Kirkian Computing

Tag: security

  • Fake virus warnings

    Someone called me earlier, because she had a big virus warning on her screen. This was actually a hoax (a web page trying to install malware), and it’s useful to be aware of it so that you know what to recognise.

    I identified the website which was responsible, but it’s now been taken down. So, the purpose of this post is to warn you about similar sites rather than this site in particular. I observed the same behaviour in IE8 and Firefox 3.6.12 (on Windows 7), but I haven’t tried any other OS/browser.

    (more…)

  • Online banking

    In part 1 of my LUA series, I mentioned a virus that modified the HOSTS file on a PC. This meant that each time someone tried to connect to their banking website, they actually went to a fake website instead, even though they’d typed in the correct URL. This could also be a problem if your DNS server gets compromised, or if someone reconfigures your wireless router so that you use a rogue DNS server.

    One way to protect yourself is to use https. If you know the correct address for the website, and you see a padlock in the address bar, you can be confident that this is the real site. This isn’t an absolute guarantee, e.g. if your PC is infected by a virus then it could add some self-signed certificates to your trusted store. However, it’s certainly a step in the right direction. Unfortunately, lots of banks haven’t quite grasped this concept.

    (more…)

  • Ribbon Hero

    Microsoft recently released Ribbon Hero. This is an add-in for Office 2007 and Office 2010, and the idea is to earn points by completing challenges (e.g. formatting a table). In the process, you’ll become familiar with the new user interface. The name is obviously inspired by “Guitar Hero”, but I think it’s unlikely that this will be quite so much fun at parties. It does sound rather Dilbert-esque… “The room is hushed. He puts the title in bold, and the crowd goes wild! Encore!”

    Still, it sounds like an interesting idea. According to ZDNet: “It taps into social and adaptive learning paradigms and important research on motivation and learning.” I know that a lot of people are reluctant to use Office 2007 because it looks so different, so I’m willing to give this a go. Unfortunately, it has some pretty fundamental problems, which make it completely useless to me.

    (more…)

  • LUA part 5 (of 5): Related technologies

    This post is part 5 of a series about using a limited (standard) account in Windows for everyday activities rather than logging in as a computer administrator all the time. (You may want to read parts 1, 2, 3, and 4 before continuing.)

    (more…)

  • LUA part 4 (of 5): Changes in Windows Vista/7

    This post is part 4 of a series about using a limited (standard) account in Windows for everyday activities rather than logging in as a computer administrator all the time. (You may want to read parts 1, 2, and 3 before continuing.)

    When Microsoft released Windows Vista, they introduced a new feature: User Account Control (UAC). This basically meant that when you ran certain programs, you would get a message popping up, asking “Are you sure about this?” It’s fair to say that this wasn’t very popular; lots of people acted as though it was the return of Clippy. Quoting from one of Apple’s “I’m a Mac” adverts (YouTube): “He asks me to authorise pretty much anything I do.” However, if you actually understand what UAC is for then it’s quite useful, and I think that Vista is a definite improvement over Windows XP.

    (more…)

  • LUA part 3 (of 5): Compatibility problems

    This post is part 3 of a series about using a limited (standard) account in Windows for everyday activities rather than logging in as a computer administrator all the time. (You may want to read part 1 and part 2 before continuing.)

    If you follow my advice and switch to a limited account, you may find that some of your programs stop working. This is annoying, but there are various ways to deal with it.

    (more…)

  • LUA part 2 (of 5): Setting up separate accounts

    In part 1 of this series, I explained why it’s a good idea to have separate accounts on your computer: a standard account for day to day stuff (e.g. reading email), and an administrator account for making system changes (e.g. installing new software).

    In this part, I’m going to provide step by step instructions for setting this up on Windows XP. (The process is pretty similar for other versions of Windows.) There are lots of pictures here, to make it as simple as possible. This all applies to a home computer; it’s a bit different for a workplace, since all the accounts will be set up centrally by your IT department, and by default they will just be standard users on each PC.

    (more…)

  • LUA part 1 (of 5): Why you shouldn’t always log into Windows as an administrator

    The German government have advised people to stop using Internet Explorer and switch to an alternate browser, as reported at the BBC and Mashable. Microsoft have published a security advisory about the problem, and they’ve discussed it on their Security Research & Defense blog. Personally, I’m using IE8 (Protected Mode) on Windows Vista with DEP enabled, so this doesn’t affect me, and switching to a different browser would be an overreaction.

    However, this seems like a good time to mention the advantages of “LUA” (Limited User Access). Basically, rather than logging into Windows with full control over the computer, it’s better to have two accounts: one for installing software and one for everyday use. That way, if you run some dodgy code by mistake, you limit how much damage it can do.

    (more…)

  • SSL certificate errors

    I’ve just been along to the PruHealth website. Unfortunately, it turns out that their SSL certificate expired last night, so I get a big warning message when I try to access the site. I’ve reported the problem to them, and they should be able to fix it fairly easily, i.e. renew the certificate. However, I’ve now seen how different web browsers handle this problem, and I think Internet Explorer does a better job than Firefox overall.

    (more…)

  • Downloader-UA.h

    There have been a couple of virus warnings in the news today:
    Half a million infections of latest Trojan (MSN)
    Fake media file snares PC users (BBC)

    The basic gist is that there are fake mp3/mpeg files circulating on peer-to-peer filesharing networks. I.e. if you use a program like LimeWire to download a music file or video clip, you may not actually get what you thought. Instead, when you try to play the file, it installs adware on your machine.

    I’m sure that I’ll have several people contacting me about this tomorrow, so how bad is it?

    (more…)