Thursday, May 24, 2012

Have You Started Your Spring Cleaning?

The birds are chirping, the plants are budding, and the sun is shining. It's spring cleaning time. Everybody is familiar with the yearly tradition of opening the windows to air out the house and finally getting started on that garage. What many people don't realize is that this is also an excellent time to perform maintenance on your computers as well. People tend to be inside, on their computers, more during the cold winter months. There is also more dust blowing around due to the decreased humidity in the winter. This is the time of year your system is most in need of a cleaning, both to Windows and the physical computer itself.
The first step to a good spring cleaning is to remove unnecessary temporary files. As you perform daily tasks, your system accumulates temp files. These can range from automatic backups of documents you're working on to saved images from websites you've visited. Many people don't realize that even though these files are called temporary files, Windows will store them indefinitely unless you clean them out. Some of these files serve a purpose, for example a website that you visit often will load faster because all of the pictures have already been downloaded and stored in temp files for easy access. On the other hand, many activities automatically check the temp files before taking any other action. This means that if you allow your temp files to accumulate it will take longer for your machine to boot up, print and load some programs. There are utilities that will do intelligent scans to determine which temp files are likely to be reused and which are safe to delete.
The next step is to remove unnecessary startup programs. Every program that you have running takes up system resources, causing the entire system to slow down. These days, many vendors will automatically set their programs to start running in the background during your system's boot sequence. Some of these programs you want to have running all the time, such as an anti-virus that provides real-time protection. However, there are many programs that probably aren't used every time you use your computer. Larger programs will load “helpers”, which are smaller programs that constantly run and help larger programs open more quickly when you choose to use them. Some examples of this are GPS and camera companies that run programs that allow you to access your devices quickly when you plug them in to a USB port. If you're on your computer daily, but only plug your camera in once a month you are probably better off waiting a couple of extra seconds to access your pictures rather than having your system's performance be sluggish every time you log on. You have to be very careful when removing programs from the automatic startup list, as removing the wrong programs can cause your system to become unstable or even prevent Windows from booting up properly. We recommend that you research each program if you're unsure of what it does. It's always safer to leave a program on the list until you can consult with an expert if you're unable to determine whether or not it's safe to remove.
The next thing to do is to check for updates to both your anti-malware programs and Windows. Any reputable malware/virus protection program will publish regular updates to their virus definitions. These are to protect you from newly discovered threats. Most programs that perform real-time protection will update at least once a day, sometimes multiple times a day. If you aren't up to date you aren't protected, it's that simple. Additionally, software providers are constantly looking for ways that their programs might be compromised in order to allow hackers to gain access to your system. When they find holes in their security they will release updates to patch these holes. Adobe, Java and Windows are the most commonly patched programs. If these updates are not performed you are running the risk of leaving yourself vulnerable. Most programs will offer a feature to either check for available updates or allow you to see when the last update was applied. While these updates should be happening automatically, it is good practice to periodically check to ensure that you are protected.
The final digital maintenance to perform is to defragment your hard drives. Let's imagine your hard drive as a library. Instead of using the Dewey Decimal System to organize books, this library simply fills the shelves from front to back. As books are checked out, they leave gaps in the shelves which are filled by other books that are being returned. If a gap isn't wide enough to hold a particularly large book, the librarian simply moves on to the next gap that is large enough, that way she doesn't have to constantly be shifting the books back and forth in order to make everything fit. This is essentially how hard drives are utilized by Windows. The problem comes in when you get volumes that take up multiple books. Let's imagine that our library contains a copy of Encyclopedia Britannica. When the encyclopedia is first acquired it is placed in alphabetical order on the shelf. Let's imagine that somebody takes the M book off of the shelf and checks it out. Later that day, a librarian sees that large gap and fills it with another book. When the M gets returned it no longer has a home and is placed on a different shelf. This process is repeated hundreds and thousands of times until the books are randomly scattered throughout the library. This is called fragmentation. Now let's imagine that you are researching a topic and take the time to scour the library and find that M volume. You sit down and look up your topic, only to find that the volume in front of you refers you to another book in the encyclopedia. Your search starts all over again. It would not take you long to decide that this is not a very efficient way to perform your research. Likewise, when your computer is searching for data a fragmented hard drive can slow the process considerably. This will cause programs to load more slowly and Windows to take longer to boot. When you defragment your hard drive you are essentially reorganizing the books in that library, putting all of the books in the encyclopedia together again so that they are easily and quickly found.
Once you've finished with your system maintenance, it's time to shut down the computer and open the case. The first thing that we want to do is to clean out any dust that's accumulated. Dust can cause two problems for your computer. It can lay across electrical circuits and cause shorts, which can damage or destroy your hardware. It also naturally gathers in areas of high airflow. Your system needs airflow in order to keep itself cool. Dust will clog filters and block fans to the point where your system has to work harder to keep itself cool, or run hotter than it's designed to. Either of these scenarios will significantly shorten the life of your system. Once the system is cleaned out check your hardware for loose connections and make sure that everything appears to be functioning properly.
Preventative maintenance is often overlooked when people are considering the performance of their computers. Many times people are looking to purchase a new system without realizing that with proper maintenance their current system can perform all of the tasks that they require. Hopefully, we've given you some tools to ensure that you can keep your systems running efficiently for years to come.

