WinPatrol Changing of the guard

WinPatrol – Scotty

WinPatrol has been very important over the years. I have several (six I think at least) lifetime memberships of WinPatrol software and I install it on all my Windows installs personally and for my friends, family and clients. It has been a staple in my security arsenal for many years now, and BillP has been a great friend to all of us.

BillP, thank you so much for continuing to look for someone who would fit the bill, as it were, and you certainly found a great choice!

I am very excited about the promise that Bret Lowry made to WinPatrol customers:

My commitment to WinPatrol customers is as follows:

One, your lifetime PLUS licenses are just that, lifetime licenses. That was the easiest topic in our negotiation and is written into the contract.

Two, WinPatrol will not have toolbars or other “add-ins” added to it or its installer. Installers that do that drive me crazy because I’m the guy people call to “fix” their computer after the installer completes its hijacking. I am not going to do that to my customers.

Three, I will be responsible for answering support questions, even more incentive to play nicely and stand-by item two above. And

Four, I use WinPatrol myself and therefore am committed to the continued improvement of WinPatrol. I am honored to have earned Bill’s trust and confidence in his allowing me to purchase WinPatrol. Bill has run WinPatrol with integrity since its inception, as a founder of Ruiware (along with my wife), I promise we will carry on that tradition.”

BillP, after reading your blog posting and Corrine’s Security Garden posting, I was totally thrilled to read about Bret Lowry, Ruiware, LLC being your choice.

Totally awesome! I knew you wouldn’t let us down! Thank you Bill for all the years you have given to us! We totally understand your need to step aside and wish your family all the best and your family is ever in my thoughts and prayers.

Corrine, thank you for letting us know of the change right away!

This must be a bittersweet day for BillP; to let go of his baby, to turn it over to someone else, but sweet knowing he turned it over to a great guy who will care for his customers the way he did.

Hi Bret Lowry! I am excited to meet you in Bits from Bill and from Security Garden Blog. Thank you for putting our minds at ease about the commitment you have given us. Hope you will still do the sales periodically like BillP always did and keep the price economical and the free edition which is so important.

On WinPatrol.com:

I’m very happy to announce WinPatrol’s future will be in the hands of Ruiware founder and former lead at Sunbelt Software, Bret Lowry. If you read today’s post and download our new version later today you’ll understand why I’m confident Scotty is in good hands.
Click here to find out why

And this wonderful note from Bret too:

WinPatrol.com - WinPatrol from Ruiware.

WinPatrol.com – WinPatrol from Ruiware. “When I discovered WinPatrol I knew it was a winner and a program I’d install for my entire family. WinPatrol customers matter. You still won’t find obnoxious toolbars when you download WinPatrol. Instead, we help you get rid of them. Thanks, Bret Lowry — Click on image to go to WinPatrol.com

In closing, I would like to echo Corrine’s thoughts from her Security Garden blog entry:

On a personal note, I have long respected Bill Pytlovany and, because of his honesty and high ethical standards, held him in high esteem.  I know I won’t be losing contact with him but still wish to take this opportunity to publicly thank Bill for providing an excellent product.

I could not have said it any better!

Bits are Bits…Net Neutrality

But they say we'll all be better off this way (as they cut new content, innovation, consumer choice)

But they say we’ll all be better off this way (as they cut new content, innovation, consumer choice) – Imgur.com

What is net neutrality?

At its simplest, net neutrality holds that just as phone companies can’t check who’s on the line and selectively block or degrade the service of callers, everyone on the internet should start on roughly the same footing: ISPs shouldn’t slow down services, block legal content, or let companies pay for their data to get to customers faster than a competitor’s.

In this case, we’re also talking about a very specific policy: the Open Internet Order, which the FCC adopted in 2010. Under the order, wired and wireless broadband providers must disclose how they manage network traffic. Wired providers can’t block lawful content, software, services, or devices, and wireless providers can’t block websites or directly competing apps. And wired providers can’t “unreasonably discriminate” in transmitting information. The FCC has been trying in one way or another to implement net neutrality rules since 2005.

That was in the sidebar from The Verge’s article from May 14, 2014 called GAME OF PHONES: HOW VERIZON IS PLAYING THE FCC AND ITS CUSTOMERS

So very important!

Much more in the article.

I found that when I was reading a more recent article by arstechnica called Report: Verizon FiOS claimed public utility status to get government perks:

“It’s the secret that’s been hiding in plain sight,” said Harold Feld, senior VP of consumer advocacy group Public Knowledge and an expert on the FCC and telecommunications. “At the exact moment that these guys are complaining about how awful Title II is, they are trying to enjoy all the privileges of Title II on the regulated side.”

“There’s nothing illegal about it,” Feld, who wasn’t involved in writing the report, told Ars. However, “as a political point this is very useful.”

The FCC classifies broadband (such as FiOS) as an information service under Title I of the Communications Act, resulting in less strict rules than the ones applied to common carrier services (such as the traditional phone system) under Title II. But since both services are delivered over the same wire, Verizon FiOS is able to reap the benefits of utility regulation without the downsides.

Much more in this article as well.

Bits are bits. This is the point I have been pushing. Like water companies, electric companies and even telcos. There should be no fast lanes. There should be no place where they discriminate between bits. They are the water or electric company of the Internet. they provide the pipes that the data rides through. They should be simply providing the bits and not discriminating between them.

If they start discriminating between the bits, they set themselves up as the gatekeepers of the Internet. It opens the door to invasion of privacy and discrimination. It also stifles innovation by making it easier for big business to control the industry. It makes it exponentially harder for the next “Google” or “Yahoo” or other disruptive innovation to take off. If Google or Yahoo had to pay for fast lanes for their customers in the early days of the Internet, they never would have made it out of the gate. Neither will the next innovative and disruptive technology. And we will all be the losers if that happens. It will also make it harder for small businesses in general that might have an online component to their business to provide competitive services because they can’t afford to pay for those fast lanes. This will be true of small businesses that provide remote services as well as hosting, etc.

I think it is very important to contact the FCC and submit your thoughts on this very important issue of Net Neutrality which will affect us all in one way or another. Even if we are just users of the Internet, we will also feel the monetary impact, as well as freedom and privacy impact, and innovation impact. We always do.

What Do You Want Your Representatives to Ask Chairman Wheeler About Net Neutrality? – EFF.org:

Thus, Congress has an important role to play in the struggle for a neutral Internet. We know that members of the subcommittee are planning to re-write the Communications Act, and we know that letters from Congress members aren’t taken lightly by the FCC in the rulemaking process. That means it’s time to let our elected officials and the FCC know that we will fight to protect the future of our open Internet.

Here are three ways to join the debate and have your voice heard:

  1. Today, tweet your questions for FCC Chairman Wheeler during the Communications and Technology Subcommittee hearing using the hashtag #AskWheeler.
  2. Call your representative. Let’s be clear: any rules that allow Internet providers to discriminate against how we access websites would be a disaster for the open Internet.
  3. Submit comments in the FCC official rulemaking process. We’ve made it easy with our DearFCC.org public comment tool. It’s time to fill the FCC’s Open Internet docket with our voices and our stories. After all, it’s our Internet.

There are no easy solutions. But the FCC and Congress both want and need to hear from us. So let’s give them what they ask for. Let’s defend our Internet.

XP SP3 and Office 2003 Support Ends April 8, 2014

Windows XP has been around since August 24, 2001 – 12 years ago now. It is getting VERY long in the tooth.

Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Like many Operating System versions, Windows XP was not such a great OS in the beginning. BUT, like many Microsoft products, it got better after Service Pack 1 (SP1), but wasn’t the best it could be till after Service Pack 2 (SP2) and mildly better after Service Pack 3 (SP3). SP3 is the current version of Windows XP.

I loved Windows XP for a long time, even though it was getting long in the tooth. But I have come to love Windows 7 even more. Windows 8 … the jury is still out. For me I use several different operating systems. I also love and use Mac OS X or just OS X (as it is called now) and Debian Linux.

Windows XP has been on life support or Extended Support since April 8, 2009 when Mainstream Support ended. That was after two says of execution as it were since it was supposed to be ended earlier than 2009.

Windows XP has been the main stay for many folks for a long time in the Windows world — the last 12 years. That’s a long time for an Operating System version.

Windows XP still holds the #2 spot at 31.24% of computer users as shown below in the graph from NetMarketShare.com:

NetMarketShare.com Operating System Breakout - November 1, 2013

NetMarketShare.com Operating System Breakout – November 1, 2013

Windows 7 holds the #1 spot for a very good reason. It is still the best of the newer Operating Systems from Microsoft to date — in my opinion and nearly half of all Windows users to date. And Windows 7 is still good to go until January 14, 2020 (end of Extended Support – it is still in Mainstream Support until January 15, 2015). Here’s the break out of the Windows lifecycle fact sheet info:

Windows Life Cycles from the Windows Life Cycle Fact Sheet

Windows Life Cycles from the Windows Life Cycle Fact Sheet

I have said all this because we need to see where were are, and where we need to be as computer users, particularly as Windows users with April 8, 2014 looming over those of us still using Windows XP.

Especially in the light of the pervasive malware purveyors out there today.

We need to make sure we are all no longer using Windows XP of any kind before or at least by April 8, 2014 when Microsoft will no longer be providing ANY security updates for Windows XP.

A few years back they did the same thing with Windows 2000. It’s now Windows XP’s turn.

Please read the following articles to see why this will be very important:

Windows XP infection rate may jump 66% after patches end in April – Computerworld

Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

Windows lifecycle fact sheet – Microsoft.com (image above)

New stats show Windows 8 usage up sharply as XP usage plummets – ZDNet (for curiosity though, look at the difference between the table on ZDNet’s article and the one today).

NetMarketShare (choose Operating Systems from the dropdown to see the chart above in real time)

Gartner Says Worldwide PC, Tablet and Mobile Phone Shipments to Grow 4.5 Percent in 2013 as Lower-Priced Devices Drive Growth – Gartner.com

Source: Gartner Oct 2013 - Worldwide Device Shipments by Segment

Source: Gartner Oct 2013 – Worldwide Device Shipments by Segment

It would appear, that, as predicted, many around the world are moving to other types of computers, in particular mobile devices. This was forecast and it would seem to be coming to pass rather dramatically now.

It is amazing to see the number of people who rarely if ever use their desktop computers these days, relying on their mobile devices for almost all, if not all, their computing and Internet needs. Some folks no longer even have a computer other than a tablet, like the iPad or Nexus Tablet, or Surface, etc., or just use their smartphones for their email, browsing, messaging, gaming, etc. which is the bulk of what people seem to do on the Internet these days. Unless of course if their work or business, or gaming bents, are important to them. Having said that, even gaming has very much gone mobile for many people.

I am hoping that folks will take a look at the overall picture and determine which direction they wish to go now that there are only a few months left before Windows XP will no longer be a viable Internet connected computer.

Will a Desktop or Laptop be the way to go, or will a Mobile device like a Tablet or maybe even just a smartphone be enough for many folks? Staying with Windows or moving to a Mac may also be a consideration.

No matter which way folks ultimately go, deciding will be important and thinking about this is really needed with Windows XP going away in just a short few months.

Over 31% of computer users will need to make this decision before April 8, 2014, if they wish to remain as safe as they can be on the Internet.

Even with Google Chrome continuing to support Windows XP SP3 a year after Microsoft (till 2015), if the Operating System itself has no updates, that will certainly not be enough.

Lots to think about and only a few months to decide … Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

New Flash Player Zero Day

[tweetmeme source=”franscomputerservices” only_single=false]ZDNet reports, Adobe warns of new Flash Player zero-day attack:

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

These are being used to steal secrets from corporations, likely through downloaded and emailed MS Word documents such as Excel.

Adobe is working on patches for Flash 10.2.x and for earlier versions as well, for just about every OS out there.

Adobe Reader X protected mode will “prevent an exploit of this kind from executing.” The actual fix won’t come till their normal patch cycle in June for Adobe Reader. So be sure to get the latest version (Adobe Reader X)!

Much more in the article including information and links to Adobe’s security release.

Lizamoon and Epsilon breach

[tweetmeme source=”franscomputerservices” only_single=false]There are two major things that users need to be aware of right now, as if there weren’t enough already. 😉

One affects email and the other affects browsing/surfing the Internet. Both bad news, and we all need to be very aware of what has happened and why we have to be very vigilant in making sure we don’t click on links in email, open attachments sent in email, or respond to potential unexpected boxes and requests while surfing the Internet.

Financial and payment services are the biggest areas being hit right now, and will continue to be so much more effective and dangerous due to the current economy while people scramble to survive around the world.

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Lizamoon/LizaMoon drive-by rogue malware infection

Lizamoon is a drive-by rouge antimalware or antivirus download infection. Thankfully you generally have to take some action to allow it to install as noted by Fred Langa in the comp copy of WindowsSecrets.com newsletter in his article entitled, “LizaMoon infection: a blow-by-blow account“. Must read!

The most important takeaway is that Fred said he had to take action on four separate occasions before the infection took place:

On the other hand, deliberate choices and actions by a user can defeat any software. LizaMoon required my active, voluntary involvement four different times before the infection took hold.

LizaMoon wasn’t even subtle: I had plenty of warnings and opportunities to abort the process, the malware itself provided abundant clues to its own bogus nature (such as an inability to keep its aliases straight).

Much more in the article. A must read for all who surf the Internet to be able to identify this rogue drive-by infection when it happens/if it happens.

The biggest takeaway:We can prevent these types of things by being aware and not clicking on things just because they are presented to us while surfing the Internet.

Epsilon breach – Spear Phishing attacks

Epsilon is an outsourcing marketing company for many big companies/banks. They have a huge database of people’s email addresses, names and the company or bank associated with each email address. This makes the spear phishing, generally a very effective social engineering technique and can make their attacks via email so much more effective…mainly because they know the email addresses are real, and more importantly they can link the real name and the actual company/bank connected the email address.

Computerworld reports, “Security experts today warned users to be on the watch for targeted email attacks after a breach at a major marketing firm that may have put millions of addresses in the hands of hackers and scammers.”

Brian Krebs (KrebsOnSecurity) and Heise Online Security report,

Epsilon has now confirmed that approximately 2 per cent of its total clients were affected. According to a blog post by security blogger Brian Krebs, financial services company Visa and American Express (Amex) say that they were not impacted by the Epsilon breach. However, the following banks, service providers and online retailers are said to have been affected:

1-800-FLOWERS
AbeBooks
Air Miles (Canada)
Ameriprise Financial
Barclay’s Bank of Delaware
Beach Body
Bebe Stores
Best Buy
Benefit Cosmetics
Brookstone
Capital One
Chase
Citigroup
City Market
College Board
Dillons
Disney Destinations
Eddie Bauer
Eileen Fisher
Ethan Allen
Euro Sport (Soccer.com)
Food 4 Less
Fred Meyer
Fry’s Electronics
Hilton Honors Program
Home Depot Credit Card (Citibank Editor)
Home Shopping Network
JPMorgan Chase
Kroger
Marks and Spencer
Marriott
McKinsey Quarterly
MoneyGram
New York & Co.
QFC
Ralph’s
Red Roof Inns
Ritz-Carlton
Robert Half International
Smith Brands
Target
TD Ameritrade
TiVo
U.S. Bank
Walgreen’s

Much more in these articles, must read, as well as others on the web including WashingtonPost, eWeek, BBC, and others.

The biggest takeaway: Don’t believe everything you see in email. Don’t trust links or downloads in email. Check with the person who sends it before opening any downloads and don’t give out information from your bank, and other sites, etc. unless you can confirm it definitely came from them. You can always go to the site directly from your own bookmarks/favorites and login to ensure you get to the right place. Don’t use their links in email unless you can verify it’s really from the company. In fact, one can get into trouble and get further compromised by clicking on links in email.

Side note: this is why I do not view email as HTML. So much can be hidden behind all the pretty pictures and code.

And be prepared. Keep your antivirus software and antimalware program as well, clear your Internet cache frequently. If you suspect you have been hit with one of these rogue antivirus/antimalware attacks, unplug the Internet/network cable from your computer to prevent further harm and take appropriate action by running Malwarebytes Antimalware, CCleaner (or other temporary Internet cleaner program you use), and then a scan with your antivirus software and take whatever recommended action they call for. Links to these programs provided on our Resources page.

If you make sure both of these are updated before you surf for the day, you will be in a much better situation should you somehow get hit with something.

And do your backups, and have an image of your OS to restore from if it becomes necessary. Windows 7 makes this very easy to do with their built-in image creator and backups, and system repair disk.

BetterPrivacy Firefox Addon

[tweetmeme source=”franscomputerservices” only_single=false]BetterPrivacy Firefox Addon

Ever wondered why you are still tracked though you tried everything to prevent it?

BetterPrivacy is a safeguard which protects from usually not deletable LSO’s on Google, YouTube, Ebay…

This is a great addon. I had no idea I had so many of these and some dated back to 2006!

They don’t show up in your normal cookies area of the browers.

So what are LSOs (wikipedia.org):

Local Shared Objects (LSO), commonly called flash cookies, are collections of cookie-like data stored as a file on a user’s computer. LSOs are used by all versions of Adobe Flash Player and Version 6 and above of Macromedia’s now-obsolete Flash MX Player.

Privacy concerns

LSOs can be used by web sites to collect information on how people navigate those web sites even if people believe they have restricted the data collection. More than half of the internet’s top websites use LSOs to track users and store information about them. There is relatively little public awareness of LSOs, and they can usually not be deleted by the cookie privacy controls in a web browser. This may lead a web user to believe a computer is cleared of tracking objects, when it is not.

Several services even use LSOs as surreptitious data storage to reinstate traditional cookies that a user deleted, a policy called “re-spawning” in homage to video games where adversaries come back to life even after being “killed”. So, even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as “backup.” In USA, at least five class-action lawsuits have accused media companies of surreptitiously using Flash cookies.

In certain countries it is illegal to track users without their knowledge and consent. For example, in the UK, customers must consent to use of cookies/LSOs as defined in the “Guidance on the Privacy and Electronic Communications (EC Directive) Regulations 2003”:

Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:

* is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
* is given the opportunity to refuse the storage of, or access to, that information.

There is more information in the links at the bottom of that wikipedia article on LSOs. Here’s just one from EPIC (Electronic Privacy Information Center) called EPIC Flash Cookie Page

If you install BetterPrivacy Firefox Addon, they have a very nice writeup on LSOs from the HELP button when looking at the options.

NOTE: The best part about BetterPrivacy is that you choose which ones to keep and which ones to delete. There are some sites that you likely will want to keep them and set them to be protected, but you certainly don’t need sites that you casually visit setting them and having them for years tracking your activities.