Tag Archives: antivirus

Why the $99 HP TouchPad is a good purchase [Updated ]


[Updated 09/16/2011]

As a WebOS fan, I’ve been following the rise (kind of), abrupt and sudden fall, and finally the launch of the now defunct TouchPad by HP.   I certainly wanted one when the product was launched, but felt them a little pricey.  Then, came the sudden announcement that the product was killed a mere seven weeks into its life.  At that point, I no longer desired one.  Then, like a great mystery, the plot turned once again.  Now, they were $99 and like an apparently very large portion of the US consumer market, I wanted one again.  I was one of the unfortunate people caught in order limbo thinking I had one, only to have my order abruptly canceled a few days later.

So, here I am.  On the outside looking in. I’m not going to use this space to rail on the shortsightedness and lack of vision by HP. That would just be too easy.  Instead, I’ve read a fair amount of articles on why you should or should not buy one.   There are a number of them out there for your reading pleasure, but I’ve especially got to thank Bill Palmer at Beatweek for his heavy handed post that thrashed the idea of buying a TouchPad altogether.  I hope that a great many people read his article.  It will make it that much easier for me to pick one up.  In response to this post, I’m going to give you ten reasons why a $99 TouchPad is a great pickup (if you can get one)

  1. By adding the Kindle App, you get more than a Kindle for less than the price of a Kindle.  Email, browser, games, etc.  That would probably be enough, but wait.  There’s more………
  2. A FREE 50GB of storage at box.net.  That’s a $19.99 value that can be shared amongst your family.
  3. Flash!   Despite what they’d have you believe, HTML5 is not yet all the way here.  So, when you are ready to lose Apple’s Interent training wheels, you can reach for ‘that other pad’ and experience the rest of the Internet.  There are a lot of well done Flash sites out there.  It would be a shame to miss some of them.
  4. It’s a great way to un-tether from your computer.  What do most people use their tablets for?  Checking email, Twitter, Facebook, surfing the web, etc.  The TouchPad does all of that.
  5. WebOS is a great operating system.  It is easy enough that all but the most dense among us will be able to start using it productively right away.  Also, despite it’s limited lifespan in hardware, HP is still actively developing the operating system.  They really want to license the os (good luck), but if need be, they will sell it.    That would be a lot more difficult if they shuttered the project and fired all of the engineers that work on it.
  6. The Android community is very actively working on a port.  For the more technically inclined among us, you’ll be able to to run Android on some dandy hardware within the coming weeks.  Where else are you going to find an Android tablet on this kind of hardware for $99?  That’s right.  Nowhere.  For the even more geeky, there is an active project that’s porting Ubuntu Linux to the pad.  Both the Android and Ubuntu projects are currently booting from a USB stick.  Therefore, you could ultimately have your choice of three operating systems on the same hardware without any of them interfering with the others.  Where else are you going to get that?
  7. You are NOT running a big risk of getting a virus.  This is just silly. Like I said before, the operating system is still actively being developed.  Any security holes that would crop up will be addressed at least for the near term, and that’s all we’re really looking at here (see note 10). Additionally, WebOS is Linux.  It springs from the same tree as the Android and is a close cousin to iOS.  While not impervious to malware, because of the nature of Unix/Linux it’s just a lot harder to pull off and there’s just less malware out there for the platforms.
  8. If you want to get your kids a netbook, this would make a nice alternative.  There is a document editing app called Quick Office that comes with the TouchPad and Picsel Smart Office should be available within a few weeks.  It’s a great machine for simple homework and research.
  9. App developers are still actively writing apps for WebOS.  It is true that many have jumped ship and some may never return, but the fact remains that HP will wind up selling about a million TouchPads before they close the books on it for good.  That’s a million potential software buyers.  Somebody is going to meet that market even if it’s only a niche.  You won’t have the volume of apps that are available for the iPad or the Android tablets, but you WILL have options.  The second part of this is, there WILL be accessories available.  This pretty much matches my point above.  A million devices is simply going to be too much for some manufacturers to resist.  Going back to the days of Palm, WebOS fans are rabid and they will buy.  With a million devices in the wild, there will be more WebOS fans.
  10. The lifecycle of the TouchPad is going to be about the same as it will be for any other tablet.  Apple already has an end of life in mind for the iPad and iPad 2.  Don’t believe me?  Ask any iPhone 3G owner how their phone is doing.  Planned obsolescence will take the iPads out every two to three years.  You’ll be tossing out your TouchPad about that same time.  The only difference will be that you spent 1/5 to 1/8 for the TouchPad (assuming you are fortunate enough to land one for $99) and probably a lot less for apps over the course of that time.

The TouchPad may be discontinued, but it’s far from dead.  It’s a limited life appliance just like all of the other tablets on the market.  Spending $99 and using the device for two years will be money in your pocket.  Two years from now, iPad and iPad 2 owners, as well as current Android tablet owners will be actively looking to replace their tablet with the latest and greatest just like you.  The only difference is, you’ll be money ahead.

To Mr. Palmer, please write a few more scathing articles.  You’ll be doing the rest of us a favor.

Advertisements

Return of Zeus. A New Wave of Malware that will Empty Your Bank Account.


Courtesy of Flickr

In a report by security company M86 Security, organized crime is using a new trojan variant called Zeus v3 to infect unsuspecting web surfer’s machines, then steal their online banking credentials.  Once the credentials are obtained, they are then used to drain your account.  This is a very sophisticated and organized attack.  It’s not something that the kid down the street who hasn’t come out of his basement in three years is capable of pulling off.  M86 has posted an in depth whitepaper on the matter which can be found here.   The report is both fascinating and disturbing.

For those who don’t wish to commit the time to understand all of the fine details about how the attack works, I’ll lay out the short version here.  First, the bad guys infect legitimate ad servers.  These are machines that serve the advertisements to websites you regularly visit.  From there, the infected servers start pushing out the trojan to computers visiting LEGITIMATE websites.  The trojan is delivered via advertisements through the infected ad servers.  That’s really the beauty of delivery.  They deliver the payload to infect your computer through regular websites because the advertising on them comes from somewhere else.  The ad servers are infected the same way your home computer gets infected.  Somewhere along the line, a vulnerability wasn’t addressed.  This can happen for a number of reasons.  The operating system wasn’t patched, a firewall rule wasn’t enforced, etc.  Once the trojan is delivered to the home users computer, it simply waits until the unsuspecting user logs into their bank account via a web browser.  That’s when it sends the credentials to a command and control (C&C) server.  Later, after it analyzes the information (bank name, country, etc) the C&C server communicates back to the victim’s computer and has it initiate a bank transfer.  It will drain the victim’s account, siphoning it off and covering tracks along the way.  Then, to put the cherry on top, when the victim logs back into their bank, the traffic is diverted to the C&C server where a fake statement is generated, thereby fooling the user into thinking they have money in their account.

This is a brilliant and complicated scheme.  The money trail is like following a single noodle through a bowl of spaghetti.  Thus far, attacks have primarily been on UK bank accounts, but don’t let that make those of you outside of the UK feel good.  This could very easily be perpetrated elsewhere.  To compound the matter, this particular attack seems to be very good at getting past the major virus scanners.

That’s the bad news.  The good news is, we can make it very hard to fall victim to this type of attack.  If you don’t bank online of course, you are immune.  If the benefits of online banking outweigh the risks, you can still protect yourself.  First, you should be following ALL of my advice in my recent post Lock Down!.  This alone will dramatically reduce your chances of infection by the trojan.  Another option is to switch to a Mac or use Linux.  While not immune, these operating systems are much more difficult to infect because of their Unix heritage and because they just aren’t as popular as Windows.  Windows is the low hanging fruit for virus writers.  Linux has become very easy to use and most versions of it are free.  I have my computer setup to give me a choice of booting to Linux or Windows.  That’s pretty easy to do.  Third, you could use a boot CD as I described in my post A Temporary Solution for your online banking activities.  While not as convenient, you won’t be at risk of infection.  This is the safest option next to just not banking online at all.

