With the now infamous Spectre and Meltdown processor flaws affecting every intel based computer for the last ten years, Intel pushed out a fast fix to plug the holes. Now they're saying not to use it. It seems that some computers will get stuck in a reboot loop. So the cure is worse than the disease. To date, there's been no evidence that the Spectre and Meltdown flaws have been exploited, so Leo is wondering if the right advice is to do nothing at all. At least until a new fix has been released, or that malware shows up that will take advantage of it.
According to a recent study funded by Google, 15% of users have reported that their email or social media account was taken over due to phishing scams. Leo says that over 25 million users were bit by an email phishing scam, while about 35,000 were victim to keystroke loggers. Leo says that this is the season for scams and that users may get emails from the "IRS" or even phone calls demanding personal information. It's always a scam and users shouldn't fall for it.
Bernie wants to know about antivirus. What does he need? Leo says that Microsoft's free version that comes with Windows will do the job just as good as any other, and it's free. But it can't stop zero day exploits. So his number one line of defense is his own behavior online.
Lex uses Windows Defender, but he came across a thumb drive and wants to check it to see if it's safe to use. Leo says he really can't. If he plugs it in, and it's infected, it will compromise his system. Firmware can be modified on a thumb drive to contain malware as a payload, and it's undetectable. The worse part is not one USB drive manufacturer has done anything to correct the bug. Wired has a story on it.
Tony wants to know how to check to be sure the ISO of open source software is legit. Leo says that an ISO is found to be legit by signing. A hash has to be generated in order to provide proof of a legitimate ISO. If the ISO has changed, then the hash would be modified. There's also a signing key, which is based on GPG encryption. It has to be authenticated by the developers of the software.
Anne got an HP Envy wireless printer. Can she use it with an XP Machine? She keeps getting a popup asking for a driver update for something called "Slim Cleaner." Leo says that XP is a security issue because Microsoft has stopped supporting it. There are no fixes for it, and newer hardware won't work quite right with it because manufacturers don't expect people to use it with such old computers. Leo would not recommend banking on an XP machine. When she bought Slim Cleaner, someone actually took over her computer as well. So now there's no way to know exactly what they may have done.
Cheryl wants to know if she can get infected by HTML email. Leo says yes. That's why she has to be careful what links she clicks on. But since she's using an iPad, she's protected. She can't get infected on that. Apple's iOS is very secure. But it's always a good idea to train herself not to click on links. If she gets an email from her bank for instance, she should just go to her browser and go directly to the bank's website.
Last week, Samsung turned off Windows Update because they were unable to bring new drivers to the party. Leo says that is a horrible idea and that Samsung is causing serious security issues in doing that in their Windows machines.
Read more at theguardian.com.
Calling it a "high threat to its computer security," Microsoft's antivirus software will now scan for and remove the ASK toolbar, should you get stuck with it. In other news, Yahoo has entered into an exclusive agreement with Oracle to make Yahoo the default browser for any computer that has Java installed. Leo calls that Malware since users are fooled into installing it. Even worse is that Java is a security flaw as well. Yahoo's CEO Melissa Meyer should know better.