ZDNet Government

David Gewirtz
Home / News & Blogs / ZDNet Government

When your security software leaves you to the wolves

By | March 21, 2011, 7:36am PDT

Summary: If a security product fails, lives can be destroyed.

Okay, I am pissed. I rarely write pure “I am pissed” columns, but this time it’s necessary. The objects of my ire are D-Link and a company called Bsecure, which, apparently, is anything but.

First, some back-story. Like most of us, I’m not only responsible for managing my own computers, I’m also the neighborhood’s “go to guy” when anything computerish needs doing. It’s not a role I take on by choice, but at least the neighbors no longer complain when I play my stereo at dain bramagingly loud levels.

There’s an elderly couple in the neighborhood I quite like. They have two computers, send email, and browse the Web.

The woman has a better understanding of tech; her husband tends to get a little lost. He’s still confused about the difference between email and Web pages, tends to open any attachment that seems interesting, and browses any old Web page that catches his attention.

He is a malware magnet.

Now, I’ve gone over his computer in the past, and it’s not like he surfs porn. It’s just that he goes to lots and lots of sites, has a lot of not-entirely-careful friends, and gets lots of junk in his mail.

Basic antivirus wouldn’t necessarily protect him. He worries me. I felt he needed more security. I wanted him to have Web site surfing protection and, effectively, parental controls.

So, with the consent of his wife, I spent about a hundred bucks to get them a D-Link router designed to work with D-Link’s SecureSpot, a service which costs an additional $60 per year. My nice neighbors are on a fixed income (plus they feed me home-cooked meals from time-to-time), so I decided to pony up the cash for the router and service and buy them some added protection.

SecureSpot, which is actually run by a company called Bsecure Technologies, has a number of interesting features. It links directly with the router, as well as with light clients running on the PCs. It provides antivirus protection, time-of-access restrictions, and — most important of all — the ability to dynamically block my friend from blundering into malicious sites.

The Bsecure service constantly updates the router, telling it about new sites and IP addresses that are dangerous. Then, when my hapless friend tries to go to a nasty site, it blocks him from doing so.

At least it did.

I bought them the service in December, 2009 and paid $60 for a year, with an automatic renewal option. I don’t have time to go to their house constantly. I figured this option — especially since it was sold by D-Link and tightly integrated with their router — would be a great way to keep my friends safe.

I haven’t checked on their machines since November, but didn’t think much of it. I assumed I’d be charged, or at least notified, when the next $60 payment would come due. Since I hadn’t heard anything, I didn’t worry.

Then I got a call last week. My friend’s computer had started to go haywire. It actually started bothering him a few months ago, but he knows I work a lot of hours and didn’t want to bother me. But by now, it had reached the level where he couldn’t actually use the machine.

So I took a look. The Bsecure antivirus component didn’t report any errors. But the symptoms he was describing indicated real problems. I downloaded Trend Micro’s HouseCall program and ran that. And that’s when I started to get upset.

Trend found the following malware on his machine:

  • TROJ_FAKEAV.FIZ: Payload carrier
  • TROJ_DROPPR.SMH: This is a rootkit trojan
  • JS_REDIRECT.SMA: Hosted JavaScript, uses Windows Scripting Host
  • TROJ_DROPPER.TSX: Payload carrier
  • TROJ_FRAUD.AL: Very high risk, sends and recieves information, arrives as email attachment
  • TROJ_Generic.ADV: Not sure
  • TROJ_PIDIEF.SMZB: Damaging

As you can see, nasty stuff. I then ran Microsoft Security Essentials, which confirmed that my friend had a computer filled with very, very malicious things indeed. He had a rootkit, along with a command and control virus, one that likes to send information back and forth.

I immediately told my friends to stop using the machine and visit their banks to make sure their finances hadn’t been compromised. I’ve told them they now need to check their bank balances via phone or in person at least once a week, and keep a very close eye on them. They’ve also asked their banks to suspend online banking access completely.

At first, I thought my friend had somehow managed to power his way through the SecureSpot protections. He’s a force of nature. Even though he doesn’t fully understand computer technology, he’s occasionally asked me about things like the Registry and Add/Remove Programs, so I figured anything was possible.

When I last looked in on my friends’ computers back around Thanksgiving, they were fine. Their security software was doing its job, and everything seemed quiet.

To a degree, the infection was my friend’s fault. I’d repeatedly told him not to open attachments, and at least one trojan I found on his machine only transmits via attachments, so I knew he hadn’t listened.

Even so, the antivirus program and Bsecure should have caught it. After all, he undoubtedly disregarded my advice all through the year, and he’d been safe up until recently.

But he wasn’t safe anymore. Do you want to know why? Do you want to know why I’m so pissed and why I’m writing this now?

I’ll tell you why.

They just shut off his service. He’s been unprotected since December — and they didn’t bother to tell any of us.

Apparently, D-Link and Bsecure have decided to “end-of-life” the SecureSpot program. Rather than billing me in December for another year, they just canceled my account. And then they stopped protecting my friends’ machines.

D-Link and Bsecure never notified me of this. I had the registered email address for the service, and yes, I checked all my layers of spam filters, just to be sure. They never notified my friends of this (I checked their filters as well). D-Link and Bsecure didn’t even pop up a message on their machines.

D-Link and Bsecure just simply stopped doing their job — but left the little icons on the machines unchanged, so it looked like the same protection was in force that had always been in force.

It’s as if you hired security guards to protect your house and instead discovered they’d dressed and placed mannequins outside your front door without telling you.

In fact, it was quite deceiving, even to an experienced geek like me. When I first looked at my buddy’s machine, I saw the errors, but didn’t think his AV program had stopped working. In fact, I went into the settings of the AV program, and there was nothing there to indicate it had simply stopped functioning.

One issue is that this particular suite of protection tools doesn’t indicate the last date when virus definitions had been updated. It’s designed to run in the background without much user involvement, so that detail isn’t presented.

Bottom line: there was absolutely no way — without going to the D-Link site itself — to know that D-Link and Bsecure had abandoned my friends to the wolves.

The level of irresponsibility this demonstrates is staggering.

These are seniors on a fixed income. If their computers were penetrated, and if financial information had been exfiltrated, their lives would have been ruined.

Over the years, I’ve talked to senior executives at various security companies and discovered two types of people. The first type is the executive for whom security is life. Everything about the security of their customers is important and meaningful, and worthy of attention.

But there’s a second type of security executive. This is the person who just got a gig. Maybe they were in marketing or PR in some other job, or maybe they were a friend of a friend. In any case, this type of executive doesn’t take security seriously, doesn’t really understand why people get upset when their software fails to protect, and really wishes everyone would just lighten up a bit.

This type of security executive has no business in this game. While I haven’t yet spoken to D-Link executives about this transgression, I suspect I’ll find people who just wish I’d lighten up.

Now, normally, I really like D-Link products, I own many of them, and I’ve recommended them. But I have to think that no one who lived and breathed paranoid security would ever have let a security product “end-of-life” without making absolutely, totally sure customers were aware and protected.

Security companies have an extra responsibility over the regular software company. If the guys who make Angry Birds fail at their job, people will be less entertained for a few minutes.

But if a security product fails, lives can be destroyed.

D-Link and Bsecure failed. Thankfully, my friends’ financial information appears secure, but that’s through no thanks to the companies we paid to protect them.

So what lessons can we take away from all this? First is the drum I’ve been beating all these years. You need to be constantly vigilant. I know it takes extra time, but it’s necessary to keep safe.

Next is a question of trust. Choose your security partners very, very carefully. If you don’t know them or haven’t used their products, keep a constant eye on them.

Third, use layered security. Don’t use a security suite from just one vendor. If you have malicious site blocking from one vendor, use antivirus from another. I know these tools don’t play well with each other, but if one vendor gives up, there’s at least a chance that the other will still do something of the job.

And — finally — before you go out and buy a security solution from either D-Link or Bsecure, think long and hard about the story you just read.

Be safe out there!

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Government”

Topics

D-Link Systems, Software, Friend, Computer, Home Networking, Security, Networking, Personal Technology, David Gewirtz

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in The History Channel special The President's Book of Secrets.

Disclosure

David Gewirtz

At various times during his adult life, David has voted for both Democrats and Republicans, and has been disappointed by both. He is deeply disturbed by how partisanship has come before patriotism in America, which gives him the freedom to pick on both sides.

David is a frequent guest on TV and radio stations across America and can usually be heard or seen on-the-air at least once a week. He writes weekly commentary and analysis for CNN’s Anderson Cooper 360 and has been interviewed by Fox News, CNN, various ABC and NBC affiliates, and Canada’s Global TV. He has been a featured guest on National Public Radio and has also been featured on Voice of America, Radio Free Europe, and Radio Liberty where his commentaries on technology, industry, and emerging nations have been broadcast into 46 countries (all in their own unique translations).

David is the executive director of U.S. Strategic Perspective Institute, a nonprofit research and policy organization. He is the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security and a special contributor to Frontline Security Magazine. He is a member of the FBI’s InfraGard program, the security partnership between the FBI and industry. David is also a member of the U.S. Naval Institute and the National Defense Industrial Association, the leading defense industry association promoting national security.

David is an advisory board member for the Technical Communications and Management Certificate program at the University of California, Berkeley extension. He is also a member of the instructional faculty at the University of California, Berkeley extension.

