RunOnFriday.com blog

So, you’ve got your anti-virus, anti-spyware, anti-malware programs installed, kept up-to-date, and run your scans with a schedule that would make Monk say “I think you’re being obsessive”.  That’s great.  The problem is, what happens when someone whom you’ve never met, half-way across the world, lets his system get infected?

Well, if that person happens to be the author of a Facebook application that you are using, it may cause you “big problems”. Read the rest of this entry »

Many people use what is called “webmail” to manage their e-mail.  That is, they use their web browser to send, receive, edit, their e-mail, rather than a special program on their computer.  This has the advantage of allowing you access to your e-mail from any computer.  The main disadvantage is that most webmail solution require you to be online in order to do anything.

In any case, in yet another phishing attempt, you may have gotten an e-mail looking like this: Read the rest of this entry »

A recent study by Harvard University and U.C.Berkeley showed why phishing works.

From the abstract:

To build systems shielding users from fraudulent (or
phishing) websites, designers need to know which attack
strategies work and why. This paper provides the first
empirical evidence about which malicious strategies are
successful at deceiving general users. We first analyzed a
large set of captured phishing attacks and developed a set
of hypotheses about why these strategies might work. We
then assessed these hypotheses with a usability study in
which 22 participants were shown 20 web sites and asked
to determine which ones were fraudulent. We found that
23% of the participants did not look at browser-based
cues such as the address bar, status bar and the security
indicators, leading to incorrect choices 40% of the time.
We also found that some visual deception attacks can fool
even the most sophisticated users. These results illustrate
that standard security indicators are not effective for a
substantial fraction of users, and suggest that alternative
approaches are needed.

Note that you will need Acrobat Reader (or similar program) to read the full article, which is supplied in PDF format.

Have you run into the Windows Update “infinite loop from hell”?  If you have, you know what I’m talking about.  You get a Windows update, it installs and requires that you reboot to finish the install.  After rebooting, the second part of the install fails, and it uninsatlls itself.  The next time you try to install Windows updates, the same thing happens on the same update.  Repeat ad nauseum.

If you check the Windows update status, it will probably tell you that the error code is “80071aa7″, but give no further information. Read the rest of this entry »

This week’s Blog Talk Radio show focused on rootkits — what are they, how to detect them, and what to do to get rid of them.  We also discussed the imfamous Sony/BMG rootkit fiasco.

This week’s Blog Talk Radio show focused on how computers get infected, and some early-warning signs that your system has an infection.

This week’s BlogTalkRadio show was about some favorite kids sites on the Internet and how they keep it a safe environment for kids.  We interviewed two of our own children about some of their favorite sites, such as Club Penguin and Webkinz.

Are you using a computer that you got from your company, to use as part of your job?  Did your company’s IT department configure everything correctly?  Are you sure?  If not, check out what happened to Michael Fiola, a former investigator with the Massachusetts Department of Industrial Accidents.

Mr. Filoa’s company-issued laptop wasn’t properly configured, and was left open to all sorts of viruses, spyware, and other forms of malware.  As a result, he was arrested, and nearly sent to jail, for child pornography that was found on the computer.

As an article in Technology News says:

An error from a Massachusetts state service IT department left one of its laptops open to malware, according to an investigator, and that laptop caught one doozy of an infection: a program set to automatically troll the Web to find pornographic images, some of which were illegal child porn. The laptop’s user, Michael Fiola, narrowly avoided jail thanks to an independent IT forensics investigation.

A follow-up article is also available.

Further information can be found by searching for “Michael Fiola“.

I have turned on the ability for users to write comments to posts on this blog. First, you need to register. Click “register” on the menu to the right and select a user name and enter your e-mail address. A password will be e-mailed to you. (You can change your password once you log in.)

We’d love to know what you think. Let us know.

Spamming, profanity, and other abuse will get you banned. Let’s keep things civil, okay?

Do you have a spyware horror story?  Or even a story with a positive outcome?  We’d love to hear about it!

Click here to tell us your story, and to subscribe to our pre-launch announcement.  If we use your story, we’ll give you 3 months free membership to our paid site, once that is launched.  (Remember, this phase is for the free site.)