Categories Menu

Posted on Feb 24, 2016 in Newsletter, Welcome | 0 comments

TWT Newsletter NG – Issue 33 – Is antivirus finished?

Click here to go back to the back issues page or click here if you want to subscribe.

Top Windows Tutorials
TWT Newsletter NG – Issue 33

Welcome to the February 2016 TWT Newsletter

10th of the month again and time for your regular TWT Newsletter. This month we’re talking security again, as we look at the quite shocking security vulnerabilities found in the popular Trend Micro antivirus suite. Of course, we still have our regular tips and free software recommendations too.

Important! A number of our subscribers have had difficulty receiving our newsletter. At Top-Windows-Tutorials.com we never send out unsolicited e-mails. To make sure your TWT newsletter reaches your inbox, please add topwindo@top-windows-tutorials.com to your contacts, buddy list or white list.

In this months issue:-

What’s new at Top-Windows-Tutorials.com?
Is antivirus software about to become history?
Tip of the Month – Understanding how programs are installed
Free Utility of the Month – VMWare Player
Windows Store App of the Month – Epicurious
Stop 90% of Windows security threats with this one weird trick!

What’s new at Top-Windows-Tutorials.com?

In January we continued with updates to our tutorials on reinstalling Windows. Hopefully you won’t have to reinstall Windows very often, certainly there’s no real need to unless you’re having a serious problem, but when the time comes that you do need to reinstall, these tutorials should come in very handy.

picture Reinstall Windows 8 or 10 and get your system up and running again

Got a Windows problem you just can’t solve on your Windows 8 or Windows 10 machine? This guide will show you how to reinstall Windows 8 or Windows 10 and get your system up and running again.

 

 

picture Booting your computer from USB

If you’ve created a Windows 8 or 10 recovery drive, you will need some way of starting the computer and “booting” from this drive. In this tutorial, we’ll look at how to do that.

 

 

Is antivirus software about to become history?

Many users still consider antivirus software to be a necessity for Windows users. Malware and viruses are very common and pro-actively protecting yourselves from these nasty bunches of bits seems to make perfect sense. In 2016, malware is just as common and every bit as nasty as it once was, so why are some folks turning their back on traditional antivirus solutions? There are a number of reasons, but let’s start with a story that’s been widely discussed between IT professionals this month.

If you follow our Twitter or Facebook feeds you may have heard about the embarrassing security holes that were discovered in the popular Trend Micro antivirus suite by security researcher Tavis Ormandy. Up until recently, when the bug was fixed, any user running Trend Micro’s Windows antivirus suite could have their passwords stolen, their PC infected with malware or even wiped entirely clean, just by visiting a website that contained a specific, specially programmed payload.

Pause for a moment to take that in. By installing Trend Micro’s antivirus suite, users actually made their computers significantly more vulnerable to certain malware and hacking attacks. Indeed, software designed to protect a users computer did, in many ways, actually make it more prone to attack. Since continuing his research in this field, Ormandy has found serious vulnerabilities in Comodo, Avast and several other popular antivirus engines according to his Twitter feed.

This Issue is nothing new and perhaps not surprising, back in our August 2014 newsletter we reported on a security researcher who had found vulnerabilities in dozens of antivirus products. The paper he published was quite complex, but in the following paragraphs we’ll try and sum up his findings in the most non-geek-speak way we can.

By installing software on your computer, you increase the “attack surface”, that is, the number of places there could potentially be a bug (a software programming mistake) that can be exploited by malicious users or software. If you install software that runs at the highest privilege level, that is, software that’s allowed to interact with your system and operating system files, then that “attack surface” covers the most vital parts of your Windows operating system. Almost all antivirus runs with the highest level of administrator privilege (even if you only run your Windows account as a standard user). When you install an antivirus suite, you’re trusting that the vendor hasn’t made any serious programming mistakes that actually make your PC less secure. Given how complex and monolithic antivirus packages have become, that’s quite a leap of faith.

Should we really all be abandoning antivirus software? Well let’s consider the flip-side to the argument for a moment. The attacks on the Trend Micro antivirus (or any other antivirus) would have to be specially designed to target that antivirus. Realistically, you would probably be more likely to encounter malware that had been designed to target some specific Windows components or perhaps your web browser (be that Internet Explorer, Microsoft Edge, Google Chrome or Mozilla Firefox). After all, not everyone uses the same antivirus software, but the vast majority of people using desktop or laptop computers still run Windows. Even given this fact, traditional antivirus, which depends on a signature file (basically a large database of malware that is used to check against) is struggling to protect users. In this modern, highly connected world, virus and malware writers often change a tiny portion of their code to evade detection, effectively creating a game of cat and mouse with the antivirus vendor. Because of this, most modern antivirus software includes something called “heuristic” scanning, which means they can check files and programs for suspicious components that may turn out to be malware. Unfortunately, this has caused a great number of “false positives”, where perfectly harmless and often useful software is flagged as malicious accidentally.