David’s “day job” is as publisher and editor-in-chief of ZATZ publishing, an online publisher of technical magazines. Other than than his ownership stake in Component Enterprises, Inc. (the parent company of ZATZ), David has no additional industry investments.

ZATZ has many advertisers who do, in part, provide for David’s lush income and extravagant lifestyle. Most of them are IBM and Lotus aftermarket suppliers, some of them make goodies for Microsoft Outlook, and a few make all sorts of strange mobile devices and add-on products. David has been a regular judge of the IBM Awards, but has no formal financial interest in or with IBM.

Because the ZATZ online magazines often review products, David and ZATZ are sent an overwhelming stream of unsolicited, silly, and often useless products to review. Because they’re such a pain to track and ship back, these products often wind up in a dumpster or fill up the corner of a large closet. Although David has no plans to review products in connection to his ZDNet blog, if he does do a product review, he will disclose any relationship completely in that posting.

Both through ZATZ and independently, David derives a small income through various advertising and sales relationships with Amazon.com and Google. These are minor relationships and they will not impede his willingness or ability to chastise either company should they deserve it.

David has many other business relationships, but none of them relate to anything he covers in his ZDNet blog. David does have a bit of the sales-guy bug and if he’s not doing a sales deal with someone at least once a month, he goes through withdrawal. He has a number of consulting clients, but none of them relate to anything he covers for ZDNet (and if they ever do, he will either disclose that fact, or decline to write about them).

Back in the 1980s, David held the unusual title of “Godfather” at Apple. He has written and published 40 incredibly simplistic applications for Apple’s iPhone.

Although David is forbidden to disclose the terms of his iPhone developer agreement, he isn’t drinking the Apple Kool Aid, will never be confused with a metrosexual, and feels free to mock Apple, and Apple users, any time the occasion permits, on alternate Tuesdays, or if he’s bored.

Biography

David Gewirtz

In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor, and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on saving and creating jobs. He is also director of the U.S. Strategic Perspective Institute as well as the founder of ZATZ Publishing.

David is a member of FBI InfraGard, the Cyberwarfare Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security, and has been a regular CNN contributor, and a guest commentator for the Nieman Watchdog of the Nieman Foundation for Journalism at Harvard University. He is the author of Where Have All the Emails Gone?, the definitive study of email in the White House, as well as How To Save Jobs and The Flexible Enterprise, the classic book that served as a foundation for today's agile business movement.

73
Comments
Add Your Opinion

Join the conversation!

Just In

Linksys and Home Network Defender
nitecourt@... 25th May 2011
I just came across this post but Linksys with their Home Network Defender product through TrendMicro pretty much did the same damned thing. The only thing companies care about any more is getting your money.
View in thread
0 Votes
+ -
RE: When your security software leaves you to the wolves
d.marcu 21st Mar 2011
Are you sure that Ubuntu is not better for them? Once configured you show how to shut down the pc, what browser to use etc. Safe with no extra cost.
0 Votes
+ -
Contributr
RE: When your security software leaves you to the wolves
David Gewirtz Updated - 21st Mar 2011
@d.marcu Actually, I do think Ubuntu would be better, but he's not thrilled with change. I've also considered an iPad (yes, it's true), but he thinks the screen might be too small to read.

This is probably a long, multi-stage story. I just found out about the problem this weekend, but I'll be working with them to come up with a new PC-usage plan over the next few weeks.

Given my personal preference, I'd slap them on Linux in a heartbeat, or put the guy on an iPad (and leave the iTunes password only for his wife to use -- he'd download everything otherwise). But since they get a vote, it's still open to debate.

Jason Perlow suggested a product called DeepFreeze, which resets the PC to a fresh, fixed condition on each reboot, and I'm considering that as well.

I also considered this thing:

http://www.zdnet.com/blog/computers/linux-for-seniors-kiwi-pc-builds-a-linux-pc-for-grandma-and-grandpa/5323

If anyone's got any experience with it, please post below.
0 Votes
+ -
RE: When your security software leaves you to the wolves
d.marcu Updated - 21st Mar 2011
@David Gewirtz, DeepFreeze sucks, it turns your install to a "live cd" and you won't be able to install anything new, no updates, no new browsing history, no more new saved passwords etc, and last time i worked with that software you had to define a folder where to save files. Save them somewhere else(let's say desktop) and they would be erased on next boot. That software is good if you have a internet cafe but not for home. You may install them ubuntu in dualboot mode for a while and see if they like it, and tell them that ubuntu means some new stuff to learn and no more problems vs current situation
New idea: tell then that you can install them a new version of windows named ubuntu linux designed for older people, it's a little different from what they know but it's secure. It works with some people.
0 Votes
+ -
DeepFreeze is GO!
rock06r 21st Mar 2011
@David Gewirtz

