Battle Ground Computers

Holiday Scams

2011-12-16T17:34:00.000-08:00

As usual, the malware folks are at it again. Here's a link to an article about scams being perpetrated in the name of Verizon and Amazon.

Merry Christmas to you and yours....
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

File hosting companies installing malware

2011-12-07T13:19:00.000-08:00

I've been warning customers for years to be careful about the source of applications/programs that you're downloading. Hackers are fond of tricking you by labeling their malware to look like what you're trying to download.

Now, the heretofore safe download sites, have been caught doing just what I've suspected all along - installing malware along with the application you thought you were getting - specifically, CNET's download.com website.

This issue is not limited to CNET. Almost all of the "corporate" file hosting sites (and even some manufacturer sites) want you to install their "download manager" in order to get the file/driver you need. Be careful!

While on the topic...hackers have found an unpatched vulnerability in the Adobe Reader - AGAIN - and are exploiting it in the wild.

We're now doing training classes at Battle Ground Computers on Saturday afternoons. If you'd like to receive email announcements of upcoming classes, please call (666-7647) and ask to be added to our training announcement list. This Saturday's class will be about internet basics - get your questions answered about how the internet works.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Training Clases

2011-11-21T15:45:00.000-08:00

It's been awhile since I've posted...no excuses.

Lots of folks have asked me about training classes and I've drug my feet for months. Now it's time to step up to the plate...

If you're reading this post, your email address has been added to the list and you'll receive announcements as I send them out. Please be assured, I'm not using any outside company or website to manage my mailing list. I use a group in my Battle Ground Computers Gmail account. Emails will be sent as blind copies (BCC:) so as to minimize exposure of your email address.

If you know of someone that would be interested in our training announcements and/or classes, the easiest way to get on the list is to send me an email to "battlegroundcomputers@gmail.com".

Through 12/31 we a running a 10% coupon on Google Places. Click here to get your coupon.

Happy Holidays,
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Training Classes from Tom Cross, owner Battle Ground Computers

2011-08-23T20:57:00.000-07:00

With all the new technology and features of the internet and Windows 7, many of my customers have become "overloaded" when trying to deal with all the changes. Many have asked if I would ever do training and I've decided it's time to do just that.

To get started, I need to know what you want to learn. I've created a short questionnaire that will help me get started. As I have more details, I will email you with curriculum and schedules. Please fill out the questionnaire and forward this post to your friends/family that might be interested.

Thanks for your support,
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

eBank Fraud Continues - Digital Gangsters Won't Stop

2011-05-03T16:34:00.000-07:00

My apologies for the lack of timeliness on this article...

Many of you have heard me spout off about hacker's motivation. It's simple - THEY CAN ROB BANKS without a note, gun or mask.

Now (4/4/11) comes a study that supports my allegations. Please read the complete article as it is most alarming...

"Fifty-six percent of businesses experienced fraud in the past 12 months, according to the study. Of those that experienced fraud, 61 percent were victimized more than once. Seventy-five percent of the victims experienced online account takeover and/or online fraud. These figures are nearly the same as last year's, the researchers say."

Yet, everyone is acting like a deer in the headlights when it comes to doing something about it. Yes, you can take steps to prevent hackers from taking over your computer but that is like rearranging deck chairs on the Titanic - it's only a matter of time before they succeed.

Until the banking industry makes changes to the UCC (Uniform Commercial Code) that governs business bank accounts (personal accounts are not near as susceptible) giving customers more protection, this "industry" will continue to flourish.

It's time for small-medium size businesses (SMBs) to make it clear to their banks that they will not tolerate lack of controls on wire transfers made remotely (from a PC logged into the account). This is a no-brainer - it's just a software program that makes it happen and it CAN be controlled by the same software.

But, apparently, we have a banking industry that thinks this is someone else's problem. After all, they have implemented all the security they are required to by their industry. So what's the problem? Well, the security practices/procedures agreed upon by the industry is NOT STOPPING THE HACKERS!!

From the Soapbox, thanks for listening....Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

What is Linux? (video)

2011-04-08T00:03:00.000-07:00

Lately, we're seeing more aggressive malware that continues to find ways to hack Windows. Used in every business, Windows vulnerabilities are used to infiltrate our largest organizations - government, infrastructure, banking, etc.

With each successful hack, criminal hacking of Windows becomes more lucrative increasing the effort to hack your operating system (Windows).

Solution....don't use Windows; use Linux. It's an operating system that has been around for years and is used to power the internet. It's also available as a desktop operating system and, though not totally immune to hackers, is essentially virus-free.

To celebrate the 20th anniversary of Linux, this little video answers the question, "What is Linux?"

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Commercial email provider hacked

2011-04-04T17:15:00.000-07:00

Last week, commercial email provider, Epsilon, was hacked and email addresses from many retail stores and banks were stolen.

Read more from Brian Krebs.

Be especially vigilant for emails coming from these businesses. Security researchers are warning that these email addresses will be used for spear-phishing attacks in the next weeks/months.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Qualys Browser and Plugin Checker

2011-04-01T17:57:00.000-07:00

Here's an easy way to check that your browser and associated internet applications (Flash, Foxit, Media Player, Java and Silverlight) are up to date. You'll need to install the Chrome Extension first, then the website can execute the version checking.

https://browsercheck.qualys.com/

If you're using Chrome on XP, and the checker says that Windows Media Player needs to be updated, you'll have to use MS Internet Explorer to download the update to your computer from Microsoft and then run the installer. (Microsoft can't run the system validator in Chrome and will prompt you for some additional steps that can be confusing. It's just easier to use IE to get the update).

If the checker still says Media Player needs updating, open Media Player and click on "Check for Updates" in the Help menu. It needed, it will download yet another installation file that will do the final update to the Media Player. Version checker should then report all is OK.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

IRS Scam: Phishing by Fax

2011-03-29T11:34:00.000-07:00

Brian Krebs has just reported on a new round of scams using the IRS as the 'hook'. Please read at this link. Or, if you like, here's the full URL:

http://krebsonsecurity.com/2011/03/irs-scam-phishing-by-fax/

Also, Dancho Danchev reports on the resurgence of the delivery notice scams from US Post Office, UPS, FedEx, DHL delivered via email.

Tom

PS - for those of you that know I've been a professional musician for many years; on Friday, April 8, I'm playing drums with Blind Ray and the Service Dawgs (little blues trio) at the Brickhouse Bar and Grill in downtown Vancouver. Good food, great beers, killer band.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Japan Tsunami Scams Abound

2011-03-24T14:27:00.000-07:00

Just a reminder that the internet cretins are out in full force hijacking sites and services (Facebook, Twitter, etc) relating to the tragedy in Japan. The Sunbelt blog gives a good rundown on some of the variants.

Please take a moment to review and let your friends/family know something about how hackers are capitalizing on this newsworthy event.

Click here to go to Sunbelt's blog.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Heads-up Skype and Facebook Users

2011-03-12T09:43:00.000-08:00

Watch out for the Facebook fake email scam. Read more from M86 Security Labs.

I've heard from several people about phone calls they've received from Microsoft saying that they had detected a virus on the computer, blah, blah, blah. Here's a new wrinkle using Skype.

Please Tweet this or share. Folks need to know how insidious these guys can be....

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Google removes malware apps from Droid market

2011-03-03T16:44:00.001-08:00

We've all been waiting for 'em and now they're here.

Google has pulled malware apps (phone applications that have viruses in them) from the app store. Read more about the issue here. (This is a must read if you have an Android phone).

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

AV vendor Comodo calls out the AV industry

2011-02-24T11:02:00.000-08:00

Here's an interesting read along the same lines as many of my rants about the AV industry. Exerpt:

In the digital world, Abdulhayoglu believes viruses are the equivalent of a real-world criminal, and anti-virus vendors release details on the malware signature only “once it has become irrelevant”.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Merger of Cybercriminal Businesses

2011-02-04T16:30:00.000-08:00

For the past several weeks, security researchers have been watching the merger of two of the most notorious banking trojans used by cybercrimals to commit fraud against consumers and businesses. Brian Krebs has reported on it and now even Fox News has picked up on it.

Internet criminals are not longer just individuals with a penchant for computer shenanigans. These cretins have learned how to rob banks. So like any other business that has found a new, lucrative market, their efforts are going into perfecting that ability. This merger is just another business decision - it's just not a legitimate business.

Stay safe. Use Chrome, CCleaner, Foxit and MS Security Essentials - Adobe Acrobat/Reader/Flash as separate applications, are not needed any longer. They're included in Chrome.

Tom
(PS...all links above are shortened, by me, using Google's URL shortener)

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Botnet Predictions for 2011

2011-01-18T13:30:00.000-08:00

Sorry for the fear-mongering here but, forewarned is (hopefully) forearmed.

Dark Reading has published a report summarizing the findings of several researchers that monitor botnets (that pesky collection of infected computers controlled by criminals to send spam) and their activity. A decline in the volume of spam at the end of 2010 (link to Brian Krebs article) has left some of the researchers scratchin' their heads. What are these guys up to?

In their security blog, security researchers at Dasient have itemized their predictions for 2011. Interesting insight into the internet criminal 'industry' and how they operate as a business and not individuals.

While I'm here, this is an article from Brian Krebs about the commercialization of hacker exploit kits. Anyone can buy a exploit kit and become a hacker. So who's hacking who? There is some speculation that the 'professional' criminals are conning the hacker wannabes into installing the pro's stuff for them via these exploit kits

And finally, as usual, the folks at Sunbelt (now called GFI Labs) have a lot of interesting reading about hacker's tricks in various forms....good read.

That's about it for January. I've been really busy working on my Garage Solutions website preparing for my retirement. (Don't worry, I'll still be available).

Regards, Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

They're here....viruses for your Android phone

2010-12-30T09:51:00.000-08:00

I've been waiting for this...

open source operating system +
wide-open application market +
internet connected device =
HACKER PAYDAY

Mobile security researchers have found a trojan/virus in the wild exploiting Android phones. Dubbed "Geinimi", the virus is turning up in repackaged versions of legitimate applications, mainly games, from third-party Chinese Android app markets. These include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Lookout says it hasn't seen any applications compromised by Geinimi in the official Google Android Market.

Advice is to get your phone apps ONLY from the Google Android Market. Stay away from the many open Android marketplaces.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Yet ANOTHER exploit for Internet Explorer

2010-12-23T13:00:00.000-08:00

Will Microsoft ever be able to stop hacker from using IE? I doubt it. Too many people are making too much money hacking it.

This one is being reported in the tech press and the BBC. Digging around Google News, it's interesting to see the press' coverage of this. Nothing in the mainstream yet (maybe it's too new). But, pay attention to this. Why is the public not being told of this? Apparently it's not important enough to rise above the "noise" deemed newsworthy by our media (oops, there's my soapbox again!)

Let me say it again....

Friends don't let friends use Internet Explorer!!!

Merry Christmas to all from all of us at Battle Ground Computers.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

More rogue utilities...

2010-12-14T10:02:00.000-08:00

We've been seeing the hackers use of rogue security and anti-virus 'scareware' for a long time. Now they've migrated their efforts to the computer utility genre - disk defragmenters, etc. Not to be confused with legitimate tune-up utilities, these are viruses disguised as tools to resolve computer problems.

This article from the researchers at Sunbelt Software explains how to spot this new round of hacker tools.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

CyberThieves Using Paypal as Portal to Bank Account

2010-11-29T21:16:00.000-08:00

Here's a good one. Article from the LA Times of a woman who's had her checking account accessed by hacker's using a PayPal account. This is what a rootkit can do.

F-secure is reporting on the latest Facebook exploits. Good read.

Stay aware, stay safe.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

More Facebook Exploits Exposed

2010-11-13T11:02:00.000-08:00

Sunbelt has posted a blog about another Facebook exploit. Notice how the exploit uses social engineering ("who doesn't like me") to entice the user to trigger the exploit.

Also, Brian Krebs reports on a research paper just published that exposes the botnet behind most of the social networking attacks/exploits - Koobface.

Stay safe...
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Adobe Flash Update Plugs 18 Security Holes

2010-11-06T11:12:00.000-07:00

Adobe has released a new version of Flash (the program that plays movies from the web) to fix security vulnerabilities. But we have some interesting twists...

First, Adobe Flash is integrated into the Google Chrome browser. Chrome will update Flash as needed, internally. However, users that had been using Firefox or IE have a separate instance of Flash installed which should be uninstalled.

Adobe has made available a Flash uninstaller - a separate program that you download from here. Save it (desktop, downloads, etc.), close all programs and run the uninstaller.

After running the uninstaller, go to your Add/Remove Programs in the Control Panel and verify that there are no Adobe Flash programs installed. The uninstaller should remove both the Flash plug-in for Firefox and the ActiveX Flash for IE. Restart your computer after uninstalling.

There is a bit of discussion that the ActiveX Flash plug-in for IE may be needed by some of portions of Microsoft Office. This is unconfirmed at this point and may be user specific depending on what version of MS Office you have and how you use it.

Next, start Chrome, click on the wrench in the upper right corner and select "About Google Chrome." The latest version (with updated Flash) is 7.0.517.44. If yours is not that version, you should be seeing an "updating Chrome" message.

Once updated, visit this page with Chrome to verify that you have the correct version of Flash (10.1.103.19). This page will say that the current versions of Flash are 10.1.102.64. A bit strange yes, but we have to assume that Chrome's internal version of Flash is Chrome specific.

I know this is way more complicated than it should be, but it is important to patch these vulnerabilities. We will not be able to help you over the phone install this update. Please try to work through it yourself. If you cannot, bring your computer in and we'll take care of the uninstall/update of your Flash though we'll have to charge a nominal fee to do so.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Remove Internet Explorer from Win7

2010-10-28T17:37:00.000-07:00

I finally got my wish...

Microsoft has released instructions on how to remove Internet Explorer from Win7 (but not XP). Too bad, but another good reason to upgrade to Win7.

Not sure why MS would allow us to remove IE since they've made such a big deal about staying in the browser market. Perhaps they figured out that IE is the hacker's meal ticket and would rather give up on IE rather than have to continually patch Windows.

One HUGE vulnerability eliminated!

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Dutch police takedown Bredolab botnet with this warning...

2010-10-26T10:01:00.000-07:00

The Dutch National Crime Squad has announced a major takedown. The people behind the botnet have not been caught, but the servers have been taken over, effectively shutting down the botnet.

Upon detecting a computer infected with this particular nasty (by monitoring your computer's communication with the botnet), you will be directed to this page. This is not the effects of the infection, but rather, the Dutch police redirecting you to the page informing you of the infection.

Hopefully, none of you will see this page. This is just an advance notice of the attempts by the Dutch police to shutdown this botnet. This type of automatic redirection is the kind of stuff viruses do and you should be alarmed when you see this type of activity.

However, in this case, this redirect is legitimate. Complete story from F-secure here.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

New Version of Google Chrome

2010-10-20T16:05:00.000-07:00

Version 7 is now available. Go to the "wrench" and select "About Google Chrome." From the dialog box select Update.

Here's more information about the update.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Increased Exploitation of Java

2010-10-19T00:08:00.000-07:00

Microsoft as reported a major increase in the volume of java exploits. The latest version patches 29 vulnerabilities. Use this address to check your version of Java (copy/paste into address):

http://java.com/en/download/installed.jsp
...or...
This link will connect you directly to the page. If you're not using the latest version, you'll be prompted to download the file that will install the correct version of Java. Save and run the file downloaded.

Thanks for listening,
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

MS Security Patches for October

2010-10-12T11:14:00.000-07:00

It's that time again. MS has released up to 16 patches for critical vulnerabilities in MS products. Some of these vulnerabilities are being exploited by hackers so these patches are important.

Don't wait for the automatic updates to run. MS can take days installing all of the released patches. Just run the Windows Update program from your Start | Programs menu.

More information about October patches.

Thanks,
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Social Engineering - Malware Removal Guide

2010-10-09T00:02:00.000-07:00

Some of you know that I've been working on creating a website that will help my customers do some or all of what I do when I diagnose and repair a computer.

I've written a new section on Social Engineering and how it's used by hackers to get past your antivirus protection. Our assumptions about things create vulnerabilities in our behaviors that can be exploited - unless you know about them.

Please post any comments about your own experiences or something I've missed.

Thanks,
Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Google Chrome - Recommended Browser

2010-10-05T12:30:00.000-07:00

Lately, we've been seeing Firefox attacked by viruses that are able to disable the NoScript plug-in.

We've been able to repair the infection by uninstalling Firefox and removing all user profiles and program data files. Reinstalling Firefox w/NoScript returns functionality to the browser but only AFTER the initial infection has delivered it's payload.

We are now no longer able to recommend Firefox w/NoScript as a protection mechanism. (Continue to use CCleaner, Foxit and antivirus.

Both Daniel and I have been running Google Chrome for the past several months and are pleased with it's security provisions. Even though Chrome does not block javascript, Chrome's security features (sandboxing processes and modifying Windows security tokens) appears to be effective at stopping javascript's ability to exploit the underlying operating system.

Get Google Chrome

It takes a bit of getting used to as the interface is a bit different. Google's Chrome help page should help you with the transition.

Tom

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

New Vulnerability in Adobe Flash Player

2010-09-14T18:55:00.000-07:00

As soon as I read about this on Sunday, I was tweeting/facebooking the info but couldn't get to the blog post until today.

Brian Krebs reports that Adobe has warned of a new, undiscovered vulnerability in the Adobe Flash Player
http://krebsonsecurity.com/2010/09/adobe-warns-of-attacks-on-new-flash-flaw/

Flash is what plays movies on the internet. It is widely used by almost every video site on the 'net. Alternatives exist (SilverLight from MS) but are widely used.

There is no defense against this one except vigilance. Be especially cautious of any email you get directing you to a video. For those that like to see what's hot (viral) on the net, this one will get you. Hackers use current events that have buzz (tragedy, celebs, etc.) because surfers will search out viral videos to see what the buzz is about.

Please be careful.

Battle Ground Computers
Malware Removal Guide
If your friends/family would like to receive these posts, please forward this email to them with instructions to signup from this link:
Subscribe to Tom's Battle Ground Computers blog posts via email

Vulnerabilities in HP Printer Software

2010-09-12T13:35:00.000-07:00

Yesterday a customer brought in a computer that we had recently repaired. Customer had been using all of our recommended security practices and yet the computer was acting strange. A rootkit scan revealed that a rootkit/virus had exploited a vulnerability in the internet-facing HP applications that HP installs when you take the default installation of their printer.

When HP installs their software (not just the printer driver), they open about eight ports in the Windows firewall without asking the users permission. These ports are opened to allow HP and/or their software to do internet type things - updates, sharing photos, etc.

It now appears that hackers have learned to exploit these internet-facing ports and applications outside of the protection provided by the AV and NoScript. I had even disabled the default "File and Printer Sharing" feature of Windows (which is another vulnerability) since this was the only computer in the house and no need to share anything. This means that the hacker was able to access the HP software directly.

I haven't done enough research to have a solid recommendation for securing this vulnerability yet. It's difficult to know which HP application can be uninstalled or have their firewall ports blocked. This will depend on if and how you use the HP software that came with your printer.

For this customer, I recommended:

Uninstall ALL HP printer software
Fully scan with Avira in Safe and Regular Mode
Run CCleaner
Remove all ports opened by HP in the firewall
Download/install from HP only the basic printer driver without the full software suite
Check for HP ports in the firewall and close/delete all

As I have more time to investigate this, I'll try and post new information.

Editorial comment:
A recent repair (factory restore) of an HP computer with Win7 turned out to be a major headache. Win7 (vanilla OEM install) comes on 1 DVD and takes about 45 minutes to install completely. HP's recovery came on 4 DVDs and took over four hours and much fumbling around with disks and prompts that didn't work. Coupled with the liberties taken with their printer installation (above), HP has clearly demonstrated that they view their products as internet-cash-machines at the cost of the security of their customers computers.

Remember, you STILL get what you pay for. Cheap computers are cheap for a reason - the manufacturer can bank on making secondary income from the software installed on the computer.

Battle Ground Computers
Malware Removal Guide

Yet Another Adobe Acrobat Exploit

2010-09-12T12:28:00.000-07:00

For months I've been advising customers to stay away from Adobe Acrobat/Reader and to use Foxit Reader instead. Here's more proof. Adobe is incapable of stopping hackers from using their products as an exploit vector.

It's only if/when Foxit cannot open a .pdf document that you even need to consider using Adobe's software. If you do have to use Adobe, make sure that Foxit is configured as the default .pdf document read (check box in the Help menu).

Brian Krebs (Krebs on Security) has more information.

Pass this on to your friends. To subscribe to my brief and infrequent posts, click on the Blog link on the BGC web site and sign up with the link in the right side panel.

Thanks, Tom

Battle Ground Computers
Malware Removal Guide

Adobe Flash - Update and Control

2010-08-30T10:34:00.000-07:00

Adobe has released another update. To download the update file for Firefox, use this link to get the update file without loading Adobe's download manager. Remember, you will have to run the file from the download directory in your MyDocuments folder.
http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

In order to remove some of the mystery about Flash, this is the link to the Flash player settings running on your computer. This is a bit confusing because clicking on this link, connects you to Adobe which, in turn, reads the Flash settings on your computer. Cruise through the settings and you'll get a better sense of what Flash does and how it is configured.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html

Explanations of the items in the settings manager are here:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

Enjoy, Tom

Battle Ground Computers
Malware Removal Guide

Facebook Malware and Scams

2010-08-17T10:49:00.000-07:00

Every week I'm asked "Is Facebook safe?"

Yes, but...Facebook CAN be used to spread malware; so the answer is not a simple "yes" or "no." As these links show, malware creators are finding more creative ways to make money.

Farm Town has been found serving up malicious ads:
http://www.pcworld.com/businesscenter/article/194008/malicious_facebook_ad_redirects_to_fake_antivirus_software.html?tk=rel_news

Facebook users are now being pummeled with malicious wall posts like this one:
http://www.sophos.com/blogs/gc/g/2010/08/16/facebook-dislike-button-scam-spreads-virally/

Here's information on how to spot these type of scams:
http://www.pcworld.com/article/203444/how_to_spot_facebook_scams_like_dislike.html?tk=hp_new

My Internet Fraud page is about refining the definitions between criminal and legitimate internet usage.

All virus/malware is about making money using internet technologies - drive-by downloads, malicious ads, infected .pdf files, etc. So what separates those using legitimate advertising from those using illegal or deceptive means to get your money? Welcome to Snake Oil 2.0.

Battle Ground Computers
Malware Removal Guide

Foxit Reader Update

2010-08-07T11:44:00.000-07:00

Please update your Foxit Reader program. New vulnerabilities in the PDF document format have been found and patched with the update.

Start Foxit, then click on "Check for Updates Now..." under the Help menu.

The 4.1.1.0805 update will be listed in the "Available Updates" box on the left. Simply highlight the update and click the "Add" button to populate the "Selected Updates" box on the right.

Click on the Install button (now activated) at the bottom of the dialog box to install the update.

Battle Ground Computers
Malware Removal Guide

PS: I've posted a new section on the Malware Removal Guide on internet fraud. Check it out at:

http://www.malware-removal-guide.com/internet-fraud.html

Vulnerabilities and Exploits Presented at Conference

2010-07-30T12:32:00.000-07:00

Security companies are issuing warnings that unpatched vulnerabilities in some widely used applications or systems are being presented at the Defcon and Black Hat conferences in Las Vegas this week.

The link above is a summary of the presentations. Topics cover a range of vulnerabilities and hacker activities, some of which you may come in contact with.

Please review the Cnet article to become familiar with some of the new efforts that may be used by hackers.

Tom

Battle Ground Computers
Malware Removal Guide

Yet Another Windows Security Flaw Discovered

2010-07-20T21:41:00.000-07:00

The entire security world is abuzz with discovery of a previously unknown flaw in the way Windows handles icons on removable devices (USB thumb drives and like). In particular, the flaw exists in the way Windows Explorer processes icons that represent links to files. You don't have to click on anything other than opening the device in Explorer. Simply iterating the files on the device is enough to trigger the exploit.

And because the proof-of-concept code has been published (meaning that hackers now have it), everyone is working hard to fix it. Some AV programs detect it, MS is working on a patch (previous "patches" of a similar vulnerability have not worked).

So far, no one has the definitive fix. Many have workarounds and patches. So until MS patches the matter via Windows Updates, you'll have to rely on your AV to detect the vulnerability.

Safer yet, use only USB devices that have been in your possession until the final fix is in.

Battle Ground Computers
Malware Removal Guide

MS Warns of Increased Exploits

2010-07-05T18:44:00.000-07:00

Microsoft has issued a warning that hackers have stepped up their exploitation of a vulnerability in the Windows Help and Support Center. This affects Windows XP and Server 2003; does NOT affect Vista and Windows 7.

Exploitation occurs by directing a user to a web page that begins with "hcp://" instead of the usual "http://". The NoScript plugin will not stop the exploit.

Microsoft has made a fix available at: http://support.microsoft.com/kb/2219475

Learn how to diagnose, repair and protect your computer:
Malware Removal Guide

Update Adobe Flash without using their download manager

2010-06-11T10:11:00.000-07:00

Adobe continues to force users to use their download manager to install the latest versions of Flash.

For me, this is unacceptable. Why would I allow a company notorious for their cavalier attitude about security updates, to install another piece of software on my computer?

Here are the links to download the latest version of the Flash Player WITHOUT using Adobe's download manager. As usual, download the file and then run it, downloading the installation file will not install the update.

Flash 10.1 for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe

Flash 10.1 for other browsers (Chrome, Firefox, Safari, Opera): http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

Verify installation: http://www.adobe.com/software/flash/about/

Malware Removal Guide

2010-06-03T22:13:00.001-07:00

I've been working on creating a website for those of my customers that want to know more about what I do. How I do basic diagnostics, the tools I use and more information about how to fix your own computer.

Some of it is pretty terse and to the point and represents my 10 years of fixing computers in a retail setting.

If you find it helpful or have suggestions, let me know - call me at the store, drop an email or come back to the site after I get the comment section setup.

Hope you enjoy the Malware Removal Guide.

Google Search Poisoning by Hackers

2010-05-24T11:14:00.000-07:00

PCWorld has published a report from Symantec detailing the effectiveness of hackers use of Google search to infect computers.

It's especially interesting to note the use of botnets to automatically generate back links to 'game' Google's search results.

Among the key findings identified between March to April 2010, on Google search results include the following:

• On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results;

• On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL);

• On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms (see Figure 1);

• The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results;

• Almost all of the malicious URLs redirect to a fake antivirus page.

So...please be careful how you use Google and what you search for.

Summary of McAfee Labs Report

2010-05-06T12:28:00.000-07:00

Most of you know my opinion of consumer AV products. However, in spite
of the ineffectiveness of their products (or more accurately, the
effectiveness of the hackers to circumvent the AV), the AV companies
are the source of good information about hackers efforts. From this
we, as consumers, can learn something about the hackers -
opportunistic exploitation of our natural tendencies (social hacking)
- curiosity and trust.

The following are snippets from McAfee Labs latest report; lots of
detailed information in the full report if you're willing to wade
through it.

Robot networks, controlled by bot herders or bot masters, are one of
the most common means of distributing spam and malware. The robots are
the millions of compromised machines around the world.

The reason for this rapid growth was that by 2005 the source code for
creating bots was widely available on underground Internet forums. The
source code itself did not cause the explosion, but with the release
of a GUI application that allowed point-and-click construction, the
rules changed. Even people who didn’t know how to develop could now
create their own versions.

This has been a record year for web-based threats and the fourth
quarter finished with a bang

Spammers often use a technique called headlining to grab a recipient’s
attention. Within days or even hours after a popular news story
breaks, spam campaigns use aspects of the story to craft a wild
headline that will appear as the subject of the message. The body of
the message won’t necessarily have anything to do with the subject
(usually the message body is unchanged from the current spam
campaign), but it can often trick the victim of the spam to take an
extra moment to look at the message.

Law enforcement has enjoyed some notable successes in fighting
cybercrime this quarter. Both the FBI and Romanian authorities have
made arrests to break up criminal rings. Unfortunately, it gets easier
all the time to become a cybercriminal. Online toolkits, often
originating in Russia, make it easy for first-time crooks to get into
the botnet business.

At the source of this malware tsunami is money. Threats and malware
make money. Bots make money. Fake security software makes tons of
money. The lures and methods criminals use differ; however, they
refect common online user behaviors more than ever before. When a
celebrity dies or a catastrophic weather event happens, people want
information on it. The cybercriminal knows that people will go to the
Internet to get this information and they react rapidly to the
opportunity. Almost all high-impact news will lead to many of the same
threats—fake websites and poisoned search results with the same goal
in mind: data theft

Source:
McAfee Threats Report:
Fourth Quarter 2009 By McAfee® Labs
www.mcafee.com/us/local_content/reports/threats_2009Q4_final.pdf

If you find this type of communication helpful, tell your friends
about us. Sign up for future briefs at our home page.

Thanks, Tom

And Yet Another Online Robbery

2010-03-30T23:10:00.000-07:00

I believe this is about the fifth incident I've read about in the past two months...this is getting ridiculous!

Missouri dental clinic loses $205K to hackers.

And the story continues to be the same - hackers use business' bank login credentials to transfer money out of bank accounts. And everyone takes up legal positions and the security community is left to postulate how it happened. And then the blogger comments parrot loudly the various opinions about preventing such things - Mac, Linux, liveCD, better bank security, et. al.

But no one talks about preventing the problem at the endpoint - the employee use of the computers they use to access web (email, social, browser, plug-ins, third-party apps) and plugging the gaping holes that lax user training and employment conditions (computer use policy) create in protecting the business resources (computers) from remote control.

Most businesses rely on someone or something else to passively protect the computers either locally or at the network/domain level - AV, firewall, IDS, etc., etc. This "off-loading" of the security problem leaves the individual users free to do whatever the security provisions allow them to do.

And who is says what PC applications will be used - browser, IM, email, pdf reader, music - inside the business? Are the users trained on their safe use?

As long as the IT guys think they can hide behind their filters, logs, alarms and out-sourced security (leaving the users thinking the IT guys are taking care of security) and users are not held accountable and trained in the use of safe internet applications and tools, this type of bank robbery will continue.

It's the very structure of businesses that make this type of robbery possible. If there is any notion of security being handled by someone else - employee or contractor - then the users have little or no responsibility for what they can stumble into on the web.

Communications Breakdown

2010-03-19T13:34:00.000-07:00

For the past year or so, we've been offering a security "service" that is basically training in the use of "tools" that we know block most of the infectious vectors hackers are using today.

Simply put, in today's internet, an AV program is incapable of PREVENTING infections. Sure, they can detect what they know about (inherent weakness) but they can't prevent the infection. In 2009, researchers estimate that there were over 50,000 new viruses per day! This is the number they detected making no mention of the ones that escaped detection.

Security researchers are all very good at analyzing infections post-infection; and they can review traffic/firewall logs to learn more about the source and methods the hacker used. But, after all is said in done, none of them are offering any advice to the consumer beyond using "adequate protection."

So what is "adequate protection"? To Joe and Mary Consumer, it's an AV program (pick one - any one) yet my shop is filled with repair jobs and about 98% of them had an AV program.

Most researchers will also agree that javascript (JS) is one of the most common infectious vectors used by hackers. Of course, we still have spam, social networks, free downloads, P2P and other file download scenarios. But JS is being used more and more. (Does anyone ask how there can be 50,000+ new viruses per day?).

JS is a very powerful language that executes in your browser memory from the website - it is an automatic thing - web sites run programs in your computer via JS. JS also has sophisticated encryption algorithms such that the virus code is un-encrypted by JS as it loads into your computer and it's a simple programming issue to make the un-encryption algorithm change a few bytes of the code to make it undetectable by signature-based AV programs!

Rootkits have now become the norm for the "professional" hacker and JS gives them the power they need to install their goods. Once a system is rooted, there is no way to safely remove the infection. Rootkits modify the fundamental operations of the Windows OS thereby thwarting efforts to detect and remove the rootkit. How can you scan an infected system when the scanner is using the very OS capabilities that have been modified by the rootkit?

JS is used primarily for advertising. Blocking JS in the browser is the only adequate PREVENTION that can work. But advertisers don't like their money-maker being blocked. So, is there some sort of suppression going on? Have you ever heard of blocking JS as a protection? Why not?

AV programs don't work and the publishers know it. But the two largest are publicly traded on the NYSE. That makes their stockholders ROI their primary fiducial responsibility. Do they want the public to know their product can't do what they claim? Of course not - they have to protect their investors ROI.

In the last month, I have been called in to look at computers at several small businesses. Each one of them (as well as the others in the network) were severely infected with rootkits though the users called regarding some symptom they were having - pop-ups, web-redirects, error messages, etc. The business owners had no idea of the ever-changing efforts of the hackers to compromise their computers. Nor should they have to keep up with that knowledge. They've trusted their computers to the "flavor o'the day" AV only to have the hackers move to a different method (JS) that the AV can't see.

I'm currently offering to come to a business for a free evaluation of the current protections in place including scanning for rootkits on several computers. If rootkit infections are found, I will work out a plan to sanitize the computers with a focus on minimizing interruption to the daily business operations. Once sanitized, I will train all users on the current state of hacker exploits and use of the tools we use to protect our computers and those of our customers.

If you'd like more information about this service, call me at 360-666-7647 or complete the email signup form at our website to receive occasional emails about security news - new exploits, research, statistics, etc.

Thanks,
Tom

Anti-Virus Programs Don't Work

2008-05-27T15:27:00.000-07:00

For years, computer users have been led to believe that an AV program (Norton, McAfee, etc.) on their computer will protect from hackers. If that were true, I wouldn't have a job.

Ample research (www.battlegroundcomputers.com/resources.html) has proven that hackers have figured out how to infect your computer even with an AV program on it. How?

Well, first, you have to understand the business model that AV programs work on. I call it prescriptive defense because the AV program is trying to find something AFTER it's in your computer. By then, it's too late.

The assumption is that the AV program will examine your computer for files that it can recognize by the file signatures. (When you update your AV program, you're downloading the latest virus signatures that the AV program will use to identify virus files on your computer).

The problem with this model is that the AV companies first have to discover the virus in the "wild", then create the signature, then distribute it to your computer via automatic updates. At best, this process can take 3-5 days leaving you open to infection until you have the updated signatures. Coupled with an aggressive spam/IM campaign, hackers can deliver a virus to you long before the AV even knows about it.

