Antivirus Software Blog

Twelve years is a long time. And in that 12 years, a lot has happened in the malware scene. The biggest change, however, has been you dear reader. Over the last twelve years, you've become increasingly savvy about security threats and the need for antivirus software. Selfishly, I'd like to think I had some small part in that but I think the real driver has been one of supply.

A dozen years ago, computers weren't common household appliances. Today they are. And today the discussion isn't about whether you have a computer, it's about whether you have a PC or a Mac. And chances are, whatever you have, you have more than one of them.

Of course, this also means someone in your household has probably taken on the informal role of IT, making sure those computers are patched, the antivirus is updated, and serving as general tech support for everyone else in the house. If you're the IT guru in your home, give yourself a pat on the back. You deserve it.

And now it's time for another change. After a dozen years as your guide, I've decide to leave About.com. This is not without some sadness as I will miss all of you. But the beauty of the Internet is that there really is no such thing as goodbye, it's just I'll see you later. In the meantime, you can always find me on Twitter or Google+ and of course working at my day job.

Many homes now sport multiple PCs and Macs, smartphones and tablets. Protecting all these devices from malware can be costly - not to mention the cost of credit monitoring, backup services, system performance utilities and the like. The newly announced Bitdefender Sphere helps solve the cost and management challenge, providing holistic whole house protection at an affordable price. For a review of this new product/service, see: Bitdefender Sphere.

The SecurityTool scareware and others like it may prevent access to Task Manager and otherwise prevent your viewing or disabling their malicious processes. Here's how to use Microsoft Process Explorer to Remove SecurityTool scareware and similar threats.

Using unique passwords doesn't have to be complex. There are easy tricks you can use - including writing them down. More on this in Creating and Managing a Strong Password System.

Data breaches are an all too common occurrence. As good (or bad) as our own defenses may be, we have little to no control over the defenses at companies with which we do business. And when those companies are breached, it can be our own personal data that is put at risk.

You can't counter this with antivirus software. Instead, every home user should take a cue from corporate IT and learn the basic principles of how to assess and manage risk. For an overview, see A Breach of Trust.

An email I've been expecting arrived today:

Dear Google user,

We're getting rid of over 60 different privacy policies across Google and replacing them with one that's a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

In less poetic prose, what this means is that Google will be combining all of the data they collect on you across 60 different areas, and will be using it to determine what you see when you search, read email, or otherwise interact with one of dozens of Google services. Of course, they already to this to a large extent; now they're just going to do it in an even bigger way.

The plan has raise the ire of many critics who argue the move violates user privacy, increases the potential for inadvertent information disclosure, and leaves users with no opt-out option. Of course, Google does offer a "data liberation option" which is a rather fancy way of saying you can just quit using Google and take (a copy of) your data with you if you don't like the change. But while getting out altogether could be a viable option for some, for many it may not be.

Ironically, while the proposed changes are very beneficial to Google, from a user use perspective they simply make Google search results even less meaningful. Ultimately, I use a search engine to help me find what I don't already know, to discover what others are experiencing, to gain a broader view of the Web and increase my knowledge of the world at large. I don't want narcissistic results that only provide a myopic view into my own world. Sure, that helps Google serve ads, but how does it help me?

You can reduce the profiling and restore some usefulness to Google searches if you (1) almost never actually login to Google; (2) logout the second you're done; (3) keep your Web history cleared;  (4) use NoScript religiously to disallow javascript from Google or their services unless absolutely necessary; (5) close your browser and flush cookies after any Google session; and (6) if possible, use multiple computers.

That's a lot of work though. And it still won't get rid of all of Google's 'personalization' in searches. Since what is relevant from Google's standpoint isn't useful to me, I've found a far easier route is just to switch search engines. DuckDuckGo is my default; it has both a secure and a plain HTML option.

In September 2011, the Microsoft Digital Crimes Unit successfully shutdown the Kelihos spam botnet and - for the first time - named a defendant in a civil case against the perpetrators. On January 23, 2012, the Microsoft Digital Crimes Unit named a new defendant in the civil charges - a defendant that is allegedly a former employee of an antivirus vendor.

According to the amended complaint, "Microsoft alleges that Andrey N. Sabelnikov, a citizen of Russia, is responsible for the operations of the Kelihos botnet." The revision further explains, "On Oct. 26, we successfully settled with defendants Dominique Alexander Piatti and dotFREE Group, allowing us to dismiss the case against them. Today, thanks to their cooperation and new evidence, we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet."

The statement, from Richard Domingues Boscovich, a Senior Attorney for the Microsoft Digital Crimes Unit, then goes on to read that Sabelnikov is alleged to have written "the code for and either created, or participated in creating, the Kelihos malware."

The amended complaint filed by Microsoft states that "Defendant Andrey N. Sabelnikov is an individual residing in St. Petersburg, Russian Federation.  Defendant currently works on a freelance basis for a software development and consulting firm.  Prior to his current employment, Defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software.

According to a BBC News report, a LinkedIn profile for an Andrey N. Sabelnikov claims previous employment at Agnitum, a security vendor in St. Petersburg, Russia that is best known for Outpost Firewall. A spokesperson for the company confirmed with BBC news that "Andrey Sabelnikov worked at Agnitum from 2005 till 2008."

It's worth noting that the first variants - considered very 'alpha stage' - did not appear until the latter part of 2009, which is pretty good indication that the malware was not created during Sabelnikov's time at Agnitum. Despite the facts, it's likely to fuel the misguided conspiracy theories that antivirus vendors write and distribute malware in order to sell more antivirus software.

Randy Abrams, via his Security Through Absurdity blog, discusses the chilling permissions problem he uncovered on his T-Mobile / HTC supplied Android device. It seems a demo of the seemingly innocuous Bejeweled game from Electronic Arts is preinstalled on the device with a range of permissions typically reserved for spyware type applications. Concerning permissions include the ability to:

• Read and write contact data
• Send SMS messages
• Receive SMS messages
• Determine Course and GPS location
• Record audio

According to Randy, these extensive permissions aren't a part of the paid version of Bejeweled. In response to Randy's inquiries into the invasive permission problem, EA Games has put the blame on HTC, who in turn has put the blame on T-Mobile. Currently there is no removal option and apparently attempting to remove the demo game manually may void the warranty on the device.

If you own or are considering a purchase of a T-Mobile HTC device, I strongly encourage a read of Randy's excellent discussion of the problem: The Mysterious Permissions of Bejeweled 2.

New review posted: Avira Internet Security 2012.

If you were lucky enough to receive a new Mac computer for Christmas, congratulations! But remember, Macs aren't immune to malware or intrusions. Here are a few things you'll want to tweak for better online safety.

• Setup a Login Password
• Disable the Guest Account
• Configure Password Security Settings
• Configure the Mac OS X Firewall

For help learning to use that new Mac and tweaking it even more, Tom Nelson has lots of great tips and advice at Focus on Macs.