Microsoft just came out with a beta of their next version, Microsoft Security Essentials 2.0 featuring:

• Windows Firewall integration– allows you to turn on or off the Windows Firewall during setup.
• Enhanced protection from web-based threats – integrates with Internet Explorer to provide improved protection against web-based attacks.
• New protection engine – offers enhanced detection and cleanup capabilities with better performance.
• Network inspection system – protects against network-based exploits.

To get the new version, go to the Microsoft Connect site and fill out the beta registration information. Then you’ll see instructions for downloading and installing the beta.

This Wednesday, April 1st the Conficker worm will do something. No one knows what. But it has security experts up late. It is believed that at one point Conficker was on 6% of the world’s PCs. This has been reduced dramatically by the work of Microsoft in issuing special patches for the worm. But hundreds of thousands of PCs are still estimated to be infected.

Early this month, Symantec’s security researchers began noticing that the worm was changing in order to avoid steps to interrupt the worm’s links with its hacker controllers. The first versions of the worm generated a list of 250 possible domains each day that could be used to route instructions from hackers. The new edition uses a list of 50,000 URLs in order to overwhelm security researchers.

Typically hackers use large botnets of computers to commit distributed denial of service (DDOS) attacks against websites. The hackers will demand that large websites pay them in order to be spared.

If you are worried about your computers or those of people you love, you can read Microsoft’s alert and my earlier post on how to prevent and remove the virus.

Antivirus XP 2008 shows a list of files that it claims are infected on your computer. See that the icons used are the same as those used by Windows. If you register the “anti-virus” software in an attempt to fix your computer, the bad guys will have your credit card information.

On other computers, I have seen Antivirus XP 2008 installed on the Windows Desktop background so that your wallpaper background always gave you a warning.

This has become a common computer problem. It is an easy scam to fall for because it looks very close to a real Windows warning.

This is an effective social engineering scam because people are scared of viruses and have grown accustomed to following any computer-generated prompts to remove them.

For this particular computer, I booted into Windows Safe mode and ran Malwarebyte’s Anti-malware program which is free for a couple of weeks use. Luckily the infection could be removed. In some cases, the malware can actually take over all administrator rights to the computer and rewrite the operating system to the extent that the only real alternative is to save your personal files and reinstall Windows.

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet.

The system infects PCs with a program known as Coreflood that records keystrokes and steals other information.

“The great thing about this system is that from one computer it is possible to push out updates to all machines in a corporate network at once,” Mr. Stewart said. “This is a useful tool that Microsoft has provided. However, the bad guys said, ‘We’ll just use it to roll out our Trojan to every machine in the network.’ ”

The gang then uses the passwords to access your bank account and transfer out money. Scary stuff.

This only affects Microsoft operating systems, so Macs are safe. In order to protect PCs, I suggest using:

• hardware firewall (included in routers)
• Windows Vista or XP with Service Pack 3 (latest)
• Anti-virus software such as AVG Free or Avast.

If you get infected by something like this Coreflood virus, you should do a complete re-install of your system.

Most people say that once a machine is infected with a virus, there is no practical way to know for sure if it is ever truly safe. You could take out the drive, attach it to a Linux machine for scans, and run all the latest tools. But this doesn’t guarantee success.

Think of it as an arms race between the virus writers and the anti-virus writers. Many viruses re-write parts of the Windows operating system. They are written specifically to sneak past popular anti-virus software, namely Norton and McAfee.

The solution, especially for machines with nasty viruses, is a clean install of the operating system. This can’t be done from within Windows. The important data should be backed up and the drive should be formatted and a clean install should be performed.

Before the old data is put back on the computer, it too should be scanned. Even documents can contain little programs (Macros) that could contain viruses.

Client Story

A recent client in Virginia had a computer that was badly infected. After the computer booted up, supposed anti-virus software popped up indicating that there were viruses. This was certainly true, but the anti-virus software was bogus. It just asked for his credit card info to fix the problems. If he had provided his credit card, I am sure that the virus would not have been removed. He would have probably just gotten many unauthorized charges.

His computer was no longer his. He had no administrator privileges. He had no “My Computer”, no CD drive, and no task manager. His system tray in the bottom right corner only had the words “VIRUS ALERT!”.

Without much hope, I initially tried Windows is Avast! 4 Home Edition.  One feature that Avast has over the previously mentioned AVG is the ability to scan Windows before booting into Windows machines.

Unfortunately, much of the operating system had been modified, so Avast could not fix it. I removed the drive, placed it in a Linux machine, backed up and scanned the important files, and then ran Darik’s Boot and Nuke to wipe the drive.

The desktop was an HP that did not come with a restore disk, so we had to purchase another copy of Windows to install.

I told the customer how many viruses use social engineering to work. Messages appear in an email or browser pop-up window and they appear legitimate so users click on them. He asked me how to tell the real pop-ups for the fake ones. Without computer experience, it is very difficult to know.

Windows Vista has made this worse. By constantly asking people to approve even small tasks, it conditions people to just click “Okay” for everything.

His computer now is up and running again. It is behind a router with a firewall and has the Firefox web browser and Avast anti-virus.  Hopefully that will keep him safe from viruses and malware. At least he can rest assured that his machine is not currently hi-jacked after a clean operating system install.

It includes free anti-virus updates and does a great job of finding and stopping viruses.

The only downside to AVG is that every year or so AVG comes out with an update that requires a fresh install of the new version. And on the website, you need to look for the free version. AVG does push their paid version.

When installing, you don’t need to install their browser plug-in which can needlessly slow things down. Instead, for safety, you should use Firefox when browsing the Internet.

Compared to standard anti-virus software from Norton and McAfee, AVG does both a better job finding viruses and is less resource hungry in my opinion. Often I will find a system that is completely bogged down, not by viruses but by Norton’s rediculously large Internet Security Suite of software.