Dos-Boot Computer Services Blog

Let me start by saying that I was never a fan of Microsoft’s Live OneCare,  their antivirus, firewall, internet security type software.  Some time ago, they pulled it from the market;  Maybe in part because it didn’t sell very well and  because it never really did its job very well, when compared to other products.   Microsoft has replaced OneCare with a free new security program called “Security Essentials”.

Security Essentials is designed to be a more light-weight, less invasive antivirus and anti-malware program.  It’s made with simplicity in mind;  You install it and forget it.  Unlike other free security software, it’ll never nag you to upgrade to a “full” version.
I’ve installed Security Essentials on my home PCs and it does deliver on being lightweight and almost completely non-invasive.  I don’t think that it’s been out long enough for anyone to really comment on how well it works, though some early reviews are saying that it “holds its own”.

If you need an antivirus software and would like to try Security Essentials, you can download it here:  http://www.microsoft.com/Security_essentials/

A while ago I wrote about some of the fake antivirus pop-ups and rogue programs that cause many of the computer problems that we see.   This post is very closely related, but more generalized.   Social engineering is, in short, a means to get people to do something they wouldn’t otherwise do….such as install a virus onto their computer, or send banking information to a complete stranger.

One of the latest examples of social engineering that I’ve run across is an e-mail, falsely saying that your antivirus subscription has expired.   If you don’t know how to check, you may think nothing of the e-mail and follow the link.   Unfortunately, the end result is that you’ve just clicked a link to infect your computer.

Dear (insert email address here),

You are receiving this message to let you know that your antivirus is outdated.
We request that you execute a full system scan at your earliest convenience by clicking on this link.

< hXXp://nonce.IaV8QJP.fullhourinternet.com/scan/>

Non compliance may result in possible fraud on your credit cards, data loss, as well as spyware infection

Kind Regards,
Liz
Antivirus Customer Service #77

The more official the e-mail, or message, looks the more likely people are to believe it.   Often the scammers will use very official looking images.  Sometimes the message will try to look like an official message from a bank or credit card, antivirus software, or other online services.

Generally, social engineering as a whole is too broad a problem to give specific examples on how to avoid becoming a victim.    Some things to remember, though;    Almost every online service WILL NOT ask for your password through e-mail.    Unless you specifically request it, your bank or credit card company will not communicate through e-mail.   If you do have online accounts, and you’re suspicious, don’t follow the links in the e-mail;  Go to the website directly.

A very handy tool, to help prevent scam attempts, is WebOfTrust.  With this browser add-on, you will be warned if the website you’re viewing is potentially dangerous before visiting.   Combined it with Firefox’s already built in ability to check attack sites, and cautious surfing, you’re much less likely to find yourself a victim of a social engineering scam.

We’ve recently noticed a large spike in systems infected with fake antivirus programs.   These programs are extremely crafty and are designed to look like legitimate security warnings.  These programs go by many names (Antivirus XP, 2008, 2009, Vista Antivirus, MS Antivirus, Antivirus Master, Virus Heat, and may others)

Here are a few tips to help you avoid downloading the rogue software:

Tip one is the most important; Make sure your antivirus is up-to-date.  As with any virus or malware infection, it’s important to have a reliable antivirus installed and kept up to date.  Most antivirus programs will update daily, if not hourly.  Antivirus programs such as Kaspersky Antivirus, Eset NOD32, Avast Antivirus, or AVG Antivirus are top notch  programs, and will almost always warn of you of problem software.

Tip two: Never click on web page pop-ups warning of virus or spyware infection.  The fakes are often designed to mimic more commonly known software such as McAfee or Norton Antivirus, and often use Windows logos.

Tip three: Use an alternate browser, such as Firefox, and enable the built in pop-up blocker.  Several sites exploit security problems to automatically install malicious software.   Firefox is not exempt from security exploits, but it does a better job of keeping you safe through faster updates and offers various security addons.

Tip four:  Be cautious online.  If you download, be sure you know what you’re downloading.  If you use peer-to-peer services, many of the files are mislabeled and may include various different viruses even if they appear to be music or video files.