Tuesday, February 24, 2015

More Bad Fish

In light of the recent news that Lenovo was bundling Superfish, which can really only be fairly described as malware, a host of similar threats have been found in popular Windows software, including big names in anti-virus AVG and Comodo.

There are very good write ups here and here so I won't bother going into details, but suffice it to say that companies that should have known better, and placed themselves as authorities of trust, have put profits ahead of their customers best interests.

So what is a Windows user to do?

Note: At this time it appears this only affects Windows users, but it doesn't hurt to check the site even if you use a different operating system.

First, go to this website:
If you have Superfish or any of the similar HTTPS-Hijacking malware installed on your machine, this check will probably find it.  It is quick, safe and you do not need to install anything.
If you do have a vulnerability on your machine, it will help you with instructions on how to remove it.

Second, if you have AVG anti-virus by LavaSoft (which I have previously recommended) or Comodo PrivDog, I am recommending that you uninstall them.  In my opinion, they are no longer trust worthy programs.
As a good replacement at this time, I am recommending MalwareBytes.  They have a free version for home users that will cover the basics and and a premium version for a reasonable fee.

And finally, a couple good reminders for us all:

  1. Even if you have anti-virus/anti-malware software installed, you still need to be careful downloading software from the internet!  Most of these tainted programs were available from and CNET, which are not inherently safe.
  2. When visiting sites that should be secure (financial, heathcare, etc) type in the URL yourself. NEVER click on a link in an email to take you to a sensitive website.  This exploit has taught us that we can not place complete trust the padlock icon in our browser.  A good password manager such as LastPass can also help you from falling for fake URLs.

Related:  If you are fed up with Windows, give some thought to making the switch to Linux.  It is a lot easier and familiar than it used to be.  Watch for future posts detailing my transition.  My current operating system of choice is Lubuntu.

Thanks for reading and be safe out there.  The internet is a wild place!


Alex Fraundorf is a web application programmer and web security consultant with Snap Programming.

Disclaimer: The advice in this blog is safe and checked to the best of my ability, but it is provided AS-IS with no warranty expressed or implied.  That's why it is free!  Unless otherwise noted, all opinions are my own, do not reflect those of my employer/associates and have not been influenced by any form of compensation.

No comments:

Post a Comment

All comments require moderation, so please don't bother trying to spam.