So are we damned if we do and damned if we don’t install antivirus software? Well, hopefully not. The fight against malware will continue for decades to come, while it might seem like the bad guys are always winning, in actual fact, amongst the PCs we look after here, both in the office and for friends and family, the number of incidents of malware infection amongst our users is dramatically down since the Windows XP era. Modern versions of Windows are much better protected than in the past and more modern web browsers include more advanced software techniques to protect their users.

Before you even consider installing antivirus, here are some pointers that you can use on any system to improve your security:-

Always keep your software up to date. Keeping Windows up to date is the most important thing, of course, any bugs or vulnerabilities that have been discovered are swiftly patched by Microsoft. Occasionally you will encounter individuals who warn you against installing Windows updates because they can break your computer. While this can happen, it’s thankfully rare and a lot rarer than malware that takes advantage of systems that haven’t been patched. Windows updating is automatic for the most part, but you can learn how to manually check for updates here.

It’s a good idea to keep other software on your PC up to date too. After Windows itself, the most commonly targeted program is your web browser. Again, web browsers usually update automatically, but you can always manually check for updates too. For Internet Explorer and Microsoft Edge, updates are performed through Windows update. For Google Chrome, you can manually check for updates by clicking the menu button (the three horizontal lines in the top right hand corner) and then choosing “help->About Google Chrome”. In Firefox, you click the same button and then click the ‘?’ icon and then choose “About Firefox”. Be sure to regularly check for updates in any office/productivity software (such as OpenOffice/LibreOffice or Adobe Reader) regularly too.

Run as a standard user – Do NOT disable UAC – Ever since Windows Vista came out, there’s been a certain number of self-declared Windows ‘experts’ who claim UAC is a “useless feature” or “only for protecting novice users” or similar such claims. We’re not going to mince words here, these self declared experts are wrong, very wrong. UAC might not be the be all and end all of Windows security, but disabling it is very foolish. Without UAC enabled, every program you run on your PC has full access to everything else on your system. Think on that for a moment, if you ran a business, would you give the janitor the keys to your office safe?, hopefully not.

To make the most of UAC, configure yourself a separate, day-to-day account and keep an administrator account for the odd occasions you need to change some system settings on your PC. You can learn how to set up separate user accounts here. You can read more about how effective this tip is in our final story this month.

Be sensible – Don’t follow links in spam e-mails, Facebook/Twitter posts, or even e-mails sent from your friends that look suspicious. Some exploits only require you to visit a web page, though most will require some user intervention. Don’t trust a web site that, out of the blue, claims you need to “Click to download and update your media player” or other similar deceiving messages, as this is often how criminals trick you into installing software.

So what antivirus do we use here at TWT HQ, or don’t we use any at all? Well, I can reveal that we now use Microsoft Security essentials on all our machines. While this free, standard Windows antivirus has received a critical mauling in the past, that was typically from reviewers who simply compared it with other products based on how many viruses it managed to catch from a sample. As we’ve seen above, this isn’t the only benchmark for an antivirus package. Given that Microsoft have made huge strides to improve security and that nobody knows Windows internals better than Microsoft itself, we can feel more confident that any vulnerabilities in Security Essentials will be found and patched quickly, while the software still provides a layer of protection from the more commonly encountered malware on the internet.

What is the future of virus prevention?

If the traditional antivirus is dying off, what programs or techniques will replace it? There’s several techniques and technologies already in use today.

Sandboxing – Remember when you were a child, you probably played in a sandbox (more commonly called a sand pit here in the UK). In your own little domain, you were free to build and destroy without affecting anyone else and, as long as you never got sand in your eyes, without any risk either.

In computing, the term sandboxing derives from these halcyon childhood days. An app that is “Sandboxed” is isolated from every other app in the OS. If an error occurs in your sandboxed app, there’s no way for it to affect anything else on the computer because of the sandboxing process. That’s the theory anyway, in practice of course nothing is perfect. The Windows 8/10 App store and the “Trusted Windows Store app” are sandboxed (to a degree anyway), meaning that you can install and use Trusted Windows Store apps relatively safely.

The disadvantage to this approach is that sandboxed apps are limited in what they can do. For instance, in our Windows 10 Superguide we talk about a program called “Metro Commander”, that’s designed as a touch screen friendly replacement for File Explorer. Because Metro Commander is a trusted Windows Store app, it’s not permitted to launch other programs, so if you’re browsing your computer using Metro Commander and you wanted to launch a program you had browsed to, well, tough luck unfortunately.

White-listing – Rather than assume every application is trustworthy, other than those on your antivirus black list, why not go the other way around and only allow programs that have specifically been cleared to run? This approach is slowly gaining some traction in business environments, but may be slower to catch on for home users who typically enjoy the flexibility of trying out lots of new apps.

Anti exploit – Anti-exploit techniques aim to limit or prevent an attacker from taking advantage of a bug or software error in an existing app. Windows has a number of these technologies built in already and others are being developed all the time. Microsoft’s own “Enhanced Mitigation Experience Toolkit“, for instance, is one way to add another layer of security to applications on your PC and a technology that is likely to be made more consumer friendly and even built into Windows in the future.

