The malware numbers game: how many viruses are out there?

From ZDNet:

 

How many strains of malware are in circulation right now, for Windows PCs, Android devices, and Macs?

That seems like a straightforward question, but the answer is far from simple. And the number might be a lot lower than you think.

If you check with the leading security companies, you might be tempted to pick an answer in the millions. After all, that’s how many listings you’ll find in the definition files for common antivirus programs. At day’s end on April 12, for example, Symantec published the summary shown below, noting that its latest Virus Definitions file contained 17,702,868 separate signatures.

Oh my. 17.7 million? That certainly sounds like a very big number. But before you get swept away, it’s worth taking a closer look at what it really represents.

Eight days earlier, on April 4, that same Norton/Symantec definition file contained 17,595,922 separate detections. With 106,946 additional definitions in a mere eight days, you’d probably conclude that malware is out of control.

Because the Norton brand name is primarily associated with Windows PCs, you’d probably also assume that all of that activity was aimed at the Windows platform.

And you’d be wrong in both cases.

Definition files are a great way of assessing the degree of activity at a computer security company. They vaguely measure the current intensity level of the cat-and-mouse game between malware authors and security companies. But counting signatures says nothing about what’s new.

I took a closer look at the Symantec definitions for that week and found a very interesting story.

Symantec, to its credit, publishes detailed information about what’s in each new definition file, including what’s new. On any given day, it displays the total number of new and revised detections, followed by their details, like this:

In the eight days between April 5 and April 12, only 12 new detections were added to Symantec’s certified definition file, with six of them added on a single day, April 10. Here’s a breakdown:

• Three were generic detections for malicious packages (Packed.Generic.360 through .362). These aren’t really new strains of malware, only new forms of packaging. The accompanying writeup calls each one a “heuristic detection for files that may have been obfuscated or encrypted in order to conceal themselves from antivirus software.”
• Four are generic detections for existing fake antivirus packages (Trojan.FakeAV!gen90 and gen91, SmartAVFraud!gen2, and SecShieldFraud!gen5). These are also heuristic detections, designed to identify rogue anti-malware programs by their behavior rather than by their ever-shifting content.
• Two were aimed at Android-powered devices: Android.Tigerbot and Android.Gonfu.D are both backdoors found in malicious Android apps.
• One new entry is simply called Adware.SafeTerra, with no associated description.
• One new entry is for something called Trojan.Darkshell, which has only a vague description (“may perform distributed denial of service attacks”).
• One is the infamous Flashback, for Macs, formally known as OSX.Flashback.K.

The total number of named entries listed in the summary of those definition files during that period was 303—12 new and 291 revised. So where does the 100,000+ number come from? It appears to be a count of individual pieces of identifying data—signatures—associated with those named entries. Counting every signature is an easy way to get to an impressively large number, but it isn’t an accurate way to asses the current threat landscape.

That list includes a lot more than malicious software, too. Categories include Adware, Hack Tool (many of which are legitimate), Joke, Misleading Application, Potentially Unwanted App, and Security Assessment Tool. When I excluded those categories, I ended up with only 213 named entries in the Trojan, Worm, and Virus categories.

I was surprised to find that many of the definitions on this list are for very old pieces of code. During this one-week period in April 2012, Symantec updated its definitions for the following pieces of ancient malware and bumped up the counter in its definition files accordingly:

• The SubSeven Trojan, which was a big deal in the late 1990s but was officially shut down in 2003
• W32.Chir.B@mm, a mass-mailing worm from 2002 that targets Internet Explorer versions 4 through 5.5
• Spybot, a family of worms that spread using the Kazaa file-sharing network and a variety of Windows 2000/XP flaws that were patched in 2003
• Netsky, a 2004-vintage mass-mailing worm
• Mydoom, another mass-mailing worm that spawned one of the first botnets; it was programmed to do most of its damage in February 2004 and fizzled out within a few years

In addition, these April 2012 definition files include multiple revised detections for Waledac and Rustock, the Trojans responsible for two prolific spam botnets that were decisively shut down inFebruary 2010 and March 2011, respectively.

For each named entry, Symantec includes the date when that entry was first added to its definitions list. Out of the total of 213 new named entries on the list, more than 85% were from 2010 or earlier. Only 31 entries were discovered in 2011 or 2012. And one-third of those were from non-Windows platforms.

Two of the recent samples were for OS X—the original OSX.Flashback, from last fall, and the newer OSX.Flashback.K, which wreaked havoc on Mac owners over the past month.

Most interestingly, eight entries on the list—more than 25%—were for Android-related malware. Given the size of the Android installed base and the lack of any central control over Android app markets, that shouldn’t be surprising. On its Latest Threats and Risks list, Symantec includes writeups for more than 80 Android-related programs, most classified as Trojans or Spyware. That’s 11% of the total of 720 items on the list.

To make sure those numbers were representative, I looked at the Symantec definitions database for the entire month of March. In all, 66 new named entries were added to the list, or about two per day. Of that total, 36 represented new, named Trojans, viruses, and worms. Five of them were aimed at Android devices, one targeted OS X (no, it wasn’t a Flashback variant), and there was one new entry each for Symbian OS, Linux, and an Adobe Flash Player exploit.

In its 2011 Security Intelligence report, released earlier this year, Microsoft security researchers noted the problem with trying to measure the threat landscape by counting unique malware samples:

Ever since criminal malware developers began using client and server polymorphism (the ability for malware to dynamically create different forms of itself to thwart antimalware programs), it has become increasingly difficult to answer the question “How many threat variants are there?” Polymorphism means that there can be as many threat variants as infected computers can produce; that is, the number is only limited by malware’s ability to generate new variations of itself.

If you look carefully at the Windows malware landscape over the last 10 years, it’s apparent that a relatively small number of families are responsible for almost all the damage we’ve seen. I’ll look more closely at those families, and the evolution of Windows malware, in a follow-up to this post.

How do I create and configure a network with Windows 7 HomeGroup?

A great article from TechRepublic, for all you Windows 7 users out there…..

 

The HomeGroup feature in Windows 7 is essentially a peer-to-peer workgroup/network that has been redesigned to make it simpler for home users to set up a home network. While this is essentially true, there is more to a Windows 7’s HomeGroup feature than meets the eye.

Even though a HomeGroup works like a standard peer-to-peer workgroup, behind the scenes it does in fact share some of the networking functionality of a domain. For example, the computers in a HomeGroup have an inherent machine trust and there are consistent user identities throughout the network. As such, the Windows 7 HomeGroup feature is ideal for a small- to medium-sized business network — despite the name.

In this edition of the Windows Vista and Windows 7 Report, I’ll investigate Windows 7’s HomeGroup feature. As I do, I’ll show you how to create, configure, and take advantage of a HomeGroup.

This blog post is also available in PDF format in a free TechRepublic download.

What is a HomeGroup?

As an enhanced version of a peer-to-peer workgroup designed for the new operating system, only computers running Windows 7 can actually participate in a HomeGroup. However, Windows 7, XP, and Vista systems can all participate in a standard workgroup network configuration, sharing folders and accessing shared folders just like normal.

You can also use workgroups and HomeGroups side by side. More specifically, you can have several Windows 7 systems participating in HomeGroup on the same physical network as several Windows XP and Vista systems participating in a workgroup.

You can join a HomeGroup in any edition of Windows 7, but you can create one only in Home Premium, Professional, Ultimate, or in the Enterprise edition. The fact that HomeGroup feature is even available in the Enterprise edition of Windows 7 further strengthens the notion that HomeGroup is more than just a home networking toy.

In fact, a Windows 7 HomeGroup can exist and be used side by side with a Windows domain — with a few caveats. First, if your Windows 7 system is connected to a domain, you can join a HomeGroup, but you can’t create one. Second, while you can access files and resources on other HomeGroup computers, you can’t share your own files and resources with the HomeGroup.

One more point to take note of before we move on is that in order to create and join a HomeGroup, your network adapter must have IPv6 enabled. If you have disabled IPv6 because you didn’t think it was needed, then you’ll have to re-enable it.

Creating a HomeGroup

As you may know, during the Windows 7 installation procedure, you are given the option to create a HomeGroup. However, if you chose not to create a HomeGroup at that time, you can create one at any time. Keep in mind that in order for the HomeGroup to function, there must be more than one Windows 7 system on the network and your Network Location must be configured as a Home network. If it’s currently configured as a Work or Public network, you will not be able to create a HomeGroup.

Creating a HomeGroup is a very straightforward operation. Access the Control Panel, type Home in the search box, and when HomeGroup appears, as shown in Figure A, select it.

Figure A

If you type Home in the Control Panel search box, you can locate and select the HomeGroup tool quickly and easily.

When the initial HomeGroup window appears, you’ll be informed that there is currently no HomeGroup on the network, as shown in Figure B. You’ll also find a brief introduction to HomeGroup feature and several links.

Figure B

To get started, just click the Create a Homegroup button.

The first link is to a more detailed explanation of HomeGroups in the Help and Support. The second is to Advanced sharing settings page where you can adjust network-sharing features and even disable the HomeGroup-sharing feature and enable the type of sharing permissions used in Windows XP and Vista, based on user accounts and passwords. You can also start the HomeGroup Troubleshooter, a part of Windows 7’s new Troubleshooting Platform, which is powered by a special type of PowerShell 2.0 script that has the ability to diagnose and fix problems.

To launch the Create a HomeGroup wizard, click the Create a HomeGroup button. When the first screen in the Create a HomeGroup wizard appears, you’ll be prompted to choose what libraries, or types of files, you want to share to the HomeGroup, as shown in Figure C. You can also choose to share printers.

Figure C

As you begin the process of creating the HomeGroup, you’ll be prompted to choose what you want to share with other computers.

Once you choose what it is you want to share, Windows 7 will create the HomeGroup and you’ll then see the HomeGroup password, as shown in Figure D. This is the password that other Windows 7 systems will need in order to join and access the HomeGroup. You can either write down this password or click the link to print the password along with a set of instructions that you can give to other Windows 7 users to allow them to join the HomeGroup on their own.

Figure D

The second screen will provide the password that other Windows 7 systems will need to join the HomeGroup.

When you click Finish, you’ll see the HomeGroup settings window, as shown in Figure E, where you can perform a host of additional operations related to the HomeGroup.

Figure E

You can use the settings in this window to perform a host of operations related to the HomeGroup.

For example, you can limit or expand the shared libraries as well as enable and customize the media streaming feature of Windows Media Player. While the media streaming capabilities are more in tune with a home network than they are with a business network, this feature could very well be used to deliver video training material.

Of more universal interest here is the ability to view or change the HomeGroup password, leave (or quit using) the HomeGroup, change Advanced sharing settings, and start the HomeGroup troubleshooter.

Joining a HomeGroup

Once a HomeGroup is established on your network, other Windows 7 systems can join the HomeGroup using the password generated during the creation procedure. When you access the HomeGroup feature in the Control Panel on another Windows 7 system, you’ll be immediately alerted to the fact that HomeGroup has been created on the network, as shown in Figure F. To continue, just click the Join Now button.

Figure F

When you launch the HomeGroup tool on other Windows 7 systems, you’ll be prompted to join the HomeGroup.

When the first screen in the Join a HomeGroup wizard appears, you’ll be prompted to choose what types of files and devices you want to share to the HomeGroup, as shown in Figure G.

Figure G

When you join a HomeGroup, you will be prompted to choose items to share on the network.

The second screen in the Join a HomeGroup wizard, prompts you to enter the HomeGroup password, as shown in Figure H. You’ll enter the password that was generated by the system that created the HomeGroup. Keep in mind that the password is case sensitive.

Figure H

The second screen will prompt you to enter the HomeGroup password generated by the system that created the HomeGroup.

After you enter the password, you’ll see the third screen in the Join a HomeGroup wizard, which indicates that you have successfully joined the HomeGroup, as shown in Figure I.

Figure I

You have joined the HomeGroup.

Accessing the HomeGroup

Once you have created and joined a HomeGroup, you can easily access the folders on other computers in the HomeGroup. Launch Computer and expand the HomeGroup section in the Navigation pane. When you do, you’ll be able to see other systems in the HomeGroup and access the shared libraries, as shown in Figure J.

Figure J

Once the HomeGroups is created, you can see and access all the shared libraries on all the systems joined to the HomeGroup.

Take note of the expanded Network tree in the Navigation pane. This is a functioning peer-to-peer workgroup that consists of Windows XP and Vista systems as well as the Windows 7 systems that are participating in both the peer-to-peer workgroup and the HomeGroup.

Put the Classic Start menu in Windows 7 with Classic Shell

From TechRepublic:

 

On more than one occasion, I’ve looked through the discussions for the Windows 7 blog posts that I have written here at TechRepublic and found messages from angry Windows users that go something along the lines of “Because Microsoft took away the Classic Start menu in Windows 7, I am not going to upgrade!”

When I see these types of messages, I imagine curmudgeonly folks sitting in front of an old Pentium II computer running Windows NT. Of course I know that is not a fair assessment, because many people I know who have either Windows XP or Windows Vista installed also use the Classic Start menu feature.

Still I have a hard time imagining anyone wanting to forego all the underlying advances in the Windows 7 operating system just because of a dislike of the Start menu and other user-interface features. However, everyone is entitled to his or her opinion.

In any case, those die-hard classic Start menu fans have a champion out there. At SourceForge.net, which claims to be the world’s largest open source software development Web site, a fellow by the name of Ivo Beltchev has created a wonderful program called Classic Shell. In addition to bringing the Classic Start menu to the Windows 7 user interface, Classic Shell brings a number of other classic features to Windows 7, such as the Windows Explorer toolbar, complete with the Up button.

In this edition of the Windows Vista and Windows 7 Report, I’ll investigate all the classic features that the Classic Shell application brings to Windows 7.

This blog post is also available in PDF format in a free TechRepublic download.

Keep in mind

At the time of this writing, Beltchev is publishing version 0.9.10 of Classic Shell, which he is calling the Release Candidate version. As such, you may encounter some glitches. However, I tested it for the better part of a week on my Windows 7 test system and didn’t experience any problems. Classic Shell works with both the 32- and 64-bit versions of Windows 7 and appears to work in all editions. I tested it in the Ultimate edition of Windows 7.

Installation

Once you download Classic Shell from the SourceForge.net site, just double-click the ClassicShellSetup.exe file and follow the onscreen instructions. When you are prompted to select the features that you want to install, as shown in Figure A, be sure that you leave both check boxes selected if you want to revive the classic version of Windows Explorer as well as the Classic Start menu.

Figure A

Make sure that you leave both check boxes selected if you want to revive the classic version of Windows Explorer.

Check it out

As soon as you complete the installation procedure, you’ll immediately find the Classic Start menu in place, as shown in Figure B.

Figure B

The Classic Start menu is immediately available.

Reviving the classic version of Windows Explorer requires some configuration. First you have to enable the menu bar. To do so, launch Windows Explorer, press the [Alt] key to display the menu bar, pull down the Tools menu, and select the Folder Options command. Then, in the View tab of the Folder Options dialog box, select the Always Show Menus check box, as shown in Figure C, and click OK.

Figure C

Before you can revive the classic version of Windows Explorer, you have to enable the menu bar.

With the menu bar in place, you can right-click on it and select the Classic Explorer Bar command, as shown in Figure D. If you disable the Lock the Toolbars setting, you can position the Classic Explorer Bar under the menu bar like in Windows XP.

Figure D

Just right-click on the menu bar and select the Classic Explorer Bar command.

In addition to the Up button, you have the Cut, Copy, Paste, and Delete buttons back, as shown in Figure E. You also have a Properties button, which displays the selected item’s properties dialog box, and an e-mail button, which allows you to attach selected items to an e-mail message. The last button is the Settings button, which displays the available configuration settings.

Figure E

With the Classic Explorer Bar command enabled, you now have the Up button back.

Tweaking

You can tweak the Classic Start menu by right-clicking on the Start orb and selecting the Settings command. You’ll then see the dialog box shown in Figure F and can change a host of options — you can even apply several different skins, including a classic Windows 9x/2K colored skin.

Figure F

From the Settings dialog box, you can configure a host of options, including different skins.

You can tweak the Classic Explorer Bar by clicking the Settings button. When you do, you’ll see the dialog box shown in Figure G and can change a host of options. You can even select the type of navigation pane that you want to use, such as Windows XP Classic or Windows Vista.

Figure G

You can tweak the way the Classic Explorer Bar looks and feels.

An awesome tool for customizing the Windows 7 Logon screen wallpaper

http://platform.twitter.com/widgets/hub.1326407570.html

A great Windows 7 article about changing your Windows 7 logon wallpaper, from Techrepublic:

 

Back in February 2010, I wrote a blog titled “Change and Customize Windows 7’s Logon Screen Wallpaper”that to this day continues to be a popular article. In that blog I told you that in order to make it easy for OEMs to customize Windows 7, Microsoft built the ability to change the Logon screen wallpaper right in to the operating system. Even though the technique that I explained in that article is very straightforward, it is still a manual procedure in which you must edit the registry, create folders, and copy files.

Well, I recently discovered that Julien Manici, an ingenious developer from Toulon, France, just released the final version of his free Windows 7 Logon Background Changer program that beautifully automates the entire procedure, even providing access to a nice collection of images that are hidden in Windows 7. Furthermore, the program has an awesome user interface that takes advantage of the Windows Presentation Foundation capabilities to create a very fluid selection operation — reminiscent of the effect presented by Windows 7’s Flip 3D feature.

In this edition of the Windows Desktop Report, I’ll show you how to use Windows 7 Logon Background Changer. As I do, I’ll tell you why I think this program is awesome.

Getting the program

Once you download the Windows 7 Logon Background Changer from the developer’s site, you need to open the Zip file and either install the program or just use the executable file. If you choose to install the Windows 7 Logon Background Changer, you’ll find that the program gets integrated into the Control Panel’s Appearance and Personalization tool, as shown in Figure A. (This is just the beginning of this developer’s resourcefulness.)

Figure A

Installing the program into the Appearance and Personalization tool is a unique approach.

If you don’t want to install it, just copy the executable file, Win7LogonBackgroundChanger.exe, to the folder of your choice. When you run the stand-alone executable file, you may see a Security Warning, but you can safely bypass it by clicking the Run button.

Using the program

Once you have Windows 7 Logon Background Changer up and running, as shown in Figure B, you’ll be amazed at the fluidity of the selection process. (I recommend clicking the Full Screen button to get the full effect.) The first thing you’ll notice is a pulsing circle emanating from the center of the screen; this is a nice effect.

Across the bottom of the screen, you’ll find an amazing set of pictures that you can choose from for the logon screen wallpaper. The Windows 7 Logon Background Changer pulls these images right from within the bowels of the operating system. Yes, that’s right — they come with Windows 7. As you may know, Windows 7 ships with a host of region specific themes. When you install Windows 7, it sets up those themes specific to your region in the My Themes section of the Personalization tool. The rest of the themes are on your hard disk but are not made available.

Figure B

The Windows 7 Logon Background Changer takes advantage of Windows Presentation Foundation to create the 3D animation.

But Windows 7 Logon Background Changer reaches into the C:\Windows\winsxs folder and makes all these awesome images readily available for use as Logon screen wallpaper. (This is the second example of the developer’s resourcefulness.)

The best way to cycle through the available wallpaper is to select the first image with your mouse and then use the right and left arrow keys to scroll through the images. As you do, you’ll hear a pleasant sound effect and see the images rotate in a nice 3D animated circular motion to reveal the next one in the series on the flip side of the rotating image. This 3D animated effect was created by taking advantage of the Windows Presentation Foundation capabilities. (This is the third example of the developer’s resourcefulness.)

Once you choose an image, just click the Apply button and the image will be configured as the Logon wallpaper, as shown in Figure C. It will take a few moments to set up the new logon wallpaper, but the orange progress bar keeps you apprised of the length of the operation.

Figure C

It will take a few moments to set up the new logon wallpaper.

Of course, you aren’t limited to using the images from Windows regional themes. Just click the Choose a folder button and you can choose a folder of your own images.

If you read my 2010 article, you know that the button and the text used to identify your user account on the Logon screen have shadows behind them to give them a 3D-like look, and that the default shadows configuration works well with the default Logon screen wallpaper. Depending on what image you use for your new Logon screen wallpaper, those shadows might not work so well. If you click the Settings button, you’ll see that you can adjust the shadow effect, as shown in Figure D.

Figure D

On the Settings page you can adjust the shadows used on the Logon screen’s button and text.

Get real

Before you head to the discussion area to ask me why I am so excited about a program that performs such a simple task, let me explain.

When I first saw Window Flip3D and other cool animated effects such as the Live Taskbar in early versions of Windows 7, I was excited at the prospect that the Windows 7 developers would build more such 3D animated features into the operating system in order to really show off the capabilities of the Windows Presentation Foundation. But they never did. And then to see something as nicely designed as Windows 7 Logon Background Changer, well, it makes you wonder what could have been.

Just imagine other features in the operating system that could have been more exciting if they were programmed with a Windows Presentation Foundation-based user interface like the one in Windows 7 Logon Background Changer? For instance, take a look at the Personalization tool in the Control Panel. Imagine how different it could have been to select Desktop Background, Windows Color, or screen saver from a Windows Presentation Foundation-based user interface. How about looking at photos in the Pictures Library?

Take control of the Windows 7 New menu with ShellMenuNew

From TechRepublic:

 

In recent articles, I’ve shown you how to take back control of Windows 7’s Context and Open With menus using the free utilities from NirSoft. Well, there is one more right-click menu that you might want to clean up — the New menu.

As you know, after installing and uninstalling applications, the New menu can become crammed full of application shortcuts that you no longer want or need. In fact, it can get so crowded that it is really difficult to find what you do want. Since Microsoft made it so easy for the New menu to be populated with application shortcuts, you would have thought that they would have created a tool that would allow you to clean it up. Unfortunately, that’s not the case. If you want to clean up the New menu you can do so by manually editing the registry. Unfortunately, the items that appear on the New menu are in numerous locations in the registry, thus making the operation extremely time consuming.

Fortunately, the folks at NirSoft have created ShellMenuNew, a small utility that shows you all the items that appear on the New submenu and allows you to easily disable unwanted menu items.

In this edition of the Windows Desktop Report, I’ll examine ShellMenuNew and show you how to use it to take back control of Windows 7’s New menu.

Editing the registry

It is important to keep in mind that the techniques I’m about to show you involve making changes to the registry, which is vital to the operating system. Changing it can be dangerous if you inadvertently make a mistake. Therefore, you should take a few moments to back up your system by creating a Restore Point as well as by creating a system image in the Backup and Restore tool. That way if anything goes awry, you can restore your system and get right back to work.

The New menu

As I mentioned, depending on the number of applications that you have installed on your system, the New menu can easily become overcrowded. Even if you have not installed a lot of applications, the New menu can contain application shortcuts that you will never need. In both cases, it can be difficult to quickly access what you want on the New menu.

For example, Figure A shows a New menu on one of my test systems. As you can see, there are a dozen items on the New menu. Of those, I really use only five. So that means for me, there are seven items that do nothing but hinder me from quickly getting to the items that I do use.

Figure A

A typical New menu can contain items you’ll never need.

Using ShellMenuNew

Just like other NirSoft utilities I showed you, ShellMenuView, ShellExView, and OpenWithView, you can run ShellMenuNew right away as there is no installation procedure. As soon as you launch it, the program scans the registry and populates its window with all the applications that appear on the New menus on your system.

On my example system, running ShellMenuNew presented the display shown in Figure B. You’ll notice that the New Folder item doesn’t appear in the ShellMenuNew display and that the Library Folder item does. The New Folder item works differently than an application and so is outside of ShellMenuNew’s scope — so you can’t disable the New Folder item. The Library Folder item, which appears on the New menu only when you right-click in the Libraries folder, is also a different type of animal, but it does show up in ShellMenuNew display. Even so, since it appears only in the Libraries folder, I would highly recommend that you leave the Library Folder item alone — don’t disable it.

Figure B

Using ShellMenuNew, you can easily remove applications from the New menu.

Now, to get rid of the items that I don’t use, I simply hold down [Ctrl] and click each item I want to disable. I then click the red Disable Selected Items button. As you can see in Figure C, each of the items that I selected now has a Yes in the Disabled column. Now, when I access the New menu, as shown in Figure D, finding the items that I regularly use from the New menu is very easy with all the clutter out of the way. (Keep in mind that in some cases, the operating system may take a few moments to register and display the updated New menu.)

Figure C

After I click the red Disable Selected Items button, a Yes appears in the Disabled column.

Figure D

Now, my New menu shows only those items that I use regularly.

Other handy features

As you can see in Figures B and C, the last column in ShellMenuNew’s display is titled Registry Key and indicates where in the registry the setting is stored. If you double-click any row, you’ll see a Properties dialog box that provides you with a summary of the information stored in the registry key.

For example, when I double-clicked on the Microsoft Office PowerPoint Presentation row, ShellMenuNew displayed the dialog box shown in Figure E.

Figure E

The Properties dialog box provides you with a summary of the information stored in the registry key.

If you want to delve into the registry and see for yourself how the New menu is configured, just select a row and click the Open In RegEdit button. When you do, the Registry Editor will appear and be open to the appropriate key, as shown in Figure F.

Figure F

When you select a row and click the Open In RegEdit button, the Registry Editor will open that key.

You can also create a very detailed HTML report of all the items displayed by ShellMenuNew by pulling down the View menu and choosing either the HTML Report – All Items or the HTML Report – Selected Items. ShellMenuNew also has several command-line options for creating reports in other formats. You can find a list of these command-line options in the ReadMe.txt file as well as on the ShellMenuNew page on the NirSoft web site.

Can you tell a real Facebook e-mail from a phishing attempt?

Great article from ZDNet:

 

E-mail notifications are an important part of social networking services like Facebook. If you have to continually visit the site to see what’s new, you lose much of the excitement that comes with comments on your photos or other shared items. If you forget to check for a day or two, you might miss an invitation to an event or an opportunity to connect with a long-lost friend who’s in town for a day or two.

But e-mail notifications are also a security risk. If an attacker can create a realistic-looking imitation of a Facebook notification, you might find yourself clicking on a link that can lead to malware or attempt to steal your login credentials.

Unfortunately, phishers are getting better at what they do, and spotting a fake isn’t as easy as you might think. I’ve assembled four Facebook notifications that arrived in my e-mail inbox recently. Can you tell which are real and which are fake? (Click any image to see it at full size, or visit the accompanying gallery to flip through all four screens at full size.)

Here’s one that arrived last week. As with all the images, I’ve blurred personal information but otherwise these messages are shown in full, as they appear in Microsoft Outlook’s preview pane.

If you guessed that one was a fake, congratulations. It led to a website that was flagged as dangerous by Microsoft’s SmartScreen Filter, by Google’s Safe Browsing feature, and by Safari. If you were using an outdated browser such as Internet Explorer 6 or 7, you would have seen an attempt to install a fake Flash update that was actually a password-stealing Trojan.

OK, let’s try another. Real or fake?

Do you think that odd e-mail address indicates a fake? Confusingly, Facebook notifications come from the facebookmail.com domain and include a suspicious-looking sender’s name. The long, complicated URL might also look suspicious, but this notification is a legit one from Facebook.

OK, here’s a third test. Real or fake?

Hmmm. The previous, real notification included a long complicated URL. This one has a pair of buttons that you’re supposed to click to see the comments a friend supposedly added to your shared link. That’s a favorite trick that phishers and spammers use to disguise misleading links. Surprisingly, this one is legit.

OK, last one. Real or fake?

This is a particularly convincing fake. The graphics, fonts, button design, and links are all indistinguishable from a real Facebook notification. This particular phishing attempt led to a fake online pharmacy, but it could just as easily have led to a malware installer.

One of these fakes was good enough to slip past my spam filters. In that case, the only way to determine that it wasn’t legit was to allow the mouse pointer to hover over a link or button to see what its true destination was. Here’s what it looked like:

That’s certainly not a legitimate link. Here, by contrast, is what a link from a real Facebook notification looks like:

It’s a challenge to get nontechnical users in the habit of checking links before they click, but the results are well worth it.

The complete list of Windows Logo keyboard shortcuts

When it comes to keyboard shortcuts in Microsoft Windows 7, I admit to being a bit of a novice. I fall back on the menu system or, now that it is available by default in Windows 7, I use the search box located on the Start Menu. But, as the following list shows us, there are definitely opportunities for increased efficiency within the matrix of keyboard shortcuts.

One of the more powerful, and probably least used, set of keyboard shortcuts involves the Windows Logo key which is common on most keyboards packaged with a Windows-based personal computer these days.

Table A lists the keyboard shortcut combinations associated with the Windows Logo key and what each combination will do. Take a good look, there may be a key combination or two you can use regularly that will make your computing life just a little more efficient.

Table A – Source Microsoft

Key combination	Action
Windows logo key	Open or close the Start menu.
Windows logo key +Pause	Display the System Properties dialog box.
Windows logo key +D	Display the desktop.
Windows logo key +M	Minimize all windows.
Windows logo key +Shift+M	Restore minimized windows to the desktop.
Windows logo key +E	Open Computer.
Windows logo key +F	Search for a file or folder.
Ctrl+Windows logo key +F	Search for computers (if you’re on a network).
Windows logo key +L	Lock your computer or switch users.
Windows logo key +R	Open the Run dialog box.
Windows logo key +T	Cycle through programs on the taskbar.
Windows logo key+number	Start the program pinned to the taskbar in the position   indicated by the number. If the program is already running, switch to that   program.
Shift+Windows logo key+number	Start a new instance of the program pinned to the taskbar   in the position indicated by the number.
Ctrl+Windows logo key+number	Switch to the last active window of the program pinned to   the taskbar in the position indicated by the number.
Alt+Windows logo key+number	Open the Jump List for the program pinned to the taskbar   in the position indicated by the number.
Windows logo key +Tab	Cycle through programs on the taskbar by using Aero Flip   3-D.
Ctrl+Windows logo key +Tab	Use the arrow keys to cycle through programs on the   taskbar by using Aero Flip 3-D.
Ctrl+Windows logo key +B	Switch to the program that displayed a message in the   notification area.
Windows logo key +Spacebar	Preview the desktop.
Windows logo key +Up Arrow	Maximize the window.
Windows logo key +Left Arrow	Maximize the window to the left side of the screen.
Windows logo key +Right Arrow	Maximize the window to the right side of the screen.
Windows logo key +Down Arrow	Minimize the window.
Windows logo key +Home	Minimize all but the active window.
Windows logo key +Shift+Up Arrow	Stretch the window to the top and bottom of the screen.
Windows logo key +Shift+Left Arrow or Right Arrow	Move a window from one monitor to another.
Windows logo key +P	Choose a presentation display mode.
Windows logo key +G	Cycle through gadgets.
Windows logo key +U	Open Ease of Access Center.
Windows logo key +X	Open Windows Mobility Center.

Five tips for using Ccleaner to degunk your system

By Jack Wallen

April 8, 2011, 12:57 PM PDT

Takeaway: Ccleaner is one of the best all-around tools for keeping your computer optimized and free of the junk that accumulates from Internet surfing, obsolete apps, and other fragments that clog up your system.

There are a lot of tools out there that handle a lot of tasks, from antivirus tools that also clean your drive of temporary files and make you coffee to tools that promise to “make your computer faster.” But as far as I’m concerned, few tools can make as much of a difference as Ccleaner, at least on a machine that’s not infected by a virus or malware. Ccleaner is easy to use and will keep your computer cleaner, more secure, and running faster. It achieves this by safely removing temporary Internet files (and other means of tracing Internet activity), cleaning up the Windows registry, and removing temporary files and recent file lists (MRUs) from various applications.

But even though Ccleaner is a simple tool to use, that doesn’t mean you should just jump in and start cleaning everything without a bit of thought. Here are some things all users should consider before and during the use of this powerful tool.

Note: This article is also available as a PDF download.

 

1: Analyze before running the Cleaner

I know a lot of admins who just fire up Ccleaner and hit the Run Cleaner button without doing an analysis first. Yes, this is a fast method of getting rid of temporary Internet files. But there’s no way of knowing what’s going to be deleted (until it’s deleted) and there’s no way of knowing how much free space the deletion is going to create. Make sure you hit the Analyze button first. Then, after you read the report, hit the Run Cleaner button. Using Ccleaner this way ensures that nothing is deleted that shouldn’t be deleted. Also, after you run the analyzer, you can look at detailed information (by application) and then add exceptions directly from the list.

 

2: Set up cookies you want to keep

When you run the Cleaner, cookies are deleted. By default, cookies are retained from Google and Yahoo, but other cookies might need to be retained. To manage this, click on the Options tab and then on the Cookies button. From that window, any cookie currently on the system can be selectively added to the exclusion list. By adding these exclusions, you don’t have to worry about important cookies disappearing after each run of Ccleaner.

 

 

3: Always back up the registry

No matter how reliable Ccleaner is and no matter how many successful registry cleanups it does, never do a cleanup without first backing up the registry. Ccleaner will go so far as to remind you to back up the registry every time you run a registry cleanup. If the registry is not backed up, one of those corrupt or missing registry keys that Ccleaner fixes might not really have needed fixing. If that key is then broken and was not backed up, the issue caused by Ccleaner could become catastrophic. Fortunately, Ccleaner makes backing up the registry as simple as a couple of clicks.

 

 

4: Use the tools to manage startup applications

Ccleaner comes with a bonus: It lets you enable, disable, or remove programs from startup. I have always found this method of managing startup applications far easier than using the standard Windows method. What I like most about this feature is that startup applications can be enabled and disabled without removing them completely. This means if you need to temporarily prevent an application from starting up, it’s easy to do by going into the Tools tab, clicking the Startup button, selecting the application to be enabled/disabled, and clicking the appropriate button. When the application needs to be re-enabled/disabled, reverse the process.

 

 

5: Use the uninstaller

One of the best aspects of Ccleaner is the ability to remove applications from within it. It typically just starts the uninstaller, but I have found that running the application uninstaller this way ends with fewer registry issues than when I uninstall from the Windows Add/Remove Programs tool. And if there are registry issues after the uninstall, registry cleanup is only a couple of clicks away.

 

 

Great tool, used wisely

Ccleaner is more than just a tool to clean the registry or empty a computer of temporary Internet files. It also makes it easy to remove applications from startup and remove applications from the machine. Just make sure you use this powerful tool intelligently to avoid rendering your machine unusable.

The Top 10 Culprits Causing Malware Infections

I think it is safe to assume that the places you visit on the Internet will determine which programs are installed on your PC. Let me put it this way, the software installed on your computer will have some relevance to the sites you often visit. Lets take a few examples, when you are using Gmail, chances are good that you will have Gmail Notifier or GoogleTalk installed on your PC. When you often visit Yahoo.com or take part in their social networks, chances are good that you will have Yahoo! Toolbar or Yahoo! Messenger installed on your PC. Lets take a more practical example, users visiting Microsoft.com most probably have packages like Microsoft Office and Microsoft Windows XP installed on their computers. It is likely for supporters of the Open Source Initiative to hang out on sites like OpenSource.org, OpenOffice.com, Linux.org or SpreadFirefox.com. So your software preferences play a huge role in the type of web sites you visit and vice versa.

But what has this to do with malware infections? To be honest, everything! Let me show you what the top culprits of malware infections are and it will soon be clear to you what the connection is between the web sites you visit and the malware found on your PC.

Top culprit number 1: Pornographic web sites

Download Spyware Blaster by JavaCool Software and have a look at all the porn related web sites blocked by this program. It is also remarkable to see how many computers with traces of pornographic web sites in their browser history, are often infected with spyware and trojan horses. Unfortunately you will have innocent victims of malware infections, also with traces of pornographic web sites in their browser history, but only because the malware redirected them to these sites. However, people with pornographic material on their computers are not that innocent in this case, pornography does not go out looking for people, people go out looking for pornography.

Top culprit number 2: Illegal music (MP3) and movie downloading sites

These sites normally force you to install special downloading software on your computer so that you can download files from them. These download managers are often bundled with spyware and are trojan horses themselves, downloading tons of other spyware programs while you cheerfully download your illegal MP3′s. They sometimes place tracking cookies on your PC to monitor your browsing habits and hijack your browser to make sure you return to their site or a site of a partner.

Top culprit number 3: Software Piracy web sites

If you love using illegal software, cracks, serial numbers or license key generators (keygens) then you most probably had to remove some malware infections in the past after visiting one of these sites. Most of the people using these cracks are normally technical wizards and know how to disinfect their computers. Many of these sites do not only contain harmful scripts but also fake cracks and key generators, which are nothing else but malware. Some crack developers create a working crack but distribute it with spyware or a trojan horse to make your PC their slave.

Top culprit number 4: Peer-to-peer file sharing programs and networks

The file sharing community is loaded with pornography, pirated software, music and movies. Is it not amazing that everywhere these guys make their appearance you also find spyware, viruses, trojan horses and all kinds of malware? The client software is also often bundled with spyware (or adware as they call it).

The culprits discussed so far are those connected with illegal and indecent activities. People visiting these sites and using these services deserve getting infected with malware. These culprits are also some of the biggest sources of malware epidemics. What flows from the mouth, comes from within the heart. The same rule applies to your computer, those nasty little programs crawling inside your computer is, in the case of culprits 1 to 4, the direct result of your own sinful actions and activities.

The next couple of culprits are caused by negligence and a lack of knowledge about how malware are distributed.

Top culprit number 5: Pop-up and pop-under advertisements

Another culprit that wants to caught you off guard. A pop-up window may appear out of the blue or a concealed pop-under window my load in the background without you even knowing it. These windows can start downloading malicious programs and install them on your computer. They can appear on any web site, not just illegal and other bad web sites. You can prevent these windows from opening by using a secure browser like Firefox with a built-in pop-up blocker.

Top culprit number 6: Fake anti-virus and anti-spyware tools

You visit a legitimate looking web site and suddenly a banner appears telling you that your computer is infected with spyware. You can scan your computer with all the anti-spyware software in the world, over and over again until you are blue in the face, but that banner will keep telling you that your computer is infected with spyware. This is because it is a plain image banner. The site never does a scan of your computer, it is a fixed message that will display on any computer, no matter how clean it is. Simply put, it is a blatant lie! They want you to believe that your computer is infected and that only their software can remove this spyware. If you download and install their software you will only find that it is spyware itself. You may end up infecting a completely clean system with a dirty program, trying to remove the so-called spyware.

A system scan is not a three second process, it takes time, so no scanner can tell you instantaneously that your system is infected with spyware. I do not believe in online scanners, rather use software with a good reputation, a local scan is much more faster. Most online scanners are no online scanners at all, you actually download the whole scanning engine and end up doing a local scan anyway. A real scanner will tell you the name of the malware and its location on your hard drive, if it does not give you this information, then it is fake. Even if it gives you this information, it still does not mean that the software is legitimate. Do not trust everything you see online and stick to well known anti-malware brands.

Top culprit number 7: Free games, screen savers, media players, etc.

No, not every free program comes bundled with spyware, but spyware (once again the developers prefer to call it adware, but it is still the same thing) is often the price you have to pay for the free software. It is normally a ploy to monitor your use of the program, to send the creators statistical data or to collect data about your online behaviour in order to send you targeted ads. If you try to remove the spyware you normally render the main application useless. Read the EULA (End User Licence Agreement) very carefully before installing the application. But everyone knows that nobody reads those tedious, long licence agreements, so use EULAlyzer by JavaCool Software to check for specific keywords and phrases that might reveal any spyware programs being installed or privacy breaching practices that may occur if you install the free software.

Top culprit number 8: Malicious web pages with harmful scripts

But you already mentioned this one in culprits 1 to 3. No, culprits 1 to 3 often have harmless web sites and it is the content you download from the sites that is harmful. But you also get web pages containing malicious scripts, totally innocent looking web sites, like a site donating money for cancer. You go to their homepage and suddenly a script virus strikes your computer. This is what an anti-virus shield was made for, that unexpected attack. Firefox is also designed to prevent harmful scripts and browser hijackers from accessing the system and taking advantage of flaws and weak spots in your operating system.

Top culprit number 9: E-mail

Virus worms spread themselves by forwarding a copy of the virus to all the contacts in your address book. Those contacts that are unaware of these worms will most likely open the e-mail and the file attached to it. But when you open a strange infected e-mail from an unknown sender, then you are guilty of double negligence. For the virus to be activated you need to open the e-mail and in most cases you need to deliberately open the file attachment too. By using a little common sense you will know that strange e-mails from unknown senders are dangerous, especially when they have executable attachments with file names ending with the “exe”, “com”, “bat” or “scr” extensions. Even dangerous e-mails from known, trustworthy contacts can easily be identified if the contents of the e-mail seems strange and out of character. By being careful and responsible when opening your e-mails, you will not only prevent your own computer from getting infected, but you will also prevent the worm from spreading any further.

Top culprit number 10: You the Internet user

What? Me? How on earth can I be a culprit? Well, you are an accomplice in the spread of malware if you do not have an active and updated anti-virus package installed on your computer, if you do not scan your computer for viruses and spyware on a regular basis, if you do not use shields like the TeaTimer tool from SpyBot (which is free by the way), the Ad-Watch shield of Ad-Aware or the resident shield of AVG Anti-spyware (all of which you have to pay for, unfortunately), if you spend your time browsing pornographic and illegal web sites and take part in the sharing of pirated software and copyrighted material (culprits 1 to 4), if you fail to be responsible with the software you install on your PC and the e-mails you open (culprits 6, 7 and 9) and if you refuse to use a secure web browser (like Firefox) built to prevent malware infections (culprits 5 and 8). Yes, I will go so far to say, that if you stay away from culprits 1 to 7 and 9, you probably won’t need any virus and spyware protection at all. Culprit 8 is the only reason why you should have anti-virus and anti-spyware protection, for those unexpected attacks, over which you have no control.

Culprits 1 to 8 are the main sources of malware. Infections caused by them led to the creation of culprits 9 and 10, which distribute the malware even further. Do not turn your computer into a malware paradise or a malware distribution centre. Take responsibility, protect your computer against these threats and prevent the spread of malware.

Eight threats your anti-virus won’t stop

This article is from Sophos, a security company:

http://www.sophos.com/security/topic/why-endpoint-security.html

High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the internet for legitimate purposes. This paper outlines eight common threats that traditional anti-virus alone won’t stop, and explains how to protect your organization using endpoint security.

The zero-day threat

Zero-day threats can exploit zero-day vulnerabilities, or previously unknown security deficiencies, that software vendors have not yet patched.

How to protect yourself: Add defenses on top of signature-based anti-virus protection.

Working outside the firewall

Not so long ago, most employees used their computers at the office. Back then, a network or gateway firewall would have been enough to protect your servers and PCs. Now people often work outside the perimeter of the organization’s network—any time they connect their laptops to the internet from airports, hotels, cafés and home.

How to protect yourself: Add location-aware client firewall software on laptops and other endpoint PCs.

The unpatched PC

One small unpatched vulnerability in an application, browser or operating system can lead to huge problems.

How to protect yourself: Patching is the first line of defense. Also use network access control, or NAC, to make sure any computer you allow on your network has all current patches and anti-virus updates in place.

The uncontrolled application

Allowing unmanaged applications access to the web brings unacceptable risk or performance issues.

How to protect yourself: Application control lets you block users from installing non-essential applications so you have fewer applications to manage and secure.

Web insecurity

Criminals abuse the web as their single biggest distribution point for malware.

How to protect yourself: Use combination of URL (reputation) filtering and scanning web pages for malware.

The lost laptop

It’s not difficult to replace a laptop, but recovering the exposed information can be.

How to protect yourself: Develop and implement a data encryption policy.

The misdirected email

One simple slip of the fingertip—and your document goes to the wrong email address. This could expose personal identifiable information.

How to protect yourself: Use data loss prevention software to scan for sensitive content.

The infected USB device

Every time users plug a USB device into a company computer, they bypass other layers of defense such as gateway firewall protection. That makes devices with USB ports an easy means of attack.

How to protect yourself: Use device control to specify which USB devices users are permitted to plug into laptops and PCs.