How Do You Protect Your IPhone From Wirelurker When They Don’t Know What It Does?

I’m reading the tech news.  In reality I read it about every day and far too much of it is out there.  Your mind may haze up from time to time, and that’s normal.

There’s a new virus out there that they’re calling “Wirelurker”.  The big problem is with this one is that they are still figuring out how it works and what it does.

The group that discovered the virus, Palo Alto Networks, let out a rather gloomy press release.  Basically, it said that you’re probably already infected and even if you didn’t get infected it will get you anyway through use of chargers or your Mac.

Huh?

Apparently it started as a rather fringe infection vector.  People who Jailbreak-ed their iPhones and connected up to a third party app store called Maiyadi, in China got it first.

Chinese third party software.  Probably not the safest out there.

What it did was to rewrite the apps that ran on the iPhone and add code to it that caused the virus to replicate and move onto the next victim.

So someone stepped out of the Walled Garden that Apple made and they got caught, end of problem, right?

Nope.

It infected their Macs, and moved on.  It also infected any other iOS devices plugged into the machines such as iPads and iPod Touch.

The recommendations are one of the broadest that I have ever seen for avoiding this virus.

This is the first time I saw a third party app store used as an illustration of a safer app store.  They recommend that if you do use third party apps, make sure it is the Cydia app store and only go to trustworthy sources.  Problem there is that you never really know since those third party app stores aren’t really looking into the source code like Apple does.

They say don’t even plug it into a charger that you don’t know about and don’t use any non approved sources.  Since the virus is so stealthy you won’t know that your charger is infected until later – but basically that lets the rest of the windows world in.

There’s a vulnerability with the USB devices that you have in your house.  More accurately the USB devices you will buy to replace the ones you have now.  Plugs, cables, and chargers.  It can be rigged to push a virus into whatever it is connected with.  While this particular threat hasn’t been seen in the wild, yet, give it time.  Yes, it’s doom and gloom and fear mongering, but give it time.

Thinking about a new charger?  Better make sure that you spend the extra money and get it from a recognized source. 

If the whole charger thing is questionable, their stated concern is that if you have an infected iPhone on your network, the virus will walk back to the next phone that is connected to the network via email servers and the like. 

Once it is in your phone, it can theoretically grab your address book and spam your contacts thereby sharing the fun.  This is one of the first “traditional” viruses to hit the iPhone platform.

The Apple Myth of No Viruses Here was built because they have the reputation of “vetting” or looking over and analyzing the software that sits on their own app stores.  If you remain in the Walled Garden, all will be well.  That is the theory and for the most part, up until now, it works.  However since the infection vector is from outside of the walled garden and you have to go outside the garden to update or charge the phone, you will have a vulnerability.

The solution will be that Macs and iOS devices will need to run a virus scanner.  Once the virus definitions are kept up to date, this will clean out the problem. 

If it sounds familiar, welcome to the Windows world. 

Once the signature to the virus is found, it will get out to the Windows based virus scanners and that should clear it up as well.

But it isn’t there yet, so stay tuned.

Bottom line is that if you have an iOS device, make sure you stick with Apple’s App Store and stay tuned.

Security? Poodles? Sandworms? Here we go again.

If you have any passing interest in computer security, you have noticed a few announcements go by.

If you don’t, you may think it is overwhelming.

Yes, and Yes.

If you are worried, there’s a simple solution.  No matter what the computer, no matter what the operating system – make sure you are up to date.

Most home users are set up “from the factory” to automatically get updates.  This is true on Windows and on Mac OSX.  My Linux computers pop up a friendly sunburst to say it’s got updates too.

In both cases this will solve these two problems.

Poodle – Make sure your browser is up to date.  Windows update will fix this.  It is a low level problem that is more of a headache for systems administrators. So it’s not a major headache for most people.

The long description that 99 percent of us can skip is that it’s a bug that Google has found in the Secure Sockets Layer (SSL) version 3 that is seriously out of date.  It shouldn’t be used at this point anyway, but some folks haven’t updated that.

Sandworm – It’s a worm that goes after Powerpoint files.  Since Windows machines are set up to ask you if you want to open the file, don’t.  If your computer asks you to open anything with a “.INF” extension, don’t.  That is how the worm will propagate.

How to fix it?  Home users, make sure you go through your Windows Update.  It’s a windows problem.  But anyone else should be running the most up to date version of their operating systems that they can.  If their operating system is no longer supported, it’s best that you upgrade as best you can.  No more XP for you.

While you are at it, make sure your virus protection is up to date and you may want to just force a run of a full scan.  You never know what is running around on your computers these days and it is just good practice to do this once in a while.

Now It Looks Like Windows XP Will Get Virus Updates After All

Microsoft blinked.

After saying April 8, 2014 XP Users will get nothing from Microsoft, they changed their minds a little.  It is a reprieve, and a temporary one at that.

Microsoft will provide Virus Warnings until July 14, 2015.

Bastille Day?  Interesting choice.  All the virus writers will have to wait to storm the defenses until that day.

Of course if you are using some other virus scanner like McAfee or Norton,  they will continue to support you like they have been.

This doesn’t mean that they promised to provide fixes in Windows Updates, the holes that scare the IT Guy at your office will still be there.   It only means that they will be providing updates to their anti virus program Microsoft Security Essentials for Windows XP until that date.  You will still be targeted by virus writers for those holes in the system.

Microsoft Security Essentials is the same program that runs on Windows Vista and Windows 7 and is included or “baked in” to Windows 8 and 8.1.   It seems like the virus signature file downloads are most likely the same in both products but there’s a switch somewhere that will be thrown to stop it from working with Windows XP.

Planned Obsolescence.  Pay more and upgrade or else.

Their response is straightforward – upgrade to a newer operating system.

This might be why I have so many Linux based computers around these days… But for people who don’t want to learn a new operating system, don’t stick with XP – the holes will still let the viruses get in, and if the antivirus doesn’t catch them, you won’t get a fix from Microsoft.  If you really are against learning a new Operating System, Windows 7 is the closest thing that you can get for that old beater of a computer that looks “normal”… you know – looks like XP.  Even Windows 7 may not save you if you have a really old machine with less than 2GB of memory, but Linux would run comfortably on most machines in that class.

Most.  Don’t get silly, that old Pentium 4 needs to be recycled.  I could get something  to run on that, but it would be limited and I’m not really interested in doing free support.

Also, if you really are going to keep your old machine and upgrade to Windows 7, remember that Windows 7 is an install not an upgrade.

About 30% of all desktop computers run some form of Windows XP.  I’ve read statistics that “Some Form Of Windows XP runs on 95% of all ATM Machines in the US”, although I really doubt that statistic.   That “Some Form” is probably Windows XP Embedded which is a very different monster than what you know and love on your desktop computer.   The networking component has been made more secure, although you have to wonder just how secure it really is.

I’ll stick with my earlier comments, time to upgrade folks.  XP is about to XPire.

Another Reason To Dump XP – Security Essentials Will Receive No More Updates

I dumped XP a while back.  I’m on a collection of old machines running Debian Linux which runs faster than XP does on the same hardware – Generally.

I also have two Macs, one running Lion, another on Mavericks.

The Windows machines are either on Windows 7 or the cringeworthy Windows 8.1.  Windows 8.1 does “seem” to run well, but the effort I have to put into making sure that the “Ugly Block Land” of the Start Screen has everything I want, and none of the chaff of their live tiles has turned me off of Windows.  I avoid using Windows 8.1 as a result.

There are also the security and privacy questions that I have about Windows in general.  Any software that “phones home” for updates is by definition a risk – whether it is a miniscule one or not.

The computer I use the most is a Windows 7 laptop, I’m comfortable there and will remain that way until I am forced off of Windows 7 for a business reason.

All that having been said, there are some folks who I Support/Chat/Help/Consult for (and so forth) that still have Windows XP computers that run every day.

Please upgrade those now.

Extended Support for Windows XP will be ending April 8, 2014.

Windows Update will cease to function.
Internet Explorer will no longer be updated and become even more abysmal to use in time.
You will be forced to use Chrome or Firefox for a “modern” browser.

Now the latest announcement – if you use Microsoft Security Essentials for your virus protection, you will no longer be able to get updates.

Seeing that I get an update on a daily or more than once a day basis on my virus signatures on Windows 7, that is a significant issue.

The XP user will have to pay for a virus protection program – and it is a big market with many names.  But by the time you get that virus, you won’t be able to save your data.

I’ve had one virus hit this machine in the time I have used it – one year.  While that clobbered my computer, I was able to restore from a week old backup.  All my data is stored either on a SDHC chip or on a network – so I was safe.  The hard drive on the machine is not for “permanent storage”.

Do you have that kind of regimen?

I have a good friend and neighbor who clicked on a link in an email and immediately knew he had a Cryptolocker Virus screaming at him that if he didn’t pay 300 bucks for a ransom, his info would be passed to the FBI.  While that threat is bogus, it shows how easy it is to get a virus now.  For XP Users on April 8, 2014, it will get easier since they are already writing viruses to take advantage of back doors and other exploits.  At current 30 percent of US Computer Users run Windows XP.

At any rate, if you are one of those folks who can’t afford to pay the 100 Dollars US for a copy of Windows 7 or 8, I strongly recommend looking into a free copy of Debian or Ubuntu Linux.   Since they run Firefox as a browser as the default, you’ll be fine.

After all, why spend 100 for an operating system when a new computer runs around 200 dollars for a “beater”.  If someone is running XP then their computing needs are a bit more modest than someone who needs a top of the line beast.

Test Your Virus Scanner With EICAR

This would be a great time for me to say this is At Your Own Risk, and I’m offering no support if your scanner does not work… You’re on your own pal!   

This “virus” simply displays a text string and sends control back to the operating system.

Have you ever wondered if your virus scanner actually works?

I don’t mean surfing one of “Those” Sites with a .RU at the end of the address.  This actually downloads a “harmless” virus that won’t trash your computer.

In the case of this machine I’m writing on, the EICAR Test Virus downloaded and Microsoft Security Essentials brought up an ugly red box warning me that it had been quarantined and I’m safe.

The reality of this is that had I downloaded a different virus that wasn’t in my “signature file”, I would never know but that is the essential problem with any antivirus product.  They are only as good as the company that backs them, and how good the team is behind the product.

So make sure you know how to update your virus scanner – for Microsoft Security Essentials, the signature files come through Windows Update or clicking on the little circus tent in your task bar.  Other virus scanners will vary.

Update your virus scanner to current, which is a good thing no matter which virus scanner you use, or how often you tell the computer to check.

Then follow this link to the EICAR download page.
EICAR is the European Institute for Computer Antivirus Research.
You can read more about their mission in the wikipedia page if you want a shorter description.
A short description of the virus test file is at this wikipedia page as well.

Click on the appropriate download for the virus.

Wait for it to download and watch the fun begin when your virus scanner hopefully picks this up and tells you it has been quarantined.

When you’re through having fun, find the quarantine section and you can tell your antivirus product to remove the Test Virus.  Since there are so many different antivirus programs, you are on your own there.

If your antivirus program did not detect the EICAR virus I would strongly recommend getting a new antivirus.   Like I said, Microsoft Security Essentials worked like a champ and you can get their antivirus at this link for Windows 7 and earlier – it’s built in on Windows 8.

The video I embedded shows what it looks like with Kaspersky Anti Virus.   It’s a silent video except when the virus is caught.  It makes a Pig Squeal sound which was a bit jarring, so put your volume down to medium and it won’t be a shock.

Doing Virus Remediation – On Myself

We all eventually get them.   Computer viruses.   They’re vile and pointless and will waste a lot more time than you would expect.

How I got this one, I don’t know.  Surf a Russian Website?  Clicked on the wrong link?  Reading the wrong Subreddit?  Just don’t know.

We found something wrong with the network here and checked Comcast.  They had problems in the neighborhood.  So resetting the cable modem, and powering off all of the computers and phones that have Wifi on them was in store.

When the computers came back, all was well.  That is until I started to surf on the main daily driver that I have.  Pages didn’t load, or loaded in minutes to hours to never.  Finding a problem after a computer restart is the way many people will encounter a virus or trojan.  Programs get “updated” but don’t take effect until you restart them.

It’s been a lot of downloading antivirus programs on other computers, and finding out which one is going around the laptop causing problems.  Microsoft’s antivirus and virus remediation programs did not find a problem.  Kaspersky’s virus removal tool ran and didn’t find anything either.

When I powered off the laptop it put me into the “System Recovery” routine on Windows 7.  That is never a good sign.  Blue screen on Windows 7?  Yes, it still happens.  

I’m limping along.  There’s an old backup on a hard drive I may have to restore from.  Luckily, I have another hard drive I can swap in to do the restore on before I trash what I have on this one.  Confused?  Sure, but join the crowd.

If you’re still reading here’s what I did wrong:

Backups are old and infrequent.
I open more than 400 web pages a day for professional purposes.
I may open close to that 400 web pages a day for entertainment.  I’m a heavy reader.

Here’s what I did right:
Virus scanner is updated daily.
Virus checks are done weekly.
The entire computer is scanned when I do it manually after a manual virus update.

I guess I didn’t listen to what I tell others.  The cobbler’s children often have the worst shoes.

Is your Android Smartphone Serving Up Steaming Spam?

Ok, if you’ve got an Apple iPhone, this isn’t for you.  You have a product that is made within what they call a “walled garden”.  Basically one company controls the hardware and the software that gets onto the phone – Apple.   If you want your software to be on the iPhone, you the developer have to submit your software to a review by Apple so that it’s not going to do anything naughty.

You know, like serve up a steaming spam sandwich.

Android is a different beast.  Google isn’t really reviewing the software that gets put onto your tablets or your phones as thoroughly.  As a result, there is a lot of software that is written by “some guy over a weekend”.  That’s great, given the right guy.

The problem is that when you have a spammer out there who has a desire to make money through criminal methods, they’ll do all sorts of things.

The trick is that you really don’t want to be the first person to install a program.  Sometimes, you don’t want to be the 1000th person. 

There are a lot of apps on the “Google Play” store that are hacked versions of the real software.  That is how you get your virus installed.   You see two versions of an app and one says it’s the full version and its Free! so you install the app.  Open it and now you’re a spammer too.   If your device is a tablet computer using Wifi to get to the internet, it’s a nuisance.  If you are using a smartphone and have a limited data contract, it’s a very expensive nuisance.

So here are a few helpful hints:

  • First, make sure that you aren’t installing apps that are questionable.  
  • Read the reviews for the apps.  
  • If there are few reviews or there are a lot of low ratings (1 or 2 stars) don’t install it.   
  • Check the permissions and make sure that you’re not giving away full access.  Most free apps are actually paid by flashing ads on the screen and will require internet access.
  • Consider if you really do need that new game.
  • Remember, you are safest if you don’t install any apps, but if you do you have to take responsibility and do the research.

Furthermore, install an antivirus program and make sure it is updated frequently.  Just like on Windows, you need to make sure that your antivirus has the latest updates.   I use Lookout Security on Android because it was suggested to me by an Android Guru and I have seen reviews outside of the whole Google Play scene saying it was worth using.  Granted there are some bad reviews, but 23 to 1 in favor of the app.

You also should find where to check for your data usage.  On my phone, the T-Mobile app will do that for me, as long as I am not on Wifi Calling.  On newer operating systems such as Android 4.0 “Ice Cream Sandwich” (or ICS), it is in your Settings at the Data Usage tab.  There’s a handy graph there that I miss when I go back to the phone.   It will tell you which programs are hogging up your bandwidth.   If your newest game is now your biggest data user, you have a problem there and consider removing that program via “Google Play” immediately. 

They just put out a newer version 4.1 called Jelly Bean, so now I’ll have to wait for an update if one ever becomes available.   Older devices will never run it, newer ones may or may not, it depends if the company that made it will support the older hardware.

For example, I expect “TuneIn” to have high usage since I leave it running playing music all day from a few select web radio stations.  I do NOT expect Solitaire to have high data usage at all.  It basically is a judgement call, it expects you to watch what’s happening and control your own data usage.

Remember that smartphone in your pocket is a computer.  It needs to be looked after from time to time, just like the desktop or laptop computer at home or work.

Printers Spewing Ads Caused By The Milicenso Virus

Not to worry, they are already working on the fix for this one. 

If you have not updated your Virus program in a while, it’s a good time for a reminder.   Personally, I use Microsoft Security Essentials.  It’s free, it’s widely seen as one of the better ones, and you don’t have someone looming over your shoulder selling you something every so often like a subscription.

I haven’t gotten hit by a virus yet, although MS Security Essentials has caught them on a download.

Just consider this as a friendly reminder to take a look at your virus program and make sure it’s up to date.  If the date on the “Virus Signature” is more than a couple days old, you’re going to need to update it.  I saw a computer recently that stopped updating its virus signatures.  The fix for that was to uninstall their old virus scanner, and install a new one of their choice. 

This particular virus is really a trojan.  It serves up advertising and makes your printer waste paper printing out reams of ads.  If you’re at home, you will notice it faster than if you’re at work.   There you’ll have your “IT Guy” having a fit with the printer.

Kind of an amusing threat, if you’re not the person who has to do that sort of desktop support.

So if your printer is spewing paper, update your virus scanner and make sure that you run a full scan.

Which ever virus scanner you have.

If you are feeling particularly “Geeky” you can read the write up on this latest virus here at Symantec.

Facebook Worms and some small steps to protect yourself

This morning I was answering some messages from some folks that I know and care about in other parts of the country.  While doing this I was staring at my lap and wondering what sort of pseudo-intellectual blather I’d write about and it presented itself to me.

Facebook has some well known privacy flaws.   I have my own account’s privacy settings turned so tightly that the only thing you’d be able to tell about me is my picture, my name, and what city I live in.   I’ve given that much away here on this blog, and more. 

The problem is that most people sign on and think that it is this warm and fuzzy place to chat with friends near and far and everything is safe.  Links that people post to You Tube about dogs that make demented sounds like this one, links to NPR quizzes about whether you could pass the citizenship test (I got 100%), and links to this blog amongst others.  Those are safe. 

The question is how would you know if they are?

The answer to the question is that you never can be 100% certain.  There are people out there that get their “jollies” at causing others pain.  In the gaming world they’re called “griefers”.  In psychology there are many names for them, psychotics, sociopaths and deviants come to mind but I am sure you can find other names as well. 

There are some steps you can take though. 

First, I use Firefox.  Others use Internet Explorer which I personally find slow and lumbering.  Both of those browsers have a strip at the bottom of the window (caught you looking, didn’t I?) that is called a Status Bar.  The Status Bar is well named since it gives you information on what is happening to the browser at this moment.  See, it tells you about the status.  Well named, right?  Ok, I’ll tone down the chirpyness since I have only had one mug of coffee at this point this morning. 

You can check in Firefox to make sure it is turned on by these simple steps:

Click View, and the words “Status Bar” should have a check mark to the left of it.  
If not, click on it.

The Status bar will tell you when you hover over a link what that link points to.  It is up to you to look at that link and decide whether it is safe and that is a judgment call.   If the link is supposed to be to the rather excellent organization that will help deserving dogs and cats and other animals find a way out of a shelter to a forever home called Petfinder and you hover over the link you will see the following text in your status bar:

http://www.petfinder.com/index.html

It is a reasonable link.  However if you find a link to a Russian Site or to something that simply doesn’t fit – DO NOT CLICK!

Second you have to be informed.   This is not a “Gas and Go” culture.  This is a computer.  Yes, you can go your entire life and never get hit by one of the nasties out there, but people are looking for you.  The nasties could be as simple as being Rick Rolled and getting to see a video from Rick Astley here.

Go ahead, you can click on those two links and see a discussion on the phenomenon and internet meme as well as the song itself.