Dutchess Community College uses it, and they've had some good success with it. At my company we (briefly) tried MS Steadystate, but is isn't stable enough.... all it takes is a power outtage (or a user who knows about the 4-second button trick) and the hard drive and steady state system need a major administrative cleanup in order to reboot. My personal (user) experience with deepfreeze has been very positive, although I have not used it from the admin side yet. One caveat - it kills updates, including security updates. You have to disable it, then perform updates, and then reenable it.... At least once a month (update Tuesday?).
0 Votes
+ -
DeepFreeze
use_what_works_4_U 21st Mar 2011
@David Gewirtz
I do *not* know if this is still true or not, but when I worked at the Apple Store we used Deep Freeze on all our floor Macs so that they would return to a steady, consistent state after people (kids) got done "test driving" (MySpace) the Macs each day. It is a very good product, but at d.marcu notes it basically turns your operating system into a live cd version.

If I had the choice (I don't), this is what I would use on my Mother's PCs (Windows 7). I would do it in the following manner, though:
1)Partition the drive one for the OS and one for data.
2)Give them the machine for a few days so they can go to websites, email, etc... for which they may want to store passwords and so forth.
2a)In lieu of the preceding step, consider a 1Password (or similar) service.
3)DeepFreeze the OS partition.
4)Teach my folks to save photos, videos, etc... to the data partition.
5)Leave them with a scratch pad on which to note sites/services that they want to make changes to and periodically stop by to "thaw", modify, and "re-freeze" the PC.

This is all based on my experience with DeepFreeze on the Mac, but I think it's an essentially sound strategy. You *must* remember that updates/definition files, etc... will not remain unless they are applied to the drive when it is unfrozen.
0 Votes
+ -
RE: When your security software leaves you to the wolves
kirovs@... 21st Mar 2011
@David Gewirtz
I have a single XP machine at home (typically no MS products allowed). It lives in VirtualBox and once in a while I will revert to a snapshot. Of course this could be too heavy handed, but is as close to 100% safe as it gets.
0 Votes
+ -
RE: When your security software leaves you to the wolves
joblak@... 21st Mar 2011
@David Gewirtz
If they are not using Windows-only apps, Linux does not need to mean much of a change. There are some very good theme "transformation packs" that can make the system look and behave like the OS they have.
0 Votes
+ -
DeepFreeze
nightbirdsf Updated - 21st Mar 2011
@David Gewirtz DeepFreeze is awesome, we use it at the college I work at.

But AFAIK, it works at the kernel level, and if a bug can escalate to that then DeepFreeze cannot protect you. Note that I have not seen this happen.

Edit: @d.marcu: "Live CD"? That's the whole point of DeepFreeze, intercept hard drive writes and cache them. When the computer reboots all writes disappear.
0 Votes
+ -
RE: When your security software leaves you to the wolves
pongo2002 21st Mar 2011
@David Gewirtz

the 60 bucks u spent, u could get ESET Smart security for 30something bucks and it would have done a way better job of protecting their computer. i have been using it for ages and i never had a problem, it has a firewall and blocks malicious sites, etc...
0 Votes
+ -
RE: When your security software leaves you to the wolves
zaphod778 22nd Mar 2011
@David Gewirtz how about a Chromium notebook when it comes out? I still say Ubuntu is the way. Better to be a little inconvenienced and learn something new rather than get your identity stolen. Since he really isn't up to the task of using the internet responsibly.
0 Votes
+ -
Try Open DNS
linux for me 22nd Mar 2011
@David Gewirtz
You can configure which types of sites to block, up to entering a specific site if necessary. And it's free. I use it.
0 Votes
+ -
RE: When your security software leaves you to the wolves
Mike_Wood 22nd Mar 2011
@David Gewirtz Faronic's Deep Freeze is an alternative but it is not a security solution. Its ability to remove changes (harmful or otherwise) is a side effect of the primary goal of the application itself: quick restoration of a computer or server to get it back into production as quickly as possible. It can also be difficult for those with a lack of technical experience to work with as noted by "d.marcu".

There is a new breed of solutions in the security space however that DO have a security first design that I recommend you take a look at: Returnil System Safe Pro/Free 2011 and Returnil Virtual System Pro 2011.

The design focus in RSS and RVS is to create an intelligent, layered approach to PC/network security by taking advantage of each component's core competency which is used to cover the weaknesses in the other technologies without overlap of functionality by combining System level vitualization (like DF, this would be boot-to-restore) with default-deny Anti-execute, VB100 quality Antimalware (RSS only and included in the Free version), and System Restore features that work to reduce the time to removal of potentially malicious content while keeping the real hard drive clean over time. Further, each component backs up the other components such as seamless removal of content (ref: boot to restore) even if it goes undetected, Anti-execute with 3 simple choices and no questions to answer or rules to configure (if it can't run, it can't infect), and if all else fails, simply restore your System to an earlier point in time where each restore point is scanned by the antimalware automatically before a user can force the restoration.

