Beware nasty Mebroot trojan

Beware of malware called Sinowal (also as Mebroot) captures bank and similar data. A gang of Internet criminals have been using this and even morphing the malware to temporarily fool antivirus software.

Windows Secrets contributing editor Woody Leonhard likens Mebroot to "a parasitic operating system that runs inside Windows". [Disclaimer: I subscribe to the paid version of "Windows Secrets" newsletter. Prior to that subscribed for years to the paid version of Fred Langa's "LangaList" newsletter, which is now integrated into Brian Livingston's "Windows Secrets" newsletter. I highly recommend Windows Secrets anyone concerned about or interested in PCs.]

Leonhard says that his experience is that a lot of systems get infected with Mebroot (Sinowal) because the owners did not keep up with Adobe Reader, Adobe Flash, or Apple Quicktime security patches. You can manually check for such patches, set the apps to automatically check for updates, or (even better), install the free Secunia Personal Software Inspector (PSI) and scan for programs that need updating.

In October 2008 Brian Krebs, Washington Post, alerted readers to the "virtual heist" going on. Mebroot infects the Master Boot Record (MBR) of your PC and sends personal data to its "owners". Krebs says that the criminals have stolen over half a million credit and debit card account in the past few years.

While Symantec lists the malware's risk as low, if your data gets stolen, it won't be a little thing to you. Here are some actions Symantec and I recommend to reduce your risk of malware infections:

• Use a firewall
• Enforce complex passwords for all users of your computer
• Use the lowest level access privileges.
• Never use an Administrator-level login account as your normal one. Always login as a lower level account and then "Runas" or login as the Administrator level only as needed. Vista security is a big advance in making this type security easier. Yes, you get pop-ups to login as Administrator, but that's much better than manually running a "runas" command and you don't need to know the runas command line syntax.
• Disable Auto-play
• Turn off "File Sharing"
• Turn off and remove unnecessary system services
• Always keep your programs patched (You can use the free Secunia PSI to monitor patch status)
• Don't open email attachments unless you were expecting them. Contact the sender separately (not by a "Reply") and see if they really did send you that email and attachment.
• Turn off Bluetooth via Windows Control Panel if you are not using it.
• If you really need to use Bluetooth, make sure every Bluetooth device's visibility is set to "Hidden".

Secunia PSI now in final form

Secunia Personal Software Inspector (PSI) is now officially out of beta and at version 1.0 (well, OK ... version 1.0.0.1). I have used versions prior to 1.0 and found them excellent. I'll be downloading, installing, and running PSI 1.0 today. I encourage you to do the same. This free software checks your programs for any updates.

While Microsoft Update (or the lesser Windows Update) does a great job, they naturally only deal with Microsoft products. Your computer has tons more programs, each of which may need a security patch, bug fix, or enhancement. Why check them all manually? Let PSI check for you. Try it; you'll like it.

To really stay on top of patches, I also use Driver Detective (not free, but very worth having).

• Secunia Personal Software Inspector (PSI)

Patch Adobe Reader, Acrobat!

If you use Adobe Reader 8.12 or earlier or Adobe Acrobat 8.12 or earlier, update them now! Adobe has released security updates to critical vulnerabilities.

Better yet, for Adobe Reader, upgrade to the version 9 -- it's free.

Both programs come configured to automatically check for updates, but some people turn that off. Leave the auto-check on -- protect yourself.

Firefox 3 leaps ahead

While not revolutionary or even truly evolutionary, version 3 of the Mozilla Firefox web browser looks very good. Some of its new features may even get me to use it as my default, which is now Microsoft Internet Explorer 7. Some of the new features I look forward to most relate to security and ease of use:

• Site ownership. The "Passport Officer" lets you know who really owns a web site. This helps reduce accidental visiting of malicious sites.
• Malware protection. A "Reported attack site!" message box with a red background pops up when the site you asked to visit is on a list of malware sites. Firefox blocks access and you must select the "Ignore" link if you really want to visit that URL. I also like that the link is small, in the lower right corner, and not a normal button. The two buttons are "Get me out of here" and "Why was this site blocked". This is a good security precaution.
• Page zoom now zooms both text and images.
• Multiple text select. You can now use the Control key to select and copy multiple blocks of text on a web page.
  

Features I an unsure about until I try them extensively include the new "keyhole" shaped navigation control. IE7 font rendering is better than FF2, so I am also curious about how well the font rendering in FF3 will work.

Features I already like in Firefox 2 include spell-checking in Web text areas, including Blogger, and the wide range of add-ons for blogging, editing, and web development.

I do wish Firefox would support the "standard" MSIE hot keys for such things as create a hyperlink (Ctrl+K), as using Firefox in Blogger is less useful than IE at this point (except for Spell-check).

It would help if at least Firefox and Mozilla had consistent hot keys. For example, Thunderbird uses Ctrl+L to insert a hyperlink. It doesn't match MSIE, but the Ctrl+L is easy to remember (L for "link"). But Ctrl+L in Firefox accesses its "Location Bar" (what IE calls the address bar. Bummer.

• Download Firefox (FF3 will be available as of 6/17/2008)
  

Firefox 3 to better indicate "safe" site

For many people, the "padlock" symbol showing in their browser status bar means "safe" or "secure". Actually, it only means that someone has bought a certificate and is using SSL (Secure Sockets Layer) -- encryption.

Since it's possible for criminals to buy a certificate and use SSL, the padlock is no guarantee that you won't get duped or have your identity stolen. What's important is to know that the site is really what it seems and to know who really owns it -- identity.

Firefox developers are now working on a different way to indicate the potential safety (or not) of a site by concentrating on identity, not SSL. In the process, Firefox looks like it will abandon the padlock symbol as an indicator of safety. This should appear in Firefox 3.0 when it comes out.

• The shape of things to come
• "Beyond the Padlock" (WMP video)

Maps - use the right tool

When you need a map, use the right one for the job. If what you need is a road map, you don't need Google Earth or Microsoft Virtual Earth, for example. Google Maps or Microsoft's Live Maps. Basically, I avoid the resource-intensive and thus also slower 3D apps such as Google Earth when I don't really need them to get the job done.

Here are what I see as the strengths of some common mapping apps:

• Basic mapping. Google Maps is my first choice for all basic mapping, from road maps to aerial (satellite)views. Google's maps seem to cover much more of the globe and in closer detail. Google Maps even has a "Traffic" view now, as well as a "Terrain" view.
• 3D maps. For a 3D-type view, I generally prefer Google Earth.
• I use Microsoft Virtual Earth (the 3D part of Live Maps) if and only if I need to get a closer view. In some locations, Virtual Earth's maps get you a bit closer to the surface.
• Measuring distances. Use Google Earth's measurement tool to get a pretty close idea of distances. You can even plot a multi-point line and get the total distance.
• Placemarks. If you want to mark a place on the earth for others to see and you want to add a pop-up box description, see if WikiMapia fits your need. WikiMapia uses Google Maps. Example: Mulungwishi, Katanga Province, D.R. Congo.
• Local points of interest. If you want to add local map "pins" for specific points of interest, Google Maps is great.
• Multiple needs, including 3D. To combine local points of interest plus geographic location plus the need to tilt the view, Google Earth may be your best choice.

IE 7 Add-ons make surfing better

Internet Explorer 7 is a nice browser, but certainly not perfect. I also have Firefox installed on my PC, though I routinely use IE7. Among other things, online Blogger post editing seems to come out better than Firefox. No browser is perfect.

Case in point -- spell checking. I like the Firefox spell checking feature. Well, if you are an IE7 user, there's a free spell check add-on (but I like the Firefox implementation better). Actually, there are different add-ons that let you add features or customize IE7 more to your liking.

Here are a few IE add-ons that I wish Microsoft had included in IE7:

• IE Spell (See IE7Pro below, though). Note that this spell check is only for form fields and similar ares to be filled in -- not for general web page views. It works fine within the Blogger post editing area, for example, though you have to manually force the check.
• Inline Search (from IE Forge. See IE7Pro, below, though.)
• Add Search Providers (surprisingly, from Microsoft)

Other handy Add-ons:

• IE7Pro. IE7Pro adds several features, including Spell check and inline searching. The IE7Pro spell checks as you type, unlike the spell check on request method of "IE Spell" (above). That can be a blessing or a curse -- you decide.
  Note: IE7Pro didn't function well on my system, perhaps due to a couple of other browser helper objects installed. It crashed on use.
• Web Developer Toolbar
• Feed Folder. I prefer the IE7 Feed display in the left pane, but if you like Firefox's feed display better, check out Feed Folder.

SuperSpeed USB 3.0 coming

USB 3.0 is being developed and it's 10 times faster than USB 2.0 -- from 480Mbps to about 4.8Gbps! That's significantly better than firewire.

The product was recently demonstrated with an optical cable but the same type connector. The blazing speed could download a high-definition movie in about 70 seconds.

It may have better power efficiency for attached devices. That could use less power on laptops and may allow more USB devices to be charged via the USB connection instead of an AC adapter.

Current plans are to market it commecrially in 2009.

Scammers target eBay names

Anti-scammer tips:

• Use a different name on eBay than on your webmail. Scammers target an email name on gmail, hotmail, and similar online webmail apps.
• If it sounds too good to be true, it's not true.

- Based on a blurb in the December 28th SANS emailed newsletter (not online yet). You can subscribe to get security "NewsBites" by email.

Software Patch Inspector

Secunia's Personal Software Inspector (PSI) is now in Release Candidate 1 (RC-1).

Of ZD Net's top 10 free security utilities you should be using, they say, "Number one is the Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine."
http://content.zdnet.com/2346-12691_22-95490-1.html

The latest update features an improved look plus easier use by novices, yet advanced options can be turned on.

You can even track the results of your patching. Run, don't walk, and get Secunia's PSI now!