News

On this page I will keep you informed on all things computer.

10/3/2010 Old Windows? Support may be ending soon.

Microsoft just announced that support is ending for some older versions of the Windows operating system (OS).

Support for Windows Vista without any service packs will end on April 13, 2010.
Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010.

If you're running one of these versions after support ends, you won't get security updates for Windows. This means that your computer will be at risk for viruses, spyware, and lot of other malicious software.

The newest operating system from Microsoft is Windows 7. To learn more, see Windows 7: new and improved security features
If you want the most updated version of Windows Vista, get Windows Vista Service Pack 2 (SP2).
If you want the most updated version of Windows XP, get Windows XP Service Pack 3 (SP3).

For more information, see What does it mean if my version of Windows is no longer supported?

3/3/2010 Online Shopping - Is It Safe?

Many computer users are concerned about personal security and identity theft. With regular news of theft and fraud it certainly makes sense to be cautious about the security of your information online.

However online is not the only place to exercise caution. The fact is that identity theft and fraud are just as rampant off-line as in cyberspace - perhaps even more so. You should perhaps be more concerned about the security of your information in the "real world".

Online shopping is something most take for granted these days. In fact many would scoff at the very question "Is online shopping safe?" Yet there are still many people who are afraid to shop online. They're certain that the internet is full of hackers waiting to steal their sensitive personal information as it goes by.

The irony, though, is that these same people are willing to give that information - along with an image of their signature - to a complete stranger at a restaurant, or to a shop assistant.

Many people have an over-inflated sense of risk when it comes to threats that they don't understand, and let's face it, who really understands the internet? What you do need to understand is where the risks really are, and how likely each is to actually happen.

Credit card theft does happen online. But as long as you deal with reputable retailers and avoid scams, it's incredibly rare that it would happen as you make a simple purchase, or because someone is somehow monitoring your transaction.

What's more common, though still surprisingly infrequent, are major break-ins at banks or retailers where the information for many people is stolen all at once. In a case like this, it doesn't matter if you used your card online or off - both types of customers would be affected. On top of that, most of those break-ins are dealt with so quickly that you might be affected only to the extent that your account is disabled and quickly replaced.

Individual theft occurs most often off-line. A clerk might make a copy of your credit card and signature, your bank statements might get stolen out of the rubbish, or your new credit card might disappear out of your mail box before you even know it. Those are all much more common than online scenarios. Even so they're still fairly rare occurrences across millions of card holders and daily transactions.

As briefly mentioned above, the caution needed for an online scenario is simple: make sure you're doing business with reputable merchants. Make sure that the business you're about to buy from is real, and one you've heard of. By now I'm certain that there are big names you've already heard of that you can trust. In addition, most all of your off-line sources have online presences. And of course you'll also hear by word of mouth what online businesses have treated others well.

When it comes time to enter in your personal information, make sure that the connection to their site is httpS secure - that's a great way to ensure that you're dealing with who you think you are, as well as keeping your information from other prying eyes.

Finally, don't fall for scams and phishing attempts. That rule of thumb is also very simple and completely in your control: if you didn't initiate the transaction, it's time to be very skeptical.

So go ahead - shop online.

Don't let unfounded fear of a theft that's unlikely to happen stop you from enjoying the convenience.

I know I won't.

28/2/2010 Fake AV Alert.

Sophos has posted an article about a free fake antivirus that uses VirusTotal’s reputation to lure its victims. VirusTotal is a free virus and malware online scan service.

The message is included in the article. It says that the user’s computer has virus activities. It threatens the user that if he or she does not scan his or her computer for viruses, he or she will be reported to his or her internet service provider. A link is included in the message which directs the user to site which is supposedly a legitimate free spyware removal online service.

Source: Sophos

25/2/2010 Why aren’t email programs getting any better?

Over the years I've tried many different email clients. Currently I'm using Outlook 2007. Why not Thunderbird 3? Because it's terrible. And when you look at other email client offerings, they're rather terrible also.

Windows Live Mail has a problem with fonts when composing emails and always has. This stems from the Outlook Express 6 days. When you compose email in HTML or "Rich Text", as most of us do, 10pt doesn't really mean 10pt in Windows Live Mail. The recipient will usually see a font much smaller than that. So what you have to do it either purposely compose emails in plain text only, or purposely make your font huge and stupid looking. This may sound trivial, but it really isn't considering you see this whenever writing an email.

Microsoft Outlook, the big client, is way too much for most people. I use it because it has features that I need, like linking to Quickbooks, my mobile phone and my CRM software. It's good for what it is, but if you use Outlook just for email and nothing else, that's just overkill.

Mozilla Thunderbird 2 is great, but 3 is not, and this is why. The problem with using 2 is that it's obsolete, and that is a problem because the longer you stay with obsolete software, the harder it is to migrate it to something newer in the future.

Webmail has its problems too. Want to use return receipts? Sorry, you can't because they're nonexistent in Hotmail and Yahoo! Mail, even Gmail to some extent. What about easily including pictures in an email? You can't do that either. Oh sure, you can attach photos, but you can't put them directly in the message whereas you can with an email client.

And then there's the issue of backing up your email. Nobody has ever figured out a nice simple easy way to do it. Yes it can be done, but not easily.

Windows Live Mail has font issues. Outlook is too big and not free. Thunderbird 2 is great but old. Thunderbird 3 is terrible. Webmail doesn't have enough functionality to it.

We all need email, but someone or some company really needs to develop a service or client that has everything we want.

12/2/2010 Duplicate files on your hard drive? get rid of them.

No matter how neat you are, I guarantee your drive has duplicate files. Find them with Easy Duplicate Finder (click the Easy Duplicate Finder link under the ads that are on the page). The freebie lets you compare and preview graphics, HTML, text, and other types of files.

No worries--the program automatically protects system files and folders. Nonetheless, if you're new to PCs, be careful what you delete. I remember one unhappy client who deleted every duplicate file he discovered, including those lovely DLLs in the Windows directory.

My strategy is simple (and relatively risk free): stick with removing duplicate video and image files. And if any are located in the Windows folder or subfolders, leave 'em alone.

29/12/2009 Joke Spam

A spam campaign has been detected by Sophos about a video which is supposed to contain jokes.
The message invites the reader to click on a link which is supposed to be the best video about animals. It also says that the user is subscribed to the “ebooksandmore” group in Google Groups.

When a user clicks on the first link, he or she will be shown a webpage and then there would be a pop-up that says the user need the latest version of Flash Plugin to watch a media file.
When the “OK” button is clicked, a file is downloaded to the machine which is detected as Mal/TDSSPack-Q.
This is a typical case of malware posing as plugins required for playing videos.
The advice here is to avoid following links contained in these kind of emails. Not enabling javascript will also help in this case, and if stuck in endless popup loop there is always the last option of killing the browser process (through task manager or other means).

21/12/2009 The Desktop Wars

I have a number of computers, some running XP Pro, one running OSX 10.5, one running Linux Fedora and two Windows 7 machines, (one of which is my old laptop). Until recently I would have been the first to put my hand up and vote that Windows was losing ground in the desktop wars, but with the release of Windows 7 three months ago I think that Mac and Linux might have an uphill struggle. Read more here.

19/12/2009 The Chrome Wars.

So Google’s little browser, Chrome, has knocked Safari out of the third-place position, making up 4.4% marketshare among browsers, just barely eking it out over Safari at 4.37%. Sure, those are small potatoes compared to Internet Explorer and Firefox, but still significant. The jump is mostly due the release last week of Chrome for Mac, typically the bastion of Safari users.

But what is Chrome like for a devout Mac user who’s been using Firefox all along? How does Chrome stand up in that case? Personally, I’ve never warmed to Safari, for whatever reason. So, curious for other options, I decided to take Chrome for Mac for a cruise, especially since so many people have been suggesting it.

My first impression was that it was slower than Firefox, taking longer to load by a few seconds. But not really anything that would impede general surfing. The themes are a cute addition, but most of them obscure the tabs or make the download bar impossible to read so, even with clever advertising and some rather lovely landscapes, I finally picked something on the simple merit that it made it easier to see what I was doing. (Although it is cute.)

I like the large display space, and the fact that everything just feels minimal in a totally good way. Less between me and content. I absolutely love that I can tab through various windows, and as far as display goes I haven’t seen any issues to speak of (and I do a great deal of browsing). Built-in Goole Search is absolutely integral, too, and that makes searching a cinch. The find feature is fabulous, far better than with Firefox, and gives a running count of occurrences on a page in the upper right hand corner instead of the bottom. The highlighting is helpful, too.

The problems are, generally, in the Google Realm itself. For whatever reason, when I’m running GChat, the browser seems to hiccough. Yesterday afternoon the entire browser actually crashed to the point where I had to Force Quit… over a GChat session. And Wave? While it’s tolerably slow on Firefox, my experience let me to give up entirely when using Chrome. The group I was chatting with went for Meebo instead.

Another inconsistent issue, and something I have to use every day, is text formatting shortcuts (command I, command B, etc.). In this case they do work in Gmail, making email sending a cinch, but not in WordPress. Considering I’m writing this from Wordpress (on Firefox), you can imagine how irritating that would get after a while. I’ve become very dependent on the smooth toggle back and forth for italics and bold and, while this may seem like a little detail, it’s enough to make me grumpy.

Sure, a browser is a browser, and the differences are minimal. I’m still using Chrome, still working my way around it. I’m aware that it’s in beta, so there are still some kinks (thankfully not as many as in Wave). I think it’s still a contender, but I really hope Google works out its own issues relating to compatibility with its own products. Otherwise, what’s the point to go all-Google?

26/11/2009 Have you tried naked browsing?

This is not so much a rant as it is something you may want to try for yourself. And no, it does not mean to surf the 'net in the buff (although if you want to go ahead and do that, go ahead - just don't tell me about it).

Naked browsing is simply this: To use a web browser with absolutely nothing installed "on top" of it. No plugins/add-ons. No themes. No add-on enhancements. You only take what you are given with the default installation and stick with it no matter how tempted you are to do otherwise.

There was a time in history when just about everybody used browsers like this. The first instance of when we started using add-ons was with the infamous toolbar, such as Google Toolbar. I hate add-on toolbars in all forms because they do nothing but make your browser run slower and take away screen space you could use for web sites. Every time I see one of these in somebody's computer, I cringe because I know it's going to cause a problem eventually. It's even worse when people have multiple toolbars installed.

You have to bear in mind that for every add-on - whether used or not - that's installed in your browser, it's being loaded every time you use it. And many of them, they're eating up valuable system memory that makes your browser slower.. and slower.. and slower..

What's even worse is how anti-virus/anti-malware/anti-spyware puts so much "protection" in a browser that it makes it almost unusable.

I'll put it to you this way: I run AVG as my protection suite. On a cold boot and after the Windows desktop loads, my browser launches in less than 5 seconds - on a cold boot. If your browser takes longer than that to load up, something is choking it. Maybe it's all the crap added in. Maybe it's your anti-virus/malware/spyware protection mucking it up. Who knows? It could by any number of things doing that.

Browsing naked is sometimes the only way to go. Ditch all the add-on crap. Configure your protection suite not to be so unbelievably protective (especially if it's slowing things down). Try an alternative browser like Opera or Firefox - but don't use their add-on directories to put a bunch of stuff in there that doesn't need to be.

You may find speed you thought your computer never had just by running a naked browser.

15/10/2009 Fake Microsoft Security Warning

There’s another scam making the rounds that promises to deliver an urgent security update from Microsoft. These e-mail messages attempt to lure you to Web sites to download spyware or other unwanted software. They may also include a file attachment that contains a virus.

Microsoft does not send unsolicited communications about security updates

Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident, but these messages will not contain attachments.

How to help verify the legitimacy of a security-related e-mail

Legitimate notifications do not include software updates as attachments. We never attach software updates to our security communications. Rather, we refer customers to our Web site for complete information about the software update or security incident.
Legitimate notifications are also on Microsoft.com. We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Microsoft Security Updates page to see whether the information is listed there.

For more information Google Scams that use the Microsoft name or product names

21/09/2009 Fake AV Site

A fake antivirus site has been spotted by Sophos. The site displays a progress bar when it is accessed but the bar is just pretending to scan a user’s computer. It shows a link to the user to download a setup.exe file after the process is complete. The file is detected as Troj/FakeAV-ABD.

Two screen shots are included in the article which can be found in the link below.

Sophos also notes that the site changes interface and language depending on the visitor’s IP address.

Source: Sophos

18/09/2009 Use Prey to help recover a stolen laptop

Laptops are stolen all the time. And recovering a stolen laptop is made very difficult when steps have not been taken to help this task get accomplished. Prey is an open source application, available for Windows, Mac, and Linux, that can help you out when your laptop is stolen. Prey takes an ingenious approach to laptop recovery, because once it is installed, it will send timed reports to a configured e-mail address containing information describing its whereabouts. The information collected includes:

Status of the computer
List of running programs and active connections
Detailed network and WI-FI report
Screenshot of running desktop
A picture of the thief (if the stolen laptop is equipped with a Webcam)

Of course you are probably thinking that this is a lot of information to be sending out, especially since, with this setup, your laptop will be sending out this information even when the laptop isn’t stolen. Ah, but the creators have thought of that as well. You can configure Prey through their control panel site (which you must sign up to access, it’s free) to send out the information only when you switch the service on in the event of the laptop being stolen.

