Flame Malware Spreading Via Bogus Windows Updates

I frequently chastise people for ignoring Windows Update messages and prompts to apply patches to other applications such as Adobe products and Java. The response I frequently hear is “How do I know if the updates are real?” or “Yeah, I keep putting that off”.

I’ve always assumed that when Windows Update pops up in the system tray (the bottom right corner of your screen) that the messages are legitimate and safe since digital certificates are used by the operating system to verify authenticity.

You may not have heard about the newly publicized Flame malware since it has not made a splash in the U.S… yet.  However it’s all the rage in tech articles and blogs lately.  The Flame malware has created counterfeit security certificates that fool Microsoft Windows into thinking that bogus updates are real.  If these “updates” are applied, your computer is infected.

Fortunately, security companies and Microsoft have jumped up and issued (or will issue) updates to protect against these attacks.  However, they’re fearful that the malware may have other exploits that they have not yet discovered.

What to do? Unplug your computers from the internet!

HA! That’s not really an option.  However, it’s now more important than ever to make sure all operating system updates and patches are applied, that your antivirus software and definitions are updated, you’re running approved firewall software, and that you apply all updates and security patches to applications such as Microsoft Office, Adobe products and Java.  If you’re not running antivirus software, find one.  There are plenty of free (and very effective) options out there. 

For more information, take a look at this article from PCWorld:


Stay safe out there!


P.S. If you want to “geek out” and read more, take a look at the next articles.  While security firms are still wrestling with the code, so far they have found that Flame can monitor email inboxes, take screen shots of what you’re working on and even record conversations you’re having near your computer. It also exploits BlueTooth to spread to other devices. What’s really interesting is that this malware does not appear to be the work of bored teen geeks or crime syndicates from the former Soviet Union.  Instead, because it has to date targeted computers in Iran, security experts believe it was created as a cyber weapon by a nation-state.  Enjoy!



Somebody’s Watching Me

Somebody’s Watching Me

If you listen to the 80s station on Sirius/XM, you’re undoubtedly getting tired of Rockwell’s sole hit, Somebody’s Watching Me.  Since Al Gore was still working out the kinks of the internet, I imagine that Rockwell was not singing about online security. Instead, he was probably more worried about paying off Michael Jackson for backup vocals on the song’s chorus, since there were no other hits on his debut album. 

On a completely different note, I recently attended a very informative presentation on social media in which the speaker discussed the risks and rewards of social media.  Since the audience consisted of parents of middle- and high school students, he focused on the risks facing children and teens and how to keep them safe online.

I walked away comforted that everyone in the room knew a little more about online risks and were better prepared to watch over their kids as they navigated the world of social media. However, I couldn’t help wondering who might be watching over the parents and their technology.  In other words, are folks taking appropriate precautions to protect their computers and networks?  So, I compiled a quick and dirty list of a few things you can do to stay safe on the world wide web.  Rather than going into detail on how to configure all of these options, I have tried to keep it brief. Feel free to post follow-up questions if you need further guidance. Look for follow-up articles in the future that address some of these options.

Secure your wireless network:

Without a secure wireless network, anyone within shouting distance of your house can access the internet using your connection to download whatever they want on *your* network IP address.  Further, with the right tools (which are widely available on the internet) they can “listen” in on your connection, and may even be able to access files on your computer(s).

Securing your wireless network is much easier than it used to be. Where it once required careful review of the Owners Manual, newer wireless routers can have you surfing securely with the push of a button. Always select the highest security offered by your router.  WEP can be quickly cracked by a determined intruder, so use WPA or WPA2 if your wireless router supports it.

Avoid Using Public Computers to Login to Your Secure Accounts:

Sure, we’ve all been in a pinch before and logged into email on a public computer. However, that was before I knew what I know now. There’s absolutely no way to tell if a public computer is infected with malware, has keyloggers installed or other methods which can steal your credentials.  Malware can grab user names & passwords and beam your information to the mother ship.  Likewise, keyloggers can track every keystroke you make and report back to a hacker. Thus, browse online news and weather on the hotel’s business center computer.  Save online shopping, banking, and even email until you get back to a safe connection.

Use Antivirus Software and Keep it Updated

This one is a no-brainer. If you have not been affected by viruses/malware in the past, you will eventually.  Fortunately, you don’t have to pull out your wallet to stay safe, as discussed in my post on free antivirus options. Use one of the packages that I recommend or choose one you like by reviewing AV-Test’s ratings.

Online Banking, Shopping and Secure Sites:

Ever notice how your address bar turns green, shows a padlock and/or the address changes from http:// to https:// when you login to your bank or shopping site?  This assures you that your connection is encrypted, that the identity of the website has been verified by a third party and that it’s safe to send sensitive information such as your username, password and credit card information over the internet.  In fact, if you click on the green portion in the address bar or the padlock, you will see that the website’s identity has been verified by VeriSign, Thawte or another certificate authority (“CA”).  So while it seems like you’re just connecting to a remote website, there’s actually a lot of stuff going on in the background to verify to your browser that the website is authentic, that your transmissions across the internet are encrypted and that it’s safe to do business.

But what if you attempt to log into a shopping or banking site that should be secure and it is not, in fact, safe?  If you don’t get the https://, the green bar/padlock or you receive warnings that the site’s certificate has problems, check the address that you typed.  If it’s correct, get out and try again later. It may be a temporary glitch with the site’s certificate or the CA.  It’s not worth compromising your security and identity to buy ABBA’s Greatest Hits on an unsafe connection.

Be Careful Using Public Wireless Networks

Free wireless offered by coffee shops and other retailers helps offset Starbucks’ exorbitant coffee prices, but be cautious with your browsing on public networks. This may seem a bit paranoid, but I never do online banking or shopping on a public wireless network, even from my own laptop. Yeah, I know that the connection to the bank or Amazon is encrypted, but I have no control over the coffee shop’s wireless security so I would rather be safe than sorry.

The kid in the corner booth with the AlienWare laptop may be listening in on your connection using a packet sniffer, which is freely available on the internet. Further, if your firewall is turned off, you have shared folders turned on, or your operating system has not been patched, a determined hacker can easily access the files on your PC.

Windows 7 and Vista both make it easier to stay safe on public networks than XP. When you connect to a new wireless network, the Set Network Location provides 3 choices of network location types:  Home, Work and Public.  Always choose Public when out and about.  This sets your firewall at its highest security settings, turns off Network Discovery and file sharing options, providing higher security when on a public network.  

As a follow-up, make sure your mail connection is encrypted (see https:// discussion above).  Many webmail systems are not encrypted by default, but offer this option.  If your email provider offers secure browser connections (thanks, Gmail!) always turn it on.  If you trust the network you’re using, it may be safe to disable.

Windows Updates:

This one is extremely important and super easy to do.  Probably 75% of the computers I sit down with have pending security updates for Windows, Adobe, Java, etc.  Hackers are constantly identifying and exploiting security vulnerabilities in a variety of popular applications. In some cases, they are able to exploit these holes and take control of your computer.  Make sure that Windows Update is enabled and that you’re applying the critical and important updates on a regular basis.  Also, be sure to apply updates to other programs that notify you in the system tray.  Adobe and Java have been particularly susceptible to security issues over the last few years, so make sure you’re keeping the patches applied.

Use Strong Passwords

This one warrants its own post, so take a look at my discussion on passwords.

Other Stuff:

There are plenty of other precautions you can take to stay safe, such as demoting your user account to Standard instead of Administrator, avoiding suspicious links in emails and Facebook, and periodically backing up your data.  However, all this talk about security is making me hungry.  Think I’ll grab a double latte and a scone.  Can someone watch my laptop while I wash up?

Stay safe out there!


Browser Wars Heat Up

Which browser should you use? Over the last several years, the field has become increasingly crowded, giving users a variety of choices.  Ten years ago, the answer was simple:  With a few exceptions, everyone used Internet Exploder (IE). In fact, according to WikiPedia, IE commanded 95% of the market share as recently as 2003. Since then, a variety of new players have entered the market:  Mozilla Firefox, Google Chrome, Apple Safari and Opera are the most popular alternatives to IE.

Firefox entered the scene in late 2004. Many users, fed up with IE’s performance and security issues, jumped on the Firefox bandwagon, driving its market share as high as 31% in 2010.  In fact, IBM asked all 400,000 employees to switch to Firefox as their default browser in 2010.

Google entered the fray with its Chrome browser four years later in 2008. Citing faster performance, better security and tabs that run independently, Chrome has rapidly gobbled up market share from IE and Firefox.

Safari, the default browser on Apple devices, holds fourth place in market share.

Market Share

Several organizations track market share, and the fine details differ from firm to firm.  For trends and updated metrics, take a look at NetMarketshare.


IE has gotten hammered over the last few years, sliding from 68% of the market in 2008 to 49% in February, 2012. Firefox, which had a lock on the #2 spot, with 31% in 2010, is now going toe-to-toe with Chrome. The most recent report from NetMarketShare has Chrome jumping from 12% in April, 2011 to 17.5% in February, 2012 while Firefox slid from 22% to just over 19% during the same time period.

The Best

So which browser is best?  It depends on whom you ask.  They’re all freely downloadable on the internet, so cost is not an issue.  Factors to consider when evaluating a new browser include:

Performance – how fast do websites load?  This measure is heavily affected by the sites you’re browsing, your hardware, operating system, etc.  Speed is constantly assessed by many companies and rankings vary from shop to shop.

  1. Security – which browser keeps your information safe when shopping/banking online?  And which browsers protect you against malware?  A variety of features are available in each browser, including sandboxing, instant updates/patches, pop-up blockers, and private browsing.
  2. Add-ons are features that improve your web-browsing experience. Currently, Firefox boasts the most generous library of add-ons. While add-ons can customize your web browsing and make your browser far more useful, they can also slow down your browser’s performance.
  3. Stability – how often does the browser lock up or crash?  Chrome’s tabs all run independently. Thus, if a web page locks up, a plug-in crashes, or the tab otherwise becomes unresponsive, that tab can be closed without affecting your other tabs. Some browsers must be restarted when a single tab crashes.
  4. Ease of use – this one comes down to personal preference.  You should download 2 or 3 browsers and try each one for a few days to determine which one suits you best.  Most browsers have hidden toolbars and menus to maximize your viewing area. This is extremely helpful on small monitors.
  5. Other features include the ability to sync bookmarks with other computers, custom themes, RSS reader, etc.

The answers to many of these questions are available online.  PC World recently evaluated six browsers and crowned Chrome as the best overall in their April, 2012 issue. This, of course, can change over night with a new release from a competitor.

My personal favorite for the last few years has been Chrome.  I use Firefox on occasion, especially on my Linux computer.  When I run Firefox in Windows, it takes forever to open and crashes a lot, even when using the most recent version.  I use IE primarily when running Windows Update (since Microsoft doesn’t play well with others) and when I’m using someone else’s machine that has not seen the light.  Even Microsoft admits that IE (used to) stink(s) in this newly created Microsoft website.  I have used Safari on the rare occasion that I hop on my daughter’s school-issued MacBook, but have found no compelling reason to load it on my Windows machines.

I find that Chrome runs fast… really fast.  A good way to eek out even more speed from your web browser is to optimize your DNS settings, using NameBench.  Chrome is also more stable than the others, in my opinion.  On the rare occasion that a tab locks up or crashes, you can close the offending tab and preserve all other sessions.  Other cool features include ‘Pinned tabs’ and the ability to re-open the same tabs you were viewing in your last session.  For example, if you always have a half dozen web pages open on different tabs, you can set those to reopen every time you restart your computer and run Chrome.  I also like the fact that there’s no separate web search box, as in IE and Firefox.  Searches are entered in the address bar.  Further, the address bar turns green when you navigate to secure websites, assuring you that it’s safe to transmit sensitive information such as passwords and credit card data.

But this is just my opinion.  For another opinion, check out PC World’s assessment in their April, 2012 issue.  Alternatively, if you’re more enterprising and have a lot of time on your hands, run your own tests and let us know the results.