ESET Nod32 Version 6 Released Today

ESET Nod32 Version 6 was released today. By default, ESET Nod32 does not check for and install new program updates automatically. For any clients on our Monthly Support Plan or any clients who have purchased consignment workstations or database servers from The Computer Peeps and as per PCI DSS, this is one of the many adjustments we make to properly secure your system. Your systems will update automatically.

To manually check for program updates, visit the Updates tab of ESET and then click the Check button. ESET will check for the latest update…

[hr]

[info_box style=”notice”]Tip: Setup > Enter Advanced Setup > Update > Advanced Update Setup > Setup to enable the Regularly check for latest product version option, as well as the ‘Always update program components’ option.[/info_box]

[hr]

Once ESET has checked and found the latest update, click Install…

ESET will require a reboot once this update has been installed…

The new version is for the most part, the same as version 5 and is not a complete departure. That being said, ESET has added handy new features and optimized program performance even more than before.

They’ve added a new Social Media Scanner, which we highly recommend enabling and installing.

You’ll be prompted to install ESET’s Facebook app…

This new extension of ESET, protects your Facebook page by scanning for malicious posts, links, and messages. It can even alert your friends, if they have malicious content on their Facebook walls.

The settings available cover options such as email notifications and whether or not the ESET app should ‘reply’ to posts from infected/malicious posters…

Overall, this has been a smooth update thus far. Make sure your antivirus is updating automatically, but as always, make sure you’re taking all the precautions to manage your systems – e.g. file backups, system images, database backups, etc.

For clients on our new System Monitoring & Patch Management Service, we’ll be alerted as each system automatically updates to the latest version of ESET and we will be checking on each and every system…

Peeps' System Monitor ESET Nod32 Installation Alert — Peeps’ System Monitor ESET Nod32 Installation Alert

If you have any questions or comments, feel free to post below!

Facebook Security Flaw Allows Users to See Private New Year’s Messages

Facebook is offering a service that allows users to send messages to other users, which will be delivered at the stroke of midnight.

This is part of their Facebook Stories site…

https://www.facebookstories.com/midnightdelivery

The only problem is, it has a little flaw. As first reported on Jackthewelshman’s blog, anyone can view and even delete other users’ messages. As you can see in his examples, all it takes is a slight change of the URL and you’re now viewing (or deleting) someone else’s private message.

Not that anyone is using this Midnight Delivery service to send extremely sensitive information, but as Jackthewelshman pointed out private pictures – pictures of people and their kids – were all visible to the public.

This is just the most-basic of issues one has to address when building a web application. Testing for access to resources without being logged-in, URI manipulation, etc. are all things even a small company has to deal with, let alone Facebook.

For such a high-profile, ‘featured service’ of theirs to have such a glaring flaw, begs the question, what else is being overlooked?

Wal-Mart/Facebook Gift Card Scam

Keep an eye out for bogus Gift Card scams through the holiday season. This social engineering trick says you’ll get $1,000, but all they’re trying to do is install their malicious Facebook app…

New Zeus Botnet Worm Posing As “FacebookPhoto_ADD_album.jpeg.exe”

Careful, folks, there’s a new Worm that is posing as a “Facebook Photo Album” executable. A .zip file is being emailed and if you install the program within, you’re likely to infect your system. Currently only 8% of antivirus scanners are detecting this worm, so this one is fresh.

You should never open any attachments from people you do not recognize. Even if the message is from someone you recognize, think twice before opening a .zip or .exe file. There really is absolutely no reason to install any software sent to you via email. If a friend or family member are trying to tell you about a new program, they can send you

Now is also a good time to mention email providers. We strongly recommend switching to Google Apps, which is free Gmail for businesses. You are not going to see any messages get through with a .zip attachment while using Gmail.

As always, if anyone has any questions, just let us know!

Facebook App Redesign “Tricks” Users Into Installing Apps

TechCrunch just published a fantastic article outlining the deceptive new layout for Facebook Apps. Facebook has changed the buttons/options you see when an app would like access to your Facebook profile. In the past, you would be greeted with an “Allow” or “Don’t Allow” option. Now you are no longer presented with the clear options and in fact now, there’s only one button – “Play Game”. This is something to be expected from ‘hackers’, virus writers, etc. They’re intentionally trying to deceive people into clicking on buttons or pictures that appear safe. Coming from Facebook though, I think this is a bit much.

I have a feeling this is going to lead to more users allowing malicious apps to have access to their user profile. I’m all for trying to make things easier for users, but I think there’s a stark difference between “Allow/Don’t Allow”…

Old Facebook Allow/Don’t Allow Options

As compared to the new “Play Game” option…

This is social engineering 101!

Make sure you discuss this with your employees so they’re aware of this change. Bogus apps will typically redirect you away to another 3rd party site which attempts to download and install malware on your system. All it takes is one simple, “Oh, I didn’t think a Facebook App could be harmful” to bring a system down.

Some quick tips for staying safe while on Facebook:

[box]

[checklist]

Only install apps that you trust and that come from legitimate developers. If you’re unsure, then you don’t need that app.
We recommend using a Javascript blocker, such as NoScript for Firefox.
Utilize an ad-blocker, such as AdBlock.
Always make sure you have the latest operating system updates.
Ensure you’re using good, up-to-date antivirus + anti-malware software – we recommend ESET Nod32 and Malwarebytes’ Anti-Malware Pro.

[/checklist]

[/box]

Just keep an eye out and read before you click!

Facebook Profile Viewer: Maybe, just MAYBE, this one is real :D

Ok, we used to go through the Who/What/Where/When/Why when it came to this sort of Facebook post. I don’t think this one requires such an explanation. I just can’t believe how much of this, well, crap is still floating around on Facebook.

If you’re a business and you’re looking for alternatives, here are some recommendations:

[checklist]

Twitter – If you have a Facebook page, chances are you have a Twitter account as well. Twitter is a bit more streamlined, as far as content goes. You can still run into the occasional bogus phishing link or childish drivel, but Twitter is a bit more of a straight-forward approach to broadcasting information.
Google Plus – Some scoff at G+ and think it’s a no man’s land. That simply is not the case. Businesses and individuals looking for a better way to share – e.g. Hangouts, Circles, search result tie-ins, comment formatting, etc. – are using G+ to their advantage.
Reddit – Reddit is a great place for news, information, and sharing with others. Network with other users in topic-specific communities called Sub-Reddits. Spend a week on Reddit and you’ll start to realize you “saw that last week” as you watch the news or scroll through Facebook.
Pinterest – Pinterest is becoming a more and more popular way to share anything from clothes you like, to architecture. Consignment businesses can really utilize Pinterest’s ‘pin’ feature to share new outfits that were recently consigned.
Blog – If you’re a business and you provide a service or sell products, you really should have a blog. With a WordPress-based website, you can easily post to your blog and keep your customers in the loop. Adding new content keeps your site rich with content, which can boost search results.

[/checklist]

Facebook Tracks You Even AFTER You Log Out

Did you know Facebook is tracking you everywhere you go on the Web? Even after you log out of Facebook, they’re still tracking your footsteps and that data is tied to your Facebook User ID.

I’m a big fan of the Do Not Track option in Firefox, but why is Facebook tracking every website you visit after you log out? Because they can. This is done with a tracking cookie.

This morning, Nik Cubrilovic outlined the details in an article on his blog:

http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough

To quote Nik:

“Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.“

So what does Facebook have to say about all of this? According to Facebook Systems Engineer, Gregg Stefancik, this was essentially an “oversight.” Here’s his response to Nik’s findings:

Facebook Engineer Gregg Stefancik's Response | Click to Enlarge

Whatever Facebook was or was not tracking you around the web for, they were tracking you around the web. They can say they’re not using that data, but it still stands – they have that data.

To enable Do Not Track in your browser:

Firefox – Firefox Button > Options > Privacy > Tell web sites I do not want to be tracked
Chrome – Keep My Opt-Outs Extension
Internet Explorer 9 – Tools > Safety > Tracking Protection > Personalized List > Enable (We strongly recommend NOT USING Internet Explorer)

[Warning] New Facebook Threat

There is a *new threat floating around Facebook. It’s another one of those “See Who’s Viewing Your Profile” scams. I’m ~~not~~ surprised so many people are dying to see who’s viewing their profile.

It’s such a common desire that the “bad guys” know they’ll be able to fool at least one person (well, clearly more) into falling for their trick. This is akin to some scam artist trying to sell you something you don’t need. Stop and think, “wait, is this REALLY going to show me who’s viewing my profile…and is it worth it?” This is how you get viruses, get your personal information stolen, get your email hacked, etc.

This latest scam was around when MySpace was popular, so the actual tactic isn’t new. The post that’s making its way through Facebook looks like this:

Facebook Stalker — Fake View My Profile Post | Click to Enlarge

Notice they’re using a URL shortening service (Bitly) to mask the true URL. They’re trying to mask something from you, which should be the first clue. If you’ll also notice this was posted via the Stalker-Viewer app. Even ESET Nod32 Antivirus knew this was a potentially unwanted app and blocked it long before Facebook even knew about this rogue app:

ESET notifies that it has blocked the URL long before the website had a chance to harm your system:

ESET Nod32 blocking rogue Facebook app's site

The main thing to take from this article is that threats on Facebook are-a-plenty. You want to use Facebook to help your consignment or resale store gain exposure. Make sure you sit down and discuss this with your employees though.

No matter which antivirus or security software you have, there should never be a sense of “I can click whatever I want.” Those that switched to Macs years ago because they thought they could do just that, are finding out the hard ware that malware exists on Mac OS and phishing/stealing login information can happen on ANY computing platform.

You wouldn’t send your friends into an unknown city and tell them to go walking down the back alleys in the middle of the night. The same is true with the Internet. You want to empower your employees with information so they can be informed while browsing the web. Make sure you view our additional articles in our blog that discuss other Facebook threats, ESET, Malwarebytes and NoScript.

Malwarebytes’ Anti-Malware Pro

We’ve utilized a variety of antivirus and anti-malware tools over the years. ESET Nod32 Antivirus is the only antivirus product we recommend. We’ve even given Avira, G-Data and Microsoft Security Essentials a shot, just to test the options on the market. No antivirus software compares to ESET Nod32, especially for systems running hi-demand database applications such as consignment software.

Antivirus alone is no longer enough though. Threats come in all shapes and sizes and “virus” no longer covers the gamut of threats out there. Once a system is compromised, it can be very difficult to regain control over. The most effective tool in regaining control over a compromised system, in our experience, is Malwarebytes’ Anti-Malware Pro. Malwarebytes was released in 2008 and its free version is great at removing infections. The paid Pro version runs in real-time, actively protecting your system against unwanted applications and threats.

Why do I need Malwarebytes? I thought you only recommend ESET Nod32.

A few years ago, prior to Facebook being so widely utilized, viruses seemed to only show up by “obvious” methods. e.g. An email with an attachment, a disc or external drive that is infected, etc. That’s not to say obscure threats didn’t exist back then, but less people were exposed since they weren’t congregating in online forums and sites such as Facebook.

Since both businesses and individuals are utilizing Facebook on a daily basis, it’s almost like shooting fish in a barrel. If you post one malicious link, by sheer statistics alone you’re going to get a large amount of people who fall for the trick and <click> away.

In addition to Facebook there is Google and Google Image search results. Many consignment and resale stores will search for items on Google to verify anything from authenticity to current market value. The people writing and deploying these malicious applications know that people are searching Google for a variety of keywords. They do everything they can to get their websites and poisoned images into the top results on Google. One <click> and wham, you’re infected.

The best response I have found @”Why Malwarebytes?” is on MBAM’s Facebook page @ http://www.facebook.com/Malwarebytes:

Malwarebytes Anti-Malware is a complementary program and defined as an anti-malware program which detects and removes malware; malicious programs and files, such as viruses, worms, trojans, rootkits, dialers, spyware, and rogue applications that some antivirus software doesn’t detect or can’t fully remove. With that said, Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts, though exclusions may need to be set in your antivirus for Malwarebytes’ Anti-Malware’s exe’s to get the best possible system performance.

In a PC Magazine article, Malwarebytes’ COO Marcus Chung provides a great analogy for Malwarebytes:

“My favorite analogy,” said Marcus “relates to seatbelts. People used to think seatbelts were enough, but then airbags came along. It’s a solution from a different direction, not competing with the seatbelt. We are the airbag!”

So Malwarebytes is not an antivirus replacement. Don’t let anyone try and tell you that Malwarebytes is the only security program you need. It is intended to provide a mesh approach to security and is intended to compliment your existing antivirus software.

Malwarebytes’ Anti-Malware Pro is completely compatible with all of the major consignment software programs on the market. We’ve tested Malwarebytes’ Anti-Malware Pro with the following consignment software programs:

ConsignmentTill
Consignment Success | Consignment Ease | Best Consignment Software
ConsignPro
Liberty
SBS

Unlike other security programs that have done everything from block Liberty from communicating with Microsoft SQL Server, to deleting files that ConsignPro requires in order to run, Malwarebytes has done a perfect job of helping consignment software programs continue to run as intended.

The Computer Peeps recommend (and if we could, we’d require it) that any computer connected to the Internet run ESET Nod32 Antivirus + Malwarebytes’ Anti-Malware Pro. There are just too many threats and variants out there today and even with the best antivirus software out there (ESET Nod32), unwanted programs can still sneak by.

People think viruses have to be these big, bad programs that delete files, cause pop-ups, etc. Not so. Any software that is considered unwanted and any program that was brought onto the system without your knowledge or doing, can be considered a virus.

Malwarebytes can be purchased for $25 and it’s a lifetime license. We strongly recommend downloading Malwarebytes and letting it run a QuickScan. The Pro trial lasts for 14 days, but do yourself a favor and pay the one-time fee for a lifetime license. Their developers and testers deserve every penny of it.

As always, if you have any questions or if you need any assistance, don’t hesitate to ask!

New Facebook Settings You Should Enable

Facebook has added new privacy options that we recommend enabling. The first is a feature called Profile Review. This lets users preview posts other users tag them in. Since rogue Facebook applications can tag users in posts, this is a great way to prevent bogus posts from spreading. The second option is called Tag Review. Follow the instructions below to ensure both are enabled.

To enable Profile Review, click Account > Privacy Settings:

Facebook Privacy Settings — Step 1: Account > Privacy Settings

Click the Edit Settings link to the right of How Tags Work:

Your Profile Review option will show as Off. Click it to turn this option On:

Step 3: Edit Profile Review settings

Now click the Turn On Profile Review button:

Step 4: Turn-on Profile Review

When you’re finished, you should see that Profile Review is now On:

Step 5: Verify Profile Review is on

Your Tag Review option just under Profile Review should now be on as well. This lets you review any tags a friend might add to your posts, such as pictures you have uploaded.