How to Remove a Virus from Windows 8

Jonathan writes:

Hello, I recently bought a new laptop for when I go to university; it runs Windows 8. Looking around LockerGnome, I’ve come across many free anti-virus programs. I’ve been using Microsoft Security Essentials and AVG.

Only just two days after buying my laptop, AVG has picked up a virus/malware. I’m not sure how I got this malware since I’ve only been on websites such as Facebook, Skype, Steam, and Gmail. I have no clue where I’ve gotten this virus — and AVG didn’t warn me when I got it. (It picked it up during a routine system scan.) My dad said I only needed AVG and Windows Defender, but on previous Windows computers he downloaded other programs such as AdwareFree and TweakRegCleaner. I have no clue if I need any of these on my new laptop or where to get them.

So my question is: what security programs do I need to keep my laptop malware free? And how do I know if this recent virus is, indeed, completely gone? I scanned it three times and AVG has come up clean, but I’ve heard viruses can hide themselves.

Malware is definitely no fun — especially these days. As the security programs we use get better, the malware writers and script kiddies get smarter. It’s a vicious, never-ending cycle, and one that I hate having to deal with. I’m sorry you’ve had to experience this so soon after buying a new machine. Let’s see what we can do to make sure all is well — and keep you that way.

How to Remove a Virus from Windows 8First of all, I want to make clear that I never advocate the use of any type of registry cleaner. I have an excellent post over on my personal blog written by my social media manager Kat, which explains the reasons behind this. Please take the time to read through it so that you will understand for yourself why it just isn’t worth it to install one of those programs. Make sure your dad sees it, as well!

As you’ve learned, gone are the days where you had to be surfing adult sites or downloading illegal things to get a virus. There are websites geared toward kids that will carry a “drive-by” malware download, even! This type of malware can install itself on your system without you having to click anything or download so much as one file. Yes, you still need to be careful when opening an email attachment or trying to get the latest music and movies from questionable sites, but you also need to have good security programs to keep your system clean.

My first recommendation is to download and install Malwarebytes Anti-Malware. This program is pretty amazing and is maintained by a team of the best security experts in the world. Once installed, be sure to update it to the latest definitions and then run a complete system scan. MBAM will tell you if there are any issues found on the machine still. If you are still not quite sure, you can always register on the company’s forums for free and post to ask for additional help from the experts there.

Update MBAM and run a scan with it once a week to make sure nothing has wormed its way onto your system. The free software doesn’t protect in real-time, but the paid version does if you can afford it. MBAM can also safely be run alongside Windows Defender, which you should definitely keep using.

When you want to clean out temporary files, I recommend using TFC (Temp File Cleaner). This small, free utility is 100% safe and simple to use. Kat personally knows the man responsible for creating this tool and also vouches for how well it works. It’s intuitive — just click and run! This will empty all temp files on the computer to keep things clean and quick.

If you run into issues that you aren’t able to resolve yourself, you can always post for free help from real security experts on the MBAM forums as I mentioned earlier, or over on GeeksToGo. Both of these sites are reputable and provide quality help — even when it comes to the newest or trickiest malware making the rounds.

Do Online Virus Scanners Really Work?

Do Things Like Bitdefender's 60-Second Scanner Really Work?Those of us who are locked into the Windows operating system ecosystem are keenly aware of the importance that anti-virus, anti-malware — anti-whatever — software plays. In fact, every morning when I start my Windows 7 laptop, I patiently wait as my protection software loads up and eventually updates the virus definition files. But as we all know, or should know, no one protection software will guarantee you 100% protection, 100% of the time.

I have written about this before, but I feel it is worth repeating: do not depend on any one software for protection. What I mean by this statement is that you should be running one of the online scanners periodically just to confirm that your computer is bug-free. I usually plan on completing an online scan at least once a month or so and never use the same online scanner twice in a row.

Bitdefender’s 60-Second Virus Scanner is a product that I believe is designed as a supplement to your current anti-virus software and not a full-fledged replacement for whatever software you currently use. With this in mind, I took Bitdefender out for a test drive and here is what I found.

The software requires installation on your system in order to function properly. This explains why the software can scan your system in 60 seconds, while other online scanners take considerably more time to finish a scan. Bitdefender also claims that its program will work with all other anti-virus programs as well. During my test I was using the latest version of avast! free version and noted no issues or problems during the scan by the Bitdefender software.

After downloading and installing Bitdefender onto my Windows 7 system with SP1, I scanned for any critters lurking on my hard drive. Though the scan started with a 60-second timer, the scan stopped clocking the time about halfway through the process. The first scan took about two minutes or so. When completed, the software confirmed what I already knew: that my system was bug free. Subsequent scans finished in less than 30 seconds.

So here is my take on Bitdefender and other free scanners that are available online for free. I personally believe that these scanners are worth trying on your system and here is why I feel this way. As I stated above, no single software can guarantee you 100% protection forever. There is always the possibility that a piece of malware can sneak by. I will stick to my original advice and run different scanners, along with my installed anti-virus program, just as an added measure of security.

What do you think? How do you protect your Windows based computer? Do you use online scanners? Share your thoughts with us.

Comments, as always, are welcome.

Source: Bitdefender

CC licensed Flickr photo above shared by Tahoe Sunsets

Informed Consent: if Your PC Breaks, It’s Your Fault

Informed Consent: if Your PC Breaks, It's Your FaultFirst let me say that I am highly prejudiced against all paid for anti-virus programs; I personally believe that we have all been duped into believing that we must shell out cash to protect our Windows-based computer systems. Second, while it is true that Microsoft has completely failed to protect its operating system, which is like a sieve, let it be known that I am a Windows fanboy and use Windows as my primary OS. However, before you Apple zealots get defensive, I need you to know that I respect and also see the advantages that are built into the Apple OSes.

What do these two things have in common? Basically, for Windows to operate without catching a virus, it needs an anti-virus program that will catch a bug before it makes itself at home on your computer. Knowing that, I am always looking for information on new anti-virus programs. It was while I was in one such search process that a commentary, written by William S. Platt in a recent issue of MSDN magazine, caught my attention. In the article, Mr. Platt describes his recent experience with Norton Internet Security and his interpretation of what he describes as implied consent.

His story started with his wife calling out to him for help with her computer system. I immediately knew how he felt; when I hear the word “honey” accented with a certain tone in my wife’s voice, I know that it has to be a computer-related problem. Sure enough, Norton Internet Security was asking a question about whether a program from the Internet should be allowed access to his wife’s computer. In my personal experience, this question is annoying. The fact is that it doesn’t matter whether it is Norton, Windows itself, or other protection software that is asking your permission, but rather, why can’t Norton, Microsoft, or any other protection software program recognize what is safe and what is not safe?

However, as the article continued, the author provided the motive behind the questions. Apparently, Mr. Platt was at a conference when he entered into a conversation with a guy wearing a Norton badge. During this conversation, the man explained that the questions gave the program developers a way to shift the blame, since answering yes to the question gave them implied consent. In turn, this implied consent protected them with a release of liability if the program were to damage your computer. The man then went on to explain that this is no different than what one experiences when they see a doctor who presents a patient’s treatment options and then allows them to make a decision as to which one they wish to adhere.

But what I found really interesting was the fact that it is not just Norton that employs this type of informed consent way of thinking. In fact, Microsoft has used this very same type of thinking since the development of Windows Vista, when the operating system started asking questions that most users haven’t a clue about how to answer. The insanity of the questions, at that time, resulted in Microsoft setting up a procedure to stop the madness and put an end to customer frustration.

I also found it interesting that, with the progression of technology, no company has yet developed a software program that can detect which programs are installed on a system, which are in need of calling home, and which are not. Why would that be such a problem?

One must then ask, if the time should come when this type of program is made available, should there be exceptions to the rule for specific software programs? Should the program know how to control these E.T. phone home programs? In my opinion, the exception would be free programs for which the user accepts responsibility and determines that they wish them to be downloaded to their computer. However, whenever a user has to pay for a program, they should be able to count on one that would provide a higher level of protection than that offered by the free versions.

These conclusions by Mr. Platt support something that many of my colleagues and I have known for at least a decade. His conclusions are that:

  • In general, free software works just as well as their paid counterparts.
  • AVG, avast!, Microsoft Security Essentials, Panda Cloud Antivirus, Avira AntiVir Personal Edition, and many other anti-virus programs are free. Why pay?
  • No amount of protection can be 100% effective without keeping the software updated.

So what do you think? Should a user of a paid version of Internet security, anti-virus, or anti-malware software protection be held responsible for answering “yes” to a question they may not understand? Do these companies that sell their products need to step up and answer to a higher standard than their free counterparts?

Share your thoughts.

Comments welcome.

Source: The Myth of Informed Consent

Mac Defender Malware – What Any Windows User Already Knows

I am not going to make light of the current Mac Defender malware that seems to have attacked Mac users this past week. The fact is that Windows users have become experts in using and protecting our systems from this type of garbage that is deliberately thrust at us. We have learned over the years how to surf the Internet safely and avoid falling victim to malware in which the user must click on something for the infection to activate itself.

Apple has provided a link to its current strategy to remove the Mac Defender malware and also to keep from becoming infected again. The link below will take you to the Apple site with specific instructions on how to get your system functioning properly once again. My purpose of writing this article is to help you understand how to further protect yourself and not become a victim in the future.

I do not consider myself lucky, nor do I consider myself smart in not having a virus attack on any of my Windows computer systems. After almost 20 years of using a dozen or more PCs, I have never suffered any type of bug. Why is that? Why is it that I have never been infected while others seem to be bug magnets?

The first thing you must deal with is the lie. I have heard ‘I didn’t do anything but…’ so many times that I have just begun to accept this as the denial stage of getting to the problem. The next step is the acceptance stage when the computer user acknowledges the fact that they did do something. They were surfing on sites that are notorious for infecting systems or they finally state they did get a message that they did allow the installation of malware onto their systems.

This seems to be what has happened to those who have become infected with the Mac Defender malware. The user received a message that their system was infected and they were duped into allowing this rogue software to be downloaded and installed to their computers. One should never fall for this gimmick and should never allow this type of download to be executed.

Apple explains this in detail on its Web site and also provides instructions on how to remove the malware from a Mac system. Follow the instructions that Apple provides and move on with the knowledge that Mac systems are not 100% immune from infections. You should also surf safely and avoid porn sites that are notorious for distributing infections of all types.

Never fall for the ‘your system is infected’ scam that has claimed millions of victims.

Apple Mac Defender malware removal instructions are here.

Why Are People Still Ignorant About Virus, Malware Problems?

On Tuesday evening I received an email from a niece with a link to an advertisement, referencing a money making scam. The Web site alleged that a woman, who just happens to reside in the same town as I do, was making $6,700 a month while working only 20 hours a week. The advertisement stated that the woman only had to link Web sites and that was it. You could do the same thing, the cash would start to roll in, and life would be good for you and your family. What appeared to be an isolated incident turned out not to be the case.

During the next few days, I received the same email six more times. This morning I received the same email from a friend of mine, also linking to the same Web site. I then discovered I was starting to receive two and three emails from others in my contact list, all linking to the same scam.

I take pride in the fact that all of my systems have been virus and malware free for 10 years or more. Just to be sure, I ran several scans on my system to confirm all was well. As I have stated before, I never rely on just a single anti-virus software, but I also use online scans to keep my system bug free. I use Malwarebytes free edition as an additional precaution, along with the free version of avast!.

I contacted those who had sent me the emails, advising that they may not be aware that their systems could be compromised. I was polite, even though it irritated me to no end, that they would not keep their systems protected. This brings me to this thought. Why is it that people still allow their systems to be unprotected? With free protections available, why does this situation continue to occur?

But it gets even better. One of the people who I contacted and advised of a possible virus was also contacted by others in his contact/address book. This man sent out an email stating he is aware of the situation and is correcting the problem. I noticed that everyone he sent the email to are all listed in the TO: box. This now exposes everyone in the TO: box to exposure to others. I don’t know who all these people are and do not want my personal email address exposed to the masses.

I use my computer for work. It seems many people use their computer as a toy and have no idea on how to properly use their computer, nor do they know how to protect it.

Comments welcome.

How Safe is That Web Site?

Aaron has recorded this screencast to show all of you how to figure out if a website you want to visit is safe or not. McAfee’s SiteAdvisor doesn’t require any downloads, and will give you a detailed report along with your green (or red!) light.

Not only does the report give you a red or green light, it also includes demographic information such as the country the site is located in and how popular it is. If there are downloads available on the web page, McAfee has already tested each and every one to be sure that it’s clean and free of malware.

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

Customer (visitor) commentary adds a nice touch to your report. See what others are saying about their experience visiting that site. You can become a member for free and add your thoughts to any web site report that you find.

You will find a handy little graph that shows you what other sites are affiliated with the site in question, as well as being able to quickly tell if they are “green” or not. When checking out my main site, you’ll find links off to my live page, Lockergnome and various other sites that I maintain. As I would expect, all of my sites have a green light.

Lastly, you’ll be able to see exactly what annoyances a site may hold — such as popups. The team at McAfee has built this excellent tool to help you learn how to stay safe online, and to alert you to potential dangers before you ever click that link.

Thanks to Aaron for this excellent tutorial.

Want to embed this video on your own site, blog, or forum? Use this code:

What Is The Best Anti-Virus Program? Common Sense 2011

As many of you know, I have just recently switched from using AVG over to using avast!. The new AVG 2011 made my system sluggish and was bloated so I reluctantly made the switch. I have also advised many times never to rely on any one anti-virus program as your sole line of defense. I personally will use Malwarebytes, Spyware Terminator, or one of the fine online scanners listed below, to periodically scan my system for critters.

What brought this all to mind was a computer I worked on yesterday. It belongs to a relative and they were experiencing reboot problems. The computer was running an older copy of AVG 8.5 that I had installed when they bought the computer. Yesterday I ran Malwarebytes which found 42 viral infection which I placed into the vault. Uninstalled AVG 8.5 and installed avast! version 5, it also found two more bugs.

In addition to the two programs I have mentioned above, I also use online scanners about once a month. I rotate the scanners, never leaving it to any one system to find and eradicate any bugs that my system may pick up. The online scanners I recommend are:

TrendMicro Housecall

Panda ActiveScan

BitDefender QuickScan

F-Secure Online Scanner

There are others available, but I use these four, rotating them through the months. I have not had an infection on any computer I have every used for well over 10 years. The reason is simple. I have a secret weapon and it is the best anti-virus program in the world. It is called Common Sense 2011. :-)

By using my brain I stay away from areas of the Internet that pose a hazard. I never lurk where danger resides and confine myself to reputable Web sites only. I keep my eyes open for anything suspicious, use two separate scanners to warn about rogue sites, and basically confine my searching to where the good guys are. That, my friends, is why it is called Common Sense. The 2011 model will start on January 1st, 2011. It has worked flawlessly in the past and I have no doubt it will do the same in the future.

Comments welcome.

A Redeeming Role For A Common Virus

There should be an image here!A common virus that can cause coughing and mild diarrhea appears to have a major redemptive quality: the ability to kill cancer. Harnessing that power, researchers at Georgetown Lombardi Comprehensive Cancer Center, part of Georgetown University Medical Center, are conducting a clinical trial to see if the virus can target and kill certain tumor types.

By the age of five, most people have been exposed to the virus, called reovirus. For some, it can trigger brief episodes of coughing or diarrhea while many other don’t develop any symptoms. The body simply overpowers the virus. But what scientists have discovered is that the virus grows like gangbusters inside tumor cells with a specific malfunction that leads to tumor growth. That finding led researchers to ask: Is it possible to use the virus as a treatment?

At Lombardi, researchers are collaborating with other institutions to look for an answer by conducting a phase II clinical trial for people with advanced or recurrent non-small cell lung cancer with a specific tumor profile.

“With reovirus, we’re able to accentuate the positive and attenuate the negative,” says the study’s lead investigator at Lombardi, Deepa Subramaniam, MD, interim-chief of the Thoracic Medical Oncology Program. In other words, researchers have genetically altered the virus so that it won’t replicate in a healthy cell (attenuated), which is what makes a person sick. “What’s left is a virus in search of a host, and reovirus loves the environment inside a specific kind of cancer cell,” explains Subramaniam.

That specific kind of cancer cell is one with malfunctioning machinery called KRAS or EGFR mutation.

“These mutations leave the cancer vulnerable to a viral take-over. Once it’s in, the reovirus exploits the cell’s machinery to drive its own replication. As a result, the cell is filled with virus particles causing it to literally explode.”

Volunteers in the clinical trial will receive reovirus (REOLYSIN®) in addition to paclitaxel and carboplatin. The physicians will watch to see if the cancer shrinks while also seeing if this combination of drugs causes serious side effects.

“This is a subset of cancer where we haven’t had many successes in terms of finding drugs that extend life after diagnosis,” says Subramaniam. “This trial represents an attempt to seek and destroy cancer by choosing a treatment based on specific tumor characteristics. Preliminary data from the study should come quickly.”

Researchers are also studying the effect of reovirus in other cancer types.

[Photo above by Dr. Ignatius M. Skinny / CC BY-ND 2.0]

Karen Mallet @ Georgetown University Medical Center


Cyberwars: Already Underway With No Geneva Conventions To Guide Them

There should be an image here!Cyber attacks of various sorts have been around for decades. The most recent, and very dangerous, escalation in the past few years has been marked by countries launching attacks against other nations, such as Stuxnet, the nuclear plant-disrupting worm the Iranians have blamed on Israel and the U.S., while others are pointing the finger at Russia.

University at Buffalo military ethicist Randall R. Dipert, PhD, one of the founders of the National Center for Ontological Research at UB, says we have good reason to worry, because cyber attacks are almost entirely unaddressed by traditional morality and laws of war.

“The urge to destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line and other calamitous outcomes are bad enough,” says Dipert.

“But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyberwar. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged,” he says.

“In fact,” he says, “terms like ‘cyber attack,’ ‘cyberwarfare’ and “cyberwar,'” — three different things with different characteristics and implications — are still used interchangeably by many, although they are three distinct entities.”

Dipert points out that while the U.S. isn’t the only target, it is a huge target and “our massive systems offer the biggest payoffs for those who compromise them.”

Dipert, C.S. Peirce Professor of American Philosophy at UB and a former West Point philosopher, examined many aspects of this issue in his paper “Ethical Issues of Cyberwarfare,” first published on the website of the Consortium for Emerging Technologies, Military Operations and National Security, or CETMONS.

CETMONS is a multi-institutional organization concerned with the ethical, rational and responsible understanding and management of complex issues raised by emerging technologies, their use in military operations and their broader implications for national security. He presented a more comprehensive paper at the U.S. Naval Academy, which is due to be published soon by the Journal of Military Ethics.

Dipert points to a few of the many fronts on which the war has already begun: on components of U.S. defense cyber-infrastructure; cyber attacks by Russia on Estonia and Georgia; recent probable attacks by China, North Korea and Iran on U.S. defense and economic targets, well-organized attacks by China on corporate targets, Google and Gmail; and this month, the suspected Stuxworm attacks.

“There has been intentional cyberharm for decades,” he says, “including damage perpetrated by apolitical and anarchic (“black”) hackers and economically motivated industrial cyberespionage agents.”

We think we have some idea of what “can” happen, but Dipert says, but there is a large array of possible scenarios for which there do not exist obvious moral reasoning or even straightforward analogies that could guide us.

“For instance,” he says, “traditional rules of warfare address inflicting injury or death on human targets or the destruction of physical structures. But there are no rules or restrictions on ‘soft-‘ or ‘cyber-‘ damage, damage that might not destroy human beings or physical structures as objects.

“But,” he says, “intentional destruction or corruption of data and/or algorithms and denial-of-service attacts could cause tremendous harm to humans, machines, artificial systems or the environment — harm that could make entirely civilian systems that are necessary for the well being of the population inoperable for long periods of time.

“Second,” he says, “I am disturbed by the extent to which, through easy Internet access, much of our economic and defense informatics infrastructure is vulnerable to cyber attack.

“This is due, in part,” Dipert says, “to our departure from the relatively secure Arpanet (one of the networks that came to compose the global Internet) for use in defense operations to a wide-open Internet that doesn’t have one relatively secure hard-wired Ethernet portal, but a variety of possible portals accessible by numerous international routes.

“Third,” Dipert says, “Gen. Keith Alexander, director of the National Security Agency, who also heads Cyber Command, a new full command instituted by the U.S. Department of Defense, has indicated that serious thought is being devoted to the development of cyberwarfare policy and strategy.

“To date, however, this has been shrouded in secrecy,” he says, “which is a serious problem because if they are to have a deterrent effect, it is absolutely necessary to make some policy elements public.”

Finally, Dipert points out that cyberwarfare is such a new and difficult domain that traditional ethical and political theories with which we frame disputes — utilitarianism, Kantian theory or natural rights theory — cast little light on this particular one.

Dipert says, “It has been my working assumption that to fully understand the moral constraints of warfare requires us to understand certain conclusions from game theory and work them into traditional thinking about war.”

He points out that similar reasoning in game theory guided the nuclear powers through the earlier years the Cold War, when there was little idea of how to use these weapons defensively or offensively.

What we need today, he says, and what scholars, military personnel and governments are trying to come up with, are policies, doctrines and strategies that cover cyberwarfare; an understanding of Just War Theory for cyberwarfare; new concepts and principles of morality for cyberwarfare; and some agreement as to whether and how such warfare is subject to international and customary law.

Dipert says, “I would predict that what we face today is a long Cyber Cold War, marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium.”

