A Unique Take on Infections - Image From SunBelt Software (VIPRE Antivirus)

While on calls in Beaverton or elsewhere, I always get the dreaded “How’d I get infected?” question. Unfortunately, it’s too broad of a question to answer the right way.

The reason I say this is that there could be hundreds of programs installed, each with their own security problems, windows updates missing, Antivirus and anti-spyware programs missing or not updated, firewalls turned off, etc.

Then, we have the “Adobe Affect”. I call it this as a lot of security researchers feel that the majority of attacks will come from Adobe this year. On top of this, there is a huge amount of vulnerabilities in the Adobe Software already. Unfortunately, the software company is typically slow to release security patches as well, so Zero-day flaws, are slow to be fixed.

Today, Sunbelt Software, the writers of VIPRE Antivirus, notified their followers, via their blog, of a flaw that allows attackers to get into your computer after the Adobe Updater Runs. That’s right ladies and gents, the simple fact of updating Adobe to patch security issues can now infect your computer. How to stop this issue? First, reboot if you see that Abode has updated.

It’s sad to see such software cause infections. Adobe Flash and Reader are some of the most popular programs installed on computers today. Well, it’s not sad – I should say that it’s disheartening. Adobe has a huge target on their back, just like Microsoft. Sadly, Adobe doesn’t really seem to be taking the issues head on, like Microsoft does with their anti-spyware, IE page blocking, etc.

So, the moral of the story is – don’t trust any software to be perfect. The more software that is installed, the bigger the target you have on your back. Keep your computer updated and for peets sake – STOP running in Admin mode with UAC turned off!
Justin

So, with the advent of all the video floating around the web, there is a new scam floating around as well. It specifically attempts to attack Flash, which is installed on roughly 90% of all the home computers online. As the screen shot points out, the attacking website may get you to “Fix” or install a plugin to get the video to work. Sneaky stuff.

Why am I hitting on the whole Spyware/Virus issue lately? Because this is the number one thing we’re seeing right now. More specifically: Fake Antivirus software that attempts to get your credit card information, shows you Pornography, etc.

As always, if you have questions, please let us know.
Justin

There is a new type of infection happening that even has some of the best anti-virus companies stumped. Recently, it was found that Virus and Malware writers are getting more sneaky on how they infect you.

They are specifically targeting Google users. Recently, it was found that you could get infected simply by looking through Google Images. On top of this, other sites only infect you if you come from Google. This means, if you type the web address directly, you don’t get infected.

Very sneaky stuff indeed. This makes it harder to clean the infection, as the website owner usually goes directly to the website to check the problem directly.

Be careful out there, it’s getting more dangerous.
Justin

Over the last few days, we’ve had a rash of calls from home based customers, which we call “Residential”. One of the first questions that people typically as is: “Do you work with regular people at home?” or something similar.

The answer: YES. Protocol16 works with both business and residential customers. While we cater to the business side of things, with all their servers, workstations and more – we do service residential customers with the same customer service as the business side.

It’s been a nice and rainy week in Portland, but that doesn’t mean you need to let your guard down!

Today’s post, is brought to you by the letter “R”, for Ransom-ware. Ransom-ware is software that makes it onto your computer, usually mysteriously, then holds your files captive until you pay a fee. This can be a product that’s sold or a virus that holds your MP3’s hostage.

Recently, Sunbelt Software – Protocol16’s recommended anti-virus company, discovered a new “in the wild” ransom-ware package that encrypts the contents of your hard drive (this is actually arguable as to if it encrypts or just causes problems). This means that your hard drive cannot be read within minutes of having the software installed.

After installation, you’re left with the following message:

Ransom-ware from Data Doctor. Shutdown message.

If you get this, it’s too late… The hard drive (specific files, actually), has been encrypted and you’re left with a Windows mess that barely works.

After you see this message and your computer shuts down, you’re stuck with a message stating that “Windows has recovered from serious error. Some files can be corrupted. Disk checking is strongly recommended.” This is NOT a Windows error.

Upon attempting to access a file that’s been encrypted, you’re met with another error message stating: “Unable to open the file due to data corruption.” Upon clicking the “Repair” button, you see the next screen:

Data Doctor 2010, Requesting Payment.

Hey look everyone, my favorite topic! Software asking for credit card information…

Some files may or may not be encrypted, but the software will continue to nag you to purchase it. They’ll even charge you an activation fee so they don’t need to pay any fee’s for the credit card being run.

Don’t install this program. PLEASE don’t.

I’ll fire up a Virtual Machine here shortly and make an infection video for everyone to see how this works as well.

If you’re reading this and curious what we recommend for anti-virus software, we heavily recommend Vipre. We are a local reseller, so if you’re interested, give us a call and we should be able to get you a discount.
Justin

FOR IMMEDIATE RELEASE:

Beaverton, OR —Dec. 21, 2009— Protocol16, a computer company focusing on on-site computer repair, has formed a partnership agreement with Sunbelt Software to provide a unique security solution for customers.

Protocol16 will recommend, and resell, Vipre anti-virus, with anti-spyware capabilities to it’s customers.

“I have used several anti-virus companies over the years, to include Personal and Enterprise level products, and I must say, Vipre is at the top of my list.” said Justin Royce, owner of Protocol16. “Not only is Vipre fast and unobtrusive to computer users, it recently won a VB100 score at the latest anti-virus face off. Finding all 100 random “in the wild” files on the test is a pretty big thing. I’m sure our customers will agree that Vipre is a better solution than others as well.”

About Protocol16
Protocol16 was started in 2007 in response to a growing demand for technical services in the military communities of Germany. Since starting, Protocol16 has relocated to Oregon and launched a website and mobile computer repair business in the Portland Metro region. Headquartered in Beaverton, Protocol16 is quickly becoming a leader in mobile repair for businesses and consumers. Protocol16 maintains that customer satisfaction is the absolute primary goal of the business.

# # #

I’ve discussed how I talk with a bunch of industry experts all the time and we can catch things here and there. One of the repair companies in New Zealand ran across a unique situation that reminded me of how much consultants can save you money.

In his situation, a company requested a quote on a new server for their office as well as requested internet access be installed at another physical building on the same property. The consultant quickly put together a very nice bid and all was well, until someone on the company’s controlling board decided to speak up: They were in the computer business as well and could beat the prices on the bid. This sounds fine, as some companies purchase their own hardware and have consultants install it, but something else happened. The second consultant overshot the original bid by a heck of a lot of money, thousands, in fact.

When the two consultants talked, an issue came up with the amount of servers that were required. The second consultant, we’ll call him “Mr. X” to avoid confusion, assumed that the first had made a mistake on the bid since they wanted Exchange and another type of major service that controlled logins and such (called Active Directory). This typically can’t be done (and shouldn’t, for good reason). Mr. X confronted the first consultant and tried to get an explanation for the mistake. The first consultant said there wasn’t a mistake, he had saved money by going with a Small Business Server (SBS) instead, which allows multiple things to be installed at once – making things cheaper. SBS is specifically setup for smaller environments and everything is integrated together.

Mr. X also mentioned that he had figured that there was another mistake on the networking portion since it would take a decent amount of money to run fiber to the other building. There wasn’t a mistake, the first consultant figured on using a wireless N based network with special antenna’s to make sure that things communicate better. The speed requirements for the second location didn’t require the speeds that Fiber would provide – it was just too expensive to run  to that location for a few computers to surf the internet and check email.

In the end, the first consultant saved this company several thousands of dollars, and that was over someone else that was in the industry…

I’ve personally run into situations like this as well. Awhile ago, a situation presented itself with a computer savy business owner in Tigard. They had used a local company to work on a virus issue with a Dell workstation. The other company ended up charging a decent amount of money to remove the virus then said that Windows was so messed up that they needed to reinstall it for an additional fee. After hearing they needed to spend that much money, they just paid the original fee and got the computer back. While on-site, the computer showed up and they asked me about it and how much to reload Windows. Knowing the owner was decently computer savy, I asked if they had the restore CD. As a matter of fact, they DID. I told them that this computer could be re-setup, like new, within minutes just by popping that CD in. They did it while I was working on another computer and I answered a few questions for them as well. They ultimately ended up saving a lot of money since I had merely recommended using the Restore CD and I ended up multi-tasking to help out. This saved them time on Protocol16’s hourly fee as well.

Any business considering a project, new hardware, or even the standard computer user having problems should always consider a professional as this can save you money in the long run. For servers, networks, and such, consutants and computer companies can usually pay for themselves when your project is done as someone familiar with the hardware, software, and networks will usually purchase just the right mix of things you need instead of overdoing it. They’ll also setup the hardware or software correctly for you. If you have a larger project that needs to be implemented over the course of months, if done right, it can actually come in under budget.
Justin

Protocol16 works closely with other computer shops across the country on a forum where we can all talk, share ideas and alert each other of problems. In this case, our early warning system worked. It just so happens, that a computer shop in the northwest happened to pick up, locate and alert everyone to the virus issue.

This virus causes redirects from Google to other websites. For instance, if you do a search for McAfee or something else anti virus related in Bing, Yahoo or Google, you may or may not be redirected to a random website instead of the intended page.

It’s been noticed that most anti virus solutions are not correctly identifying this issue yet, and if you have anti virus loaded on your machine and you’re infected, your anti virus software will not find the infected files.

If you have this type of problem, please give us, or your local computer repair company – if you’re not around Portland, a call.
Justin

This is something that Protocol16 sees a lot around the Portland Metro and we have a very specific answer:

“No”

The reasons:

• The free versions of most software packages, including AVG, are for home use only. The licensing requirements for most software packages require a license to be purchased for commercial use. While this doesn’t seem like that big of a deal, there are stipulations to most software, including Windows, that you need to know about: Microsoft and other software manufacturers reserve the right, in their licenses, to come into YOUR business and audit your software licenses. If Microsoft or another company audits your software and finds problems, they will alert other manufacturers of those problems, causing a legal nightmare for you and your business. If you’re currently in a situation that could cost you money from the above situation, click here for a news story about how bad it can get… Not to continue pounding on this horrifying situation, but the Business Software Alliance makes it easy for current and past employees to report licensing fraud, to the tune of a $1 Million reward (and as of this writing, AVG is a “Spotlight” member)… If you’ve paid attention to past stories, you know a little bit about Page Rank (popularity, according to Google on a 0-10 sliding ranking system – 10 being the most popular) – BSA has a Page Rank of 7, higher than the Yahoo homepage at 5.
• AVG, while popular, is not as thorough as it should be. With the latest tests from AV-Comparatives, AVG didn’t place well. This may sound odd, but despite all the “good” reviews of AVG, it doesn’t work as well as it should – Free is Free, and you typically get what you pay for. While there are other free antivirus programs out there, they are not for commercial use.

What Antivirus Program Should I Use?
Protocol16 works closely with many companies to test software and hardware. We’ve worked with Symantec (aka: Norton), McAfee, and others. The best Antivirus solutions we’ve found are:

Home Use: (Free)

Avira Antivirus – MANY computer repair shops use Avira to help correct virus issues. While a lot of us use the the registered version, as well as other software, Avira is one of the best antivirus packages.

Business Use: (Commercial)

G Data: Considered the best antivirus package in the AV-Comparatives review showcase. It had low false positives, let very few actual infections past it and shined on all the tests earning it a 3 out of 3 review.

