If there is one thing that a lot of people do but deny doing so, it is buying fake software. This is actually understandable if you think about it. Licensed software is just so expensive and with the way things are going financially right now, people are always looking for ways to save a dime here and there. And if you buy unlicensed software, you will definitely save more than a dime!

Then again, if you are talking about security software, I do not really think that it is such a good idea to buy fake software. After all, you are talking about staying safe here, and who knows where all that fake software comes from?

Microsoft has actually issued statements regarding fake security software. Naturally, many will be skeptical about the statements – it is from the largest software company in the world. Of course they will tell you to stay away from fake products, right?

But they do have a very valid point, one which we will all benefit from. Canada.com has a report on this:

Fake computer security software, created by cyber criminals as smokescreens for viruses, is the No. 1 threat to computer security in Canada, software giant Microsoft said Wednesday in its latest biannual security report.

And experts blame hackers for playing on people’s fears of infectious malicious software, such as the Conficker worm.

According to Microsoft’s report, rogue security software, also called scareware, was found in 5.9 million computers, a rise of 66 per cent in the last six months.

What should you do? Make sure you are buying 100% legit software.

“If you see a message pop up (from a website) no matter how dire it is don’t click on it because almost 100 per cent of the time that message is a fake message,” said Mohammad Akif.

“Norton, Symatec, Microsoft — none of these companies sell their software this way.”

Sounds like a plan to me!

Categories: General, IT Security Basics, Malware, Spyware, Tips

Leave a Comment

If you have not heard, the RSA 2009 security conference was held in San Francisco in the past week. This conference is a significant one in the industry, and even more so now since we have been facing many different and new threats cropping up here and there. This year, however, what I have been reading about the RSA is not that good. A lot of people are saying that it came a little flat.

John Oltsik of CNET blames the economy for this. He also points out three other reasons:

1.The speakers. The keynote speakers really had nothing new to say. This was especially troubling because the lineup looked so strong. Unfortunately, the most disappointing speaker of all was President Obama’s cybersecurity point person, Melissa Hathaway, who read from a script and said next to nothing about her cybersecurity research effort. Hathaway underwhelmed an audience of security professionals, missing an opportunity to bond with a constituency whose support is critical to her success.

2. The topics. In the past, there was always one topic at RSA that grabbed everyone’s attention. Not this year–same old tired stuff.

3. The vendors. I’m now convinced that most security vendors have no conception of what their customers need. Vendors pitch point technology solutions while users are crying for help to secure their IT-based business processes. There are really only a few security vendors that recognize this. I can’t overstate how much this disconnect alienates the security community.

It is pretty depressing, isn’t it? Do you have other perspectives that might give us more positive views?

Categories: General, News, Security Policies

Leave a Comment

Phishing scams have been around for the longest time now, and it still surprises me how creative and imaginative the people behind these scams can be. It used to be that they relied solely on scams revolving around lotteries and stuff. A lot of people have wised up to that tactic, however, and I do not know if there are still those who fall prey to such scams.

This new scam is quite interesting, however, as it is not the usual scheme that phishers employ. They actually have pulled McDonald’s into it – at least by name. What has been reported so far is that an e-mail has been going around, and it contains information about a survey for McDonald’s. Here is the sample e-mail, courtesy of Hoax-Slayer:

Subject: Receive $50 Bonus To Participate In Our Customer Satisfaction Survey Dear McDonald’s Customer,
We are planning big changes for 2009 at McDonalds AU chain of restaurants and because your oppinion is very important to us, we invite you to take a short Customer Satisfaction Survey that will help us improve the quality of our food and services.
We know your time is valuable, so we will give you a $50 bonus just for taking our quick 7 question survey. The entire process will take no more than 5 minutes.

Take the survey (link to bogus website removed)

You can participate in this survey only once.

According to the same web site, the e-mail circulated in Australia. Again, it is FALSE; a scheme to steal financial information from you. Even if you are not in Australia, you might do well to look out for this kind of e-mail.

Categories: E-mail, Real-World Issues

Leave a Comment

If you remember, everyone was up in arms about April 1. This was supposed to be the day that the third version of the Conficker worm was to be released. It’s been several days since April Fools and it seems that nothing big happened. (Knock on wood.)

So what’s up with the Conficker worm? Is it’s reign over? Can we sit back and relax now? According to PC World, no one really knows. They just published a story on it yesterday and here is what they have to say:

But nobody knows for sure what Conficker can accomplish. However, at the time of this writing no Conficker-related catastrophes have surfaced and some think the threat never will. So as attention shifts away from Conficker, it’s important to know where we stand against the world’s most famous piece of malware.

While nothing has happened in the last week, we should not forget that the other 2 versions of the worm is still out there. And if your computer is not protected, you are still a sitting duck.

One thing that I recently learned, you can still access the security patch for the worm even if your operating system is not the real deal (READ: pirated). Data shows that the highest densities of Conficker infections are in areas which have pirated software. And while no one condoning the use of illegal software, “pirates” can still download the security patch directly from Microsoft. So while we don’t know what’s going on with Conficker, we should still be careful.

Categories: Malware, News, Operating Systems

Leave a Comment