How to make sure you’ve got the latest version of Java (Windows users)

July 6, 2012

According to the excellent website Krebs on Security, a new Java exploit is set to go completely mushroom cloud on computers worldwide with outdated Java installations within the next few days.

The BlackHole Exploit Kit is used by cybercriminals for purposes various and nefarious, and is currently the most common web threat around. However, we won’t go into too much detail here about the malware itself. Instead, let’s talk about how to keep your Windows-based computer safe.

The first thing you need to do is find out if you have Java installed on your computer at all, and which version you’ve got. The easiest way to accomplish this task is to visit java.com and click the “Do I hava Java?” link. This takes you to a page with a big “Verify Java version” button:

Click the button and the site will tell you if you’ve got the recommended version of Java installed, which currently (as of July 6, 2012) is either Version 6 update 33, or Version 7 update 5. If it tells you to update, follow the on-screen instructions.

(If your computer is set up like mine, your web browser will ask you for permission to run the Java content on this page. At this point, you’ll know you’ve got it installed, but you still need to verify which version you’ve got. Click the “Run this time” button when prompted, and it will let you know if you have the recommended version.)

What if the site says you don’t have Java installed? Should you install it?

Naturally, the java.com website will suggest you do, but if you’ve been using your computer without it so far, I’d recommend not installing it at all. Java is currently the most popular channel through which exploits like the BlackHole pack are used, and new security holes are discovered all the time. If you’ve come this far without Java, there’s really no good reason to install it.

If you’ve got Java installed and want to keep it (there are still some websites that rely on it), make sure you’ve got the software set to check for updates at least once a week, but I recommend taking it a step further and checking daily. Here’s how.

1. Click the “Start” button, then select “Control Panel.”

2. Find the “Java” icon in the Control Panel window and double-click it.

3. Click the “Update” tab, then the “Advanced” version.

4. Select “Daily” and check what time of day it will check. I left mine on 11:00 PM. Click “OK.”

5. Click “Apply” and “OK.” You’re done!

Note: if the updater detects that a new version of Java is available, most of the time you’ll have to manually install the update. Your computer will prompt you when it’s time.

Comments Off | Computer Security | Tagged: , , , , , , | Permalink
Posted by Clint

The “Slow Computer” Scam

September 28, 2011

Does your computer seem to be running slower lately?

You’re not alone. Over time, computers tend to get bogged down. For example, you install a piece of software to accomplish some task you only perform every now and then, but the program requires that a component of itself be running in the background at all times. Or you upgrade your antivirus software—the new version does a better job of filtering out malicious software, but it also needs more system resources to do its job.

Perception also plays a role—the “new” wears off a computer pretty quickly, and what seemed like blinding speed a year ago now feels like you’re trudging through treacle every time you want to fire up a web browser, even if the machine is running just fine.

The net result is that a lot of people think, “Hey, this thing isn’t running as fast as it used to—something must be wrong!” Enter the Slow Computer Scam. It generally targets seniors, but anyone with a computer could fall for it.

It begins with a phone call from a stranger who claims to work for Microsoft. The caller tells the victim that the company has received notification that their computer has been running slowly or is infected with spyware, viruses or other problems.

At this point, if the victim agrees, the call will go one of two directions. In the first variant, the victim is instructed to go to their computer, then fed step-by-step directions by the caller that are supposed to fix the problem. What is actually happening is the victim is handing over control of their computer to a criminal, allowing them to search for files containing personal information, install spyware designed to harvest any data the victim enters, or link the computer to a botnet used to transmit data for organized criminals.

In the second version, the victim will be told that the caller can fix the problem, but only for a fee. They will be instructed to use Western Union to wire a few hundred dollars as payment.

There is a recent double-dip version in which the scammers call the same victim again a few weeks later. This time, they inform the victim that they are from Dell (or whoever manufactured the victims computer), the earlier call from Microsoft was a scam, and that their computer was infected with malware by the scammer. They offer to fix the computer for a fee of several hundred dollars, again to be wired via Western Union.

This may be one of the easiest scams to recognize. If your telephone rings, and someone is on the line telling you that there’s something wrong with your computer, that’s your cue to hang up.

Microsoft does not have a giant control room that keeps tabs on the performance of every computer in the world. Nobody is sitting at a monitor going, “Whoa. Some guy out in Indiana has a slow computer. Perkins! Get on this!”

The same goes for Dell and other computer hardware manufacturers—they don’t have a giant database of who owns their computers or how they’re running. If there’s a problem with your hardware or software, or if your machine is infected with malware, it’s basically on you to figure it out and fix it.

There is also no scenario in which Microsoft, Dell, or any other tech company is ever going to require payment via Western Union. Keep your antivirus software up-to-date, and when a stranger calls to tell you there’s a problem with your computer, hang up.

1 Comment | Computer Security | Tagged: , , , , , , , | Permalink
Posted by Clint

Having a dedicated computer for online banking

November 4, 2010
Clipart of bills and coins

Image via Wikipedia

Here’s a great idea that doesn’t get talked about enough: having a computer you use only for online banking and other financial activities, and a different computer for games, music and general Internet usage.

