2Mar/100

How did I get these fake antivirus? How to keep from getting them.

Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now. You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad. See the simple explanation below.

Here’s how Malvertising Works

A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
The ad goes live.
At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
Once an exploit is available the malicious ad injects malware into the clients PC.
The anti-virus may or may not detect it, it’s really just luck. If the threat is old, then there’s a good chance it will. If it’s just a few minutes old then there’s a good chance it won’t.
The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

Keep your Adobe Reader and Flash Updated. This is not exactly an easy task since Adobe seems to find security holes every other week. Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!). Both programs do automatic update checking, however a lot of people just cancel the update. Bad idea.
When Java alerts you that an update is available then yes…install it. Lot’s of my clients never install this update. It’s really important that you do.
Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
Browse the internet with Sandboxie as much as you can. That goes for everyone who uses the computer.
Always download and install your Windows Updates.
Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don't need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

Flickr Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

BuzzNet Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

Technorati Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

del.icio.us Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

IceRocket Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

LiveJournal Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

43 Things Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

Tagged as: Fake Antivirus, Why Do I get these No Comments

8Sep/080

Flash and the Ugliness that surrounds it

Typically the word Adobe used in a sentence feels me full of fright from nightmares of Adobe Products being installed and watching the system resources completely diminish on any great Server or Desktop including Apple OS’s.

Let’s just talk about Adobe for a second. Here is a company with great ideas and a great means. The idea of tools like Photoshop (not sure I can say that without paying royalties), AIR and Flex are brilliant. Yes I just said brilliant. However being a developer of all kinds of technologies (this means I have developed using Adobe as well as SUN technologies not just microsoft). Adobe was always had great ideas but poorly implemented. This can be said for Java as well (I will rant later on this).

I have always felt flash left something to be desired. Once again I have written a few small applications in flash. To be honest using flash 4 (yes it was old and very outdated. Scripting was only a thought). It is and was very clunky to write in excuse me I mean add animations.

Flash is a ways or a means to deliver content using animations or using video and compress it so that it should be faster smarter and better than a means such as AVI or DIVX/XVID. In this realm it does well, making the video smaller and more available without installing more codex’s to run video over the web (take all your favorite video sites as an example(youtube). It is also nice to run on any type of web site using any and all technologies. Hats off to Adobe for this. However Adobe Flash is a serious bandwidth hog and slows down a clients web browsing experience. I have to admit there is ways of compressing these files to be less um hoggy if you will. However it seems since only designers like to use and “devisign” (Develop + Design = devisign) in it. Most designers don’t use compression or like to make these files smaller cause it might take away from the “Artsy” work they have done.

Things that Adobe could fix in my humble opinion are:

-Enable better compression

-Use or I guess copy the Silverlight model of tiny sized bits to be served for great quality and less bandwidth hogging.

-Add a set of standards for you developers oops.. devisigners!

-No more splash screens using Flash PLEASE! (this goes for all you web designers stop it. It is ugly and making the web ugly.)

Also Adobe could you please de-junk Acrobat. It is crazy crapware that I will not install. Learn from Foxit Software please.