Before we start, you should know that Prey requires the .NET library. If your laptop does not have this installed, you will have to install it before you can work with Prey. First download the file from the Prey Download Page. Once you have that on your hard drive, run the setup file. The file you need to concentrate on is “Configure Prey”. Go back to the Prey page and sign up for a new account. Once you have done that you will receive a couple of emails, (one to verify your email address and one to confirm your account). The second email contains an API key, this is needed in the Prey program you installed.

Once you login to your account on Prey you can add up to three devices, each device gets a Device Key, this also goes in the Prey config page that you installed. That being done you and your laptop does get stolen you can just login to your Prey account and switch the service on for that device.

One thing I should mention is that whilst this is a great service if the first thing the thieves do when they steal a laptop is format it then you are out of luck, but at least it is some protection if they aren’t that savvy.

10/09/2009 Prevent keyloggers from grabbing your passwords.

Strong passwords are important, but even the best password won't keep you safe from keyloggers — hardware and software that's designed to secretly record your keystrokes.
Fortunately, there's a way you can enter sensitive data so it's extremely difficult for snoops to extract your passwords from keylogger files.
Keyloggers can have legitimate uses in business, or they can be perverted into collecting passwords for identity theft.
The bad news? Even the strongest passwords can be recorded by keyloggers. These are software and hardware products designed to capture computer events and store them in a log file.

So what can you do if you think that “maybe” your PC has been infiltrated by keylogging software or you are on an untrustworthy public computer?

Your best defense is not to use any untrusted computer to sign in to any site that contains banking or sensitive personal information. When you simply must take a chance on using a random PC, however, you can minimize the risk — if not eliminate it.

Step 1. Click in the password box and type three random characters, mixing upper and lower case, numbers, etc.

Step 2. Use your mouse or the Shift and arrow keys to select the characters you just typed. Then type three more random characters or a portion of your password, replacing the characters you typed previously. (Mixing random characters with actual parts of the password makes it more difficult for keyloggers to identify your password.)

Step 3. Repeat steps 1 and 2 a few times. The more often you repeat the process, the harder it will be for an intruder to discern your password when examining the keylogger file.

Step 4. Click to the left or right of your password segment and follow steps 1 to 3 to add a few more characters.

Step 5. Repeat the process, adding a few more characters of your password on each cycle until your entire password is in the password box. Then sign in to the site.

This procedure clutters the keylogger's log file with a series of click events and characters. There's no easy way for the intruder to know which characters are your password and which are random.

The key is to select and gradually overtype gibberish characters with your actual password characters. Don't simply type some garbage, backspace over it, and then enter your real password. Most keyloggers compensate for backspacing but can't keep track of characters you select and overtype.

I must point out, this method isn't foolproof. For example, if you use an untrusted PC to sign in to the same site twice — and you don't use identical gibberish each time — a hacker could compare the two captured keystroke sequences and possibly figure out which characters constitute your actual password.

However, most crooks are looking for "low-hanging fruit." They'll move on to another victim rather than spend a lot of time trying to filter your password out of the noise.

Of course, if we all used the Vesik method to obscure our passwords, hackers might develop keyloggers that track this kind of data entry, too. But most people don't conceal their passwords in noise, so keyloggers don't compensate for it.

If you have no choice but to sign in to a site on a PC you aren't sure of, protecting your password is a difficult problem with no perfect solution. Programs such as RoboForm2Go, which I have been using for quite a few years, offer password-protection schemes that vary from the no-cost Vesik technique.

When run from a USB flash drive RoboForm2Go provides excellent security. In fact I've not yet found a keylogger that can capture the information it enters into login boxes and web forms from Firefox. Don't take that to mean RoboForm2Go is 100% safe. It's not; no product is.

One particular area of weakness of RoboForm2Go is the master password you must enter to activate the password manager. If a keylogger captured that and also managed to copy the encrypted RoboForm master password file from your USB drive then you are in deep trouble as they would be able to access all your passwords.

So protecting that password is critical.

Just be aware that accessing the Internet using your own laptop — on which you run up-to-date antivirus software — protects your passwords better than using a public Internet terminal or a friend's PC.

07/09/2009 Fake Flash Player Plugin

Sophos has posted a blog entry about a malware that disguises itself as a Flash Player plugin for Mozilla’s Firefox web browser. It is detected as Troj/FFSpy-A.

