Those silly scammers.

I recently received a call from a gentleman claiming to be from Microsoft. He told me that my system had been sending out errors and he was calling to remove the issue. In case the title did not tell you enough, he was not really calling from Microsoft and there was nothing wrong with my computer at all. These scammers cold call people in hopes of getting someone who will pay. Occasionally, they call someone that knows about them and has nothing better to do then mess with them. This was one of those times and below is a reproduction of the call, which I wrote down.

Me: "Hello?"
Caller: "Hello sir, I am calling from Microsoft-"
Me: "Why is Microsoft calling me?"
Caller: "Well sir, there is a computer registered to this phone number which is sending out errors and issues."
Me: "Wow, that sounds bad. So the errors are infecting people?"
Caller: "No sir, the errors have infected your computer and we are calling to help you remove the issue."
Me: "OK, I see."
Caller: "OK then, are you in front of your computer?"
Me: "I am."
Caller: "OK, is the computer on?"
Me: "Yes it is."
Caller: "OK, and I am given to understand that you are running Windows Vista, is that correct?"
Me: "No, I'm not running Windows at all."
Caller: "Sorry?"
Me: "I'm not using Windows." (Yes I am.)
Caller: "OK, then I am sorry to bother you sir."
Me: "Wait, hold the phone. You said I had a problem with my computer. Why do you want to hang up on me now?"
Caller: "We are calling from the Windows Call Center-"
Me: "That's right, then how did you know to call me?"
Caller: "We have nothing to do with any computer that is not Windows." (Answer the question I asked!)
Me: "Then how did you know to call me? Because I was having a issue with my computer, and I was pulling my hair out. But somehow, you knew to call me."
Caller: "I am afraid I have to hang up now."
Me: "No! You are not going to tell me that I have a issue with my computer and then when I want to solve the issue, you are just going to hang up on me."
Caller: "Sir, you can call tech support for your computer and they will help you remove the issue. But because you are not running-"
Me: "Oh, wait. I know what the issue is. My Windows 7 PC is not plugged in. Thanks for your help tech."
Caller: You're welcome."
Me: "Have a nice day. Bye."

I must say, I enjoyed messing with this guy. He called me and told me I had an issue. So I can prove him wrong and mess with him. By the way, my phone number is not registered with anything I had to fill out to buy my computer. This proves that it is cold calling.

I hope you enjoyed reading this, and I hope I gave you a good laugh. Remember, if someone like this calls you, you will now know and will be able to have some fun of your own. Be sure to sound off in the comments, thank you for reading.

Read More

Is there such a thing is being too secure?

One thing that I seem to notice about a few computer security geeks (including me at one point) often try to get you to adopt an unrealistic amount of computer security. Well guess what? If people did what they said, there would be no issue with malware anymore.

On one online forum, I found someone talking about doing all of the following things. Here are some of the things he recommended doing, along with some of my objections.

Have a router which is focused on security. (Costs quite a pretty penny)

Have a firewall that prompts you to allow or deny all traffic. (So you would have to make all of the decisions. Go ahead if you want to spend hours learning what to allow and what to deny.)

Have your computer set to download all updates automatically. (Bad updates can be released, like the Patch Tuesday bad update that prevented some Windows 7 machines from booting.)

Have high end antivirus software. (Which most users don't need because it contains too much stuff that they don't use and may be a resource hog, slowing down the computer.)

Always have the latest Operating System available for your platform. (I know some Windows XP users who would object to this, so I'm not even gonna comment on this.)

Always have the heuristics on your antivirus set to maximum if possible. (This means that your antivirus program will be so sensitive that it will detect quite a few false positives. And if it detects a critical system file as malware, it's game over.)

Never connect the the internet. (This prevents most malware infections as well as prevents infections from spreading. Of course, this also means no internet, which means that the normal user would not be able to enjoy their computer.)

Did you read down the list of just 7? At that point I just had to stop. Really, are you going to do all of that and more? So, is there such a thing as being too secure? Your call on that. Thanks for reading, be sure to sound off in the comments.

Read More

Passwords: Too Tough to Crack: Step 5 and The Wrap Up.

For Part 1 of this series, go here.
For Part 2, go here.

Step 5: Use two factor verification if you can. Two factor verification is a method of protecting your accounts like passwords. But make no mistake, two factor verification is like passwords on steroids. And this method has become more popular in recent years due to the fact that everybody seems to be hacking everything. Two factor verification involves a password as well as another piece of info to prove that you are who you say you are. The second factor can be one of many things such as a special pin number or a code sent to your cell phone.

Two factor verification is a good solution, but a hindrance for some. Because of one main reason: This method is still subject to man in the middle attacks where an attacker can get the text messages containing the code. This is unlikely, but it is a possibility.

BONUS STEP 6: Protect yourself from malware now and in the future. I know I said that Step 5 would be the last one, but this is in a way, more important then any of the other steps, so I really don't think that's cheating. Taking the time to implment all the 5 steps will not really matter if your computer is infected with malware that targets passwords. Unfortunately, today's malware can log keystrokes, take screenshots of everything you click, etc. And no password is too tough to crack for a keylogger, it does not matter how long and complex you make it.

Bottom Line: Help yourself by remaining secure, and that includes keeping your passwords secure. Today, passwords safeguard much of our private lives. Take good care of your passwords and when that next security breach happens (and it will) they will take good care of you.

Thanks for reading this series, I hope you enjoyed reading it as much as I did writing it. Be sure to comment if you want to say something or you have a question.

Stay safe my friends.

Read More

Passwords: Too Tough to Crack: Part 2

For part 1 of our password series, go here

Step 2: Change your password regularly. I know, we've all been told that one before. But who actually does it? Before I got into the anti-malware game, I used to use the same password for years... until finally the account got hacked. This is why it is important to change passwords my friends. The hacked account was not a bank account, good for me. But it could have been and I could have lost money. I'm not trying to scare anyone or anything, but that is just the simple fact. And in theory, passwords are harder to guess or crack if they are changing every once in a while. This is why some network administrators have strict rules about changing passwords, it's a liability issue. If you can't keep yourself secure on a network, that makes you everybody's issue. I myself recommend changing passwords at least once every year. You can put it on your calender so that you will remember a year from now.

Step 3: Make your password unique for every account. If you have the same password for more then one account, it means that if one password is cracked, it increases the odds that the hacking will ruin your whole day. If you leave the keys to your house, your safe and your car around and they get stolen, your whole week is ruined.

Step 4: Use a password manager. If your heart rate has elevated quite a bit from the thought of having to remember all of those unique passwords, here is some relief. A password manager is a piece of software that helps your organize all your passwords. A big benefit to this is that your passwords are stored in one place so you can assess them without having to go to several different things to find just the one password you are looking for. And the best part? You can assess them all with one master password. So instead of memorizing a lot of passwords, you only have to memorize one. But remember to have the password info up to date in the software if you use step 2. The last thing you want is to be locked out of all your accounts because you only have the old passwords. Most password managers encrypt your master password so that it is less likely to be hacked.

Password managers have some drawbacks. Because your master password is highly sought after. Because if someone can get one key to the safe that holds all of the keys to your locked doors, we have the same old issue again. Even so, password managers are still a good way to keep your passwords secure. So here are a few tips to keep that master password secure and where it belongs.

1. Always use a password manager that encrypts your passwords. This is where you are going to want to do some research to see what type of encryption is best for you.

2. Ensure your master password is both long and complex. Long and complex passwords are harder to crack, and they can only get safer if you make them longer and more complex. So how about we use that to our advantage with our master password?

3. Do not disclose your master password. EVER... Well, maybe if you are held at gunpoint. But it is unlikely that a mugger would ask for that.

4. Protect your computer from malware that could obtain your master password.

Stay tuned for part 3 with one more tip and the wrap up.

Read More

Shameless Plug: I talk about my new YouTube video.

So, how did you like my new YouTube video? Did you like it? If you haven't seen it, I'll put a link up and will talk as if you have seen it. So go here and then come back. Go ahead, I'll wait.


...Got it? Good.

OK, all those error messages are insane, right? The good news is that nothing bad happened to my computer, I intentionally made those error messages. I made them using VBScript, which is a simple to learn programming language that in this case allows me to make error messages like these. If you are vindictive enough, you could use it to fool a friend into thinking that their computer has malware. I will not tell you how to do this because I would like to save it for another post another day.

Obviously, if something like this happens to you when you did not use VBScript, something is really wrong. And your average user upon seeing this would be like "What is happening?" And this sort of thing could just be annoying, what with all those error messages. Like the title in the video says, everything's failing. I really do not know how many error messages I intentionally brought up using VBScript, but judging from the video, quite a few.

Thanks for reading, be sure to watch the video and enjoy the accompanying music that really lends itself to the video. It's somewhat upbeat and I thought that it matched the video perfectly. Remember, if you have questions or comments, be sure to comment below.

Read More

Passwords: Too Tough to Crack: Part 1

There are several times in your life where you have to prove who you are one way or another. Otherwise, anybody could be "you."

As all too many people are aware of, we've seen a sharp increase in Identity Theft in the 21st century. The idea of someone pretending to be you is nothing new, but fooling a computer is a little easier then fooling a bank teller. And the issue has become so widespread that several companies have emerged that are dedicated solely to prevent Identity Theft. I will not go into the inner workings of how ID theft happens, if anything that should be in a post of it's own.

By and large, passwords are the key to keeping your ID in the right hands online. Sure, there are those new biometric scanners that scan your fingerprint, but passwords are still the most popular way to do it. This is because passwords are cheap and easy to implement, in contrast with those scanners, which are often pricey at best and a pain to install. But, passwords can also be very easy to crack as well. Because if you have been on the internet for more then a few years, odds are you have accumulated quite a few accounts that require a password. And the more you have, the better odds are you have used the same password for more then one thing. Don't believe me? Take a look. Go through your stock of passwords, in written form or in your head.

Done? OK. Considering this, is there any doubt that because your passwords are valuable, they are targeted by hackers? If you answered Yes, you are correct. So, what are we gonna do about it?

Step 1: Use a strong password. Remember that big stack of passwords we went through earlier? Think back and you may remember that the system rejected your first attempt at a password because it was too short. So we enter in a longer password, or a password that the system suggested for us. The issue? We cannot remember long and convoluted passwords. So quite a few of us decide to use keyboard patterns or movie names for passwords. But this is not going to make your password stronger because of the fact that these are often the first things password crackers test. Making a strong password may seem daunting at first, but there are tools to help you. Go to http://howsecureismypassword.net/ and type in a password you might consider using for yours (don't worry, it is completely safe.) If the password you use right now can be cracked instantly or in a short amount of time, it may be time to change to something more complex.

Keep the following in mind when you go to make that stronger password.

1. Make it strong (perhaps 12 characters.)
2. Use numbers and maybe a symbol if you can.
3. Make random letters in your password CaPitaLized.
4. Use words that are memorable to you, but not very easy for others to guess.

Stay tuned for Part 2.

Read More

Java: No more coffee for you.

Odds are that every blogger that has a tight focus on computer security has authored a blog post about Java. So why am I wasting your time? I am just in case the reader happens to know an alien (little green men) that does not know about this. And for those that are of the Homo Sapiens race, I will try to make this post not boring because you have likely heard of the Java exploits as of late.

First, what is Java? Java is a cross platform programing language that is cross platform. That's techie talk for code that can be run on multiple operating systems without having to change the code for that specific operating system (such as running on Windows and then turning around and running on Mac OS X.) While this can be useful, it can also mean that an exploit affects everybody using Java. So, sorry Mac users, if Java can be exploited, so can your Mac.

Why is it so important to keep Java updated if you need it? Java is exploited frequently today, that means that hackers have found weaknesses in the security that allows them to launch attacks. If a hacker launches an attack against you, your whole day can be ruined. But there are two issues with constantly updating Java. They are: 1. It seems to be a cat and mouse game, once something is fixed, something else is found that hackers can take advantage of. 2. The hackers normally know about the exploit at least a day before the good guys do, this is time that they can use to launch attacks right now without having to wait. This is why every computer security expert worth his or her salt (and me as well) recommends disabling Java if you do not need it.

For instructions on how to disable Java go here. The article is old, but you can still use the instructions provided.

Hope this helps with some confusion you might of had about Java. And if this post helped an alien you know, please tell it to comment below. You can comment too if you want. By the way, the name comes from the fact that the creator drinks quite a lot of Java coffee.

Read More

The pen (or keyboard) is mightier then the malware!

The title kinda says it all, doesn't it? I say it because... well, because it's true, really.

If you are a loyal reader of my blog, you will no doubt have noticed that malware can spread quickly across the internet. This is because they have the methods to do it that are hard to stop: Social Media, Email, Chat Programs, etc. This technology moves fast, so the malware moves as fast as the technology does. With one post on a social media website that grabs passwords and sends itself along, someone could infect the entire web.

Sounds like we are at a disadvantage, right? In a way, we are. Because most of the time, malware is set to automatically do this stuff right after it infects a computer. But we can turn the tables: We can use the very same technology that they use against them. We can spread news that there is a new piece of malware that users should be on the lookout for. We can spread the info on how to avoid getting infected. We can spread the news of anything really at a speed that almost matches that of the malware. If users know ahead of time, they can know not to click on something that they now know is infected or is malware in and of itself, effectively stopping the malware process of infecting and spreading.

Unfortunately, this is something that can only be done if we get enough people to share the info with others from the start. If we can, that means that friends that share the info with friends will get some of their friends interested. And those friends in turn will spread the info along to their friends. Then those friends will spread it on, and so on, and so on, and... well you get the idea.

This is what I attempt to do by blogging. If the info gets out there before the malware really starts gearing up, we can keep the number of infected computers down to it's minimum. And because cybercriminals make money for every infection, this means that they make less money and can use less money to make more malware. This can start a downward spiral until the number of infected computers reaches where it should be: ZERO. This may seem like a lofty goal, but it can be done. It must be done, because I doubt that anyone who has found themselves the victim of malware wants to live in a world where it cannot be stopped. And once it is stopped, people like me will no longer have a reason to continue telling others.

Feel free to comment if you have any questions or you just want to say something.

Read More

Why events that get massive media coverage are a boon for malware writers.

Around 2:50 PM EDT today, two bombs were detonated in Boston on Boylston Street near Copley Square, just before the finish line of the 2013 Boston Marathon. The bombs killed at least 2 people and injured at least 134. Before I get started with this post, I would like to extend my deepest condolences to those affected by this act of terrorism. And I almost did not post this, because I do not think you deserve to go through the pain of discovering how malware writers are making money off of an event that caused you pain, physical or emotional. But the population at large deserves to know.

So, how do malware writers capitalize on events like these? The most destructive of ways is SEO poisoning, which is a method of cheating search engines so that infected websites end up at the top of the results. In this case, you could search for "Boston Marathon bombing" and you naturally click on one of the first results you see. From a search engine, these infected websites can do such things as redirect you to a website that claims that your computer is infected. If you are a fan of my blog, you no doubt notice that this is a classic method that rogue antivirus programs use to scare you. But this is just one example, the infected website could also download malware of all kinds to your computer without your knowledge.

A less destructive method used is by email. Malware writers send out mass emails either using an email account that the email originated from, or from a hijacked email account. So you can get an email from your friend in your inbox about the bombing that would have malware right in the message, or the malware could be in a fake "document" that supposedly contains information about it. One possible scenario is that the email could contain information about a fictitious "forth bomb."

Once again, I would like to extend my deepest condolences to those affected by this tragic event.

Read More

URGENT Warning: Do not install MS13-036

This is a warning to those running Windows 7.

Microsoft has recently released a faulty security update that could lead to your Windows 7 PC failing to boot after a reboot or restart. If you have Kaspersky antivirus, it will pop up an error message stating that your license is invalid, causing all functions of Kaspersky to stop.

Microsoft is recommending that users of Windows 7 uninstall this update if they have it. They are offering instructions on how to do just that here. As a precaution, Microsoft has pulled the download link for the faulty update. This will prevent those that have not installed the update from being able to install it. Microsoft is currently investagating the issue. As this moves forword, I will have more information for readers, but this is all I know at this point.

Please pass this information on to those that you know that use Windows 7.

Read More

My list of the top 3 free pieces of software.

This is a departure from what I normally blog about. Why? Because times are tight, and the best things in life are free. The pieces of software on this list are software that I use and like.

1. Free Office Productivity Tools: A quick check online reveals that the cheapest Microsoft Office costs $140. For some people who need this software, this is way too much money then they can spend. So might I suggest an alternative? LibreOffice is a simple to use office suite that can do most of what you would use Microsoft Office for. You can read more about it here.

2. Free Antivirus Software: For some software, the only concern for the people who make the software is the funds in your bank account. But what if that software is meant to protect you? It is my belief that users should have a free option when they can't or will not pay to help keep their PC safe. There are quite a few free antivirus options out there, but my favorite is avast free antivirus. It is robust, it is light on resources so it will not slow your PC down to a crawl, and it is consistently beating paid-for products in independent tests. You can read more and download it here.

3.Free PC Optimization Software: Has your computer seen better days? Don't waste your money and buy a new one. Instead, you can download CCleaner. This software will help you clean junk off of your computer that you do not need and will even make it a little bit faster. But if your computer is really slow, a defragment might be just the thing you need.

That's it for this blog post. The above plugs were not paid for in any way by the respective companies or organizations. If you have a question, comment, or you just want to tell me how awesome I am, feel free to use the comment form below.

Read More

What does it mean: Sandbox

When you read the title, do you have visions of you as a young kid playing in a sandbox? It's OK, you can admit it, you are actually on the right track for this post. A sandbox in computing is somewhat like a sandbox in real life. An enclosed space that everything stays in. Ergo, a space where no program that you run in it can escape from it.

A sandbox is a space isolated from the rest of the computer that is used to run suspicious programs and code. From a malware standpoint, this is good. Because even if the program or code is malware, it cannot infect your PC.

I guess that there should be some visual explanation of this.

The sandbox is kind of like a jail inside the computer.

The diamond represents the program or code you are running in the sandbox.

 How is a sandbox like a jail?

The program can try all it wants, but it's not getting out of the sandbox.

So, this protects you from malware. This is because the program which may or may not be malware cannot reach any part of your machine.

At a security standpoint, this is a good thing. Because if a file or program is malicious, you can easily get rid of it without it doing anything to your computer. And if it is good or at least malware free, there is no hassle, drama, or crashes from a false positive like there is with antivirus software. This is actually why it is called a sandbox. Everything you put in the sandbox stays in the sandbox and does not come out.

Be sure to use the comment form below if you have a question, comment, or you just want to tell me how awesome I am. Really, I'm fine with any of those.

Read More

Using Windows XP? Here comes the end.

OK, a bit over-dramatic with the title, but literary license means I can, so I did.

Seriously now, on April 8, 2014, official support for Windows XP will end completely. This means no more updates, patches, fixes, or anything else from Microsoft for Windows XP.

Windows XP has stayed alive for almost 12 years now because quite a few people strongly said "NO!" to Windows Vista. But there is not going to be another reprieve for users that choose to hold on and stay with Windows XP.

This deadline does not mean that your computer running Windows XP will not work anymore, you will be able to use it just fine. But you will notice an eerily quite Patch Tuesday that you have become accustomed to.

Windows updates are a line of defense against not just malware, but system issues and problems as well.
I must say that I will be sad to see Windows XP go. I have fond memories of using it, of just looking at the wonderful default desktop wallpaper, of enjoying its simple to use nature.

For those whose computers cannot support a newer operating system, I am sorry. You need to buy a new computer. Most likely the new computer will run Windows 7 or 8.

I recommend Windows 7 because it is easy to use once you get the hang if it. It's faster, it has better graphics, and you are in control of a lot of things. This is just my personal preference over Windows 8 though, so you may want to test drive both to see what trips your trigger.

As always if you have any questions, comments, or you just want to tell me how awesome I am, be sure to comment below. It's free and always will be.

Read More

What Does It Mean: Firewall

Despite its name, the word wall really is not a good way to describe a firewall unless you have the firewall set to block everything, good, bad, and indifferent. In that case it really would be a wall, but this also means no internet which means you can't read your favorite anti-malware blog. : (

A better way to think of it would be like a guard station, the guard checks all the internet and network traffic that comes in and goes out of your computer. And if anything shows up sketchy, it stops it until it knows what to do either by preset rules, or by telling you that something going on and asking you what you want to do. If you tell the firewall to block it, it will block the traffic and stop the network or internet connection. Some advanced firewalls can also think for themselves and decide to allow or block the traffic depending on how it looks.

There are three kinds of firewalls: There are inbound only firewalls which only scan inbound traffic. There are outbound firewalls which only scan outbound traffic, and there are firewalls that do both.

Firewalls are often included with high end antivirus software but they can also be standalone programs with just the firewall included.

Firewalls are used to block malware coming from the network. It also blocks programs from connecting to the internet if you do not want them to.

I would have to say that my favorite type of firewall is one that thinks for itself and is inbound and outbound. The ideal firewall should think for itself, because you do not want to be bothered with making all of the decisions. Why? Because an alert saying "something.exe is trying to connect to the internet. Allow or Deny?" is not very helpful to those that don't know a whole lot about computers. And if you deny everything, that again means no internet which again means you can't read your favorite anti-malware blog.

I hope that this post helps explain what a firewall is and what it does. If you have a question, comment, or you want to tell me how awesome I am, be sure to leave a comment in the box below. It's FREE and always will be.

Read More

Haters Gotta Hate, Noobs Gotta Imitate.

The first big announcement is that my blog has reached 25,000 Pageviews! It's insane, right? The second announcement is that my blog is at this point being targeted by haters and imitators.

As for the first point, I have been subject to personal attacks on the web because I am sharing information on how to prevent you from being a victim. People calling me names, refusing to listen to reason when I tell them that the point that they are arguing is not the case at all.

As for the second point, I have noticed quite a few bloggers that have now been making posts quite like mine, they are attempting to actually imitate what I am doing. It's good that I am sparking interest, but this is dangerous and I will tell you why.

The people imitating me know very little about the subject they are trying to talk about, and while imitation is usually the highest form of flattery, it actually insults me here. This is because the imitators are sharing information and modifying it to claim it as their own. The problum? They are skipping steps, adding in steps that could ruin a computer. And the first rule in malware fighting is "First, do no harm." This translates that you should not be talking about something without knowing what you are talking about.

I don't know what I will do about any of this and likely will not know for some time. I don't even know about the fact that this blog post is an April Fools Day joke.

Wait.... What?

As much as you are laughing now, think about how my early drafts of this post must have been.

April Fools Everyone. Now get back to work! :D

Read More