While we’re not quite ready to give up on antivirus software just yet, the way the IT industry evaluates antivirus software clearly needs to change. It’s no good to simply mark packages against how many malware samples they detect any more. Antivirus vendors need to step up their game with regards to testing and security auditing. As a user, we apologise if this article has left you feeling bamboozled with jargon, but we hope we’ve laid out the facts clearly enough so that you can make up your own mind on which security software you install on your PC.

Tip of the Month – Understanding how programs are installed

If you’ve used Windows for some time, you might have realised that software you install usually lives in the “Program files” or “Program files (x86)” folder. If you want to back up a program you have installed, you might assume that it’s just a case of copying the programs folder from inside this directory and placing it on a USB stick.

While this does work for some programs, it will fail in many instances. This is because when programs are installed, they also store configuration information in the Windows registry. The Windows Registry is a database for storing program settings and options for Windows operating systems. It is stored on your computers hard disk and is accessed very frequently while you work with your PC. Ever since Windows 3.1, the Windows registry has been used to store settings and options for Windows and for software and hardware you install on your computer.

If you only copy the sub folder from within the Program files or Program files (x86) folder, you miss out these often essential registry settings. That’s why when you buy software, either from the internet or from a store, you should make sure to backup the installer file or files that come with them. If you ever change your computer, or need to reinstall Windows, the correct way to re-activate your software on your new PC is to reinstall it.

Free Utility of the Month – VMWare Player

What’s the worst thing about upgrading to a new operating system? The hassle of backing everything up? Learning your way around the new OS and figuring out where that feature/setting has been moved to? What about finding out that some of your old hardware is incompatible? Sadly that happened to us here at TWT HQ, a document scanner that’s a few years old, but still perfectly capable, sadly did not have suitable drivers for use in Windows 10. Despite nothing being wrong with the device, Windows 10 simply couldn’t talk to the device, rendering it useless.

In this situation, special software called “Virtualisation software” may be able to help. Virtualisation software allows you to run a virtual PC on top of your real, physical machine. That means you can run Windows XP, for example, in a window on your Windows 10 desktop. Although not all hardware is compatible with a virtual PC, most devices that connect via USB are compatible, meaning you can use older scanners, printers and other such hardware. VMWare Player even has a “unity” mode, that lets you launch the legacy apps you want to use then run them in windows almost exactly as if they were native apps.

If you’re interested in VMWare Player, the best place to start is with our tutorials here. Remember that while the utility is free, Windows isn’t, and you may need to buy a copy of Windows XP or Windows 7 to run in your virtual machine.

Windows Store App of the Month – Epicurious

Computer cook-books have been around almost since the dawn of home computers and there are no shortage of them in the Windows Store. What sets Epicurious apart from many of its competitors is the sheer number of recipes available in the app. Having been online since 1995, the site has amassed a huge range of recipes to cater for all tastes and meal types, from sweet treats to healthy options.

Being a Windows 10 universal app, you can browse the content on any of your devices (Epicurious is also available on the web, and on Android and iOS devices). If you don’t want to risk your laptop or tablet in the kitchen, recipes can be printed too. By signing up for an account you can also create your own recipe book and access the apps advanced features, such as the super handy suggestions feature, great if you can’t decide what to cook today.

Epicurious is probably the king of Windows cookbooks and best of all it’s entirely free. Get it from the Windows store by clicking here.

Stop 90% of Windows security threats with this one weird trick!

Actually, there’s nothing really weird about this “trick” and it’s one we’ve promoted several times in the past. Thanks largely to Microsoft and their Windows XP security policies, Windows users are in the bad habit of using their computers with administrator accounts. In the Mac and Linux worlds, administrator accounts, which have full control over the system and system settings, are only used when changes to the operating systems settings are required.

If you want to strengthen the security on your Windows PC, create yourself two separate accounts. One as an administrator and one as a standard user, and only use the administrator account when you need to administer your PC! You can learn how to set up multiple user accounts by following this tutorial (Windows Vista/7/8) or this tutorial (Windows 10).

How effective are standard user accounts against malware and security threats? Well, according to a recent study, very effective. In fact, almost 9 out of 10 security threats were mitigated by running standard user accounts. You can read more about this study here.

Remember, when you run a standard user account, you will need to enter your administrator password every time a User Account Control box appears. This shouldn’t be too frequently on a modern PC, but you might want to hold off if you’ve just bought or installed Windows until you have everything configured the way that you want it. Of course, you should always create standard accounts for any family members (particularly children) who share your PC too.

That concludes our newsletter for February. On behalf of the team here at TWT, I’d like to say thank you to all our readers, new and old for your continued support. The TWT Newsletter will return on the 10th March 2016 for more tips, tricks and techniques to help you get the best out of your PC, be it Windows Vista, Windows 7, Windows 8 or Windows 10. We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!

Post a Reply

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger