Boydo's Tech Talk

This might polarise the audience a bit but I just wanted to expand on my thoughts in this earlier article.

In that article, I noted the only 100% effective solution to cure an infected computer is to format and reinstall or restore from a known good backup. Today, I tried and tried unsuccessfully to eradicate a trojan from a computer belonging to a business which drove their primary point of sale terminal. Unfortunately, it was so deeply rooted that it could not be removed manually or with specialised tools. Fortunately, they had another computer on hand to swap in to keep things going.

The problem is that antivirus software won’t catch 100% of the bad stuff coming in with pattern-based current technology. In order to detect a virus, it first must be known but there will always be a window of time where new viruses, worms, trojans and the like where they can get in and your AV might let it slip through. This is where being cautious with your online activities and portable storage comes to the fore.

Do you trust the site you are browsing or from which you are downloading a file?

Do you know where that storage device has come from and the computers to which it has been connected?

Were you expecting an attachment from that particular person?

If the answer to these questions is no, then you might want to think twice. These are popular vectors for malware infection.

Prevention is always better than the cure particularly as the cure cannot be known to completely reverse what has been installed. Also, regular and clean backups are also going to save you from losing data and time reinstalling and reconfiguring everything from scratch after an incident.

Just a short update tonight.

I’ve installed the recent beta of the upcoming version of Microsoft Security Essentials (Version 4.0.1111.0) to see how it performs and how different it is to prior versions. The upgrade only took a minute and I am setting it off on a scan to assess its speed.

No major red flags as yet but I’ll be sure to report anything that may come to light.

Stay tuned!

Looks like Microsoft are prepping a new major release of the popular Security Essentials package by enlisting a stack of beta testers prior to the final version going out.

Amongst existing features, it’s expected that new feature will include automatic malware removal (removing the requirement for user interaction) plus enhanced performance and protection capabilities.

At any rate, MSE still proves to be a credible option for people who cannot or just don’t want to pay for virus and malware protection for their computers. If you want to signup to be a part of the forthcoming beta you can do so here. Just remember, being beta software there could be unintended consequences!

Sometimes it can be hard getting an antivirus to install on an infected machine especially when malware is making it difficult to use an internet connection. I have covered other tools such as MalwareBytes in the past but I thought a new tool released by Microsoft was worth a mention.

The Microsoft Safety Scanner is a fully self-contained security tool that scans for viruses, spyware and other sorts of malware. It doesn’t require installation and works simply by executing the application. At present, the current file size weighing in at around 70MB which shouldn’t take too long on most broadband connections.

When you run the application, you’ll encounter the end user license agreement screen:

Microsoft Safety Scanner - EULA Screen

Then a welcome screen (which could have perhaps been removed to save another click):

Microsoft Safety Scanner - Welcome Screen

On the next screen, you can choose the type of scan you want to run (on infected machines the “full scan” option would probably be most appropriate):

Microsoft Safety Scanner - Scan Type Screen

Once you have chosen your scan, MSS will do its thing and start scanning:

Microsoft Safety Scanner - Scanning Screen

Once completed you’ll be provided the results of the scan (and my computer seems to be clean after a quick scan):

Microsoft Safety Scanner - Scan Results Screen

The scanner comes in 32-bit and 64-bit flavours so make sure you pick the right version for your copy of Windows. The software is also only valid for ten days after downloading. Whilst this might seem a bit inconvenient, it’s done to prevent people running old and obsolete software given the lack of built in update functionality. MSS is also not a replacement for antivirus software. Proper antivirus software runs continuously and automatically in the background to prevent infection whilst MSS is designed to manually remove infections after the fact.

So whilst you might not need MSS straight away it might come in handy later on.

Quick tip for this evening.

An update to Microsoft Security Essentials was released by Microsoft on 16 December, 2010 which saw the version number increment up to Version 2.0. This was after the second Tuesday of the month (AKA “Patch Tuesday”) where Microsoft releases patches and upgrades for its software through Windows Update. This meant that you may not have received the update unless you manually checked for it between 16/12/2010 and 11/01/2011 (“Patch Tuesday ” for January 2011).

