WinPatrol Changing of the guard

WinPatrol – Scotty

WinPatrol has been very important over the years. I have several (six I think at least) lifetime memberships of WinPatrol software and I install it on all my Windows installs personally and for my friends, family and clients. It has been a staple in my security arsenal for many years now, and BillP has been a great friend to all of us.

BillP, thank you so much for continuing to look for someone who would fit the bill, as it were, and you certainly found a great choice!

I am very excited about the promise that Bret Lowry made to WinPatrol customers:

My commitment to WinPatrol customers is as follows:

One, your lifetime PLUS licenses are just that, lifetime licenses. That was the easiest topic in our negotiation and is written into the contract.

Two, WinPatrol will not have toolbars or other “add-ins” added to it or its installer. Installers that do that drive me crazy because I’m the guy people call to “fix” their computer after the installer completes its hijacking. I am not going to do that to my customers.

Three, I will be responsible for answering support questions, even more incentive to play nicely and stand-by item two above. And

Four, I use WinPatrol myself and therefore am committed to the continued improvement of WinPatrol. I am honored to have earned Bill’s trust and confidence in his allowing me to purchase WinPatrol. Bill has run WinPatrol with integrity since its inception, as a founder of Ruiware (along with my wife), I promise we will carry on that tradition.”

BillP, after reading your blog posting and Corrine’s Security Garden posting, I was totally thrilled to read about Bret Lowry, Ruiware, LLC being your choice.

Totally awesome! I knew you wouldn’t let us down! Thank you Bill for all the years you have given to us! We totally understand your need to step aside and wish your family all the best and your family is ever in my thoughts and prayers.

Corrine, thank you for letting us know of the change right away!

This must be a bittersweet day for BillP; to let go of his baby, to turn it over to someone else, but sweet knowing he turned it over to a great guy who will care for his customers the way he did.

Hi Bret Lowry! I am excited to meet you in Bits from Bill and from Security Garden Blog. Thank you for putting our minds at ease about the commitment you have given us. Hope you will still do the sales periodically like BillP always did and keep the price economical and the free edition which is so important.

On WinPatrol.com:

I’m very happy to announce WinPatrol’s future will be in the hands of Ruiware founder and former lead at Sunbelt Software, Bret Lowry. If you read today’s post and download our new version later today you’ll understand why I’m confident Scotty is in good hands.
Click here to find out why

And this wonderful note from Bret too:

WinPatrol.com – WinPatrol from Ruiware. “When I discovered WinPatrol I knew it was a winner and a program I’d install for my entire family. WinPatrol customers matter. You still won’t find obnoxious toolbars when you download WinPatrol. Instead, we help you get rid of them. Thanks, Bret Lowry — Click on image to go to WinPatrol.com

In closing, I would like to echo Corrine’s thoughts from her Security Garden blog entry:

On a personal note, I have long respected Bill Pytlovany and, because of his honesty and high ethical standards, held him in high esteem.  I know I won’t be losing contact with him but still wish to take this opportunity to publicly thank Bill for providing an excellent product.

I could not have said it any better!

WinPatrol PLUS For Everyone Just $2

Tech gift guide: Gift copy of WinPatrol Plus gives lifetime of PC protection – USAToday

There are a couple of reasons you might want to shell out $29.95 for gift copies of WinPatrol Plus and give them to all the PC users on your shopping list.

WinPatrol may be one of the best kept secrets in computer protection. What’s more, it is the creation of an iconic tech personality, Bill Pytlovany, one-man researcher/developer/distributor at BillP Studios.

Pytlovany has a loyal following of tech geeks who swear by the basic version of WinPatrol, which he created in 1997, graciously keeps updated and continues to make available for free — for the greater good.

I found the above article while reading BillP’s blog posting: WinPatrol PLUS For Everyone Just $2:

About once a year I go crazy and try to introduce WinPatrol PLUS to the folks who have never heard of WinPatrol or have never experienced this small powerful app. For over 15 years WinPatrol has been recommended by friends and family but I never invested in any kind of expensive PR campaign.

I heard about WinPatrol many years ago, at least 10-15 years ago … it could have been when it first came out. But I am not really sure. I could have found WinPatrol from Corrine at one of the Anti-Spyware forums I frequented, or FreedomList where she is an admin, or at Scot’s Newsletter Forum where she is also a fellow admin. Or it could have been through Fred Langa‘s LangaList which I subscribed to for many years before Fred merged LangaLIst with WindowsSecrets Newsletter with Brian Livingston who himself retired in 2010, or from an article in WindowsMag (one of my all time favorite magazines. I was very sad that CMP retired Windows Mag on June 25, 1999 but we did have an online version at WinMag.com for a couple more years). WinMag had some great writers and they all knew BillP. WInMag and PCMag were my initial magazines for Windows in the early days. It is where I read great articles from: Scot Finnie, Fred Langa, Mike Elgan, Karen Kenworthy (1),  and many other great writers (I used to know all their names off the top of my head, now these four I remember the most).  But, I digress…

This is a great time to consider buying WinPatrol PLUS for only $2! Can’t beat it! And BillP’s WinPatrol is a best in class software! Check out the Free version at WinPatrol.com, and upgrade if you like it. Can’t go wrong for $2.

For those who (EEEK!) might still be using Microsoft’s old and long unsupported OSes;  Windows 98 or Win2K, WinPatrol Downloads has something for you as well.

BillP’s  Message to Windows XP users – Very important as the April 2014 retirement of Windows XP approaches.

WinPatrol runs on Windows XP, Vista, Windows 7 and Windows 8 including x64 versions.

USA Today says…

“…best kept secret in computer protection.”

New Metaspoit 0-Day IE7, IE8, IE9, WinXP, Vista, Windows 7

New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7 – SecurityStreet/Rapid7

We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures.

Here’s the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit (CVE-2012-4681), with a blog entry titled “Let’s Start the Week with a New Java 0day in Metasploit“. You’d think the 0-day attack from the same malicious group might cool down a little after that incident… well, you’d be wrong. …

BOLD and COLOR emphasis mine.

I am sure that they only tested IE7, IE8 and IE9 initially on this because those are the only IE browsers in use right now for Windows XP, Vista and Windows 7 and based on the w3Counter, the largest number of IE users at this time.

He also said that if he were to test IE10, he was certain it would fail the test as well.

One can only imagine how miserably IE6, as the highest level of IE that works on Win2K, would do. You would think that most people have moved onto newer versions of Windows, but some have not sadly despite the fact that Win2K hasn’t had an update since I think July 2010 and despite articles like this one from Ed Bott January 16, 2010. Don’t think it’s a big issue? Well according to the IE6Countdown website, IE6 still has an impressive 6% of Internet users worldwide as of August 2012.

Sure the USA’s piece of pie for IE6 is only 0.04% but I know a few of those folks and they are diehard users who refuse to leave a dead OS and browser due to economic issues, or sight issues, or both. Now, to their credit, some of these Win2K users do have a NAT hardware router, a software firewall, and they use Firefox and not IE6, but still, Win2K has not had any updates since July 2010! Not a wise move.

Personally,  I have NO addons allowed to work in IE8 in Windows XP by default on the Installations of Windows XP SP3 that I have still running, or IE9 on Windows 7.

I lock down my other browsers with no scripting type extensions like NoScript on Firefox, Chrome, etc. regardless of the operating system I am using (Windows, Mac, Linux), as well as Adblock Plus.

Another great little program for Windows that can help you keep a handle on what is happening on your Windows computer is BillP Studio’s WinPatrol Plus and FREE WinPatrol. I use it on my WinXP SP3 as an added protection since I have a laptop that can only run WinXP (SP3 of course), I use very intermittently for special use tasks such as setting up routers, or downloading music using Amazon Downloader, or sites that use OverDrive Media Console, etc. which won’t run on Linux on my laptop. This is when I am on the road using Library or Starbucks, or other public wifi hotspots due to our bandwidth limitations here at home on Verizon Wireless.

And I have found it to be wise to use a different browser (locked down of course as much as you can tolerate), rather than the ‘ubiquitous’ browser (IE in Windows, Safari on the Mac, or whatever the default browser is in a given GUI in Linux) in any given operating system.

One can not leave this to chance these days, IMHO.

 

EDIT: Added articles – one more about the exploit and the link to information on Microsoft’s workaround:

Update: Hackers exploit new IE zero-day vulnerability – Computerworld

Customers can use the Enhanced Mitigation Experience Toolkit (EMET) 3.0 to harden IE enough to ward off the current attacks, said Wee, of the company’s Trustworthy Computing Group, in an email late on Monday.EMET 3.0 can be downloaded from Microsoft’s websites.

Microsoft issues workaround for IE 0-day exploited in current attacks – net-security.org

Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate – but not yet remove – the threat:

• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
• Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7’s advice and switch to another browser for the time being.

Again BOLD emphasis mine.

New, sneakier Flashback malware infects Macs

New, sneakier Flashback malware infects Macs – Computerworld

A new, sneakier variant of the Flashback malware was uncovered yesterday by the French security firm Intego.

Flashback.S, which Intego described Monday, uses the same Java vulnerability as an earlier version that has infected an estimated 820,000 Macs since its appearance and still plagues over 600,000 machines.

But unlike Flashback.K, the variant that first surfaced last month and has caused consternation among Mac users, Flashback.S never asks the victim to enter an administrative password for installation, but instead relies only on the silent exploit of the Java bug to sneak onto the system.

“The differences are very subtle,” Peter James, a spokesman for Intego, said in an interview Tuesday. “There’s no password request [by Flashback.S].”

Much more in the two page article.

Apple will likely need to update their seek and destroy tool very quickly to help users stay free of this new variant.

If you think you are beginning to need an antivirus/antimalware solution, there are quite a few out there. Below are just a few:

Sophos Anti-Virus for Mac Home Edition – Sophos has a worthy product out there and it is nice that they make their money on corporate/business computers and offer the home version for free.

ClamXav The Free Anti-Virus Solution for Mac OS X It uses the popular open source ClamAV engine as it’s back end and has the ability to detect both Windows and Mac threats.

There are other options as well for the Pay to Play crowd.

ESET Cybersecurity for Mac

And others from Intego Virus Barrier for Mac free and Pro versions available in the Mac App Store. Intego as noted above found this newest FlashBack in the wild). Other Mac antivirus firms Symantec/Norton, and many more.

Many of these come with a heavy CPU usage hit that is very annoying considering the small number of actual threats out there for the Mac. Of course some users may feel that the ones that provide real time protection are the way to go, some may feel it is worth it if their Macs are speedy enough and they have enough RAM.

For those who don’t think they need a Mac antivirus just yet, if you don’t use Java or none of your programs use Java, you could go to the ~/Applications/Utilities/Java Preferences.app and disable Java until you actually need it and then re-enable it as needed. It’s a very easy thing to do really.

Or you could set up AppleScript to monitor areas where malware might inject itself so it will alert you.

Monitor OS X LaunchAgents folders to help prevent malware attacks – CNET

Some additional locations to add can be found at MrAnderson.info here.

Also installing Piriform CCleaner for Mac is a great idea and can be run as needed very quickly every day even.

Certainly less of a system resource hit and one could still have a non-resident antivirus and scan at your convenience and respond if the Applescript tells you something is going on that you didn’t instigate by installing a program, etc.

The Applescript monitoring locations that you can set up is built with Mac OS X which is light on resources and free. The Applescript monitoring does a similar thing as WinPatrol does in Windows – but of course in a very small area comparatively. WinPatrol does so much more but the key similarity is the monitoring for changes to areas that malware can hit a Windows PC.

What we need for people who are not very savvy about these things is a MacPatrol app like WinPatrol.

Call Starkist…

How to Defeat Lizamoon in One Easy Step

[tweetmeme source=”franscomputerservices” only_single=false]Lizamoon is a social engineering trick. Don’t fall for it.

PCWorld’s David Murphy, has the best solution for users surfing the Internet with this Lizamoon crap out and about on websites and posted it in an article entitled, “How to Defeat Lizamoon in One Easy Step“:

The simple solution: Don’t install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!

Much more in the article. Must read.

Yep, we are the biggest defense against many malware infections from websites, including this one. Just say no. 😉

And of course immediately run your temporary Internet files (TIF) cleaner, such as CCleaner, etc. as soon as you close your browser to remove anything that might have copied itself to your temporary Internet files. And run your security software to make sure nothing has gotten a foothold on your system right away.

If something like this happens, do yourself a favor and make a preemptive scan with your antimalware program, such as a great one called Malwarebytes Antimalware. Just because your antivirus didn’t pick up on it, doesn’t mean you don’t have a problem. No single program can pickup on everything.

Another great program option to help prevent this sort of thing would likely be WinPatrol, which can alert you to changes in your HOSTS file, items that are injecting themselves into your system through placing them in the auto run on boot, or other system changes that may be injected that you may not know are happening otherwise.

An ounce of prevention is worth a pound of cure.

Scot’s Newsletter Forums Celebrating their 8th Year!

[tweetmeme source=”franscomputerservices” only_single=false]Hard to believe that it has been 8 years since Scot Finnie — who is now the Editor in Chief of Computerworld — started a little experimental forum, Scot’s Newsletter Forums! Eight years later, it is still going strong.

I remember when the forums first started. Many of us were there from the beginning, or very nearly so. We were subscribers of Scot’s Newsletter when Scot announced to his subscribers.

I had been reading Scot Finnie’s articles since the old, now defunct WinMag days, and was saddened when they no longer published it. I lost track of Scot Finnie and a host of other writers for a time. I was very excited to hear about Scot Finnie and others who used to write for WinMag going on to have their own online/email newsletters and websites and finding them all over the place on the Internet.

The Scot’s Newsletter Forums has turned out to be a great place to gather, and help each other with various computer related issues, problems.

It’s a place where we SNF (Scot’s Newsletter Forums) “Highlanders” share our joys of success, and get help and understanding for our computer woes, and we have gained a level of friendship and community that is quite special, even among forums. I know that the SNF community literally reached out after the devastation of Hurricane Isabel, and physically and monetarily, as well as just emotional encouragement, helped us fix our roof — And I do mean physically. Some of the members who lived ‘near by’ actually traveled to our house with tools, materials and a willing spirit to help us put our roof back together. For those that wanted to help, but couldn’t come, they helped with providing funds to buy materials. It was a great blessing to us! And showed that even an Internet based community can be as real as any other community of neighbors, friends and family.

And all this while we work together with our various operating system situations whether it be Windows (ATW), Mac (ATM), and Linux (BATL) and other areas.

To help us celebrate the 8th year of Scot’s Newsletter Forums, ESET and WinPatrol have teamed up to help make the celebration all the more special by offering licenses to their great products in two different contests!

We really appreciate their generosity!!

Check out Corrine’s Security Garden posting about SNF 8th Anniversary as well; with even more information.

Happy 8th Anniversary Scot’s Newsletter Forums! It has been a wonderful thing to be a part of such a great ‘experiment’. 🙂

Unpatch Java Exploit Spotted in-the-wild

[tweetmeme source=”franscomputerservices” only_single=false]Unpatch Java Exploit Spotted in-the-wild (Krebs on Security):

Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.

As I mentioned last time, it is sad that Java is needed to help keep your systems safer through Secunia’s OSI (Online Software Inspector) by helping you keep your Internet facing programs up to date.

For now, if you are not sure if you have Java on your system, you can look in Add/Remove Programs (Windows XP) or Programs, Uninstall Programs (Vista and Windows 7) to see if it is installed. The best option at this point is to probably uninstall Java entirely on Windows computers until Oracle realizes the dangers this problem poses to Windows users.

Of course if you would prefer, you could use the link to SANS Internet Storm Center (New bug/exploit for javaws) to review your options.

Another option would be to use Firefox with the NoScript Extension and only allow scripting on trusted sites. NOTE: Even though java is not javascript, most plugins use some sort of scripting to wrap their plugins in to work in a browser so using NoScript would go a long way to protecting users and still be able to use Secunia’s OSI noted earlier in this article.

However, note that there is still the possibility that the malware cocktail could still potentially gain access through Internet Explorer even if you are not using Internet Explorer. To prevent this, Windows users might consider installing BillP Studios’ WinPatrol so they are alerted to any changes to their system before it happens and be given an opportunity to prevent it – You can try it out for free, but it is one of the best $19.99 you ever spent ($10 off right now, normal price $29.99). BillP Studios used to have a free version which can still be found on sites like FileHippo.com (note, however that it is not the new version which is apparently only offered in Trial/Buy).

According to the article, popular lyrics site: songlyrics dot com (I did not create a link to it and I would NOT recommend going there if you have Java installed!) the “Crimepack” exploit kit is being used to foist a cocktail of malware on Windows users’ computers.

I mentioned this Java vulnerability in my last posting. If you want more information, please see my earlier post and Brian Kreb’s Krebs on Security article above.

Tavis Ormand tried to get through to Oracle about the danger, but they chose to rate it as not that important. They indicated that it could wait till the normal patch cycle. However, apparently, they didn’t fix it then either because when all the Oracle quarterly cycle patches came out this week it wasn’t in their list of fixed vulnerabilities — which means they apparently intend to wait till the NEXT cycle!

Roger Thompson, chief research officer at AVG says:

the site appears to use the very same code mentioned in Ormandy’s proof-of-concept to silently redirect songlyrics.com visitors to a site that loads the “Crimepack” exploit kit, a relatively new kit designed to throw a heap of software exploits at visiting browsers…

It is hard to say whether visiting sites like the lyrics site would hurt other OSes like Mac OS X (especially Tiger which hasn’t had a Java update in ages!), or Linux because Brian Krebs’ article was geared to Windows users.