Please feel free to contact me at support (dash) tech (at) returnil (dot) com and I would be very happy to answer any/all questions about the software and get you set up with licensing.

With Kind regards
Mike
0 Votes
+ -
RE: When your security software leaves you to the wolves
Mike_Wood 22nd Mar 2011
@David Gewirtz One additional, useful fact is that unlike other anti-solutions, the Antimalware/Antivirus component in RSS Pro/Free is fully compatible with most 1st and 2nd tier Antivirus solutions. This means that a potential user will not need to sacrifice their current licensing to try or use RSS. So for example, you could use RSS along side NAV, KAV, Eset, McAfee, Avast!, Avira, AVG, MSE, etc, etc without conflict.
0 Votes
+ -
RE: When your security software leaves you to the wolves
rhonin 21st Mar 2011
@d.marcu
Actually not a bad idea.
One challenge may be the learning curve of the malware magnet.
0 Votes
+ -
Use a more appropriate OS
mrgoose Updated - 21st Mar 2011
@d.marcu #

+1

Over the last few years, I installed Ubuntu for quite a few "silver surfers" and potential "malware magnets". I found that by eliminating MS Windows from the equation, c/w some basic security precautions (i.e not letting users run as root, etc,) then our malware woes simply disappeared. So did the need for layer-upon-layer of resource-hogging (and frequently ineffective) antifungus software!

FWIW, as well as the boxes I support here in Blighty, I also look after a couple of Ubuntu machines 1700km away for my partner's family in Hungary. In addition to the issues raised above, this scenario also presents me with language difficulties too. (They don't speak much English and I can ask for a beer in Hungarian, but that's about it.)

Trying to support these folks remotely under MS Windows was a nightmare. However, Ubuntu's excellent language support c/w its very high resistance to malware makes running these remote machines relatively easy.

And, of course, if you want total control over remote 'Bunty boxes, then you can open a port on the firewall and SSH secure shell into it.

Just my 2p worth. Best wishes, G.
0 Votes
+ -
Definitely.
UrNotPayingAttention Updated - 21st Mar 2011
@d.marcu

Just slap on a XP or 7 like theme, would they even know the difference? maybe the wife, but then again...

Interesting though, that you chose MSE as your 'go to' scanner to remove the nasties... has Microsoft come that far with their anti-virus product? I would think a combo of Malware bytes + Avast because of it's 'boot scan' option; MSE's rootkit detection is that good, huh? hmmm, maybe another tool to add to the belt.
0 Votes
+ -
RE: When your security software leaves you to the wolves
Big_Belly_Bob 22nd Mar 2011
@chmod 777

MSE is a good choice for AV, I won't say it's the best that changes all the time and it's also a matter of preferance but PCFormat liked it and I've been using it for a while in combo with Malware bytes. Avast didn't do so well when PCFormat tested it, I've tryed it an I like the boot scan but to be honest the popups etc anoy me, there's probably an option to turn them off but I like my AV programs to stay out of the way and do their thing with out constantly telling me they are up to date.
0 Votes
+ -
"...he's not thrilled with change..."
ALISON SMOCK 21st Mar 2011
Try tough love and a live CD. I had an older friend exactly like this. After the 10th+ clean up in 3 months, I sat him down. We went over everything he did/used. He didn't do anything but web surf, email and listen to music/videos. I spent an hour showing him Ubuntu via live cd. He said no, he'd stick with windows. I wished him well and told him he was on his own, so he reluctantly agreed to try it. I installed it and didn't hear from him for a month, so I went by for a visit. I used to be able to lock him out by turning on auto-hide, but he had changed backgrounds, turned on compiz, downloaded updates etc. As I left he informed me "we should have done this years ago!"
0 Votes
+ -
My seventy-something mother didn't like the idea of changing either, but...
mrgoose 22nd Mar 2011
@ALISON

...now that she has finally dumped MS Windows, she is delighted with 'Bunty. Not merely is she safer, but she feels safer too, which is very important for elderly folks. She even does all her routine system updates by herself - unencumbered by the fear of breaking (or catching) anything. In fact, I hardly ever have to touch her machine at all.

Consequently, today she does far more with her machine than she ever did under Windows. ATM she is particularly keen on the BBC iPlayer, now she's discovered that she can watch all the telly programmes she missed while she was doing the gardening, lol. happy

It's amazing what she can do now she is no longer in constant fear of "catching something nasty".

Best wishes, G.
0 Votes
+ -
Sounds like you should have gone with MSE in the first place.
wolf_z 21st Mar 2011
I've been using it for a long time and it's never failed me yet. You say MSE found the malware, so it would have protected them, yes?

