Monday, November 18, 2013



In years gone by if someone asked me what to get for A/V software it would have been easy for me to say "Norton". In the last three years the landscape and frequency of attacks, not to forget varieties, have caused a "See-Saw" effect, sometimes rightfully so, other times I suspect to generate more traffic to a website. Some popular websites, along the lines of PC WORLD, PCMAG, CNET, and many other computer/consumer electronics based sites seem to run "The Top Ten Anti-Virus Suites" several times a year, at least one, more than twice. As a consumer that can confuse the heck outta someone.

Symantec seemed to fall from grace during these tests at the end of last year putting Trend Micro and Kaspersky at the top, yet I have to wonder about a series of tests in a controlled environment for a limited period of time, much like these sites do when they declare an HP laptop as their top buy (based on price). Yes, that HP performed their lab tests just fine for it's price point, but one thing I haven't seen is the same website or magazine pick the same laptop (or desktop) and get a customer survey on just how well it's held up over a 6, 8, or 12 month period.

I hear a lot of trash talk about anti-virus software at times, for instance when Norton 360 is brought up I hear moans of how much it slows down the customers computer(s), etc. Yet I've used it on several PCs at home for over 7 years without a sign of a slow down. Am I just lucky? I don't think so Tim...

Consumers, on the other hand, are usually cheap when it comes to A/V software. They may have spent $800 on their new computer, but are reticent about laying down another $60 for something like Trend Micro with a 2-year subscription. So they'll put a free anti-virus product on their machine and wonder months later how their computer(s) could have so many infections.

What would I suggest to you? I would have no problems telling you to pick from any one of these 3 suites: Trend Micro, Kaspersky, or Norton 360.

'Nuff Said,

Sunday, November 17, 2013

Security Briefs


An article in PC WORLD reports that 81% of all mobile smart phones are using the Android OS. That percentage is hardly surprising as it seems that every one and their cousin have Android phones on the market, as compared to APPLE which has the "iPhone".

What they didn't say was that almost 80% of mobile phone malware was structured for Android phones. While the year hasn't ended yet, the final figures aren't out, so I'll just remind you that last year one security firm detected 350,000 malware threats for Android, and at the beginning of this year it was predicted that the number of detected Android malware threats could reach one million [source: ZDnet and Trend Micro].

Thus, if you must go down the Android path, it would be in your best interest to buy mobile anti-virus software from someone like Trend Micro, Norton, or Kaspersky.

I've been asked several times by different sources to come up with a step-by-step guide to removing viruses, including all of the utilities I use so it would become that companies virus removal policy guide. The reason I received the requests is due to my average in cleaning computers of various infections [I would have to go back and check, but the percentage is well over 90%].

The problem with anything I write becoming that companies "POLICY" is that I'd be the first one to break it. Different infections require different tactics, scrambling the step-by-step guide with each different virus, trojan, etc. 

If you are very good at malware removal and suddenly a policy is put into place on how to remove viruses I would suggest that you nod your head in agreement and continue to do whatever you do that works, and on the flip side of this, if you bring six out of ten infected computers back to your business for virus removable I would try to talk to your supervisor and just tell him "Hey, I'm good at what I do, but for some reason not with viruses." And usually they'll stop assigning you virus related calls.

You have to love fighting a good fight in removing whatever infections are plaguing a customers computer, often treating it like a game of Chess. But if your heart isn't in to it no guide will help you much at all.

'Nuff Said,

Thursday, November 14, 2013



Yesterday, both of my XP computers were ZONKED by Microsoft's force-fed updates, and yes, while I admit it's my fault, I'm still a bit miffed - Because, they just put it back overnight. The offending update is KB2888505, and I have blocked that sucker (hopefully) from killing both I.E. and Firefox. Perhaps I'm flirting with danger, and perhaps, Microsoft is really trying to kill off XP.

'Nuff Said,

Wednesday, November 13, 2013



Microsoft wasn't able to patch those zero-day exploits last week but are now updating our computers. My personal experience wasn't very pleasant, but perhaps it was just my PC [although I'll power "on" another Windows XP computer to see if the same thing happens]

As usual, after waking up this morning I went to my computer to check the daily schedule as sometimes appointments change over night. What I found was whenever I clicked on I.E.8 it would come up a little slower, then usually my homepage would soon follow. That never happened, even after leaving it up for 45 minutes I could do nothing.

Even stranger, Firefox barely would load, but once again - no homepage and no way to do anything but watch. So I left for my morning appointment and when through (several hours later) I stopped by home quickly to see if anything had changed - nope. I went into add/remove programs, checked the box to show updates, and scrolled down until I saw the one for I.E.8 and UN-installed it. After a shutdown/restart I clicked on I.E. 8 and it worked as it usually does, then tried Firefox and it worked as well. Why an I.E.8 update would affect another companies browser is an answer I can't explain, and for now I will take my chances without the I.E. update.

Not to be left in the cold, Adobe has issued updates for FLASH, and several other of it's programs which are also security related - so keep up with those updates.

'Nuff Said,

Friday, November 8, 2013



If you've read any security tips related to organizations over the last decade then you know that more security breaches come from the inside of a company than the outside. Once you are inside, half the battle is won.

When Snowden was sent to Hawaii he obtained over 20 different logins and passwords from other workers under the pretense he required them to do some computer maintenance. After that, we all know some of what happened. And in many cases, in some companies, it's even easier.

I once worked at a firm where my directive from above allowed users to never have to change their passwords. So while this policy was in place, I told users to make passwords difficult at the least, and they did just the opposite. The users were brainy, with a wall of degrees "piled higher & deeper" yet more than half of them chose 123456 for their password. In the security work I've done lately I've seen more-or-less the same thing, where a fairly large company all use "Welcome" for their passwords. [and they wonder why their computers were "on" when they came into work, sometimes on Porn sites? Two words: cleaning people].


Operation "Hangover" is currently exploiting zero-day exploits in Microsoft Windows, and Microsoft is trying to get patches out next Tuesday. In the meantime it seems as if the attacks come via email. According to Symantec:

The attacks Symantec captured used malicious Word documents attached to emails with subject headings such as "Illegal Authorization for Funds Transfer" and "Problem with Credit September 26th 2013."

'Nuff Said,