How Do You Protect Your IPhone From Wirelurker When They Don’t Know What It Does?

I’m reading the tech news.  In reality I read it about every day and far too much of it is out there.  Your mind may haze up from time to time, and that’s normal.

There’s a new virus out there that they’re calling “Wirelurker”.  The big problem is with this one is that they are still figuring out how it works and what it does.

The group that discovered the virus, Palo Alto Networks, let out a rather gloomy press release.  Basically, it said that you’re probably already infected and even if you didn’t get infected it will get you anyway through use of chargers or your Mac.

Huh?

Apparently it started as a rather fringe infection vector.  People who Jailbreak-ed their iPhones and connected up to a third party app store called Maiyadi, in China got it first.

Chinese third party software.  Probably not the safest out there.

What it did was to rewrite the apps that ran on the iPhone and add code to it that caused the virus to replicate and move onto the next victim.

So someone stepped out of the Walled Garden that Apple made and they got caught, end of problem, right?

Nope.

It infected their Macs, and moved on.  It also infected any other iOS devices plugged into the machines such as iPads and iPod Touch.

The recommendations are one of the broadest that I have ever seen for avoiding this virus.

This is the first time I saw a third party app store used as an illustration of a safer app store.  They recommend that if you do use third party apps, make sure it is the Cydia app store and only go to trustworthy sources.  Problem there is that you never really know since those third party app stores aren’t really looking into the source code like Apple does.

They say don’t even plug it into a charger that you don’t know about and don’t use any non approved sources.  Since the virus is so stealthy you won’t know that your charger is infected until later – but basically that lets the rest of the windows world in.

There’s a vulnerability with the USB devices that you have in your house.  More accurately the USB devices you will buy to replace the ones you have now.  Plugs, cables, and chargers.  It can be rigged to push a virus into whatever it is connected with.  While this particular threat hasn’t been seen in the wild, yet, give it time.  Yes, it’s doom and gloom and fear mongering, but give it time.

Thinking about a new charger?  Better make sure that you spend the extra money and get it from a recognized source. 

If the whole charger thing is questionable, their stated concern is that if you have an infected iPhone on your network, the virus will walk back to the next phone that is connected to the network via email servers and the like. 

Once it is in your phone, it can theoretically grab your address book and spam your contacts thereby sharing the fun.  This is one of the first “traditional” viruses to hit the iPhone platform.

The Apple Myth of No Viruses Here was built because they have the reputation of “vetting” or looking over and analyzing the software that sits on their own app stores.  If you remain in the Walled Garden, all will be well.  That is the theory and for the most part, up until now, it works.  However since the infection vector is from outside of the walled garden and you have to go outside the garden to update or charge the phone, you will have a vulnerability.

The solution will be that Macs and iOS devices will need to run a virus scanner.  Once the virus definitions are kept up to date, this will clean out the problem. 

If it sounds familiar, welcome to the Windows world. 

Once the signature to the virus is found, it will get out to the Windows based virus scanners and that should clear it up as well.

But it isn’t there yet, so stay tuned.

Bottom line is that if you have an iOS device, make sure you stick with Apple’s App Store and stay tuned.

Security? Poodles? Sandworms? Here we go again.

If you have any passing interest in computer security, you have noticed a few announcements go by.

If you don’t, you may think it is overwhelming.

Yes, and Yes.

If you are worried, there’s a simple solution.  No matter what the computer, no matter what the operating system – make sure you are up to date.

Most home users are set up “from the factory” to automatically get updates.  This is true on Windows and on Mac OSX.  My Linux computers pop up a friendly sunburst to say it’s got updates too.

In both cases this will solve these two problems.

Poodle – Make sure your browser is up to date.  Windows update will fix this.  It is a low level problem that is more of a headache for systems administrators. So it’s not a major headache for most people.

The long description that 99 percent of us can skip is that it’s a bug that Google has found in the Secure Sockets Layer (SSL) version 3 that is seriously out of date.  It shouldn’t be used at this point anyway, but some folks haven’t updated that.

Sandworm – It’s a worm that goes after Powerpoint files.  Since Windows machines are set up to ask you if you want to open the file, don’t.  If your computer asks you to open anything with a “.INF” extension, don’t.  That is how the worm will propagate.

How to fix it?  Home users, make sure you go through your Windows Update.  It’s a windows problem.  But anyone else should be running the most up to date version of their operating systems that they can.  If their operating system is no longer supported, it’s best that you upgrade as best you can.  No more XP for you.

While you are at it, make sure your virus protection is up to date and you may want to just force a run of a full scan.  You never know what is running around on your computers these days and it is just good practice to do this once in a while.

Now It Looks Like Windows XP Will Get Virus Updates After All

Microsoft blinked.

After saying April 8, 2014 XP Users will get nothing from Microsoft, they changed their minds a little.  It is a reprieve, and a temporary one at that.

Microsoft will provide Virus Warnings until July 14, 2015.

Bastille Day?  Interesting choice.  All the virus writers will have to wait to storm the defenses until that day.

Of course if you are using some other virus scanner like McAfee or Norton,  they will continue to support you like they have been.

This doesn’t mean that they promised to provide fixes in Windows Updates, the holes that scare the IT Guy at your office will still be there.   It only means that they will be providing updates to their anti virus program Microsoft Security Essentials for Windows XP until that date.  You will still be targeted by virus writers for those holes in the system.

Microsoft Security Essentials is the same program that runs on Windows Vista and Windows 7 and is included or “baked in” to Windows 8 and 8.1.   It seems like the virus signature file downloads are most likely the same in both products but there’s a switch somewhere that will be thrown to stop it from working with Windows XP.

Planned Obsolescence.  Pay more and upgrade or else.

Their response is straightforward – upgrade to a newer operating system.

This might be why I have so many Linux based computers around these days… But for people who don’t want to learn a new operating system, don’t stick with XP – the holes will still let the viruses get in, and if the antivirus doesn’t catch them, you won’t get a fix from Microsoft.  If you really are against learning a new Operating System, Windows 7 is the closest thing that you can get for that old beater of a computer that looks “normal”… you know – looks like XP.  Even Windows 7 may not save you if you have a really old machine with less than 2GB of memory, but Linux would run comfortably on most machines in that class.

Most.  Don’t get silly, that old Pentium 4 needs to be recycled.  I could get something  to run on that, but it would be limited and I’m not really interested in doing free support.

Also, if you really are going to keep your old machine and upgrade to Windows 7, remember that Windows 7 is an install not an upgrade.

About 30% of all desktop computers run some form of Windows XP.  I’ve read statistics that “Some Form Of Windows XP runs on 95% of all ATM Machines in the US”, although I really doubt that statistic.   That “Some Form” is probably Windows XP Embedded which is a very different monster than what you know and love on your desktop computer.   The networking component has been made more secure, although you have to wonder just how secure it really is.

I’ll stick with my earlier comments, time to upgrade folks.  XP is about to XPire.

Another Reason To Dump XP – Security Essentials Will Receive No More Updates

I dumped XP a while back.  I’m on a collection of old machines running Debian Linux which runs faster than XP does on the same hardware – Generally.

I also have two Macs, one running Lion, another on Mavericks.

The Windows machines are either on Windows 7 or the cringeworthy Windows 8.1.  Windows 8.1 does “seem” to run well, but the effort I have to put into making sure that the “Ugly Block Land” of the Start Screen has everything I want, and none of the chaff of their live tiles has turned me off of Windows.  I avoid using Windows 8.1 as a result.

There are also the security and privacy questions that I have about Windows in general.  Any software that “phones home” for updates is by definition a risk – whether it is a miniscule one or not.

The computer I use the most is a Windows 7 laptop, I’m comfortable there and will remain that way until I am forced off of Windows 7 for a business reason.

All that having been said, there are some folks who I Support/Chat/Help/Consult for (and so forth) that still have Windows XP computers that run every day.

Please upgrade those now.

Extended Support for Windows XP will be ending April 8, 2014.

Windows Update will cease to function.
Internet Explorer will no longer be updated and become even more abysmal to use in time.
You will be forced to use Chrome or Firefox for a “modern” browser.

Now the latest announcement – if you use Microsoft Security Essentials for your virus protection, you will no longer be able to get updates.

Seeing that I get an update on a daily or more than once a day basis on my virus signatures on Windows 7, that is a significant issue.

The XP user will have to pay for a virus protection program – and it is a big market with many names.  But by the time you get that virus, you won’t be able to save your data.

I’ve had one virus hit this machine in the time I have used it – one year.  While that clobbered my computer, I was able to restore from a week old backup.  All my data is stored either on a SDHC chip or on a network – so I was safe.  The hard drive on the machine is not for “permanent storage”.

Do you have that kind of regimen?

I have a good friend and neighbor who clicked on a link in an email and immediately knew he had a Cryptolocker Virus screaming at him that if he didn’t pay 300 bucks for a ransom, his info would be passed to the FBI.  While that threat is bogus, it shows how easy it is to get a virus now.  For XP Users on April 8, 2014, it will get easier since they are already writing viruses to take advantage of back doors and other exploits.  At current 30 percent of US Computer Users run Windows XP.

At any rate, if you are one of those folks who can’t afford to pay the 100 Dollars US for a copy of Windows 7 or 8, I strongly recommend looking into a free copy of Debian or Ubuntu Linux.   Since they run Firefox as a browser as the default, you’ll be fine.

After all, why spend 100 for an operating system when a new computer runs around 200 dollars for a “beater”.  If someone is running XP then their computing needs are a bit more modest than someone who needs a top of the line beast.

Test Your Virus Scanner With EICAR

This would be a great time for me to say this is At Your Own Risk, and I’m offering no support if your scanner does not work… You’re on your own pal!   

This “virus” simply displays a text string and sends control back to the operating system.

Have you ever wondered if your virus scanner actually works?

I don’t mean surfing one of “Those” Sites with a .RU at the end of the address.  This actually downloads a “harmless” virus that won’t trash your computer.

In the case of this machine I’m writing on, the EICAR Test Virus downloaded and Microsoft Security Essentials brought up an ugly red box warning me that it had been quarantined and I’m safe.

The reality of this is that had I downloaded a different virus that wasn’t in my “signature file”, I would never know but that is the essential problem with any antivirus product.  They are only as good as the company that backs them, and how good the team is behind the product.

So make sure you know how to update your virus scanner – for Microsoft Security Essentials, the signature files come through Windows Update or clicking on the little circus tent in your task bar.  Other virus scanners will vary.

Update your virus scanner to current, which is a good thing no matter which virus scanner you use, or how often you tell the computer to check.

Then follow this link to the EICAR download page.
EICAR is the European Institute for Computer Antivirus Research.
You can read more about their mission in the wikipedia page if you want a shorter description.
A short description of the virus test file is at this wikipedia page as well.

Click on the appropriate download for the virus.

Wait for it to download and watch the fun begin when your virus scanner hopefully picks this up and tells you it has been quarantined.

When you’re through having fun, find the quarantine section and you can tell your antivirus product to remove the Test Virus.  Since there are so many different antivirus programs, you are on your own there.

If your antivirus program did not detect the EICAR virus I would strongly recommend getting a new antivirus.   Like I said, Microsoft Security Essentials worked like a champ and you can get their antivirus at this link for Windows 7 and earlier – it’s built in on Windows 8.

The video I embedded shows what it looks like with Kaspersky Anti Virus.   It’s a silent video except when the virus is caught.  It makes a Pig Squeal sound which was a bit jarring, so put your volume down to medium and it won’t be a shock.

Doing Virus Remediation – On Myself

We all eventually get them.   Computer viruses.   They’re vile and pointless and will waste a lot more time than you would expect.

How I got this one, I don’t know.  Surf a Russian Website?  Clicked on the wrong link?  Reading the wrong Subreddit?  Just don’t know.

We found something wrong with the network here and checked Comcast.  They had problems in the neighborhood.  So resetting the cable modem, and powering off all of the computers and phones that have Wifi on them was in store.

When the computers came back, all was well.  That is until I started to surf on the main daily driver that I have.  Pages didn’t load, or loaded in minutes to hours to never.  Finding a problem after a computer restart is the way many people will encounter a virus or trojan.  Programs get “updated” but don’t take effect until you restart them.

It’s been a lot of downloading antivirus programs on other computers, and finding out which one is going around the laptop causing problems.  Microsoft’s antivirus and virus remediation programs did not find a problem.  Kaspersky’s virus removal tool ran and didn’t find anything either.

When I powered off the laptop it put me into the “System Recovery” routine on Windows 7.  That is never a good sign.  Blue screen on Windows 7?  Yes, it still happens.  

I’m limping along.  There’s an old backup on a hard drive I may have to restore from.  Luckily, I have another hard drive I can swap in to do the restore on before I trash what I have on this one.  Confused?  Sure, but join the crowd.

If you’re still reading here’s what I did wrong:

Backups are old and infrequent.
I open more than 400 web pages a day for professional purposes.
I may open close to that 400 web pages a day for entertainment.  I’m a heavy reader.

Here’s what I did right:
Virus scanner is updated daily.
Virus checks are done weekly.
The entire computer is scanned when I do it manually after a manual virus update.

I guess I didn’t listen to what I tell others.  The cobbler’s children often have the worst shoes.

Is your Android Smartphone Serving Up Steaming Spam?

Ok, if you’ve got an Apple iPhone, this isn’t for you.  You have a product that is made within what they call a “walled garden”.  Basically one company controls the hardware and the software that gets onto the phone – Apple.   If you want your software to be on the iPhone, you the developer have to submit your software to a review by Apple so that it’s not going to do anything naughty.

You know, like serve up a steaming spam sandwich.

Android is a different beast.  Google isn’t really reviewing the software that gets put onto your tablets or your phones as thoroughly.  As a result, there is a lot of software that is written by “some guy over a weekend”.  That’s great, given the right guy.

The problem is that when you have a spammer out there who has a desire to make money through criminal methods, they’ll do all sorts of things.

The trick is that you really don’t want to be the first person to install a program.  Sometimes, you don’t want to be the 1000th person. 

There are a lot of apps on the “Google Play” store that are hacked versions of the real software.  That is how you get your virus installed.   You see two versions of an app and one says it’s the full version and its Free! so you install the app.  Open it and now you’re a spammer too.   If your device is a tablet computer using Wifi to get to the internet, it’s a nuisance.  If you are using a smartphone and have a limited data contract, it’s a very expensive nuisance.

So here are a few helpful hints:

  • First, make sure that you aren’t installing apps that are questionable.  
  • Read the reviews for the apps.  
  • If there are few reviews or there are a lot of low ratings (1 or 2 stars) don’t install it.   
  • Check the permissions and make sure that you’re not giving away full access.  Most free apps are actually paid by flashing ads on the screen and will require internet access.
  • Consider if you really do need that new game.
  • Remember, you are safest if you don’t install any apps, but if you do you have to take responsibility and do the research.

Furthermore, install an antivirus program and make sure it is updated frequently.  Just like on Windows, you need to make sure that your antivirus has the latest updates.   I use Lookout Security on Android because it was suggested to me by an Android Guru and I have seen reviews outside of the whole Google Play scene saying it was worth using.  Granted there are some bad reviews, but 23 to 1 in favor of the app.

You also should find where to check for your data usage.  On my phone, the T-Mobile app will do that for me, as long as I am not on Wifi Calling.  On newer operating systems such as Android 4.0 “Ice Cream Sandwich” (or ICS), it is in your Settings at the Data Usage tab.  There’s a handy graph there that I miss when I go back to the phone.   It will tell you which programs are hogging up your bandwidth.   If your newest game is now your biggest data user, you have a problem there and consider removing that program via “Google Play” immediately. 

They just put out a newer version 4.1 called Jelly Bean, so now I’ll have to wait for an update if one ever becomes available.   Older devices will never run it, newer ones may or may not, it depends if the company that made it will support the older hardware.

For example, I expect “TuneIn” to have high usage since I leave it running playing music all day from a few select web radio stations.  I do NOT expect Solitaire to have high data usage at all.  It basically is a judgement call, it expects you to watch what’s happening and control your own data usage.

Remember that smartphone in your pocket is a computer.  It needs to be looked after from time to time, just like the desktop or laptop computer at home or work.