Also, MSE is *free*, and run by MS. Not to mention if MSE were ever discontinued even sheep herders in Nepal would hear about it.... happy

Agreed Dlink/Bsecure *really* dropped the ball on this one.

Of course I disagree with you about running more than AV, *especially* from different companies. That's an invitation to disaster.
0 Votes
+ -
RE: When your security software leaves you to the wolves
Rick_K 21st Mar 2011
@wolf_z
There is no guaranty that MSE would have caught those. It is not like Microsoft?s been on the ball 100%.
0 Votes
+ -
Nice FUD spin on the comment
John Zern 21st Mar 2011
@Rick_K
As you can see, nasty stuff. I then ran Microsoft Security Essentials, which confirmed that my friend had a computer filled with very, very malicious things indeed.

Sounds like they are. They're more on the ball then Apple is anymore, that much is undeniable.
0 Votes
+ -
Another great freebee....
rock06r 21st Mar 2011
@wolf_z

AVAST!, now in version 6. You....can't....beat....it. Built-in sandboxing. Built -in website filtering. And ... the best part...taaadaaa.... it's free.
0 Votes
+ -
Yeah...
itpro_z 21st Mar 2011
@rock06r ...but it also nags the crap out of you to upgrade to their pro version. I'll stick with MSE for home users.
0 Votes
+ -
what itpro_z said
voyager529 21st Mar 2011
@rock06r

...although their 4.8 version is still on filehippo and the keys are still compatible.

Joey
0 Votes
+ -
RE: When your security software leaves you to the wolves
CobraA1 21st Mar 2011
@rock06r Comodo also has built-in sandboxing, and I do hope other AVs are paying attention. It's time we stopped trusting unknown files.
0 Votes
+ -
RE: When your security software leaves you to the wolves
ewell44 21st Mar 2011
@david

I feel your pain. My dad feels the need to click on everything he gets in his msn email account. He and his friends seem to take joy in sending as many jokes, pictures and emails with attachments as possible to each other. I'm especially impressed with the ones they send with such vigor labeled "New exploit found in Windows, please click this link to download this patch immediately!" from link; blahablah@xrt.mreref.kn

I've found SpywareBlaster to be a very useful companion along with normal AV products. It's free as well or you can pay for auto updates.
0 Votes
+ -
LOL, they pissed off the wrong guy with the right
muehlbauer Updated - 21st Mar 2011
Great exposures on the level of irresponsibility relative to the lack of caring the companies have regarding this service. Makes you wonder if and when an offsite backup company will or has done the same thing (data is there but not really)?
I am a computer consultant working mainly with Microsoft products. However, reading up the posts of what about Ubuntu I have to agree. I have been watching closely, the maturation of Ubuntu as a really viable alternative desktop operating system. About a year ago I put together a computer with spare parts I had for a client that needed it just to run as an SSH client. He quickly started using it for all web browsing, and email. Occasionally I will remote in and update some packages but the big point is that he is very novice when it comes to computers, and he has never ever had a problem doing what he needs to do. The trick here is that you can easily teach the old dog new tricks as long as the old dog doesn't already think they know that trick.
0 Votes
+ -
RE: When your security software leaves you to the wolves
jspools@... 21st Mar 2011
I think your first mistake was taking a "set it and forget it" approach to their anti-virus/malware needs. The best prevention is active defense.
Frequent (read at least weekly) Malwarebytes and SuperAntiSpyware scans along with up to date, daily scanned MSE has been the best advice I give clients lately. Not to mention removal of the crapware toolbars that ISPs and search hubs like Yahoo want to install. Installing that stuff is like opening the floodgates.
0 Votes
+ -
It seems these people have administrative access.
ye 21st Mar 2011
Remove their administrative access and watch the majority of your support issues disappear.
0 Votes
+ -
Not anymore
Joe_Raby 21st Mar 2011
@ye

A lot of software can install in the user account without requiring admin privileges. Most often it installs into the user account under the "appdata" folder. Software doesn't need admin rights to write there, and Java security exploits are often used to drop a fake AV in the door. Most users think their entire system is compromised, but often it's just the one user account. Even on Vista/7 computers where users are "full" admin (with UAC), the fake AV often can only take over the logged-in user account. Other accounts aren't affected (assuming there are any others though).

Also FWIW, this is the way Google Chrome operates, which is why it's an IT nightmare.
0 Votes
+ -
This is a good thing.
ye 21st Mar 2011
@Joe_Raby: A lot of software can install in the user account without requiring admin privileges.

Unless you're referring to malware. I also have direct experience with the situation you described. My GFs mothers computer became infected with some fake 2011 A/V software on her new Windows 7 system. It installed in her home folder and created a key within HKCU|RUN to start when she logged in. Bugged her to no end. She called me up, we started a remote assistance session, and within minutes I killed the offending process and removed the DLL pointed to by the RUN key, and the key itself. Took all of five minutes.

I've configured her system with two accounts. Her primary acccount which is not a member of the administrators group and an administrative (not the administrator) account which is a member. The system is configured to log on to her primary account when it boots and any administrative work requires entering the administrative account password. It works beautifully. Problems with misconfigurations and malware are all but gone.
0 Votes
+ -
Why do I suspect...
Joe_Raby 21st Mar 2011
that this is the same thing that is going to happen to Intel's purchase of McAfee? Intel has a poor track record of keeping side projects going.

This is why I don't trust hardware companies investments in embedded software. They often flip it for something else when they can't qualify their R&D costs on updates and support.

BTW: When you have 30-some trusted AV vendors offering their software to comparative testing labs, why would you pick something that is not on that list?

Also to wolf_z: Fake AV spreads like wildfire, especially on sites like Facebook. Java security exploits and trojan droppers, likewise so. Sometimes even MSE doesn't catch 0-day variants, but I know how to remove them fully, and manually. Whenever I see a new variant that MSE doesn't pick up, I send a sample of the EXE to Microsoft and often within a few hours, it's added to the next day's definition updates. Fake AV variants are usually classified as FakeRean or WinWebSec. The trickier ones modify registry keys to take over EXE file associations to prevent programs from running (or launch another instance of the Fake AV instead), but I have a list of keys to check to remove them. Often just searching the registry for the EXE file in question will give you the keys that you need to modify/remove to fix the system. They are getting very predictable now though. It usually only takes me about 5-10 mins to clean the startup ones off, and then I just run a full MSE scan on the rest of the computer.
0 Votes
+ -
A simpler solution
steveb999 21st Mar 2011
I have LOTS of customers like this. Older people that have no clue but use their computers a lot. I have found that installing Avira anti-virus (free) and the paid version of Malwarebytes ($25 one time fee) keeps them safe. So safe I have actually lost business as I never have to go and clean up their systems anymore. One couple I would make nearly monthly visits to as they let their grand kids on their computers and they would get in to all kinds of stuff. Once I put the Avira-Malwarebytes solution on the issues disappeared. I used to use AVG for the anti-virus but the current version has become bloated.
0 Votes
+ -
I like Avira...
itpro_z 21st Mar 2011
@steveb999 ...but the constant nagging to upgrade pushed me away. MSE is also good and does not nag.
0 Votes
+ -
Sounds to me like your friend is a perfect candidate for an iPad.
Userama 21st Mar 2011
Seriously. Has he actually tried an iPad? His concern about screen size may be negated if he learns how to magnify pages, etc. Just not having Flash might help eliminate part of the problem! Long-term, I think you'd get far fewer "service calls" with the iPad than with 'nix.
0 Votes
+ -
Why I Prefer Glock As Far As Security Products Go
goingbust 21st Mar 2011
Glocks always work and can't be electronically revoked. happy
0 Votes
+ -
But, what about the mess?
itpro_z 21st Mar 2011
@goingbust, when you shoot PCs you end up with lots of bits of metal and plastic scattered around.
0 Votes
+ -
Puppy Linux, boot from CD, no harddrive
CJV2 21st Mar 2011
If the gentleman strictly surfs the web and views e-mails, keep him on the cloud (gmail/hotmail/whatever), rip the harddrive out of his computer, and set him up to always boot from Puppy Linux Live CD.

Every shutdown and startup will be giving his computer a complete enema ... you can't beat that.

If you really must keep state, then leave the hard drive in there and setup a "PupSave" file ... on the rare occasion things get screwed up, delete the pup save and away he goes.

Keep his computer secure, simply.
0 Votes
+ -
Or "HanSamBen" ???
CJV2 21st Mar 2011
Although a Puppy derivative designed for children, I find the educational games good for keeping "seasoned folk's" minds sharp.

It's good to exercise the brain just as much as the body.
0 Votes
+ -
Hopefully, your files were encrypted for safekeeping
centerphi 21st Mar 2011
Even when Security Software fails, your files and the info they contain are safe if they are encrypted with an air-tight program. Encrypting files takes an extra step and an extra minute - but worth it. No one wanted to wear seat belts, either. (another kid during the LBJ years)
0 Votes
+ -
RE: When your security software leaves you to the wolves
grahamft 21st Mar 2011
You might want to consider installing Sandboxie (http://www.sandboxie.com/) on his machine. It should prevent any malware downloaded from being installed. If he does want something new installed, he should ask you. In he meantime he would be protected.
0 Votes
+ -
Local Redirecting
MichP 21st Mar 2011
Have you tried using the HOSTS file to block specific IP addresses? I've used this one with good results (in addition to my AV software): http://www.mvps.org/winhelp2002/hosts.htm. No interface for curious users to get into and start messing up or start asking you questions about.

It may take a little tweaking initially. For example, several years ago this file blocked something my dad's Norton AV wanted/needed (another ugly story). If it blocks a site that is necessary and you believe is trustworthy, you can just comment that line out of the file. I've never used the update freeware this page offers.
0 Votes
+ -
Excellent topic! Please do a follow-up post
wkyrouz 21st Mar 2011
Many of us have (elderly) parents or neighbors in the same boat. I think a review of different Windows and non-Windows approaches would be a very useful write-up. On the Microsoft-centric side, I'd think reverting to local User priveleges would be a huge help, coupled with one of the more comprehensive security suites (along with ensuring MS Update is set to auto-pilot, etc). Going with the router layer is brilliant but I'm not sure if people would be willing to spend the extra bucks.
0 Votes
+ -
It has absolutely nothing to do with the OS...
anothersmartguy 21st Mar 2011
...as much as it has to do with the user. I understand it's hard after a certain age, but knowing how to be safe online is no different than knowing how to be safe in real life: it takes very little effort and common sense. I'm sure your neighbor wouldn't open a box that said "Open me" and from which he could hear a ticking noise if he found one in front of his house; there's no reason why he should fall for trojans.
0 Votes
+ -
And this is another reason to hate D-link
Zorched 21st Mar 2011
I have done tech stuff for over 20 years, and when D-link came out, they had the best prices on hardware. I tried their stuff. It was the buggiest, most unstable hardware I have ever used. It wouldn't even work with reliably with non-D-Link hardware at the time. I flipped them the bird and never looked back.

Time and time again I hear other tech people say, "Yeah, D-link stinks. Nothing but bad luck with them."

This is just confirmation that they are still running business as usual...
0 Votes
+ -
Wow. Just wow.
CobraA1 21st Mar 2011
"They just shut off his service. He?s been unprotected since December ? and they didn?t bother to tell any of us."

Wow. Just wow.

Yeah, I agree - that's low. VERY low.

Never, EVER should a security vendor silently drop your security. That's horrible.

First things first: Microsoft's Security Essentials needs to stay on his machine. Put it on, set it to update automatically, and be as silent as possible.

Second: I've found that paid solutions are frankly no better than the free stuff. My security setup on my machines costs $0, and they've been clean for years. In my experience $60/year isn't any more secure than $0/year.

Third: Grab PSI, put it on as well. That way his machine is always up to date.

Fourth: Yeah, we do need to work on user training, which is often the weakest link.

There is, however, a deeper issue at stake here, and not just what happened to you.

Antivirus software is "allow by default."

Even with heuristics, will allow everything it can't identify as a virus.

The result?

Virus writers are testing their creations against AV software, allowing them to bypass everything including the heuristics. This renders the vast majority of AVs useless until they perform a database update.

Some AV vendors, such as Comodo, are wisening up and using a default deny system (in the case of Comodo, they are sandboxing unknown apps). I'm hoping others will follow suit.
0 Votes
+ -
RE: When your security software leaves you to the wolves
anothersmartguy 21st Mar 2011
@CobraA1 The "Comodo way" is definitely NOT the way to go. It will just cause trouble to the average user in "automatic" mode, or flood them with annoying popups in "interactive" mode.
0 Votes
+ -
RE: When your security software leaves you to the wolves
CobraA1 21st Mar 2011
@anothersmartguy

It's probably coming, like it or not. Windows 7 already has a degree of virtualization built in, and it's likely to move even more in that direction in the future.

If done right, it should be possible without any major headaches for the user. Comodo's stuff tends to be on the advanced side, but I don't see why it shouldn't be possible to create a more user friendly and less annoying tool.
0 Votes
+ -
Build your own..
Simba7 Updated - 21st Mar 2011
I set my parents and grandparents up with a Gentoo box that filters and controls everything. It does practically everything, it's a router, firewall, fileserver (internal network only), web server, VPN client (so they can connect into our network) and a few other things.
I also have Dansguardian running on it, so all requests that go toward port 80 is forwarded through Dansguardian.
..and it doesn't require high-end hardware. Just find an old P1 with at least 128mb of RAM, throw in a pair of NICs in it, and compile Linux. The remote routers I build run on a 350MHz Pentium II with 768mb of RAM (overkill, I know).
My main router/VPN Server/Web Filter (about all it really does) is a Dual 1GHz Pentium III with 512mb of RAM. I have a seperate server for the Squid cache (1.13GHz P3 w/1.7TB space).
0 Votes
+ -
Linksys and Home Network Defender
nitecourt@... 25th May 2011
I just came across this post but Linksys with their Home Network Defender product through TrendMicro pretty much did the same damned thing. The only thing companies care about any more is getting your money.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix