Loading....

ESET Nod32 Version 6 Released Today

ESET Nod32 Version 6

ESET Nod32 Version 6 was released today.  By default, ESET Nod32 does not check for and install new program updates automatically.  For any clients on our Monthly Support Plan or any clients who have purchased consignment workstations or database servers from The Computer Peeps and as per PCI DSS, this is one of the many adjustments we make to properly secure your system.  Your systems will update automatically.

To manually check for program updates, visit the Updates tab of ESET and then click the Check button.  ESET will check for the latest update…

ESET Manually Check for Updates
ESET Manually Check for Updates

[hr]

[info_box style=”notice”]Tip: Setup > Enter Advanced Setup > Update > Advanced Update Setup > Setup to enable the Regularly check for latest product version option, as well as the ‘Always update program components’ option.[/info_box]

[hr]

Once ESET has checked and found the latest update, click Install

ESET Nod32 Install Update
ESET Nod32 Install Update

ESET will require a reboot once this update has been installed…

ESET Restart Recommended
ESET Restart Recommended

The new version is for the most part, the same as version 5 and is not a complete departure.  That being said, ESET has added handy new features and optimized program performance even more than before.

They’ve added a new Social Media Scanner, which we highly recommend enabling and installing.

ESET Social Media Scanner
ESET Social Media Scanner

You’ll be prompted to install ESET’s Facebook app…

ESET Facebook App
ESET Facebook App

This new extension of ESET, protects your Facebook page by scanning for malicious posts, links, and messages.  It can even alert your friends, if they have malicious content on their Facebook walls.

ESET Facebook App Scan
ESET Facebook App Scan

The settings available cover options such as email notifications and whether or not the ESET app should ‘reply’ to posts from infected/malicious posters…

ESET Facebook App Settings
ESET Facebook App Settings

Overall, this has been a smooth update thus far.  Make sure your antivirus is updating automatically, but as always, make sure you’re taking all the precautions to manage your systems – e.g. file backups, system images, database backups, etc.

For clients on our new System Monitoring & Patch Management Service, we’ll be alerted as each system automatically updates to the latest version of ESET and we will be checking on each and every system…

Peeps' System Monitor ESET Nod32 Installation Alert
Peeps’ System Monitor ESET Nod32 Installation Alert

If you have any questions or comments, feel free to post below!

Facebook Security Flaw Allows Users to See Private New Year’s Messages

Facebook is offering a service that allows users to send messages to other users, which will be delivered at the stroke of midnight.

Facebook Midnight Delivery

This is part of their Facebook Stories site…

https://www.facebookstories.com/midnightdelivery

The only problem is, it has a little flaw.  As first reported on Jackthewelshman’s blog, anyone can view and even delete other users’ messages.  As you can see in his examples, all it takes is a slight change of the URL and you’re now viewing (or deleting) someone else’s private message.

Not that anyone is using this Midnight Delivery service to send extremely sensitive information, but as Jackthewelshman pointed out private pictures – pictures of people and their kids – were all visible to the public.

This is just the most-basic of issues one has to address when building a web application.  Testing for access to resources without being logged-in, URI manipulation, etc. are all things even a small company has to deal with, let alone Facebook.

For such a high-profile, ‘featured service’ of theirs to have such a glaring flaw, begs the question, what else is being overlooked?

 

New Zeus Botnet Worm Posing As “FacebookPhoto_ADD_album.jpeg.exe”

BotnetCareful, folks, there’s a new Worm that is posing as a “Facebook Photo Album” executable.  A .zip file is being emailed and if you install the program within, you’re likely to infect your system.  Currently only 8% of antivirus scanners are detecting this worm, so this one is fresh.

You should never open any attachments from people you do not recognize.  Even if the message is from someone you recognize, think twice before opening a .zip or .exe file.  There really is absolutely no reason to install any software sent to you via email.  If a friend or family member are trying to tell you about a new program, they can send you

Now is also a good time to mention email providers.  We strongly recommend switching to Google Apps, which is free Gmail for businesses.  You are not going to see any messages get through with a .zip attachment while using Gmail.

As always, if anyone has any questions, just let us know!

Facebook App Redesign “Tricks” Users Into Installing Apps

Facebook VirusTechCrunch just published a fantastic article outlining the deceptive new layout for Facebook Apps.  Facebook has changed the buttons/options you see when an app would like access to your Facebook profile.  In the past, you would be greeted with an “Allow” or “Don’t Allow” option.  Now you are no longer presented with the clear options and in fact now, there’s only one button – “Play Game”.  This is something to be expected from ‘hackers’, virus writers, etc.  They’re intentionally trying to deceive people into clicking on buttons or pictures that appear safe.  Coming from Facebook though, I think this is a bit much.

I have a feeling this is going to lead to more users allowing malicious apps to have access to their user profile.  I’m all for trying to make things easier for users, but I think there’s a stark difference between “Allow/Don’t Allow”…

Old Facebook Allow/Don't Allow Options
Old Facebook Allow/Don’t Allow Options

As compared to the new “Play Game” option…

Facebook 'Play Game'
Facebook ‘Play Game’ instead of ‘Allow’ or ‘Don’t Allow’

This is social engineering 101!

Make sure you discuss this with your employees so they’re aware of this change.  Bogus apps will typically redirect you away to another 3rd party site which attempts to download and install malware on your system.  All it takes is one simple, “Oh, I didn’t think a Facebook App could be harmful” to bring a system down.

Some quick tips for staying safe while on Facebook:

[box]

[checklist]

  • Only install apps that you trust and that come from legitimate developers.  If you’re unsure, then you don’t need that app.
  • We recommend using a Javascript blocker, such as NoScript for Firefox.
  • Utilize an ad-blocker, such as AdBlock.
  • Always make sure you have the latest operating system updates.
  • Ensure you’re using good, up-to-date antivirus + anti-malware software – we recommend ESET Nod32 and Malwarebytes’ Anti-Malware Pro.

[/checklist]

 

[/box]

Just keep an eye out and read before you click!

Facebook Profile Viewer: Maybe, just MAYBE, this one is real :D

Ok, we used to go through the Who/What/Where/When/Why when it came to this sort of Facebook post.  I don’t think this one requires such an explanation.  I just can’t believe how much of this, well, crap is still floating around on Facebook.

If you’re a business and you’re looking for alternatives, here are some recommendations:

[checklist]

  • Twitter – If you have a Facebook page, chances are you have a Twitter account as well.  Twitter is a bit more streamlined, as far as content goes.  You can still run into the occasional bogus phishing link or childish drivel, but Twitter is a bit more of a straight-forward approach to broadcasting information.
  • Google Plus – Some scoff at G+ and think it’s a no man’s land.  That simply is not the case.  Businesses and individuals looking for a better way to share – e.g. Hangouts, Circles, search result tie-ins, comment formatting, etc. – are using G+ to their advantage.
  • Reddit – Reddit is a great place for news, information, and sharing with others.  Network with other users in topic-specific communities called Sub-Reddits.  Spend a week on Reddit and you’ll start to realize you “saw that last week” as you watch the news or scroll through Facebook.
  • Pinterest – Pinterest is becoming a more and more popular way to share anything from clothes you like, to architecture.  Consignment businesses can really utilize Pinterest’s ‘pin’ feature to share new outfits that were recently consigned.
  • Blog – If you’re a business and you provide a service or sell products, you really should have a blog.  With a WordPress-based website, you can easily post to your blog and keep your customers in the loop.  Adding new content keeps your site rich with content, which can boost search results.

[/checklist]

 

Facebook Tracks You Even AFTER You Log Out

Did you know Facebook is tracking you everywhere you go on the Web?  Even after you log out of Facebook, they’re still tracking your footsteps and that data is tied to your Facebook User ID.

I’m a big fan of the Do Not Track option in Firefox, but why is Facebook tracking every website you visit after you log out?  Because they can.  This is done with a tracking cookie.

This morning, Nik Cubrilovic outlined the details in an article on his blog:

http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough

To quote Nik:

Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

So what does Facebook have to say about all of this?  According to Facebook Systems Engineer, Gregg Stefancik, this was essentially an “oversight.”  Here’s his response to Nik’s findings:

Facebook Engineer Gregg Stefancik's Response | Click to Enlarge

Whatever Facebook was or was not tracking you around the web for, they were tracking you around the web.  They can say they’re not using that data, but it still stands – they have that data.

To enable Do Not Track in your browser:

  • FirefoxFirefox Button > Options > Privacy > Tell web sites I do not want to be tracked
  • ChromeKeep My Opt-Outs Extension
  • Internet Explorer 9Tools > Safety > Tracking Protection > Personalized List > Enable (We strongly recommend NOT USING Internet Explorer)
Back To Top