When the uninstallation utility fails to completely remove an old version of Java, you can find yourself stuck. The Java installer won’t allow you to install the new version until the old version is eradicated, but running the uninstaller in Add/Remove Programs doesn’t work. The Java documentation points people to an old Microsoft support page to download the “Office Installation Cleanup Utility”, but the utility is no longer published by Microsoft. This can leave users searching around for hours on sketchy 3rd party sites trying to find the tool. There is literally no technical support for end users who experience Java problems. And it’s no better for enterprise folks either – that support email address bounces messages. I’m pretty ticked at the Java developers’ lack of support and buggy software. But being ticked doesn’t get Java updated.

After a good bit of googling, I eventually found several tools that can help. For those in the enterprise, I have a batch script that you can push as a Group Policy Object (GPO) startup script that will detect if Java is broken or outdated, and upgrade it.

End Users and Single Computers

For end users and single machines, the easiest tool is the Microsoft Office Installer Cleanup Utility, available for download at http://majorgeeks.com/download.php?det=4459. After you install this utility, you can run it and see a list of all the software that is presently installed on your system. Note that you do not want to attempt to uninstall something via this utility first. This utility is a last-ditch effort to remove something from your computer. Once you highlight and remove Java, you should be able to install the latest version. Easy as pie.

For Systems Administrators in the Enterprise

For the enterprise, it gets more tricky. Since you probably don’t want to go around to thousands of computers to click through this program every time Java releases an update, you’ll need to develop some installation scripts. First, you’ll need to obtain the MSI installer for the latest version of Java. Instructions on how to do this are found here: http://www.edugeek.net/forums/windows/64371-how-create-deployable-java-msi-based-r6-u22.html.

Following the guide in the above link, you’ll want to create a MSI transform file (.MST) for deployment. The transform file will do neat things like bypassing the EULA acceptance, enabling the browser plugin, and disabling the auto-update checks (since you’ll be pushing out updates on your own, and your users likely do not have administrator rights – I hope!). To modify MSI’s, as well as generate the transform files, you’ll need Orca, which is free, and located here: http://www.technipages.com/download-orca-msi-editor.html.

Now you should have your MSI and MST files ready to go. They need to be stored somewhere our scripts can access. They’ll run as the computer account if they’re startup scripts, so the computer will need NTFS rights (if you’re going SMB). Alternatively, you could potentially hosts this on your intranet WWW site (though I haven’t tested this).

There are 2 scripts. One is a simple batch script, and the other is a VBS script. The VBS script is called by the batch script, so it, too, will need to be accessible to the computer account. Both scripts require customization for your environment. The VBS script installs Java. The batch script determines if Java needs to be installed.

Without further delay, here’s the VBS script:

‘# Galen Dobbs – 13:20 23/03/2009
‘# If the current version is not installed, it installs it from the specified path.
‘# Based on a script by ‘Daz’ from Appdeploy.com message boards.
‘# http://www.appdeploy.com/messageboards/tm.asp?m=29809

Option Explicit

Dim wshShell, fso, strLogFile, ts, strTempDir, strTempISS, strUnString, tsIn
Dim strUninstLine, CLSID, search5, search6, search7, strJRE1, strDisplayName, strDisplayVersion
Dim strPublisher, strUninstallString, strJREUninstallString, strJREDisplayName
Dim search1, search2, search3, search4, strJREUninstallStringNEW, ret, strUninstCMD
Dim tsISS, strSetupexe, qVal, strComputername, strCurrentVersion, strInstallMST
Dim searchCurVer, CurVerFound, strArrayCount, strLogPath, strInstallCMD, strInstallMSI, strInstallLog

Dim arrayJREDisplayName()
Dim arrayJREUninstallString()

‘# Change this to match the version that you don’t want to have it uninstall
strCurrentVersion = “Java(TM) 6 Update 29″

‘# Set these to the desired log path and current version installer location
strLogPath = “C:\Java\”
strInstallMSI = “\\fileserver\jre1.6.0_29.msi”
strInstallMST = “\\fileserver\jre1.6.0_29_1.mst”

qVal = 0
strArrayCount = 0
ReDim arrayJREDisplayName(strArrayCount)
ReDim arrayJREUninstallString(strArrayCount)

Set wshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

strComputername = wshShell.ExpandEnvironmentStrings(“%COMPUTERNAME%”)

‘# Set this to the appropriate command line settings to do a silent MSI install
strInstallLog = strLogPath & “Java_Install_” & strComputername & “.log”
strInstallCMD = “msiexec /I “”" & strInstallMSI & “”" /t “”" & strInstallMST & “”" /QN /Lime “”" & strInstallLog & “”"”

If Not fso.FolderExists(strLogPath) Then fso.CreateFolder(strLogPath)
strLogFile = strLogPath & “Java_Uninstall_” & strComputername & “.log”
Set ts = fso.OpenTextFile(strLogFile, 8, True)

ts.WriteLine String(120, “_”)
ts.WriteLine String(120, “¯”)
ts.WriteLine Now() & ” – Java Runtime(s) uninstallation started…”
ts.WriteLine String(120, “_”) & vbCrlf

‘# Generate Registry extracts from ‘Uninstall’ keys.
PreFlight()

‘# Kill Java Processes
KillProc()

strTempDir = wshShell.ExpandEnvironmentStrings(“%temp%”)
strTempISS = strTempDir & “\iss”
strUnString = ” -s -a /s /f1″
Set tsIn = fso.OpenTextFile(strTempDir & “\uninstall.tmp”, 1)

If Not fso.FolderExists(strTempISS) Then fso.CreateFolder(strTempISS)

Do While Not tsIn.AtEndOfStream
strUninstLine = tsIn.ReadLine
CLSID = Mid(strUninstLine, 73, 38)
search5 = Instr(strUninstLine, “JRE 1″)
search6 = Instr(strUninstLine, “]”)
If search5 > 0 AND search6 > 0 Then
strJRE1 = Replace(Mid(strUninstLine, search5, search6),”]”,”")
End If

On Error Resume Next

strDisplayName = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\DisplayName”)
strDisplayVersion = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\DisplayVersion”)
strPublisher = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\Publisher”)
strUninstallString = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\UninstallString”)

strJREUninstallString = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & strJRE1 & “\UninstallString”)
strJREDisplayName = wshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & strJRE1 & “\DisplayName”)

On Error Goto 0

‘Search for presence of Java and Sun in DisplayName and Publisher
search1 = Instr(1, strDisplayName, “Java”, 1)
search2 = Instr(1, strPublisher, “Sun”, 1)
search3 = Instr(1, strDisplayName, “J2SE”, 1)
search4 = Instr(1, strUninstallString, “setup.exe”, 1)
search7 = InStr(1, strDisplayName, “Development”, 1) + InStr(1, strDisplayName, “Java DB”, 1)

‘See if it is the current version
searchCurVer = InStr(1, strDisplayName, strCurrentVersion, 1)

‘If it is, Show that the current version is found
If searchCurVer > 0 Then
CurVerFound = True

ElseIf strJREUninstallString <> “” Then
‘# JRE 1 found
strJREUninstallStringNEW = Replace(strJREUninstallString,” -f”,” -s -a /s /f”)
redim Preserve arrayJREDisplayName(strArrayCount)
redim Preserve arrayJREUninstallString(strArrayCount)
arrayJREDisplayName(strArrayCount) = ” – Found Old JRE: ” & strDisplayName & “  – Version: ” & strDisplayVersion & “, Uninstalling…”
arrayJREUninstallString(strArrayCount) = strJREUninstallStringNEW
strArrayCount = strArrayCount + 1

ElseIf search7 = 0 And search1 > 0 Or search3 > 0 And search2 > 0 Then
strUninstCMD = “msiexec.exe /x ” & CLSID & ” /norestart /qn”

If search4 > 0 Then
‘# Old InstallShield setup found
Set tsISS = fso.OpenTextFile(strTempISS & “\” & CLSID & “.iss”, 2, True)

‘Create Response file for any Java Version
tsISS.WriteLine “[InstallShield Silent]”
tsISS.WriteLine “Version=v6.00.000″
tsISS.WriteLine “File=Response File”
tsISS.WriteLine “[File Transfer]”
tsISS.WriteLine “OverwrittenReadOnly=NoToAll”
tsISS.WriteLine “[" & CLSID & "-DlgOrder]”
tsISS.WriteLine “Dlg0=” & CLSID & “-SprintfBox-0″
tsISS.WriteLine “Count=2″
tsISS.WriteLine “Dlg1=” & CLSID & “-File Transfer”
tsISS.WriteLine “[" & CLSID & "-SprintfBox-0]”
tsISS.WriteLine “Result=1″
tsISS.WriteLine “[Application]”
tsISS.WriteLine “Name=Java 2 Runtime Environment, SE v1.4.0_01″
tsISS.WriteLine “Version=1.4.0_01″
tsISS.WriteLine “Company=JavaSoft”
tsISS.WriteLine “Lang=0009″
tsISS.WriteLine “[" & CLSID & "-File Transfer]”
tsISS.WriteLine “SharedFile=YesToAll”
tsISS.Close

strSetupexe = Left(strUninstallString, search4 + 9)
strUninstCMD =  strSetupexe & strUnString & Chr(34) & strTempISS & “\” & CLSID & “.iss” & Chr(34)
End If

redim Preserve arrayJREDisplayName(strArrayCount)
redim Preserve arrayJREUninstallString(strArrayCount)
arrayJREDisplayName(strArrayCount) = ” – Found Old JRE: ” & strDisplayName & “    – Version: ” & strDisplayVersion & “, Uninstalling…”
arrayJREUninstallString(strArrayCount) = strUninstCMD
strArrayCount = strArrayCount + 1

End If

Loop

tsIn.Close

Dim I
If CurVerFound AND strArrayCount > 0 Then
ts.Writeline Now() & ” – Current Version: ” & strCurrentVersion & ” found, continuing with uninstalls…”
For I = LBOUND(arrayJREDisplayName) to UBOUND(arrayJREDisplayName)
ts.WriteLine Now() & arrayJREDisplayName(I)
ts.WriteLine Now() & ” – Uninstall String sent: ” & arrayJREUninstallString(I)
ret = wshShell.Run(arrayJREUninstallString(I) , 0, True)
ts.WriteLine Now() & ” – Return: ” & ret
If ret <> 0 And ret <> 3010 Then qVal = 1
Next

ElseIf CurVerFound AND strArrayCount = 0 Then
ts.WriteLine Now() & ” – Current version, ” & strCurrentVersion & “, found.”
ts.WriteLine Now() & ” – No Old Java Runtime versions are installed.”
qVal = 99

ElseIf Not CurVerFound Then

ts.WriteLine Now() & ” – Current Java version, ” & strCurrentVersion & “, not found, installing it.”
ts.WriteLine Now() & ” – Running Command: ” & strInstallCMD
ret = wshShell.Run(strInstallCMD , 0, True)
If ret <> 0 AND ret<> 3010 Then
ts.WriteLine Now() & ” – Failed to Install Java, see ” & strInstallLog & ” for more details.  Exiting Script.”
qVal = 1
ElseIf strArrayCount > 0 Then
ts.WriteLine Now() & ” – Successfully installed ” & strCurrentVersion & “, and logged to ” & strInstallLog & “.”
For I = LBOUND(arrayJREDisplayName) to UBOUND(arrayJREDisplayName)
ts.WriteLine Now() & arrayJREDisplayName(I)
ts.WriteLine Now() & ” – Uninstall String sent: ” & arrayJREUninstallString(I)
ret = wshShell.Run(arrayJREUninstallString(I) , 0, True)
ts.WriteLine Now() & ” – Return: ” & ret
If ret <> 0 And ret <> 3010 Then qVal = 1
Next
ElseIf strArrayCount = 0 Then
ts.WriteLine Now() & ” – Successfully installed ” & strCurrentVersion & “, and logged to ” & strInstallLog & “.”
ts.WriteLine Now() & ” – No Old Java Runtime versions are installed.”
qVal = 99
End If
End If

ts.WriteLine String(120, “_”)
ts.WriteLine String(120, “¯”)
ts.Close
fso.DeleteFolder(strTempISS)
fso.DeleteFile(strTempDir & “\uninstall.tmp”)

WScript.Quit(qVal)

Sub PreFlight()
‘# Creates temp files containing extracts from registry ‘Uninstall’ keys.
Dim wshShell, fso, sTemp
Set wshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
sTemp = wshShell.ExpandEnvironmentStrings(“%temp%”)
wshShell.Run “REGEDIT /E %temp%\registry.tmp HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall”, 0, True
wshShell.Run “cmd /c type %temp%\registry.tmp | find /i “”{“” | find /i “”}]”" > %temp%\uninstall.tmp “, 0, True
wshShell.Run “cmd /c type %temp%\registry.tmp | find /i “”JRE 1″” >> %temp%\uninstall.tmp “, 0, True
If Not fso.FileExists(sTemp & “\uninstall.tmp”) Then
ts.WriteLine Now() & ” – No input – %temp%\uninstall.tmp Reg extract not created.”
ts.WriteLine String(120, “_”)
ts.WriteLine String(120, “¯”)
ts.Close
WScript.Quit(1)
End If
End Sub

Sub KillProc()
‘# kills jusched.exe and jqs.exe if they are running.  These processes will cause the installer to fail.
Dim wshShell
Set wshShell = CreateObject(“WScript.Shell”)
wshShell.Run “Taskkill /F /IM jusched.exe /T”, 0, True
wshShell.Run “Taskkill /F /IM jqs.exe /T”, 0, True
End Sub

By the way, when you copy/paste VBS text from the internet, make sure your font is converting (straight) quotes into smart (angled) quotes. If you get errors running the VBS, the character conversion could be the cause.

You’ll notice the script is commented, and includes instructions to modify the path to the MSI & MST files, as well as define the current version number. That’s the only modification this script needs.

If you run this script more than once on a good version of Java, it will break, and require a forceful uninstallation. That’s why we’ll call this script with a batch script that checks to see whether we even need to attempt an installation.

@echo off
REM We’ll check for the java executable. If it’s missing, Java is either broken or not installed.
if exist “C:\Program Files (x86)\Java\jre6\bin\java.exe” goto :install
if exist “C:\Program Files\Java\jre6\bin\java.exe” goto :install

REM If we get to this point without being forwarded to the install section, we can assume that the Java install is broken. Let’s completely remove it.
reg query hklm\software\classes\installer\products /f “java(tm) 6″ /s | find “HKEY_LOCAL_MACHINE” > C:\windows\logs\deljava.txt
for /f “tokens=* delims= ” %%a in (C:\Windows\logs\deljava.txt) do reg delete %%a /f
del C:\windows\logs\deljava.txt
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment” /f
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\JavaSoft\Java Runtime Environment” /f

REM Java should be completely removed. Now, let’s reinstall it.
REM The Java installer VBS wants C:\Java to exist for logging, so let’s make that.
mkdir C:\Java
REM Now let’s call the installation VBS.
call “\\fileserver\path\to\java_install.vbs”
echo “%time% %date% — Broken Java detected. Uninstalled and re-installed” >> “C:\Windows\logs\java1.txt”
REM And we should be done
goto end

:install
REM We know java is installed correctly, let’s see if it needs an update.
if exist “C:\Windows\logs\java1.txt” goto end
REM Change java1.txt with each new version. So next update, we’ll create and check for logfiles called java2.txt
REM If the log file doesn’t exist, we can assume the current version hasn’t been installed. Let’s install it.
REM The Java installer VBS wants C:\Java to exist for logging, so let’s make that first.
mkdir C:\Java
call “\\fileserver\path\to\java_install.vbs”
REM Now Java should be installed with the latest version.
REM Let’s create a log file to check for next time we run this script.
echo “%time% %date% — Java installed” >> “C:\Windows\logs\java1.txt”
:end

As you can see, this is heavily commented. The tricky part is that this script needs to create and look for a log file. If the log file exists, it knows it has already run the script. If the log file doesn’t exist, it knows it should try to install. The tricky part is when you get a new version of Java, you’ll need to modify the VBS with the updated MSI/MSTs, and you’ll need to update the log file that the batch script looks for. So if this version uses C:\Windows\logs\java1.txt, the new version should create and look for C:\Windows\logs\java2.txt.

So there you have it. With this in my shop, we’re able to deploy Java via startup scripts, determine if the installation is broken and reinstall it, and upgrade it. We went from having dozens of machines break at every update and require our intervention, to none. It is still pretty hands on, but until the Java developers manage to create a functional installation utility, this is the best we’ve got.

If you have any tips, troubles, hints, etc., please leave them in the comments below. Happy travels fellow sysadmins!

It happens every day in America. All of us have door locks, and many of us even have sophisticated alarm systems to deter theft. But even the best door lock and alarm system can be thwarted, and chances are you’re not employing bank vault level security at your front porch. Most of us try to offset the risk of theft by purchasing insurance, renting safety deposit boxes, or even deploying our very own safe. But what steps do we take to protect our computer?

Do you ever buy anything online? How about pay your bills or visit your bank’s web site? Ever logged in to your office network from home to finish a project or grab a file? If a burglar took your plasma, that’s easy enough to replace. But with your computer, he potentially has access to some very private data. And it’s trivially easy to gain access to a computer that solely relies upon the Windows logon password for protection. That’s why every home computer user needs to use encryption.

These days it’s easier than ever to employ encryption software on your personal computer. And best of all, it’s completely free. With an open source utility called TrueCrypt, you can encrypt your entire hard drive with only a few quick clicks. With an encrypted hard drive, it takes decades for a very dedicated attacker to gain access to your files.

Simply download and run the TrueCrypt installer. Once installed, click on “System” and “Encrypt System Partition/Drive” and walk through the wizard to create your passphrase and begin the encryption process. It may take several hours for the drive to be fully encrypted, depending on the size of your hard drive as well as your computer’s specifications. But the initial setup should only take 15 minutes. You’ll be prompted to create a recovery disc, which is helpful in case anything goes wrong. Of course you’ll still need your password to unlock the computer, though.

And just like that, you went from a screen door to a bank vault.

TrueCrypt can also be used to encrypt external hard drives, files, and even build in a decoy operating system. The decoy operating system is a great feature, as highlighted by this XKCD comic. With a decoy OS, you’ll have two difference passwords. One password will unlock one operating system, while the other password unlocks the other one. Both operating systems operate completely independent of each other. This is essential for applications which require plausible deniability. If under duress, one can safely divulge password “A”, while keeping the contents of operating system “B” securely hidden. But that’s a bit more complex, and possibly a topic for another day.

Note that TrueCrypt full disk encryption only works on standard Windows setups. People with multiple operating systems, or other operating systems such as OSX or Linux cannot use TrueCrypt full disk encryption.

Many people speculate that since their personal computer holds no state secrets, databases of credit card numbers, or other high value sensitive information, they’re at a low risk. Unfortunately this is not the case. For most people, the most valuable asset that is worth the hacker’s time is your internet connection’s bandwidth. Hackers use automated tools that scan thousands of random computers for security holes, and attack whatever vulnerabilities they find. Using these tools, a hacker can build an army of infected machines to do his bidding. One common use is to launch a distributed denial of service attack (DDoS) against websites. By directing all the infected machines in his “army” to a specific website, the hacker can overload the web site’s internet connection with bogus requests, making it unreachable for legitimate visitors. Of course the hacker could also install keyloggers and traffic sniffers to intercept your passwords to banking websites, in an attempt to steal your identity or money. So unfortunately, the everyday Joe is absolutely a juicy target for hackers.

Security experts estimate that on average, it takes a mere 4 minutes to become infected with a virus when connecting an unpatched Windows system directly to the internet.  If you look at network log files, you’ll see that there’s a constant stream of computers all over the world that are constantly probing your computer to see if there are any exploitable vulnerabilities. Protecting against this requires several layers of security, many of which are transparent to the home user. Many internet service providers (ISPs) block common exploited network ports from ever getting out to the internet. If you have a home router (necessary for sharing your internet connection with more than one computer), chances are good you have a firewall in place that will reject all internet traffic that you didn’t initiate. And finally, ensuring your system is up to date with its security patches will help stop anything that gets past the first two layers of defense.

These days we’re running more exploitable software than ever. Web browsing has become such an interactive experience that it has required software developers build many different systems to deliver different types of content. Most people watch YouTube videos, which requires the Adobe Flash Player plugin. Many people visit websites that rely on Java to provide additional functionality beyond static text and images. Some download PDF’s for printing or filling out forms. All of these software titles are very heavily exploited by hackers to install viruses and malware. Adobe releases patches for Flash player practically every week. Keeping up with 10 or 15 different programs and their update cycle is far too much of a burden on anyone.

With Ninite, you simply run a single executable installer and all your software will automatically be updated to the latest version. You don’t have to download a new version of the installer each time – the old one will continue to provide the latest updates. You can even set up a scheduled task (on Windows 7, go to Start and type “Task Scheduler”) to run the installer on a daily or weekly basis that doesn’t require you to manually launch the updater.

If you’re running Windows, I very strongly recommend you install Ninite and set it to run regularly. Keeping your system patched is one of the biggest things you can do to protect yourself online. And with Ninite, the process is amazingly easy.

Jump to Anti-Malware Program Recommendations

When visiting an infected web site, these viruses pop up and take control of the browser window. They display a list of files that are supposedly infected, and prompt the user to clean or remove the files. When the user attempts to clean the “infected” files, the virus then installs itself on the computer. The damage depends on the particular variant, but most will pester the user to purchase a full subscription to the program. Unfortunately when a user actually does try to buy the software, their credit card information is instead stolen and used for identity theft purposes. Additionally, many “scareware” viruses install backdoor trojans, which allows a hacker to access anything he wants on your system, and often times recruit your computer to participate in a botnet (swarm of zombie infected computers that can be directed to take down a web site by flooding it with bogus requests).

While it is tempting to try to “click your way out” of these types of scams, doing anything less than completely exiting your web browser will result in infection. The buttons that say “cancel” or “exit” will actually register your mouse click as “Ok – install this” by the computer. That makes these viruses particularly frustrating!

There are a few things you can do to protect yourself from these types of viruses:

• Know what anti-malware programs you have running on your computer (you do run some anti-virus program, right?), so that you can recognize its logos, graphics, and name. When you see a “scareware” virus while browsing the internet, you’ll notice that the name and/or interface are inconsistent with what you’re presently using.
• Use a 3^rd party web browser, such as Firefox or Chrome. While this won’t be enough by itself, running a 3^rd party browser is safer, and you’re less likely to be infected by simply viewing an infected web site.
• If you believe you’re looking at a “scareware” virus web site, immediately close your web browser via the taskbar (bottom of the screen). Tricky viruses will sometimes take control of the whole window, and when you think you’re clicking an “exit” button, you’re really clicking a picture of an “exit” button. The virus then actually registers your click as “install the virus”. It’s very sneaky!
• If you run Firefox, install the NoScript plugin. At first it’s a bit of a pain to use, because you have to build a whitelist of sites. NoScript will automatically block certain elements of web pages that can harm your computer. Unfortunately, that includes many great features, such as embedded graphics and videos. So when you visit a site for the first time, NoScript will block these elements. If you trust the site, you can quickly whitelist the web site (and it will remember your choice), and all functionality is enabled. If after whitelisting a site, you immediately experience a “scareware” pop-up, you’ll be more likely to deduce it’s a virus. This is also very effective at blocking cross site scripting attacks, which are very popular these days.

So how do you recognize a “scareware” virus? You’ll first encounter this type of virus while surfing web sites. An infected site may even be well respected, just unfortunately a victim of hacking (or serving an infected ad on a hacked ad network). Suddenly a new window will pop up or fill the screen indicating that a virus scan is being conducted. Within a few seconds, a list of files supposedly on your computer, and supposedly infected with malware will be displayed. You’re prompted to either clean the files, or download an anti-malware application that purports to be able to clean the infestation. You can spot “scareware” viruses by observing the following:

• The scan that is conducted takes only a few seconds. Really the “scareware” virus is simply playing a video – it isn’t scanning anything. True malware scans take anywhere from 10 or 15 minutes to several hours to complete.
• The graphics and sometimes the name of the scanner aren’t anti-malware programs that you know and use.

It used to be that if you ran an alternative operating system like Apple’s Mac OS X, you were immune to viruses and other malware. Unfortunately, those days are coming to an end.

Last week, news began circulating that the first “scareware” virus for Mac had gone mainstream. While the Apple version is somewhat less sophisticated (it still requires the user to walk through an installer, unlike some Windows viruses), it is still easy to get tricked.

It’s now important that all computer users, not just Windows users, need to install some form of anti-virus protection. While the Mac operating system is safer by design, it can still become infected with or transmit viruses.

Recommended Anti-Malware Software

For All Operating Systems

Mozilla FireFox (http://getfirefox.com)

NoScript Plugin for Firefox (http://noscript.net)

Apple Mac OS X

Sophos Anti-Virus for Mac – Free (http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx)

Windows

Avira Anti-Virus – Free (http://www.avira.com/en/avira-free-antivirus)

Windows Defender – Free (http://www.microsoft.com/windows/products/winfamily/defender/default.mspx)

MalwareBytes Anti-Malware – Free (http://www.malwarebytes.org/products/malwarebytes_free) (Note: This is more of a cleanup utility than a real-time protector)

Before we get into the details of password management best practices, I’d like to take a moment to remind you as to why it’s important to have unique and strong passwords. Recently Georgia Tech researchers published a study that shows that with modern computing power, it’s possible to crack 8-character passwords in under two hours. But by adding 4 extra character, the length of time increases to over 17,000 years. That’s because each additional character increases the possibilities (and subsequently the number of passwords to try) by approximately 95 times.

Unique passwords are very important as well. Last week Gawker announced that approximately 1.4 million passwords had been compromised in a hack attack. The list of account usernames and passwords is now circulating on ThePirateBay, available to anyone who downloads the torrent. Anybody who uses the same username and password from Gawker on other websites is now at the risk of having these accounts compromised.

How to Make a Strong and Memorable Password

My favorite method of creating a strong password is to first think of the lyrics of a memorable song. In keeping with the Christmas season, let’s go with Deck the Halls. We only need a couple of verses:

Deck the halls with boughs of holly,
Fa la la la la, la la la la.
Tis the season to be jolly,
Fa la la la la, la la la la.

Now let’s take the first letter of each word. Since there would be a lot of repeated characters with the fa-la-la’s, I’m going to skip those. We’re left with:

DTHWBOHTTSTBJ

Now, let’s modify the case so it’s not all caps or all lower case:

DthwBOHttsTBJ

Next, let’s swap out some letters with numbers. To can become the number 2. H’s look a little like the number 4, so that’s easy to replace. O’s can become zeros.

Dt4wB04tts2BJ

Now, let’s add a symbol. In between the verses is a good, memorable spot:

Dt4wB04#tts2BJ

And we’re done! We have a secure, yet easy to remember (and festive) password, that will take 17,000+ years to crack.

Managing All Those Passwords

Remember when I said I managed over a hundred complex passwords? No, I’m not singing to myself all day trying to remember when I swapped out an “H” for a 4. I actually maintain a spreadsheet with all of my passwords. “But Joey, that’s not secure!” you may claim. You’d be right! Simply storing a spreadsheet with the keys to the castle is a terrible idea. But storing an encrypted spreadsheet is quite safe. By the way -  setting a password on your Word or Excel document is not encrypting it. Those passwords are surprisingly easy to crack. A quick Google search shows 7.6 million results for “recover word password“.

With a password encrypted spreadsheet, I only have to remember the encryption password. All of the other passwords for everything I do online are stored on the spreadsheet. This way, I can have long, unique, strong passwords for every single service that requires a password. If one gets hacked, all of my other sites stay secure.

Encrypting and decrypting files doesn’t require expensive software, either. There’s an excellent program called TrueCrypt that’s available for free. It’s very powerful, but also a little different than you might think. It doesn’t encrypt files, but rather creates an encrypted “container”. The container, when unencrypted with TrueCrypt, looks like a USB thumb drive to your computer. You can safely save files on the container, and use TrueCrypt to unload and load it. TrueCrypt has a handy quick-start guide on their website, which I definitely recommend you read if you’re going to go the encrypted spreadsheet route.

But There is Another Way…

While I prefer the hands on method of creating spreadsheets and encrypting files myself, I’ll bet some of you would rather have this process automated. There’s a spectacular program out there called PasswordSafe that will create and manage your password database. It’s encrypted using one of the algorithms available in TrueCrypt. It also features a password generator, as well as the 1-click ability to copy a password to the clipboard. That’s very helpful when you want to login to a website – simply click a button, switch to the web site, and paste the password in the box.

For the true gadget lovers out there, we have yet another solution. There are several USB drives on the market that feature all kinds of hardware-level encryption. Some use biometric inputs (fingerprint) to determine if they should unlock or not. IronKey is one example of a hardware-encrypted device. Be forewarned, prices on cutting edge encrypted storage media can vary widely. Of course it’s not at all necessary to spend a week’s salary in order to keep your passwords secure. With PasswordSafe or an encrypted spreadsheet, your passwords will be securely tucked away from prying eyes, with no out of pocket cost.

Phishing scams are attempts by criminals to obtain personal information from you. It first started in the late 90′s when spammers needed to find legitimate e-mail addresses to use for their bulk mailings. Legitimate addresses were less likely to get caught in anti-spam filters, which were becoming commonplace at the Internet Service Provider (ISP) level.

The typical phishing scam we see today is an official (or not so official) looking message that claims to be your ISP’s support department. The message demands you respond with your username, password, and possibly other details, lest your account be deactivated. Some of these messages are easy to spot as forgeries. For example, I received the following message the other day on my UGA e-mail account:

Reply-To: <securitysupport@hotxf.com>
From: "Email Security Maintenance."<security@f-secure.com>
Subject: Security Maintenance.F-Secure � HTK4S
Dear Email Subscriber,

Your e-mail account needs to be improved with our new F-Secure � HTK4S anti-virus/anti-spam 2010-version.

Fill in the columns below or your account will be temporarily excluded from our services.

E-mail Address:
Password:
Phone  Number:

Please note that your password is encrypted with 1024-bit RSA keys for increased security.

Management.

Copyright 2009. All Rights Reserved.

There are several big red flags in this e-mail. The first is that the message claims to be from F-secure. While F-secure is the campus anti-virus product, I wouldn’t expect to ever see an e-mail from them as an end user. But stranger things have happened, so moving on the next thing you’ll notice is that the “reply-to” address is different than the “from” address, and is neither an F-secure nor a UGA e-mail address. That means the e-mail was designed to look like it came from someone official, but replies are automatically directed to someone not official.

Next, you’ll notice the message is addressed to “subscriber”, and is generally poorly written. With 50,000+ e-mail users at UGA, if there’s going to be a big announcement, you can expect it to be very well polished. It is higher ed, after all. Additionally, I’m not a “subscriber” of e-mail at UGA. I’m a member of the staff, faculty or student body.

The dead giveaway in this message though, is the request for the password. No ISP will ever need you to give your login password to them. Period. They can always reset it if they need to, over the phone, after verifying your identity. But ISP’s have no legitimate reason for you to divulge your password. Any e-mail that requests you send your password to someone else is 100% guaranteed to be a scam.

Some messages aren’t so obvious, though. In my first experience with phishing scams, I received an official looking e-mail from MindSpring (they were an awesome ISP from the late 90′s). They wanted some updated info on my account, and having recently changed addresses, I figured it was legitimate. I started filling out the form on their site, which looked exactly like it was supposed to. That is until I reached a question asking for my ATM PIN. A moment of shock came over me as I realized I was on the last question and had divulged a great deal of information in this form I was just about to submit to a scammer. An ATM PIN is even more important than a password, and should never ever be divulged to anyone ever. Thankfully this scammer asked just a little too much, and I was able to avoid serious headaches.

These days, I never would’ve started filling out the form. Not because I’m better at spotting scams, but because modern browsers now alert you when you’re visiting suspect sites. Microsoft’s Internet Explorer, Mozilla Firefox, and Google Chrome all have phishing detection mechanisms built in. They are programmed to pop up an alert if something seems amiss. A word of caution, though – they aren’t 100% foolproof. They’re a good tool, but if you blindly click every link in every e-mail, it’s bound to let something through.

While there are long lists of tips on how to identify phishing scams, I’ve found one sure-fire way to ensure an e-mail is legitimate: call the sender. If you receive a message that asks you to change your password, call your ISP. They can tell you whether or not it’s a legitimate request. Identity theft can take years to recover from, costing tens of thousands of dollars. A 5-minute phone call is an ounce of prevention to hundreds of pounds of cure.

But if you must follow up on an e-mail via the web, don’t ever follow links from e-mail messages. Always type in the address of the web site by hand. Links can be obfuscated to appear as though you’re going to “bankofamerica.com”, and instead redirect you to “scammershomepage.cn/stealing-your-data”. Any company big enough to handle online logins is also big enough to splash an alert across your screen if they something from you.

To summarize:

• Never divulge your password or ATM PIN, ever.
• Use the latest version of an internet browser with built-in phishing detection
• Never follow links in e-mails to login pages, type in URLs by hand instead
• Look for spelling and grammar errors, and anything that looks less than professional
• Check the sender and reply e-mail address
• If in doubt, call the sender

Malware vs. Virus

Computer terminology is never-ending, so I’m not surprised that people are confused about what’s what. Malware is software designed to secretly access a computer system without the owner’s informed consent, while a viruses is malware that replicates. The term “malware” is an umbrella, under which the term “virus” falls. Some of the nastier programs I’ve dealt with haven’t ever tried to replicate – they only try to prey on your computer.

It’s important to understand the difference because not all virus scanners detect all types of malware. It’s not a pleasant feeling when you suffer a crippling infection when you thought you had adequate protection.

Methods of Prevention

1. Always maintain an up to date system.This is easier said than done, as every program has its own updater (if you’re in Windows), and patches are released on a rolling basis. While it’s frustrating being bugged by update managers seemingly constantly, I can assure you it’s worse to get infected due to an unpatched system.If you’re on Windows, make sure Windows Update is set to run regularly (go to Start -> Control Panel -> Automatic Updates to configure your update preferences).If you’re on Mac, go to the Apple logo in the upper left corner, and select “Software Update”. When the update manager opens, check the box to “check for updates daily”.
2. Run a malware detection program that has real-time scanning, keep it updated, and ideally run another standalone scanner as well. There are dozens of reputable anti-virus programs on the market today. The good news is some of them are free to use, and very effective. The bad news is that you’ll have to keep them updated to be effective. (Note: Anti-virus vendors warn about running multiple anti-virus products at the same time. The concern is when there are more than one real-time scanners active on the same computer. So long as you only have one real-time anti-virus program installed, you’ll experience no problems.)For Windows users, I recommend downloading and installing all of the following:- Microsoft Security Essentials – A surprisingly good real-time anti-virus and anti-malware scanner provided by Microsoft, available for free to anyone who owns a license to Windows. It runs in the background and checks files as they’re downloaded and opened.- Spybot Search & Destroy – This is a standalone scanner that specializes in non-virus malware (aka spyware/adware). It has to be run manually to scan and clean infections.- ClamAV – Clam is a great standalone virus scanner that’s available for free. While it won’t monitor your system for you, it works well in conjunction with Microsoft Security Essentials. any time you download a file, with Clam installed, simply right click the file and select “Scan with ClamAV”. Not only will Microsoft automatically check the file, but now Clam will look at it as well. Since different programs have different detection mechanisms, this is a great way to ensure nothing slips through the cracks.If you’re running Mac OSX, congratulations – you’re very unlikely to be affected by malware! As of writing, there are very few viruses that affect the Mac operating system. Although ironically, the first known virus did attack Apple computers. But don’t get too excited, this period of tranquility is likely to end soon. With Mac sales growing rapidly, it’s only a matter of time before some enterprising coder spoils the fun. It’s a good idea for Mac users to run ClamXAV, which is also free, and scan all downloaded files. Even though your own system may not be infected by a Microsoft virus, your friend running Windows will thank you for not spreading germs around.
3. Use an alternate web browser.For years Microsoft dominated the web browser market with Internet Explorer. Lately other major game changers entered the industry with impressive new products that boast, among other things, safer web browsing. Mozilla’s Firefox and Google’s Chrome are both superb browsers that can help you stay safe online. Both also offer plug-in extensions, which are add-on downloads that provide added functionality. A few of my favorites are Adblock Plus (which eliminates most ads from my browsing experience) and Web of Trust (which warns me when I may be venturing to a bad site). There are literally hundreds of add-ons, and many have quickly become must-haves on all of my computers.
4. Trust no one.The worst pieces of malware are very deceptive. When you visit an infected site, a window pops up that looks like your “My Computer” screen. A “scanner” then proceeds to run through your files and then claims to detect a virus. It prompts you to remove it, looking like a legitimate Microsoft alert. But in actuality, it never scanned anything. The “scanner” was really just an animation – a movie – and when you click on the the “fix it” button, the malware installs itself on your system. Once it’s in place, it will bug you every few minutes to purchase the full version of some malware scanner that it promises will remove the bad files. It’s a pretty slimy practice, and unfortunately, very effective.If you ever encounter something that claims to be a scanner or some kind of virus alert, do NOT click it unless you’re sure you recognize that it’s one of your already-installed scanners. If you have any doubt at all, restart your computer and run a full scan on Microsoft Security Essentials, Spybot, & ClamAV.Unfortunately, those types of malware are very difficult to remove, and often require the hard drive to be wiped in order to completely eradicate the malware.
5. For anything I didn’t cover, Google is your best friend.If something comes up and you’re unsure, Google it. The reality is that most computer people are generalists with a short list of areas of expertise. We’re like doctors who rush off to look up the answer to your question while you put your pants back on in the waiting room. Thanks to Google, you have access to the wealth of human knowledge at your fingertips. Don’t be afraid to do your own research. Just be mindful to look for additional sources and confirmations. And as always, if you have any questions, don’t hesitate to shoot me an e-mail – or simply comment on this blog.

Next up: How to Avoid Phishing Scams