However, it seems that people (including myself) still did not receive the update automatically so here’s what you can do to force an upgrade.

• Open Microsoft Security Essentials,
• Click on the down arrow next to “Help”,
• Click on “Check for software updates”.

Microsoft Security Essentials - Manually Check for Software Updates

Once you have successfully updated your software version number should jump up to 2.0.657.0 (at the time of writing) which can be checked by click on “About Security Essentials” in the “Help” dropdown menu shown above.

Another quick one for this evening.

Microsoft has changed its position on the usage of its Security Essentials software inside small businesses whereby it used to be prohibited under the End User License Agreement. Technically, there was nothing stopping small businesses (or anyone for that matter) from installing the software on a compatible computer, just the legality of such a move would be questionable.

I think Microsoft has done the right thing here anyway. It had nothing to lose by allowing small businesses to use the software and certainly there was no financial incentive in going after businesses that thought the software was good enough for commercial usage on a small scale. I’m sure Microsoft has bigger fish to fry at the moment with its impending Windows Phone 7 launch with handsets on the horizon amongst other things.

It seems that Microsoft is staying on the path of slowly wising up to things, except for its new Xbox 360 controller. The original Xbox 360 was white whilst the slim version is black and both had available matching peripherals. The new Xbox 360 controller is grey (matching neither version of the console) and its buttons aren’t coloured anymore (which screws up matching controller buttons to what is on screen).

Interface fail.

Just a quick one for tonight.

A few days ago, it was announced that Intel had bought McAfee for under $8 billion. McAfee was not in any financial trouble despite sending out an update to its antivirus software that rendered computers inoperable when a critical system file was quarantined.

The question here is what is Intel’s motivation in making such a move?

Intel is not in the security market from a desktop software perspective and the involvement that Intel does have in security is largely centric to the hardware inside our computers such as Trusted Platform Module which stores cryptographic information such as keys or certificates securely.

One can only guess that Intel is wanting to break into markets such as Unified Threat Management (UTM) boxes that have a wide range of capabilities such as firewall, VPN and real-time virus scanning (web and e-mail). Certainly as security becomes a bigger issue and small businesses are becoming more connected with larger networks, trying to keep every computer secure is a hard task in itself.

Still, I didn’t consider McAfee to be the shining beacon of the security industry. If you have been following the blog for a while you will know of my distaste of the major antivirus companies trotting out new products each year with questionable features and updates that serve nothing more to lock in more revenue and increased occupation of space on your hard drives. Perhaps as a security research firm McAfee might have had something to offer but their software solutions are woeful.

I guess we will see where Intel will take this recent acquisition but it will take some time to see what exactly the outcome will be.

These days, parents and small businesses can find it difficult to make sure internet access is being used responsibly not to mention the potential security implications for visiting unknown websites on a frequent basis. The incumbent Federal Government put its web filter strategy on ice in the lead up to the election and still appears to be something that could cost its re-election a week after the election closed.

It’s hard for everyone to be an expert on how to manage access to the internet especially when kids are always going to try and outsmart those restrictions and not everyone works in IT either.

So what can you do?

OpenDNS is a service that replaces the domain name system servers (DNS) that are automatically assigned by your ISP. For those that don’t know, computer use IP addresses (like 192.168.1.1 as an IPv4 address) to communicate with each other on a network (such as the Internet). Us humans don’t fare so well with numbers but we can remember words more easily which is why we use host names and domain names (like blog.mingersoft.com). DNS provides the “phone book” to translate the worded addresses into the numerical addresses.

By replacing your ISP provided DNS servers with those belonging to OpenDNS, you are improving the resilience of your internet connection in the event that your ISP’s DNS servers go down. Also, depending where you are, OpenDNS may be a bit faster than your ISP’s DNS servers. Furthermore, you can also manage the types of websites that can be accessed either by broad groups (such as classifieds, dating, photo sharing and social networking to name a few) or explicitly by domain name. There is also a stack of other things you can enable such as:

• malware/botnet protection,
• phishing protection,
• typo correction (if you type in google.cmo instead of google.com),
• traffic logging (so you can check out what addresses are being accessed and how often).

