Security Essentials for Windows 7 64 Bit systems

So I have an Windows 7, for two months and would like to talk about some security thoughts that I would recommend to anyone who has a 64 bit system.

Now it is true that 64 bit systems are a little more secure or I would call less exploited because of how many people actually are using 32 bit systems and not 64 bit system. So the virus and exploit writers are focusing on the 32 bit system but sooner or later 64 bit system will become main stay. I am sure it will happen in the coming years, just not sure when.

So I want to talk about just what you should have installed and why you should have some type of security with your 64 Bit systems. I am sure I can hear people asking me about the 64 bit drivers for these programs. I am here to tell you about my experiences with Windows 7. To be truthful, the drivers for programs have been very easy to find and not anywhere hard to use for Windows 7. I have SuperAntiSpyware, AVG 9.0, ZoneAlarm Pro, and Malwarebytes running on this system at any given time.

The Importance of having two layers or more of malware prevention

What do you mean layers?

An abstraction layer (or abstraction level) is a way of hiding the implementation details of a particular set of functionality. Software models that use layers of abstraction include the OSI 7 Layer model for computer network protocols, the OpenGL graphics drawing library, and the byte stream input/output (I/O) model originated by Unix and adopted by MSDOS, Linux, and most other modern operating systems.

Wikipedia

It is like when you go outside on a cold winters day and you put on more than one layer of cloths to prevent yourself from freezing or getting too cold.   It can help protect your from getting a cold or loosing a limb.  This is the same philosophy I will be talking about today.

Isn’t one Antivirus software Enough?

I get asked this question every time that I help remove malware from someone’s system with either a free Antivirus software or a purchased software, and has been infected with malware.  Every Antivirus company will tell you in detail how they can never catch every new or old Trojans, Malware, or Viruses.   They will tell you how the Malware is constantly changing and evolving, and today’s updates might not catch tomorrows malware.

Miketechshow Listener Roundtable : #242 Backups

We had a great time talking about backing up our system. On a side note, I’d like to tell people that During the Round table, I was restoring my system due to a major network issue. The system wouldn’t stay connected at all to my network or my USB A600 Cricket Modem.  I used the A600 Modem during the podcast with Skype, so the quality isn’t as good as it should but that is due to two different factors.  One I had a cheap headset and two the bandwidth limitations.  This however shows that this is possible and works really well.  I also used the Antenna for the Skype meeting.   It actually seems like a stable connection.   Although Mike has told us in his email this might be the last Round Table, so if you want this to continue you can either email him or twitter him telling him you want to keep seeing these podcasts.  I also talk about Roboform and how I make sure the passwords are backed up.   We did talk about making sure to test our backups, so we know if the backup process works.   I have to say my backup procedure was without doubt working for me.   Even though I had some issues with Vista security updates after the restore, my restore to laptop didn’t take more than an hour to get the programs that I wanted back on the system.
Mike Tech Show Listener Roundtable #242 Backups

Fake Emails about Windows Support spam!

According to Trend Micro, Some malicious software is being sent to unsuspecting users about Windows SP1 andSP2 having a error that could damage software or even hardware.  See Trends blog with the photos of the fake spam.

Although from time to time Microsoft does send out security information to Technet subscribers people have also used this in the past to get people to install Viruses and Malware, like this one that installs TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information

Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.

[Via Microsoft]

So if you get an email from Microsoft you’ll probably want to delete it.  Any Microsoft communications will be sent from the Update center.  You should never install software that is from an untrusted website.    If you are concerned you should check the web and find out what people are saying about the situation and see if it is a scam or true!!  Remember only you can prevent a virus or Malware!

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

Apple’s Not immune after all

In a recent post from the San Internet Storm Center:

Apple

• APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing “arbitrary code execution”. (CVE-2009-0001, CVE-2009-0002, CVE-2009-0003, CVE-2009-0004, CVE-2009-0005,CVE-2009-0006, and CVE-2009-0007)
• APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution. (CVE-2009-0008)

Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

How Serious is the Downadup.b/Conflicker Worm?

In there latest post F-secure has updated how many people are infect and I’ll quote:

Today’s calculation is a total of 8,976,038 infections worldwide and 353,495 unique IP addresses.

That’s a quite a big difference compared to our last number — there will be a follow up post coming soon to explain the methodology.

[Via F-secure]

F-secure has noticed it went up from 3,521,230 infections worldwide. This Worm has doubled in over a day.  So I have done some twitter searching to see if anyone has recently tweeted about this and I find this one comment:

WTF? suddenly my antivirus is popping with warnings about a W32.Downadup.B … but I havent received any attachs or installed anything!

[Via Twitter Mklopez]

I’d thought I show you how important it is for you to get ready for a very hard fight ahead of yourselves.  You see this hasn’t even begun with this worm.

Here’s are some of the tweets:

2 customers, have this conflicker.worm problem and we are trying every possible solution but nothing turned out to be solved

[Via Twitter  Candegger]

AVG Detected a False Positive

According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]

I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions

Avg detected Trojan Horse Generic 12.htc?

Just got a warning from AVG about, trojan horse generic 12.HTC, haven’t heard of it, anyone out there hear if this one? apparently it infects explore.exe, and after months of explore.exe crashing I’d say it’s a legit virus.

[Via Answer Bag]

Some tricks and tips to remove this little virus is quite simple. It is embedded in your system so how do you remove this threat? Easy follow these steps and you will have a better chance of getting rid of the virus:

1. Find out all you can on the virus – Finding out the extent of where the virus lays is really a good idea.  Just because you found one place doesn’t mean it isn’t also hiding some other place.  Some good ways to figure out where it might be is to download Hijackthis and Then onces you download it and install.  Run it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.

AVG detected trojan ; Generic11.BEOG

I had a Friend tell me his system detected  this Trojan GENERIC11.BEOG.  I did my research and right now.  It looking like Adobe added something to there recent updates *see updates below*.   I’ll  Have to check with some other sources but it looking like AVG over did it again and found something that might just be an AVG issue.  (correction)

I usually wait before updating something like adobe.  It is sure to be some minor change to adobe but if your are worried here’s the link to watch and see what people are asking or talking about this false positive:

Malwarebytes Security Forums

It seems that AVG is calling this possible virus but yet it looks like it is a false positive.  So don’t you worry.  If it was a true virus you’d probably would never know!!

*UPDATE*

I installed Adobe 9.0 and updated the virus scan database for AVG.  It hasn’t found any thing yet but I am still scanning my system.  I’ll let you know if it finds this false positive on my Vista machine!!  I’m doing this to test it out!!!  Come back later to find out the results of the test.  (if you like this website by all means google this website so it too can be on google trends.   I want to see it be up on google trends for a day or two.)