Categories Menu

Posted on Mar 19, 2015 in Newsletter, Welcome | 0 comments

TWT Newsletter NG – Issue 22 – Lenovo spyware, Windows store woes and net neutrality victories!

Click here to go back to the back issues page or click here if you want to subscribe.

Top Windows Tutorials
TWT Newsletter NG – Issue 22

Welcome to the March 2015 TWT Newsletter

Marching into March already, this month we’ve news of security threats from popular PC manufacturer Lenovo, as well as a critical look at the state of the Windows store.

Important! A number of our subscribers have had difficulty receiving our newsletter. At Top-Windows-Tutorials.com we never send out unsolicited e-mails. To make sure your TWT newsletter reaches your inbox, please add TWT_Newsletter@top-windows-tutorials.com to your contacts, buddy list or white list.

In this months issue:-

What’s new at Top-Windows-Tutorials.com
Superfish malware hooks Lenovo users on brand new PCs!
Tip of the Month – Test your Router
Free Utility of the Month – Plex Media Server
Windows Store App of the Month – Music Maker Jam
Net Neutrality – An important victory
Is Microsoft doing enough to audit the Windows store?

What’s new at Top-Windows-Tutorials.com?

In February we updated our five tutorials for the popular Diigo bookmarking service. These days, many of us work from multiple devices, such as phones, tablets and PCs. By using a service like Diigo, you don’t need to worry which browser you are using, all your bookmarks will follow you between devices.

picture Diigo – 5 Tutorials

Get started quickly and easily with this cloud/social bookmarking tool. Diigo is essential for students and anyone who works or researches online. Click here to see the first tutorial.

Newsletter back issues – We’re aware that when we transitioned from SBI to WordPress, many of our archived newsletters didn’t make the transition so well. For some reason, only the first few paragraphs transferred, rather than the whole newsletter. Fixing this has been a low priority as this content isn’t regularly accessed, but we have started recovering the pages from a backup. If you fancy a trip down memory lane, our complete newsletter archive is accessible here and we will be restoring and repairing the missing issues over the coming weeks.

Superfish malware hooks Lenovo users on brand new PCs!

Security and staying safe online seems very daunting at times. We’re always told, keep software up to date, run an antivirus, don’t surf to sites that look suspicious, but what can you do if your new PC comes pre-loaded with malware? Sadly, that’s exactly what happened to thousands of owners of new Lenovo PCs recently.

The software in question is called “Superfish”. It came pre-loaded on most Lenovo machines since early 2014. Billed as a program that could help surfers find better deals while they shopped online (a familiar pitch) the software contains a very serious security flaw. When shopping, banking or performing any secure transaction online, the internet depends on a technology called SSL. You can tell when your browser is using this technology as the start of the web address changes from “http:” to “https”:. SSL connections use digital certificates, that are issued and checked by an online authority. Forging these certificates is difficult, but by hijacking the certificate mechanism in Windows, this is exactly what Superfish did. The reason it does this isn’t completely clear, the program itself isn’t explicitly designed to be malicious. Probably the intention was for the program to be able to analyse SSL encrypted pages in order to provide “valuable” online shopping advice.

Regardless of the intentions of the authors of the program, its implementation opens up a huge security hole. Any PC running Superfish is now vulnerable to fake SSL certificates. A hacker could use this to secretly slurp the login details for any SSL secured website you use. In IT security speak we call this a “man in the middle attack”, the middle man being the attacker who sits between your computer and the computer running the website on the internet that you are accessing. Normally of course SSL makes this impossible (or at least exceptionally difficult).

Why would Lenovo bundle this software and risk their reputation? Well, it all comes down to money. The PC industry is very competitive and companies are often looking for ways to extend their margins on each sale. Software like this, that is able to gather consumer data, is very valuable to marketing and research companies and they will often pay significant sums of money in order to get it installed on users PCs. According to this report, Lenovo netted a relatively modest US$250,000 for the Superfish deal. Compared with a company that turns over millions each year, this does seem like a poor deal, though its unlikely Lenovo realised just how badly designed the program was when they agreed to bundle it with their hardware.

If you purchased a Lenovo PC in the last couple of years, you should check to see if you have Superfish installed and remove it immediately. Follow these instructions to check for the software and remove it if necessary. Simply uninstalling the program is not enough, as you must remove its SSL certificate too, so be sure to follow the steps carefully. Stop press – According to some sources around the web, the cleanup instructions provided by Lenovo are not adequate and we recommend also scanning your computer with Malwarebytes anti-malware for a complete clean-up job.

This isn’t the first time a security threat has come pre-loaded with a PC, or with a piece of software from a supposedly reputable company or source. In the early 2000’s, Sony laced many of their music CDs with copy protection. When these CDs were inserted into a computers CD/DVD drive, potentially harmful anti-copying software was installed to the users PC. Way back in TWT Newsletter Issue 3 we reported how the Starforce copy protection, present on some store-bought PC games, was causing hardware and security problems for many PC gamers. Later in the newsletter we ask “Is Microsoft doing enough to audit the Windows store”. Buying software through channels such as retail, or the Microsoft store, was supposed to ensure customers would get only quality software and root out any malware. Unfortunately, it seems like big companies can be just as greedy as the cyber criminals! Stay vigilant as you use your PC and all your other smart devices and don’t think you’re immune to any dangers just because you never install third party applications.

Tip of the Month – Test your router

Are you paying for fast broadband but never seeming to get the speeds you pay for? Do some computers or other devices drop from your network or slow down to a crawl at times? It could be that your router isn’t up to the job. Older wireless routers were designed for just two or three devices, but these days the modern high tech family may have two or three devices each, let alone all together.