Friday, May 18, 2012

Do You Want To Allow Changes?

If you've used Windows for any length of time, you're familiar with the pop-up box that asks: Do you want to allow this program to make changes to your computer? One of the most commonly asked questions is: How do I know when to click Yes and when to click No? The first step to determining the answer to this question is to understand why this box is popping up in the first place.
The simplest answer as to why that box keeps popping up is that is attempting to stop your computer from installing malware without you knowing. Traditionally, viruses and other malware would piggyback on a file that you wanted to download in order to get into your computer. Once downloaded, the malware would begin running processes in the background to embed itself deep within your system. Microsoft has attempted to stop this by building a protection into Windows called User Account Control (UAC). UAC is designed to force any program that is trying to change how your system runs to ask your permission before it's allowed access. This limits the amount of damage that a virus can do without alerting you that it's there. The trick is to know when that box pops up if it's something that you made happen, or if a background program made it pop up. Once we determine that it's a background program, we can figure out if it's something that is malicious, or if there's a legitimate reason for that program to change your system.
First, let's rule out the possibility that you triggered the UAC box to pop up with something that you're doing. Here's a list of actions that will cause that box to pop up:

  • Running an Application as an Administrator
  • Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
  • Installing and uninstalling applications
  • Installing device drivers
  • Installing ActiveX controls
  • Changing settings for Windows Firewall
  • Changing UAC settings
  • Configuring Windows Update
  • Adding or removing user accounts
  • Changing a user’s account type
  • Configuring Parental Controls
  • Running Task Scheduler
  • Restoring backed-up system files
  • Viewing or changing another user’s folders and files
  • Running Disk Defragmenter

Running any utilities such as Ccleaner or Defraggler will trigger the box because these programs are designed to perform one or more of these actions. Were you running any utilities immediately before seeing that box pop up? If so, there's a good chance that you triggered the UAC. In this case, the system is just checking to make sure that you're aware of what you're doing.
If you didn't try to perform any of the listed actions and weren't opening a utility program, then we know that a background process caused the box to pop up. Now we have to determine if that process is malicious. The easiest check to do is to check the program name and publisher listed in the pop-up box. Is it something that you recognize and know is safe such as Adobe, Java or Firefox? Is your antivirus trying to update itself to keep you safe from new threats? If it's a name that you know and trust, it's probably OK to go ahead and allow the action. If you don't recognize the name and publisher, or if the publisher is listed as Unknown then we may have an issue. If you've recently downloaded or installed a program that you wouldn't expect to change your Windows settings and it pops up a box, this is an indication that it may be malicious. This is an instance where you probably want to deny access.
Once you've decided that the program listed in the box is suspicious, the easiest action is to run a simple Google search. In most cases, you aren't the first person to encounter this issue. Other people have taken to the Internet to find out what this program is and why it's trying to access your computer. If it's something malicious, you'll see immediately see red flags in your Google search such as pages titled Virus, Spyware or Adware. One of the most common malware programs that we encounter is a toolbar called CouponBar. When I type CouponBar into Google, in the first page of results I see: Virus Warning!, an adware program..., (adware. couponbar), How do i remove the coupon bar adware from my computer?, and pages on and In all, 6 out of the first 10 pages listed refer to some form of malware, either in the title, the description, or the page's address. The other 4 are offers to download CouponBar. This tells me that even if I installed CouponBar on purpose I probably shouldn't grant it access to my system. Other searches, such as a search for msiexec.exe will not be so obvious. Some sites indicate that it may be malware, while other sites indicate that it may be part of the Windows operating system. In cases like this, it's safest to deny the program access and consult somebody that's more familiar with computers. Let them know what you were doing when the box popped up, what exactly the box said, and what programs were running. This way they'll have the tools to diagnose your system and tell whether your system was performing scheduled maintenance, or if you have malware masquerading as a benign system process.
As always, the safest bet is to have an up-to-date version of an anti-malware program running at all times. That way most threats should be neutralized before that pop-up window ever appears. UAC is a system that was developed by Microsoft to make it harder to invade your system, but it's not a catch all. Malware developers have come up with ways to circumvent this feature. The easiest way for them to do that is to trick you into clicking Yes on that pop-up box. Hopefully, we've given you some tools that will allow you to know when it's safe to say Yes, and when you need to dig a little deeper.