The University at Buffalo is a premier research-intensive public university, a flagship institution in the State University of New York system and its largest and most comprehensive campus. UB’s more than 28,000 students pursue their academic interests through more than 300 undergraduate, graduate and professional degree programs. Founded in 1846, the University at Buffalo is a member of the Association of American Universities.

[Photo above by Chris Drumm / CC BY-ND 2.0]

Patricia Donovan @ University at Buffalo

[awsbullet:geneva conventions]

Malicous Mobile Apps

There should be an image here!Q: A techie friend suggested that iPhone apps were safer than Android apps because Apple is so controlling of who can offer apps to iPhone users. Is this true? — Margaret

A: It’s estimated that 50 billion apps per year will by downloaded by 2012 to more than 160 million smartphones, which is attractive to both commercial firms and malicious software developers.

The explosion of mobile applications is happening so fast that issues of safety and security seem to be taking a back seat.

A big contributor to this dearth of focus on security is confusion and lack of understanding of just what exposure a mobile app can be to private information.

Your smartphone has a lot of very valuable data to marketers and those with malicious intent: location, call history, text messages, email, contacts, browsing history, your phone number, as well as your photos and what you have downloaded.

Once an application is loaded on your smartphone, it can do whatever the programmer has instructed it to do, with or without your ongoing permission.

With these two platforms (Google’s Android and Apple’s iOS), there are some significant differences in how apps are distributed and what users are told when they install the apps.

Google’s Android platform is a more open system for app developers, so users don’t have to download all their apps from the Android Marketplace (iPhone users must download apps from Apple’s App store unless they circumvent the security — a.k.a. jailbreak the phone).

The Android’s openness can be a benefit and a drawback depending upon how conscientious the user is when it comes to downloading apps.

The benefit in openness is that, over time, more developers are apt to build apps for the Android platform because they know that they can get it to market without getting Google’s approval, which can lower the overall costs and eliminates the approval uncertainty.

Right now, there are several hundred thousand apps for the iPhone and less than 100,000 for Android phones, but this gap is closing quickly.

The ratio of free vs. pay apps for Android phones is 64% while only 28% of iPhone apps are free (keep in mind that malicious apps are more likely to be free to encourage more downloads).

By design, Android apps alert the user during the install on what will be accessed on their phone by using the app and must get the user’s approval.

The problem with this ‘disclosure’ process is that many users either don’t pay attention or don’t understand what is being disclosed during the install in their haste to use the app.

Think like a hacker: one platform requires the submission for approval of every application (iPhone) and the other simply requires that you tell the user, in a somewhat technical manner, what will happen when the app is installed (Android) — but no one is confirming this.

The reality as of this writing is that neither platform has experienced massive exposure to malicious applications, but you can be assured that this will change in the future.

iPhone users that choose to ‘jailbreak’ their phones are essentially opening themselves to ‘un-vetted’ apps just like Android users, but they don’t get the disclosure step, so be forewarned.

In my opinion, none of this should be the deciding factor on which platform to use as they are both wonderful systems that will continue to evolve with the changing environment.

Just use the same rules as you should with your home computer: if you don’t need it, don’t install it and if you aren’t sure of the source, steer clear!

Ken Colburn
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to
Host of the award-winning “Computer Corner” radio show

New Research Improves Ability To Detect Malware In Cloud Computing Systems

There should be an image here!Researchers from North Carolina State University have developed new software that offers significantly enhanced security for cloud-computing systems. The software is much better at detecting viruses or other malware in the “hypervisors” that are critical to cloud computing, and does so without alerting the malware that it is being examined.

Cloud computing is being hailed as a flexible, affordable way of offering computer resources to consumers. Under the cloud-computing paradigm, the computational power and storage of multiple computers is pooled, and can be shared by multiple users. But concerns exist about hackers finding ways to insert malware into cloud computing systems. A new program called HyperSentry, developed by researchers at NC State and IBM, should help allay those fears.

HyperSentry is security software that focuses on protecting hypervisors in virtual computing clouds. Hypervisors are programs that create the virtual workspace that allows different operating systems to run in isolation from one another — even though each of these systems is using computing power and storage capability on the same computer.

Specifically, HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time — meaning that the administrators can check to see whether a hypervisor has been breached by a third party, while the hypervisor is operating.

“The concern is that an attacker could compromise a hypervisor, giving them control of the cloud,” says Dr. Peng Ning, professor of computer science at NC State and co-author of a paper describing the research. If a hypervisor is compromised, the attacker could do almost anything: access users’ sensitive information; use the cloud’s computing resources to attack other Internet entities; spread malware; etc.

“HyperSentry solves two problems,” Ning says. “It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor.” Context is important, Ning explains. To effectively identify hypervisor problems you need to look at the hypervisor program memory and the registers inside the central processing units (CPUs) that are actually running the program. (The registers are the internal memory of CPUs.) This is important because intelligent malware can conceal itself from security programs that look only at the memory where the hypervisor is supposed to be located — they can effectively make themselves invisible to such security programs by modifying certain registers of the CPU and thus relocating the infected hypervisor elsewhere. By ensuring in-context measurement, HyperSentry can successfully track where the infected hypervisor is actually located and thus defeat such intelligent malware.

The fact that HyperSentry can check the integrity of a hypervisor in a stealthy way — checking the hypervisor without the hypervisor being aware of it — is important too. If a hypervisor is aware that it is being scrutinized, and has already been compromised, it can notify the malware. The malware, once alerted, can then restore the hypervisor to its normal state in order to avoid detection. Then the malware effectively hides until the security check is over.

Once a compromised hypervisor has been detected, a cloud administrator can take action to respond to the compromise, such as shutting down the computer, performing additional investigations to identify the scope of the problem and limiting how far the damage can spread.

The research is being presented Oct. 5 at the 17th ACM Conference on Computer and Communications Security in Chicago, Ill. The research was a part of the thesis work of NC State Ph.D. student Ahmed Azab, and was co-authored by Ning; NC State Ph.D. student Zhi Wang; Dr. Xuxian Jiang, an assistant professor of computer science at NC State; and Dr. Xiaolan Zhang and Nathan Skalsky of IBM. The work was done with funding from the U.S. Army Research Office, the National Science Foundation and IBM.

[Photo above by Lampeduza / CC BY-ND 2.0]

Matt Shipman @ North Carolina State University

[awsbullet:Nicholas Carr]

Do Smartphones Get Viruses?

There should be an image here!Q: Is it possible to get a virus from surfing the Internet on my smartphone? — Jason

A: The amount of new ‘malware’ (malicious software) that is being written to infect computers that are on the Internet continues to grow at a fever pitch.

Most of the really sophisticated malware is written by organized crime syndicates around the world that have plenty of resources and a really big motivator: your identity.

A recent study shows that if you search for entertainment sites (music, video, games, software, etc.) and include the word ‘free’, your chances of coming across a malicious Web site goes up exponentially — in some cases 300%!

Additionally popular items like ringtones, wallpaper and screensavers have traditionally been big targets of the malware producers, so be careful what you search for!

When it comes to your question about smartphone vulnerabilities, if you’re referring to the common ‘drive-by download’ attack that silently slips malicious programs into your computer when you visit a rogue Web site, the answer (for time being) is no.

As of this writing, browser-based attacks on smartphones are generally in the ‘proof of concept’ stage, meaning that researchers are finding theoretical possibilities, but nothing substantial exists in the wild.

There is a new vulnerability that was recently discovered for Adobe’s Flash player, which runs on desktop operating systems like Windows, Mac and Linux, but the latest Android operating system (2.2) has some exposure to this exploit (the first of its kind, since most smartphones can’t run Flash).

At this point in time, it’s actually safer to use your smartphone for accessing web content, especially the fringe content that is highly targeted for desktop computers, but that’s likely to change over time.

With the popularity of smartphones on the rise, worldwide, be assured that this is an area that the malware coders are focusing on for future attacks.

The real concern for smartphone users for now are downloadable applications that can contain malware or silently access private information on your phone (contacts, e-mails, etc.) and upload it to a remote server.

Smartphone makers do their best to police rogue applications in their various app delivery systems, but they have had apps (only a handful of the hundreds of thousands) get into their systems that snuck past the security tests and were later pulled from their app stores.

Those that bypass the controls put in place by smartphone manufacturers (called jailbreaking) so they can override the system and install un-authorized applications will be the ones at greatest risk going forward.

With no orchestrated screening process for those that install apps outside of the system, malware producers will continue to experiment on those willing to take the risk.

Google’s Android platform is both open and gaining a lot of users, so it’s likely we will continue to see more of the malicious activity aimed at this emerging and more accessible group of smartphone users.

One of the side-benefits to only getting applications from the authorized sources is that the vetting process (especially for Apple’s App Store) is pretty rigid and the likelihood of a malicious program getting onto your phone is very low.

