Latest Java Update Trolls Mac Users with Annoying Adware

Java is one of the most used platforms on all major operating system nowadays. It is even required by some websites to be able to load and display their applets, giving you a rich browsing experience. However, its latest update seems to want to dictate which search engine we are using when browsing the Internet.

The latest update for Java is said to ‘automatically’ install a web browser add-on for Ask.com, an alternative search engine such as Bing, Google, Duck Duck Go, etc., as well as defaulting your browser’s home page to the Ask.com webpage. Windows users have been plagued by something similar in the past, but now it looks like the adware is targeting Mac users.

Ask.com features can be skipped during the installation, but knowing how companies tend to put such software ticking options enabled and ‘well hidden’, most users don’t even realise they are being installed until they are on the system or notices the computer running slow. Oracle, the distributor of Java, is said to have not responded to requests for comment so far.

Thank you CNN Money for providing us with this information

Want to Know if Superfish is on Your PC?

Superfish, the adware that Lenovo was found to be installing on consumer PCs, has the potential to wreak havoc on your computer. While it can simply plaster webpages with unwanted ads, it’s also capable of spying on encrypted connections.

So, what can you do to ensure you don’t get caught out by it? Well, as we previously reported, Microsoft has updated its definitions in Windows Defender to remove it, and Lenovo itself has released a tool that rids people’s machines of it too. However, both of these involve a process for which you might not have the time. So how about a quick and easy tool on the web that detects if you have it?

Well, that’s exactly what we have here. This page, “built in a frenzy by Filippo Valsorda“, immediately checks if you’ve got the offending piece of software on your machine. So, visit it now and in no time at all, you’ll know whether Superfish is on your machine.

Superfish Admits to Certificate Installation, Didn’t Realise Security Flaw

The CEO of Superfish, the company behind the software of the same name that has been central to a recent scandal surrounding Lenovo, has admitted to his company intentionally installing the root certificate authority as part of the software, but says that they did not realise the potential consequences.

Speaking to The Next WebSuperfish CEO, Adi Pinhas, said that the software had useful intentions, but that they purposely utilised the root certificate authority to “enable a search from any site.” Superfish’s intent is to scan websites for products for which it can display ads offering users alternatives they may be interested in. This means it could circumvent SSL on sites like Google so it could continue doing what it intended to do – display ads.

Now Pinhas says that the certificate was “not installed without the users opting in”, but he also said that the company did not realise the potentially devastating consequences of utilising such a certificate and that the company didn’t know about the vulnerability until everyone else did. While that’s fine, it does seem a little hard to believe that the software developers who apparently spent four years developing Superfish didn’t realise the insecure nature of the software.

Nevertheless, it’s pretty clear that Superfish isn’t something you want on your computer.

Source: The Next Web

Lenovo Releases Automatic Tool to Remove Superfish

Lenovo, the company embroiled in controversy over the Superfish adware preinstalled on a number of their PCs, has released a special removal tool to automatically rid their products of the software.

The company initially appeared slow to react to this issue, even perhaps insisting that there was nothing wrong with Superfish. However, after an apology, they have now released a purpose built tool to completely remove the offending program. Those who believe they may be using a Lenovo PC that has been affected by Superfish can download the tool here.

“We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.” – Lenovo

It will effectively do the job for you, removing the adware completely. Plus, and perhaps more importantly, it will also take care of the sometime tricky to remove certificate that essentially allowed Superfish, or anyone else with password to that certificate, the ability to snoop on secure connections.

Source: The Verge

Microsoft Updates Windows Defender to Remove Superfish

Microsoft has emerged as the hero within this whole Superfish/Lenovo story, as the company has updated its anti-virus software to detect and remove the offending program. Windows Defender, which is preinstalled on Windows 8, and Microsoft Security Essentials, the free-to-download equivalent for Windows 7, have both had their virus definitions updated to detect Superfish.

Where previously removing Superfish was quite a tricky and unclear process for most novice users, the process has been made incredibly simple and easy, with Windows Defender and Security Essentials both able to completely remove the software automatically. Even those users who were unaware of Superfish will have it removed now as well.

Microsoft has really saved the day as it were, resolving the problem for many and if not most of those affected by Superfish, especially considering the fact that all installations of Windows 8 come with Windows Defender.

Source: The Verge

Lenovo: “We’re Sorry. We Messed Up.”

Lenovo, the PC manufacturer embroiled in controversy over the installation of ‘Superfish’ adware on new PCs, has issued something of an informal apology on its US Twitter page.

This is the first direct apology from the company since news broke yesterday revealing the potentially devastating nature of ‘Superfish’. The software has been installed on many new Lenovo PCs since September, and initially appeared to be simple annoying adware. As bad as it was that a major manufacturer purposely installed adware on new PCs, the software was found to be potentially dangerous too, as it contained a certificate that allowed it to intercept seemingly secure connections to websites.

Lenovo initially said that it was “investigating” the claims, but has now come out with its first apology. An apology that many will be be glad to see.

