Apple was silent for far too long on the matter of the Mac Defender Malware, a Rogue anti-virus application like those seen on Windows machines for the past few years. This type of malware tricks users into thinking they are protecting their computer by displaying false “infection” messages and offering a fix in exchange for money. There have been thousands of reports by irate OS X customers in recent weeks. Many of the people who called Apple support were referred vaguely to the forums for help. It was almost as if Apple didn’t want to have to acknowledge that they are not invulnerable after all.

Late on Tuesday, the Cupertino company finally released a support article which explains how to eradicate this nasty piece of so-called software. The article begins by admitting that a recent scam has targeted their fans by “redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender “anti-virus” software to solve the issue.” The rest of the piece gives detailed instructions on ridding yourself of this pesky problem.

Within the next few days, Apple promises to release an update to OS X which will automagically find and remove Mac Defender and all of its known variants. The update should also help protect users by giving warnings if they download the malware. The problem, as Windows users and security experts know, is that these malware writers pump out newer versions very quickly… which take a while to detect and fix.

Rogue anti-virus programs are quite the lucrative business. According to McAfee, the number of these types of programs has increased by nearly 400% since 2009, causing computer users a loss of about $300 million. I don’t really care if you’re a Mac or Windows fanatic. If something pops up on your screen that you haven’t already installed yourself and then claims you are infected… click NOTHING. Don’t be fooled into downloading or buying anything. Look for a fix immediately, and follow the recommended guidelines. One of the most reputable sites out there which is FULL of guides of this sort is Bleeping Computer. If you have trouble fixing the machine up yourself, their free forums are full of security experts who will gladly help you – for nothing more than your thanks.

Apple Finally Releases Fix for Mac Defender Malware

Ivan Kaspersky, son of a Russian software giant, has been missing since April 19th. It is believed that the young man was abducted. Security powerhouse Eugene Kaspersky, the CEO and co-founder of antivirus company Kaspersky Lab, has asked only that the media stop spreading rumors and speculation. Nothing official has come forth from the Kaspersky camp, despite claims from local law enforcement that the allegation is true. There has reportedly even been a ransom demand to the tune of $4.3 million.

Many blogs are claiming that a kidnapping is par for the course within any big business in that country. Could that really be what motivated the people behind this?

Malware writers infect your machines and muck up your day for one reason: to make money. We’re talking about mass quantities of green, people. The little script kiddies you find writing simple botnets for IRC are in it for kicks. REAL malware makers are out to make cold, hard cash. It’s a multi-million dollar business – and one that unfortunately won’t disappear any time soon.

Let’s imagine for a moment what else the alleged kidnappers could ask for – other than cash – in exchange for young Ivan’s safe return. How much do you suppose Kaspersky’s technologies and databases are worth to those with nefarious things on their minds? I’m quite sure they are worth far more than four million smackers… especially to criminals who have no regard for the rest of us. It’s more than possible that these people would much rather get their hands on information than money.

It’s true that kidnapping for ransom is on the rise in Russia. People are being targeted for their fortunes instead of the type of business they are in. We are hopeful that this is nothing more than a case of a young kid taking some time for himself without letting family members know. If it turns out to be true, we further hope that it is directly related only to the fact that the senior Kaspersky has amassed a fortune in his lifetime and not to the type of work he does.

We will be following this story as the details unfold. Our thoughts and support go out to the Kaspersky family during this time of uncertainty.

Kaspersky Son Feared Kidnapped

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

Damn these compromised systems. They’re ruining it for the rest of us. Someone on Lockergnome asked if ISPs should cut off bot-infected users. This refers to people who have computers that happen to be infected with software that can potentially turn their machine into a “zombie computer.” This allows someone to use the infected system as part of a bot net – or DDOS attack.

Why shouldn’t an ISP cut them off? That’s my thought. If an ISP can see that a machine is being used – and abused – in this manner, it’s their duty to keep others protected. Perhaps the user doesn’t even KNOW that their machine has been compromised in this manner. You can be infected with some pretty nasty malware without ever having any pop-ups or symptoms, and without knowing it.

Your ISP should be able to turn you off, and then contact you to let you know there’s an issue. The ISP could go so far as to suggest ways and/or tools to help the user get all cleaned up. Imagine if the ISP took that step to help their customer – we could all have better Internet. That may be a pretty lofty dream, but I think it’s a good one.
Bonus points for remixing the zombie disruption found in this video!

Should an ISP Cut Off Infected Users?

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

A chat room visitor asked me if it’s necessary to have an anti-virus program installed on Mac OS X. Most people will tell you that it isn’t needed, but I have a feeling my assistant Kat won’t agree with that assessment.

Guess what? I happen to agree with her. You should run security software on your Mac. Just because there aren’t “many” pieces of malware out there for OS X doesn’t mean there are “none.” There are a few running around the wilds. Nothing is perfect. As more people turn to Mac more vulnerabilities will be released.

If you want to be safe, you want to run something that’s going to keep you clean and free from all digital nasties… not just a virus. Mac OS X can suffer from Spyware, yes. There may not be a lot of it, again, but it is there.

If you’re going to connect to the Internet, you need to do so safely – even on Linux.

What do YOU think?

Does a Mac Need Security Software?

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

Aaron has recorded this screencast to show all of you how to figure out if a website you want to visit is safe or not. McAfee’s SiteAdvisor doesn’t require any downloads, and will give you a detailed report along with your green (or red!) light.

Not only does the report give you a red or green light, it also includes demographic information such as the country the site is located in and how popular it is. If there are downloads available on the web page, McAfee has already tested each and every one to be sure that it’s clean and free of malware.

Customer (visitor) commentary adds a nice touch to your report. See what others are saying about their experience visiting that site. You can become a member for free and add your thoughts to any web site report that you find.

You will find a handy little graph that shows you what other sites are affiliated with the site in question, as well as being able to quickly tell if they are “green” or not. When checking out my main site, you’ll find links off to my live page, Lockergnome and various other sites that I maintain. As I would expect, all of my sites have a green light.

Lastly, you’ll be able to see exactly what annoyances a site may hold – such as popups. The team at McAfee has built this excellent tool to help you learn how to stay safe online, and to alert you to potential dangers before you ever click that link.

Thanks to Aaron for this excellent tutorial.

Want to embed this video on your own site, blog, or forum? Use this code or download the video:

<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/ZVdX2X4NDfw"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/ZVdX2X4NDfw" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object><br /><a href="http://chris.pirillo.com/">Chris</a> | <a href="http://live.pirillo.com/">Live Tech Support</a> | <a href="http://media.pirillo.com/">Video Help</a> | <a href="http://feeds.pirillo.com/ChrisPirilloShow">Add to iTunes</a>

Is That Website Safe?

During the first half of 2010, more than two million computers in the United States alone were found to be part of a botnet. Microsoft performed the research, which showed that Brazil had the second highest level of infections at 550,000. The country hit hardest is South Korea, where 14.6 out of every 1000 machines were found to be enrolled in botnets.

Cliff Evans is the head of security and identity in the UK. “Most people have this idea of a virus and how it used to announce itself,” he said. “Few people know about botnets.” Botnets start when a virus infects a computer, either through spam or an infected web page. The virus puts the Windows machine under the control of a botnet herder. “Once they have control of the machine they have the potential to put any kind of malicious code on there,” said Mr Evans. “It becomes a distributed computing resource they then sell on to others.”

The stats for the report were gathered from more than 600 million machines which are enrolled in Microsoft’s various update services or use its Essentials and Defender security packages. The conclusions of the report show that people need to be much more vigilant. You have to keep yourself well protected against threats of any kind. Even though they’re a pain, you need to apply your Windows updates when they become available, keep programs updated (such as Java) and make sure that you understand security basics.

Is Your Computer Part of a Botnet in the US?

Malware is everywhere. You don’t have to download torrents or visit adult sites in order to have your computer infected. Seemingly innocent sites aimed at kids have been known to have drive-by malicious content embedded within their pages. These drive-bys install themselves silenty onto your machine to do their dirty work. There is no warning. There are no popups. You usually never even know they are there. This is why it is crucial to have a solid security foundation. CA Anti-Virus Plus Anti-Spyware is one program which can help you stay safe.

In order to help you keep your information and data safe, CA is offering a fantastic deal on their software until October 5th. If you use coupon code FGS7156 during checkout, you will save 40% off of the normal retail price on CA Anti-Virus Plus Anti-Spyware 2-Year protection for up to 3 PCs.

If that offer doesn’t suit your needs, CA has graciously offered up a few others:

• Use coupon code WGU2212 before October 31st to save 20% off of CA Internet Security Suite Plus 2010 for one year.
• Coupon code AFA2215 saves you 20% off of CA Anti-Virus Plus Anti-Spyware 2010 for one year if used prior to October 31st.
• Coupon code WKI2218 saves you 20% off of CA PC Tune-Up if used before October 31st.

CA has something for everyone, and now is the time to make sure that your information and identity stays safe.

CA Offers Savings to Stay Safe Online

There are more threats to the security of your computer than I can begin to count. New types of attacks are released on more than a daily basis… you have to be vigilant. You already know to use strong passwords. You also know to be sure and have a good anti-virus program and firewall installed. However, there are many other easy things you can do to help make sure your PC is safe. This is why I have come up with my Top 100 Windows PC Security Tips eBook.

You are free to set your own price for this Gnome Tome, with a suggested minimum of five dollars. Once you have downloaded the .PDF file, you will learn how to fully protect your computer from hackers, viruses, phishing attempts, trojans, worms and much more. Many of these little gems are likely things you didn’t already know how to do… or even that they existed. Much of the information deals with things already in place on your operating system – you just have to know how to use them.

Educate your family about the basics of malware and how to avoid becoming infected — and know where your kids go online.

The above tip may seem to be a no-brainer. You would be surprised to learn how many people simply do not take the time to educate their children and teenagers… or how many teens neglect to educate their parents. The 100 tips and tricks cover everything you need to know – from education to prevention to recovery.

On the last page, you will find several links to discounted security products that we have recommended in the past. We are grateful to those partners for continuing to offer these special prices to our community.

Education is the key to everything – including protection yourself and your information.

Top 100 Windows PC Security Tips

According to researchers, a threat may be lurking in your local Internet cafe. It’s called Typhoid adware, and works much like Typhoid Mary did. Typhoid Mary was the first healthy carrier of Typhoid Fever. She spread the disease to dozens of people near New York City in the early 1900s. “Our research describes a potential computer security threat and offers some solutions,” says associate professor John Aycock, who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin. “We’re looking at a different variant of adware – Typhoid adware –which we haven’t seen out there yet, but we believe could be a threat soon.”

Adware is a type of malware that will sneak onto your computer – usually when something is downloaded. You know those fancy tool bars and cute screen savers you enjoy so much? Yeah… many of them are riddled with adware. The adware causes popups… and lots of them. Typhoid adware, however, needs a wireless Internet cafe or other place where users share a non-encrypted wireless connection in order to thrive.

“Typhoid adware is designed for public places where people bring their laptops,” says Aycock. “It’s far more covert, displaying advertisements on computers that don’t have the adware installed, not the ones that do. Typhoid adware comes from another person’s computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers. Meanwhile, the carrier sips her latté in peace – she sees no advertisements and doesn’t know she is infected ­– just like symptomless Typhoid Mary.”

Make sure all computers in this type of environment are updated fully with proper Windows updates and have proper security software on board. You can find more information by reading the official paper that was released by the school.

Potential Threat for Wireless Networks Discovered

In the past, we’ve been fortunate to offer discounts on SUPERAntiSpyware to our readers, and the response has always been great. SAS is an excellent product, one which Kat highly recommends. Today I learned that they are offering a very special license for educational institutions, and I wanted to make sure that it is passed along to you. If you are a teacher or administrator, you’re going to want to check this out. If you’re a student, why not show this post to your principal?

From now through August 1, 2010, all SUPERAntiSpyware multi-user licenses sold to educational clients will be upgraded to a lifetime subscription with no renewal fees at no additional charge. “Economic hardship and budget cuts are an everyday reality for school systems at all levels,” said Nick Skrepetos, founder of SUPERAntiSpyware.com. “We highly value the role that education plays in communities worldwide, and we want to support schools in their efforts to provide quality education while balancing their tight and shrinking budgets. Managing high-priced software renewal fees is simply not practical for schools in today’s economic climate. We want to help.”

Additionally, SUPERAntiSpyware will include one Technician’s License for its new portable scanner with each educational license at no additional cost. The portable scanner harnesses the same powerful anti-spyware engine as the Professional Edition of SUPERAntiSpyware and references a spyware definition database that is updated at least once per day.

To take part in this amazing offer, simply send them an email. The danger of malware infections pose a huge threat to the educational system, one which could potentially cost millions of dollars to eradicate. Without proper protection, schools are at risk that can not only rob them of instructional time, but may also require them to pay expensive repair bills.

SUPERAntiSpyware Educational License Special

Amidst a slew of heated arguments this week surrounding Facebook’s stance on privacy, yet another blemish has been added to the mix. Many people woke up this morning to find that the popular site had decided to serve up unwanted apps without any consent or control on the part of the user.

This morning, Facebook quietly added apps to your profile for certain websites you may have visited while logged in to FB. You didn’t need to have an actual Facebook window open… you simply had to have not logged out after your session. There were no notifications nor any opt-out buttons to check or uncheck. Some of the sites whose apps were added include Mashable!, TechCrunch, and the USA Today (at least in MY profile). All of the sites who left this trail all have Facebook integration on their sites, and the app install appeared to have been related to the social networking site’s new sharing features and tools.

If a website installs something onto my computer without my knowledge or consent, that “something” is labeled as malware. In my mind, these apps were exactly that. They weren’t something I chose. They were installed on my profile without my even knowing it until this news broke. There was no way that I could easily find to remove them, either. Only after I read up on the announcement did I figure out how to get rid of them. The problem is, if I don’t completely block them they will just re-install the next time I visit those sites.

The new “features” in Facebook’s Open Graph API are supposedly there to be used with your permission to cross-post your comments between the site and external sources. For example, if you commented on a story over at TechCrunch, a pop-up will ask you if you want to publish the comment as a wall story on your Facebook profile, as well. YOU had the choice to allow this or not. This morning, that freedom to choose was stripped away from you.

Hours after the dam broke free, Facebook released a statement:

There was a bug that was showing applications on a user’s Application Settings page that the user hadn’t authorized. No information was shared with those applications, and the applications did not appear to anyone but the user. This bug has been fixed.

According to some reports, though, the problem still persists. While information may not be shared with the sites, their apps are still showing up in profiles after removal. The only way to completely get rid of them is to block them in your app settings.

This is but one more slap in the face for Facebook. However, the site appears to remain unconcerned. With the government already stepping in to attempt to reign in Zuckerberg and his team, I would think that the site would be more vigilant than ever when it comes to letting “bugs” such as this crawl through.

Facebook Serves Up Unwanted Apps

The newly-published results of the 2010 Consumer Reports State of the Net survey are interesting, to say the least. While much of the findings discuss privacy in general, one item that was glossed over stood out to me. According to the study:

Of the estimated 18.4 million adult Facebook users who used apps (games and quizzes), 38 percent were either confident apps were secure or hadn’t thought about it. Meanwhile, a projected 1.8 million computers were infected by apps obtained through one or another social network in the past year.

Nearly two million computers were infected with malware from apps on sites such as Facebook. It boggles my mind that this was glossed over. Some of the infections may consist “only” of adware or other mostly-harmless (just annoying!) junk, many of them are likely far more dangerous. Some pieces of malware will dig into your computer without your ever knowing it and then proceed to steal your information. Still other types will use your computer as a part of botnet… attacking innocent sites and people.

With the risk of becoming infected being so great these days, I would think there would be a way for sites like Facebook to regulate the apps they allow. Sure, there is a “disclaimer” whenever you add an app to your profile. However, it just seems to me that more can – and SHOULD – be done to help keep site users safe. Heck, if FB isn’t going to police these apps, at least do something to warn users more clearly about the potential dangers.

When you’re surfing around your favorite social site installing things, please make sure you’re smart about it. Check out the source of the application, and research them. Are there complaints running around the web which talk of malware being installed or found with that app? Go one step further and ASK for other opinions before you click to allow access to something new. What are others saying about that little game or quiz?

As always, make sure you keep your machine protected with proper Windows updates and security software. Trust your instincts… not your lust for the newest time-wasting game.

Computer Malware: There’s a Facebook App for That

In the antivirus industry, false positives run amok. No matter which vendor you choose to buy from, you’re going to have the occasional hiccup. Those small snafus are usually easily sorted out, with minimal downtime or expense. Once in a while, though, someone falls asleep at the wheel and all hell breaks loose. Such was the case with McAfee on Wednesday.

The company rolled out an update that took down Windows XP computers around the world. The company then issued a statement claiming that “less than .005% of McAfee users were hit by the update,” which misidentified a legitimate SP function as a virus and killed it. The results were computers locked in a reboot loop. Unfortunately, it appears that there are many thousands of computers affected by this disaster… adding up to a far higher percentage than McAfee is apparently willing to admit.

Solera Networks, a supplier of network forensics technology, says it helped one large U.S. multi-national company quickly determine that the poisonous update from McAfee threw 50,000 of its PCs into a rebooting frenzy. McAfee advised the company that “remediation time is estimated to be 30 minutes per user, ” says Solera CEO Steve Shillingford. “Estimating $100 per hour, this organization’s lost time alone can be conservatively estimated to cost more than $2.5 million,” says Shillingford. “And that does not factor in lost productivity while users are down.” The fix issued by McAfee is a long and arduous one, likely not to be attempted by computer novices.

Others affected by the so-called “false positive situation” include hospitals, police departments, major universities and retail stores. Hospitals in Rhode Island had to refuse treatment for all but life-threatening situations. State police officers in Kentucky were without computers in their patrol cars while the IT department scrambled to fix machines. Australian supermarket behemoth Coles was hit so hard that 10 percent of its point-of-sales terminals were taken down. The company was forced to shut down stores in both western and southern parts of the country.

McAfee apparently sent an email to their larger enterprise customers to explain the situation. According to documents sent to Ed Bott, thorough testing was not even done prior to the update being released. The email admits that “Some specific steps of the existing Quality Assurance processes were not followed: Standard Peer Review of the driver was not done, and the Risk Assessment of the driver in question was inadequate” and that “there was inadequate coverage of Product and Operating System combinations in the test systems used. Specifically, XP SP3 with VSE 8.7 was not included in the test configuration at the time of release.”

This blows my mind. Windows XP SP3 is the most widely-used configuration in the enterprise desktop environment. I fail to understand how such a key testing phase could have just been “overlooked” or bypassed.

The most troubling aspect of the entire situation is McAfee’s seemingly cavalier attitude towards the event. The company apologized in a blog post on Thursday, but little has been said about the entire subject. Meanwhile, customers are complaining loudly all over the McAfee community forums, and they want answers. One commenter called for McAfee to “man up and own up to what happened, instead of trying to sugar-coat it and make it seem as though this is no big deal.”

It will be interesting to watch how this will play out as more information comes to light. I have a feeling we have only just begun to hear about the full effect the McAfee mess had on customers all over the world.

