I have encountered a good variety of computer problems this year, many of them classic textbook cases. Dead DVD burners that needed to be replaced; computers running slowly because they really needed a RAM upgrade; hard drives needing to be replaced with larger ones; networks with printers needing to be setup so multiple computers can send jobs to it…. these are the kinds of problems that we were taught how to resolve in school, primarily because they were easy to recreate/simulate for lab assignments. I remember the fun we had when students were split into pairs and told to “test” each other by breaking a system and not telling the other person HOW they broke it, as a challenge to see if they catch all the hidden problems. Wanna make a computer run slow? Pull a stick of RAM out of it, slightly. Wanna make a network printer stop working? Change its IP address. Wanna stump someone with no video on the monitor? Just turn the contrast/brightness all the way down to see if they can figure it out. The goal was to reinforce the premises that you should never, ever dismiss the lowest common denominator when trying to think of different diagnostics and best case solutions for a problem. Even something as simple as “is it plugged in?” should never be assumed to have been checked until you’ve done it yourself. In networking, you would say “start with the physical layer, and work your way up to the higher levels until you actually reach the application.”
These problems don’t strike me as novel or very interesting, mostly because you expect to see them occur at SOME point in time and at random. Electronics wear out, lightning can strike at any moment, dust buildup shorts something out or jams a cooling fan; these things just happen from time to time. But there was one issue I saw this year that really stood out as occurring more frequently than any other problem by far. A problem that seemed to happen so suddenly, so widely that you could almost call it “trend setting”. So I wanted to take a look back and talk a bit about a problem I’ve seen more often than anything else this year:
“Warning: You’re infected! Click here now!”
The most prominent problem I saw this year, more than any other problem I got calls about, were from people saying they had gotten alerts popping up on their system similar to the one pictured above. Typically you would be intimidated by a popup that said your system had a LOT of viruses on it and to click on various buttons/links to remove them. Unfortunately it was all a ruse as these alerts were themselves part of a virus masquerading around as anti-virus software, taking computers hostage. Their names and appearance had some variation but most of their tactics were the same:
- Prevent user from opening any other applications (including Task Manager)
- If you were able to open a web browser, any page you tried to visit would be replaced with a page that would fear-monger the user even further
- Change the browser proxy settings to point to a non-existent server and in doing so prevent the user from accessing the Internet for downloading removal tools
- Annoy the user with never-ending, obnoxious pop-ups that would invite the user to pay the developers of the fake anti-virus software ransom money
- Replicate itself across multiple, random locations on the hard drive, making it more difficult to remove manually
I began to get a lot of phone calls for this exact type of issue during the middle of the summer this year, and of course everyone wanted to know how their computer came to get this sort of junk software on their machine in the first place. Along those lines: Where do viruses come from, how could one have gotten on my computer and WHY on earth would someone create such an evil thing in the first place?
I don’t have the monetary resources to conduct an “official” study (and as such you should classify everything here to be anecdotal), so the next best thing I can do is look for things that were in common between PCs that fell victim to the same infection at about the same time. The one thing that stood out the most to me was that Adobe Flash, Adobe Acrobat and/or Java were out of date and needed updates to be installed.
In the year 2010, Adobe has had to make multiple announcements about zero-day exploits found in their Flash plugin that could allow Flash to do things like crash a computer or to take control of it (e.g., facilitate the installation of a malicious payload or virus).
Just what is Flash, anyway? Flash is a plugin for web browsers that has been a mainstay in webpages for over a decade. Youtube videos, for example, are played within Flash. Most advertisements you see on the web use Flash to animate video, elements, buttons, letters, etc. Some websites are made entirely in Flash. In the early days Flash was designed as an alternative to animated gif images and cartoon-like animations because for some uses it could actually conserve bandwidth because instead of pixels and color pallets taking up file space, you would instead be working with vectors (think connect-the-dots to create a shape of something, like a stick-figure man, and move the dots/vertices to animate it). An awesome example of cartoon flash animation using very little bandwidth is www.homestarrunner.com (a favorite cartoon series I used to follow in the old days). Over time Flash has evolved into quite a feature rich plugin that many have attempted to clone and dethrone, but all attempts have failed (so far).
In any case, as a result of being more efficient than animated bitmaps and saving web hosts money on bandwidth and faster loading times while increasing the “eye-candy factor” during the days of dial-up, Flash became a preferred/common means of deploying advertisements on the web, and eventually advertising itself became so big that there are now companies that do nothing but produce and host Flash-based advertisements for other websites. What this means is that many websites do not actually host/serve the advertisements that you see on their website, as they have offset the bandwidth requirements for this function to third party companies. Unfortunately, because advertising is a big deal online, it raises the bounty and incentive a malicious hacker might have to penetrate the advertising servers and replace clean advertisements with infected versions that would download and install Malware all by itself, taking advantage of security exploits in the plugin that have not been patched by the user. This has been going on for at least the last 4 years or more and it’s a phenomenon knows as “Malvertising”.
So what are some ways to prevent this type of thing from affecting you?
1. Make sure you apply updates for all software on your computer when presented with the opportunity
If you see an alert like the one pictured above, address it immediately. Far too often I see users just minimize the window or click “Later” and forget about it for the rest of the session. The same thing goes for Windows updates, Adobe updates and generally speaking any updates for software that you use on a regular basis. Updates happen because security vulnerabilities are found and patched, or slight tweaks resulted in an increase of the programs performance, or because they are adding a new cool feature. Whatever the case may be, software updates are your friend and you should welcome them without hesitation. If you are asked to update a piece of software you have never heard of before, just type the name of that software into Google. With just 30 seconds of reading you should be able to determine if the program that has an update pending is legit or malicious.
2. Use Anti-Virus software that is backed by a good reputation, not just hype and marketing
The two most common anti-virus programs I’ve encountered on computers THAT WERE ALREADY INFECTED has either been Norton or McAfee; both have never seemed to live up to their hype or justify the sponsorship of PC manufactures and Internet Service Providers. Norton in particular spends gobs of money on absurd advertisements about how you should protect your oscillating fan from David Hasselhoff or saving your unicorn from Dolf Lundgren. The use of silly metaphors in them are meant to parody the fact that most people don’t understand viruses anymore than they understand Dolf scorching My Little Pony with a flame thrower, purely for illustrative purposes of course. Lets dumb it down so much that people will say, “This is so dumb, it’s smart (advertising).” Now we know why a copy of their software costs around $60 or $70 per year…
The sad truth about anti-virus software is that NONE OF THEM are perfect or necessarily worth their weight in dollars, simply because virus programmers have the upper hand. If a hacker discovers a vulnerability that no one else has discovered yet, he may just keep it in his “stash” for use later. OR, he might sell that knowledge to the Russian mafia or any number of other interested parties who have their own stash and secret agendas. It is suspected the Stuxnet worm that ran rampant through Iran earlier this year was the product of a government agency, due to the sheer amount of zero-day exploits it contained for propagating itself, along with its overall sophistication and extremely specific targeting.
Was it a coincidence that days after Adobe announced the discovery of a zero-day exploit in their Flash and Acrobat Reader software in early June that a lot of people started to call me for the exact same Malware problem? It’s quite likely the vandalism on advertising servers was timed to correspond with these vulnerabilities to maximize exposure. It takes Adobe around 2 weeks to release patches for vulnerabilities like this so there is a window of time users are exposed and at risk, and this window of time extends out further if you avoid applying updates.
Despite this sad and depressing fact, you’ll be happy to know that many anti-virus programs do provide generous protections that you cannot otherwise get without them. There are two programs I recommend everyone check out:
Microsoft Security Essentials is produced by Microsoft itself and is a free program you can install on your system. It will actively monitor your computers activity and help prevent virus infection. I encounter network security professionals in web forums here and there and most of them have really begun to sing praise for this program, because of it’s small footprint and high level of virus detection and removal. Malwarebytes is another program that comes in a free form (though there is a paid version that automates all of it’s functions so you don’t have to do manual scans and updates with it). Malwarebytes has been an absolute life saver for me this year as it was able to effectively cure about 8 out of 10 PCs of all their woes with one scan.
There are many other commercial (pay) anti-virus programs out there that are good, such as AVG, Avira Anti-Virus, Avast, etc., but I don’t have the time or resources to review all that are available. While you might be able to find other websites out there that post “comprehensive reviews” of this type of software, it should not surprise you that sometimes these articles are just advertisements for commercial anti-virus software dressed up to look legit and non-partisan. In my opinion, the best reviews for these things come from individual users and a great place to find reviews for antivirus software is Amazon.com. They sell some anti-virus software and each of them have their own collection of user reviews that are worth reading over if you decide you want spend money on extra protection not offered by free solutions.
