Is Your Sidebar Safe?

This week Microsoft revealed that security flaws have been found in the sidebar and gadgets found in Windows 7 and Windows Vista. Microsoft is saying that gadgets “can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.” They are recommending that all Windows 7 and Vista users disable their sidebars and all gadgets immediately.

What exactly is the threat? Apparently, a person with the right now-how can access your running gadgets and use them to run malicious code. This would allow them to download and install viruses, transmit your personal information or conduct attacks on other systems. All of these actions would be performed without your knowing.

This appears to be a very serious threat, and a fundamental flaw in the sidebar and gadget coding. Microsoft is not releasing a patch to make the programs more secure, they are simply telling you to turn them off altogether. Microsoft has also dropped gadgets from the upcoming Windows 8.

What do you need to do? I am attaching a link to the bottom of this post that will download a Microsoft Fix It program that will automatically disable your sidebar and gadgets. If you are running Windows 7 or Vista and still have not deactivated your gadgets and sidebar, I would strongly recommend that you download and run this program.

 Microsoft Fix-It to disable gadgets and sidebars:

http://go.microsoft.com/?linkid=9813057 

Software Special: 100% Off

In today's economic climate it is more important than ever to squeeze every ounce of value out of every dime that we spend. For the average computer user, software is a significant portion of their computing expenses. Let's take a look at the software costs for a typical PC user:

Microsoft Windows 7: $100 - $250
Microsoft Office 2010: $100 - $300
Norton Antivirus Software: $40 - $80 per year
Adobe Photoshop: $100 - $1,000

So, after you have already paid for your hardware and Internet connection your software will cost you an additional $340 to $1,630. Considering that the cost of the hardware for a new system is usually between $400 and $1,500, depending on what it will be used for, you can see that software will account for about half of the total cost of a new system.

I'm using the most popular products in each category to come up with these figures. Now, I want to take a look at some alternatives that will cost you exactly nothing. However, we are not going to waste our time considering any and all free software. We are going to focus on programs that are considered by most people to be as good as, or better than, their paid counterparts.

The easiest, and most beneficial, program to switch out for a free version is your antivirus. Norton consistently scores very well on independent lab reviews for antivirus programs. However, it does not blow the competition out of the water. In fact, most reviews rate some of the free alternatives as good, or better, than any of the paid offerings out there. The three highest rated free antivirus programs are Avast, Avira, and AVG in that order. This is a great place to start seeing savings as your paid antivirus programs are subscription, meaning that you pay every year.

Next on the list in terms of ease of transition is your office suite. LibreOffice offers features and designs similar to Microsoft Office, but without the charge. LibreOffice is actively developed, and many reviewers are rating it more feature-rich than Microsoft Office for the casual user. LibreOffice provides programs for Text, Spreadsheet, Database, Presentation and Graphic documents. You don't have to worry about compatibility, as LibreOffice will both open from and save to Microsoft formats. This means that you can still share documents with people using Microsoft Office. If you are looking for replacements for Publisher and Outlook, Scribus and Thunderbird are their free counterparts. It should be noted however that Scribus is not able to use Publisher's formats, so you won't be able to migrate over existing projects.

For touching up your photos, GIMP would be the Photoshop replacement. As with the previous programs, GIMP is more than capable for the casual user. If you do graphic design or photography for a living Photoshop is a bit more robust, but for the rest of us GIMP is all we'll ever need. It also allows you to use your Photoshop brushes, though some filters won't transfer over.

The last free option I'm going to discuss is Linux. If there is one piece of software that you're going to pay for, I suggest paying for Windows. There is a substantial learning curve in moving to the Linux operating system. That being said, people that have made the leap find that though different, it is just as robust as Windows. If you are interested in migrating to Linux, I suggest that you speak with somebody that is experienced with it. Please feel free to contact me, as I have been using Linux almost exclusively for 6 years and am always interested in sharing the benefits that it has offered me with others.

The fact of the matter is that software is a multibillion dollar a year industry. The top technology companies these days are all software companies. This is despite the fact that there are perfectly good free alternatives to most of their products. The free alternatives that I have shared today are just that, they are alternatives. They will not look and behave exactly the same as their paid counterparts. However, they can perform just as well. I have been successfully moving people to free software for over 10 years now and rarely have I gotten a complaint. If you have any questions about any of the programs discussed today or the process of migrating to them please feel free to email me at chess@uccwi.com. I will be happy to help you determine if free software can be a fit for you.

Links to mentioned software:
Avast
Avira
AVG
LibreOffice
Scribus
Thunderbird
GIMP
List of various versions of Linux

The DNSChanger Danger

On November 9, 2011 the FBI and Estonian authorities conspired to bring down a ring of computer hackers and as a result thousands of people will lose their Internet connections on Monday, July 9th. While on the surface this statement makes no sense at all, I assure you that it's true. A Trojan that was distributed by a company called Rove Digital from 2007 to 2011 is interfering with infected systems and affecting how they connect to the Internet. This is going to come to a head on Monday, July 9th with all infected systems effectively being cut off from Internet access. The FBI and various non-profit organizations have been doing all that they can to let people know if they've been infected, but they estimate that around 500,000 computers in the U.S. are still infected.

In 2007 an Estonian company called Rove Digital started distributing a Trojan called DNSChanger. This was accomplished by what is known as “drive-by downloading”. Victims would visit websites and get a message saying that a video codec was needed to view content on that site. Hidden within the video codec was a seperate program that would infect the victim's computer. This is called a Trojan after the fabled Trojan Horse because it operates in much the same way. You appear to be getting a free gift, not knowing that disaster hides inside. The Trojan installed itself into the system, then attempted to infect other systems on the same network.

Once DNSChanger was installed it did exactly what it sounds like it would do, it changed the system's DNS configurations. DNS, or Domain Name System, is the Internet equivalent to a phone book. Every website has an address, as you probably know. What you may not know is that a web address has no letters in it, it is just a string of numbers. The address for UCC's website for example is 64.198.7.101. If you type this number into a browser you will reach UCC's website. This number is not exactly easy to remember however, so a system was devised that allowed for easily remembered web addresses. How this works is that there are servers all over the world that act as large directories. You type in an address that you can remember, such as www.uccwi.com. This request is sent to a DNS server, which looks up uccwi.com and finds that it's address is 64.198.7.101 and sends you there. It's no different than looking up UCC in a Yellow Pages and finding our phone number so that you know how to reach us by telephone.

Rove Digital set up their own DNS server and created DNSChanger to force victims to use only their servers. This allowed them to inject addresses of their choosing in place of the addresses that people were actually looking for. For example, somebody trying to look up the IRS website might instead be taken to a website of a tax preparation company. This tax preparation company would be one that had signed up for an advertising program in which it would pay to post it's advertisements on other websites. Every time an advertisement got clicked on, the hosting website would be paid a small fee. Rove Digital was taking advantage of these programs with it's servers by appearing to be a website that was referring people to advertisers. The tax preparation company would have no idea that people had been duped into visiting their site. Though the fee for a referral is very small, usually fractions of a penny, the numbers quickly add up. DNSChanger infected over 4 million computers and as a result Rove Digital profited at least 14 million dollars from advertisement referral fees.

After four years of profiting from this scam, the FBI finally caught up with Rove Digital. However, when they seized the rogue servers they realized that since the infected systems were programmed to only use Rove Digital's DNS services they had a problem. If they simply took the servers offline then all 4 million infected systems would immediately lose Internet connectivity. This included systems at over half of Fortune 500 companies as well as over half of U.S. Government agencies. Instead of crippling the world's ability to connect to the Internet, the FBI decided to bring in their own servers and put them up in place of the Rove Digital servers. Like Indiana Jones swiping an idol for a bag of sand, the switch happened so fast that nobody noticed the change. Now they had a new problem. The FBI is simply not set up to be a DNS host, and they have no desire to be. They set up a system of non-profit organizations that were designed to run the servers until people could have ample time to repair their systems. The FBI and these organizations have done all they could to make people aware of the situation, however at last count there were still more than 500,000 systems in the U.S. alone that were infected and the cut off date for these servers is Monday, July 9th.

This is your last warning. If you haven't yet checked your system to find out if you've been infected visit http://www.dns-ok.us/ . This site has been set up to check systems to detect whether or not they are being redirected through the FBI servers by DNSChanger. If the picture comes up with a green background you're clean. If you get a red background you're infected. Removal is very tricky, and no tools are 100% guaranteed. The FBI is recommending that infected systems have their data backed up and the Operating System reinstalled.  Any systems that have not been disinfected by Monday, July 9th will find themselves unable to connect to the Internet.