McAfee Mess Could Cost Millions

It’s always interesting to read people’s answers to random questions. For instance, I asked on my Facebook page earlier what makes a person strange. The answers were varied as usual. Many community members cracked simple jokes in reply. Still others actually came up with some cool insight into the question.

The absolute best answer had to be the person who stated: “There is really no follow up to that. People really are just strange.” That, folks, is the most truthful statement I’ve ever read! Have a great weekend, all of you strangers.

• Are you a fan of Wired magazine?
• More than a million Americans have been victims of medical identity theft.
• Are you looking into switching over from single to multiple cores?
• Is Twitter a huge threat to Digg?
• Not everyone has a warm, fuzzy feeling inside of them after using the iPad.
• Princeton has explain network issues, and has now banned iPads until Apple issues a fix.
• Are you a fan of OpenDNS?
• In yet another antivirus shootout, the winner is…
• Zero Configuration Networking: The Definitive Guide
• Have you checked out Microsoft’s new Fix It Center?
• Drinking tap water may help you avoid a dentist’s drill.
• Survive the ordeals of modern day life as you strive toward the career of your dreams in new game: “My Life Story.”
• Are you a WordPress guru who can offer advice to a new user?
• Retailers are taking orders for the Phenom II X6 already!
• A home is not an asset. The mortgage payer is the asset.
• A new form of computer malware demands a ransom to keep your information private.
• CallerID spoofing has been banned… almost.
• Stanford researchers find electrical current coming from plants.

There’s nothing strange about wanting to keep your computer happy with the best software you can possibly find.

When are People Strange?

Twitter’s Chirp conference closed out today with the news that the company will soon roll out it’s official URL shortener. CEO Evan Williams noted that it would be “stupid” not to add native link-shortening capabilities into Twitter, since most Twitter clients already have that feature. “Everyone else has solved that problem. We are probably not going to give people a choice. If they want to use a different shortener, they can use a different app.”

In the weeks leading up to Chirp, people all over the world were seen asking for various new features on the popular microblogging site. Not once did I see anyone think that they needed yet another link shortener. I understand the new TwittAD feature. I’m loving the enhanced search capabilities. I enjoy coming up with new ways to find interesting people to follow. I’m even already digging the new front page design.

What I DON’T get, though, is why the heck we need yet another way to make our links smaller. Users want more apps. They want to easier ways to show off photos and videos. They want to come up with better ways to network and connect. These are the things, in my mind, that the Twitter team should be focusing on. It’s all about what the needs of your community are, guys.

• SafeBit is a safe bet.
• You mean to tell me that Pedophiles don’t have a foot fetish?
• Google vs Microsoft – who wins on the office front?
• Do you spy on your spouse?
• How is your money wasted?
• Does the tug-of-war between networking vendors ever end?
• How might the new WinZip update be useful?
• Are you a die-hard Ubuntu fan?
• The news industry isn’t heading in the wrong direction, it’s a disaster already.
• Are you a pro at working in Adobe Premier Pro?
• What is the length and breadth of short URLs?
• Are you using Opera Mini on your iPhone yet?
• Primary care physicians everywhere are facing conflicts with religious-backed hospitals.
• Have you ever had to actually use your recovery console?
• Do we need a world social health insurance plan?
• Do you live your computer life free from OEMs?
• Apple has had to delay the global launch of the iPad due to overwhelming U.S. sales.
• Should Adobe embrace Linux?
• How much would you pay to replace your normal lightbulbs with LED alternates?
• How is Twitter making money?
• How do you build up a home security system?

Don’t “short” your computer when it comes to awesome software. The same holds true of your mobile devices! Check out our software center to find out what’s new today.

We had some excellent little discussions going on over at the Facebook fan page today. Did you miss out on any of them?

• The one thing Google can’t find is…
• In a perfect world, everyone would…
• I secretly want to be…
• I get most stressed when I…

Is a URL Shortener Really What Twitter Needed?