Lock Down! Security Basics for the Home PC User


Salvatore Vuono / FreeDigitalPhotos.net

If you’ve been keeping up to date with my posts, you’ve been noticing that I like to talk about keeping your data secure.  This post is a continuation of that.  Here, I’ll be outlining eight simple steps to keeping your data secure.  This is by no means a comprehensive list, nor does it venture into keeping your data safe online, which is an entirely different topic that  is expansive enough to warrant it’s own future post.  Instead, I am offering up a foundation on which to start.  So, let’s go.

  1. Don’t use an administrator account for your day to day operations.  I think every computer that has ever been brought to me has been setup this way.  It’s really kind of the fault of the operating system vendors.  Typically, the first account you setup is an administrator.  People normally setup the first account and start using it.  This is a problem because the administrator has the rights to do anything on the machine.  So, if you have a piece of malware that wants to install itself on your  computer and you are an administrator, there is nothing blocking it from installing.  If you are running an account that is not an administrator, you’ll have to supply the administrator’s password to install software or make global systems changes.  While this is less convenient, it makes it harder for ugly software to install itself onto your system without your knowledge.  It is also harder to inadvertently make unwanted changes to your computer.   So, what do I do?  If you are already running on an account with administrator privileges, you simply create a new account with administrative privileges, then modify your account to become a standard user.  Once done, installing software will require the administrator account password.  To install software under Windows XP when using a non-administrator account under Windows, simply right click on the application and select ‘Run as’.  A window will then popup allowing you to select your administrator account.  There are some cases where you will need to actually switch to your administrator account and log in to perform a task, but those are pretty rare and are mostly needed when you are setting up your computer.
  2. Use passwords.  Without a password, anyone can sit down at your computer and do whatever they would like.  When creating a password, make it a good one.  Don’t use ‘bob’.  Use something more secure like ‘BobL1nk40″.  Notice the use of a ‘1’ instead of an ‘i’.  This type of password is very difficult to crack.  The combination of capital, lowercase, symbols, and numbers should be standard procedure for you as well as keeping your passwords at least 8 characters long.  If you experiment a little bit, you can come up with combinations that are pretty easy to type.  As with using a non-administrator account, this will make your life less convenient, but how inconvenient is it to do something like having to fix your credit report after having your identity stolen?  These steps can play a part in preventing something like that from happening.  Once running as a non-administrator and using secure passwords become a habit, the really do not do much to impede your life.  This step should also carry over into your online life.  Use solid passwords for everything you do online.
  3. Make sure you have an antivirus / antimalware (spyware, adware, etc) package and make sure it is up to date.   While this is fairly self explanatory, it needs to be a high priority.   For more information, a read of my earlier post, A Temporary Solution can provide some additional information.  In addition to having real time protection, make sure that you setup a scheduled scan at least once per week to catch anything that may have slipped through.
  4. Use a firewall.  Firewalls are basically like a wall between your computer and the Internet.  It won’t allow data to flow back and forth except on specified open ports.  A port is similar to a gate in the firewall.  You allow traffic to flow through specific gates in order to manage traffic in an orderly fashion.  There are standard ports for web traffic, email, etc.  Windows has a built in firewall starting with XP.  There are other software firewalls available such as ZoneAlarm.  If you are using a laptop or netbook, you absolutely will want to be using a software firewall on your machine if you ever take it off of your home network.
  5. Use a router.   Routers serve as an additional layer of protection between your computer and the Internet and act as a hardware firewall.  Plugging a computer straight into a modem is bad practice.  Routers are cheap these days and easy to setup.  If you share an Internet connection with more than one device, you already have a router.  Even if you only have one device, invest in a router.  Unless of course you are in that tiny percentage of homes with dial up.
  6. Keep third party applications up to date.  I just covered this ground in my post Update All the Way, so I’m not going to beat that dead horse other than to say that third party applications such as Flash, Java, and Adobe Reader are subject to vulnerabilities just like Windows, OSX, and Linux.  A third party update tool like PSI can help you keep those up to date.
  7. Keep the operating system up to date.  Whether you run Windows, OSX, Linux, or something else, your operating system should be regularly updating as security vulnerabilities and bugs are found.  Most people should set updates to automatic.  While the updates will break things on rare occasions, the risks associated with not having them updated is much greater.
  8. Online backups.  As with the previous item, I’ve already covered this in Back it Up, I’ll Take it!.  Backing up your data automatically and offsite is the best way to protect your data in the event of hardware failure, theft, or home damage.  There are a lot of options out there for online backups, and some are even free.  Your data is critical.  Don’t risk it.

Remember, these are just the foundational elements for protecting your data.  If you don’t have these in place, your other efforts lose a lot of their luster.  By implementing these basic concepts, you can go a long way toward keeping your data yours.

A Temporary Solution. Uses for a Rescue CD.


hard drive photo

Courtesy Chris Sharp / FreeDigitalPhotos.net

Keyloggers, trojans, and public computers.  All of these can be bad news for you. Really bad news.

Say what?  Keyloggers are applications that hide on your computer and send out every keystroke you make to a remote computer somewhere on the planet.  On the other end, bad guys troll your keystrokes for things like login names, passwords, and credit card information that they can use.  Trojans are a category of malware (software that does bad things) that people install thinking they are getting something helpful or fun, but while the victim is busy being entertained, it does something undesirable in the background like turning your computer into a spamming machine, stealing your personal information,  or installing more bad software.  Sometimes it takes the form of a popup alert that says you have XXXX infections on your computer and that installing this little ‘scanner’ will clean it up.  Of course, that little scanner is a piece of malware you’ve just installed and it’s now doing bad things.  But, you think you are safe because you have an antivirus program installed right?   Not always.  Whenever someone brings me a computer that is giving them trouble, one of the first things I do is check the virus definitions to see if they are up to date.  Unfortunately, many of them are hopelessly out of date.  I’ve seen some that haven’t been updated in over a year!  Antivirus software works by looking for ‘definitions’ that are generated by the antivirus software vendor after first seeing the virus in action.  So, if you aren’t updating your scanner, it doesn’t know about all of the newest threats.  Also, because of the reliance on definitions, if you happen to ‘catch’ a brand new virus before a new definition file has been released, you are vulnerable even if your scanner is ‘up to date’.  Although the chances of catching a virus before your vendor pushes out a new definition file are very small, it’s still something that must be considered.  So, how are public computers bad?  A report from AWPG shows that over 48% of the over 22 million computers they scanned worldwide were infected with malware.  That means you’ve got a nearly 50/50 chance of sitting down at a public computer that is infected.  It is true that many of these computers are supported by professional IT staffs, but like anything else, the competency of IT staffs varies. Are you ready to chance it with your bank account information?  If you are logging onto anything with a public computer, you are at risk of someone stealing that information.

If that’s the bad news, then what is the good news?  You can beat the dangers listed above.  The better news?  It’s really easy.  With the constant refining of alternative operating systems such as Linux, you are able to boot an entire operating system from a CD without it using anything from or writing anything to your hard drive.  Since the bootable CD is not writable by the malware, it can’t install itself onto your system.  If you think that your computer may be infected, you simply insert your bootable disc into your computer and boot up from CD ROM.  When the operating system loads, you can browse the web, check email, prepare documents, etc. without the concern that malware on your computer is stealing your information and sending it away without your consent.  Likewise, if you are traveling without a computer, you can take your bootable CD with you and boot up a clean operating system in a matter of minutes if you have access to the CD ROM drive.  When you remove the CD and reboot the computer, everything you did is gone.  To add to this delightful news, several antivirus vendors have released bootable CDs with their virus scanners pre-installed.  This is good news, because if you have a piece of malware that has snuck in, it can render your antivirus software useless.  I’ve even seen malware that won’t allow you to go to the websites of antivirus companies in an effort to prevent you from installing antivirus software and removing the infection.  For that type of heinous infection, you’ll need either a boot CD or to remove the hard drive and have another computer scan it.

What are the limitations?  First, whenever you do anything on the Internet, you are interacting with computers on the other end.  If those computers are infected with malware, your data could be stolen.  Of course, since the problem is on their end, it won’t matter what you use on your end.  Likewise, another computer on the network you are using could be infected and capturing information that you are sending and receiving.  That is also beyond your control.  If the information is that sensitive, don’t trust a public network unless you are using a VPN connection to a known server.  VPN (Virtual Private Network) is a specialized connection that many businesses and agencies setup to ensure a secure connection between themselves and remote computers.  Speed is another limitation since every time you open a program, it has to be accessed from the CD, which is much slower than a hard drive.  In addition, many of the larger operating systems have to compress the files to get them to fit on the CD.  Uncompressing takes additional time to process. This can result in some time spent waiting.  Depending on the speed of your system, you may need some entertainment on the side while you wait for things to load.  This is particularly true if you are trying out a full blown operating system as opposed to the smaller, specialized virus scanning discs.

Where do I find these CDs?  If you are looking to try out something that is different that Windows, or want to carry around a full operating system on a disc, Ubuntu Linux or Mint Linux are two very friendly versions.  Ubuntu is a full featured operating system, and I am using it to write this post.  Mint is based off of Ubuntu and takes user friendliness a step further.  These would be ideal if you were heading on vacation and staying with Uncle Lou who spends his days on one of the twenty or so gaming sites he frequents and doesn’t even know what a virus is, while Cousin Bobby who is still sponging off his parents and is addicted to Lime Wire, uses the same computer to download bootleg software, music, and movies.  Consider this machine compromised.  Slip in your boot disc, reboot, check your transactions and stocks, then remove the disc, reboot, and enjoy your vacation.  Ubuntu can be found here.  Mint Linux’ home page can be found here.

For malware removal, I’ll list a few options.  I’ve used some of these scanners before, but I have NO experience with these  system discs.  All of the offerings are from reputable vendors, but I do not know how easy they are to use since I haven’t tried them yet.  Also, before you scan with any of these, make sure you have backed up your data!   If you followed my advice in Back It Up, I’ll Take It!, this won’t be a problem.   While the Ubuntu Live CD won’t write to your disc unless you tell it to do so, by definition, malware removal tools will have to write to your hard drive to carry out their duty.  Occasionally, removing malware will make your computer non-bootable.  So, while you’re at it,  take the time to read that documentation that came with computer that said ‘URGENT: READ BEFORE USING YOUR NEW COMPUTER’ in BIG bold letters at the top of the page.  You know, that one you immediately threw to the side to get to your new pc, only to come back later and file it because it was in your way.  All of course, without ever reading it.  It’s the one about how to make a system restore disc.  Yes.  This is a lot of work.  But, a number of things besides malware can make your system non-bootable .  Since you should already have a system restore disc, why not prepare and do that now instead of having a problem with your computer not booting the night before that really, really important report is due and it’s too late.  A system restore disc and a working backup strategy can keep you from shelling out money unnecessarily and being without your computer while you get it serviced.

With the disclaimers taken care of, here are some options: Avira, Kaspersky, BitDefender.

There are other options.  Some are free, and some are not.  This article is more of a primer than a comprehensive how to.  A starting point if you will.  You are going to need to know how to burn a bootable CD.  These discs are downloaded as one big file (image), which your CD burning software (such as Nero) breaks down into many files and burns them onto your CD.  Since there are quite a few options for burning, I’m going to leave it to you to discover how to use your particular software.  Newer versions of Windows already have that functionality built in.

As for new operating systems to try, well that’s a wide open field.  You can have a look  at distrowatch.org.  That will get you started with over 100 different versions of Linux and Unix.  Where you go from there is up to you.

Edit: As 0f 8/8/2010, I have used the BitDefender rescue CD and it worked very well for scanning viruses.