Archives for February 2010

Is My Antivirus Software Working?

Is My Antivirus Software Working?

The StopSign Support staff fields a lot of different calls every day, and a common question heard by our techs is “How can I tell if my antivirus software is working?“. With hundreds of new viruses and other kinds of malware being written or released every day, it’s natural to suspect that your antivirus software isn’t up to snuff if you don’t see it catching anything.

Like most antivirus vendors, the StopSign Research lab keeps a closed-off network of computers (i.e. not connected to the Internet or our internal networks) with live viruses to test our software before it goes out to our members. For us it’s easy to run our antivirus software against live viruses in our “snakepit” of malware safely because we have a closed environment to test the StopSign Threat Scanner, but that’s not the case for everyone.

Luckily the European Institute for Computer Antivirus Research provides, free of charge, the EICAR Standard Anti-Virus Test File as a tool to test antivirus software using different test files to see if your scanner takes the bait. The EICAR anti-malware test file is a safe (i.e. not truly infected; it only contains patterns and not any actual virus code), publically available anti-malware test file which contains code that should trigger detections by antivirus and/or anti-malware software.

Testing your antivirus software is as easy as 1-2-3:

  1. Download:

    Go to EICAR’s web site and download an anti-malware test file on to your computer (and be sure to note where you downloaded it to). There are several versions of the test file available if you scroll to the bottom of the page. Feel free to choose any (or all) of them.

  2. Scan:

    Using your antivirus software (we, of course, recommend StopSign Internet Security software), scan the anti-malware test file you downloaded.

  3. Review:

    When your security software is finished, it should have detected any of the anti-malware test files you downloaded as infected.

If for some reason your antivirus software doesn’t pick up the “infection” it could just mean it’s time to update your software with the latest anti-malware definitions. Update your security software and try it again, and if it still doesn’t pick up the EICAR anti-malware test file then contact your security software vendor to see if there is a problem.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

This Tax Season, Beware of IRS Tax and Refund Scams.

This Tax Season, Beware of IRS Tax and Refund Scams.

As we get closer to April 15th here in the U.S., tax scams will be on the rise. Every year phishers, scammers, and hackers take to the Internet and attempt to rook as many people as possible into forking over their banking information and hard-earned cash. We’ll give you some pointers on how to detect, and avoid, some of the more common tax scams.

Most tax scams involve someone claiming to be from the IRS, and the scam will more than likely involve identity theft. These scammers pose as legitimate IRS employees and try to fool you into giving them personal and/or financial information. (e.g. passwords, Social Security numbers, PIN numbers, bank account information, credit card numbers, and even your mother’s maiden name) Any information they gain can be used to try to get access to one or more of your accounts and rob you blind. While snail mail scam attempts are not unheard of, it’s much easier for the bad guys to send out false IRS emails or set up fake IRS websites.

When it comes to figuring out if an email or web site is really from the IRS or if it’s part of an elaborate tax scam, there are usually some tell-tale signs to distinguish the fake from the real. First off, if the name of the Internal Revenue Service or any other federal agency is spelled wrong, that’s a dead giveaway. Another common problem is bad grammar and/or odd phrasing of words. Many of the email or website tax scams come from overseas, and non-native English speakers will usually get something wrong when they write the content for their scam.

There are innumerable ways that someone can try to take advantage of you, but here are some of the more common IRS tax and/or refund scams to watch out for:

  • Fake Links and Phony Websites: The IRS says that this is the most common tax scam: Someone claiming to be from the IRS and sending out an email promising tax refunds when you click a link in the email and fill out a form on a web page. Phishing scams involving an identical-looking (but fake) IRS website are all too common. Just remember that the only way to get a refund is by sending in your tax return to the IRS, not by clicking a link you get in an email.

    We’ve got a blog post on “How to Spot a Fake Website” that can help you figure out what’s real and what’s a scam.

  • Form W-8BEN: Even though form W-8BEN is a real tax form, a rising tax scam is for someone claiming to be from the IRS and asking you to fill out Form W-8BEN. This is particularly nasty because this form requires personal financial details to be submitted, and should only be submitted through your financial institution. (The IRS will never ask you to fill out a W-8BEN form.) In general the IRS doesn’t send unsolicited emails to taxpayers and they certainly don’t discuss or request tax account information via email.

  • Fake Refunds: One of the scams the IRS warns taxpayers about are emails or letters promising refunds that don’t actually exist. They could claim to detail some new “economic recovery” law you’re eligible for (and an increased tax refund) if you register your bank account info with the IRS, or they may even offer to pay you to take part in an IRS survey. If you sign up, instead of a bigger refund or a fat check you’ll be funding a scammer for his or her next vacation. If you want to maximize your refund, consider hiring a trusted professional instead of signing up for something from an unsolicited email.

  • Virus-infected tax forms: Malware attacks aimed at U.S. taxpayers tend to rise during tax season, and fake W-2 forms in an email can be filled with trojans, spyware, or viruses. Before opening any email attachment, make sure you are expecting an email with an attachment or you may unwittingly give hackers access to your computer. Once they’re on your system, a hacker can install key logging software to capture everything you type (emails, passwords, shopping cart items, Internet searches, etc.) without you knowing about it at all.

  • Threatening emails: Some tax scams take a hard-nose approach to their phishing attempts. You could receive an email threatening you with legal consequences if you don’t respond to an e-mail or register on a website provided, which will be conveniently run by the scammer. Things they may tell you that you’ll be liable for include additional taxes, huge legal fees, or a reduction of tax refunds.

As long as there are taxes, there will be tax scams aimed at innocent people. If it sounds too good to be true, it probably is. If it sounds too fishy, it probably is. If you think someone is trying to scam you, or if you think you were the victim of a tax-related scam, contact the IRS, your bank (including credit card companies and other financial institutions if applicable), and your local police department.

Image courtesy of the IRS.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Stranger Danger: Geolocation Features and Internet Safety.

Stranger Danger: Geolocation Features and Internet Safety.

Location-aware features are becoming more and more prevalent in today’s online services and tech gadgets. From GPS in the latest smart phones to adding a geolocation tag on social networking sites like Twitter or even Google, its easier than ever to let people know where you are any time of day or night. But with the ability to publicly display your location lies an inherent risk for being a victim of cyber-stalking or worse.

When it comes to technology and online services in our digital world, it’s easy to forget how all the strings tie together. As we tweet, blog, or update our Facebook statuses during the day we’re supplying everyone who can see our profiles with sensitive data regarding our day-to-day activities. From what and where we had lunch to when we’re going to bed, every time we post anywhere we’re opening our lives a little more. This isn’t necessarily a bad thing, but basic precautions should be taken, especially with tools that can display our location on a map.

Thinking of geolocation data as sensitive information is important not only for your privacy, but for the safety of yourself and your possessions. Because of this we recommend that, if you add geolocation info with your online posts, you exclude certain places from being published. Examples of recommended sites to exclude are:

  • Your house:

    GPS data these days is so accurate that if your geolocation data is posted online it can show you not only your general neighborhood, but the precise location of your house. With a good satellite image from Google maps it’s even possible to discover what kind of car you drive and where good hiding spots are around your home.

  • Where you work:

    For most people a large part of the day is spent at work. Geo-tagging from work allows anyone wishing to follow you to easily track where you are when you’re on the job.

  • Schools & daycare:

    Our children are our most precious gift, and showing the world where they go to school or daycare is just about as dangerous as doing it from your home. Resist the urge to post location information when you’re waiting at the school pick-up circle.

  • Vacation spots:

    We already know that tweeting can potentially lead to a home burglary, and if you add your geolocation tags to your vacation posts when you’re out of town, you’ll not only let criminals know you’re gone, you’ll let them know how long your house will be empty.

It may seem far fetched at first, but here’s an all-too-possible scenario: Person A follows Person B on Twitter, and vice versa. Person A likes to tweet a lot about everything she does during a day. On her profile Person A has a profile picture of herself, her first and last name, and the latitude/longitude of her current location updated whenever she tweets. If Person B is an unscrupulous character, he can cyber-stalk Person A to his hearts content and begin to build up his own profile on her: Where she works, where she shops for groceries, who her friends are, what her neighborhood is like, and when she’s at home or running around town. Mix in real-time geolocation tagging and he can not only follow her online, he can take his stalking to the real world.

While geolocation tools and services can add a fun, new dimension to your virtual life, you need to understand the risks of opting-in to them. Just be sure to not share any location-based information that can put stalkers close to you.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Bionic Passwords: Better, Stronger, and Faster.

Bionic Passwords: Better, Stronger, and Faster.

OK, we can’t get your passwords to become faster, but certainly we can give you tips on how to make them better and stronger (read: harder to break). Our last post on passwords gave a lot of information on how good passwords can be easily created, and we’ve come up with more ideas for you to secure your passwords.

A strong password is the first line of defense against anyone who would want to break into your account, so the tougher you make it on them, the less likely it will be that they get what they want. Use these tips to create a bionic password that will make it tougher to crack.

  • Get creative with words:

    You can get a lot of traction out of one word if you can figure out different ways to use it in your password. For example the word “crystal” is pretty clear (pun intended), but you can muddy it up a bit by doing things like removing all vowels, changing how it’s spelled, or reversing certain letters. Examples include “crstl”, “krYs+al”, and “ltsrc” (the first one, only backwards). Mix that up with another word to increase the length of the password and you’ll be good to go.

  • The same word, only different:

    Maybe you like birds, and your favorite bird is the Pine Grosbeak bullfinch. Well, as we all know (sarcasm) the genus for those birds is “Pinicola”. Maybe you also happen to love Coca-Cola. You take out the “cola”, insert “Coke”, and now you have a 2-word password that’s easy to remember: “PiniCoke”. Substitute some of the characters to something like this: “p1niCok3” and you’re good to go.

  • Don’t use common number patterns:

    Your phone number, street address, even your jersey number from the high school football team… these are all very bad things to use in a password as they are. If you plan on using one of them, be sure to mix things up. If you live on 1313 Mockingbird Lane (Quick… what TV show is that address from? The first person to comment on the blog with the right answer gets a free year of StopSign.), you could use the street number like this: “+h1rT3en13”.

  • Mix it up:

    Using only alpha-characters or only numbers isn’t a very good idea for a password at all. Your password is a digital cocktail. Mix. It. Up. If a decent password is made up of 8 or more characters, you should try to use at least 2 numbers and one non-alphanumeric character (a hash symbol “#”, an exclamation mark “!”, etc.).

  • Use multiple passwords:

    Ideally you should have a unique password for every account that you have. Your home email, work email, computer login, bank account, Twitter… any account you have that requires a user name and password should have its own unique password.

These suggestions are not the end-all, be-all and we don’t necessarily advocate using every single password tip listed. But they can be food for thought when devising a new password. You’ve seen my repeated suggestion to mix things up, and that’s a big thing. Keep things fresh, get creative, and you’ll be far and away ahead of the pack when it comes to creating a strong (and difficult to crack) password.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Twitter-forced password changes; possible phishing attacks.

Twitter-forced password changes; possible phishing attacks.

There are reports coming in regarding Twitter forcing people to update their passwords. The reason: real or potential Twitter phishing attacks. Many people are talking about seeing an email from Twitter that reads:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.

At this time there is no confirmed threat, but it appears that if nothing else, Twitter is taking a proactive role in helping to reduce and/or pre-emptively kill any phishing attempt that may be occuring. Even if Twitter hasn’t changed your password and/or you’re not affected by this possible phishing attack, we recommend the following course of action for increased security:

  1. Change your password. Make sure to use a good mix of letter and numbers.

  2. Review and rethink any third-party services you’ve allowed in your Twitter Connections setting.

  3. It’s also a good time to go through your followers (and those you’re following) and check for spammy and/or suspect accounts. Things to look for in these types of accounts include, but aren’t limited to:

    • Very few, if any, tweets. Ever.
    • No tweets in the last
    • Following thousands but followed by few.
    • The same kinds of tweets sent out over and over and over.

We will report on this issue again as we find out more details. For more tips on staying secure on Twitter, check out our blog post “Six Secrets of a Safe Twitter Account.“.

UPDATE: Twitter addresses the password resets with their status update entitled Reason #4132 for Changing Your Password.

Twitter-forced password changes; possible phishing attacks.

Image courtesy of Twitter

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.