to help. They’re unique people who investigate and follow all the malware attacks and warn users about rogue AntiSpyware downloads. These are the good guys who don’t think of each other as competition and I’m honored to call them friends.

Most of what I hear from Microsoft I won’t be able to repeat although the knowledge I absorb will certainly add to my overall tech intuition. I can tell you Microsoft is good at getting folks excited and the ultimate winners this week will be the Windows customer.

Five things every Windows beta tester should know
I was very happy to read today that ZDNet columnist and author Ed Bott has commented on my last blog post.  Ed agreed that the concept of beta testing isn’t what it used to be. I have noticed since I complained about the lack of feedback in my WinPatrol 2009 beta, bug reports and comments have increased. Sorry if I over stated the problem but I do welcome your opinions even when I’m not beta testing.

You can read what Ed says about me and about beta testers at http://blogs.zdnet.com/Bott/?p=682

Nothing like waking up to a rainbow when you’re in the Emerald City