"Personal Security" is malware
Mom had an infection on her computer that would hijack Firefox when she clicked certain links. It would run a bogus "security scan" in a web page that was made to look like a Windows XP system dialog box, and then try to make her download something to "fix" the many scary problems it "detected". She was too smart to do that (good for her!) but when she tried to navigate away from the page it would throw up a defensive screen of modal dialog boxes with misleading options and she would have to force-quit Firefox.
We looked it up and found out it was a well-known piece of malware "Personal Security", a scam that tries to get your money by generating bogus security threats and then demanding you upgrade to the paid version in order to fix them.
The software equivalent of a scam that involves criminals dressing up as police officers, in other words. Pure evil!
MacAfee, as usual, did absolutely nothing. Mom was able to get rid of the infection with a free program called Panda Cloud Antivirus.
Just throwing this out there as a warning, so y'all have some idea of how to recognize this Personal Security malware and know at least one way to get rid of it.
Still not sure how she got infected in the first place. I need to talk to the Firefox security guys about it and see if there's more we could be doing to block this kind of attack.
Java is the new giant web security hole
You may recall my mom's computer got infected with malware called "Personal Security". It turns out that the attack vector used by Personal Security, as well as a bunch of other malware that got on there, was through a security hole in the Java plugin.
It seems that Java exploits have skyrocketed especially in the second half of 2010. Computer criminals accept payment from other criminals to deploy whole bundles of random crapware via the holes in the Java plugin.
Friday, a week ago, I got what I think was my first-ever malware infection in 25 years of using computers.
I was using my Windows laptop. I had run Internet Explorer ONCE in order to check compatibility of one of my HTML5 game programming demos. I don't know whether IE was how it got in or whether it was through a Java security hole or what, but the timing was suspicious.
It was something called "Windows 7 Total Security" which is the same thing, just with a different name, as what my mom got -- malware that pretends to be an antivirus program, bombards you with spurious warnings about hundreds of imaginary viruses, and tries to get you to pay money to get rid of them. My version was somewhat worse in that it wouldn't let me go to any websites at all - every site got replaced with a bogus security warning.
I used Panda Cloud antivirus (goddam it people, stop calling everything "cloud", it's lost all meaning. At this point as far as I can tell "cloud" is a synonym for "internet".) Despite the stupid name, it worked.
Or did it? I was left unable to run any programs, because when I double-clicked an .EXE file it asked what program I wanted to use to open that file. The registry had gotten corrupted so that the file-type association for "EXE" was broken -- and I couldn't even run regedit.exe to fix it. I couldn't launch things from the command line even, because that's "cmd.exe". I finally found a website describing this problem and downloaded a sketchy batch file that successfully fixed everything.
Not sure if there's a larger lesson to draw from all this, other than that bad people who write viruses suck and should go to jail.
I just had my first session with a psychotherapist about my depression.
For years I've been like "Yeah I'm depressed but I'm not like, clinically FOR REAL depressed, it's just thatlife is meaningless and I'm a terrible person and everything sucks and we're all gonna die. And you know that voice in your head that recites everything you've ever done wrong and how you're a worthless fuck-up who's wasted your life? I couldn't sleep last night because that voice was going ALL NIGHT. But no, therapy is for people who have REAL depression, if I see a therapist they'll just say I'm making it up and laugh at me."
And I'm not depressed ALL the time. Some days I'm pretty happy, like days when I see friends and play taiko and focus on the here-and-now. It's just when I try to think about the future (my own or the world's) that I get into a Doom Spiral of negative thinking.
But after three different people independently told me, within a week of each other, that I really needed to go see somebody about my depression, I took that as sufficient independent corroboration and I made an appointment.
One thing we talked about was how most important things I want to do involve reaching out to somebody -- writing job applications, school applications, looking for project collaborators, maintaining or renewing social contacts after I move away or change jobs or otherwise leave a group, etc. And I get super, super anxious when I'm trying to make that phone call or write that email, because I'm, I dunno, afraid of rejection or something, and I procastinate about it for hours or days.
And while I'm procrastinating I'll start reading news links on the internet, right? Cuz they're right there, and cuz I should stay informed about what's happening, right? But I tend to be attracted to reading very negative news. Basically I have carefully curated the news feeds I follow so they're all about human rights violations, creeping loss of civil liberties, war in the middle east, environmental disasters, injustice, man's inhumanity to man, all the many ways our civilization can destroy itself, and other assorted doom and gloom. So I sit down to write a job application and before I know it I'm reading about the melting polar ice caps and the rate of species extinction and peak oil and how many civilians our drone strikes have killed in Pakistan and that we're force-feeding prisoners in Guantanamo and racist stop-and-frisk searches in NYC and how Google Glass is going to lead to a totalitarian surveillance state and oh my god have you seen what the Turkish government has been doing to peaceful protestors?
The therapist proscribed me a week of Not Reading Internet News. I think this is probably a Good Idea.
I'll still blog here but no more depressing news links for a while. I'll still answer email. And I still have to use parts of the internet for job searching, reference for projects, etc. But cold turkey on Twitter, Tumblr, Hacker News, Daily Dish, the Atlantic, Wired, 538, the ACLU blog, etc. etc.