Sebastian Thrun: Google's Driverless Car
Tumblr 101: Tips And Tricks To Get Started
DLS 101 - How to spot a fake Windows antivirus program
Unlike Avast, AVG, Kaspersky, Norton, or any of the other real antivirus options out there, a rogue will do nothing to protect you. Rather, it's going to try to deceive you into paying for a full version or removal tool. It may even open a backdoor to your system and start downloading other annoying, nasty programs.
How do these programs get on people's computers in the first place? Usually through deceptive pop-ups on web. Often these "alerts" will try to trick you into thinking:
- porn and illegal files have been found on your computer
- a scan has found virus and malware infections on your system
- your system is totally unprotected
Here are some things to look for:
- cheesey names - never mind the old adage, with these programs you usually CAN judge the book by its cover. Rogue antivirus programs typically use names like Antivirus 360, WinAntivirus 2009, Spyware Police, SpywareProtect, etc.
Wikipedia has a huge list of known fake programs. It also helps to get familiar with big-name, legitimate software (like these free antivirus programs for Windows).
Remind yourself that if you don't recognize the name, don't click. - alerts that just don't belong - Windows will tell you if you're not running antivirus software or the definitions are out of date, but it won't tell you that an infection has been found. Windows Defender will pop up alerts, but not Windows itself or the Windows Security Center. Alerts that claim Windows has found infected files are pulling your leg.
- poor grammar - Windows has its weak points, but real system messages are usually very well written and clear. Alerts from rogue apps don't have the same attention to detail.
- bogus scanning - lots of these apps pretend to scan your system and find all kinds of infected files. Watch what folders and files are being scanned and see if they match the infected files being found.
If the scan is going through c:\windows\ and infected items in folders like c:\temp or c:\documents and settings\ are popping up, it's bogus. Real virus scanners will display infected items as soon as they find them in the folder that's currently being scanned - not random stuff from who knows where.
- your wallpaper has been changed and the image says something about being infected
- every time you reboot a scan window pops up
- whenever the scan completes, you're asked to register or pay in order to remove the infections
Comments
28
Subscribe to comments216Jul 20th 2009 10:47AM
The thing is, no matter what steps you take to advise people, the average person who actually gets duped by these fake antivirus programs dont know enough about their own system to keep themselves protected.
Again, the problem in this situation is the user, not the malware. Although I'll admit some of the fake AVs I've heard of do a pretty good job at fooling people. I predict that once MS Security Essentials takes off in popularity (which it will) scammers will start using that as a base for their fake software, making it even harder to detect.
Drew GreenJul 20th 2009 10:51AM
lol, how to spot it: if it's there without you intentionally installing it...
Drew GreenJul 20th 2009 10:59AM
also, i like the part where it says "Often these "alerts" will try to trick you into thinking:
* porn and illegal files have been found on your computer"
Heh, that's not trickery. That's fact.
MikeJul 20th 2009 11:05AM
The REAL problem is that that are far too many people that just punch the OK button to "make the thing [dialog] go away".
I've seen people do it. I've asked them what the dialog said and why they clicked ok. Their reply: "I don't know, I just wanted it to go away."
You can't fix stupid.
RocketboyJul 20th 2009 11:58AM
Is it stupid when someone sees a window that looks just like any other window that you click on "OK" to bypass?
Ignorance of what's going on, yes.
Stupidity? No.
MikeJul 20th 2009 12:32PM
Most of the time, they don't even bother to READ what the window says, that makes them stupid.
RocketboyJul 20th 2009 2:36PM
No, that's the fault of the GUI designers for throwing up so many messages that nobody cares about, that people do not bother to read them.
Wow great, I need to reboot?
Wow great, I need to reboot?
Wow great, I need to reboot?
freaktechJul 20th 2009 11:14AM
How funny, I am currently removing AntiVirus2009 from a users machine.
ZeRoJul 20th 2009 11:57AM
The funniest thing was having a warning your computer has been infected , please use AntivirusXP or something like that to remove the infection. Come on now, if your on a *nix platform and you see a windows interface saying your infected, u got to know its a fake.
MarkyB86Jul 20th 2009 12:53PM
I've seen too much of this "Anti Virus 2009" crap this year! A lot of my customers get it, because they believe what they read. They do read, and there not stupid, they are just not computer literate. When I get rid of the viruses, I give them a HOSTS file to block all of the advertisements it can, and install Firefox and adblock plus, and try to talk them into using it.
BioBellaAug 9th 2009 8:17PM
Do yourself a favor. Get a mac. It will be the best decision you ever made as far as computers go. End of headaches...seriously. I had one of these pop up (ironically, from a AOL story) and it was specifically for a PC computer, which has a completely different layout than a Mac. It was pretty convincing, and if you were someone who didn't know any better or not paying attention, you'd have an infected computer.
Yes, they may cost more $ upfront (not much more these days - and lets be honest, everything is overpriced anyway), but you don't have to worry about buying extra crap for spyware or virus protection etc... Windows knew what they were doing when they designed their faulty system...think of the thousands of $$$ spent trying to fix computers from a little attack! They wouldn't let that opportunity for more $$$$ slip away... no way.
I've had my Mac for 5 years and (knock on wood) it would still out-compete any Dell or HP. :-)
Lee MathewsAug 9th 2009 9:46PM
I usually ignore this comment, but it needs to be addressed.
Advising someone "end their virus woes" by running out and blowing $1,000 on a new computer is not good advice. Some people may have that option, and they may want a Mac. Fine.
For the average Windows user? No way. That's a ton of money to most people.
Take some time, read up, and get your hands on some free tools. All it costs is your time.
Free is good.
BioBellaAug 10th 2009 1:20AM
I am just speaking from personal experience. I have had Dells, HP, and Toshiba computers - all lasting about 2 years each, so my Mac has done the best so far.
I'm not saying blow $1,000 on a Mac or anything. There is the Mac mini which starts at about $500. It doesn't come with a monitor or keyboard, but most people have that anyway if they are looking to upgrade (and it will all work with the Mac mini). So all the benefits of a Mac, with a PC cost.
And as for the average Windows user, I think the biggest issue is that most don't know what "Free" applications can be trusted and which ones can't be trusted. I would imagine that you would already know this, but most "free" software comes with malware, so you really have to be careful.
And for future reference, quit rolling your eyes & don't make it sound as if having a PC means you are so much superior or better than everyone else (you're "I usually ignore this" blah blah blah comment). It really all is a matter of preference, and I was simply suggesting that people who are seriously fed up with their computers to look at Mac...It really is simple to use...geez, it's not like I get commission for every "convert" or something. So please, lighten up! :-)
TONYAUNICORN69Aug 9th 2009 11:06PM
I felt so stupid when I came across "how to spot a fake windows antivirus program"--because I just finished dealing with "personal antispyware". I was actually running a virus scan with super antispyware when I got this pop up message saying that my system was severely infected. And since I was not on line at the time I thought that this had to be legit. Now that I think about it how did this site come up if I was not on line? when I realized what was going on I tried to delete the program, but couldn't find it in the programs. I even tried the link that was on thier web site to uninstall-didn't work. So I sent them an e-mail.
In the meantime while waiting on a response I tried to get on the internet-i had to do it by clicking on "run as administrator" but them about 30 seconds after my aol home page came up again there was a thing that came up telling me that this site was infected and needed to activate the program-which meant paying $59.00 I couldn't access anything.
I ended up doing a system restore back to a couple days ago, when it was done it was gone from my desktop and no more pop ups, so I hope it is gone.
If anyone reads this and knows of anything else I should do please let me know
KathleenAug 9th 2009 10:10PM
I went through the exact same steps you did when I received the "personal anti-virus" pop ups, right down to sending an email to the site. I actually received an email back from them, but I have a McAfee security system and by the time I got the reply email from the bogus site, my McAfee caught the virus and got rid of it. We actually got it a second time a few days later (both times this thing popped up, my daughter was on Facebook, and my sister got it while she was on Facebook too) and I just shut down the computer... didn't try closing out the pop-up boxes that kept coming up or anything.... just shut the thing off. When I started it back up a short while later, there were no icons on my desktop or anymore pop-ups. All I can say is if you get it again, do NOT click on anything!!! Not even to try and close it out.... just shut down... reboot.
Leonard RobinsonAug 9th 2009 11:00PM
You may want to turn off your system restore in order to delete previous restore points, so you don't accidentally reinstall the virus at a later date. After a reboot you can turn it back on and then create a new restore point, so that you have a good place to restore from if anything else happens.
wolfyou5Aug 9th 2009 11:45PM
Funny these things seem to always spring up through AOL.
wolfyou5Aug 9th 2009 11:53PM
Funny these things seem to always spring up through AOL..
ashleyblewAug 9th 2009 10:04PM
I am NOT computer literate and smart enough to know it. However, some of those pop-up sites look so legitimate. I have Avast installed on my desktop, running XP Pro, and when it stops a virus the computer goes berserk. It starts howling like a siren. I immediately shut everything down and run an Avast scan. Not always convenient to do but I do it anyway. Also, if another installed anti-virus software stops something and asks to "allow or block" I check to see what is already installed on my computer. If it's not already there, it gets blocked. So far I've been pretty successful keeping the bad guys out. That's not to say I won't always be successful but that's what I presently do to protect my computer. On my laptop I have McAfee and Defender.
DaveAug 9th 2009 10:26PM
What about "stopsign"? Is it legit or rogue?