Last Tuesday night my oldest son came into the room and told me he thought one of our computers was being hacked. So I kicked into incident response mode and walked into the other room to be greeted with a computer loudly telling me that Microsoft Security Essentials was unable to clean a virus and to immediately call Microsoft.
Instead I immediately shut down the computer. Here’s why.
Last week at work, I noticed some odd events in an event log, and when I investigated them, I found they were part of a failed ransomware attack. This got me thinking about how to prevent ransomware at home.
Ransomware, if you aren’t familiar, is an attack that encrypts your data and demands a ransom, usually around $300, in bitcoins, and you get a short deadline until it destroys your files. More often than not, paying the ransom is the only way to get the files back, so it’s much better to prevent it.
In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:
Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.
Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.
I installed Windows Vista last week. I need a legal copy of a supported version of Windows to use to VPN in to work and run the corporate Citrix client. Vista fit the bill. It’s better than 8.1, and it’s supported until April 2017. I always hated Vista, but 8 and 8.1 made me realize it could have been a lot worse, and on recent hardware Vista does OK. It still prompts you for admin rights too much and too slowly and makes you work too hard to click yes, but at least you can find stuff. Read more
I got another “Windows Technical Support” call on Friday evening. My caller ID said Minneapolis, and since I have coworkers in Minneapolis, I answered. But the guy on the other end was a long way from Minneapolis and probably doesn’t know diddly about ice hockey.
I’m pretty sure it was the same criminal as last time, but over a better VOIP connection. I remember the voice pretty well, because his parting lines from last time, “Enjoy your broken computer, Mr. Genius Man!” struck me as funny. And he started the conversation with, “I’m calling you again about your Windows 7 computer.”
My conversation with him revealed a few things about why this scam is likely to be profitable.
I wish I’d posted this last week, since many of us see one set of relatives at Thanksgiving and a different set at Christmas (and perhaps New Year’s). Here are things you can do as preventative maintenance for relatives whose computers could use a little help. Read more
Via PC Magazine, I found the AMTSO website, which is designed to test your antivirus software for proper operation. I think this is good for two reasons. One, it gives you a chance to see if antivirus software is operating properly. Two, it gives you a chance to see how your browser and antivirus software behave when something bad is going on. Read more
“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.
But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.
When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.” Read more
When Microsoft Security Essentials first came out, it was an improvement in antivirus performance. Now, it’s middle of the pack, according to PC Magazine. That’s great. Vendors are finally taking performance seriously.
What that means is that by replacing MSE with F-Secure Anti-Virus 2013, Kaspersky Anti-Virus (2013), Sophos Anti-Virus 10.2, ESET NOD32 Antivirus 6, Norton Antivirus (2013), Avast Free Antivirus 8, or Bitdefender Antivirus Plus 2013, you can speed up your computer. Considering Norton Antivirus was once bottom-of-the-barrel in the performance arena, I see this as a good thing.
Of the bunch, Avast is the only freebie. Though if your ISP offers one of the others as part of your subscription, or you don’t mind paying for antivirus, the others are an option. But maybe, just maybe, if I replace Microsoft Security Essentials with Avast, Peggy will quit calling me at dinnertime and telling me my computer is slow. But I doubt it. Read more
An anonymous Microsoft developer spilled some juicy opinions about why Windows kernel performance isn’t all it could be and answered some longstanding questions about Windows vs. Linux kernel performance in the process. Although he has recanted much of what he said, some of his insights make a ton of sense.