All you need to do to make this head to the OpenDNS site and sign up for a free account. There is a great guide on how to configure your computer or your router as well as a video tutorial (which I recommend you watch) here.

I’d encourage you to give it a go as it presents some advantages even for power users with its increased security benefits, globally distributed DNS servers (meaning that an OpenDNS DNS server is could be tolerate faults more easily than your ISP’s two DNS server) and the fact that it is free for personal use. You’ve got nothing to lose!

Just a quick update for this evening.

In news that might have slipped under the radar, Microsoft has released a beta version of its popular Microsoft Security Essentials software. This version of the software sports a few new features but also keeps down the bloat which is great for low end computers like netbooks. New features include:

• Windows Firewall integration,
• Internet Explorer integration (to help prevent against malware coming from the web),
• Revised protection engine (for more efficient detection and overall performance),
• Enhanced network protection (to help protect against threats on your local network).

Microsoft Security Essentials 2.0 Beta

On the surface it looks very much the same as the first version except for the black background. Functionality is also pretty similar and it does its thing in the background without nagging you unless it finds something (which I exactly the way I like it).

If you are keen to give it a try, you can visit Microsoft Connect and sign up for the beta. It’s available for Windows XP, Vista and 7 so most people should be able to install it. Just a word of warning, it is beta software so it can have the potential to crash your system or do bad stuff. Having said that, I have been using it without too many issues on my desktop computer at home.

Today, a work colleague and friend of mine had an issue with her computer being overcome by a nasty piece of malware formally known as PolyCrypt and commonly disguised as “Security Master AV” (which looks a lot like the Windows Security Centre). The computer was still operational and remote accessible via LogMeIn (which I have covered in a prior blog post).

These days, there are so many vectors for malware to get into a computer. Not only do we have to think about the media that we insert into the computer like floppies (if anyone still uses them), optical discs, external hard drives and USB sticks but things that arrive over the Internet like e-mail, webpages, torrents and instant messages. Long gone are the days where we had computers operate in complete isolation.

Malware can easily overrun your system by taking advantage of unplugged or undiscovered security holes in the software you use including your browser, e-mail client and operating system. It only takes one piece of software to succumb to a security exploit despite the rest being fully patched and all bets are off. That’s why it is really important to do accept the Windows Update notifications at a minimum.

Anyway, the malware in question had disabled McAfee (the resident antivirus) and had also suppressed Windows Defender (the resident anti-spyware software). I was not prevented from accessing the registry but I think this was due to the User Interface Privilege Isolation (UIPI) functionality in Windows Vista. This function prevents lower privileged processes (such as the malware) from controlling higher privileged ones. Internet Explorer would also close as soon as it would attempt to load a webpage but I found a way around this by right clicking on it then clicking on “Run as administrator” (which was then insulated from the malware as a result of UIPI).

Eventually, I found the manual steps for removing PolyCrypt but thought that the system really needed a thorough inspection. Since the already installed anti-spyware was non-functional I had to find an alternative.

Enter Malwarebytes’ Anti-Malware.

I used the free version in this instance which provides access to the on-demand malware removal functionality but if you stump up for a license at US$25 unlocks real-time protection as well as scheduled scanning and updating. It can scan an entire system fairly quickly and provides detailed logs as to what was found as well as the steps it took to remove any discovered malware. It has yet to let me down when a system is riddled with viruses and other rubbish.

At any rate, the affected system was back up and running later this morning (after a System Restore to fix the broken networking). However, you can only ever truly guarantee that a system is clean by reformatting and reinstalling from scratch or restoring from a known good back up (you are backing up, aren’t you?). however, to get by until that can be carried out then Malwarebytes’ Anti-Malware is very useful.