Fully testing a router isn’t all that easy. One way to do it is to go to a site like Speedtest.net at the same time on all of your devices and run the test at the same time. A capable router should divide the bandwith between your devices, while one that is struggling may disconnect certain devices or cause the pages to time out. If this does happen, it might be time to upgrade to a better router. If you have cable or ADSL internet, this is normally just a matter of buying a newer box. If your ISP provides your router and cable modem together in a single box, you may still be able to purchase a new router and put the existing router into modem-only mode. If in doubt, check with the support pages for your ISP.

Free Utility of the Month – Plex Media Server

Are you lucky enough to have a smart TV, media streaming box (such as a Roku or Dune) or an Xbox One or Playstation 4 console? You might have read how you can stream media from your PC to these devices, but considered it too technical to try for yourself. If so, you should check out Plex. Plex makes media streaming throughout your house super easy. Simply install the free Plex Media Server onto your Windows PC and tell it where your media is. Now, install the Plex app on your smart device and streaming your movies, music or TV shows is as easy as clicking a button.

Plex is a great way to enjoy your media files on a wide range of devices and is a must-have for anyone with a large library of media files. Check it out here.

Windows Store App of the Month – Music Maker Jam

Remember when you were at school and music lessons were fun? Sure you do, before you learned that playing real instruments was difficult, just shaking a tambourine or hitting a drum was a childish pleasure. Thanks to computers, making music can become easy and fun once again and with the awesome “Music Maker Jam” you too can pretend to be a chart topping Dubstep, Techno, House or Metal composer!

A great introduction to music making and composition with some powerful features under the hood for those that want to experiment, Music Maker Jam is fun and educational and well worth a free download. Grab your copy here.

Net Neutrality – An important victory

Last month we talked about how an important new law was being proposed and challenged in the courts in the US. We’re delighted to tell you that thanks to a huge out-crying from the public and many websites like ours, the FCC (Federal Communications Commission) voted in favour of strong “title II network neutrality rules”. This means ISPs like Comcast are prohibited from slowing down and potentially breaking smaller websites like ours, while big-name sites like Youtube or Facebook can pay their way into a prioritised “fast lane”.

ISP Comcast, who we understand aren’t the best loved company in America, were furious with the decision and issued a statement attacking the decision in Morse code, because apparently the rules are outdated and unsuitable for a modern internet (we’re not entirely sure how Comcast reaches this conclusion, clearly their idea of a modern internet isn’t the same as ours). Big companies have big budgets and of course money talks when it comes to buying political favours, so the battle isn’t completely over. To find out more about network neutrality, why it’s important and what you can do to help, visit this page.

Is Microsoft doing enough to audit the Windows store?

When Windows 8 launched, Microsoft were keen to introduce us all to the Windows store. Undoubtedly, Microsoft are envious of their lifelong rivals Apple, who rake in enormous amounts of revenue from the app store that feeds the iPhone and iPad markets. Microsoft were keen to tell us all that buying apps from the Windows store was safer than from the public internet because Microsoft staff would “Review and approve” the apps before they were placed on the store, but has this review process been effective?

In August 2014, HowtoGeek.com posted a scathing article about the state of the Windows Store. They showed how the store was completely polluted and overrun by useless scam applications that demanded payment for simple things such as showing a user how to download a program (we kid you not). Perhaps the most damning thing in the whole article is the reminder that, supposedly, someone at Microsoft was reviewing and approving ALL of these applications before they were published on the store. You have to wonder what review criteria Microsoft were using to allow such behaviour.

In response to this criticism, Microsoft cleaned up their act somewhat and removed thousands of these useless, scam applications, though we can’t help feeling that its absurd that they were ever allowed to pass review in the first place.

So is Microsoft now doing enough to audit the applications in the Windows store? Well, first the good news. We took a look and found none of the scam-ware software titles that HowtoGeek had found a few months earlier. It’s a huge improvement and something that Microsoft needed to do badly, especially before Windows 10 launches and there are many more eyes looking at the Windows store.

It’s not all good news though. First of all, Microsoft’s review and approval process still seems woefully poor. Counterfeit and scam games are still appearing on the store, such as the recently released “Darkest Dungeon” game. Microsoft did eventually take this title down, but being as the game was unlikely to work at all (it was a 2mb download, the actual game is much bigger than this) we have to wonder how it didn’t raise alarm bells in the first place.

Similarly, there are still dozens of “Mario” games on the store. We counted at least four games using the Mario Brothers names and other IP belonging to Nintendo. The Mario brand is one of the most recognisable in the world, surely by now the Microsoft review team would know that this IP belongs to someone else? Other popular characters that seemed to have been used with little regard for their IP were Hello Kitty and Spongebob Squarepants.

Microsoft have clearly made good progress cleaning up their act with the Windows store, though we’re still a little flabbergasted that such a large, multinational corporation could have made such a mess of things in the first place. Many Windows 8 users will have dipped into the store, seen the mess it was in a few months ago and never returned. As a critical part of the Windows ecosystem and the only place to go to get touch-optimised software for Windows machines, the store should be a top priority for Microsoft to get right, not a badly maintained junk store.

That concludes our newsletter for March. On behalf of the team here at TWT, I’d like to say thank you to all our readers, new and old for your continued support. The TWT Newsletter will return on the 10th April 2015 and will bring you more tips, tricks and techniques to help you get the best out of your PC, be it Windows Vista, Windows 7 or Windows 8. We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!

Post a Reply

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger