Wednesday, August 19, 2009

What Is The Best Anti-Virus Software.

I get asked this question alot so I thought I'd write a little bit about the subject. Let me start by explaining how anti-virus software works.

Anti-virus programmers use a database to store information on known viruses and many other malware types. As each new threat is discovered it is added to the database and sent to the user as a virus signature update. They also implement a huerisitics signature which is a means of detecting unknown threats by comparing the malware's activity type to that of known viruses or spyware. In theory these signatures should keep your computer safe.

The problem with virus signature detection is how often the vendors signature file is updated and delivered to the client. No single anti-virus software suite detects all threats. Many do not detect spyware and grayware at all.

The problem with naming any one Anti-Virus software company as "The Best" is often realitive to the users perference or the company trying to sell their product. Your local computer repair provider may have a contract with a anti-virus software vendor and recieve a commission of each sale, however that doesn't mean that the software they sell is the best.

In my shop I specialize in virus & spyware removal and often have to use several anti-virus and anti-spyware scanners to remove malware from clients computers, then I have to go back and hand remove any files missed by those scanners and often edit the Windows registry to remove yet more viral information.

Every computer user should be running some type of anti-virus and anti-spyware software and all of them will tell you not to run more than one on your computer. What that really means is that only one program should be running in the background for active protection, however having multiple anti-malware progams installed and run manually is smart computing.

So whether you choose to use Avast, AVG, Nortons, Malwarebytes or some companies anti-virus software be sure to keep it up to date, use the resident scanner and by all means when a file is flagged, carefully read the information from your program and take appropriate action.

I hope this helps some of you when deciding on your anti-virus software.

Friday, July 31, 2009

Will you upgrade to Windows 7

I've heard this question alot lately. Windows 7 is due to ship in October 2009. I have pre-ordered a copy for the office machine. I participated in the beta trials and sent 1000's of bug reports and suggestions to Microsoft. The RTM or release version appears to be stable however, there are still compatibility issues with hardware and older software.

When compatibility is mentioned however, everyone replies well there will be an XP Mode for older software... Well there is and assuming it works it would be great if it were offered to the general public.

What do you mean you say?

Well XP Mode is only available to users who purchase Windows 7 Professional or Ultimate. Do you know of any computer manufacturer that ships a computer with anything but a stripped down OEM version of Windows??

Are you going to buy all new software??? or upgrade to a 300$ version of Windows....

You tell me.....

Tuesday, June 30, 2009

Secure your e-mail

We all use anti-virus and anti-spyware programs to help fight online threats but what about those we willfully let in with our e-mail clients. Here are a few tips you can use to make incoming and outgoing e-mail a little safer.

1. Don't allow your e-mail client to completely render HTML e-mails.
It is much safer to have your e-mail client render your incoming e-mails with limited HTML or better yet as plain text. Allowing full HTML rendering of your e-mail leaves you open as a valid recipient of spam or the risk of getting successfully phished by some malicious security cracker or identity thief.

2. Avoid free e-mail services.
Your POP3 account from your ISP is more secure than free e-mail services such as YahooMail, GMail and other free e-mail providers. ISP's usually require encryption to send and recieve e-mail and they do not sell or share your information.

3. Don't Access your e-mail account from an unsecured network.
We all want to check e-mail or banking while we're away on vacation. Often internet cafe's and free wireless access points are unsecure leaving your data open to the public.

4. Safe guard your address book users.
Address books are handy to send e-mail to all your friends and family with a simple click, however many trojans are designed to use your stored address book to send malicious code to all your users.

5. Use BBC when sending e-mail to multiple recipients.
Using BBC when sending e-mail to everyone in your address book ensures that each
user sees only his or her own e-mail address. Other recipients e-mail addresses are
hidden.

Thursday, June 18, 2009

Netbooks. Are they worth it?

Dell, HP, Acer are all selling the new Netbooks. I'll review them from 2 points of view.

As a computer user I find the netbooks small, extemely low end, and usually running a low end obsolete operating system. The screen size is difficult to read, the keyboard smaller still. With no cd or dvd rom, limited usb ports or the power to properly power external hardware at 299.00 its no bargin.

As a computer repair technician they are horrible to work on.

Conclusion:
Buy a Netbook, external powered DVD burner, external powered external hard drive or

Buy a low end laptop. Most laptops today start at 399.00 and include a current operating system, DVD burner, ample usb ports and a screen you can see.

I would love to see some feedback on this subject.

Thursday, June 4, 2009

Is your Website Infected?

This week a new round of javascript injections are infecting legitimate websites. The active exploit site uses a name similar to the Google Analytics domain (google-analytics.com), which provides website stat services to webmasters.

If a user loads the site with the injection code they get passed onto a site that tries to exploit Internet Explorer or Firefox vulnerabilities to infect the users computer with malware. If the false site can't find a browser vulnerability, it tries to trick the user into downloading a Trojan.

All Webmasters should check their site regularly for any code they know shouldn't be there.
Most injection exploits can be found in the head section or just before the ending Body tag in your web pages.

They are almost always javascript and can contain an iframe.
If your using any scripts that accept user input in forms, guestbooks ect, be sure to secure them. Escaping characters is essential.

There are always going to be new exploits. Anti-virus companies, software developers and Microsoft, Apple and the rest all try to patch these exploits but it's really up to the user to be sure they are secure.

Friday, May 29, 2009

What is the Safest P2P Program?

Morning Folks,

It amazes me how many people ask this question and others much like it. P2P programs don't give you viruses and spyware, the files you download do. Everyone wants something for nothing.

Now I'm not saying all p2p users are sending out viruses and spyware, that just wouldn't be true.
And p2p programs are nice for sharing legitimate files with others, however there will always be someone writing bad code just because they can.

I could just say go buy the software you need but of course I'm not here to judge anyone. To each his/her own so I'll tell you how to be a little safer.

Make sure the anti-virus your using can scan incoming files. If it can't get a new one. Set the scanner to scan all incoming files from p2p. Avast anti-virus has this option and it works well.

Compare file sizes.. You want a program and its 50mb on the manufacturer's site, you look it up in your p2p program and its 52.6mb, does that tell you any thing?

You virus scanner warns you about a possible virus and you contiune any way... This is plain dumb. If any scanner flags a file its most likley infected.

What if your not using a p2p program but instead use a torrent client built into your browser?
99.9% of Adult sites, Warez Sites, and Torrent Sites have either been hijacked or purposly infect your machine.

If you must surf these sites set your browser to block all pop's ups, disable all scripting, and disable iframes. While your surfing may be somewhat limited you will be much safer and those sites that won't load at all.... well your better off.

Users give these hijackers the ability to spread more and more infections. Maybe this will help some of you avoide that.

Tuesday, May 12, 2009

60% Of Computer Users Still Use Windows XP

It is estimated that over 60% of us still use Windows XP.

Microsoft ended Mainstream support for Windows XP in April 2009.
This means customers will no longer receive complimentary support, be able to request design changes, and other kinds of updates for the product, but it doesn't mean we can't contiune to use it.

XP is still available for purchase at some online retailers. I have downgraded many clients machines from Windows Vista to Windows XP HOME and PRO alike in the last 6 months.
All of our office machines and home machines still use XP and will continue to do so.

As for those who like Windows Vista, more power to you. I truly gave that operating system a chance and it failed miserably. Not to mention having to upgrade hardware and purchase all new programs just to conduct my business.

Microsoft will offer customer extended support until 2014. This will include security updates and paid customer supportuntil April 2014.

I for one am glad to hear this. I understand that XP is well past its prime as far as Microsoft is concerned. 8 years is a longtime for an operating system to be around. However if my choice is Windows Vista over XP there is no contest. I'd run XP without patches and security updates for the stability and compatibility alone.
Maybe Microsoft can convince us Windows 7 will be the New XP (a reliable operating system with good compatibility) but I'll reserve my opinion on that for now.

Is it a Virus, Spyware or Malware??

I thought I'd take a moment to clarify many misconceptions users face when their computer is affected by some form of malware. Today the term Malware is used to lump all computer infections together.

I get many calls daily asking what it costs to remove a virus. 99.9% of the time the user has spyware or grayware, many users aren't awareof the different terms related to computer infections. Maybe these will help.

Malware: Malware is the term used to describe any form of unwanted software.

Grayware: Grayware or greyware is the term used to describe borderline malware. Such as many tool bars include, like user surfing tracking.

Virus: A virus is the very worse malware. It replicates itself, can stay well hidden, changes or replaces system files and can often not be removed. A true virus always has a payload of some type. Most often leaving your computer useless.

Spyware: Spyware is pretty much self explanatory. It adds code to track your activities and attempts to send sensitive information back to the author. It is also able to disable your anti-virus software.

Worms: Worms are dangerous and hard to detect. These forms of malware hide well and are used for several purposes. They can steal your private information, make your computer a bot, server, or worse. They allow the author complete backdoor access to your computer.

Trojans: Trojans usually appear to be useful legitimate programs. For instance, video codecs, a content player, a game crack. When installed they add malicious code that may take the form of any of the types of malware. Most Trojans are easily detected by anti-virus and anti-spyware programs.

Scareware: These programs are usually more of an annoyance then anything. They install a fake anti-virus that informs the user he or she is infected with some type of malware and to remove it they must purchase the software. These programs are able to disable your anti-virus, anti-malware programs and your firewall. Often they can contain a Trojan horse as well.

No computer infection should be ignored. Many have the ability to phone home and download additional copies, making data loss quite likely. A good virus scanner, anti-spyware scanner, and regular updates are essential. Please note however, not any one scanner can find everything.

Hope this helps you understand some of the online threats you face every day.

Wednesday, April 29, 2009

Security Hole Discovered In Adobe Reader

Adobe Systems late Tuesday acknowledged that all versions of its popular Acrobat and Reader software, for Windows, Mac and Linux, contain at least one, and possibly two, critical vulnerabilities that leave users open to a javascript exploit.

Until a patch is released Adobe is recommending users disable javascript to avoid this issue.

Windows users can disable javascript in Reader and Acrobat by selecting Preferences from the Edit menu, selecting javascript, and unchecking the Enable Acrobat JavaScript option.

Mac users can disable javascript in preferences, under the Adobe Reader or Adobe Acrobat menu.


Tuesday, April 28, 2009

Safer Internet Surfing

Whew busy busy busy, to many machines infected with spyware, rouge anti-virus and pop-ups. Many of you are probably already aware that several browsers have the ability to allow surfing the Internet without add-on's.

Internet Explorer and Firefox both offer safer browsing without add-on's. Add-on's are those lil programs and scripts that allow us to see and hear the cool stuff in web pages.

While we all love the bells and whistles online they are becoming increasingly dangerous to our computers. It is estimated that web site infections by rouge anti-virus and trojans via active x controls are rising daily.

Good Luck and Safe Surfing.

Friday, April 10, 2009

New Conficker Threat?

Conficker Update

I had a feeling this threat wasn't to be written off so easily. The Conficker worm released a new update to infected pc's via P2P programs in the last few days.

Conficker.e is downloading and installing fake security software. Often called rogue anti-virus or scareware it advises users they are infected with bogus malware and then opening 100's of pop-ups until they spend $50 to buy a useless program or pay a local repair shop to remove it. Rogue antivirus software has become a huge business, large enough for even Microsoft to worry about.

Conficker.e seems to have teamed up with Waledac authors.
Waledac is a malicious program that turns infected computers into spam bots, steals personal data, and opens up the users computer to any number of remote operations.

We'll need to keep a close eye on this one.

Have you been infected with Conficker or another form of malware?

Let us know.

Tuesday, April 7, 2009

Windows XP To Be Supported To 2010

While this may not seem to fall in my normal category of security, it really does. Microsoft may be done with Windows XP and I realize its 8 years old, however many of us have several years left in our "newer" computers that simply won't run Windows Vista or the new Windows 7 slated to ship in 2010.

I don't know about you but I am not ready to run out and get a new computer just because Microsoft wanted a new operating system.

I think we as consumers have every right to the service packs and security fixes without having to purchase a new product.
Most users have propreitary computers that shipped with the orginal XP or SP1. If a restore is necessary, and it will be... they are not safe. Windows has to many bugs and security holes.

Maybe Microsoft ought to offer a complete service pack download before it pulls the plug on XP for good.

You tell me...

Thursday, April 2, 2009

Avast Anti-Virus Won the Poll

Thanks to all of you that read this blog and voted on your favorite anti-virus.
Avast Anti-Virus was the Winner among you. Your feedback is greatly appreciated.
This month we'll look at the favorite spyware removal tools you like best. I look forward to the results.

Confiker A Bust, I'm not so sure...

The conficker worm which showed up about 6 months ago has became one of the most talked about and reported on malware since the cih virus of 1998. While its not destructive in nature it has the potential to cause havoc for many computer users. There was big hype this week about a mass launch on April 1st, 2009.

News sources seem to think that the writers of Conficker, also known as downadup was defeated due to all the hype and press. I can't say I agree with this, there are still thousands of computers out there infected with this malware and they aren't even aware of it, furthermore these boys are not stupid. I beleive they will bide their time quietly sending out their new and improved version and wait til the hype dies down.

Anti-virus companies are still scrambling to add signatures to remove it. If you installed the Microsoft patch months ago you may be protected. If you install it now and have the worm its moot.

Virus and Spyware removal is what I do best and I'll not write off this one just yet.

Thursday, March 26, 2009

New Firefox Vulnerability Found

New attack code has been released today targeting the Firefox Browser. This new attacks has sent Firefox developers scrambling to patch the flaw. Until it is patched, this code could be modified by attackers and used to install unauthorized software onto a Firefox user's machine.

This bug affects Firefox on all operating systems, including Mac OS and Linux. This vulnerability tricks the user into viewing a maliciously coded XML file. The attacker could than use this bug to install unauthorized software on a victim's system. This kind of drive-by download, has become increasingly popular in recent years.

Firefox users will be issued a fix for this vulnerability its it's upcoming 3.08 version release. It is recommended users update as soon as it's released.

Wednesday, March 25, 2009

Adobe Zero Day Exploit Patch

There was a security hole found in Adobe Acrobat Reader and Acrobat 9. Adobe reports..

This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue has been being exploited for over 2 months.

This patch is important.

Many of us disable auto-updates, or just don't bother to install the newest version of the software we're using. This exploit in Adobe reader 9.1 and Acrobat 9.1 can be triggered with no action from the user. It can use the Windows Indexing Service to trigger the bug.

This vulnerability can be triggered simply by sending someone a malicious PDF document, and using Windows Explorer's ability to read the file automatically.

I would suggest getting the patch asap.

Sunday, March 22, 2009

Internet Explorer Causes Your Computer to Restart

The Problem

Interesting job I had in the shop today. Windows XP Home sp2 and Internet Explorer 7 on an old hp. The computer would restart everytime Internet Explorer was opened. It never even fully loaded. The computer has AVG 8 free edition so my first thought was a Windows issue. But I have a system diagnostic routine I follow on every machine so using my own security tools, Malwarebytes anti-malware and avast anti-virus I find that 309 files are infected.

Internet Explorer had 4 toolbars installed. Several instances of Vundo, and several generic trojans.

The Fix
Begin by removing all toolbars in add/remove. There is no telling which one is casuing the issue, you can always install the one you really want later.

Download and run Malwarebyte Anti-Malware Here
Let it remove what it can.

Disable or remove any anti-virus software you have installed
Download and install Avast Anti-Virus Here
On installation schedule a boot time scan.
When asked to reboot Cancel.
Open Avast and update it. When the update is complete restart your computer.
Follow the scan as it will ask for your permission on the action for each infection found.

When the scan is finished and the computer has been cleaned it will boot to Windows.
Run a final full scan of both programs to be sure you found all infected files.

Hope this helps some of you :)

Thursday, March 12, 2009

E-mail Scam IRS Stimulus Payments

Per usual scammers are using e-mail scams to try to steal your personal information. Social Security numbers, Bank Account information and more. The new scam comes as an e-mail appearing to be from the IRS asking you to provide personal data to ensure delivery of your stimulus payment. The IRS or any government agency will ever solicit this type of information by e-mail.

Users receiving this type of fraudulent IRS e-mail are encouraged not to click on any links contained therein and to forward the message and the website URL to the IRS at phishing@irs.gov.

Wednesday, March 11, 2009

Bad Symantec update leads to trouble for users

Hackers took advantage of a Symantec issue today to flood search engines with more troublesome redirection to rouge anti-virus sites. Apparently Symantec periodically sends its users PIFTS known as Product Information Framework Troubleshooter which is a diagnostic program that anonymously collects information such as the operating system and version number of the product being used in order to get a snapshot of its user base. This time however the file wasn't digitally signed cauing many firewalls to flag it, including Symantec's own firewall.

So my advice for the time being. Don't install PIFTS.exe. If you visit a website and are advised your computer is infected, CTRL, ALT, DEL and end task on your browser process. Then run a good anti-virus software and anti-spyware program like Avast and Malwarebytes.



Monday, March 2, 2009

Update Win32.Vitro

It appears this nasty peice of work is causing many issues. As I have mentioned in my previous post, at this time it cannot be removed and a format is necessary.
From my research The transmition of this virus seems to come from an infected movie type file. This file informs you you'll need a codec to view it, when you agree it infects your system.

When installed it injects code into running processes than hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

This vitro virus then infects every program you open. While good firewall and security software is essential to your online safety, they alone are not enough. Use caution when asked to download codecs or add-on's.

If you do get infected with this virus. DO NOT use previous backups. Perform a full clean install of Windows and your programs.

Friday, February 27, 2009

DCS Tech Corner

DCS Computer Services has launched a tech support forum called DCS Tech Corner. You can get help with Microsoft Windows, computer hardware, computer software, networking, virus & spyware removal, and much more. Contributors are welcome to join and share their knowledge. Hope to see you there.
DCS Tech Corner

Thursday, February 19, 2009

New Virus Warning W32.Vitro

I recently got a machine in the shop which failed to boot after what appeared to be a Microsoft Update. Apparently this was NOT a legit Windows Update Icon and when installed infected all called exe files on reboot.

This Virus is known as W32.Vitro. It is a polymorphic virus. Polymorphic viruses were first seen in 1990. A polymorphic virus is one that replicates itself every time a legitimate program on your computer is run. The file names on your computer will appear to be normal when in fact they are now part of the virus. Each and every program opened by Windows will become infected.

At this time Nortons, Macafee, AVG and others do not detect it. Avast was able to detect it but became infected as well. At this writing there is no way to remove this virus successfully.
A format alone may not be enough. Deletion of the partition, recreation of the partition, a hard format, and complete Windows installation will be necessary.

Back up of files is NOT recommended. The virus infects any external media you may use, burning programs, cdr's flash drives.

This new outbreak seems to have been discovered just this week. There is little information about its transmission as yet.

I will keep you posted as more information becomes available.

Tuesday, February 10, 2009

Malware Software Reviews

I am impressed with the new Malware scanner by Malwarebytes. This scanner does an exceptional job of identifying and removing malicious software from your computer.
There is a freeware scanner that can be updated and run manually or a very reasonably priced resident scanner. This tool is a must have for any Internet user.

You can download the free scanner here:
Malwarebyes Anti-Malware

Don't Be Duped by Rouge Anti-Virus Software

The newest trend in security issues seems to be Rogue Anti-Virus Software. While not a threat exactly it's a major annoyance. The bogus company or web site throws up a alert window informing you that your computer is infected. The truth is it's probably not. Unfortunately selecting cancel does not solve the issue If you encounter this situation, using CTRL, ALT, DEL and ending task on your browser process can often prevent this.

Are you infected with Rogue Anti-Virus Software?
Were You able to remove it?
Sound off and let us know.

Friday, January 30, 2009

Free Email Support

Ever need help with your computer and when you call tech support they tell you they will answer your question for 39.95 since your computer is out of warranty?
We offer a Free Help Desk. You can submit your questions and recieve a response in approximately 24 hours.
DCS Help Desk