Mary's Antivirus Software Blog

The Postcard from Hallmark Virus Hoax continues to be spammed from mailbox to mailbox. The reason for its continued success: to gain legitimacy, the hoax references a poorly worded (and somewhat inaccurate) 'virus warning' from Snopes. For details, see the Postcard from Hallmark Virus Hoax.

The Washington state attorney general and Microsoft have teamed up to put a stop to rogue scanners. Termed scareware, the rogue scanners employ deceptive advertising to trick victims into purchasing bogus products, typically displaying erroneous warnings claiming the system is infected and instructing the user to purchase a full blown version of the 'scanner' in order to remove the fictitious infections. Not only do victims risk wasting their money on such scams, often times their credit card details are used fraudulently for other purchases. For a list of deceptive products, see 69 Scanners to Avoid. Also see: Wash. AG Press Release

If you tried Norton Internet Security in the past, your PC may have suffered a system crippling performance hit. And that's a shame, because aside from the performance issues, Symantec has historically provided very good detection and removal capabilities. Norton Internet Security 2009 finally (and thoroughly) resolves the performance issues plaguing previous versions. So much so that the completely overhauled NIS 2009 may even become a preferred choice among the performance elite - the gamers. >> Full Review

PC Tools iAntivirus offers Mac antivirus software free to home/home office users and for a nominal fee to corporate Macintosh users. iAntivirus guards against Mac only malware - a focus that has its pros and cons. Check this review to decide whether PC Tools iAntivirus is the right Mac antivirus software for your environment. >> Review: PC Tools iAntivirus

Malware often drops itself as a hidden file and then disables the Folder Options menu in Windows Explorer so you can't change the settings to view hidden files and folders. If you are unable to access the Tools | Folder Options in Windows Explorer, here's how to regain access to the Folder Options menu.

Intego is reporting a fairly serious sounding bug in Apple's latest version of QuickTime (v7.5.5). According to Intego, "The '<? quicktime type= ?>' tag fails to handle long strings, which can lead to a heap overflow in QuickTime Player, iTunes, or any other program that attempts to display media using a QuickTime plug-in." If QuickTime v7.5.5 is installed, this would include Internet Explorer, Firefox, and Safari. Mac users face a double risk - not just the browser but also the Mail and Finder apps are also vulnerable if that version of QuickTime is installed.

Successful exploit could enable remote execution of arbitrary code. Currently, no patch is available. This might be one of those situations where it's simply safest to uninstall QuickTime until Apple releases the necessary patch. More details on the QuickTime heap overflow problem can be found on the Intego blog.

These days, it almost seems there are more bad scanners than good. Rogue scanners display false virus alerts, with instructions to buy the "full version" in order to remove the fictional infections. Wasting your hard-earned dollars on a bogus product isn't the only thing you need to worry about. There have been multiple reports from folks who fell for the scam only to end up with credit card charges much higher than expected - and often a series of fraudulent charges continue to appear on their statements. Victims typically encounter rogue scanners in one of three ways:

Email scams disguised as greeting cards or breaking news alerts;

Advertisements that offer a free scan or system tune-up;

Compromised websites retrofitted to exploit software vulnerabilities.

You can help mitigate your risk of exposure by reading email in plain text only and avoid clicking links or opening attachments in email received unexpectedly - even if it comes from someone you know. Stick with the good guys: for a free online scan, use one of these top online scanners. Keep your system patched to prevent exploit: use the free Secunia Software Inspector at least monthly to check your system for vulnerabilities that need patching.

Here's a list of 69 scanners you should avoid. Also see: Six Steps to Tell if a Virus Alert is Legit.

High tech doesn't always mean highly secure - though one wishes it would. A few weeks ago NASA reported a computer virus on the space station. Now it's been reported that hackers were able to gain entry to systems running the controversial Large Hadron Collider. At least one file was deleted and some new files added to the hacked systems. One has to wonder why on earth (or why in space) such sensitive systems are connected to the Internet in the first place.

Roger Highfield of the Telegraph has penned an excellent article describing the hacker attack on the Large Hadron Collider, as well as the project itself: "Hackers infiltrate Large Hadron Collider systems and mock IT security".

We've all been there - you get an alert from your virus scanner warning that a particular file is infected. Sometimes the alert reappears even after you've told the antivirus scanner to remove the infection. Or you think the virus alert may be a false positive. Here are six things you'll want to consider to determine how to respond to a questionable virus infection alert. >> Full Story

The Trusted Zone in Internet Explorer is usually configured to be more permissive (to allow things like file downloads). It's not unusual for a downloader trojan to take advantage of this by adding its own download site to your Trusted Zone. Make sure you periodically check the sites included in Internet Explorer Trusted Zone, to ensure they really are the sites you intended. Here's how.