SWI Community News - December 2007
Posted 28 December 2007 - 01:59 PM
Welcome to the 6th Edition of SWI Community News and the final edition of the year!! We intended to do a monthly newsletter, but as you can see, that has not happened. We are not sure if many people are even reading this or find it helpful, but we intend to keep it up for 2008 and beyond anyway. If you enjoy it or find it useful, please let us know and we may be more inspired to get it out more frequently. This edition will be a little different since we will just have my rant and one article to begin, but another article will be added in the next few days, so please check back later in the week. As usual, if there are other topics you would like us to talk about, please let us know by starting a topic in this forum. I hope you enjoy our efforts this month.
And now for the disclaimer and subscription information:
Opinions and information expressed in this publication are not the responsibility of SpywareInfo.Com or it's owner, administrators or hosting services. Information and opinions posted here are the property of the respective author.
That also means that the material is subject to the copyright of the author and you need to cite the author if you quote any material from this publication elsewhere.
And as usual -- to get notification when a new SWI Community News is available, subscribe to the subscription topic and we will add notices of publishing to that topic so you will receive an email notice if you are set to receive notices of your subscribed topics. Now, on with the show!
Guidelines for the Desperate
When you have a problem with your computer, you are likely to feel pretty desperate. Many of us have come to rely on our computers and most of us only barely understand them, so it can be quite overwhelming when we don't know what is wrong or we think they are infected. This leads people to come to forums like SWI and ask for help. We get a lot of titles that say things indicating how desperate people feel, like: "Please, please help me!!", "Help required ASAP!!" and "Desperate for help!!". Most of us at SWI came to the forums in the first place because we were desperate for help ourselves, so we know what that is like. We are here because we know you are desperate and we know you want help immediately. That said, we are all volunteers and there are a lot more infected computers out there than there are volunteers to deal with them, even if we all cleaned 100 computers each day. The truth is that none of us can do 100 computers each day. We have had people who have tried and they ended up leaving because of burn-out. We struggle to keep up because we know how desperate you are and we want to help you feel better, but we just don't have the numbers to help everyone who needs it and we usually can't get to your log for a while.
When you feel desperate, you may tend to also feel cranky. You may rant about how you are not getting help and you may post multiple times in multiple forums in order to try to get help quicker. You may post with titles that reflect your desperation, but don't tell us about your problem. You may post without giving us the information you need because you are so flustered you don't read the FAQ or simply think we can figure it out based on a couple of comments about the popups you are getting. When you think the problem is solved, you may be so relieved that you never respond to your helper with the logs requested and then get upset because your computer is not really clean. You may be so flustered that you don't follow the directions you are given or you do other things you don't think to tell your helper about. All of these things sap the energy of our helpers and make it harder for them to help you and the thousands of other people wanting help. In order to help you know how to help us, here are some guidelines.
1. Use a descriptive title. Something like: "Homepage redirected", "Error message - xyzf.exe missing at Startup" or "Popup for SpySheriff" would be more helpful.
2. Post in only one forum with only one topic for each computer. If you do decide to go to another forum, tell the first forum so they can close your topic. However, keep in mind that most forums are struggling to keep up and that you will start the clock over if you go to another forum.
3. Read the FAQ before posting and look for other information about how to help your helper help you.
4. Give as much information about the problem as you can. At a minimum, we will need a HijackThis log.
5. Check the purpose of the forum and make sure you are in the right one for the problem you are posting. There is a description of each forum in the main forum directory.
6. Be patient. At SWI, it typically takes about 3 days to get to your topic and we most often draw from the "Not getting help" topic because of this. If you do other things to try to fix the problem while you are waiting, let us know what you did by adding that information to your topic.
Not getting help with your log?
7. Check your topic every day or so to see if anything has changed or if more information is requested. The most effective option is to subscribe to your topic so you are notified of responses, but the notification emails are not always reliable, so check it yourself as well.
8. When someone does respond, please provide that person whatever information they request. We cannot help you if we are blinded by lack of information. You are the only source of information we have about your problem.
9. If someone responds who is not a staff person, please do not follow their advice or exchange posts with that person. We occasionally have criminals offering to help people here by offering links to rogue tools or recommending actions that would cripple your computer. Even if the person is well intentioned, we have seen advice offered that could harm your computer. Check the staff ranks here and wait for SWI staff to respond.
The various helper groups here, Who is helping you?
10. Most volunteers in most of the forums work hard to present a professional response to your problem and this includes treating you with respect. Please return the favor and treat us with respect, keeping in mind that we are offering you free help. If you are not treated respectfully by anyone at SWI, please let an Admin know.
11. Please follow the directions you are given very carefully and ask if you have questions so that you are able to follow the directions. Remember that we will not ask you to run a tool if we don't think it is important and, if we ask you to update a tool, there is a good reason for it. We try to be efficient to save us all time and when you skip a step, it is likely to be a crucial one.
12. Please let us know how the fixes worked, post all the logs requested and tell us whether the problem persists in each response you post. Again, the more we know about what is going on, the more likely we can help you promptly.
13. If you think your computer is clean, please post back to let us know and to confirm that it is clean. It is demoralizing for our volunteers to work hard on cleaning up a computer and then never get to confirm that the computer is clean.
14. If your computer is cleaned up, please thank the person who helped you -- you would be amazed at how long someone can maintain that motivation to help just from the occasional thanks. If that helper wasn't able to help, please note that a lot of effort went into the advice given and respond from that perspective. It can take up to an hour to analyze a single log in some cases. That is time given to you as a gift, so please respect that.
15. Please do not insult us by offering money or rewards for getting to you quicker or even just getting to you at all. The forums and some of the developers of the tools accept donations. Please support them with your money and support our volunteers with your thanks.
16. If you have problems on multiple computers, please note that in your first post and post about only one computer in your topic. If you have a business repairing computers, you really need to consider training to do this type of work or you need to be donating often. We do not require payment, but we also don't appreciate being used.
17. If you hate malware, have a lot of time to offer to other people you do not know and you are willing to learn some complex concepts in fighting malware, we could certainly use more helpers. Consider training in Boot Camp or one of the other schools available online. All of the schools I know about are free and only ask that you give back some time to fight malware when you complete training.
The Boot Camp here
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
Posted 28 December 2007 - 05:31 PM
Welcome to this monthís selection of interesting and hopefully useful programs, chosen by yours truly. As ever, I have only selected freeware items. That means no trial offers and no having to unselect optional extras in order to install. Also as ever, these are my personal choices, are not endorsed by SWI in any way and I receive no incentives to review any of them.
I have chosen general programs rather than security programs, as there are many reviews of security programs around these forums already. If anyone wants me to search for a particular program or review one, please ask. As always, I welcome constructive criticism of any of my choices.
So, on to my first choice:
Updates updates updates. Every program you install wants them and needs them, but can you be bothered to wade through everything youíve ever installed and check for updates on a regular basis?? I know I canít, no matter how well-intentioned I am. Because I canít and donít, I end up with potential glaring holes in my PCís security. But not any more. Secunia Software Inspector "detects installed software and categorizes your software as either Insecure, End-of-Life or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors."
Iíve installed it and I like it.
Please note it is a Beta and slightly buggy; i.e., Iíve noticed it sometimes detects applications as new when itís found them before, it connects to the internet which made me a little twitchy the first few times I saw my modem active (however itís a secure SSL encrypted connection) and when it runs a software inspection it slows my PC a little. But I think itís worth it is. You end up with a list of direct download links for updating your software. In my case this included software it would never have occurred to me to update, such as Core XML Services, .NET Framework and SQL Server. I just had to click on the download link and away we go. Nice and simple.
The End-of-Life feature is handy too, for that kind of junk you installed a couple of years ago to test, promptly forgot about and now there it is making holes in your nice secure PC. PSI flagged several of these for me, which I promptly uninstalled.
Secunia PSI is based on Secuniaís Software Inspector, so if youíre wary of a Beta you can run the original from here:
without having to install anything.
Me, I like the PSI, and the final version is coming soon, check here:
for feedback on the Beta after 5 months in the wild:
ďSecunia PSI has achieved the remarkable result of being installed on more than 1 computer every minute on average since its release.Ē
OK, on to the next program:
Adobe Reader SpeedUp
By Joseph Cox
It does exactly what it says on the box.
Now, what version of Adobe Reader are we on - 8.1 isnít it? Whatís it done since about version 4? Itís gotten bigger with more features and more bloat. What do 95% of us use it for? Reading .pdf documents and nothing else. So why would you want all the extra features, handy as Iím sure they are? Answer is, you probably donít. What you want is your .pdf documents opening nice and quickly, not having to wade through half a dozen extra features loading before your document finally loads.
So, download Adobe Reader SpeedUp and run it once. Disable everything you donít need so that the next time you open a .pdf document there it is - zing - no loading lag. Try it; I think youíll like it, especially if youíre an impatient person like me!
NB: While youíre there, check out some of the other excellent programs by Joseph Cox. Iím particularly fond of ĎInfinite Monkeysí.
Defraggler from Piriform
From the people who brought you CCleaner (and genuinely free, as opposed to CCleaner which tries to sucker you into installing the Yahoo Toolbar) is a cute little defrag program. Now there are about a million of them out there, the redeeming feature of this one is it gives you an option to defrag individual files, rather than the whole volume every time. Iíve found it useful when you donít have the time to run a whole volume defrag. Nice graphics which remind me of Windows ME, but thatís another story!
Hope you enjoyed the selection, have fun, surf safe and see you next in the next edition.
My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.
Posted 01 January 2008 - 08:05 AM
This month, the year in review and, sadly, the bad has outnumbered the good in the articles I have for you.
An Australian man arrested in an undercover sting has been charged for allegedly tapping into home wireless networks so he could anonymously send threatening emails.
More than 1,500 large Chinese enterprises have installed copyrighted software since April 2006, said Liu Binjie, director of the General Administration of Press. China also adopted regulations in 2006 requiring computers made in China, or imported for sale here, to be pre-loaded with legitimate operating systems.
The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007. Attrition.org estimates that worldwide more than 162 million records were compromised through Dec. 21. Attrition reported 49 million last year. This year, news stories have been written about data losses disclosed by 98 companies, 85 schools, 80 government agencies and 39 hospitals and clinics, according to a database at tech security website Attrition.org.
It seems a lot of IT security departments may have been cursed in 2007, because most of them have had one "interesting" year. In fact, according to one report, a whopping 85 percent of organizations have experienced at least one reportable breach in the past 12 months.
A report from Cisco's newly relaunched Cisco Security Center contains a look back at 2007 and predictions for 2008. But in addition to tracking exploits and vulnerabilities, it looks at other phases of risk, such as physical security and human behavior.
Greg Garcia, the Homeland Security assistant secretary who heads the national cyber-security division said there is a $100 billion market for cyber crime -- more than the illegal drug market. From fiscal 2006 to fiscal 2007, the U.S. Computer Emergency Readiness Team handled more than 37,000 incidents, compared with about 24,000 in fiscal 2006.
BitDefenderís top ten for 2007 reflects a re-emergence of file infectors as a credible threat, primarily because of widespread P2P sharing. BitDefenderís antispam analysts noted the appearance of political spam, which they expect to grow dramatically as the U.S. presidential elections draw nearer. BitDefender antispam analysts also found that phishing spam was less prominent, but is much more dangerous.
The effectiveness of antivirus software has fallen off, and more and more pests can now slip past these barriers.
More than $3 billion was lost due to phishing attacks in 2007, according to a survey conducted by Gartner. For the 12 months ending in Aug. 2007, 3.6 million adults lost $3.2 billion due to phishing attacks. About 2.3 million people were hit with phishing attacks in 2006.
The annual report from MessageLabs highlights how 2007 has been a year of diversity due to the vast number of new tactics, techniques and trojans entering the security market during the last twelve months.
Alex Eckelberry of Sunbelt informed that an avalanche of fake codecs was discovered on numerous Blogger accounts, which looked similar to the old scams conducted on malicious pornographic websites.
Sears and Kmart customers who sign up for a new marketing program may be giving up more private information than they'd bargained for, a prominent anti-spyware researcher claims.
Saudi Arabian officials have reportedly detained a blogger whose writing has criticized religious extremism in the country, according to the two press freedom groups and a regional human-rights organization.
Within hours of yesterday's assassination of former Pakistani Prime Minister Benazir Bhutto, malware makers exploited the breaking news to dupe users into downloading attack code, security researchers said Friday.
Reporters without Borders (Reporters sans Frontieres) - Traditional ďpredators of press freedomĒ Ė Belarus, Burma, Cuba, Iran, Libya, the Maldives, Nepal, North Korea, Saudi Arabia, Syria, Tunisia, Turkmenistan, Uzbekistan and Vietnam Ė all censor the Internet now. In 2003, only China, Vietnam and the Maldives had imprisoned cyber-dissidents. Censorship of the Web is also growing and is now done on every continent. In Cuba, where you need permission from the ruling party to buy a computer, all websites not approved by the regime are filtered.
...and the Really Stupid
A survey released today by Compuware Corporation and the Ponemon Institute showed an overwhelming majority of organizations surveyed risk compromising critical information by using actual customer data for the development and testing of applications.
Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005