An American Editor

November 26, 2016

Important: Facebook & LinkedIn Ransomware

Ars Technica reports a security flaw in Facebook and LinkedIn that can cause ransomware to be unleashed on your computer. Please read:

Are you feeling Locky? —
Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts

for the details. Of course, the best protection against ransomware is to not download anything and to never open a file or attachment, but that is not real in today’s world. Consequently, I highly recommend two software programs. I use both and have no financial or other interest in either program, other than being a long-time user of each.

The first is BitDefender Internet Security, which includes ransomware protection. There is a special Black Friday deal which is accessible here:

BitDefender Black Friday Deal

The second is Sandboxie, which allows you to open nearly any program automatically in a sandbox. The result is that even if malware is downloaded, it is downloaded to a sandbox, not to your main operating system files. Even if opened, the files are in a sandbox and thus can be checked and deleted without ever exposing your computer to permanent harm. Sandboxie offers an inexpensive lifetime license.

Sandboxie Lifetime Licensing

Be safe, be aware.

Richard Adin, An American Editor

January 10, 2015

Articles Worth Reading: Inside CryptoWall 2

A bit more than a year ago, I wrote about my experience with ransomware in “Business of Editing: URLs, Authors, & Viruses.” A week later, I followed it up with “Articles Worth Reading: More on Ransomware.” And just a few weeks ago, I wrote “The Business of Editing: Playing It Safe” in which I discussed Sandboxie.

Well, here we go again.

If you have been dithering about Sandboxie or similar protection, I encourage you to read “Inside CryptoWall 2.0: Ransomware, Professional Edition” from Ars Technica. As the article notes:

The installation components of CryptoWall 2.0 are cloaked by multiple levels of encryption, with three distinct stages of installation each using a different encryption method to disguise the components installed. And like many modern pieces of malware, CryptoWall 2.0 has a virtual machine check in its code that disables the attack when the malware is installed within a virtual instance—in part to prevent security researchers from isolating and analyzing its behavior.

The VM checker code, in the first stage of CryptoWall’s dropper sequence, checks the system for running processes, searching for VMware and VirtualBox services or the Sandboxie application partitioning library. If the coast is clear, the code does some best practices-based memory handling to release memory used in the initial drop mode, then launches another dropper disguised as a Windows Explorer process.

Note that before it tries to install itself, CryptoWall searches for a running process like Sandboxie. If it finds Sandboxie (or similar software) running, it doesn’t go any further; if it doesn’t find Sandboxie running, it proceeds to the next installation step.

Since I originally bought Sandboxie, the licensing has changed. Now you can buy a lifetime license for up to 3 home computers for $49.95 or for 5 computers for $74.95. For just 1 computer, the lifetime license is $34.95. For pricing information click here. (Again, I have no connection or interest in Sandboxie other than having bought a license for my computers.)

I think the price is cheap for the protection it affords. And contrary to popular belief, your antivirus and malware programs do not protect against ransomware. Although ransomware exploits holes in the operating system, it does not attack the operating system, which is what antivirus and malware programs protect against; ransomware attacks your data files — your Word documents, your text files, your picture files, and the like — by encrypting them, not destroying them.

If you haven’t yet checked out a program like Sandboxie, I encourage you to do so.

Richard Adin, An American Editor

December 15, 2014

The Business of Editing: Playing It Safe

Some time ago I wrote about my experience with ransomware (see Business of Editing: URLs, Authors, & Viruses, The Business of Editing: Backing Up Is Easy to Do, and Articles Worth Reading: More on Ransomware). As I made clear in the first essay, I attacked the problem aggressively and prepared for disaster.

Sandboxie

Recently I took yet another step. This step is ideal for those of you unable or unwilling to invest in the type of computer setup I did, which I admit is not cheap. But this step is very inexpensive — it cost me $20.50 (the price was €15 and this was the conversion price). More important than the price is the protection I gained.

Sandboxie is a great way to access the Internet in protected mode. Sandboxie is for more than accessing the Internet, but that is all I use it for. Sandboxie opens programs and browsers in a “sandbox,” which means that anything that gets downloaded doesn’t get downloaded to your computer where it can do harm; it gets downloaded into a sandbox.

I use Internet Explorer as my web browser. I have now set it so that when I open IE, it opens in a sandbox. When I download, for example, client files from an FTP site, Sandboxie asks me whether I want to first open the files in a protected sandbox or save them to my hard drive. Basically, what Sandboxie is doing is setting off space on my hard drive as protected space that prevents malware from accessing my real files. Should it turn out that I have downloaded malware, I can instruct Sandboxie to delete it, knowing that the malware never got the chance to compromise my hard drive.

How important is this? The impetus for my looking for a program like Sandboxie was news reports about Cryptolocker. Cryptolocker is ransomware of the most vicious type. It attacks your data files and encrypts them. You either pay the ransom or never get access to your data files. Apparently even the data recovery companies, which charge several thousand dollars to recover data, are unable to break the encryption or if they can, not for a reasonable price and not for anything close to the price of Sandboxie.

In speaking with my computer technician about Cryptolocker, he said I had two choices should I get infected: pay the ransom or completely reformat my hard drive and reinstall all files (assuming I have backups of all of the data files). Both are expensive alternatives to Sandboxie.

Paying the ransom is problematic. They do send you the decryption key but they also leave on your computer the means to reencrypt. I have heard of instances where several months later that is what happened — renecryption with a new ransom demand.

Reformatting the hard drive is also problematic because it takes quite a bit of time and it assumes that (a) your backups are current and so you do not lose any information, (b) that your backups aren’t of encrypted files, and (c) that the backup doesn’t include Cryptolocker or similar ransomware malware.

This video from Sandboxie explains how it works:

It is pretty hard to go wrong for €15. The only thing I do not like is that the license is for one computer and for one year. I mind the one year less than the one computer limitation, but the bottom line is that this is very inexpensive protection from a very serious — and potentially very costly — problem. Sandboxie does offer a 30-day trial period; I tried it for 5 minutes and bought it.

Startpage

The other thing that I dislike about the Internet is that whenever I look for something online, I am leaving a trail for spammers; there is a lack of privacy. So I have started using Startpage, for my searches.

Startpage is free. Basically it is an overlay to Google. Instead of directly running a search through Google, you run it from Startpage. Information about Startpage is available here.

All searches and website accesses done via Startpage are done from Startpage’s servers, so it is Startpage’s IP address that is seen, not yours. And cookies are downloaded to Startpage’s proxy servers, not to your computer.

There are limitations. For example, it doesn’t support JavaScript, which means some features on some websites are not usable. But Startpage gives you an option to connect direct rather than via its proxy servers. (For a video on Startpage Proxy Servers, click here.)

This is an excellent free service. Check it out.

Richard Adin, An American Editor

Blog at WordPress.com.

%d bloggers like this: