photo credit: aprilskiver

I don’t normally jump in with blog posts about every newly detected or predicted PC security threat. For one thing, the rumours are too numerous and frequent.

However, the news about new Conficker worm variants is widespread. It’s even on TV in my quiet part of the world.

It is reported that Conficker will spring back into life on April 1 2009, riding on cunning exploits of Windows operating systems.

What should we do about Conficker?

Well, despite the excitement in the news, it’s business as usual really.

We need to take all the usual precautions to keep our PCs secure.

That includes:

1. Windows Updates

If you use Windows, get the latest updates for your system. If you don’t have automatic updating enabled then today (March 31, April 1 2009) would be a good day to download updates, especially security updates.

2. Virus Protection

Have quality anti-virus software installed. See our anti-virus page here.

3. Spyware Protection

Have quality anti-spyware software installed. See our anti-spyware page here.

4. Use strong passwords.

Microsoft recommend that this is an especially important component in securing yourself against Conficker activity. Why? Because Conficker is a worm.

Worms like to travel over a network. But it’s hard to travel over a network if strong passwords are defending it. See our page about passwords.

What will happen?

The reputable security brands are already able to detect Conficker activity.

They may not have a full understanding of Conficker’s potential activities until a few ‘live’ examples are available. That means they may not all be able to completely remove Conficker variants right away.

But the best anti-spyware and anti-virus brands will be improving their removal ability hour-by-hour if Conficker spreads.

References at Microsoft.

Microsoft are well aware that Conficker might try to disable the security measures provided in your version of Windows.
Microsoft on Conficker.C
Microsoft on Conficker.D

Microsoft identifies the threat as severe. And, sure enough, the prospect of of what Conficker might do if it had free access to your PC is very worrying. But Conficker will NOT have free access to a PC that is defended with some common-sense security measures.

Other References

At Panda Security, this message helps to put some of the excitement into perspective.

Don’t get taken in by the Conficker-panic.

(Note the links to free detection and protection tools in that page.)

Free Protection from Conficker

If you have read elsewhere on this site you would have noticed that most reputable brands of security software are very generous: they give away free versions of their software and provide free online scans.

See our page featuring free security software: Free and Online: virus scanners, tools to remove viruses, worms, trojans, backdoors.

photo credit: Zesmerelda

…are Very Nasty Trojan Horses.

What are these Trojans?

First, from Wikipedia:
‘Torpig, also known as Sinowal and Mebroot, is a type of Trojan horse which can affect computers using Microsoft Windows as their operating system. Torpig turns off anti-virus applications, allows others to access the computer, modifies data on the computer, steals confidential information (such as user passwords) and installs more malware on the victim’s computer. As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as “one of the most advanced pieces of crimeware ever created”.’

That’s all from there. Just scratching the surface really.
The quote, by the way, “one of the most advanced pieces of crimeware ever created”, seems to come from a spokesperson at security company RSA, UK.

How nasty are they? Very. See this article at the BBC.

I mentioned these trojans in a previous post.

Then I began to think about readers here: they will want to know whether their PC is infected, and if so, what to do about it.

Are you infected with Torpig, Sinowal or Mebroot?

Firstly: if you DO have one of these trojans your PC is NOT SECURE. Do not do any banking, shopping or anything that involves using your passwords or private information.

This malware puts you at risk of identity theft. Here is some advice about what to do if you think you might have become a victim of identity theft.

How to Detect Torpig, Sinowal or Mebroot

The following programs seem to be able to reliably detect the presence of these trojans.

1. SpyBotS&D

Judging from various reports, I believe SpyBot, the free spyware tool, will tell you if you are infected.
That’s SpyBot-Search and Destroy aka ‘SpyBotS&D’.

SpyBot is free: you can download it from the link on our page.

2. Free online virus scan fom Kaspersky.

Also, Kaspersky Lab’s free online scan should detect these trojans.
This a thorough scan, performed via your internet connection, and will probably take some time.

3. A free trial of Kaspersky Anti-Virus.

Also, you could download the free trial of Kaspersky Anti-Virus.

In some countries outside the USA links to free trials may not operate as expected: if so, download the free trial of Kaspersky Anti-Virus 2009 from us here.

4. The free version of avast! antivirus.

See the link on our main anti-virus page.

5. Malwarebytes’ Anti-Malware

This is free to download and use. No payment is required unless you want to activate extra features later.
I don’t know to what extent Malwarebytes’ Anti-Malware can always detect Torpig, Sinowal and Mebroot. However, as you can see on this CastleCops thread about Mebroot help, the expert there definitely wanted to see what the Malwarebytes Anti-Malware scans reported about trojans and malware on the user’s system.

Remember, the worst trojans are often ‘combined threat’ malware: there is every chance that, once they have made their nest in your system, they will try to download more virus and spyware programs onto your PC. That alone is enough of a reason to have a quality tool like this that can check for malware on your PC.

You can download Malwarebytes Anti-Malware here. (The blue ‘Download’ button is the free version.)

Some important points to note about these trojans.

• These trojans like to hide: not every security program will find them.

• These trojans may attempt to turn off security software you have installed.

• These trojans have a reputation for coming back even after you have taken steps to remove them. (That’s what a rootkit can do to you.)

There might be variations an the exact names of the trojans, e.g. one is “Backdoor.Win32.Sinowal.ce”.

Now I hope to goodness you are not infected with any of these trojans.

But what if you are infected?

Firstly, remember that a main role of anti-virus and security software is to prevent this kind of thing from ever getting onto your PC. It is a lot easier to keep these things out than it is to repair a compromised system.

But, again, what if the trojans are already present?

It seems to me you have three options.

1. Manual removal of the trojan and all its files.
2. Using some software to remove the trojan.
3. Getting an expert to fix the problem.

Let’s see what each of these will involve.

1. Manual removal of the trojan and all its files.

If you are happy to mess about with your Windows registry, system files (and possibly your Master Boot Record) then read on. If not, skip this option.

Here is a link to a page at the SpyBot forums where help is offered to a victim of the Torpig trojan.

As you can see, it’s no picnic to manually remove these beasties. Try this solution only if you still feel confident after reading that page.

On the other hand, the people at CastleCops might be able to give you step-by-step help.
CastleCops thread about Mebroot help.
Note that this particular thread runs out to about 6 pages. Before the PC can be declared clean there will be a lot of work running scans, checking logs etc.

If it were me that had the trojan, what would I do?
At this point I would be thinking ‘those guys at CastleCops are extremely helpful, patient and thorough. But I think I’ll send my PC to experts for repair.’

2. Using software to remove the trojan.

The author of the Anti-Malware Test Lab site says he has tested number of anti-virus brands specifically aiming at the question of whether they can fix the problem when a computer is already infected with such trojans.

Backdoor.Win32.Sinowal.ce was one of the trojans included for testing.

I don’t know anything else about Anti-Malware Test Lab (antimalware.ru): I don’t know whether they are a trusted source of security information. They seem honest and independent. Apart from a carrying a few advertisements on their site they are not trying to sell visitors anything. I’m just reporting what I see.

And what I see is this, in their results:

Best performers:
Dr.Web Anti-Virus 4.44: reported to have fixed 100% of the tested problems.
Kaspersky Anti-Virus 2009: reported to have fixed 80%
Avast! Professional Edition 4.8: reported to have fixed 80%

Also capable:
Agnitum Outpost Antivirus Pro 6.5: fixed 53%
Norton AntiVirus 2009: fixed 53%
Panda Antivirus 2009: fixed 40%

As for the Sinowal type malware, they had Backdoor.Win32.Sinowal.ce modifying the master boot record (MBR). Four programs were able to deal with it: Avast, Dr.Web Anti-Virus, Kaspersky Anti-Virus and McAfee.

They report that the malware most difficult to erase was Virus.Win32.Rustock.a, which was only fixed by Dr.Web Anti-Virus and Kaspersky Anti-Virus.

I’m not surprised that a lot of other brands did not fix a problem like this - one that involved a rootkit and malware that had already tampered with a disk’s master boot record. From a technical point of view this is just about the worst kind of malware you can imagine.
And anti-virus software has a lot of different jobs to do: this is only one of them - i.e. curing a disease that should never have been allowed to take hold at all.

But a comment on the Anti-Malware Test Lab site reminded me of something else. The comment was from Alexander Gostev at Kaspersky. He noted that back in the 1990s the idea that an anti-virus tool would FIX an already infected computer was central to the very meaning of ‘anti-virus’.
Mr. Gostev suggests that, with malice such as Rustock and Sinowal about, antivirus vendors had better maintain their focus on both issues, prevention AND cure.

I cast my mind back to somewhere around 1994… He’s right! In those days I wouldn’t even think about installing anti-virus software unless I thought I already had a virus.
The idea that anti-virus tools are mainly for border-patrol is a newer idea.
Well, everybody knows that prevention is better than cure - but you still need cures.

Another commentator referred to how his own company aims to keep its focus on the task of curing infected computers and called this “the path of the classic antivirus”.

Anyway, I have digressed: this was Option 2 for getting rid of Torpig, Sinowal or Mebroot. And the solution was to get security software capable of the task.

If it were me that had the trojan, what would I do?
If I identified that Dr.Web Anti-Virus, Kaspersky Anti-Virus or Avast could fix the problem I would install one or all of them and let them scan and fix.

BUT then I would still be wondering whether the infection had been completely cleared out.
I would get onto the web and look for forum posts like the CastleCops thread about Mebroot. I would be looking for anything they had to say about how to scan my PC and verify that the pests had been eliminated.

If I had any doubts I would be going for option 3…

3. Get an expert to fix the problem.

The first two options involve work and assume that the victims of malware have confidence in their own ability to evaluate the threat and carry out the hands-on steps to deal with it.

But this is contrary to the theme of this site, which is ‘computer security, explained simply - for ordinary PC users, not experts’.

If I had any doubts about whether my PC was still infected by malware such as Torpig, Sinowal or Mebroot then my computer would be in my car: I would be driving it to the premises of my friendly local security experts.

Note, I say EXPERTS. That’s not just any old person who advertises in your local paper or yellow pages saying ‘I will come to your place and fix your computer problems’.

Let’s put this into context. Suppose you have malware like this, that employs rootkits and has tampered with the Master Boot Record of your hard drives. This actually means that your hard drive is BROKEN.

Put simply, there are two main ways in which your hard drive can be broken:

1. Mechanical or electronic parts have failed.
2. Essential files on the drive are corrupt.

If you have malware that employs rootkits and has tampered with the Master Boot Record then Number 2 above is true - essential files on the drive are corrupt.

The usual common-sense wisdom about either of these conditions is that the hard drive needs to be sent to experts in hard drive repair, data recovery and security.

I thought it was bad when I had a mechanical failure of a hard drive in 2007. I lost recent work and had to re-do it. I lost some family photos (lots of them) that were not backed up anywhere else.
I had to be ready to spend $900 for recovery of the data from the drive IF it was possible to recover it at all. (It wasn’t possible - I saved $900 but lost the data.)

For $900 I could have used a premium, off-site, automatic data back-up service for about nine years.
Or I could have bought two or three new hard drives for the same money. In fact, given that the omputers I buy start off as a fairly bare box, I could have bought at least one computer for the price - and had some change left over.

That was the first time I had ever had a hard drive fail.

But having a hard drive under the influence of malicous trojans like Torpig, Sinowal and Mebroot is actually WORSE than a mechanical failure. Because those trojans can break your hard drive AND send your bank account details to criminals.

Disclaimer: I’m not an expert at removing malware. I am just taking an interest and reporting what I see. I try to be as accurate as possible and explain thngs simply.

I don’t want to be an alarmist - somebody who frightens people into getting security software they don’t need.

But I don’t want to underestimate the level of the threats. These trojans have already stolen details of half a million bank accounts. It’s just stating the obvious to say that most of this theft occurred on computers that were not adequately defended by anti-virus and and anti-spyware software. But I wouldn’t mind betting that most of the thefts occurred via PCs on which virtually no security measures were in place at all.

photo credit: problemboard

I saw it, out of the corner my eye, on the TV news.
Then I saw it in the Washington Post. (Links are below.)
A web hosting company has been cut off. A company that (allegedly - nothing proved in court yet) has been helping to send millions of spam emails.
You will see, if you read the article, that some spam ‘watchdogs’ estimated that about 75% of all the current spam was connected to this company.
“Researchers have found that on any given day, about half of all spam sent through the top botnets are ads for male enhancement products and other knockoff designer drugs…”
Ah yes, I know the ones. I get those spams.
Flavour of the year for 2008 has been the suggestion that I might do better in “the bed games” or get help with my “men’s libido”.
Personally, I don’t like to filter spam emails. I prefer to get them all and read them all. That way I get an impression about how many there are, what they are trying to do and how they mean to do it.

Why worry about spam?

So we get some spam emails. That shouldn’t worry us too much. Should it?
What we should worry about is all the other associated nastiness, like botnets and Trojans.
Why? See our easy glossary of computer security terms - referring to botnets and zombies.
What is a Botnet?
What is a Zombie Computer?
In a nutshell, the spammers seem to find that it is a simple matter to invade and control the computers of other people such as users of the web, users of email, chat, social sites etc.
How do they DO that? With Trojans of course.
What’s a Trojan? See our page about viruses, worms and trojan horses.
The Washington Post article says: “…cyber criminals… push out new versions of the “Torpig,” or “Sinowal” Trojan horse program, which is widely considered one of the stealthiest and most sophisticated families of malicious software in existence today.”
And “…a single cyber crime group has used the Torpig Trojan to steal more than a half million bank, credit and debit card accounts from infected PCs over the past two-and-a-half years.”

So, you get the picture here: spam email is only the thin edge of the wedge - the ‘foot-in-the-door’.
If you could see the place from whence spam comes you would see that it’s just a bad internet neighbourhood. Where there’s smoke there’s fire: and where there’s spam there’s invasion of PCs, botnets, identity theft and counterfeit drugs.
Also, as the Washington Post report indicates, the kind of web host that can turn a blind eye to all that crime is exactly the kind of web host that would help people to spread child pornography.

Here’s another thing that interests me about all this.
The offending web host was not raided by any law enforcement authorities. Rather, other companies, who provide internet connections for web hosts, decided to disconnect the spammers.
They did this after getting reports from those security ‘watchdogs’.
I hate using such terms as ’security watchdogs’ - it’s uninformative and sounds like bad-journalism-nonsense-shortcut-terms. Not much better than ‘top scientists say…’.
Who are these watchdogs? I can’t explain right now. Suffice to say that credible computer security firms take a great interest in all the virus, spam and spyware activity on the web: they watch closely where it comes from and what it is trying to do.
But I like to note anything that can be thought of as ‘good news about computer security’.
In this case the good news was that spam was stopped instantly. No police, lawyers or government branches had to be involved. No legal cases had to be worked out.
It remains to be seen whether there will be any prosecutions.
Read the Washington Post articles here and here.

So, I have just installed Yawasp - “Yet Another WordPress Anti-spam Plugin”.

If it is working properly, readers and people commenting on the blog will never even know it’s there.

If it not workng properly, then if you post a comment you may be falsely identified as a spam bot. Please don’t take personally if that happens - it’s just something wrong at this end.

It seemed to be very fast and has some interesting features.

Click for bigger image in separate window.

I normally use a Linux system: as of today Chrome is not available for Linux, but it will be some time soon. I tried it on a Windows machine just because I’m curious.

What is the Chrome Browser?

I won’t use much space here for a full description of Chrome and what it is aiming to do.
You can read all about that at Google, in comic book format
That’s a detailed description, 38 pages.

The short version: main points:

These days web users access a lot of web applications rather than static web pages, so it would be good to have a browser optimized for that kind of usage.

Some of the things Chrome developers want to achieve:

(Pop-up pages will be confined to the tab they originated from.)

Processes run with restricted rights - they cannot just read and write anywhere on your hard drive. Also Chrome will know a blacklist of bad websites so it can warn about potential threats.

In this mode Chrome does not record any of your browsing history or keep the cookies

_____________________________________

I see on the internet that people have a lot of questions and opinions about Chrome and what Google is doing.
For example:
What exactly is Google planning by way of a business strategy, and future applications?
Why do they really want to develop a browser?
Should Google even be getting into browsers?
How much control of the web does Google want?
Will there be another browser war?

Well, I can’t answer those questions.

What I have here are some notes and impressions about what it was like for an ordinary user to download, install, and give Chrome a quick trial.
_________________________________

Downloading and Installing Chrome

First, just a niggle: I didn’t like the look of the terms and conditions: there was something about keeping Google up-to-date with my personal details. But it’s not really any different from many other license agreements.

But there is something that this should remind us about: using the internet is increasingly a matter of connecting with other people. The biggest money and traffic on the web is at the social sites - the social web. This means places like Yahoo Groups, Gmail, FaceBook and so on. Places where people can become known, share their thoughts, preferences, bookmarks, pictures, news. If, like me, you are concerned about privacy and security on the web, then let’s face it - we belong to a different age. Privacy is not the default setting any more.

Also in the Google terms and conditions there was a suggestion that I might want to print the terms for later reference. Does anybody actually do that?

When I continued to download and install Chrome it did not ask for my details anyway. I suppose that would come if or when I actually want to “access services” that they mentioned.

The installer offered to import bookmarks, passwords (!!) and other settings from Firefox.
No Thanks.
I do not like keeping passwords in any browser’s password utility.
Here’s why: Page about password security at ComputerSecure.net.

So, in summary:
Installation: Fast and easy. Pretty much a one-click download, one-click installation.
Start-up of Chrome browser: Fast.

__________________________________

Configuration Options

Let’s check the options.

Click for bigger image in separate window.

Options in the ‘Under the Hood’ department.

• A place for a proxy setting.
• Option for DNS pre-fetching for fast browsing.
• Phishing and Malware protection.
• SSL settings.
• Cookie Settings.
• Something about “Gears”.

I did not know much about Gears. When I went to gears.google.com, using Chrome, the page told me that Gears is installed.

In case you don’t know either, here is a quick note about what Gears is (description from Google):

“Gears works with a select group of sites that are specifically designed for compatibility. When you visit a site that’s configured to work with Gears, you should see a message stating “The website below wants to use Gears.” If you’d like to allow the use of Gears on this site, simply check the box next to “I trust this site. Allow it to use Gears.” and click the Allow button.”

“Gears was designed to be used on both Google and non-Google sites. A number of web applications currently make use of Gears, including two Google products: Google Reader and Google Docs.”

I won’t explain it more here: check it out at gears.google.com.

The Browser

There is no Title Bar. In my book that’s a good thing. Top marks for not wasting vertical screen space. Even what little there is can be hidden so you can have more space for the work you are doing without irrelevant browser toolbars.

Click for bigger image in separate window.

There is no status bar. Well, there is an information bar while a page is being loaded. But then it goes away. It comes back when you hover over a link.
Personally, I find it slightly disconcerting to have no status bar (I mean, one that is always visible).

I could not see how to bookmark a page. I had to go and look that up. (Click on the star icon by the address bar.) But having confirmed that, it’s very easy and handy to use.

Chrome Process Manager.
Chrome has its own process manager. You can identify and shut down a problem site/page/tab/script - e.g. a CPU hogging page, memory hog, hanging script or other web page bugs.

Chrome browser’s process manager.

The idea is that each tab in the browser uses a separate process. So although one buggy page might freeze up it does not mean that the entire browser will crash or need to be shut down.

This is a great idea as far as I’m concerned. I await the Linux version of Chrome because on Linux, with Firefox, Flash frequently causes trouble. Then the browser has to be stopped. This interrupts work-flow if the user had a number of pages open.

_________________________________________

New Tabs

When I open a new tab or new window I want it to be BLANK. I hate it if it has something in it already.

But Chrome has something else: a new tab is full of links to recently visited or bookmarked pages.

Opera has something like this, which it calls ‘Speed Dial’. Personally, I hate it. Ands I objected to the fact that there was no one-click option to turn it off for good.

Chrome’s version of this utility is a bit more fancy. Here is what a new tab looks like after a bit of browsing and bookmarking.

Click for bigger image in separate window.

To me this is not good: a new tab should be an empty page. Here is what a new tab should look like:

A new tab in Firefox.

But Google have thought about this. They mention it in the comic. They say they are well aware that users might find a ‘new tab’ full of information a bit unusual. But they are taking the Green Eggs and Ham approach to this: “Try it! Try it! You will see…”

To me this is like the Apple attitude: we put a lot of thought into this - just try it, you might like it…

And it works for some people.

___________________________________________

Also in the options:

“Notify me when a pop-up is blocked.”
Yes, as long as there is an option to ALLOW pop-ups.
I always allow pop-ups. Otherwise I feel I don’t know what is going on.
I know, I’m just odd like that. Most people would want to block them.

_____________________________________________

Tabbed Browsing

Chrome is very much about tabbed browsing: I hate that. I know I’m just odd like that. Most people like it.

But I have been spoiled by Opera’s multiple-document interface.

Opera’s multiple-document interface.
When I first discovered Opera (many years ago) I thought this was just the best thing to ever be offered in a browser.
Of course I was a Windows user then. I suppose if I had been brought up in Nix I would have thought it was silly.

But I still just cannot understand why no other browsers do that MDI thing.

Something tells me it is one of the reasons why people are loyal to Opera.
On the other hand, I might be the only one. I live in fear of the day when it is no longer an option.

Also, just thinking about Opera some more: I absolutely HATE bars and panels. There is only one way I want to see my bookmarks - that’s descending from a menu item, like I have always had them.

Other Thoughts
With Chrome, here is yet another browser in which we need to check our new web pages and worry about cross-browser compatability problems.

But I’m not really expecting any problems with Chrome since it aims to be standards-compliant.

Of course the great majority of visitors to any website are using Windows and Internet Explorer. So there is a limit to how much we should worry about browser compatibility when we make pages. But I can’t help noticing that on my sites there are always visitors arriving with Opera and Safari and even Konqueror. So I do want my pages to appear properly in each browser.

Browers are Specialists now.

So Chrome aims to be the browser that is a specialist with web applications.

Despite my proclivity to moan about each browser, I will almost certainly use Chrome, just for Google applications, when the Linux version is available.

I love to moan about browsers.

From one perspective, I feel that each of the various browsers I use is trying to bully me - get me to agree that its way of doing things is a good idea that I should like. Operating systems can be like that too.

But from another perspective - it just means that each browser has its own aims and strengths.

I already use three different browsers regularly, for different purposes. That’s Firefox for general use, Opera for reading and Konqueror for the few times when I think it would be handy if the browser and shell/UI/window manager, and OS, were closely related. (You know what I mean? - that’s the thing you don’t get any choice about with Windows/IE.)

As soon as it’s available for Linux I will probably use Chrome to log on to Google Docs, Google Analytics and things like that. The kind of usage it aims to specialize in.
I’ll probably end up using Chrome for my (infrequent) visits to YouTube. Because I know very well that YouTube will eventually cause Firefox to crash on Linux.

Opera, despite its virtues, is not a good browser on Linux if you want to use sites that have a lot of video, audio and Flash.

I haven’t even bothered testing Konqueror on multimedia sites lately - because I know from experience that Firefox + mplayerplugin is the most painless option for that.

And it’s Wrong to Moan about Browsers

I love to moan about software. Especially about operating systems and browsers. But it’s churlish really. With the exception of IE, browsers are generally open source and/or free. So if I feel so strongly about something I am free to get the source code and make my own personal version that’s perfect for me.

Visit CastleCops for help with security problems

Ever since I started this site I have been intending to tell visitors about another site. That is, Castle Cops.

It’s nice to see that there are other sites offering to help with computer security. Especially when, like Castle Cops, they provide help for free.

When I started this site I had some anxiety: what I would do if visitors came here and emailed me about detailed, technical questions relating to a stubborn spyware or virus that had made its home on their computer?

I made a page pointing to free help with virus emergencies: free and online virus scanners and removers.

But I still think: what if somebody asked me about some very stubborn malware they could not remove?
What if they said “I tried some of the free online tools on your site, but this thing is still in my PC. Help!”

And the solution is…

If that is your situation then visit Castle Cops.

Look for their forum. Search their forum. Can’t find an answer? Then start a new forum thread with details about your problem.

What’s good about the Castle Cops site is that people there really can diagnose and help you to fix problems caused by the latest malware.

The Castle Cops site is BIG.

Castle Cops seems to have a huge resource of friends and members who are ready to help PC users with security problems. A lot of these people are experts.

Now the problem with Castle Cops, from my perspective, is that it might be a communication disaster.

I’m thinking about the average PC user coming upon the CastleCops main page. I can only imagine that such a web-browsing-person would think “What is this? I don’t know what’s going on here.”

However I expect that many people arriving at the Castle Cops site get there from a search about a specific security issue that concerns them. In that case they probaby land directly on one of the Castle Cops forums or news pages that tells them exactly what they wanted to know.

This post does not really do justice to the efforts of CastleCops. They also have latest news about phishing, spam and malware in circulation. They have user reviews about security software. You just have to go there and see for yourself.

As I mentioned in a previous reply to a post, I had more to say about WOT than I managed to include in one post.

For one thing, I wanted to mention that the blog at WOT currently has a lot of discussion about keeping safe when shopping online.

That’s a thing to be aware about at this time of year.

And another thing was that the news page at WOT is very informative about what kinds of threats are out there on the interwebs.

Here is an exerpt from WOT’s news: my reasons for mentioning it are below.

____________________

Epidemic of Fake Anti-malware Products Threatens Internet Users

The latest trend of security threats against Internet users employs software products which pretend to be security tools that help rid your computer of spyware. In a new video series, WOT shows what can happen to your computer if you visit a risky or dangerous site. In the first of these video presentations, you will see examples of online scams and malware threats in action, satisfying your curiosity while keeping your computer safe.

New York, NY September 17, 2008
Fake anti-malware software, marketed under hundreds of different names, scares users by giving false spyware alarms and then tries to deceive them into paying for removal of non-existing malware. The goal of these criminal software makers is to make people pay for the “full” version of their bogus anti-malware product and to collect financial information that can be used for phishing.

The fake security product often installs malicious software to download itself or executes other unwanted actions. The user is shown fake messages such as, “Warning! Your computer is infected with spyware”, followed by a promise that the chargeable version of the tool will remove this non-existing threat. These tools are promoted using hundreds of different names, such as XP Antivirus 2008 and XP Antivirus 2009.

“Web of Trust offers Internet users a common platform for sharing their experience with websites and companies, making Web 2.0 work for a safer Internet,” said CEO Esa Suurio, from the Web 2.0 Expo in New York City this week.

How to get protection from these threats:

WOT, Web of Trust, provides Internet users with preventive protection against online threats. The WOT security add-on warns users about dangerous and suspicious websites to help them avoid spyware, browser hijacking, identity theft, phishing and other Internet scams. Website rating information is updated continuously by the user community and numerous trusted sources, such as listings of malware and phishing sites. The free security add-on works with Internet Explorer and Firefox browsers and can be downloaded at www.mywot.com.

More articles are on the news page at WOT.
____________________

Now there was something about this that got my interest.

This is a bit round-about, but just bear with me for a moment.

I occasionally do some ‘keyword research’ about internet security and computer security. (That’s what we website owners do when we want to know what people are searching for on the internet.)
A couple of years ago I made my first pages here about spyware and anti-spyware software.
My keyword research showed me that a lot of people search using terms like ‘best antispyware’, ‘top antispyware’ and so on.

Nobody was searching for the terms that occurred naturally to me: e.g. ‘quality antispyware’, ‘reputable antispyware brands’, trusted antispyware software’.

Now this is all very well: people don’t want to spend all day evaluating different software and comparing lists of features just so they can get some protection from spyware.

So people think ‘Okay, I’d better get that spyware protection issue sorted out: just tell me, Favourite Search Site, which is the Best One.’

But, in reality, searching for the ‘best antispyware’ or ‘best antivirus’ is not necessarily going to lead anybody to a trustworthy piece of security software.

The reason for this? It’s that same phenomenon that the news page from WOT is talking about: the proliferation of fake anti-malware products.

In security circles these are called rogue programs or rogue software.

Why is searching for the best not the best approach?

Often when we shop for a solution to a problem we think about optimizing. So we see that shoppers for security software asking ‘just tell me - what’s the best one’.

But, optimizing is not a helpful way to think about computer security.

Here’s why: what’s important about security software is that it’s competent at all the basics.

I imagine people, using optimizing thinking, worrying about whether, this month, it’s Kaspersky, or Norman, or Panda or Avast that is up-to-the-second in catching the most of the latest virus or spyware.

Forget about it! Those are ALL good brands. If you use one of them just be thankful that you didn’t install some very crappy brand.

The same goes for anti-spyware software. The good news about the anti-spyware business is that there are now some brands well known to be trustworthy.

There is free antispyware software that is respected and trusted. And there is commercialy sold antispyware software that is respected and trusted.

You can read about trusted, quality, reputable anti-spyware tools on our pages: Adware and Spyware tools, more information about spyware and our information page about rogue programs (and the unethical advertising that is used to sell them).

Don’t even worry about whether - this month - it’s Lavasoft, Spyware Doctor or SpyCatcher that is performing best: if you have any of those brands installed just be glad that you didn’t fall into a trap and pay for something uselsess or something that may itself be malware.

Because what’s bad about the anti-spyware business is that there are also hundreds of brands of useless rubbish and - worst of all - hundreds of brands of fake ’security tools’ that are themselves spyware. These rogue programs are often aggressively advertised: sometimes they are the first ones to turn up in a search for something like ‘best antispyware’.

So, coming back full-circle, I did appreciate the fact that WOT, on their news page, were treating the proliferation of fake security software as a major internet safety issue.

See our page about rogue programs. It’s long; it’s not pretty, but it has the facts.

_________
Disclaimer and Transparency:
I don’t have any formal relationship with WOT. They merely introduced themselves to me, by email, as another security-related site, and suggested I visit to see what I think about their free service.

Consequently, I was reminded of some of these security topics: e.g. the usefulness of ’site advisor’ services and the proliferation of rogue software.

WOT (Web Of Trust) is a free site advisor service you can use.

And what is a ’site advisor’?

The purpose of a site advisor is to alert you about bad websites. That includes websites that are known to engage in suspicious activity, to harbour spyware, to spread malware or are known to be in bad internet neighbourhoods.

So WOT is a tool that you can install. (It is, to be specific, a browser add-on.)
Then while you are browsing the web WOT will alert you to sites that are known to be unsafe. For example when you search at Google WOT will alert you if any sites among the search results are known to be unsafe.

But don’t bother reading a long-winded explanation from me about how it works in your browser: you can just watch their demo video.

WOT gets information about suspicious websites from a variety of sources, the kinds of services that monitor the internet and keep lists of sites where there is spyware or viruses, or that are associated with phishing, spam or fraud. (These watchdog services include PhishTank, TRUSTe, hpHosts, DNS-BH Malware Domain list and Artists Against 419.)

But, in addition to that, WOT is also a “community-driven” security tool. This means that WOT users constantly report back to WOT about bad websites they encounter.

WOT is completely free to use.

The WOT project itself is a big endeavour and there are people, including the government of Finland, investing money to make it happen. No doubt they expect their investment will pay off eventually. But they are not asking users to pay for the service.

See www.mywot.com.

WOT is not the only site advisor service available.

In fact, I was surprised when I visited the WOT site and saw what the users were talking about. For one thing, it was evident that a lot of internet users consider a site advisor to be a very good first-line-of-defence for internet security.

Some users talked about having three or four site advisor services running on their computers.

Now for me, if I were using a Windows PC to browse the internet, I would take a different approach to internet security. I would be looking for a reputable anti-virus brand that also supplied a whole internet security suite.

I would also want to use more than one anti-spyware tool. So I can understand the WOT users who keep more than one site advisor running when they use the web.

They reason that no single site advisor service knows everything about all the websites. So it’s a good idea to employ more than one.

When I first started this website I wrote a page about safe browsing and web use. I did intend to say something there about using a site advisor. But, as I thought about this topic, it expanded until I couldn’t see how I would start and finish it (while being brief and keeping everything simple).

But here I am now re-visiting the topic of site advisors. Why? Because I received an email from the people at WOT, introducing themselves to me, in case my site visitors might be interested in WOT. They seemed like nice people: they responded to my email reply: it’s a free security service: have a look.

Find out about WOT at www.mywot.com.

Well how about that: There is A Month for computer security.

StaySafeOnline.org has declared October to be the month of cyber security.
I am happy to send some link-love to people who fill up web sites with helpful information about keeping safe online.

Also they produced this handy article that sums up the basics for staying safe on the internet.
Here it is: I have added links to relevant pages on computersecure.net.

Top Ten Ways to Stay Safe Online

The Internet is supposed to make our lives better, and for most of us, that’s exactly what it does. But the Internet has a dark side, and unless we take the proper precautions, this wonderful tool can end up causing us more harm than good.

October is National Cyber Security Awareness Month, and it’s a good time to take a hard look how our online behaviors may be putting us in harm’s way.

You don’t have to be a computer genius to protect yourself online and you don’t have to spend a lot of money. By following a few common sense tips, you can make the most out of your Internet experience, while protecting you and your family from online threats.

1) Protect your computer:

The best thing you can do to keep the bad guys out of your computer is to use three inexpensive technologies: anti-virus software, anti-spyware software and a firewall. Some security companies provide all three in one easy-to-use package.

2) Protect your identity:

On the Internet, your personal data (social security number, birth date, etc.) is extremely valuable and can be used against you. Keep it protected.

See information on this site about identity theft.

3) Protect your children:

Children face unique risks on the Internet, and require unique rules and safeguards. Monitor your kids’ online activities closely. There are many tools available to help you protect them from online threats.

See our pages about child web safety and parental control software.

4) Stay up to date:

Those security tools won’t do any good unless you keep them up-to-date. You should be able to set them to update automatically. The same goes for your computer itself. It should be set to automatically install security updates.

5) Email safely:

Email is a favorite tool of online crooks. Even legitimate-looking messages can be scams. Learn how to filter for “spam” and spot the signs of scam emails.

Here is some more information about email scams and phishing:

Some notes about security and online banking

Phishing in Banking and Finance

Recognize Spoof and Phishing Emails

About an eBay phishing scam

Phishing and vishing scam targeted Bank of America customers

6) Protect your accounts:

Choosing hard-to-guess passwords and changing them regularly can help prevent criminals from getting at your money or personal information.

7) Make copies:

Regularly backing up your music, photos and other important files can save you if your computer crashes or is stolen.

Have you backed up recently?
If not, you don’t even need to read any further about computer security. Just get a blank CD and start copying and saving your important files.
Or if you need an easy way to organise your back-ups…

Get a free trial first: Acronis True Image 11 Home free trial download Click Here

Know your options:

If something does go wrong, there are resources available to help get you back on your feet.

9) Keep informed:

Subscribe to the National Cyber Alert System from the U.S. Computer Emergency Readiness Team at www.us-cert.gov. Through the Alert System, you can receive timely information about current cyber security problems to protect home and office computers.

photo credit: The Jamoker

by Jim DeSantis

Identity theft is one of the fastest growing crimes in America. Every day thousands of people suffer immediate financial hardship and long-term difficulty because their personal information has been compromised. But there are free steps you can take to protect yourself.

For the seventh straight year, the Federal Trade Commission says identity theft is the largest consumer complaint and the fastest growing crime in America. In 2007, the FBI reported that identity theft affected 9.91 million Americans. There are probably many more cases that went unreported. It accounted for $52,600,000,000 (billion) in losses in 2007.

In a way we can thank the U.S. Congress for the increase in identity theft. Congressionally-mandated use of the Social Security number as an identifier facilitates the horrendous crime of identity theft. Thanks to Congress, an unscrupulous person may simply obtain someone’s Social Security number in order to access that person’s bank accounts, credit cards, and other financial assets. Many Americans have lost their life savings and had their credit destroyed as a result of identity theft. Yet the federal government continues to encourage such crimes by mandating use of the Social Security number as a uniform ID!

In the rush to respond to identity fraud, too often organizations believe that credit monitoring is the beginning and end of the solution. The fact is that credit monitoring is only one of the necessary elements. Credit reports only inform you AFTER fraud has occurred. Because of their commitment to safeguarding the financial security of working families, labor unions are now advocating that their members place identity theft protection high on their priority lists. Effective identity theft protection for union members should include a wide array of proactive and responsive components.

Identity thieves and hackers target home computers because they know families often do not maintain adequate security protection on their PCs. This makes these family users easy, lucrative sources. Many hackers access your personal information in order to steal your money and your identity or use your home computer as a shield to mask their identity as they steal from others.

Credit reports contain all the information any thief would need to steal existing accounts, or to swipe your identity completely and cause major financial harm. There are several ways those in the credit reporting industry manage to balance the need for accurate account information to issue credit ratings, while keeping enough information hidden to protect you from theft. But, not all systems are hacker proof. Data security standards are extremely high, and audits are frequent but not all systems are hacker proof.

Group identity theft has also become a major problem for consumers. A thief gains access to a place that keeps records for many people. Targets have included stores, fitness centers, car dealers, schools, hospitals, and even credit bureaus. Thieves may either use the stolen identities themselves or sell them to other criminals.

One of the most used scams is called “Pretexting”. The identity thief poses as a legitimate representative of a survey firm, bank, Internet service provider, employer, landlord, or even a government agency. The thief contacts you through the mail, telephone, or e-mail, and attempts to get you to reveal your information, usually by asking you to “verify” some data.

They usually ask for your full name, social security number, and date of birth. Then, they want bank and credit card numbers and expiration dates, any financial records they can get you to reveal.

They are many ways to protect yourself. Most of all, never give your information to a stranger, especially via email or telephone, and always contact the institution they claim to represent to check legitimacy.

Jim DeSantis

Jim DeSantis is a retired broadcast journalist. For his free report - How To Protect Yourself From Identity Theft - visit Jim’s website at http://www.jim-desantis.blogspot.com . It’s a direct download. No email or signup is required to get this free ebook.

Jim DeSantis may be contacted at http://on-line-tribune-front-page.blogspot.com/

_________________

See our other pages about identity theft and phishing:

Notes about security and online banking
14 Steps to Prevent Identity Theft
Reducing the Risks of Identity Theft
2007 News about the Incidence of Identity Theft
College Children – Targets for Identity Theft

Phishing and Identity Theft
Phishing in Banking and Finance
Phishing and vishing scam targeted Bank of America customers
Recognize Spoof and Phishing Emails
About an eBay phishing scam

photo credit: The Jamoker