Hackers modify their payloads more frequently to stay ahead of the AV detection signatures. They can instruct the virus to morph itself before spreading thereby becoming invisible to even the best AV program.

But this is only the beginning....

Instead of relying on a viral file to hack your computer, hackers are now using web sites to infect your computer through the browser (IE, Opera, Firefox, MSN, AOL, NetZero, PeoplePC, etc.).

When you connect to a web site, the browser executes the code used to create the web site - notably HTML. But HTML is limited in what it can do - it is primarily a display language and therefore cannot create attractive menus or other functionality. So, the HTML code is designed to execute scripts that are tasked to do the real work of web functionality. This is most often javascript and the browser executes all scripts on the web site WITHOUT USER INTERVENTION OR KNOWLEDGE OF THE SCRIPT.

Hackers are now hacking web sites and injecting their own links to javascripts that infect your computer. By hacking the database that generates web site HTML code (you knew that hosting companies use a database to store your web site files, right?), hackers can create thousands of viral web sites - many of them known good, safe web sites.

Because scripts are executed by the browser in the context of the user, they have all the power of the user including modifying the Windows registry, modifying the NTFS file attributes/permissions (making files invisible and/or undeletable), disabling the AV and creating new user accounts.

But users still adhere to the notion that they're protected because they have an AV program. The AV companies tout their effectiveness and so create an attitude of complacency in the users. This complacency is the door through which the hackers gain access to the computer.

The only effective defense against hackers is preventive - blocking scripts BEFORE they can execute in your browser.

Use Firefox with the NoScript plugin to protect your computer.

Beware of any computer repair shop that claims they can remove viruses from your computer by using an AV program.

If the virus has modified your registry to do some task, the AV program has no way of knowing that - there is no signature to compare to.

Is your off-the-shelf computer secure?

2007-12-05T13:43:00.000-08:00

NO. Why? Read on…

Pre-installed software (bloatware) comes in many different categories – anti-virus, photo editing, web surfing, document creation, games, etc. – and is installed in virtually ALL brand-name computers.

So, imagine you’re a hacker and you want the best return for the least amount of effort. What are you gonna hack first? The anti-virus and the default web browser, of course.

This year, over 200 million PCs were shipped. All had Microsoft Internet Explorer and most had either Norton or McAfee antivirus software pre-installed.

The computer manufacturers used to make a big deal about how buyers have the latest security technology, blah, blah…..all designed to separate you from your money and alleviate your concerns about viruses and hackers. (Lately, they’ve tuned down that message).

Now, Mr. Lazy Hacker knows he has two obstacles to overcome to gain access to your computer. Using an ActiveX control built into IE (or a Windows vulnerability), hackers can gain access to the operating system. From there it’s a small step to disabling the antivirus software.

Since 2002, I’ve seen the pre-installed antivirus software disabled. Oh, it’s still there and it updates regularly, prompts for renewal of the license, scans dutifully and reports that all is well. But the computer is running very slow, lots of pop-ups, etc.

Upon examination of the quarantine logs (where the antivirus software puts the infected files it finds), we find that the most recent date/activity is more than a year ago. Obviously the antivirus software hasn’t met a file it didn’t like in over a year.

Likely? Perhaps. Probable? NOT!!!!

Software publishers pay computer manufacturers to install their software thereby subsidizing the cost of the computer. You do get what you pay for – and in this case, you’ve sacrificed your computer security which could cost you more to repair than you saved.

Secure off the shelf? HARDLY!

Visit http://www.battlegroundcomputers.com/resources.html for links to several malware research sites.

Bad programming and the virus lanscape

2007-09-17T17:36:00.001-07:00

Years ago I was a programmer - long before object-oriented programming became the norm. These were the days when the programmer had to ensure that the user did not press any keys or input any strings that the program would choke on. It was called "bounds checking" - min/max characters, only ascii characters, that sort of thing.

For you click n' pray programmers, bounds checking meant that I had to limit what the user could type - characters, length, etc. And then, when they hit the key, my program had to make sure that the string was correctly formatted (sanitized, if you will) before the string was sent to my program functions.

Today we see more and more viruses exploiting vulnerabilities through the lack of bounds checking. From Symantec on the recently discovered vulnerability in the MS Agent....

Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data.

When did programmers quit checking users input...and why?

So now, every vulnerability researcher and hacker gets a list of program objects, functions or input routines and starts throwing large strings at it to see if it pukes. Oh, and what if we sent it some strings or any of the HTML representations of strings.

Do we blame the programmers for this gaping hole in the security of our systems? Or do we blame MS and other application development companies that convinced us that object-oriented programming was going to save the planet and our jobs? And who decided that a user's input doesn't need to be checked/sanitized?

P.S. - Here's another one.....
Microsoft MSN Messenger is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. From Symantec

You Get What You Pay For

2007-08-01T18:25:00.000-07:00

Computers have become an integral part of our lives on par with the dishwasher, washer/dryer and car. Yet most people think that a cheap computer is as good as a more expensive one. Do you still buy the cheapest appliances?

When an appliance breaks down it’s really inconvenient; but that’s usually all it is. You can go to a Laundromat or do dishes by hand. When the car breaks down you have to find other means of transportation and it is a major inconvenience.

But when a computer breaks down it’s more than just inconvenient. That machine contains information that is irreplaceable and, often times, the source of income. That is way more than inconvenient.

Then why would you purchase a computer based on just the price?

So, just what makes up a cheap computer and how can the manufacturer sell it so cheap?

PHYSICAL COMPONENTS:

Reducing manufacturing costs usually involves reducing the number of parts or features built into the motherboard. Things like floppy drives, serial/parallel ports, memory slots, expansion slots and even video slots. They also use older technologies that are available at liquidation prices – especially when bought in bulk.

But they also reduce cost by using a BIOS* that is just enough to get the computer to boot up. This saves money on licensing costs because the PC manufacturer doesn’t write the BIOS program, they license it from those who do. Smaller BIOS = less cost.

(*BIOS = Basic Input Output System: the instructions built into the computer non-volatile memory that tell it how to get started – what devices it has and how to use them).

SOFTWARE (operating system):

Every computer has to have an operating system, usually some version of Microsoft Windows (though there are others). In exchange for huge discounts on the purchase of MS products, manufacturers are contractually obligate to NOT sell a computer without a MS operating system. Try it. Ask to buy just the hardware. Some of you may remember when you could choose your operating system. Microsoft has made it their business to make sure you have as few choices as possible (can you say “monopoly”?).

SOFTWARE (programs):

Every software manufacturer wants their programs in has many computers as possible. They either have to convince the consumer to buy the program or have it pre-installed on the computer you purchase. It is obviously cheaper to have the program pre-installed. The software manufacturers pay computer manufacturers to pre-install their software thereby subsidizing the cost of the computer. Then the computer manufacturer convinces the buyer that they are providing all these wonderful “enhancements” and “add-ons” to your purchase to make you feel like your really getting a good deal.

Have you ever noticed how most of these pre-installed programs are either trial versions with an expiration or a dumbed-down version of the real program. If you want to continue using the program or do something with it, you have to buy it. Every notice that most of these programs you either don’t use or don’t want.

So what is the price of all the “bloatware” on the computer? Well, first it takes up space on your hard drive that you could be using for your files. It often loads itself at startup taking up processing cycles and using the precious little RAM memory your budget computer came with.

INTERNET

As broadband internet has become more widespread, computer and software manufacturers have learned that an “always on” internet connection is their best friend. They know that you won’t care or notice the little tidbits of information the bloatware is sending back home about their preinstalled program. Things like how many computers are running their software and other information about your computer. The information they get is never anything personal, it’s more statistical information they can use in the marketing.

Computer manufacturers are now installing adware on their computers - possibly inadvertantly. Software designed to receive advertisements via the internet on your computer. Why? Because the advertising companies have paid the manufacture to pre-install their software so both parties can make money with your computer connected to the internet.

The internet advertising phenomenon has made a broadband connected PC a virtual cash cow. Google Adsense, affiliate marketing, toolbars (and more) has made it possible to get paid for causing a PC user view an ad. If the user clicks on one of those ads, you get paid even more. These are the fortunes that allow hackers to thrive unabated.

ENTICEMENTS:

Don’t you love the bundled deals? Computer, speakers, LCD monitor printer, etc for $499. How do they do that? Well, everyone of the components is the cheapest they can make it. When the printer stops working, don’t bother getting it repaired – it’s not worth it. More landfill.

And you trust your children’s baby picture, wedding photos, vacation memories and business records to these machines. Please learn to backup your important files.

So, what’s the best computer to buy?

THE ONE YOU CAN GET YOUR HANDS ON THE GUY THAT BUILT IT

Tom’s Maxim:

Every computer is a good computer as long as it does what you expect it to.
Every computer will break.
You don’t know what you bought until it breaks

Without personal accountability for this increasingly important device, you’re at the mercy of large impersonal corporations who are fiscally bound to produce the greatest profit for their stockholders. Cheap parts, cheap support, etc. I live here and have to be accountable to my customers and the community I live in.

I have been building/repairing computer at BGC for six years now and can honestly say I rarely have to repair my computers. Today I have customers trading in the still working computers I built for them six years ago. Why?

Because when I opened BGC, I decided that I would not compete on the price of the hardware. I build the best computers I can with the best parts I can buy and I stand behind what I build. My basic box with all the latest components and 3-year manufacturer warranty is about $800.

My focus is on the computer itself. Quality computers will last. Sure I can sell monitors and printers but those are add-ons and you should be able to pick the one you like at a good price. I often build complete systems for customers - keyboard/mouse, speakers, monitors, printers, etc. But, if you want to shop for price, shop for the peripherals - go to the electronic department stores for your

But spend the money to buy a good quality computer just like you do your appliances and cars. You can pay me now or pay me later. Either way, you’re going to end up paying the same amount for the computer – you just have to decide if you want to pay it up front or later after it’s full of your pictures and files and you don’t know if the computer crash took your files with it.

Repair my computer or buy a new one

2007-06-18T22:49:00.000-07:00

I can't tell you how many times I've been asked that question so here are some of my responses.

1 - Buy a new one - your computer is too old to justify putting $$ into it to rid it of viruses. Trust me, if a computer is not worth fixing, I'll tell you. I don't want to work on an old machine (probably with Win98/ME) that's slow and will take me twice as long to finish.

2 - The (once) new computer you have is what got you here now. Without understanding what led to your computer being infected (adware/bloatware/trialware, etc.), you're destined to be back in 3-6 months anyway. So, pay me now or pay me later.

3 - Viruses don't care what you paid for your computer. It's running Windows and that's all a hacker cares about. The knowledge and expertise needed to repair your computer is knowledge of Windows. Windows is just as complex on a cheap computer as on an expensive one and the effort required to repair an infection has nothing to do with the cost of the computer.

4 - When I'm done with your computer, it will be in better shape than when you got it. In fact, if you'd had me work on it when you got it, you might not be here now. See the blog about bloatware......

Resources

2007-06-18T22:25:00.000-07:00

These are some of the web sites we use in our research....

http://research.sunbelt-software.com/ - Browse through the threat listing (sorted by category) to get some idea of the size of the effort trying to gain control of your computer. Also, from their home page, purchase/download their program CounterSpy - today it's one of the best "malware" cleanup tools available.

http://sunbeltblog.blogspot.com/- Sunbelt's researchers also blog their latest findings as well as other tips and info. Good read.

http://darkreading.com - Heavy reading for those interested in the IT security angle - enterprise/corporate stuff but also some good blogs from security researchers.

http://benedelman.org - Ben's site is a must read for anyone interested in the dark underbelly of internet advertising and how it drives the adware/spyware business.