Kelowna Computer Repair Blog

More and more I’ve been getting calls from people using AVG Free or some other free antivirus program.  These free programs do not protect you.  I hate to say it, but the only way to be sure you don’t get a virus is to spend money on a good antivirus program.

Of course your next question is “What do you recommend?”

Well, I have to say, every program that I’ve found, someone has some negative issues with.  It might block malware from getting on your system, but it also blocks your email from coming through.  Or it works great as an email scanner, but you get malware off of the web while it’s installed.

I have to say, I have not found one product that “most” of my customers are happy with.

But here are a couple I’m recommending.  I won’t put links to them, just Google “Download _______” and you’ll find them:

Kaspersky

AVG (paid version only!)

Zone Alarm (available at Futureshop or Staples)

Norton / Symantec

McAfee

It’s a jungle out there…..

I have been a user of the ICQ instant messenger for many years now.  It was one of the very first instant messengers, and I was one of it’s early users.  I never have seen the need to switch to anything else, especially since I almost never use instant messaging at all.  Now a recent experience with ICQ has left me wondering if the whole project has been taken over by Russian hackers.

I installed the latest version of ICQ to communicate with people on a particular project, then uninstalled it when the project was over.  ICQ when installed, hijacked my search provider, and “enhanced” it with it’s own “ICQ search”.  Even after uninstalling the product, it left it’s hijacked version of my browser, and no matter how many times I delete it from my search providers, ICQ Search keeps coming back again.

I reinstalled the product to see if there was anywhere I allowed it to hijack my search provider.  Turned out that there is a link during the installation to “advanced settings” where you are informed that your search provider will be hijacked unless you uncheck the appropriate box.  That option should be wide out in the open during installation, and the fact that it wasn’t leads me to believe that ICQ 7 has been taken over by scammers at best.  The fact that you can’t remove it’s product establishes for me even further ICQs malicious intent.

Because ICQ has been around for so long, its likely that the virus scanners have not yet added it to their lists of malware to be protected against.  But the latest version of ICQ, ICQ 7, is definitely malware in my book leaving behind a trojan that keeps reinstalling the hijacked search tool.

Here’s a Google search for ICQ clones.

Don’t use ICQ – you’ll never get rid of it.

Imagine getting hundreds or thousands of calls on your home, business, or cell phone, tying up the lines. And when you answer, you hear anything from dead air to recorded messages, advertisements, or even phone sex menus.
It’s annoying, no doubt. But it could be more than that—it could be a sign that you’re being victimized by the latest scam making the rounds. This ”telephone denial-of-service attack“ could be the precursor to a crime targeting your bank accounts.
Denial-of-service attacks, by themselves, are nothing new—computer hackers use them to take down websites by flooding them with large amounts of traffic.
In a recent twist, criminals have transferred this activity to telephones, using automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting citizens.
share.gifWhy are they doing it? Turns out the calls are simply a diversionary tactic: while the lines are tied up, the criminals—masquerading as the victims themselves—are raiding the victims’ bank accounts and online trading or other money management accounts.
Here, in a nutshell, is how the whole thing works:
*      Weeks or months before the phone calls start, a criminal uses social engineering tactics or malware to elicit personal information from a victim that this person’s bank or financial institution would have—like account numbers and passwords. Perhaps the victim responded to a bogus e-mail phishing for information, inadvertently gave out sensitive information during a phone call, or put too much personal information on social networking sites that are trolled by criminals.
*      Using technology, the criminal ties up the victim’s various phone lines.
*      Then, the criminal either contacts the financial institution pretending to be the victim…or pilfers the victim’s online bank accounts using fraudulent transactions. Normally, the institution calls to verify the transactions, but of course they can’t get through to the victim over the phone.
*      If the transactions aren’t made, the criminals sometimes re-contact the financial institution as the victim and ask for it to be done. Or they add their own phone number to victims’ accounts and just wait for the bank to call.
By the time the victim or the financial institution realizes what happens, it’s too late.
Law enforcement and industry response
While the lines are tied up, the criminals are raiding victims’ accounts.
The FBI first learned about this emerging scheme through one of its private industry partners, which told us how a Florida dentist lost $400,000 from his retirement account after a denial-of-service attack on his phones.
And as of April of this year, there has definitely been a noticeable surge in telephone denial-of-service attacks, with numerous incidents having been reported in several Eastern states.
To help fight these schemes, the FBI has teamed up with the Communication Fraud Control Association—comprised of security professionals from communication providers—to analyze the patterns and trends of telephone denial-of-service attacks, educate the public, and identify the perpetrators and bring them to justice.
Ultimately, though, it’s individual consumers and small- and medium-sized businesses on the front line of this battle. So take precautions: never give out personal information to an unsolicited phone caller or via e-mail; change online banking and automated telephone system passwords frequently; check your account balances often; and protect your computers with the latest virus protection and security software.
And if you think you may have been targeted by a telephone denial-of-service attack, contact your financial institution and your telephone provider, and file a complaint with the FBI’s Internet Crime Complaint Center.

I just learned something new today.  A customer called to say that she forgot her Windows login password, and wanted to know if I could help her access her computer.   Oddly, I’ve never had this particular request before.

I did some research and found (fairly easily) a free Linux-based program that I could put on a CD.  The program boots the computer then runs through a routine by which you are able to access any Windows account on the computer, and blank out the password for that account.

I tried it on my own computer, and it worked quite well.  This was a good solution for my customer.

But it occurred to me that a tool like this can be used by the Dark Forces as well.  Anyone with a little computer knowledge can follow the instructions that come with the program I found (and there are surely others like it) and hack past a windows password like a breeze through a wind chime.

I don’t plan on posting the link to the software or the instructions for using it here, because I don’t want to provide anyone with the tools to steal data from others. 

But I thought that it was worth mentioning that this is possible, and for someone who knows enough about computers to burn a CD, it’s pretty easy.

So the moral of the story is, if you have sensitive data on your computer, don’t trust your Windows login password to keep it safe.  The best way to keep your data completely safe from prying eyes is to use encryption software to password protect a folder or files.

Just do a Google search on “freeware file encryption tools” and you’ll surely find plenty of security. 

Just don’t encrypt your files and then forget your password, because then you are really hosed!