I see clever trojans and other malware all the time — a considerable part of my work involves removing them from people’s PCs. The “FakeAlert” trojan is especially common: it warns you in various convincing and intrusive ways that “your PC is infected” and offers you a link to download and install a “removal program”. If you install this software it will “find” all sorts of terrifying things which it says are downloading pornography and stealing all your passwords, credit card details, and so on, and offers to remove it … once you have register the removal program for about 50 dollars via your credit card. And it doesn’t find malware which actually is there. The PC becomes increasingly unusable until the fake software is removed, which can be quite tricky (which is why people pay me to do it, of course).
Three customers whose PCs I’ve removed this malware from have subsequently had phone calls from someone who says he’s from something like the “Windows Support Group”, telling them their PC is infected and offering to remotely connect to the PC to remove the infection. All these people were called at home, on numbers they don’t reveal to people. They report that they had assumed the call was from Microsoft, but how did Microsoft know their PC was infected, and how did Microsoft get their phone number?
Presumably the trojan searched the PC for phone numbers in documents and reports it back the the bad guys, who are now calling the numbers. Brazen or what? (With permission, I searched one customer’s PC for their secret phone number and found it in an old CV.) One of the customers had the presence of mind to ask for a number so they could call back — and reported the number to me. So I called it …
“Adam” told me they had offices all round the country, and were one of the largest PC support organisations and had been going for well over ten years. He gave me a website address which I later checked — it had been set up three weeks previously. I asking him if I could drop my PC off, but he said their insurance didn’t allow it, and it wasn’t necessary because they could connect remotely if I co-operated by downloading a program. I asked him how much this service would cost, and he said he couldn’t say, even roughly, until he’s had a look at the infection. I said someone had told me that he’d called them to offer to do this, but how did he know they had an infection? He said it “was reported to us”, but couldn’t or wouldn’t explain further. I asked him where he was, he said he was in London, I asked for the address. It took him a long time to find this, and when I asked him for the nearest (or any) tube station, he didn’t know. He didn’t know what the weather was like in London, either.
The whole thing seemed highly suspicious to me, so if you get a call like this, ask questions!
Anyone using the free version of AVG should make sure they are on the latest version, AVG Free 2012.
AVG seems to have got bigger and more demanding of computer power over the years: I now always do a custom install and turn off everything except AVG itself.
I’m also increasingly annoyed by having to navigate through all the adverts on the CNET site (when AVG redirects you for the download) and by having to refuse all the free toolbars, search providers and stuff it wants to install. To be fair, it’s got slightly better recently.
I like simple and straightforward products, and I now prefer Microsoft Security Essentials. Simple, free, and seems to work well.
Apart from malware, setting up mail still seems to cause most problems I see, and I’ve lost count of the number of people who tell me that BT call centres don’t seem able to help with even simple mail problems. Some people have even told me that they found my BT help pages after having been told about it by BT, which is a compliment of sorts from BT, I suppose.
I notice that VirginMedia are now doing outbound validation in a similar way to BT — if you are not using a VirginMedia e-mail address to send from, you have to register the address you want to use with VirginMedia. They have managed to do this in an even more annoying way than BT, though, in that rather than just permit a validated sender to use their SMTP servers, they add a SENDER: header to each outgoing mail item. This means that recipients using most versions of Outlook with see it as from the virginmedia address “on behalf of” the validated address. Not many people like this, but — other than not using VirginMedia’s SMTP servers — there is no way round it that I know of. For me, it would be a reason not to use VirginMedia.
Talking of reasons not to use certain ISPs, BT Business Broadband (which provides btconnect.com e-mail address) refuses to allow individual non-BT addresses to pass through its SMTP servers. This means that their customers who want to carry on using an old e-mail address from another ISP aren’t able to do so. BT Business Broadband won’t tell me why they have this policy (they cite only “security concerns” which they won’t or can’t explain) or why BT Broadband (btinternet.com) allows it and BT Business Broadband (btconnect.com) doesn’t. I suspect whoever made this decision doesn’t understand the issues. I’ve noticed this before in companies with “product managers” who often seem to be marketing people who don’t really understand the technology. I suppose BT would say it’s better to have product managers who are marketing people who don’t fully understand the product than it is to have product managers who are technical people who don’t fully understand marketing.
Personally, I’d be happier with a bit less marketing from BT, and a bit more product knowledge in its product managers and call centres. I still find their engineering staff are almost always absolutely excellent, though, although they tend to hide away from customers, maybe understandably!
Looking back over the last year, some things have changed in the world of PCs, but many problems remain pretty much the same!
Malware — viruses, trojans, spyware and the like — continues to be a big problem. I still see a lot of PCs infected with various trojans designed steal information or money from the unwary. The writers of this stuff are very professional, so I assume there is big money behind it. The most common still seem to be the sort that tells you that tour PC is “at risk”and invites you to download some software to cure it. Invariably the software “finds” lots of things that aren’t really there, and then invited you to register if for about $49.95 to enable it to remove them. If you ignore it, it will get ever more persistent, until the PC becomes unusable.
Sometimes these types of software claim to find viruses or other infections, sometime “memry problems”, “registry errors” and so on. Of course, there are quite genuine and very useful products that do all these tasks, so it’s hard for the normal person to tell the genuine and useful from the fake and harmful. Sometime these fake products every have professional-looking websites (but almost always without traceable addresses or contact details).
An example of a fake product is here.
A simple tip: before you download any software, search for its name on Google. Ignore any sponsored links, and if almost all you find in the search results is people asking how to remove the product, and reputable sites (such as bleepingcomputer.com and techguy.com) offering removal instructions, then tread very carefully!
A new development in 2010: three of my customers who had infected PCs received a phone call to the home numbers from the “Windows Support Group” telling them their PC was infected and offering to remove the infection at a price. It wasn’t clear how their phone number had been obtained (all had their phone numbers in at least one document on their PC, though), who the caller was or who he represented, or how much this “service” would cost. Very suspicious indeed.
Everyone should have a good and up-to-date antivirus program. Two good ones (both free) are the free versions of AVG 2011 from here or (my current favourite) Microsoft Security Essentials from here.
Happy new year to all.