VIPRE: This is a new-comer to the market. They’ve hit advertising hard and fast with full page ads in all the Microsoft publications and more. While they have not been tested on AV-Comparatives, for now Protocol16 will recommend using it. We’ve had it installed on our internal network for testing and it has not slowed down anything or caused any tpe of crazy problems. We’ll revisit our review once AV-Comparatives reviews them as well.

The reason we listed three different software packages is because every situation is unique, requirements are different and we’re not going to tell you what you should install.

Lastly, the licensing situation above can be nasty, any good PC Repair company can help assist with licensing issues and assist in self-auditing your computers and networks to ensure that crazy things don’t happen. Coming from a large-network environment, I’ve been through several audits and as such, Protoco1l6 is more than capable in assisting in setting up an internal program to help you protect yourself.

If you have any questions, please feel free to ask them below or give Protocol16 a call.
Justin

Spyware and Viruses in the workplace are, unfortunately, common. We’ve had many calls to locations throughout the Portland Metro for removal of all kinds of nasties. It’s not fun, especially when we tell business owners that we must remove a machine for further work back at our office. In the worst cases, we must inform owners that we’ll need to get with them to backup data so we can re-load Windows. Those phone calls or in-person talks are never fun, trust us.

So, with all that said, here’s how you can protect yourself, and your business.

1. Spyware & Antivirus Software: Always have this type of software installed and running on your computers – always. We’re still testing solutions to see which software types we want to officially recommend. We’re testing one right now that we think is “the one”. We should know within the next week or so.
2. Browsing Policies: While I would love nothing better than to let my own employees go anywhere they want on the internet, they can’t. Having a policy of openly letting your employees surf as much as they want is a prime way to open yourself up to the horrors of a Spyware or Virus infestation. Depending on the type of router you have in the office, you may be able to use a service that allows DNS filtering. We know we just said a handful there, but there are services that will filter the websites you go to and allow/disallow the content to be passed through. There are also commercial options, like Untangle, that can help your situation. These types of software sit and monitor your connections and block certain types of sites based on rules you’ve setup.
3. Security Policies: All businesses, in my professional opinion, should use a tiered login system. This means that you have Admins and Standard Users. I even recommend this for home users and I personally “eat my own dog food” with this – ALL my computers, including my mac, are setup with an Admin login and a Standard User login for use. Between careful browsing habbits and the security I have in place, I have NEVER gotten infected with a Virus or anything else like Spyware…never. Some friends have called me paranoid, but when I have to fix their computers, they ask for the same level of security… Some may say “that’s impossible”, but it’s not – the right mindset and security policies really do help!
4. More Security: While this goes beyond most small businesses, did you know there are ways to make Windows so locked down that a 10 year old couldn’t mess it up? The way to do this is through an option called “Group Policies”. I can set your computer up to require you to hit Control-Alt-Delete to log in, or to only allow your employees to be able to write to certain areas of the hard drive… Again, sometimes this is considered overkill for small businesses, but it’s an option.
5. Software & Windows Updates: The last peice of the “easy” puzzle is to always keep your software up to date. Windows needs regular updates, don’t turn this feature off. Microsoft Office needs regular updates as well, and up until very recently with Vista and Windows 7, those updates required a seperate way to update Office instead of being able to use Windows Updates… Antivirus and Anti-Spyware applications require updates as well. Spending a little bit of time updating your software, or insuring that all the auto-updates installed properly, can save you countless hours with a technician.

Some people in the computer repair world would call me crazy for GIVING AWAY advice like this, but I think it’s best to educate my users instead of taking money from them over and over again. Why should I take your money when I can help educate you and make the experience easier for everyone?

As always, if you run a business and need an on call or on site repair company, we’re here for you and understand your needs. If you’re a residential customer, we’re here for you as well and know you have different needs (like setting up time limits for your kids to use the computer – we can teach you that in minutes with Vista and Windows 7). Feel free to give us a call for your computer repair needs!
Justin