TWT Newsletter, Issue #048 – How common is Windows malware? Sony data breach and more
Welcome to another edition of the TWT Newsletter. The days are getting sunnier and the evenings are getting brighter, but that doesn’t mean there’s no time for using your Windows PC. This issue we take a look at two of the more alarming stories that have been doing the rounds on the internet in April, as well as bringing you our usual tip and free utility too.
Important! A number of our subscribers have had difficulty receiving our newsletter. At Top-Windows-Tutorials.com we never send out unsolicited e-mails. To make sure your TWT newsletter reaches your inbox, please add TWT_Newsletter@top-windows-tutorials.com to your contacts, buddy list or white list.
In this months issue:-
1) What’s new at Top-Windows-Tutorials.com?
2) Offline Archive April 2011 now available
3) Stop press! – Potential LastPass security breach
4) Exactly how many PC’s are infected with malware?
5) Tip of the Month – Time to spring clean those start-up programs
6) Free Utility of the Month – Secunia PSI
7) Data breach at Sony, what you need to know
What’s new at Top-Windows-Tutorials.com?
In April we updated several of our popular troubleshooting tutorials. If you need to install Flash player on your computer, in order to view video content on our site or thousands of others across the internet, the easiest way is to manually download the Flash player installer. If you are using Internet Explorer 7, 8 or 9, you can now follow this tutorial.
One of the biggest changes in Internet Explorer 9 is its excellent new download manager. If you are wondering how to use the new IE9 download manager, this new tutorial will make things easier.
Networking problems can be frustrating, when our computers won’t connect, its a reminder just how much we rely on the internet! If you have a Windows XP PC that stubbornly won’t connect to the internet, try performing a Winsock reset. We show you how in this tutorial.
Offline archive April 2011 now available!
We’re pleased to announce that we recently updated our popular Offline Archive DVD to include all content from the site until April 2011. Want access to all our tutorials on one handy DVD? The new Offline Archive is a complete copy of our site taken at the beginning of April 2011. This is an ideal way for users on slower internet connections to experience our site and its multimedia content at blazing fast speeds. Perfect as a Windows reference library or simply for use where an internet connection is not available, the Top-Windows-Tutorials.com Offline Archive is now up-to-date and ready for shipping. Click here to find out more.
If you already own an earlier Offline Archive, click here for a special upgrade offer.
Stop press! – Potential LastPass security breach
At Top-Windows-Tutorials.com we encourage all our readers to use a password manager to keep track of their logins. Later in the newsletter you will read about the data breach at Sony. Users who were using a password manager to manage their logins to Sony’s system don’t need to worry about their Facebook, Twitter or other accounts being compromised.
One thing that worries users about these services is the possibility of the password vault itself being hacked. On May 4th, LastPass announced that they detected some suspicious behaviour on their servers. According to the management at LastPass, although there was no evidence of a hack uncovered, there was a suspicious spike in traffic leaving the company. As a precaution, LastPass is advising all of its customers to change their master passwords. Please see this link for more information.
No doubt some of our readers, who we convinced to switch to LastPass, are now angry that a supposedly secure system has been breached. However, unlike the Sony data breach, any data that was stolen from LastPass (and it’s unclear that any actually was) was encrypted. This means that the attacker still has to try to guess users master passwords. Users password vaults were NOT stolen, so as long as you change your master password you are safe, since it will take even a powerful computer a long time to crack even weaker passwords.
Given that no system is completely secure, we are still standing behind LastPass after this incident. LastPass is and has always been, MUCH more secure than memorising one or two passwords and using them on every site on the internet. If you don’t like the idea of storing passwords in a vault on the internet, we also recommend Roboform. Roboform can store them locally on your PC instead, but of course, PC’s can still be stolen!
Exactly how many PC’s are infected with malware?
Windows always seems to get a bad reputation when it comes to viruses, malware and spyware. In April, there were some interesting figures thrown around as to exactly how prevalent malware was on users PC’s. One article (which now seems to have been removed) was quickly tweeted and reposted around the internet. The article claimed that nearly half of the personal computers in the United States were infected with malware.
Is that statistic shocking? Your editor finds it to be. Discussing the article on Twitter, one individual scoffed and said that he believed that figure was far too low. In actual fact the statistic did turn out to be a fabrication, based solely on users who scanned their computers with an online virus scanner. 50% of people who suspected they might have a virus or other malware, and scanned their PC with this tool, did in fact have a virus. A big difference from the earlier claim.
ZDNet’s Edd Bott went a step further, claiming that the actual figure of infected machines was between 1% and 2%, “In my opinion, if you practice the basics of online security, the likelihood that your Windows PC is infected by malware is a tiny fraction of 1%”, he wrote, using statistics gathered from Microsoft’s annual Security Intelligence Report to back up his claims.
Just who do you believe? Are antivirus vendors really trying to scare you with false claims? Or, is malware lurking on the hard drives of all Windows users, just waiting for the time or signal to send all your private data away to criminals? In actual fact neither scenario is true. Apparently, 65% of statistics are made up on the spot anyway, so let’s move away from such claims and look at some hard facts.
Fact 1 – Windows is still the most used operating system and so still presents the most attractive target for criminals – Macintosh users often claim that their computers are inherently more secure. It is true that Linux and OSX seem more resistant to the kind of all conquering rootkit viruses that can decimate Windows and require a complete re-installation of the OS. Since the introduction of Windows Vista and Windows 7, however, Windows is actually more secure than Macintosh OSX in several key areas. The geeks will continue to debate the finer points of security on various operating systems, but the fact remains that Windows is used on more desktops and so presents a more appealing target. Criminal activity on the internet often centres around controlling as many compromised “Zombie” PC’s in order to launch distributed denial of service attacks. The ‘security by obscurity’ that is offered by switching to Macintosh or even Linux may work to some degree at the moment, but isn’t really a long-term solution to the problem.
Fact 2 – Windows XP is less secure than Vista or Windows 7 – While Windows XP helped to bring Windows into the modern age, Microsoft made one very big mistake by encouraging everyone to run as an administrator, effectively giving all the programs a user runs full access to the computers memory and hard drive. This mistake has for the most part been rectified in Windows Vista and Windows 7. Configure your Windows Vista/7 machines to use a standard user account rather than an administrator account, using UAC to provide administrator access only when absolutely necessary. If you are still on Windows XP, you can use standard accounts too, but most users find it too inconvenient to keep switching back and forth. XP users might want to consider an upgrade especially if you have had problems with malware recently.
Fact 3 – All the security software in the world cannot protect you if you do not take basic precautions as a computer user – Be vigilant, don’t install free antivirus software that suddenly appears in a pop-up. Be careful when following links or opening attachments in e-mails, double check with the sender if the e-mail looks like it has been automatically generated by a hacker or spam-bot.
Of course, there are plenty of great tips and tutorials on Top-Windows-Tutorials.com for helping to secure your PC. If you keep your PC and your web browser fully patched and run a good antivirus package, your chances of infection are dramatically lower. If you’re still confused about viruses, start with our article here.
Tip of the Month – Time to spring clean those start-up programs
It is great that Windows users can choose from such a huge range of software. We all love to try out a new utility, game or screen saver. Increasingly however, free programs that can be found on the internet are installing so-called “speed launchers” or “assistant” programs. These programs start up as soon as your computer loads Windows, with the purpose of, well, quite often nobody knows. Some claim to make opening certain documents faster, others might just provide a quick launch icon in the system tray. One or two of these oh-so-helpful little programs might not be much cause for concern, but when you are dealing with half a dozen of them they quickly start to slow your computer down. If you haven’t taken a look at what programs are automatically starting up on your Windows PC, now might be a good time. Check out our tutorial on the System Configuration Utility here. Don’t be too hasty when disabling programs though, some of the programs which start along with Windows are necessary for the day to day running of your operating system.
If you are a less confident user, you may wish to check out Soluto which includes an extensive database of programs which can be removed or delayed at startup.
Free Utility of the Month – Secunia PSI
We discussed the importance of keeping Windows up-to-date in our main article this month. Windows Update is great because it keeps our Windows PC’s patched automatically. Of course, all PC’s have other software installed too. Keeping all the other software up-to-date on your PC can also help prevent malware and other intrusions into your system, but checking for updates for all that software by hand can be very time consuming. Enter Secunia PSI, or Personal Software Inspector. According to the Secunia home-page, “Secunia PSI is a security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly popular among criminals”.
Not only does keeping software up-to-date help secure your PC, but new versions of popular programs often have new or improved features and better stability. Check out Secunia PSI today by visiting this web page.
Data breach at Sony, what you need to know
Sony isn’t a company we often mention in our newsletter, as they have little to do with Windows in general. However, for those of you that missed the news, Sony has suffered a major security breach, possibly the biggest in the history of the modern internet. Of course, with any major tech story, there’s plenty of hype and technical jargon being thrown around, we’ll sift through the noise and let you know the important facts.
Which services have been affected?
The Playstation network service, which facilitates online game play, content downloading and messaging on the Playstation 3 and Playstation Portable consoles. Wii and Xbox consoles use an entirely different system for all their games, however some online games for the PC that are produced and maintained by Sony may be affected, continue reading for more information on this.
The Qriocity content delivery service which works through the Playstation 3 console, BRAVIA televisions and some portable music players. If you use this service, you are affected by the breach, even if you do not use the service on a Playstation 3 console.
Station.com, this is a portal for online PC games, some of which are popular with younger players, the titles that are affected include DC Universe Online, FreeRealms and Everquest 2. Sony stated that “In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately”. It now appears that sensitive customer data has been stolen from Station.com accounts.
What has been stolen?
Almost certainly, the names, addresses, passwords and e-mail addresses of users of these services have been compromised. Some older credit card numbers have also been stolen from a database associated with Station.com accounts. There has been a suggestion that other, more recent credit card information has also been stolen, although Sony insisted that this was stored in an encrypted file (why only credit card data was encrypted we are not sure). Many Sony customers are changing or cancelling their credit cards as a precaution.
What should I do?
No malware has been injected into your device as a result of this attack. You can continue to use your Playstation console or Qriocity enabled device while Sony work on the problem. You should however, change passwords for ANY accounts that use the same password as your PSN or Qriocity services! As we’ve stated in the past, using a password manager protects you from this kind of attack, so check out our guide to two popular password managers on this page. You will be required to change your PSN/ Qriocity password once the services are restored too.
How did this happen?
Most reports suggest that negligence on Sony’s part was largely to blame. Several unconfirmed sources have said that Sony did not properly encrypt data transmitted between PS3 consoles and their servers and that Sony’s back end computers were running unpatched/out of date versions of Linux. Sony could face hefty fines under data protection laws if these reports turn out to be true and they are already under investigation.
I heard that activists were responsible? If so why would they do this?
Sony had already earned themselves a bad reputation amongst many more technical users. One of their most recent moves was to remove the OtherOS option from the Playstation 3 console. OtherOS allowed users to install Linux to their Playstation 3 consoles and use them just like a regular Linux computer. This option was removed in a firmware update which effectively meant anyone using their PS3 as a Linux computer was instantly locked out of their operating system and data. Sony are currently involved in legal action with users over this move and have recently settled against one George Holtz, who broke the protection on the Playstation 3 console allowing users to run software not authorised by Sony, potentially (though not deliberately) making it easier to use pirate content too. Due to these and numerous other cases, it is possible that an underground group targeted Sony. Sony recently announced that the hackers left a file inside their servers, claiming that they were from the loosely knit activist group ‘Anonymous’. However, no group has claimed responsibility and Anonymous have denied any involvement. It seems more likely that it was simply an opportunistic bunch of identity criminals.
We have to say we certainly were shocked at the data breach at Sony, we have a Playstation 3 console here at Top-Windows-Tutorials HQ so we were affected too, though fortunately the account did not contain any credit card details. We hope that Sony and other companies will learn from this incident and take better care to maintain their systems in future!
That rounds off our newsletter for May. We’d like to take this opportunity once again to send a huge thank you to all our readers for your support. The TWT Newsletter will return on the 10th June 2011 and will bring you more tips, tricks and techniques to help you get the best out of your PC, be it Windows XP, Vista or Windows 7! We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page or by leaving us feedback in our forum. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!