StopSign®

With over 400 million active members at the time of this post’s release, half of which log in at least once per day, Facebook is at the top of the web site food chain. With numbers like that, chances are that if you’re reading this post you’re also a Facebook member, and if you are, there have been a lot of changes in the last few months with regard to Facebook account settings that you may not have updated recently.

You may have updated a few settings when you first set up your Facebook account, but it’s a good time to review what your current settings are and make any changes necessary. We’d like to show you 3 things you can change, update, or do to make your Facebook profile safer and help ensure that only the information you want people to see can be seen.

1. Account Settings:

   It all starts with a good password. Since Facebook allows you to store a lot of personally-identifiable information, it’s even more important to ensure that the password you use to access Facebook is strong, unique, and known only by you. If you’re not sure how to create a strong password, check out our blog articles “12 Tips for Making a Good Password” and “Bionic Passwords: Better, Stronger, and Faster“.

   To change your Facebook password, click on Account > Account Settings > Password. You should then be prompted to type in your old password (as a safety precaution) and your new password.

2. Privacy Settings:

   The Facebook privacy settings page has 5 different sections that you can modify, each of which we’ll discuss separately below. For specific details on each section see the actual page itself.

   • Profile Information:

     This section allows you to determine who can see information like your birthday, photos, posts, comments, and information of that nature.

   • Contact Information:

     This section allows you to determine who can see information like your cell phone, home address, website URL, and IM screen names.

   • Applications and Websites:

     If you allow Facebook applications to access your account (including games such as Mafia Wars and 3rd party tools like Twitter), this section allows you to determine what, if any, information those applications can access. You can also select what information your friends can share about you, too.

   • Search:

     This section has 2 very important settings: who can see your search results, and whether or not your Facebook page can be accessed by search engines.

   • Block List:

     Have a virtual stalker on Facebook, or just really tired of someone? You can add them to your Block List and not have to deal with them any more (for the most part).

3. Watch what information you publish:

   Think twice before publishing anything that is personally identifiable to Facebook or any other web site. Phone numbers, addresses, work locations, and schools you or family members are attending are all examples of things that you might want to keep under wraps. And if you do publish them to your Facebook friends, be sure to double-check all of your Facebook settings (noted above) to make sure that only the people you want seeing them can have access to them.

   Please be especially careful with releasing any information regarding your home address online. Making your home address public isn’t something a lot of people do, but new tools, games, and features on many new phones, web services, etc. allow you to post geolocation data like GPS coordinates, and those can be just as dangerous to make public as your address. Read our blog post “Stranger Danger: Geolocation Features and Internet Safety” for more information.

For more information, check out the official Facebook safety page at http://www.facebook.com/safety/.

The StopSign Support staff fields a lot of different calls every day, and a common question heard by our techs is “How can I tell if my anti-virus software is working?“. With hundreds of new viruses and other kinds of malware being written or released every day, it’s natural to suspect that your anti-virus software isn’t up to snuff if you don’t see it catching anything.

Like most anti-virus vendors, the StopSign Research lab keeps a closed-off network of computers (i.e. not connected to the Internet or our internal networks) with live viruses to test our software before it goes out to our members. For us it’s easy to run our anti-virus software against live viruses in our “snakepit” of malware safely because we have a closed environment to test the StopSign Threat Scanner, but that’s not the case for everyone.

Luckily the European Institute for Computer Antivirus Research provides, free of charge, the EICAR Standard Anti-Virus Test File as a tool to test anti-virus software using different test files to see if your scanner takes the bait. The EICAR anti-malware test file is a safe (i.e. not truly infected; it only contains patterns and not any actual virus code), publically available anti-malware test file which contains code that should trigger detections by anti-virus and/or anti-malware software.

Testing your anti-virus software is as easy as 1-2-3:

1. Download:

   Go to EICAR’s web site and download an anti-malware test file on to your computer (and be sure to note where you downloaded it to). There are several versions of the test file available if you scroll to the bottom of the page. Feel free to choose any (or all) of them.

2. Scan:

   Using your anti-virus software (we, of course, recommend StopSign Internet Security software), scan the anti-malware test file you downloaded.

3. Review:

   When your security software is finished, it should have detected any of the anti-malware test files you downloaded as infected.

If for some reason your anti-virus software doesn’t pick up the “infection” it could just mean it’s time to update your software with the latest anti-malware definitions. Update your security software and try it again, and if it still doesn’t pick up the EICAR anti-malware test file then contact your security software vendor to see if there is a problem.

OK, we can’t get your passwords to become faster, but certainly we can give you tips on how to make them better and stronger (read: harder to break). Our last post on passwords gave a lot of information on how good passwords can be easily created, and we’ve come up with more ideas for you to secure your passwords.

A strong password is the first line of defense against anyone who would want to break into your account, so the tougher you make it on them, the less likely it will be that they get what they want. Use these tips to create a bionic password that will make it tougher to crack.

• Get creative with words:

  You can get a lot of traction out of one word if you can figure out different ways to use it in your password. For example the word “crystal” is pretty clear (pun intended), but you can muddy it up a bit by doing things like removing all vowels, changing how it’s spelled, or reversing certain letters. Examples include “crstl”, “krYs+al”, and “ltsrc” (the first one, only backwards). Mix that up with another word to increase the length of the password and you’ll be good to go.

• The same word, only different:

  Maybe you like birds, and your favorite bird is the Pine Grosbeak bullfinch. Well, as we all know (sarcasm) the genus for those birds is “Pinicola”. Maybe you also happen to love Coca-Cola. You take out the “cola”, insert “Coke”, and now you have a 2-word password that’s easy to remember: “PiniCoke”. Substitute some of the characters to something like this: “p1niCok3″ and you’re good to go.

• Don’t use common number patterns:

  Your phone number, street address, even your jersey number from the high school football team… these are all very bad things to use in a password as they are. If you plan on using one of them, be sure to mix things up. If you live on 1313 Mockingbird Lane (Quick… what TV show is that address from? The first person to comment on the blog with the right answer gets a free year of StopSign.), you could use the street number like this: “+h1rT3en13″.

• Mix it up:

  Using only alpha-characters or only numbers isn’t a very good idea for a password at all. Your password is a digital cocktail. Mix. It. Up. If a decent password is made up of 8 or more characters, you should try to use at least 2 numbers and one non-alphanumeric character (a hash symbol “#”, an exclamation mark “!”, etc.).

• Use multiple passwords:

  Ideally you should have a unique password for every account that you have. Your home email, work email, computer login, bank account, Twitter… any account you have that requires a user name and password should have its own unique password.

These suggestions are not the end-all, be-all and we don’t necessarily advocate using every single password tip listed. But they can be food for thought when devising a new password. You’ve seen my repeated suggestion to mix things up, and that’s a big thing. Keep things fresh, get creative, and you’ll be far and away ahead of the pack when it comes to creating a strong (and difficult to crack) password.

There are reports coming in regarding Twitter forcing people to update their passwords. The reason: real or potential Twitter phishing attacks. Many people are talking about seeing an email from Twitter that reads:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.

At this time there is no confirmed threat, but it appears that if nothing else, Twitter is taking a proactive role in helping to reduce and/or pre-emptively kill any phishing attempt that may be occuring. Even if Twitter hasn’t changed your password and/or you’re not affected by this possible phishing attack, we recommend the following course of action for increased security:

1. Change your password. Make sure to use a good mix of letter and numbers.

2. Review and rethink any third-party services you’ve allowed in your Twitter Connections setting.

3. It’s also a good time to go through your followers (and those you’re following) and check for spammy and/or suspect accounts. Things to look for in these types of accounts include, but aren’t limited to:

   • Very few, if any, tweets. Ever.
   • No tweets in the last
   • Following thousands but followed by few.
   • The same kinds of tweets sent out over and over and over.

We will report on this issue again as we find out more details. For more tips on staying secure on Twitter, check out our blog post “Six Secrets of a Safe Twitter Account.“.

UPDATE: Twitter addresses the password resets with their status update entitled Reason #4132 for Changing Your Password.

Steering clear of spyware can be a difficult thing to do, especially with all the clicking you have to do just to get the information you’re looking for. A single-click here, a double-click there, lather-rinse-repeat this process for a few months and generously sprinkle that time with a few instances of drive-by downloads and a couple of missed opt-ins and before you know it your once speedy computer is slower than molasses in January.

Spyware happens, but there are things you can do to help stem the flow of it on your computer. By making a few easy-to-adopt changes to the way you browse the Internet and taking an extra minute before you download something, the tips we’ve compiled below will help you stay spyware-free.

1. Watch where you’re browsing:

   Spyware (and malware in general) tends to get on your computer from a shady source. Staying away from untrusted or unknown websites is an easy way to fight spyware. If you need to download updates or specific software packages your best bet is to get it directly from the manufacturer’s website (i.e. go to adobe.com for Adobe Acrobat updates). If you’re looking for software in general (i.e. you’re looking for DVD burning software but don’t know of a specific maker) then try a major download site like tucows.com or download.com.

2. Download with caution:

   A popular tactic with spammers is to send you to a fake website that looks like a legitimate one. Spyware makers have taken that lead and run with it for their own purposes. Stay one step ahead of them both by making sure you’re looking at, and downloading from, the site you’re actually supposed to be on. You can learn more about detecting fake websites in one of our previous blog posts.

3. Read the Fine Print:

   There are 2 common places to look for the tell-tale signs of spyware on a website you aren’t familiar with:

   1. The download or info page:

      Some software or websites, by their very nature, need to contact the mothership every now and again. Anonymous usage statistics, passing along pertinent information such as items in a shopping cart before you purchase, and things of that nature are part and parcel of getting things done online. What you don’t want, however, is to have things like your social security number, credit card, or email address passed around without it being absolutely necessary. Entering your Visa number in a shopping cart is one thing, but there’s no real reason for that cart to ask for your SSN. Keep an eye out for oddities like that when you’re browsing, and make sure what they’re asking for makes sense.

   2. The EULA:

      “What’s a EULA”, you ask? A EULA is an acronym for “End User License Agreement”. It’s where all the technical and legal mumbo-jumbo is put in (or before) a download (or install). Most people consider reading the EULA a nuisance and click on “yes” without having read a word. Keep in mind that acceptance of the EULA is a legal agreement you’re entering into with a software vendor, and if you don’t read it you won’t know what you’re agreeing to. Give a EULA the once-over before you install anything and make sure that everything is on the up-and-up.

4. Get protected, stay protected:

   Your antivirus software, in all likelihood, won’t do anything for you about spyware. It’ll work viruses all day long, but spyware is a different beast, and you need special antispyware software to deal with it. To make sure you’re completely protected you need to make sure your computer is protected with both antivirus and antispyware software. The one-two punch of antivirus and antispyware software will go a long way in keeping your computer as free from infection as possible.

Pretty simple stuff, actually. A lot of it is common sense, but keeping those things in mind when you’re browsing the Internet will help keep your computer protected from spyware.

As 2009 comes to a close and all of the holiday decorations begin to come down (you are taking down those lights before Valentine’s Day, aren’t you?), many people choose to make New Years Resolutions. Some people choose to promise themselves to lose weight, others to spend their money more wisely, but we’re asking you to make a different change: the way you use your computer and the Internet.

Making a change is never easy (most people don’t seem to like change at all); but change can be good if it’s done for the right reasons. Meet the New Year head-on by resolving to make the tech-related aspects of your life a little safer and a little more secure by following our 5 simple suggestions for changes to your computer and Internet use:

1. Change your passwords

   It’s a simple enough change, and possibly one of the most important. By not letting a password live for too long, you help to reduce the chances of it being captured by spyware or a keylogger and sent out on the web to someone with mischief on their mind. Read the StopSign blog post on creating a good password and update all of your passwords in 2010.

2. Update Privacy Settings

   Crack open your browser(s) and review your current privacy settings. It’s probably not a set of options that you look at all the time, and you might have accidentally set some of the settings too low for certain things, or maybe even added certain web sites to a white list that you didn’t mean to. Now’s the time to clean all of that up. And while you’re at it you may as well clear out your cookies, browser cache, and all that jazz. Start the New Year as fresh as possible.

3. Update Vital Information Online

   From the address and phone number on your online banking profile to dusting off that Facebook or Twitter account and removing any personally identifying information that anyone can see, there’s no time like the present to update your information online. We can help you to stay safe online with some tips on things to look out for when putting your info online.

4. Back up Important Files

   If you’re like us, you probably do a lot on your computer: your taxes, edit family photos, post videos online, and more. Don’t be caught without a backup: Burn your important files and other data to a CD or DVD, buy an external hard drive and copy everything over, or even use an online service to keep a copy of it all off-site. Between hardware failure (something a friend who didn’t have backups of wedding photos recently went through) and data corruption, much less any other calamity, keeping a backup of the things that are important to you should be a top priority in the coming year.

5. Patch it up

   Check your operating system, installed applications (web browsers and plugins, document editors, PDF viewers, spreadsheets, etc.), and antivirus/security software for updates. Without the latest version of software you leave yourself open to out-of-date problems at best, and security-related and/or data-loss problems at worst. Most software apps have a simple method of updating themselves anyhow, so it shouldn’t be too difficult to figure out.

If you enjoyed this post or any of our other StopSign Blog posts from 2009, just wait until 2010! We’re going to keep posting online safety and security-related topics here on our blog. You can also follow the StopSign Blog on Twitter to get the whole scoop on what we’re doing, what we think you might find interesting online (and sometimes offline), and more.

Happy New Year! We look forward to hearing from you in 2010. :)

“I’ve been hacked. Now what?”

Maybe it was a keylogger. Perhaps it was a simple virus, or even a trojan. Spyware took over your computer? It doesn’t matter, really. Something happened, you’re back to being clean, but your confidence in the security of your computer is shaken; and now you’re sitting there wondering what to do next.

First off, you’re not alone. With an estimated 300 new viruses or malware variants coming out every month, most people at one time or another are going to be the victims of malicious software. And depending on the severity of the attack you suffered, it’s not unlike the feeling you get when your home is robbed or your car is broken into. There’s a sense of fear, mistrust, and possibly even anxiety about being hit by malware in the future. Again, you’re not alone.

While we can’t speak to the emotions you may be feeling about what happened, what we can do is help you fix what happened and maybe even help you avoid the problem in the first place. What you’ll find below is a list of suggestions we have to recover from a malware attack.

• Change your passwords

  All of them. Especially if you had some kind of spyware or a keylogger on your machine. There’s no telling what passwords, if any, the crooks who authored your malware were privy to, but why take a chance? Make good use of our blog post on how to create a good password and come up with a new one for each and every site you use.

• Reconsider minor apps

  Now’s as good a time as any to go to your Add/Remove Programs and look at what software you have installed that you don’t use or might be suspect. Not only will this (possibly) help make your computer a bit more peppy, but it’ll also reduce the chances having of a piece of software on your computer that may be vulnerable to attack (vis-a-vis the bad guys).

  • While you’re at it, you may as well clean up and optimize your hard disk to help fix things up. That’s not going to prevent viruses or spyware from infecting your machine, but it is good general maintenance. :)

• Consider canceling those cards

  If you used a particular credit or debit card with your computer, consider calling up the issuing bank, explaining what happened, and have them cancel the card and get a brand new one issued. That is, admittedly, a pain in the behind; but if your card data was compromised then you could be looking at an even bigger pain trying to recover from a bank account being open to the whim of crooks.

• Report any crime

  It’s one thing to have some passwords compromised; it’s another to actually have sensitive data leaked or have money stolen a bank account whose information was on your computer due to malware. If you were a victim of a crime please contact the authorities.

• Be careful what you open

  Emails, IMs, downloads… Not to make you paranoid, but pretty much anything you can click on has the potential to deliver malware right to your computer’s doorstep. Only open files or click on links from trusted sources. You should also keep an eye open on those, too, since spammers and hackers can forge email addresses to make them seem like they come from a friend or co-worker. Read the subject and content of emails and IMs before clicking on any link or downloading any attachments.

• Practice safe computing

  Help yourself out by steering clear from traditionally virus and spyware-laden web sites: iffy download sites, adult sites, gambling sites, and movie/mp3/torrent/etc. sites. They’re not all bad, but they have a bad rap for a reason.

An ounce of prevention is worth a pound of cure.

While we can’t say that doing any, or all, of the aforementioned steps will keep you 100% protected against future infections, we can say that every bit of pre-emptive caution that you can take will pay off in the long run.

Twitter is like a giant party in a community of over 18 million people, and there’s bound to be a few apples in the bunch who want to cause trouble. You can get around some of those problems by locking down your Twitter account and being aware of some of the potential problems you might run into when you’re tweeting. Just follow these simple Twitter tips and use your common sense, and you’ll be much ahead of the “safe twittering” curve.

1. Good, strong passwords.

   The creation of a good password cannot be stressed enough! Make sure to create a password that’s difficult for others to figure out and contains a mix of letters and numbers. Also try to use a different password than you use on other social networking sites in case one of the passwords gets cracked or is leaked out. Read more about how to create a strong password on our blog.

2. URL shorteners.

   Sites like bit.ly, ow.ly, and cli.gs are great URL shortening services, especially when someone wants to link to websites in 140 characters or less. But if you don’t know the person who tweeted with a shortened URL, you’re never quite sure what you’re going to get. (OK, that’s not 100% true*) Be careful what you click on!

3. Are you (literally) on Twitter.com?

   Scammers and spammers love to build lookalike sites to try and trick you into submitting your user names and passwords to them instead of the real thing. Before you log in, check the address bar to make sure you’re actually on Twitter.com and not some scam website. Learn more about how to figure out if you’re on a fake website or a real one on the StopSign blog.

4. Third party access.

   There are some really neat services out there like We Follow and Twitter Grader that help enhance your Twitter experience and learn more about your tweeting habits; but there are also some fishy ones too. Make sure to regularly check your Connections settings in Twitter to clear out any unexpected or suspect applications that have been given access to your account. And if they offer it, connect using OAuth, as it’s much safer than supplying your user name and password to a strange website.

5. Phishy phish.

   You’ve got to be diligent about reading DM’s and @ mentions (there’s a particularly nasty trick going around now where a scammer will @ mention you regarding something you’ve tweeted about and there’s a shortened URL to a spam site in the mention – do NOT click on it!). There always seems to be a phishing scams of some kind happening on Twitter, so make sure you know what you’re clicking on or responding to.

6. Don’t get too personal.

   It’s really important that you don’t expose too much information about yourself or your family online. The wrong tweet can get you on a spammers list, or at worst, can lead crazies on the Internet right to your front door. We’ve got tips on how to stay safe online and offline.

For more information on Twitter security, check out the official Twitter help article on safe tweeting.

*OK, technically you can preview any bit.ly URL by adding a “+” to the end of the URL. Other sites and/or services may do the same; but the main issue is that URL shorteners, by default and by design, do not natively display the destination URL. Back to the top

If it’s the end of the year then that means it’s time for Christmas, Hanukkah, Kwanzaa, and the annual ramp up of holiday-related scams, phishing, and other related online naughtiness. If only Santa had enough room on his Naughty List for all of the digital scammers!

It seems like every year the “bad kids” of the online world all seem to come together to get some year-end maliciousness out of their system. Increases in email spam, fake friend requests on social networking sites, and identity theft are part and parcel for the holiday season and this year is no different. If anything the current economic problems in America and the rest of the world make us all more likely to be a victim of holiday scams since we’re all on the hunt for great deals and looking for a way to stretch our holiday budgets.

Here’s a breakdown of some of the more common scams, schemes, and potential problems that you’ll find this year:

• Fake gift cards

  A perennial favorite, fake gift cards are often touted as being sold for cheaper than their original price (e.g. a $25.00 gift card being sold for $10.00), but many times are either completely fake, stolen and worth no money, or have had most if not all of their value used already. We suggest that you avoid these at all cost unless you get them from the store they are actually from (like Amazon.com gift cards) or another reputable vendor.

• Fake charities

  Organizations like the United Way, Red Cross, and Toys for Tots do wonders for people across the country, but be careful when making a donation. Be sure that the representative you’re talking to is actually working for a charitable organization and not his or her own pocketbook.

• Holiday e-cards

  Even though the real ones can be fun, e-cards in general have been known to mask trojans and spyware that are installed on your PC without your knowledge. Be especially careful when you receive an e-card in your inbox during the holidays.

• Lyric websites

  When looking for Christmas carols you might end up finding malware. Many lyric sites are chock-full of advertising, popups, and it’s easy to accidentally click “OK” on a software install button. Be very careful when getting your play list ready for your carolers.

• Fake websites

  These tend to come out of the woodwork and often look very convincing. Identity theft and stolen credit card numbers are the usual gifts that are given to holiday scam artists when they set up a fake website that copies an online store or charitable website. Check out our post on “How to Spot a Fake Website” for additional details on how to know which are fake and which are real.

• Online fraud

  eBay, CraigsList, and other online auction and shopping sites have great deals and a lot of hard-to-find gifts. They also have a lot of fraud associated with them since anyone with an email address can set up an account. Make sure to look for user ratings if possible (eBay in particular has a pretty darn good rating system for buyers and sellers) to see what a seller’s track record is like before you click on the buy button.

We hope that you find these tips useful this holiday season, and we wish you and yours the very happiest of holidays! And if you’ve got kids and they’re still young enough to believe in Santa Claus, check out this Naughty or Nice form that asks a few questions and lets them know what list they are on.

There’s a dirty little secret in the field of computer security: no antivirus or spyware product can detect or clean everything. It’s true. StopSign is a great product and we’re constantly upgrading our antivirus and antispyware engines to provide the absolute best protection for our members; but there is no security product on the market that can deal with every single infection, especially emerging or previously unknown vulnerabilities, called zero day attacks. Our solution to this problem is a Custom Cure™ that our Support Staff creates on an individual basis for any active member who needs one.

We’ll often hear “Well so and so’s product removed such and such infection, why didn’t StopSign?” Honestly, we’re glad when we hear that, because that means our members are talking to us instead of assuming the worst, and then we can tell anyone experiencing this problem about our very unique Custom Cure™ service that addresses anything we might miss during a scan. Once we know about your problem, our support techs will get some information about your infection and then create a fix that’s customized for your particular needs.

Just like all of our US-based support, a Custom Cure™ is part of your StopSign membership and is provided at no additional charge! That’s right… all of our technical support is absolutely free to our members. We don’t charge you for Custom Cure’s™, phone calls, emails, or online chats with our Support Staff.

If you’re an active StopSign member and come across a particularly nasty virus or spyware infection that just keeps sticking around, please contact our Support Staff or submit a support ticket online and we can begin to walk you through the entire process and get your machine clean.