Welcome to the Geek Choice Blog

If you’re a user of Twitter, that social networking phenomenon that depends upon succinct bursts of information from its community of members, you might be at risk of having your password compromised.

Twitter has begun issuing alerts to certain users, notifying them of the need to change their password. It reads as follows:

“Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.”

This is in response to phishing attempts that have resulted in users unwittingly surrendering their login information to hackers.

Phishing refers to a process where unscrupulous sorts set up a bogus login screen that dupes unsuspecting users into giving their user name and password away. The phishers then use that compromised account to send messages to other users, using the same scheme.

Aiming to thwart a recent series of phishing scams, Twitter has been informing users that they should change their password if they happen to be following an account by the name of @THCx. It’s suspected that this account may have been created for the purpose of phishing for passwords.

Geek Choice advises you to be very mindful of who you share information with. When logging into ANY account, always make sure to look at the url located in the address bar. Should there be anything that looks peculiar, it’s possible that it’s not the actual site you wish to log into.

Stay vigilant and protect yourself.

A few blog posts ago, I touched upon Microsoft Security Essentials’ recent accolades from AV-Comparatives, an anti-malware testing group that compares various anti-malware solutions and ranks them accordingly. As reported, Microsoft Security Essentials is one of just two anti-malware packages — the other being F-Secure Anti-Virus 2010 — that were rated “very fast” in every test category included in the company’s comparisons.

Adding to that initial honor, AV-Comparatives has also given Microsoft Security Essentials the award for the best performance of those programs tested.  Subjecting the competing anti-maleware solutions to a variety of tests derived from real-world scenarios — downloading, extracting, copying, encoding files, application launches, etc. — gave a  clear leader in Microsoft Security Essentials.

What became most noticeable was how little Microsoft Security Essentials demanded of a system’s resources, contributing to AV-Comparative’s decision to rank it as the best-performing anti-malware solution that you can get for free. Brisk performance in every major category, while being light on resources, is reason enough to give this highly recommended anti-malware program a look — particularly when you taking into consideration that it’s free, outpacing those solutions that cost money.

Proving its mettle against the competition, Microsoft Security Essentials is a great tool to protect your computer with.

Read AV-Comparative’s findings here.

If you’re interested in using Microsoft Security Essentials, you can find it here.

If you use either Symantec Norton Anti-Virus 2010 or McAfee Virus Scan Plus 2010, you might be interested in knowing that a recent report by AV-Comparatives — an Austrian non-profit that assesses differences between anti-virus software, informing the public of their findings — concludes that Microsoft Security Essentials runs faster than the two aforementioned competitors.

Still, Microsoft Security Essentials placed 6th overall amongst 16 products tested by the firm. Coming in at the 8 spot was Symantec Norton Anti-Virus 2010, while McAfee VirusScan Plus 2010 came in 10th place. Microsoft Security Essentials was rated “very fast” in every test category, with just one other anti-virus program — F-Secure Anti-Virus 2010 — qualifiying for the “very fast” honor in every test category.

This is of particular significance for those of you looking to install a security solution that doesn’t hinder the performance of your computer, a problem that persists with many anti-virus programs.

Microsoft Security Essentials has received high marks for its relative lack of bloat and fast performance. More enticing, Microsoft Security Essentials is free, making it the superior alternative to anti-virus solutions that are both costly and less efficient.

You can grab Microsoft Security Essentials here.

If you’re interested in reading more about the findings from AV-Comparatives, here’s their PDF.

Below, you’ll find a chart detailing the results of their assessment:

Of critical importance to any of you who use social networking sites such as Facebook and the various applications to which you can subscribe while using them (think Mafia Wars, etc.) is the recent news of the RockYou Database being compromised by hackers.

Occurring on December 4^th, the RockYou Database was infiltrated by the nefarious types who scour the internet for penetrable networks from which sensitive information can be retrieved and used for criminal purposes. Username and passwords were stolen, along with any other information that the RockYou application retrieves upon your use of it.

If it’s any consolation to those of you who might have fallen prey to this theft, none of the usernames and passwords have been published, but there’s nothing stopping the thieves from making them publically available – or selling them, even — when they’re so inclined.

The company behind the RockYou app is largely to blame, carelessly storing the information in an insecure text format. In addition to Facebook, other social networking sites that use the application have seen their users’ information hijacked, including Myspace and email services such as Gmail.

If you use any of these social networking sites, we strongly suggest that you change your password immediately, particularly if you’re someone who uses the same password for every site on which you’re a member.

Geek Choice works hard to stay on top of the latest security issues to help keep your computers safe. If you have any questions about the RockYou hack and how it affects you, or if you’re concerned that your web accounts or computer may have been compromised, give us a call at 1-800-GEEK-HELP (433-5435) and our techs can help.

Sources:
http://www.techcrunch.com/2009/12/14/rockyou-hacked/

http://www.securitywatch.co.uk/2009/12/14/security-problems-with-social-networking-persist/

http://digital.venturebeat.com/2009/12/15/rockyou-hacked-32-million-account-passwords/

http://www.eweekeurope.co.uk/news/personal-data-at-risk-after-sql-flaw-discovered-2750

If you’re a user of Avast, the popular anti-virus program developed by ALWIL software, you should know that a recent definition update (those routine downloads that keep the virus definitions of your anti-virus software current) tagged hundreds of valid files as security threats.

The company promptly responded to the error, summarily releasing a fix just hours later. However, users are still burdened with the task of reinstalling those legitimate files.

Aiding in that effort, Avast has an easy to follow guide that walks you through the process of recovering files incorrectly tagged as threats.

In the event you’re using Avast 5 beta  or Avast 4.8, this solution may not be effective, requiring that you run a fresh reinstall of programs to which the tagged files are linked.

That’s certainly a frustrating solution, one that some users may have no choice but to use.  To date, there is no single solution that works for every user. So, read the instructions provided by Avast. If that works, great — but you may have to reinstall the program if their solution fails to deliver.

If you’re an Avast user and you suspect this bungled update has affected the performance of your computer, call our office. Geek Choice is always here to assist you.

Many of our customers know how high our opinion of AVG is. This award-winning anti-virus and security software is one of the most effective countermeasures to the always looming threat of maleware that stalks the internet during your jaunts through its halls. Previously, it came in two versions, the professional version and a free trial version that eventually requires you to upgrade after prolonged use.

If you’re someone familiar with the trial version, you know all too well how frustrating it was to boot up your computer and find that you were no longer able to use its services. While the professional version is a more robust version, offering real-time protection where the trial version placed the onus on you to run the scans, none of us frown upon those things which are free.

Well, AVG is now offering their latest update to the free package – version 9.0 – to the public for as many uses as they choose.

Yes, that’s right.

No matter how long you have this version, or how many times you use it, AVG Free 9.0 is yours forever. You won’t be prompted to upgrade to the professional version – ever. It’s completely free, available for unlimited use, and just as powerful as the previous iterations of what was once the “trial” version.

Of course, as was the case before, the free version will still not offer real-time protection. The benefit of real-time protection is knowing that you’re always secure, no matter what you’re doing, the AVG protection steeling you against malware threats while running in the background.

However, for those of you are vigilant and pro-active when tending to the security of your computers, this is as good as it gets.

Download AVG Free 9.0 here.

Most of us are already well familiar with the frustrations of spam: unsolicited email advertisements. In recent years, unwanted emails have evolved in an attempt to avoid increasingly advanced filters and wary consumers. The contents and goals of unsolicited emails are not always the same, however, and some emails are more dangerous than others. We’ve put together a list of red flags to help you quickly identify emails that may be harmful to your computer and your wallet.

Suspicious attachments

Attaching files to an email is a quick and easy way to share files with your contacts. The downside is that unscrupulous spammers can attach files like viruses and trojan horses in the hopes that an unwary recipient might download the file and infect their computer. Any time you see an email with an attachment that you weren’t expecting, be very cautious about downloading the attachment or even opening the email.

Links that don’t make sense

In an email supposedly from Yahoo, a link to a specific page on Yahoo’s site appears. So why does the text of the link not begin with “http://yahoo.com”? Because it’s a scam. Many scam artists attempt to gain account information or even credit card numbers by posing as respectable web companies looking for information about your account. These emails typically contain a link where you can reset your password, confirm your credit card information, or log in to access some special new feature. To spot these bad links, you need to look at the url: the address of the page that is being linked to. All urls begin with “http://” or “htpps://” and from there vary from website to website. If the url is not visible in the link, you can hover your mouse over the link and see the url in the lower left corner of your web browser.

email containing links that don't match up and suspicious sender information

Notices about accounts you don’t have

Virus spreading emails that mask themselves as emails from major websites are banking on their recipients actually having accounts with that website in the first place. If you get an email about your facebook account when you never signed up for facebook in the first place, the odds are very good that this is a phishing or virus email.

Password reset requests you didn’t send

One of the most common phishing emails currently is the fake password reset. These emails claim that you recently requested a new password, and direct you to a webpage where you can enter your “old” account name and password. You may be able to identify these emails by the link urls or because you don’t have the account that you would supposedly be resetting a password for in the first place. Even if you don’t see anything wrong with the link or the account information, never respond to a password reset email that you didn’t specifically request.

Sender addresses that don’t add up

An email from YouTube.com will be sent from an account that ends with @youtube.com. If “joey5683426$$@ytmail.com” is sending you important updates about your YouTube account, it’s a safe bet this is also a malicious email. If your email system hides sender information, you can change your settings to show full headers or usually click a link right in the email to show all of the sender information.

Money transfer requests

Typically from Nigeria, these emails claim that there is some obscene amount of money sitting in an account somewhere that the sender wants moved to the United States before something terrible happens to it. It’s not uncommon for these emails to be completely in upper case and poor English, although there are exceptions. These emails are scam attempts, trying to get your bank account information so that the sender can access your funds. No matter the pretense for the email, you should never share bank account information with anyone you don’t know. Recent versions of these emails claim to be from “a member of your church.”

Weird emails from friends

The most dangerous and difficult to spot malicious emails are the ones sent by your friends and other contacts. Usually if you receive a suspicious email from a friend or co-worker, it’s either because their system has been infected or because their account has been compromised. If you see an email from one of your contacts that contains strange characters in the subject, has attachments that you weren’t expecting, links to a file sharing site, or otherwise looks unlike the correspondence you’re used to from that person, take the time to check with them before clicking on any links or downloading any attachments. If you do find a strange email from a contact that later turns out to be a virus or online scam, it’s important to remember that your friend most likely was not the one that sent the email to you. These are almost always sent either by a virus or by someone who gained unauthorized access to your friend’s email account.

Email from the user's account containing a suspicious link and subject

Emails from yourself (that you didn’t send)
These emails can be disturbing when you find them. If you find an email from your own account sitting in your inbox that you know you didn’t send (and you have not allowed anyone else access to your account) immediately change your password and security question for your account. Next, check your “sent mail” folder to see if any other emails went out that you were unaware of. Let everyone who received one of these suspicious emails know that you did not send the emails, that they should not open them or click any links or attachments and that you suspect your account was compromised. You can also let your email provider know about your concerns. If this problem recurs, your system may be infected and need virus cleanup service performed.

As users and spam filters become more aware of these malicious emails, scammers will develop new schemes to get at your computer, bank account, and other information. The best weapon against these attacks is a healthy dose of skepticism, though even vigilant users can fall victim to scams and viruses. If you believe you may have a compromised email account or infected machine, or if you just want more information about how to prevent these problems, give our office a call at 1-800-GEEK-HELP (433-5435).

For all the praise it receives for its ground-breaking services and the advances they’ve introduced to our use of the internet, Google has also been viewed as a pioneer of dubious intentions, an increasingly vocal chorus of criticism rallying around what some denounce as the company’s tendency to overstep its bounds where privacy is concerned.

While there’s no denying that Google’s products have ushered in a considerable shift in how we take advantage of the ever-evolving internet, concerns have been raised about what many perceive to be intrusions on their privacy. No matter which Google service you’re using – search engine, email, blogs, news, videos, shopping – the company logs your activity, collecting data about every action you take.

For many of these, Google requires your permission to exact that information, but the sheer number of services makes it difficult for the average user to keep track of what’s being collected.

To assist in that effort, Google has unveiled the Google Dashboard, a helpful tracker that sums up every bit of information Google has collected about your profile from the moment of use. This includes everything from the latest blog you’ve read to the number of emails contained within your Gmail account, giving you a compilation of your ongoing activity while using Google’s services.

For those concerned about security, this is not contained on a server, restricting this information to just your web browser.

This tool can be used only for those Google products which require your login information.

The information Google Dashboard will sum up for you includes:

• Web history
• email
• Calendar
• Youtube
• iGoogle
• Latitude
• Reader
• Shopping
• Voice
• Contacts
• Finance
• Friend Connect
• Tasks
• Picasa
• Mobile sync
• Orkut
• Blogs
• Docs
• Account and profile
• Alerts
• Search engine

At this time, despite the persistent questions about how Google uses the information they collect, we feel that you should not be overly concerned with your use of their products. If you have any questions about your use of a Google service, give one of our technicians a call.

We’re all guilty of happening upon a website from which we’d like to quickly exit. Even if just the result of an inadvertently clicked link, our travels on the web will always consist of visits to sites which are best tucked in the remote corners of our memory.

If your internet adventures are taken with Firefox, here is a quick way to expunge from your browsing history those websites which you’d no sooner forget.

Two methods effectively address this need:

FIRST SOLUTION:

In the address bar, begin typing the name of the website. In the example below, we’re ridding ourselves of the “CNN” url.

Even before the full address is typed out, you’ll notice that the website – or several selections – will drop immediately beneath the address bar. Highlight those selections you’d like deleted.

Once highlighted, press the “delete” button on your keyboard. Doing so renders that site obsolete, as far as your browser is concerned, which becomes evident when attempting to type “CNN” in the address bar again.

SECOND SOLUTION:

Slightly more involved than the first method, this process sees you open your “history” window and review the entire history of your browser’s romps about the internet. To open it up, look at the menu bar, where you will select the “History” option.

From that drop down, click on “Show All History,” which opens the History Library Window.

As you’ll see, once opened, you can review your history in its entirety.

Looking at the history, you can select the website you’re seeking the removal of. Right clicking on the website will bring up a window that affords you the option to “Forget About This Site.” Like before, we’ll use the “CNN” example.

After its removal, the only way that site will return to your browser’s history is if you return to the website.

While these two methods will successfully clear your history of any sites worth forgetting, it’s best to be mindful of where you’re visiting, should you ever find that you need to delete a   website from your history.

From creating spreadsheets to playing the latest games, we use our computer for multiple purposes, one of the most common being our navigation of the internet.  With the use of the internet occupying so much of our time, it stands to reason that we’d want to enhance that experience as best we can.

When it comes to internet browsers, there isn’t a more ubiquitous one than Microsoft’s Internet Explorer. Bundled with Microsoft Windows, the most widely used operating system in the personal computing market, Internet Explorer is the standard by default.  However, in spite of its widespread use, there are alternatives to Internet Explorer that are arguably more popular with the geeks amongst us.

Because of its de facto popularity, a result of being packaged with Microsoft Windows, Internet Explorer has seen only incremental advances in how it functions. This lack of innovation has paved the way for competitors to release alternative choices which offer greater functionality and more reliable security for users browsing the internet.

Of those choices, my favorite is Mozilla’s Firefox.

Free and thoroughly customizable, Firefox is fast becoming the choice to which users are migrating from Microsoft’s problematic browser, its superior functionality immediately apparent:

• Firefox includes helpful features that augment the browsing experience, such  as spell checking and saving sessions for those who accidentally quit the browser.
• hundreds of plug-ins afford users a staggering level of customization for their browsing experience.
• Though Internet Explorer now has tabbed browsing , which allows multiple pages to be opened within a single browser, Firefox’ tabbed browsing is faster and easier to manage.
• With the advent of malware, those bugs that creep along the porous byways of the internet highway, your computer remains at risk whenever you use the internet. When it comes to security, Firefox is unmatched, with seamless updates that keep you protected from vulnerabilities that leave Internet Explorer users subject to spyware and viruses.

While your internet browser of choice is a personal preference, there’s no denying that Firefox adds a bit more to the experience than Internet Explorer. Yes, Microsoft’s offering has certainly taken steps in the right direction, but much of its improvements were available in the first version of Firefox.

The functionality of Firefox may prove daunting to new users, but Geek Choice is always available to show them how to get the best out of its use.