According to the blog entry, it collects your Google searches and inject ads onto websites based on your searches.

It spreads via internet forums.

Source: Sophos

01/09/2009 Data Storage

Check this out.

30/8/2009 MAC Malware

An Apple-specific DNS changer Trojan has been detected by Trend-Micro. It is named JAHLAV-K and it comes in a mountable Disk Image File (.dmg).

If users get infected with this file, their browsers would redirect to phishing sites and some of them would also redirect to sites that offer fake anti-virus programs.

Sophos warns that the pirated version of “Foxit Reader for Mac” comes with this trojan. “While imitation may be the sincerest form of flattery, we are not happy about the recent malware attacks masquerading as our Foxit Reader,” said the vice president of sales and marketing at Foxit Corporation.

Source: The Register

27/8/2009 Use a browser that will keep you safe

Until recently, most experts agreed that the safest way to surf the Web was to use Mozilla's Firefox browser, available from the organization's download page.

At present, Secunia's Firefox 3.0.x advisory page states there's a URL spoofing issue in that version of the browser. The equivalent report for Firefox 3.5.x indicates the same unpatched vulnerability.

By comparison, Secunia's report for Google Chrome 3.x shows no advisories for that browser. Likewise, Google Chrome 2.x comes up clean in Secunia's analysis. That gives Chrome a bit of an edge over Firefox security-wise, at least for the moment.

For added safety when using Firefox, download the donationware NoScript add-on, which is available from the vendor's site. This extension automatically blocks JavaScript and Adobe media files on a site-by-site or source-by-source basis, allowing you to override the blocks as needed. NoScript can also thwart clickjacking attempts and other Web nasties. (Be sure to add trusted names to your list of sites that are permitted to use JavaScript, which is important for some Web functions.)

Windows Update and some other Microsoft services require Internet Explorer. Unfortunately, we haven't yet been able to give the latest version — IE 8 — the thumbs-up for large enterprises, due to incompatibilities it has with some sites.

I recommend that you use Firefox, Chrome, or another IE alternative as your default browser and open IE only when necessary.

Having a patched copy of Internet Explorer installed, however, keeps your PC free of exploits targeting Office and other Microsoft products that use IE's HTML-rendering capabilities.

Secunia states on its IE 8 page that Microsoft has addressed only two of the four vulnerabilities found to date in the new browser. The service's report of a URL path-spoofing vulnerability was posted on Aug. 19. A "Charset Inheritance Cross-Site Scripting Vulnerability" in IE 8 remains unpatched more than two years after the problem was first discovered, according to Secunia's report. (The vulnerability also affects IE 7.)

To be sure, Firefox and other browsers periodically suffer from flaws such as IE's. But until Microsoft learns to close its browser's holes within days, as Mozilla and other browser developers do, using Firefox or another alternative to IE is still your best bet.

25/08/2009 Hotmail photo attachment feature suspended

Hotmail users cannot use the “Attach-Photo” feature when using the webmail service. The decision is due to security concerns. However, it will be restored by the end of next month.
A statement was released in the Windows Live blog which says, “During a recent review, we identified an incompatibility with Internet Explorer that caused a security flaw with photo uploads, and we made the decision to temporarily remove the feature.”
The feature was pulled approximately four weeks ago.

Microsoft apologised for any inconvenience resulting from the suspension. The feature was actually pulled around four weeks ago (since 24 July or thereabouts) but Microsoft only went public on Thursday. In the interim many users expressed confusion and frustration in Hotmail forums.

The technology was reportedly pulled because of a dodgy ActiveX control but no further information is available at the time of writing. Reading between the lines, it looks like Microsoft will address the flaw with an IE update during the September edition of Patch Tuesday followed by the restoration of the feature a few weeks later. It almost goes without saying but this timetable is subject to change.

Source: The Register

23/08/2009 An updated list of Securing a PC from online threats.

Here.

23/08/2009 50 indispensable Word tips

Here.

23/08/2009 Netbooks Vs. Apple Notebooks

A survey found that more people will purchase netbooks rather than Apple notebooks.
“Fifty-eight per cent of [students] plan on spending less than $750.00. Only 18 per cent have a budget over $1,000.00. Netbooks are affordable – some costing only $170.00. In contrast, Apple laptops start at $949.00. At a time when many people are experiencing economic hardship, having a new Apple laptop isn’t a necessity,” said Vipin Jain who is Retrevo’s chief executive.
Prices quoted are US$

Read older posts here.


	Latest update Wednesday, March 03, 2010