As the capabilities of what a smartphone (and now tablets like the iPad) can do increase, so likely will the risks in using those features (the current Flash issue is a good example) so keep your guard up and stay tuned.

Ken Colburn
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to
Host of the award-winning “Computer Corner” radio show

Polymorphic Viruses Explained

There should be an image here!Some people have been affected by a new, sophisticated type of virus — a polymorphic virus — that can wreak havoc on a computer system while avoiding detection. This is relatively unknown within the public domain and hardly ever explained. Indeed, most definitions of a polymorphic virus are confined within the offices of computer scientists specializing in network security.

Polymorphic viruses are a prime example of the fact that, even if you take the highest precautions, your computer can still become infected. Polymorphism literally means “many forms”; in programming, the simplest example is function overloading (having multiple functions with the same name that do different things). Now a polymorphic virus utilizes what is known as polymorphic code, which means the program uses a complex algorithm to change the structure of the internal code while maintaining its core function. This enables the virus to avoid detection from virus scanners.

Whatever the configuration of your computer is, you may still be vulnerable to a polymorphic virus. I don’t know of any simple solutions to this problem, but I can make a suggestion. If your virus scanner does not pick up any viruses, but your system is behaving suspiciously, then back up only your most precious files and reinstall the operating system, which is almost a sure fire method to kill a polymorphic virus. Remember: just because your virus scanner says your system is clean, don’t take its word for it.

My name is Tom Brown; I’ve grown up in the Internet era and have not experienced the dark days in which it did not exist, although I did experience dial up which, looking back, was a horrific experience. I’ve loved technology ever since I typed out my first sentence in Windows 95 and played my first online Flash game. Recently I have just finished a double ICT BTEC Award and am starting a college course in software engineering. Programming is one of my favourite pastimes — mostly C and Visual Basic.Net — but I often experiment with Web site design, as well. At school I was the only kid who wanted to be Bill Gates instead of a footballer. My Web site can be found here, and my YouTube channel can be found here.

[Photo above by runran / CC BY-ND 2.0]

What Is Microsoft Security Essentials?

Nowadays, ever computer connected to a network or the Internet requires anti-virus and anti-malware software. Microsoft Security Essentials is an application that does just that — protects your computer from viruses and malware.

There are many anti-virus solutions available but Microsoft Security Essentials has a few features that make it stand out from many of the other applications.

  • One of the nice features of Microsoft Security Essentials is that is available at no cost. You can download, install and use the application for free.
  • The application integrates seamlessly with the Windows operating system. Furthermore, it is supported by Windows XP (with service pack two and three), Windows Vista, and Windows 7.
  • The application is simple to install and the interface is very user friendly.

If you want to find out more about Microsoft Security Essentials, visit the application’s Web site.

Infected XP Users Can Not Update To Latest Microsoft Patches

Some users of  Windows XP are unable to update their computers to the latest patches and fixes, since their systems are infected with a virus. In a recent report it states that the rootkit infection known as Alureon is the culprit. Patches released on April 16th, 2010 can detect infected machines and will refuse to install the updates. This protection is built in by Microsoft to prevent what is being called an endless loop, which crashes the infected system.

Users who are infected with Alureon rootkit had previously experienced crashing after updates were installed on their infected systems. Naturally the user would blame the update from Microsoft as being the problem, when in fact their systems had been compromised. The article also states that:

Find and fix

The latest batch of updates for Windows was released on 16 April and some of them fix vulnerabilities in the core, or kernel, of Windows. This is the same place that rootkits try to take up residence.

When Alureon is present it monitors net traffic and plucks out user names, passwords and credit card numbers. It also gives attackers a back door into infected machines.

The virus first appeared in 2008 and has been spread via discussion forums, hacked websites and bogus pay-per-click affiliate schemes.

The statement goes on:

By not applying the patch, Microsoft hopes to avoid a repeat of events in February which left many people struggling to get their computer working again.

Microsoft also wants to avoid a situation in which people become wary of updates because they provoke a crash.

It is not yet clear how many people have been left without the updates.

Microsoft urged those who are infected to ensure their machine is cleaned of the rootkit. It recommended using its malware removal tool or using rootkit detectors from other security companies.

Many modern security packages have them built in and will find rootkits when a machine is scanned.

What is always surprising to me is that with the multitude of free anti-virus programs such as those from AVG, Avast, Avira. and others that folks are still struggling with infections. If you are one of those infected may I recommend using a free program to cleanup your computer. It is really that simple.

Comments as always are welcome.