Monday, January 31, 2005

Ways to stop your employees from spreading viruses 

There's a long list of tips to educate employees about virus prevention at Watchguard's site.

The most helpful included some technical and some management techniques:

Personally I'd consider training the users with pranks. Get a free email account, send your employees an attachment, and have it be a program that plays an embarrassing sound file like "look everybody, I opened an attachment!" on the computer's speakers.

|

Sunday, January 30, 2005

What to learn from the "crack" of electronic car keys? 

You must have seen the New York Times story about researchers who can copy electronically coded car keys. What does this mean?

Your car's probably almost as safe as before. There's a world of difference between an attack that can duplicate one key at a time and a hypothetical attack that could bypass all keys everywhere. This discovery could only affect you if your car in particular was being stolen to order. Which does happen, but see below. The researchers are holding on to some of the details instead of releasing them. They haven't told criminals how to copy car keys. But organized crime can pay someone to figure out the rest, assuming they don't already know.

What does this discovery tell us about security in general?

|

Saturday, January 29, 2005

You may not have heard of this kind of extortion 

Normally you'd protect your data with a secret code ("encrypt" it) in order to keep it confidential. Only someone with the decryption key will be able to read the encrypted files.

Bad guys can use the same technology to kidnap your data and hold it for ransom. Once they get access to your machine, instead of destroying your files they might encrypt them and demand money in exchange for the decryption key.

It's happening now. There's at least one virus which encrypts your data and gives you an email address in Russia to contact about getting the decryption key.

"So what?", you might ask. Your antivirus and backup procedures will protect you just as they would against any other virus. But there's a related threat that almost nobody talks about.

Only the decryption program, with the right key, can read an encrypted file. What if you have important data in a proprietary file format? Then only the program that created the file can retrieve your data. What if the program vendor revokes your license? What if they go out of business and the program stops running? What if you're paying for the software license by the year and the vendor decides to triple the renewal price?

If you put vital data into a program with a secret file format you're letting the program vendor have control over access to your data.

Maybe your backup procedures should include exporting vital data to standard formats like ASCII, RTF, CSV and so on.

|

Friday, January 28, 2005

PC world recommends Trend Micro PC-cillin 

The PC World review of Internet security suites picks "PC-cillin", by Trend Micro, as the best of the three they tested. Does their recommendation make sense?

They recommend it for the best spyware detection. But you should be using single-purpose products for that (yes, I mean "products". You need to install more than one).

They also point out that it works better with Windows XP's Security Center. But I know the details behind what they're talking about. The only difference is the day you first install one of the security suites, before you download your first set of updates. During those few minutes Trend Micro tells XP that it's not up to date. Their competitors jump the gun a little by saying they're up to date a few minutes before they are. After that there's never a difference again.

It's a good product but the review falls short of justifying its conclusion.

|

Thursday, January 27, 2005

Mac security update today. Not a crisis. 

Apple released an OS X security update today. Almost every problem it fixes is in rarely used software, or else only affects people running the Mac as a web server.

The most important change for an average user was to Safari, the web browser. Apple fixed a bug that would have let phishers or other bad guys mislead you about what web site you were looking at.

You should hurry to install the upgrade only if you're running a web server with PHP pages.

|

Wednesday, January 26, 2005

download.com let something malicious through 

A couple of million people downloaded a file sharing program called "Direct Connect" from download.com. Little did they know that for over a week starting January 16 download.com had been offering up an infected copy.

People who used download.com to get their copy of Direct Connect also got a ton of spyware installed along with the program.

I'd heard rumors that download.com wasn't adequately checking whether their content was clean. This is the first hard fact I'd run into.

What to do? Well, you now have one more thing to be aware of as you walk the wild streets of the Internet. You have to be sure a program you're downloading is trustworthy and you have to be sure you can trust the site you're downloading from. A big name is no guarantee.

|

Tuesday, January 25, 2005

Here's something for your reading list 

In your (ha!) free time you could look through security firm Watchguard's list of computer security fundamentals.

A lot of the recommendations end up with telling you to buy Watchguard equipment, which you can't really blame them for. But they do offer down-to-earth explanations of what threats you face in the real world, why an obscure small-to-medium business might be attacked, and what someone thrust into the "micro-CTO" role should do to manage a network.

|

Monday, January 24, 2005

Microsoft tries to underpromise and overdeliver 

A publication for Chief Security Officers just ran an article about companies that use security as a selling point for their products or services.

Check out the whole article, it's interesting, but I especially noticed this quote:

In fact, says [Microsoft] Chief Security Strategist Scott Charney, who describes the [Trustworthy Computing] initiative as "very much a work in progress," Microsoft has had to apply strong-arm tactics to software vendors who have built Microsoft technologies into their products: They are not to make claims that aren't yet matched by the reality that Gates wants to see. "We've told vendors not to put out advertisements saying that you can have a secure environment on a Microsoft platform, because we're just not there yet," says Charney.

|

Sunday, January 23, 2005

RealPlayer vulnerable: major confusion 

What's going on? I don't know. One item on a security mailing list says that if you open a maliciously built media file in one of Real Networks's players, it can take over your machine. Another report says it can delete files. Or are both the same bug? One report says Real Networks has released a fix. Where is it? I can't find anything about this on their web site.

What you should do, until things clear up, is make sure a movie or audio clip is from someplace reputable before you open it. Eventually antivirus products may check for booby-trapped movies.

Macs, reportedly, are safe.

|

Saturday, January 22, 2005

The danger of government databases 

"But I've got nothing to hide", "my life is boring anyway", "I trust the government" -- these are things you might say if you aren't worried about government surveillance and recordkeeping.

But can you trust everyone who works for the government, everyone who has enough money to bribe a government employee, everyone who has enough pull to change the laws, and everyone who finds a slipup in the government's security?

Need an example? Consider the case of an Ohio policeman allegedly using police databases to harass his ex-wives.


|

Friday, January 21, 2005

Online fraud -- will your bank stick you with the bill? 

Suppose an organized crime gang in Russia cleans out your bank account after you mistakenly answer one of those "please verify your account details" email. What happens next?

You might hope that your bank will put the money back. It's logical: they're in a better position to get the money back from the crooks than you are. They might have insurance to cover fraud losses, in which case of course they've been passing the cost of the insurance premiums along to you.

ComputerActive's Paul Allen reports that UK banks may refuse to reimburse online fraud losses. They're not carrying insurance. They threaten to treat future claims on a "case by case" basis.

We've seen this movie before. US banks had a legal obligation to reimburse customers for money stolen via a cash machine. UK banks didn't. US banks deployed halfway reasonable security technology to save money. UK banks didn't have to. Not only did they refuse to put money back into customer accounts, in one case they even pretended the complaining customer was scamming them and had him arrested.

What to do? You can swing your business to banks that deploy clueful online security, for example single-use passwords. And of course don't hand over secret information like your account number and password unless you're the one who started the transaction.

|

Thursday, January 20, 2005

The next trend: rent your firewall? 

Usually a "firewall" lets viruses through. It knows what you've asked for but not what's in it. If you ask for a virus a firewall will obliviously let you get it.

A few vendors have started putting antivirus programs into their firewall products. But antivirus programs need frequent updates so they can recognize new viruses. Your firewall turns into a recurring expense.

Sonicwall has announced a cheap comprehensive small business firewall which comes with a $195/yr subscription fee.

Compare that to the cost of Norton Antivirus subscriptions for all the computers in your office (the TZ 150 is designed for maybe 5, up to 10 computers). Seems pretty reasonable, especially since you only have to spend $389 to buy it and it has the features of more expensive firewalls from places like Checkpoint.

A Brendan Sullivan article in Network World about the Sonicwall TZ 150 argues that the subscription fee is high and likely to surprise people. I don't agree: compare it to the service contract on, say, a Cisco firewall.

|

Mac iTunes users, the update just got more urgent 

Apple released a software update for iTunes recently. It fixes a security problem with playlist files. A bad guy could build a toxic playlist file that could take over your machine, in theory. Today it's no longer theoretical. Bad guys can now download an example program that builds toxic playlist files. Bad guys can take this and change it to do their own bad things. They will. Usually it's only a few days from the release of an example like this to the appearance of wild viruses.

If Software Update pops up and asks to update iTunes, tell it yes. If you haven't seen Software Update in a while, bring up System Preferences (it's the thing in the Dock with a light switch) and click Software Update.

|

Wednesday, January 19, 2005

Who's behind adware/spyware? 

WhenU is a controversial program that displays ads based on what web site you're viewing. Claria, the company that makes it, brings up two points in its defense. First, they call it "contextual advertising". Second, they've sued someone who called it spyware. I guess that's one way to win an argument.

What we know is that when bad guys were taking over Web servers last year to send out toxic web pages that exploited a security hole in Internet Explorer, one of the programs they installed on victims's machines was WhenU. One poll said the overwhelming majority of people with WhenU on their computers didn't know they had installed it. And of course the software is monitoring what web pages you visit so it can know when to display ads for blue pills.

So who are the advertisers that support all this activity? Believe it or not, some legitimate companies. Ben Edelman publishes a list of companies who advertise on WhenU. Those companies are not eager to talk about it: a Businessweek article about adware says "Of the 26 major advertisers that BusinessWeek called for this story, 18 declined to comment on their adware marketing or did not return calls".

|

Monday, January 17, 2005

Followups: destroying data, voting machines 

I wrote about security guru Bruce Schneier's advice for home computer security. Since then his readers have sent in some feedback you should see.

Last time around I should have cautioned you about his advice to dispose of confidential CDs by microwaving them. Reader Charlie Brooks sent in a warning about the fumes which come off, which I can boil down to a single excerpt:
we all recovered after a couple of weeks
You could look for an expensive paper shredder that eats CDs (it'll say so on the package if it does), or you could use a $45 CD Destroyer from the Cyberguys catalog which leaves the CD in one piece but ruins the surface.

Are electronic voting machines adequately safe if they create paper trails but still have secret inner workings? Paper output would have saved the day in the disputed North Carolina Agriculture Commissioner election. David Jefferson says no and explains why. He points out that a crooked vendor could program the machine so that a few percent of voters get the wrong result the first time. Some of them will catch the error and try again but some won't notice. All the paper recounts will come out right, but that kind of trick could swing a close election.

If your state or county is going to use electronic voting machines, demand that the programming be published for security reviews.

|

Wireless security should get easier this spring 

Every article that tells you how to secure a wireless network says something like "enable WEP" or "enable WPA". They never say how. That's because it's a royal hassle which has defeated even computer-savvy people. I've tried before to explain how to set up WEP wireless security.

The problem is that the wireless devices need to have a secret code key in order to scramble and descramble their communications with each other. Most vendors made the tragic decision to make the human put the secret code key into each device instead of letting the devices figure it out themselves. Worse, different vendors picked different and incompatible ways for the human ot put in the secret code key.

One vendor got it right. Buffalo shipped devices which set the secret key automatically. You'd put two or more devices in range of each other and push a button on each to do the security setup. The devices would decide on and share a key without involving the human.

This idea is finally catching on. Linksys and HP are among the vendors who'll be building systems with a new chipset that lets them automate setting up wireless security.

Glenn Fleishmann's indispensable Wi-Fi Networking News asks a good question about security. What happens if someone in the parking lot is hanging out on your network constantly trying to get in on a security setup? Won't they be able to sneak in as soon as you start the setup process? One of the two systems coming out (let's pray they work together!) solves the problem by requiring a simple password. Glenn Fleishmann interviewed someone familiar with the other system who says it will warn you if someone slips in during the key setup.

|

Sunday, January 16, 2005

Hesitating about Firefox? It's ahead on features, too. 

I can't think of much to add to Walter Mossberg's Wall Street Journal review of Firefox. He's hit the bullseye on the pluses and minuses.

He mentions extensions, little pieces of software to add features to Firefox. My favorite is Linky, which lets you open a bunch of links at once, and jump to a web address even if it's not a link.

|

Saturday, January 15, 2005

Ohio bans touch-screen voting machines 

Via TechDirt, I find out that Ohio Secretary of State Ken Blackwell has ordered standardizing on optical-scan machines (Story from the Cleveland Plain Dealer).

It's partly a financial move rather than a security move. The Legislature passed a law requiring paper trails from voting machines. Adding printers to the touch-screen machines would have cost money.

I agree with the legislators, by the way. A paper record doesn't prove the machine counted your vote correctly but it is the only way you can ever audit the results. And you have to audit the results, at least a sample of them, to deter cheats. Like businesspeople have always said, "you can expect what you inspect".

|

Friday, January 14, 2005

Oh, carp, not again. IE can silently download malicious content. 

Yes, Microsoft fixed a bug like this in last Tuesday's patches. This is a new one. If you want details, see the Infoworld article about Internet Explorer's vulnerability to malicious downloads.

The bad news is there's no fix for this yet. The good news is that there's no word yet of bad guys actually taking advantage of the bug (but wait a few days, they'll catch up).

I'm not going to waste electrons talking about workarounds within Internet Explorer. Until Microsoft does a major redesign, running IE is like letting Lucy hold a football while you come running up to kick it. Switch to a different web browser. The one I recommend for most people is Firefox.