It seems like an expensive route to have two separate computers, but think about it—your financial machine only has to be just powerful enough to handle an operating system, an Internet connection and a web browser. You don’t need massive amounts of RAM or a great (or even particularly good) video card. You could probably even find a used laptop running Windows XP (if you’re a PC user; however I would not recommend Windows Vista) if you poke around. Install your antivirus software and Mozilla Firefox with the NoScript plugin, and you’re ready to go. I would also recommend setting up a separate email address for anything related to finances, and only check it with your financial computer.

What this does is keeps your financial activities separate from everything else; you’re not likely to encounter malware by logging in to your credit card providers or financial institution’s website. In the meantime, if you run into malware trouble on your “fun” computer while mucking about on the Intertubes, the damage will be limited. Your banking passwords won’t get snagged by a keylogger you picked up on an infected website, even if your Facebook password does.

Of course, buying a separate computer is going to cost money whether you go new or used, and in any case you have to keep your security software up-to-date on both machines. It’s not an option for everyone. However, if you can swing a few hundred bucks for a dedicated banking computer and some good security software, it’s just one more layer of protection.

2 Comments | Computer Security | Tagged: , , , , , , , , | Permalink
Posted by Clint

Online security: teach your children well.

March 1, 2010

I don’t have any kids yet, but I know a few people who do.

Okay, so I know more than a few. I know many, and almost all of them have something in common: their computers are constantly being infected with viruses, trojans and other types of malware. I’m not talking about the occasional adware popup or tracking cookie—these machines are usually just crawling with malicious software.

There’s sort of an old myth that your twelve year old is always going to know more about the computer than you. Perhaps this is true when it comes to first-person shooters and making goofy videos, but kids don’t know everything about computers, and security is one of those areas where they generally seem to lack the fundamentals.

Of course, they’re invincible, too. There’s always that. Ask them sometime; “Is it even possible that you might run into a virus on the Internet?” They’ll probably look at you like you’re an idiot. Again.

But it happens, and it seems to happen a lot. You’ve got to educate your kids about malicious software, because a keylogger doesn’t care who downloads itself; it’s going to send login and password information, whether it’s to a Facebook profile (bad news) or your financial accounts (worse).

First, if you’ve got kids using the Internet, try to keep an eye on them at least some of the time. Since this is impossible, though, make sure you’re using Firefox with the NoScript plug-in. No Internet Explorer! There are more holes in that browser than a hunk of Swiss.

Secondly, learn about the various dangers yourself, and make sure you warn your kids. No kid is going to be able to resist “lol is this you?” or “lol funny video” followed by a shortened URL, unless someone tells him that such links lead only to malware.

Thirdly, obtain the burliest antivirus and firewall software you can afford, and pay the money to keep it updated. This is vital anyway, but if you’ve got kids clicking a mile a minute on Facebook and Twitter, you really need to take maximum precautions.

I suppose you could try to limit your kids’ access to the Internet, but you could also try to wrestle a grizzly bear while you’re at it. Good luck with that one.

Finally, consider getting your own computer or laptop that the kids aren’t allowed to even touch, and use that one for business and banking. At least your accounts will be safe(r), assuming you’re taking the necessary precautions on this computer as well.

Okay, does this post officially put me in the “old person complaining about young people” camp? It does sort of have that “I tell ya, the kids today, with their Facebooks and their Twitters,” flavor doesn’t it?

I don’t know, but I know it’s important to get your kids hip to the dangers of malware as soon as you can. Your own financial security may depend on it.

Comments Off | Computer Security | Tagged: , , , , , , , , , | Permalink
Posted by Clint

Don’t use easy-to-guess passwords.

February 24, 2010

Passwords. They used to be something you’d only encounter in spy movies or the occasional “No Girls Allowed!” clubhouse.

These days, they’re everywhere. How many do you have?

I know I’ve got plenty; offhand, about 20 work-related passwords, and probably 30 personal ones. Now, some of these are stored by email clients, and since I’m not using public computers, I often check the “Remember Me” box, but still…it’s a lot of passwords.

Are your passwords easy to guess? They shouldn’t be. If you’re using your dog’s name for all your passwords at the same time you’re constantly posting photos of said dog on Facebook, you could be opening yourself up to all kinds of trouble.

Twitter even banned a list of 370 “obvious” passwords recently. Among these were clunkers like “password” and “password1,” but also some pretty specific ones like “NCC1701″ (the Enterprise’s registration number from Star Trek) and “trustno1″ (Fox Mulder’s password from The X-Files).

Strong passwords contain letters, numbers, and even characters (such as !@#$%&). It’s really in your best interests to use strong passwords, change them regularly and never use the same password for everything. “123456″ is going to take a lot fewer guesses than “fh34JF$x.”

However, don’t make them so difficult they’re impossible for you. Back in high school, several of us realized that you could make your programming class passwords very long, as well as include spaces. I immediately changed mine to “Weasels Ripped My Flesh…RZZZZ!” (from a Frank Zappa album).

The chances of (blindly) typing that mess correctly were about 1 in 15—nobody could get into my account, including myself most of the time. Two days later, I changed it to a six-letter sequence.

Comments Off | Computer Security | Tagged: , , , | Permalink
Posted by Clint

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 165 other followers