Source: Lenovo US on Twitter

Lenovo Caught Installing Dangerous Adware on New PCs

Lenovo has been caught installing adware on new PCs. The software is called Superfish and on the face of it, the software appears to be your standard annoying adware with third-party ads plastered on various websites. It also has those terrible popup ads. However, some have suggested that this software may well be more dangerous than annoying.

Superfish essentially throws out ads on pages like Google that appear to match your search results. It seemingly does such a thing in Chome and Internet Explorer. It also provides annoying popups – something very common with adware. The thing is, Superfish is currently being disabled on new Lenovo machines after many users complained of such annoying popups. Now you’d think that’s a good thing, and that this story is now pointless as a result; well that certainly isn’t the case.

Lenovo community administrator, Mark Hopkins, said that the company would be temporarily removing the software on new systems due to these complaints. Shockingly, he said that the popups were “issues” that needed a “fix”, defending the software as useful in that it “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

It doesn’t stop there. There are now reports that Superfish is dangerous as well as annoying. It appears that the software is implementing a man-in-the middle attack by using a self-signed certificate authority, which allows it to decrypt secure connections, such as those to your bank account or when you’re making a purchase.

If all of this is true, it’s terrible for Lenovo, a trusted PC manufacturer, to be doing this to users’ computer new out of the box. Let’s hope Lenovo has something to say about it.

Source: The Next Web

Three Android Apps Pulled From Google Play Over Adware Concern

Three Android app have been deleted from the Google Play store after being flagged as adware by security outfit Avast. One of the apps, a card game called Durak, had over 5 million downloads before it was removed. The other two apps flagged as malicious were Iwolt IQ Test and Konka Russian History.

As Avast’s Filip Chytry explained in a blog post, “When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps.”

“This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors.”

“If you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.”

“An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?”

Though the apps have now been removed for download, anyone who has already downloaded them is advised to uninstall them immediately and run an anti-virus scan on their Android device.

Source: The Guardian

Bitdefender Is Best Windows 8 Internet Security, AVG is Best Free Security

According to the well respected, comprehensive and independent test of internet security packages, done by AV Test, Bitdefender has come out on top as the best overall internet security package. Bitdefender received 17 out of 18 points, followed closely by BullGuard with 16.5 points and Kaspersky with 16.

The test applies to the Windows 8 operating system only and is the most comprehensive and up-to-date internet security test currently available. The results are probably quite similar to what you’d expect to find on Windows 7 too. So as a general rule if you are looking to invest in Internet Security for your Windows 7 or 8 computer you will get the best protection from Bitdefender.

If we take a look at the freely available internet securities, which a lot of people use because they offer nearly as good protection, we can see AVG Free Edition 2013 does the best scoring 15.5 points. AVG Free is followed closely by Avast Free Antivirus 7.0 with 15 points and Panda Security Cloud Antivirus Free 2.1 with 14.5 points. Microsoft’s free included Windows Defender 4.0 does badly scoring 11.5 with the joint lowest protection score.

Funnily enough some paid Internet Security packages like McAfee, with 12.5 points, Comodo Premium, with 10 points, AhnLab V3, with 10 points and Norman Security Suite Pro 10, with 12 points, all did worse than the three best free Internet Security packages.

So we can pull some conclusions from these tests, which are that if you pick the right paid-internet security (Bitdefender, BullGuard or Kaspersky) packages you can get the best security.However, you can get nearly as good free internet security from Avast or AVG and this is very often better than a lot of paid internet security packages on the market today.

To see the full details of the AV Test Internet Security testing then please visit here.

Cisco Report Shows “Good” Sites Have More Malware Than Porn Sites

When it comes to catching viruses, malware and adware on the internet “word of mouth” will tell you that porn websites, pharmaceutical sites and gambling sites are some of the most dangerous out there. Cisco’s latest 2013 annual security report challenges this commonly-held assumption about internet security. Cisco shows us that the data contradicts what everyone thinks. In fact, the riskier links were not found on the aforementioned “dodgy” websites but in fact on regular safe-looking websites such as search engines or online shopping sites.

Cisco has stated that the average person is 182 times more likely to download malware on a safe site’s advertisements than on those sites with pornographic content. A random ecommerce site is about 21 times more likely to see you infected with an internet “bug” and you are also 27 times more likely to download malware from a no-name search engine than from a counterfeit software website.

It is clear then that Cisco’s findings look set to shake the foundations of internet security. Internet users are hugely mislead in the way they use the internet and need to start changing the way they act in general as opposed to consigning particular types of websites to that “dodgy” category.

On a related subject the 2013 annual security report by Cisco revealed Android malware is going through the roof, up 2577% in 2012, and global spam email volumes were down 18% overall – perhaps due to a series of recent take-downs of large spam email servers.

If you’d like to find out more then you can do so here.

What do you think of Cisco’s findings? Is it likely to change the way you view surfing the web? Let us know your thoughts.

Source