Does Firefox seem like a big jump? It's really simple. Firefox will import your bookmarks and other settings. Check out this guide to converting from Internet Explorer to Firefox at a newsletter called "The Main Thing". You can just jump right in and install, but if you feel more comfortable reading something first then it's a good list.

|

Thursday, January 13, 2005

Everything has security holes--Mac iTunes bug 

If you have a Mac, run the iTunes music software, and share playlists with others, you need to run Software Update and get the latest patch. It turns out that a malicious person could booby-trap an iTunes playlist file to do bad things to your computer.

I don't have any word about whether this was happening in the field already or whether someone caught the problem first.

Are you wondering why things like this keep happening? One reason is that the most popular computer language makes it very easy to make mistakes like this. Another reason is that security bugs like this are hard to catch in testing. But the big reason is that personal computers assume they can trust the software they're running. Two decades ago the military was developing systems that could maintain security even with untrusted software. They wanted to make sure that even if your word processor was sabotaged, you wouldn't be able to save a Top Secret document into a Secret file. Nobody ever figured out how to make those systems usable. Maybe it's time for the industry to try again.

|

More advice for the home user 

Security pro Fred Avolio has put together his own list of what home users should know about security.

You're busy. I'll extract the points I haven't already made here.

He summarizes spyware's causes and effects beautifully:

Don't have spyware? I bet you do. Ever click on something that said "Click here to speed up your Internet connection?" Ever install "free" software? Maybe you've added a neat item on your toolbar that shows the weather or stock reports. Computer running slower and slower? Are you now plagued with pop-up advertisements? There is a good chance you have some spyware running on your computer.


He gives links to a list of firewall programs and practical how-to information about Windows security.

|

Tuesday, January 11, 2005

Things to know about Skype security 

"Skype"? What is "Skype"?

Skype is a convenient and powerful program for voice communication over the Internet and optionally to old-style telephones. The usual sales pitch is "free phone calls", but technical people are falling in love with it as the easiest way they've ever seen to arrange a conference call.

Where does security come in?


Well, it's a program that runs on your computer and talks over the network. Can it be taken over by toxic input? Can it spread viruses? Can nasty people intercept or interfere with your conversations?

There's been one security hole involving overly long addresses. This got fixed quickly and the program automatically updates itself, so everyone has the fix now.

Respected security author Simson Garfinkel answers the other questions in a highly readable report on Skype security.

Read the report, it's good and it's the kind of writing I try to deliver to my own clients. To condense it brutally:
That last point is the really important one. Spyware on your machine could record all your calls and email them to the Russian mafia or the National Enquirer. Once your voice is decrypted, anything can happen to it. A recent story illustrates what can happen if other software does something unexpected.

Blogger Andy Abramson got a surprise when he called another Skype user. The other user ran a program called Skype Answering Machine (which doesn't come from the Skype folks) to take calls when he was already in a call. It started recording Abramson, but due to a known bug in Skype Answering Machine Abramson started hearing the call that was in progress! That's right: install a buggy program and suddenly anyone can wiretap you just by calling. Obviously it'll get fixed, but it's a good example of what Garfinkel warned about.

PS: encrypted voice


Security guru and cipher designer Bruce Schneier warns in an essay about cryptography that
"Few can do the science properly, and a little knowledge is a dangerous thing: inexperienced cryptographers almost always design flawed systems. Good cryptographers know that nothing substitutes for extensive peer review and years of analysis. Quality systems use published and well-understood algorithms and protocols; using unpublished or unproven elements in a design is risky at best."
Skype's protocol design is unpublished and hasn't had the extensive peer review that makes security people stop fidgeting.


|

Today's MS update: install NOW if you run IE 

This fixes the horrible Internet Explorer bug that affects fully patched systems, allows bad guys to take over your machine if you just visit the wrong web page, and which bad guys are using in the field now.

There are a couple of other fixes which are less serious but well worth having.

If you're still clicking on the blue "E" icon to browse the web, click the Start menu and choose Windows Update before you visit the next web site. Otherwise it's probably safe to schedule the update within the next day or two.

|

Monday, January 10, 2005

Microsoft's antispyware -- early reactions 

It runs quickly on my (clean) machine and brings up only one of the two false alarms that I saw before Microsoft bought the product from Giant Antispyware.

Here's a review of Microsoft Antispyware versus AdAware and Spybot Search & Destroy on a thoroughly infected machine. Microsoft Antispyware catches more than the other two. But as always no one program gets everything. Run more than one and concentrate on prevention.

It's been three days since I wrote about what Microsoft's policies on identifying spyware ought to be, and already an issue has come up. The distributors of a controversial program asked Microsoft to reclassify them as harmless. Microsoft complied.

The program is called Weatherbug. It displays continuous weather news and hits you with ads. Near as I can tell, it gave itself a bad name by being almost impossible to uninstall in previous versions, and by being distributed along with other, nastier software so that people reported horrible things happening after installing Weatherbug.

I can't give you firsthand information because I won't allow it on my machine. The distributor claims that all it does today is display ads and send your zip code to get your local weather. I can't find any evidence online that it actually spies on people.

In other words it looks like Microsoft did the right thing in this case, despite some feverish headlines like "An Integrity Test for Microsoft". Just don't expect them to remove software that causes popup ads, unless that software is spying on you or hurting your computer.

|

Sunday, January 09, 2005

Test whether you're at risk from "Extremely Critical" browser bug 

Even if you run XP Service Pack 2, if you're still using Microsoft Internet Explorer for some reason then going to a booby-trapped web site or viewing the wrong ad can write files to your machine and take it over. Skip down if you're using Mozilla or Firefox, there's news for you too.

Security firm Secunia has put up a harmless page where you can test for vulnerability to the IE exploit. Just follow the directions on the page.

Secunia recommends that if you're going to use Internet Explorer, you should go to Tools/Internet Options/Security/Internet and change your security level to High. I don't know whether this will work: be sure you have "Active Scripting" turned off in the security settings. Secunia's preferred solution is the one you've been hearing from security people for months now: use a better web browser.

Mozilla and Firefox need updates

If you're running Mozilla, which is the big suite of programs including a web browser, email, chat program and whatnot, then you need to update to version 1.7.5 to fix a problem that could take over your machine (but only if you click on a malicious link beginning with "news://").

Firefox has an update to fix a problem where bad guys could make a download appear to come from someplace safe even if it doesn't. If you practice good hygiene this shouldn't be an issue. Go to Tools/Options/Advanced/Software Update and click "Check Now".

|

Saturday, January 08, 2005

You DON'T have to accept spyware to get free software 

There is plenty of free software out there which isn't contaminated by malicious scumware. Firefox, which I hope you're using to read this, is free and safe.

So why is good free software so hard to find? Well, it doesn't have advertisers and scumbags pushing it, so you have to know where to look.

There's a best-of-the-best list of free downloads at Pricelessware, and a recently launched broader set at CleanSoftware.

|

Friday, January 07, 2005

Offsite backups: why and how 

The backups you keep in your home or office will help if you delete a file by accident.

What if you have a fire?

You could put backups in a safe deposit box or have an employee take them home. (Little hint: a mini-fridge, not plugged in, is better than nothing for fire protection. It's insulated and airtight.) What if your area gets hit by a hurricane/snowstorm/earthquake?

If you send backups outside the local area then you can recover from some really serious disasters. If the backups are available online you can recover from anywhere with a 'net connection.

That's where commercial offsite backup services come in. They send you software that encrypts your data and copies it over the internet to their servers. You can restore to anywhere you need to. The backup company can't read your data.

They're expensive. The way to use them is to figure out what data you'll need in a hurry after a disaster (accounts receivable? Address books?) and back up the minimum necessary.

Or take the small businessperson approach. You must have a friend or supplier or something outside your local area. Why not cut a deal with them where each of you stores encrypted backups for the other?

|

Thursday, January 06, 2005

Microsoft doing antispyware has interesting implications 

I wish I could take credit for this insight. It comes from a user named "bogie" on the geek forum Slashdot.

Microsoft bought the highly recommended commercial spyware fighter "Giant Anti-Spyware" last year and has leaked sneak previews of what the Microsoft anti-spyware program will look like.

Microsoft will then be able to tell you what software on your machine is "legitimate" and what isn't. You'll have a Microsoft program on your machine that will advise you to remove other programs. This is new.

Antivirus companies have shrunk from removing spyware programs. They might get sued by a spyware company arguing that it was doing legitimate business. Will Microsoft be willing to get into court fights with spyware companies?

What if an ad-supported program competes with one of Microsoft's products? Will they tell you to delete it and risk another antitrust suit? Will they leave the ad-supported program in place where it might destabilize your computer?

Shipping an anti-spyware program will give Microsoft a lot of power. I hope someone in the company is vowing "We must only use this power for good!"


|

Wednesday, January 05, 2005

What's Microsoft going to do with the anti-spyware company they bought? 

Microsoft also bought an antivirus company a while ago, and there hasn't been much news about it since.

But now there's been a "leak" about Microsoft's plans. This could be a real leak where someone was talking without permission, but the industry has a little secret -- many "leaks" are authorized and serve as trial balloons.

Mary Jo Foley's Microsoft Watch reports on Microsoft's "A-1" security subscription service, rumored to charge an annual fee for anti-spyware and antivirus updates. No word on what it would cost.

The report makes sense. Microsoft wants steady income streams. Selling subscriptions is good for Microsoft.

This could be good for customers. Microsoft knows enough about the inner workings of Windows to win fights with spyware that tries to reinstall itself. They also have a chance of writing antivirus software that cooperates better with Windows. It could be bad if it scares away competitors.

|

Sick, sick -- fraudulent emails about tsunami relief! 

Scott Pinzon from security firm Watchguard reports fraudulent spam about tsunami relief. His firm has seen some clearcut scams that ask you to send money by Western Union.

Western Union is a favorite of fraudsters because, unlike credit card companies, they won't give you your money back in case of a fraudulent transaction.

I'll second Scott Pinzon's recommendation. Give money to the Red Cross, to your religious organization's relief activities, or any reputable charity. By the way, giving money is better than donating goods -- it's more flexible, easier to transport, and a little money goes a long way in some of the victimized areas.

|

Tuesday, January 04, 2005

When spyware's incurable: funny story about erasing computer 

New York Times writer Rachel Dodes did a backup, format, and reinstall on her laptop when she couldn't remove all the spyware. How did she decide it was time to give up everything, wipe the slate and start over? She says "My friend the bankruptcy lawyer convinced me".

The article is funny and informative, but I saw one glaring omission. She backed up My Documents, My Pictures, and My Music before wiping her computer clean. If that's all you do then you may lose your old email. Microsoft Outlook stores your email outside the My Documents folder, in a folder called Application Data. A few non-Microsoft programs store data in the same folder as the program. Make sure you know where everything you need lives before erasing your hard disk.

Go read her article. I can't do it justice. She writes about computer security as well as the best of Doonesbury -- irreverent, funny, and with the devastating accuracy of a rapier through the aorta.

|

Monday, January 03, 2005

Another reason to prefer a hardware firewall appliance 

Windows programs can talk to each other. In particular, they can say things like "the mouse just moved to such-and-such a place" or "the Y key just got pressed" whether it's true or not.

So what happens if a bad guy tricks you into installing a program which tells your firewall program in effect "the user just turned you off"?

That's the question Ferruh Mavituna set out to answer. He wrote a program to lie to firewall programs. He discovered that malicious software can disable firewall security on your machine.

Skydivers have a general-purpose emergency procedure. No matter what sort of predicament you're talking about, their answer is "don't get there in the first place". That's the best answer to problems like this one. After all, the first of Microsoft's Ten Commandments of Security is that once a bad guy runs a program on your computer, it becomes his computer.

But if you do get tricked into running nasty software, you're better off with a firewall program that asks for a password before it reduces security. Reportedly Zone Alarm version 5 does this.

|

Sunday, January 02, 2005

Re-download, don't just update, AdAware and Spybot 

My two favorite anti-spyware programs have brand new versions out now, and the old versions are no longer getting lists of new spyware to watch out for. Which means you need the new versions.

AdAware was at version 6.181. Confusingly, the new version is called Ad-Aware Personal SE 1.05. Download the new Ad-Aware installer and run it. It'll ask permission to uninstall the old Ad-Aware. It's safe to say yes. Their web page says you can get the new version from the normal update procedure within the program -- didn't work for me.

Spybot Search & Destroy also needs to be re-downloaded. Download Spybot Search & Destroy, run the installer, proceed as usual. The author asks for a "different kind of donation", namely he asks you to register as a blood marrow donor.

As usual, you can and should run both. You may get false alarms when one program quarantines a nasty file and the other program sees it in the quarantine folder but you can just ignore those.

|

Saturday, January 01, 2005

Computers, mobile phones, now MP3 players carry viruses 

Now it's not safe to plug a music player into your computer. I just ran across a viruslist.com article about virus infections in iRiver and Denver MP3 players. The author, Roel of Kaspersky Antivirus, suggests reformatting the devices before you use them. OK, if you don't mind the hassle, if you don't mind the risk of erasing something you'll need, and if you're sure that the virus infection isn't in some area that survives when you reformat the device.

All I can think of is to have antivirus software that's been updated more recently than your MP3 player was built.

|

This page is powered by Blogger. Isn't yours?