Here is another audio clip from Website Wednesday Night, this time talking about what antivirus and antispyware programs are and why they are essential to protecting your computer. If you have Real Player [or an alternative audio player like Jet Audio or Real Alternative that can handle .rm files], you can listen to our recommendations online.
I've been a huge fan of Lavasoft's free Ad-Aware for the past three years and have strongly recommended that people download, install, and use the program frequently. Ad-Aware is a program that scans for and removes spyware and malware from your Windows-based computer.
In his most recent Washington Post Security Fix blog entry, Brian Krebs points out something that I forgot to mention on WGN Radio and here on my blog: It's time to upgrade from Ad-Aware SE to Ad-Aware 2007. Lavasoft stopped shipping updates for Ad-Aware SE on December 31.
Fortunately, the upgrade process is relatively painless. Just download the free Lavasoft Ad-Aware 2007, install it, and ... well ... that's it. The installer removes the old version and installs the new version.
That's the good news. The bad news is that if you're still running Windows 95, 98, or 98SE, or ME, you're kind of stuck. Your old version no longer works, and the new version only works on Windows 2000, 2003, XP, or Vista. Fortunately, Spybot Search & Destroy still works with legacy versions of Windows.
Brian Krebs at the Washington Post's Security Fix blog [one of a handful of blogs I read every day] recently posted a list showing when most popular, third-party apps like Firefox, iTunes, and WinAmp were last patched. Since I am a big believer in "patch management," I strongly recommend that you check the apps on your computer against the list to see if you have the latest patches and updates.
Get ready for a bunch of podcasts, folks. This first one is from a few weeks ago when Steve, Johnnie, and I discussed some simple rules of thumb to protect yourself online.
And if you think my comments/concerns about WiFi connection security are overstated, check out Ars Technica's recent article about WiFi "sidejacking."
Part of keeping your computer healthy is ensuring that your computer has the latest updates. Well, if you use Yahoo Messenger, you need to download and install a new version immediately. If you don't, your computer may be easily compromised by some pretty nasty people. That would be bad.
Imagine for a moment that you accidentally invited Osama bin Laden into your bedroom and that, once safely ensconced in your boudoir, bin Laden immediately opened your bedroom window and let dozens of other terrorists into your house. Clearly this would be both a frightening and newsworthy event. But how, exactly, would the news media cover this?
One way would be to focus on the new “threat vector.” To my knowledge, there has never been a case where terrorists have broken into American homes through the bedroom window. So, clearly, the 24-hour news channels would have a field day with this story, spending days warning you about the potential danger lurking in your bedroom and inviting pundits from Pella and Andersen windows to talk about what anti-terrorist protections are built into current bedroom window technologies.
The less sexy approach – and the approach that I favor – is to simply ignore the “your bedroom window may be a conduit for terrorists” story and instead focus on the real issue: YOU SHOULDN’T LET OSAMA BIN LADEN INTO YOUR BEDROOM IN THE FIRST PLACE! The fact that he opened your bedroom window for other terrorists to enter is IRRELEVANT.
What does this have to do with technology? Well, last week the media reported that a virus/Trojan horse was targeting Windows Update, giving the false impression that Windows Update [your “bedroom window” in my convoluted analogy] is no longer safe. That’s complete and utter hogwash. If you read the media reports closely you’ll discover that
1. Some idiots double-clicked on a Trojan-infected email attachment and infected their computers with a virus [“invited bin Laden into their bedrooms”]. If these idiots had had up-to-date antivirus programs, or if they had practiced “safe surf” and not clicked on unsolicited email attachments in the first place, their computers would have been fine and there wouldn’t have been a story. But they’re idots.
2. The newly-installed Trojan horse connected to the Internet and downloaded more bad stuff onto the idiots’ computers [“opened the bedroom windows to let in more terrorists”]. This sounds scary but is actually quite commonplace – once an idiot’s computer is infected with a virus or Trojan horse, it is not uncommon for that virus or Trojan horse to try to download and install more malware onto that idot’s computer.
What is abnormal about this particular Trojan horse, however, is how the Trojan connected to the Internet to download and install its extra payload. Instead of using the idiot’s front door [the web browser or email program], the Trojan opened the bedroom window [the Background Intelligent Transfer Service]. The “scary” part – and note that the word “scary” is in quotes – is that the Background Intelligent Transfer Service is also used by Microsoft Windows Update.
OH NOES! IT’S THE END OF THE WORLD!
Or not. Look, just as your bedroom window can be used for both good [letting in air and light] and bad [letting in bin Laden’s buddies], so can the Background Intelligent Transfer Service. It can be used by Microsoft to connect to Microsoft’s servers to download critical updates, or it can be used by a Trojan horse to connect to some criminal’s server and let in all sorts of nastyware. But – and this is the key point – as long as your computer isn’t infected by a Trojan horse in the first place, YOU HAVE NOTHING TO WORRY ABOUT. Just as you don’t have to fear your bedroom window, you don’t have to fear Windows Update or the Background Intelligent Transfer Service it uses. No Trojan, no worries.
And, unfortunately for the tech media, no story either. Windows Update is still safe.
As for your bedroom window, well …
Run Windows Update, y'all [in Internet Explorer go to Tools > Windows Update]. Today is "patch Tuesday" and Microsoft just released 19 patches. You can read more about these patches at Brian Krebs' Security Fix blog at the Washington Post.
This is the last podcast for a while. Here is a recording from last Wednesday's Steve and Johnnie show where we talked about how to secure a wireless internet connection. Enjoy.
It's been a while since I busted an urban legend, but this one is too good to pass up. A lot of alert Steve and Johnnie listeners and Tourbus riders recently received the following hoax email [and, yes, this is a hoax]:
Good Day,
I want you to read this message very crefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from,till i make out a space for us to see, i have being paid $50,000.00 in adbance to terminate you with some reasons listed to me by my employer,its one i believe you call a friend,i have followed you closely for one week and three days now and have seen that you are innocent of the accusation,Do not contact the police or F.B.I or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do,beside this is the first time i turned out to be a betrayer in my job.
Now listen,i will arrange for us to see face to face but before that i need the amount of $80,000.00 and you will have nothing to be afraid of.I will be coming to see you in your office or home dtermine where you wish we meet,do not set any camera to cover us or set up any tape to record our conversation,my employer is in my control now,You will need to pay $20,000.00 to the account i will provide for you, before we will set our first meeting,after you have make the first advance payment to the account,i will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court(if you wish to), then the balance will be paid later.
You don't need my phone contact for now till am assured you are ready to comply good.
Lucky You.
Folks, this is yet another internet hoax. No hitman is after you, and there is no need to pay the sender -- or, for that matter, anyone else -- $80K. No matter how tempted you may be to reply to the sender with a George W. Bush-esque "bring it on," replying is probably the worst thing you can do. As I have said before, when in doubt, toss it out ... and doubt EVERYTHING.
There is one exception to my "toss it out" rule, though:
Due to the threat of violence inherent in these extortion e-mails, if you receive an e-mail that contains personally identifiable information that might differentiate your e-mail from the general e-mail spam campaign, we encourage you to contact the police.
Of course, if the hoax email you received doesn't contain any personally identifiable information, TOSS IT OUT! If you feel compelled to do something about this hoax email, let me make you an offer you can't refuse: If you send me $80,000, not only will I call off the hit on you, I will also give you your kidneys back. Beat THAT, mister fake hitman!
In Tuesday's post I mentioned that Microsoft releases new security patches on the second Tuesday of every month. That's common knowledge in the technology community.
What is not common knowledge, however, is that a few days before patch Tuesday Microsoft holds a 60 minute webcast that explains, in excruciating detail, exactly what Microsoft will be patching. For example, the next patch Tuesday will be on Tuesday, January 9th. Five days earlier, on Thursday, January 4th, Microsoft will hold a free, advanced notification webcast for IT professionals.
You can signup for the webcast online. Additional information can be found on Microsoft's Security Bulletins and Advisories page.
