Total Pageviews

Search My Blog

Thursday, March 12, 2015

RollAround Ads and You

The RollAround Ads (aka "PUP.Optional.RollAround.A" or any variant)


This is very disturbing!  As always check with a local computer technician expert on matters regarding your PC and safety.

So as some of you may or may not be aware, not only have I worked extensively on computer technology and electronics for a fair amount of my life including childhood, I'm also going to college where I'm learning even more about said technology and the concepts therein to become a fully capable, competent, and respected computer technician.  This is what I've done in the past, this is what I do for both a hobby and for education, and I am always happy to share my data with anyone who wants to inspect my work.

As part of being an aware computer-savvy technician, I'm always looking to new improvements to computer tech, as well as the network security news, and all matters related to consumer PC safety including online habits.  Before reading up on any new information, my first priority is to make sure that my own PC's, both my desktops and my laptops, run at their peak efficiency, and that they are all virus free, malware-free, and spyware-free (or at least, as much as humanly possible with scans runs on a somewhat frequent basis about once or twice a week, more if I find hidden viruses or malware previously undetected).

I've spent the last 72 hours determining the extent of the problem that exists with certain malware that has been showing up recently in my weekly security sweeps on my laptops.  The following information is for anyone that doesn't know about RollAround popups adware/malware.  Your anti-virus or anti-malware software may not even detect it for weeks, even months.  Mine certainly did not, and again I run security scans at least twice a week on my own computers, and at least bi weekly on the rest of the devices and computers on my home network.

At first, I had not heard about "RollAround" AdWare / Malware, so to me it's relatively new.  After extensive research, I have found that it's been around for years.  I don't know how far back it goes, but it was simply too disturbing to ignore.

From what I've read, "PUP.Optional.RollAround.A" or some variant disguises itself as a persistent cookie installed onto your computer via one of your favorite browsers, say Firefox for example.  You might be asking the same question I did when I researched this relatively new tracking tool, and you'd be right to say to yourself "I didn't opt to participate in this tracking cookie.  How do I get it off my system?  How did I get it in the first place?"  Well, that last part I'm working on for myself.  Apparently, just by visiting any site that uses these special persistent cookies, you've automatically agreed to it.  At least, that's how their legal terms and conditions states it.  You can always opt-out, and even block cookies specifically, but unless you REALLY know what you're doing, it can be a tedious task, and one that can change the way you access your frequently visited websites.  I was especially surprised that the community college I go to has this cookie on their website, and I have used both Google Chrome and Mozilla Firefox interchangeably, and have frequently deleted cookies to make sure my site visits aren't tracked, even marked the checkbox in Chrome and in Firefox "Do Not Track" or their respective equivalents.  Though, it's obvious that even my weekly scans haven't given me any indication up until recently that there was anything mischievous going on with my PC systems.  I had no clue whatsoever, and I had been constantly trying to figure out why my systems would run so sluggish.

RollAround malware/adware tracks everything from your online viewing preferences, to shopping habits, purchases, what sites you do or don't visit, even if the visit is accidental (So, even if you inadvertently click on an ad that sends you to that awful porn site, it'll track that and think that's your preference).  It can run even when you're not physically on your PC, but your computer is still running and connected to the internet.  This is another reason I like to turn off my PC nightly, but I haven't been because I want security and other updates to occur while I sleep.  There's always the option, if you have it available, of turning off all network traffic via your firewall, or disconnecting from the router or cable modem directly and physically.  However, that still doesn't solve the problem of what to do with this malware.

I truly thought I had a handle on it just yesterday after running three full and complete scans with both MalwareBytes' "Anti-Malware" scanner, and Norton Antivirus provided by my ISP Comcast / Xfinity (don't judge, I just prefer to NOT go with Dial-Up or DSL if I can help it).  For whatever reason, it keeps popping up on my system.  From what I've researched, these cookies can come from any number of [now questionably] reputable companies like Microsoft, Yahoo, and other companies with investments in online shopping, and online ordering, who want YOUR data, your shopping habits, your internet browsing patterns, what products and services you find interesting, what products and services you don't buy, etc.  While this is NOT a new tactic for businesses, what is new is the legal loophole that they've all found to install software onto your computer without your knowledge, and then leave an opt-out open for anyone who doesn't want their data tracked, but even using that tool doesn't guarantee that your information, your browsing habits data, won't be tracked by other companies who use the same technology.

So here are your options from the way I see it after trying to either deal with or remove this garbage from your PC (and mine when I encounter it in my scans):


  1. Accept it.  It's pretty safe to say that this new legal technicality where just by visiting a website, your data on a site you've visited or are visiting, even by accident, could be tracked, even if everything you do tells that site you don't want to be tracked.  By now, it's fair to say it's a standard practice for nearly every company that does business online to use this tracking software.  Even non-internet businesses, reputable business use this strategy when concocting advertising and sales.  There is the supposed idea that your data is kept confidential, but I question that when I get dozens of ads unrelated to what I'm viewing.  For better understanding of this practice, I suggest watching the episode "Attack of the Killer App" from the TV series "Futurama" (available on Netflix as long as Netflix doesn't replace it with something crappy).  Although the episode features technology slightly different from a PC, the message in it is clear.  You want convenience?  You pay a price.  This is that price!
  2. Go "Off the Grid".  Put your tin foil hats on, because conspiracy theorists are gonna go ape-shit over this.  Like I said earlier, this practice is not new, but the way it's being done is relatively new from the perspective of a computer / internet consumer.  Many people, fed up with the way their data is being collected, dissected, analyzed, and processed into relevant ads for their personal preference, will often take to "cutting the digital cord" by not using any and all electronic devices, including computers, tablets, smartphones, etc.  Even using their old TV could be "beaming commercial ads into your brain" while you sleep.  I have personally never believed that last part, but if you feel you can handle being off all electronic devices, more power to you.  Though as I said before, this practice is still in use offline as much as it is done online.
  3. Customize your online experience.  There are ways to limit what data is collected, tools that have been (only recently) built into consumer grade internet browsers.  Tools like "private browsing" where no cookies are stored, no data is shared, and your browsing habits are only minimally tracked, if at all.  I've not yet had a chance to test this option specifically to verify that is what happens, but since it's my job to know what internet-related news including network security threats are out there, I might for one week try this method of "private browsing" and see if it works.  Though, you can, without going to "private mode", "incognito" or "InPrivate Browsing" depending on your preferred browser, customize your browsing software to accept cookies only from certain sites, especially from those specific sites you frequent the most so that the accidental click of a pornographic ad won't lead to your browser sending personal data about your "accidental" porn viewing habits.  While I disagree on some of those clicks being "accidental", it does happen even to the most careful user where they'll click on an ad that leads to a pornographic website.  There are other ways, other software that is designed to block ads so that this doesn't happen to you, but now it's just getting convoluted and complicated to keep your browsing data from being collected, even "accidental" data being transmitted.
  4. Run Anti-Malware, Anti-spyware, and antivirus scans regularly.  This should go without saying.  Be self-conscious about internet safety.  Like myself, you may have been as careful as you could possibly be, but that ONE accidental click could end up putting you in a compromising position of having to explain why suddenly your PC now redirects to pornographic websites to your significant other, your loved ones, etc.  While that may or may not be difficult depending on how well your loved ones know you, it doesn't hurt to do the prudent thing and run scans at least once every two weeks, or more frequent depending on your online viewing habits, just to be safe rather than sorry.
On a final note, this practice is how companies as well as would-be identity thieves and scammers are able to send targeted spam email (and regular snail mail) to your inbox, attempting to sway you into either buying their ridiculous product, or getting suckered into a scam that costs you all of your finances.  Just because you practice safe internet browsing doesn't mean everyone else who uses your PC will do the same.  As I found out, even (supposedly) reputable companies are not honoring their commitment to keeping your data confidential and safe.  They'll sell it to whomever they can, even to lowest bidders, just to get that extra $1.25 per click.  

So, do us computer technicians a favor.  When we attempt to help you with cleaning your PC system, be honest.  Even with those "accidental" clicks on porn ads, that information could be extremely helpful in finding out why your system is being infected so aggressively and frequently.  We're not here to judge you, make fun of you, or embarrass you in front of others like your family or friends, we're here to help.  If there's been a mistake in online internet browsing, own up to it.  Even if you don't think ANYONE in your household has done so, admit the possibility that mistakes do happen.  I've long thought, and am still a believer in the fact that computers do not make mistakes.  Humans often do, even if they're not totally aware of it.  

I'll do my best to keep you all updated on this and other internet/computer/network security related tips.  Please feel free to comment.  If you'd like me to answer a question, or research a related topic, please feel free to email me at "halfblind79@gmail.com".  Thank you!


Thursday, November 7, 2013

Cryptolocker Virus and You

I came across this article Cryptolocker Virus News Article and believed it was noteworthy to point out some good tips and ideas drawing from experience.

First off, these viruses are usually the result of visiting sites that are less than reputable.  Never submit information on a website you don't trust or (let's be honest) is completely riddled with pornographic images.  Secondly,  always keep your anti-virus updated with the latest definitions.  Third, keep your anti-malware scanner software updated as well.  Lastly, even with the latest updates on both antivirus and anti-malware, it does you no good if you don't run regular scans on your PC.  Most PC techs will tell you to run a scan at least once a week or more often depending on your web surfing activity.

Depending on your antivirus program, be sure to visit its website for information on this virus, and tips on how to prevent it from giving you trouble on your PC.  A good rule of thumb for myself is that I clean my browser history, delete my cookies, and run every scan possible with both my anti-virus and anti-malware software programs at least twice a week.  This is not because of pornographic sites, but because I do a lot of research both on black hat sites and white hat sites.  I have to be well versed in network security.  But for the average user, a scan of both programs at least once a week is more than prudent.

Also, if you have children, please limit their internet activities, set parental controls, and block websites entirely if you think there may be some questionable content.  For more information, please visit the following sites I believe to be helpful:

Microsoft.com
Symantec.com - For Norton security products.
McAfee.com - For McAfee security products.
avg.com - For AVG security products.
kaspersky.com - Kaspersky Security products.

If you still need help, please contact a PC technician immediately for assistance.  Also keep in mind that like with any new virus or computer or network security issue, updates are being put together as fast as humanly possible.  Patches are being made, and updates are being designed to close loopholes.  Be sure to keep up-to-date on all updates (whether you're a MAC or PC user).

For more information, contact your network or system administrator if in a work environment.

Friday, September 6, 2013

US and UK spy agencies defeat privacy and security on the internet (Courtesy: www.theguardian.com)

This latest blog I wanted to share because of the rise of concern over privacy and security.  I felt it necessary to write about this after reading the following link:

(http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security#_=_)

I stumbled upon this when I was checking my "Google+" account.  To be fair, I haven't read the article in its entirety.  Though playing devil's advocate, I can see some potential benefits to this happening.  And because of the rise in concern over privacy and security after the recent leak of NSA (National Security Agency) domestic eavesdropping, I felt it necessary to point out some of the potential benefits here as opposed to the potential pitfalls some folks jump to (the conspiracy theorists).

The first and foremost benefit is this:  It's better this happens by the United States and the United Kingdom's spy agencies than have it happen by someone with less-than-honorable reasons.  Let's face it, everyone would be in an uproar if someone in a much more foreign (and hostile) sovereign power did it.  I'd be in total concern that someone broke my encryption codes in a foreign hostile region than my own government.  Besides, unless I'm doing something completely illegal, I have nothing to hide.

Another benefit to this development is that because of this government sanctioned "breach", a "white hat" or ethical hacker (someone who is paid to legally break into secure networks and computer systems) can find solutions to such breaches of security and privacy, and find new countermeasures and defenses against such cyber attacks.

Suppose these "white hats" didn't exist.  Let's just say for the sake of argument that our governments weren't proactive in setting up these legal breaches, who would be responsible for the safety and security of our computer systems and networks?  The manufacturer's?  The individual public users?  "Black Hats"?  Those are the folks we really should worry about.  They are the ones who hack for many reasons.  Primary reasons include greed, bragging rights, and to "just have fun".  Sometimes, although rare, "Black Hats" have been used for political cyber attacks on politician's systems, networks, etc.  

My personal suggestion to get an idea of what this all means, watch the movie "Live Free or Die Hard".  In this movie, they talk of something hackers everywhere both live for and fear called a "fire sale".  I won't explain the details of which since they are explained in the movie, and while I don't think it'd actually happen, it's a very real worry.  "White hats" who work on government payroll are constantly working on making sure someone or a group of people are not able to perform this theoretical "fire sale".

One final thought on this subject, for those of us in I.T. (Information Technology)/I.S. (Information Security) industries, this can be a useful development, because it means someone is already working on solutions and remedies to counteract such breaches and cyber attacks.  Those of us in said industries are working hard to keep up with developments like this so that we can do our job that much more effectively and efficiently.  The last thing we want is for someone to blame us for something that wasn't within our control, or even a degree of control.  

Have questions or need something explained?  Send me an email at halfblind79@gmail.com, and I'll do my best to either answer your question or provide an explanation.  If I cannot, I'll point you in the right direction.  If you'd like your question or explanation featured in a blog, let me know too!  Thanks for reading.