The idea is that forewarned is forearmed.   Why it is important to be informed is that this culture offers many benefits to those who are connected.   You can be anywhere in the world, connected on any sort of link or any sort of computer and order something from your favorite store, get a discount over the corner shop usually, and have it waiting for you when you get home from your Holiday in Ibiza if the trip is long enough.  You can transact banking business with your Tennessee based bank from the beach in Key West on your laptop.  This is all well and good, it makes business more efficient and lowers costs and creates savings that are supposed to be passed onto the consumer and usually aren’t but it also creates a problem.

The problem is that if you are a “gas and go” computer user you most likely already have a virus or a trojan.  If you have a trojan that reports back to the host your user name and password you have lost your banking security.  Imagine taking your ATM Bank Card and writing your PIN on it in ink so that it may be read.  That is what happens when your details are stolen online and they happen frequently.

A possible solution is to never use a computer for anything but banking and perhaps shopping at “valid” sites, but we’re back to that judgment call thing. 

I found another option.   On Facebook I “like”d Sophos.  Sophos has been reporting back to me virus information so I can be informed.  Now you can too.  This link is to their Facebook page.  If you are on Facebook, I suggest you add them and you will get a message or three a day.  I am sure there are others and as I find them I’ll add them too.  Their page is also open and visible to the outside world so if you check them periodically and do not have Facebook, you can be informed as one of the many sites that have this sort of information.

These sort of evils on Facebook are all browser based viruses.  You can get them on any modern browser, and the Facebook exploits actually change Facebook to add an application that you do not want so that it can spam everyone and get more widely spread.   If you are on Windows, you can go to http://safety.live.com  and run a free virus scan but I really recommend getting to Microsoft and installing Microsoft Security Essentials.  I did that when I worked as an IT Manager and since it is free to windows users, you don’t have to pay Mc Afee or anyone else and remain protected.

Since it is browser based, you can also get this on a Mac or Linux.  You are less likely to get them there for various reasons, but it is up to you to make sure that you don’t have the problem.  I don’t run either operating system as much as I could or should, and I have both, but they also get effected.

Good luck.  If you need help, my billable rate for this sort of thing is negotiable.

Virtually Safe Surfing

There are a lot of viruses out there on Windows.  If you are not using an anti virus program, you are probably harboring them as well as a trojan or two.

This isn’t a primer on how to get rid of viruses.  I have already gone down that road.   There’s a lot of different ways to clean a computer.   Most folks get frustrated that their machines have slowed to a crawl and go out and buy a new one.   If that’s you and you have a laptop that us under a year old in that state, feel free to send it to me… oh and get yourself a Mac, they don’t have the same numbers of viruses.  You won’t be quite as compatible, and the software is more expensive, but as long as you stay in the Mac Environment you will be much better off.   If you’re a casual user it frees you up from having to deal with all that virus crap.

On the other hand, if you’re a little bit technical, you should look into getting a virtual environment and running a computer in a sandbox.   That is how I am writing now.   I’m looking at Firefox running on a virtual Windows XP program that is running on Virtual PC 2007 that is running on Windows 7.

Got all that?

I have done all this so that I can stay away from Viruses and Google’s snoopy tendencies (They already know WAY too much about everyone and I’m moving away from Google’s software) and do everything I need to.  When I am done, I click the X box to close the entire environment, tell it no to “Save State” and its done.   All the snoopy things are gone.   There’s no connection to the main machine, there are no worries about viruses and illicit cookies, and I’m completely safe.

If you are really curious, and have an older Windows Machine that you want to save, you can create an image legally from your existing older machine (It is legal as long as you have retired the computer you image – like this one was), install free software like Virtual PC 2007 or VMWare Player, and you are good to go.   You just need to have an extra amount of memory over what you normally run on the computer.  

If I’ve lost you, find your favorite 16 year old geek and turn them loose on this and tell you what you want to get done.  Get the right software on the machine and you’re safe.

I’ve obviously glossed over everything here, this is basically a very high level executive summary.   But that is how to do it.   It works well.