Google Chrome to abandon older versions of Windows and Mac OS X April 2016

Google Chrome icon

Back in November of 2015, Google made an unwelcome announcement which was some very bad news for older Windows and older Mac OS X users.

On their Google Chrome Blog posting at that time, Google announced that it will stop providing updates to Google Chrome for the following Windows and Mac OS X versions;

  • Windows XP
  • Windows Vista
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

NOTE: Linux 32-bit Distribution users see the end of this article for your sad news too, but most of you are already aware of this since it happens this month!

This does not mean Google Chrome will stop working in these OS versions — which would almost be better security wise. Instead, Google has decided to simply stop providing updates to the installed versions of Google Chrome for these OS versions.

This is very bad news since Google Chrome has Flash built in (which is updated as needed with Google Chrome). These older versions of Windows and Mac OS X will be doubly vulnerable. Over the years, these users have gotten used to not having to update Flash separately like you need to do in other browsers like Firefox, Safari, Opera, earlier versions of Internet Explorer, Pale Moon, etc.
Because Flash is built in to Google Chrome, these abandoned users will not be getting the Flash updates either.

This will make these older versions of non updated Google Chrome extremely vulnerable to browser attacks from infected websites. Malware purveyors will quickly begin to adjust their attacks (if they have not already in anticipation of this change) to look for these older vulnerable systems using outdated/vulnerable versions of Google Chrome as new attack vectors for these abandoned Windows and Mac users.

Those thinking that being a Mac user will make you impervious to attack, think again. Browser attacks are one thing that every operating system including Windows, Macs and Linux have been subject to these days. Sure Windows users get hit more often but that is because they are the biggest user base and they have the largest target on their back, but Mac users and Linux users can still get hit at times if they have outdated operating systems, Flash, Java, etc. Even Android has been hit by a banking trojan these days – reported March 9, 2016 by ESET’s We Live Security Blog.

With other browsers, you could simply remove Flash from the system and be done with it if you were concerned about it and didn’t mind losing the ability to see YouTube videos and other Flash supported content on other websites. Although, with HTML5 support coming right along, that could be moot.

Some might be quick to blame Adobe Flash, but apparently this is not the case as Adobe is quick to point out in at least two places that they support these OSes:

Plus other browsers such as Firefox clearly still support these OSes and Flash on these OSes. However, they will have to update their supported browsers to NOT include Google Chrome after April 2016 unless Google rethinks all this for at least a couple of the newer, of the older, OS versions. 😉

If Google does not give a reprieve/stay of execution, once Adobe makes their final update to Adobe Flash in April 2016 and Google updates Google Chrome the final time for these OS version users that includes that last Flash version, it will apparently be the last Google Chrome AND thereby Flash update that these Google abandoned OSes will see Google based on the Google Chrome blog article posted November 2015.

Google has been very quiet on the subject since that date so no reprieve or stay of execution even for the newer OS versions to be abandoned; Windows Vista and Mac OS X 10.8 (Mountain Lion).

It seems quite harsh to drop support for these two OS versions (Vista and Mac OS X 10.8 (Mountain Lion)) since Google supported the earlier noted OS versions like Windows XP and Mac OS X 10.6 (Snow Leopard) for so many years! But there it is.

If you are using one of these older OS versions of Windows or Mac OS X, read it and weep for the loss of a great browser like Google Chrome, and make be wise to make the move to Mozilla Firefox newest version to-date 44.0.2 (STILL supports Mac OS X 10.6 Mountain Lion), or Opera (however NO support for Mac OS X 10.6 Mountain Lion, but does support Lion and Mountain Lion), which have not, so far, abandoned these users. But they are not the only players still in the game…

There is also another browser project that has gained a lot of popularity among Windows users — the Pale Moon browser. There are versions for Windows: Pale Moon, Pale Moon 64, Portable. There are also versions for:  Atom/XP, Linux and Android on the Download tab on the website.

There is also a Mac OS X version of Pale Moon 26.1.1 Unofficial available as of February 2016. As noted on their forum page:

Important note:
The Mac OSX version of Pale Moon is still very much in development. Your assistance in bringing this build to fruition is greatly appreciated, but you can expect there to be bugs and problems for a while yet!
Any specific bugs you find that don’t have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
Please also note that these builds are currently created by BitVapor and Moonchild will likely not be able to provide insight or assistance due to lack of Mac hardware and OS/build knowledge for Mac.

Windows XP Vista No Support Yellow Strip Popup Google Chrome

Windows XP Vista already shows No Support Yellow Info band in Google Chrome

Those using these older versions of Windows (See image to the right), and Mac are already getting an annoying yellow warning info band across the top of their Google Chrome browsers.It is advising them to move to a more modern operating system. Wise move on Google’s part and it also servers to show that they  do not appear to be backing down from their November 2015 announcement.

That means Google Chrome users will need to do something to address the issues by either upgrading to a more modern operating system where possible, getting a newer computer with a more modern operating system since all of these operating systems are older and most have been abandoned by their creators anyway except Vista which is coming next April 2017 (preferable security wise), or barring all that, changing to a supported browser, or using an extension to address the old version of Flash issue (see end of article posting).

If you move to another browser, it will be very important to keep Adobe Flash updated since only Google Chrome in Windows 7, 8.1 and Windows 10, or on Mac OS X: Mavericks, Yosemite and El Capitan! will include Flash updates automatically with browser updates after April 2016.
NOTE: In addition, in Windows 8.1, the latest versions of Internet Explorer (IE10, IE11), and of course the new Edge browser on Windows 10 include Flash built in and updated for you like Google Chrome does.

Older versions of Windows and Mac are not the only users to be abandoned/axed by Google Chrome in early 2016. ALL 32-bit Linux distribution versions are also being abandoned — this month — March 2016 as noted in BetaNews, Slash Dot, and PCWorld and other news outlets back in November and December 2015.

Even though many and maybe even most computers these days are 64-bit, there are still a lot of 32-bit computers and 32-bit operating systems in use around the world today so this may be a move forward for 64-bit, but it is also a sad day for all the 32-bit hardware/operating systems worldwide.

Of course, there are still several browsers like Firefox, Opera and Pale Moon available for Linux 32-bit computers —  just as there are for Windows and Mac users. There are also some alternative browsers based on Firefox available (Pale Moon noted earlier here is included), and distro-specific versions of Firefox like Iceweasel in Debian Linux, etc.)

For all users of Google Chrome, there are some Flash blocking or control Extension possibilities that can protect everyone, but particularly these older users from having Flash run all the time if they choose to continue to use Google Chrome:

Advertisements

Apple Security Updates – Safari for Macs

Apple security updates

safari logo

Safari 6.1.3 and Safari 7.0.3 – April 1, 2014

Affects

  • OS X Lion and OS X Lion Server v10.7.5
  • OS X Mountain Lion v10.8.5
  • OS X Mavericks v10.9.2

About the security content of Safari 6.1.3 and Safari 7.0.3 – HT6181:

This document describes the security content of Safari 6.1.3 and Safari 7.0.3.

This update can be downloaded and installed using Software Update, or from the Apple Support website.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see “Apple Security Updates“.

Safari 6.1.3 and Safari 7.0.3

  • WebKit
    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling

More in the KB HT6181 article about the specific CVE-IDs addressed.

 

According to ITWire article:

Specific changes called out by Apple are a fix for an issue that could cause the search and address field to load a webpage or send a search term before the return key is pressed, support for generic top-level domains (so that Safari loads the requested page instead of treating it as a search term), and strengthened Safari sandboxing.

Very important update.

XP SP3 and Office 2003 Support Ends April 8, 2014

Windows XP has been around since August 24, 2001 – 12 years ago now. It is getting VERY long in the tooth.

Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Like many Operating System versions, Windows XP was not such a great OS in the beginning. BUT, like many Microsoft products, it got better after Service Pack 1 (SP1), but wasn’t the best it could be till after Service Pack 2 (SP2) and mildly better after Service Pack 3 (SP3). SP3 is the current version of Windows XP.

I loved Windows XP for a long time, even though it was getting long in the tooth. But I have come to love Windows 7 even more. Windows 8 … the jury is still out. For me I use several different operating systems. I also love and use Mac OS X or just OS X (as it is called now) and Debian Linux.

Windows XP has been on life support or Extended Support since April 8, 2009 when Mainstream Support ended. That was after two says of execution as it were since it was supposed to be ended earlier than 2009.

Windows XP has been the main stay for many folks for a long time in the Windows world — the last 12 years. That’s a long time for an Operating System version.

Windows XP still holds the #2 spot at 31.24% of computer users as shown below in the graph from NetMarketShare.com:

NetMarketShare.com Operating System Breakout - November 1, 2013

NetMarketShare.com Operating System Breakout – November 1, 2013

Windows 7 holds the #1 spot for a very good reason. It is still the best of the newer Operating Systems from Microsoft to date — in my opinion and nearly half of all Windows users to date. And Windows 7 is still good to go until January 14, 2020 (end of Extended Support – it is still in Mainstream Support until January 15, 2015). Here’s the break out of the Windows lifecycle fact sheet info:

Windows Life Cycles from the Windows Life Cycle Fact Sheet

Windows Life Cycles from the Windows Life Cycle Fact Sheet

I have said all this because we need to see where were are, and where we need to be as computer users, particularly as Windows users with April 8, 2014 looming over those of us still using Windows XP.

Especially in the light of the pervasive malware purveyors out there today.

We need to make sure we are all no longer using Windows XP of any kind before or at least by April 8, 2014 when Microsoft will no longer be providing ANY security updates for Windows XP.

A few years back they did the same thing with Windows 2000. It’s now Windows XP’s turn.

Please read the following articles to see why this will be very important:

Windows XP infection rate may jump 66% after patches end in April – Computerworld

Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

Windows lifecycle fact sheet – Microsoft.com (image above)

New stats show Windows 8 usage up sharply as XP usage plummets – ZDNet (for curiosity though, look at the difference between the table on ZDNet’s article and the one today).

NetMarketShare (choose Operating Systems from the dropdown to see the chart above in real time)

Gartner Says Worldwide PC, Tablet and Mobile Phone Shipments to Grow 4.5 Percent in 2013 as Lower-Priced Devices Drive Growth – Gartner.com

Source: Gartner Oct 2013 - Worldwide Device Shipments by Segment

Source: Gartner Oct 2013 – Worldwide Device Shipments by Segment

It would appear, that, as predicted, many around the world are moving to other types of computers, in particular mobile devices. This was forecast and it would seem to be coming to pass rather dramatically now.

It is amazing to see the number of people who rarely if ever use their desktop computers these days, relying on their mobile devices for almost all, if not all, their computing and Internet needs. Some folks no longer even have a computer other than a tablet, like the iPad or Nexus Tablet, or Surface, etc., or just use their smartphones for their email, browsing, messaging, gaming, etc. which is the bulk of what people seem to do on the Internet these days. Unless of course if their work or business, or gaming bents, are important to them. Having said that, even gaming has very much gone mobile for many people.

I am hoping that folks will take a look at the overall picture and determine which direction they wish to go now that there are only a few months left before Windows XP will no longer be a viable Internet connected computer.

Will a Desktop or Laptop be the way to go, or will a Mobile device like a Tablet or maybe even just a smartphone be enough for many folks? Staying with Windows or moving to a Mac may also be a consideration.

No matter which way folks ultimately go, deciding will be important and thinking about this is really needed with Windows XP going away in just a short few months.

Over 31% of computer users will need to make this decision before April 8, 2014, if they wish to remain as safe as they can be on the Internet.

Even with Google Chrome continuing to support Windows XP SP3 a year after Microsoft (till 2015), if the Operating System itself has no updates, that will certainly not be enough.

Lots to think about and only a few months to decide … Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Disable Java – Windows, Mac, Linux

US Department of Homeland Security advises disabling Java following fresh zero-day vulnerability – The Verge

A new Trojan horse has been discovered that exploits a flaw found in Java, leaving computers running Windows, Mac OS, and Linux vulnerable to attack. Mal/JavaJar-B allows attackers to remotely trigger code once it infects a system, potentially leading to the installation of malware, or even ransomware. Oracle hasn’t yet patched the vulnerability, which targets even the latest version of Java.

US-CERT RECOMMENDS THAT USERS DISABLE JAVA IN WEB BROWSERS

Apple has already taken care of this on the Mac by updating to disallow all Java except including the new one that hasn’t even been released yet. Excellent move from Apple.

Firefox and Google Chrome has had you click to even use Java for awhile now. From my experience, I believe that includes the current version of Java as well. As noted above, Firefox now includes the current version of Java in their blacklist. You have to personally choose to actually use Java using their Click to Play feature. Thank you Mozilla!

Google Chrome has instituted on December 21, 2012, noted in their blog posting, a feature that disallows silent extension addon installations. I believe this is something that Mozilla did some time ago when they experienced problems with it. Or maybe not.

So you will definitely want to disable Java in all browsers in Windows, Linux and on the Mac just to be safe for now.

Internet Explorer now allows you to disallow plugins by default and only allow those you specifically allow. But if you have allowed Java in the past, you will want to disable it:

How to Disable Java – PCMag

The PCMag article gives instructions for all the main browsers. Check it out and please for your sake don’t use a browser for general use that allows Java at least for now.

Disable it in at least one browser that you can use for general purpose use.

Whichever method you choose, visit the Java test page at http://java.com/en/download/testjava.jsp to confirm that Java is disabled. Yes, you’ll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.

More here at Security Garden, Dottech.org (How to/tutorial with images) and Venture Beat as well.

I have Java totally disallowed in my main browser, and enabled in one of my other browsers so I can still go to Secunia.com to use their OSI (Online Security Inspector) to check plugins and Internet facing programs. I also compare that with Firefox’s plugin checker. This in Windows. On my Mac, I have Java disabled in all but one browser and turn Java on and off as needed overall. In Linux Java is also disabled in my main browser.

This is very important until Oracle gets this updated and is quick to fix these vulnerabilities.

Oracle really needs to get on the stick before they and all the programs that make use of them are made obsolete! And there are millions of them!!!

EDIT: As of 1/11/2013 – Added Mozilla’s and Apple’s change to include blacklisting of the current version of Java due to the Trojan affecting even the current version of Java. See the info earlier in the posting.

Oracle to stop patching Java 6 in February 2013

Oracle to stop patching Java 6 in February 2013 – Computerworld

The article notes that of course this will be a hardship for Mac OS X Snow Leopard users and for users of earlier versions of OS X, but that is not as far as this rabbit hole goes. Very good article. Well worth a read.

That will leave a significant portion of Mac users without the means to run an up-to-date Java next year. According to Web metrics company Net Applications, approximately 41% of all Macs still run versions of OS X older than Lion.

Apple will presumably issue the final OS X patches for Java 6 in February alongside Oracle’s update.

It will also be hard on businesses, and even government agencies and departments, that will now be forced to work over their Java based programs to make sure they will still work with the current versions of Java 7.

That also means that Oracle themselves will have to update their Forms and Reports (or maybe these are things built by the companies using them too), to work with Java 7 so companies and some government agencies and departments can allow vendors that provide service and products to them. Currently, many of them must make use of Oracle Forms and Reports built on Java 6 from a special site like the MyInvoice subdomain that the government military still uses. That site requires a later version of Java 6 even now. This puts them and their vendors at risk by requiring an old Java on their systems in order to even work with them.

And what about the medical community. I have seen them falling down on the job as well on keeping up with the version of Java that physicians must use on their computers in order to read X-Rays remotely from home or on the road.

The article further is concerned about even upgrading to Java 7:

On Tuesday, Polish researcher Adam Gowdiak, who reported scores of Java vulnerabilities to Oracle this year, told the IDG News Service, “Our research proved that Java 7 was far more insecure than its predecessor version. We are not surprised that corporations are resistant when it comes to the upgrade to Java 7.”

Now that is sad news indeed. There are many sites that make use of Java and with good reason! Even Android is based on Linux — C,C++ and Java. As are many embedded systems, phones, and many electronic devices around the home.

Oracle needs to fix this problem and their Java. If they are going to be the owner of Java, they need to do better with the Java programming language that companies are not concerned about moving to their Java 7! So many programming eco systems out there depend on Java.

They inherited Java and the huge eco systems that depend on them, and base of users when they bought out Sun Microsystems. They can’t make swiss cheese with a door and think people will be be fine with this. Even things like OpenOffice.org and LibreOffice depend on Java — thankfully the current Java, but even that is according to this article, problematic. And what about all the embedded devices that depend on Java? When you install Java and are waiting for it to install, Oracle proudly talks about the billions of devices, that run Java. Oracle’s Java.com About page proudly states:

To date, the Java platform has attracted more than 9 million software developers. It’s used in every major industry segment and has a presence in a wide range of devices, computers, and networks.

Java technology’s versatility, efficiency, platform portability, and security make it the ideal technology for network computing. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!

  • 1.1 billion desktops run Java
  • 930 million Java Runtime Environment downloads each year
  • 3 billion mobile phones run Java
  • 31 times more Java phones ship every year than Apple and Android combined
  • 100% of all Blu-ray players run Java
  • 1.4 billion Java Cards are manufactured each year
  • Java powers set-top boxes, printers, Web cams, games, car navigation systems, lottery terminals, medical devices, parking payment stations, and more.

To see places of Java in Action in your daily life, explore java.com.

The bold on the bullet list above is mine.

Oracle really needs to wake up now before they totally destroy the great reputation that Sun Microsystems had when they conceived and built so much with Java. And all for nothing!

Trust is a terrible thing to waste.

 

 

New Metaspoit 0-Day IE7, IE8, IE9, WinXP, Vista, Windows 7

New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7 – SecurityStreet/Rapid7

We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures.

Here’s the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit (CVE-2012-4681), with a blog entry titled “Let’s Start the Week with a New Java 0day in Metasploit“. You’d think the 0-day attack from the same malicious group might cool down a little after that incident… well, you’d be wrong. …

BOLD and COLOR emphasis mine.

I am sure that they only tested IE7, IE8 and IE9 initially on this because those are the only IE browsers in use right now for Windows XP, Vista and Windows 7 and based on the w3Counter, the largest number of IE users at this time.

He also said that if he were to test IE10, he was certain it would fail the test as well.

One can only imagine how miserably IE6, as the highest level of IE that works on Win2K, would do. You would think that most people have moved onto newer versions of Windows, but some have not sadly despite the fact that Win2K hasn’t had an update since I think July 2010 and despite articles like this one from Ed Bott January 16, 2010. Don’t think it’s a big issue? Well according to the IE6Countdown website, IE6 still has an impressive 6% of Internet users worldwide as of August 2012.

Sure the USA’s piece of pie for IE6 is only 0.04% but I know a few of those folks and they are diehard users who refuse to leave a dead OS and browser due to economic issues, or sight issues, or both. Now, to their credit, some of these Win2K users do have a NAT hardware router, a software firewall, and they use Firefox and not IE6, but still, Win2K has not had any updates since July 2010! Not a wise move.

Personally,  I have NO addons allowed to work in IE8 in Windows XP by default on the Installations of Windows XP SP3 that I have still running, or IE9 on Windows 7.

I lock down my other browsers with no scripting type extensions like NoScript on Firefox, Chrome, etc. regardless of the operating system I am using (Windows, Mac, Linux), as well as Adblock Plus.

Another great little program for Windows that can help you keep a handle on what is happening on your Windows computer is BillP Studio’s WinPatrol Plus and FREE WinPatrol. I use it on my WinXP SP3 as an added protection since I have a laptop that can only run WinXP (SP3 of course), I use very intermittently for special use tasks such as setting up routers, or downloading music using Amazon Downloader, or sites that use OverDrive Media Console, etc. which won’t run on Linux on my laptop. This is when I am on the road using Library or Starbucks, or other public wifi hotspots due to our bandwidth limitations here at home on Verizon Wireless.

And I have found it to be wise to use a different browser (locked down of course as much as you can tolerate), rather than the ‘ubiquitous’ browser (IE in Windows, Safari on the Mac, or whatever the default browser is in a given GUI in Linux) in any given operating system.

One can not leave this to chance these days, IMHO.

 

EDIT: Added articles – one more about the exploit and the link to information on Microsoft’s workaround:

Update: Hackers exploit new IE zero-day vulnerability – Computerworld

Customers can use the Enhanced Mitigation Experience Toolkit (EMET) 3.0 to harden IE enough to ward off the current attacks, said Wee, of the company’s Trustworthy Computing Group, in an email late on Monday.EMET 3.0 can be downloaded from Microsoft’s websites.

Microsoft issues workaround for IE 0-day exploited in current attacks – net-security.org

Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate – but not yet remove – the threat:

  • Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7’s advice and switch to another browser for the time being.

Again BOLD emphasis mine.

Don’t lose your Internet on Monday – Use the DNSChanger check tool

Internet will vanish Monday for 300,000 infected computers – Computerworld

It’s not just consumer PCs and Macs — DNSChanger was equal-opportunity malware — that remain infected, but also corporate computers and systems at government agencies, said Tacoma, Wash.-based Internet Identity (IID), which has been monitoring cleanup efforts.

Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies — or 3.6% — also had failed to scrub all their PCs and Macs.

According to the article, the numbers are down though, back in January, the numbers were still 50%!

Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.

Yesterday, U.S. District Court Judge Denis Cote extended the deadline for shutting down the replacement servers by four months, from March 8 — this Thursday — to July 9, 2012.

Well, now the deadline is coming up again. Monday, July 9, 2012 they will be turning off the safe substitute go-between servers and anyone who still has DNS Changer-infected systems at that time, will be severed from the Internet on Monday.

Checking is pretty easy and generally will determine if you have a DNSChanger infected system. The DNSChanger Working Group (DCWG), a volunteer organization of security professionals and companies has provided a great way to do just that.

You can go directly to their site Detect Help Guide page with the DNSChanger Detect Tool pages:

http://www.dcwg.org/detect/

You will find lists of servers in various languages there and some information about their checker and what it does. One of the English servers available to provide the DNS Changer Check-Up are:

http://www.dns-ok.us/

You should get the following response if your computer does NOT have DNSChanger or other malware that changes your DNS Servers on your computer:

DNS Changer Check - DCWG - Source: Computerworld

DNS Changer Check – DCWG – Source: Computerworld

In case it is too small to read, at the bottom of the DNS Resolution – GREEN image, it says the following:

Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI’s website at:
http://www.fbi.gov/news/stories/2011/november/malware_110911

BOLD emphasis mine.

DNSChanger check tool: Malware infection could cause internet loss Monday, FBI responds – WPTV.com

The WPTV.com article goes a step further and also lists some additional help locations for malware removers, etc.

If your computer is infected, click here to learn how to get rid of the infection: http://www.dcwg.org/fix

The following sites can also help you with free or low-cost products to check and fix your computer if it’s infected:

· Microsoft Safety Scanner – http://www.microsoft.com/security/scanner/en-us/default.aspx

· Kaspersky Labs TDSSKiller – http://support.kaspersky.com/faq/?qid=208283363

· McAfee Stinger – http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

· Hitman Pro (32bit & 64bit versions) – http://www.surfright.nl/en/products/

· Norton Power Eraser – http://security.symantec.com/nbrt/npe.aspx

· Trend Micro Housecall – http://housecall.trendmicro.com

· MacScan – http://macscan.securemac.com/

· Avira – http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

If you are still concerned that you might lose Internet come Monday, you can use one of the above products to determine if you are infected with the DNSChanger or other malware.

Or just wait till Monday and see, and if you lose Internet, you can use one or more of the products, at that time, or call your computer specialist to help you remove it. With only a few hundred thousand computers still being infected, you could be infected, but chances are, you are not.

Also, without actually running one or more of the programs listed to determine if you are infected, and because the government’s substitute DNS Changer servers are currently in place until Monday, you may not be able to even tell if you are infected from the detect tool alone.

EDIT NOTE: It couldn’t hurt to have a copy of the downloadable antimalware programs and update/run them before Monday: such as McAfee Stinger or Kaspersky’s TDDSKiller just in case — BEFORE they turn off the substitute safe DNS servers. What’s the logic in that? If it turns out you are infected (albeit unlikely), you may not be able to get to the sites to get these antimalware tools later. Of course come Monday, any online tools listed, like Trend Micro’s Housecall and any other online tools would not be available if your computer turns out to be infected and loses Internet.