3. Install A Software Firewall Solution
If your computer is directly connected to the Internet (and does not pass through a router of any kind) then you are putting your computer on the front line and you should protect it with some armor if you want to stand a chance in the wild jungle that is the Internet. Firewalls prevent unwanted network traffic from passing between your computer and the Internet. In the same way Flash has it’s own flaws and vulnerabilities from time to time, so too does Windows itself and many vulnerabilities can be exploited with nothing more than a network connection. Having a firewall in place helps eliminate this possibility. A firewall can also prevent rogue software that is already on your system from “phoning home, contacting the mother ship” to update itself or otherwise expose your personal data to would be data thieves.. It’s not anti-virus software, but it does add a critical layer of protection. Windows itself comes with a firewall built in but it’s not as feature rich as some third-party applications out there. The most popular free firewall that I know of Zone Alarm Free.
4. Use a proper Ad Blocking browser extension
One of the great features of Zone Alarm Free is the ability to let it block advertisements for you, although its not very smart about it as it basically blocks all gifs or flash content embedded in a website. This can break a lot of websites that have legit uses for Flash, like Youtube. So you may want to look into a more proper ad-blocking plugin/add-on/extension for your browser. A great one for Firefox is called Adblock Plus.
5. Use a safe web browser
Recently I stumbled across a funny description of Internet Explorer: “It’s a great tool for downloading Firefox or Google Chrome.” And it’s the truth. Internet Explorer has struggled to achieve a respectable reputation among security experts as being a secure browser, when compared to others that compete against it. Among them are:
These are all very capable browsers that have a great reputation for handling security and also have shown impressive turnaround when vulnerabilities are discovered. I would highly recommend you download and install one of the above browsers and start to use it instead of Internet Explorer.
6. Avoid And Uninstall Web Browser “Toolbars”
The above image is an exaggeration of a point I would like to drill home: Toolbars are 99% junk and often facilitate no additional functionality than a web browser already has built into itself. Pop-up blocking and search bars are standard in all modern web browsers, for example. Many times I have seen toolbars for “MyWebSearch” on computers that happened to be infected with a virus. I can’t necessarily say there is a causal connection between that particular toolbar and an increase in exposure to malicious software, but its fair to suspect it because if you search for “mywebsearch” on google, every single link (except the first one) goes to instructions for how to remove it. It’s clear that NOBODY wants this toolbar, and the same could easily be said for most toolbars. Get rid of them, please!
The easiest way to remove most of these is to use the Add/Remove Software applet in your control panel (In Windows Vista/7, it’s called “Programs and Features”). If this fails to work then you can often find instructions for manual removal by searching for them with Google.
7. Avoid P2P Filesharing Programs
Limewire is dead, but the way it worked will live on in other programs like it. The way Limewire worked mostly relied on you connecting to other peers like yourself and the mesh collective would commence to pass files back and forth in a decentralized fashion. The problem for Limewire is that it wasn’t entirely decentralized, which is why they were able to shut it down like they did Napster several years ago. But still, the primary way it worked was by letting anybody share pretty much ANYTHING they wanted, without any real fear if they did something like disguise a virus as a popular new song by some teen-pop musician and share it out to the world as a “joke.” Using software like this is your call and any legal considerations involved weighs entirely on you. If you do decide to use file sharing software of this nature, make sure you police all your downloads to be sure you haven’t downloaded a Trojan horse.
8. Consider Adding Parental Controls To Your PC
Not everybody reading this (in fact, few people reading this) would be willing to walk forward and admit to visiting porn websites online, but such websites make up a large chunk of the web and due to the rogue nature of some of them you are more likely to find ads, script code laced with viruses or strait up automatic downloads for executable binaries with names like “Video.exe” that can lead to your computer being infected. It’s quite plausible that you might even visit one of these sites “TOTALLY BY ACCIDENT!!!” So one thing you might consider using is a parental control blocking application that filters out web addresses and reduces the chance of you visiting one by accident or otherwise. A robust, free parental control program worth trying is K9 Web Protection.
9. Consider Using Linux For Internet Stuff
It would be hard for me to write all of the above out without making a passing mention of using a different operating system, at least part of the time. I realize not many users are interested in making a big switch from one OS to another, but it is very easy to at least get your feet wet with a Live CD. In the case of Ubuntu Linux you can boot the entire OS from a CD without making any changes to your computer. It’s like playing a demo for a video game before deciding to install the full copy, for free. Instructions for downloading, burning and booting are right on Ubuntu’s website so if you’re even SLIGHTLY tech savvy you may find you enjoy working in Ubuntu more than you do Windows and feel relief from not having to worry about viruses or malware infecting your system.
As I mentioned before, this Malvertising problem is not new but the spike in its frequency of occurrence this year was interesting to me. It wouldn’t be far out to predict another wave of infections like this striking again, but with the above advice and your increased awareness of the possibility of being infected in such a way should help to drastically reduce the chances of you falling victim to something like this.