Friday, May 11, 2012

The Dangers Of Downloading Free Software

We have all been bombarded with advertisements that offer free products in exchange for an additional purchase. We immediately become skeptical when we hear “Sign up today and get a free umbrella.”, but we don't carry this skepticism over to the digital world. When we are offered a free screen saver or weather updater we jump at the offer without ever considering the motivations that are driving this free offer. There are instances where somebody writes a piece of software because they genuinely want to help other people. The sad news is that most people aren't giving these programs away out of the goodness of their hearts. There is an ulterior motive. Hidden deep within the code of that screen saver or weather updater there's usually a secondary program that you never see. It runs in the background, and it can do anything from slowing your computer down, crashing your computer altogether, stealing your information, or using you as a relay to send spam.
We have all heard stories about people opening dubious emails and getting a virus. This is the most well documented way to get an infection, simply because it is the easiest to identify. The fact of the matter is that viruses are getting less common as time goes on. There simply isn't enough money in viruses to make it worth somebody's time to create them. People that have the skills to create viruses are capable of higher returns on their time through other forms of malware.
Adware is now a much more common form of what we would consider malware. Adware is a program that displays advertisements on your screen, which the developer of the program collects profits from. Adware takes several forms. The most obvious is a program that periodically pops up a window with an ad banner. Another way that adware may work is to hijack your web browser. They are capable of replacing the advertisements that are displayed on legitimate web sites with their own ads. There is a group of adware that will even redirect your web browser to the sites of their advertisers. You can visit Google to perform a web search, and instead of displaying the results that Google publishes you would see a list of sites paid for by advertisers. Each link that you click on, the creator of the adware gets paid.
Another way to profit from malware is a scheme known as scareware. Scareware preys on people's fears of infections. A common scareware tactic is to pop up a window that looks like a system message telling you that there is a problem with your computer and directing you to a legitimate looking site, where they try to sell you a program to “fix” the problem. This program will usually just load more infections onto your system. The most common ploys that scareware uses are messages stating that your computer is not running at maximum speed, your hard drive is failing, or that you have a virus infection. The program will mimic the behavior of these problems by hiding files, hogging system resources to slow performance, or crashing your computer. These infections can be hard to combat, as the malware will often times hijack your system in an attempt to make you feel that you have no choice but to buy and install their software. In this case it's best to seek professional assistance, as there are tools specifically designed to overcome these tactics. Never, under any circumstances, download and install a package that is suggested if you observe any of this behavior, as doing so would open your system to much more serious infections.
The last form of malware we're going to discuss is spyware. Spyware, as the name implies, is used to steal your information. A common tactic is keylogging. Keylogging records every keystroke that is entered into your system and then sends that information back to the developer of the program. This can allow them access to all of your passwords, online account information, banking information, or anything else that has been entered into your system.
All of this can cause the internet to be a scary place. How can you tell what's safe to download and what's not? An easy way to determine this is through a little research. A simple Google search will often times pull up results of people having problems after downloading a program, if it is in fact malicious. Another way to keep yourself safe is to only download programs from sources that you know to be safe. Downloading a driver from HP is probably safe, whereas downloading the same driver from a file sharing site may not be. It is relatively simple to download a program, alter it to include malware, and upload it back to a file sharing site. This way people can add vicious programs to seemingly safe files.
The most important step you can take to protect yourself is to make sure that your system and software is updated with the most recent security patches. Legitimate software vendors are constantly searching their programs for security holes that malware can exploit. They then send out “patches” to fill those holes. This is only effective if you download and install these patches.
There is a lot of good, free programming online for download. However, as with everything else, there is a lot of bad out there too. Hopefully with this guide we've armed you with some tools to protect yourself. Make sure that you have an up-to-date anti-malware program running, and follow the tips described above and you shouldn't have any problems. By knowing what to look for we make the job of attacking us much more daunting.