A trojan horse is one of those terms that makes us cringe. It is largely unknown as to what it does exactly, or where it comes from, but we know that such a thing on our computer, is probably not good. Trojan horses, like viruses, malware, spyware seem to fall under the “just let my antivirus deal with it” category.

If I may, for a brief minute, explain some background and go historical and technological, both at the same time: As the Greek legend goes, during the Trojan War, it has been said that the Greeks gave their foes, the Trojans, a big wooden horse as peace offering. But after the Trojans pulled the horse inside their city walls, Greek soldiers busted out of the horse’s belly and opened the city gates, allowing their fellow soldiers to pour in and capture Troy (Brad Pitt, apparently, somehow had something to do with all of this). A computer trojan horse, then, acts in a very similar way: by downloading an unknown program, an attacker can have access to the system by pretending something it is not, thus behaving like the famous horse of troy—allowing for an insider attack. Trojan horses can be delivered by opening a rouge email attachment for example, with a promise of something interesting or needed like a fake program upgrade; they are often delivered via email attachments or Internet software downloads and can cause significant damage to ones computer.

A more sophisticated form of delivering trojan horses, though, is the lesser-known “road apple.” A road apple is a real-world delivery mechanism of a trojan horse—a quite creative one, if I may. In a road apple (a nicer term for horse manure) attack, the attacker leaves an infected CD Rom or USB drive in a location easy to be found and with a label that would attract curiosity.

For example, an attacker might leave a USB drive in an elevator or bathroom of a large corporation with a label that reads “Executive Bonus Payments 2007″. The victim would then insert to the USB drive to their computer out of curiosity and alas, the trojan horse would be delivered.

I tried this technique here at MinuteFix (sans the trojan horse), to see if someone would fall. This is what my hidden camera discovered:

Read more about Road Apples from Wikipedia.

While riding into Manhattan yesterday I was privy to a conversation between two, middle-aged, professional looking men who were talking about the frustration of dealing with outsourced Tech Support. The topic itself has become a hot one lately as several companies who originally switched to outsourcing to countries like India in an effort to reduce overheard are now frantically looking for domestic companies to provide support now in an effort to regain customer confidence and improve on customer service. Perhaps the conversation below is a familiar one?

Man on Train: Do you have a Dell?

Colleague: I do. I love it. Why?

Man on Train: I have one at home too and mine is pretty amazing. But I had to call their tech support last night because I got this strange email that I was pretty sure was SPAM but decided to call about just to be cautious. Seriously man, it was not a good experience. So, I call Dell Support and tell the guy on the other end that I got a fake Dell order confirmation from some d*#$ in Taiwan posing as someone from Dell and trying to get credit card information. Now, I knew it was going to be crazy so I had first gone to the website to report it. There was no way to do it though so I ended up calling. Anyway. So, tell the guy my problem and he says,

Agent: “Thank you for contacting Dell Customer Service Chat. My name is Shiva. How may I help you?”Man on Train: Now I had already told him my problem so I was already wondering why he wasn’t listening to me. Anyway. I spoke back, “I just received by e-mail a phony Dell order confirmation from a spammer. Would you like a copy of it? How should I send it in?”

Agent: “As I understand, you have received a confirmation mail. Correct?”

Man on Train: “Yes, and it’s not real. It is from a spammer from Taiwan, posing as Dell. Do you want a copy of it?”

Agent: “Sure, let me check what best can be done.”

Man on Train: “Thank you.”

Agent: “May I know if you have placed the order with Dell?”

Man on Train: “No, I have not. That’s how I know it is not genuine. It is not for a real order. It is from a spammer who is trying to get credit card account numbers by posing as Dell.”

Agent: “Sure, let me check.”

Agent: “I am sorry sir. I am from small and medium business for America, and do not have the excess to Taiwan order. Please get on our web site to get the number for customer care for Taiwan.”

Man on Train: “I’m sorry, but you are not understanding me. This is not a real order. It is an attempt by a criminal in Taiwan to pose as Dell to steal credit card numbers from customers in the United States.”

Agent: “Hope you understand why I am unable to help you and asking you to contact the Taiwan customer care department. I have excess to check only order numbers for America.”

Man on Train: “I don’t think the order number is genuine for Taiwan or for any other country. But thanks for your help. I will simply delete the false order confirmation.”

Agent: “I am really sorry for being helpless sir. Is there anything else I may help you with?”

Man on Train: “You’ve done enough.”

Agent: “Thank you for visiting Dell Small Business Customer Service online chat and allowing me the opportunity to assist you. Also, feel free to visit us again at support.dell.com.”

Agent: “Thank you and have a great day ahead. Bye!”

A question has been posed for some time about the likelihood of Apple computers becoming infected by viruses. The issue has become even more relevant since Mac invited Intel to the table and started producing dual boot systems through programs like Parallels Desktop for Mac and Boot Camp. The question, itself, is simple enough. Do Macs get viruses?

In short, yes, it is possible for an Apple Macintosh to get a virus. However, the likelihood of an Apple Macintosh user getting a virus when compared to a Microsoft Windows user is little to none. In fact, many Apple Macintosh users (including myself) don’t even run an antivirus protection program.

Some of the reasons why Apple Macintosh computers do not have as many viruses as Microsoft Windows are:

1. Newer Macintosh operating systems, such as the Mac OS X, is built on the Unixkernel, which is one of the oldest and most secure operating systems available.
2. Microsoft Windows is used by a lot more users. Because more users use Microsoft Windows, it is a lot better of a target than Apple computers.
3. Most of the virus writers are familiar with Microsoft Windows, and therefore are capable only of creating a virus for that platform.
4. Many of the tools and scripts used to help users create viruses or other malware are most frequently designed for Microsoft Windows.

There is certainly no lack of virus protection programs for Macs.

Note: If you’re running a virtual PC on your Apple Macintosh, because it’s emulating Microsoft Windows, it can become infected with Windows viruses and you should be running an antivirus protection program on it such as Norton or Macafee. In addition a Mac can serve as a virus carrier, meaning that a virus could be stored on an Apple computer yet not infect it. But if that computer were to connect to a network or a user was to forward an infected e-mail to a Windows computer that could become infected.

As technology evolves, and people become more sophisticated at using it, so the threat posed by computers and the internet. More and more, the real threat lies in social engineering, and not so much in technological attacks.

Phishing is one of the most common forms of modern security threats, causing people to unwillingly compromise their identity and privacy.

Here our top 10 ways in which you can reduce the risk of being phished:

1. Don’t ever click on a link in an email that comes from any financial institution. Banking is the most vital data you can lose, so it is the most common form of phishing. It is very easy to generate an email that spoofs the “from” address, and a logo and design can be made to look like communication coming from real companies. These emails are skillfully crafted and links can be “masked” to hide the true address. The security lock on a browser toolbar can also be falsified. A rule of thumb, is don’t ever answer to any financial institution email unless you are expecting it. When in doubt, pick up the phone and call.

These emails often warn of some dire consequences (eg: “Your account will be closed” or “There has been fraudulent activity”) and require some sort of immediate action. A good solution is always have bookmarks to the financial institutions you deal with, or always type the company’s web address directly in the address bar.

2. Consider having 2 levels of password security. As much as it would reduce your chances of being victimized, changing your top-level security password every three months for every website you use would just not give you any time to check your email. People often use a single password for everything we use to make it easier to remember, but we propose this: use the same password you already use, but add a variation to it. For example, if your password is city of birth (a no-no, more on this later), you could add the last 4 digits of your social security to the end. So, if you kansas is your password, add some extra security by adding those digits, for example, to kansas9876. Then, use this new variation (which will be very easy to remember) to any web service that may have sensitive information. These might be your email and your online bank and credit card accounts, for example. Now, you can use your standard password for everything on the net and not worry that your password can be potentially accessed by a teenager who runs one of your social favorite networks. Best of all, this keeps it simple you don’t have to remember more than one password.

3. Don’t use the password reminder feature in your browser to store your login information to your email or financial institution’s website. Remember that intruders can’t only access your computer over the Internet, but some may be lurking around you at a cafe or at the office. If you remain logged in, or save your access data in your browser, it makes finding your private data, a breeze. Which takes us to…

4. Always use the Windows password protection when logging into your computer (same applies to Mac). Share it with your family, spouse or co-workers if you need, but keep in mind that a computer can be stolen or lost. Especially if you use a laptop, you can safeguard all your information by keeping Windows locked down. It is nearly impossible to access Windows without the password, and this would guarantee that if your computer gets the five finger discount, that your data is lost, yes, but safe.

5. A very recent form of phishing can be found on some social networks is trying to phish for your email password. Disguising themselves as helping you “invite your friends” a social network might ask you enter your email address and password. Many users do, giving these networks access to your inbox. This is one of the reasons why you should use a secondary password for your email and financial websites. Don’t ever share that password.

6. For goodness sakes, don’t use your pet’s name, city of birth or your spouse’s first name. Your city of birth is also a common one too. Try to stay away from obvious passwords, these are the first things hackers might attempt. Try to think of something people don’t commonly know about you, like a place you’ve always wanted to go, the name of someone you admire, or your favorite restaurant. These are easy to remember, and hard to guess.

7. Be careful giving out information over the phone. With the advent of voice over IP, crooks are finding more creative ways of fooling people. Vishing (phishing over VoIP) commonly uses caller ID spoofing, where a caller can fake the origin of the call. For example, a criminal can spoof an outboud call, to seem like it is coming from your bank, or from a person who you know. Don’t give out your personal details to any in-coming caller. Dial back to the institution if you are suspicious.

8. Be careful about downloading any software from unknown sources. Trojan horses often lie inside software packages. Check the validity of the website before downloading. Google the company. If people are saying good things about it, it’s probably safe.

9. Consider security software to detect phishing sites. Haute Secure and McAfee’s free Site Advisor are the ones we recommend.

10. Lastly, use your common sense. Hackers and cyber thugs are people too. They think of obvious ways to abuse the system and most of these can be mitigated by using your common sense. If something seems urgent, or overly impressive, stop and take a second look.

We are giving out $10,000 to the first 10 people who read this post. If that’s you, please enter your bank account number and your password in the comments below. Got ya.

Tonight Phil Gerbyshak and the MinuteFix Certified Technician community hosted Tuesday Open Comment night over at Liz Strauss’ blog, Successful Bloggers. About open comment night, in Liz’ words:

It’s like any rambling conversation. Don’t try to read it all. Jump in whenever you get here. Just go to the end and start talking. EVERYONE is WELCOME. The rules are simple — be nice.

We had a great evening of hardware-talk, wireless support, Mac vs. Windows wars, thoughts on Windows Live Update, and even conversation about our Certified MinuteFix Technician Jenn, who was caught in the Florida fires. Over 300 comments were posted, many smiles were had and new friends were made.

Thank you, Liz, we had a great time.

Back by popular demand, techno LOLCats:

We have all heard the adage “Do unto others….”. We go into a fast food restaurant and we want to assure our food is both good and fast. So we naturally turn the charm up a bit more or we conduct ourselves as professionally as possible. Not too much is different when seeking computer tech support from a live technician. A good technician is already aware that if you are bringing the issue to get help on it, there is a problem. It is his job to fix it. However, it always help to deal with a courteous and patient customer and perhaps these five tips will help us all become that courteous and patient person in crisis.

Define the Problem
The first step for anybody seeking help is to define the problem. Perhaps though the biggest stumbling block a customer can put in front of a PC technician is to abdicate any responsibility for participating in the troubleshooting process, claiming that they lack the necessary expertise or it simply saying “isn’t that your job,” rather than defining the problem at hand. Simply put, would you go to the doctor and say “I’m in pain,” and then refuse to respond when the doctor asks, “Where does it hurt?” By defining the problem at the beginning of a help session you can point the Technician in the right direction and thereby save time and resources for both parties.

Eliminate the Obvious
With MinuteFix, specifically, we are more likely to solve a problem through remote desktop assistance than by simple chat or telephone. Therefore, it is incredibly advantageous if log into MinuteFix on the computer you are having issue with. If you can’t get on the internet with that computer but can on another, then the situation will be accommodated. However, the success rate is lessened when a help session for one computer is carried out on another.
If you approach a help session having already gone through the obvious fixes you are steps ahead to a certain fix. We have all sat and listened with frustration as a tech support person asks us if we have rebooted, restarted, refreshed, etc. If you have already gone through a litany of those ‘quick fixes’, be sure to let the technician know immediately. Perhaps you could start the session out by identifying your problem and what you have already done? For instance, you could say, “My computer continues to give me an error message on my desktop. I have no programs running. I have rebooted the computer but still get the same window. I have all my antivirus programs turned off and there are no external devices attached to my computer.” You may not know all of those things but it will help to state what you do know.

Courtesy Never Hurts, And Sometimes Helps
It is important to remember that each live Technician is just that - live. He or she has feelings and can easily be swayed by discourtesy. Therefore, try and ask your question with courtesy. Use “Please” and “Thanks for your attention” and you will be amazed at how far the tech is willing to go for you.

Follow The Leader
As human beings we all tend to get excited and even get ahead of ourselves. In a PC help session you can’t do that. It is best to do only as the technician tells you. Remember, you contacted him because he is the professional. If you knew how to solve the problem all along it would already be solved and you wouldn’t be in a session with tech support. This kind of falls in line with not always questioning the tech. Granted you are generally paying for tech support. However, it severely slows down the help session and confuses the technician when a customer chooses to ask “Are you sure?” or “Have you done this before?” after each instruction given by the tech.

Don’t Go Far From Home
Because a majority of the tech support issues are handled by remote desktop assistance is fairly advantageous for the session to take place on the computer “in question”. If you can log on to the Internet from the computer you are having issues on you are much more likely to get a correct fix and in a shorter amount of time. It is tempting to want to be away from the troubled machine and just log in on one you know works (perhaps at work or a friends house) but the issue will be much harder for you to possibly remember and for the tech to accurately diagnose and fix. Now, if you can’t log on to the Internet with that computer then, of course, you should seek a different computer. However, trying to stay with the bugger machine is probably the best option for a reliable course of action.

There was a day when a simple construction paper card emblazoned with crimson crayon hearts and lovingly misspelled words was all it took to liven up Mother’s Day. But those days are likely gone as a little more is expected from a thirty year old man. Okay, so maybe I am talking a bit too much about my own situation. As much as I think my mother is completely happy with a Hallmark greeting or a dozen imported Tropicana Roses, I know she really wants something a bit more…well, hip. We are talking about a woman who claims OnStar is her best friend and snubbed her nose at a “kind of small don’t you think” 250mb external hard drive. So, this year I am looking for something different and I am pretty sure a few others are as well. So, I have taken a few moments to make a sort of 5 Best Tech Gifts For That Very Special Mother.

Part of being a mom is about being aware of where everyone is and when. So what better way to do that than to have the ability to call and TXT right at your fingertips? But simple cell phones are so…2005. So why not get your Mom the new BlackBerry 8100c Red Pearl? A major update to the popular 7105 brings the BlackBerry experience to a whole new level. The BlackBerry 8100c Pearl is not only thinner and lighter, it also sports a memory card slot, a music player, and voice dialing. Other features, such as Bluetooth 2.0, EDGE high-speed data, and the popular SureType keypad make this a complete mobile office solution. And of course, legendary BlackBerry push email is fully supported on the BlackBerry 8100c Pearl. And did I mention it is red? The color of all those hearts you used to draw on your cards? Service is available through Verizon, Cingular, AT&T and almost all cell companies. The price of the phone depends on the service you sign up for.

You don’t Momma taking her eyes off the road to talk on the phone when driving your younger sister to soccer practice do you? So why not give her a Bluetooth headset to free up those hands? I personally prefer the Motorola HS 850 Bluetooth HS850 which can be purchased here. At about $70 it is a non-evasive little device that will neither mess up your Mom’s hair or cause a silly indentation in the side of her head like those ridiculous headpieces.

Speaking of soccer practice, I am sure that your Mom, if she is like mine, hardly goes anywhere without her digital camera. But with you being somewhere else you don’t get the luxury of seeing all those pictures. That is why a years subscription to Flickr is the perfect Mother’s Day gift. It is inexpensive ($25 for a year), can be purchased online and can help her organize photos into albums and note who is in each one, the year it was taken, and where.

Once you’ve got access to those images there is really only one thing left to do - print them out for deal Mom. Well, I guess it is 2008 so you don’t really need to print them out. You could simply display them digitally or, better yet, let her display them digitally with a Kodak EasyShare SV-710 7-Inch Digital Picture Frame available here for less than $80. Imagine how excited Momma will be to know she doesn’t have to choose one picture for the frame. She can choose up to 250mb worth of images. And that is a lot of soccer shots, piano recitals, Grandbaby pictures and family reunion shots. But if she is, in fact, a little more traditional than perhaps you can take those shots and have them printed in a custom portrait book by Lulu. Let’s face it. If you’re willing to put a little work into, a printed photo album is a very thoughtful and personal gift that any mother will break into tears over. Lulu lets you upload photos and create photo books (in hardcover or paperback) with a minimum of fuss. The real effort is in wittling down her gargantuan photo collection into something more manageable. Hardcover books run a mere $26 for the first 20 pages.

So don’t settle for a cardboard collective of someone else’s poems or an oversized balloon with a cheap carnation. Do something extra special for that extra special woman in your life!

A few days back we published our community’s Top 5 Vista Annoyances. Our number one was the User Account Control. User Account Control (UAC) is a new security component in Windows Vista. It enables users to perform common tasks as non-administrators, called standard users on Windows Vista, and as administrators without having to switch users, log off, or use Run As…
Unfortunately, it doesn’t work quite like Microsoft describes. What it does is, when you want to install a program, Vista tells you it “Must have permission to run this program”, then you click, and you go on your merry way. I found it a pain. Here is where you turn it off (I found it after much hunting and cussing):

1. Click Start, and then click Control Panel.
2. In Control Panel, click User Accounts.
3. In the User Accounts window, click User Accounts.
4. In the User Accounts tasks window, click Turn User Account Control on or off.
5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears.
6. Click Continue.
7. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.
8. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window.

You will now be good to go, and won’t get that nagging message anymore. Is there any Vista Annoyance you’d like to see addressed? Let me know in the comments.

Today’s computer security threats are not frequently what people think they are. Often times, viruses or so called trojan horses keep people faithfully updating their security software giving them a comfortable sense of security. But the most common security threats today are no longer cousins of the infamous “I love you” attachment, but rather, human deceit. This new form of security threat is a combination of technology and physiology, techniques now known as  social engineering. They apply trickery to get people to divulge confidential information.

Kevin Mitnick, one of the most famous security criminals (who served five years in prison—eight of them in solitary confinement—and now runs Mitnick Security Consulting, a computer security consultancy) coined the term “social engineering.” Mitnick points out that that it’s much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in.

Criminal hackers (a.k.a. crackers) simply apply cognitive bias techniques that can people into giving up their personal data, deceived by false information. One of these practices is pretexting, where the criminal creates an invented scenario (the pretext) often posing as an authority, or a trusted source, to trick a person into disclosing their information. The most common expression of these security threats is phishing where a cracker can spoof the authenticity of a website by copying the logo and format of a familiar site, and getting a user to submit their personal information. Unbeknownst to the user, instead of the information being sent to the authentic company’s website, the data is neatly stored by the information thief.

Common phishing techniques target banking institutions where an email might contain an urgent request, such as a request to change a pin number. See, for example a common social engineering attempt to steal your Citibank account information below. This is a real email sent by a so-called Riley Buckner, “Head of Citi© Identity Theft Solutions”:

Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension. To securely update your Citibank ATM/Debit card PIN please go to:

https://www.citibank.com/signin/citifi/scripts/login2/update_pin.jsp

Please note that this update applies to your  Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.Thank you for your prompt attention to this matter and thank you for using Citibank!

Regards,

Riley Buckner
Head of Citi® Identity Theft Solutions

Notice that the address in the email seems legitimate; however, the thief has coded the address to go to the page you see below. You will notice that the phisher has actually opened the genuine Citibank website, under the pop-up where they display a page, hosted on their servers, where your personal information is being requested.

If you are concerned about security, be careful not to believe that the best way to protect yourself is with an antivirus software or firewall. Keep in mind that modern security threats attempt to play with your mind, not with your computer. And the only antidote to this virus, is you.

Have you been deceived by social engineering?  If so, why don’t you leave us a comment and tell us about your experience?

Finding a good, free antivirus is a difficult task. When I purchased my new computer, it came with a trial of Norton Antivirus. I used it for the 60 days, and then I decided not to keep it by purchasing it. I had purchased a few others over the years, but nothing seemed to do the trick.

A MinuteFix Tech sent me a link from PC Magazine which conducted some testing of antivirus programs; an independent report by Av-Test.org . Pretty interesting stuff. I have always used more than one anti-virus program and spyware/malware program for protection on my own system. I’ve tried AVG, Avast!, and several others, even paying for a few like Panda.

I wasn’t familiar with the first product on the list, WebWasher, but I was thrilled to see Anvira’s Antivir listed as #3.  Douglas Wong, another MinuteFix Tech, recommended this product to me, and it has become my absolute favorite program to use and recommend. The best part is that is has a free version. In my experience, Anvira finds all kinds of things that others miss. I use it in conjunction with NoAdware , and Spybot Search and Destroy. Between these three products, my system runs pretty smoothly, and stays pretty clean of viruses, spyware, and malware.

There are a couple of things I really like about Anvir. It can be set to auto update, so I don’t ever have to worry about that, and I can run it automatically with an easy to use scheduler. Scans can also be run in Windows Safe Mode, which is terrific for times when you can’t get Windows to boot totally into full mode (a lot of programs such as this won’t run in Safe Mode), so that is a definite plus. It leaves a very small resource footprint, unlike other competitors, and it seems to find things that other programs don’t.

On a downside, unlike Avast! and AVG, it does not scan incoming our outgoing emails. Its built-in on-demand scan doesn’t quarantine found items, it only tries to delete or repair them.

Antivir has also received positive reviews by PCMagazine, Sofotex, and About.com.

Everyone who I have recommended this product to loves it.

If you need any help configuring your system, we’re online and ready to help.

How do you deal with Viruses and Spyware? Please let me know, I’d be very interested in hearing your thoughts on this product, if you’ve tried it, or others you use, both good and bad.

This week we asked some of our Tech community members: What are your favorite top 5 Vista annoyances? Since it’s launch, we’ve heard a lot of carping over Microsoft’s latest operating system. There is even an entire book dedicated to it. In addition to getting reactions like “OMG, only 5?”, this is what our community came back with:

1. “Windows needs permission to run this program” Windows UAC (Universal Account Control) is truly a pain, I turned it off right away (as soon as I figured out how).
2. Network icons are different – They used to show traffic, different connections, info on that connection, speed, etc.. no more!
3. File Associations are now in the Control Panel instead of in Explorer, where they belong!
4. It is extremely difficult, if you’re coming off of Windows XP to find settings for any feature in the Control Panel. It’s definitely a hunt.
5. Not finding drivers or software that will run on it – It’s getting better, but still has a long ways to go.
6. “You must be an administrator to run this software” But there isn’t always an option to “Run as Administrator”. And if you are an Administrator, that’s not enough. You must be THE Administrator.

And, last but not least:

7. You can’t open the damn box in which the software comes in. Microsoft had to publish a how-to. Joel on Software chimes in, Network World too and you can even find a tutorial on Flickr.

Yes, that’s more that five. But we couldn’t resist. What is your favorite Vista annoyance? Tell us in the comments.