How many spyware items are infecting your computer?
I just had, by mistake, a plug-in called Intelligent Explorer attach to my browser. What a nightmare! I have another article on this topic, but this brings home a point. Spyware or adware items are continually infecting computers. Most computers have no protection from them. Most frightening is the frequency of them. From the InfosecWriters web site, "According to a 2004 survey by America Online and the National Cyber Security Alliance, 91% of users questioned were familiar with the term spyware. Only 53% believed their computers were infected, but a scan found that 80% of their PCs had some type of spyware installed on them." It goes on to say, "...The average number of spyware components per computer was 93 with one computer having well over a thousand."
What is Spyware?
Butte College (www.bctv.butte.edu/support/spyware.html) offers this definition:
“The term ‘spyware’ is broadly defined as any program that gets into your computer without permission and hides in the background while it makes unwanted changes to your user experience.
Spyware is generally not designed to damage your computer. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.
At present, most spyware targets only the Windows operating system (Internet Explorer).”
To be fair, spyware can be harmless, for example tracking cookies don’t do much. While such things infringe on your privacy, they don't really harm anything. Others, however, are extremely dangerous.
So what do you do about it?
No spyware program seems to do everything, but there are a lot of goods solutions out there that can help. Here is a list of some of the top Spyware tools to look at:
1) Try Ad-Aware 6.0 Professional from LavaSoft (there is also a free version with less functionality)
2) Spybot Search & Destroy from PepiMK Software
3) Xoftspy form Pareto Logic
5) Spyware Guard from Javacool Software is a free program
4) Pest Patrol (now part of Computer Associates by acquisition)
5) McAfee Anti-Spyware
One thing is for certain: you do need to take spyware seriously. For some reason, too many people out there think anti-virus solutions are the end-all solution. They are not.
And, when all else fails?
Finally, as drastic as it seems, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete reinstall of the operating system.
Thursday, April 1, 2010
SECURITY AND ENCRYPTION
About Encryption and Making Your System Secure
What does encryption do for me?
Encryption and cryptographic software has been used in many different ways to make systems more secure. This article discusses only a few ways that such software can make your system more secure, including:
1) Encrypting your email
2) Encrypting your files
To programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.
Will encryption stop people from accessing my information?
Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected. Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break.
Why bother to encrypt my email?
It should be noted that email is far less secure than paper mail for two very good reasons: first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.
How do I go about encrypting my email?
There are many programs out there that can help you encrypt your email. A very popular one is PGP (Pretty Good Privacy) or its Gnu offshoot GPG.
PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."
Why bother to encrypt my files?
The answer to this boils down to what you store on your computer. If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information. Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.
How do I go about encrypting my files?
AxCrypt File Encryption Software (http://axcrypt.sourceforge.net/) Self-described as "Free Personal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."
What does encryption do for me?
Encryption and cryptographic software has been used in many different ways to make systems more secure. This article discusses only a few ways that such software can make your system more secure, including:
1) Encrypting your email
2) Encrypting your files
To programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.
Will encryption stop people from accessing my information?
Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected. Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break.
Why bother to encrypt my email?
It should be noted that email is far less secure than paper mail for two very good reasons: first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.
How do I go about encrypting my email?
There are many programs out there that can help you encrypt your email. A very popular one is PGP (Pretty Good Privacy) or its Gnu offshoot GPG.
PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."
Why bother to encrypt my files?
The answer to this boils down to what you store on your computer. If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information. Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.
How do I go about encrypting my files?
AxCrypt File Encryption Software (http://axcrypt.sourceforge.net/) Self-described as "Free Personal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."
SECURITY
Surfing the Web
Surfing the Web Anonymously – Questions to Ask
When you surf the web it is possible to learn information about you even when you don't want to advertise who you are. This is true even if your system contains no virus or malware software. Specifically information that is easily available online includes your IP address, your country (and often more location information based on IP address), what computer system you are on, what browser you use, your browser history, and other information. It gets worse. People can get your computer's name and even find out your name if your machine supports programs like finger or identd. Also, cookies can track your habits as you move from machine to machine.
How do people get this basic information about you?
When you visit another web site, information about you can be retrieved. Basically, information is intercepted and used by others to track your Internet activities.
How do you stop this from happening?
First of all, it is possible to serf the web anonymously and thereby stop leaving a trail for others to find. Note that this is not fool-proof, but it makes it much harder for people to know who you are. There are products called anonymous proxy servers that help protect you. The anonymous proxy server replaces your Internet address for its own. This has the effect of hiding your IP address and making it much harder for people to track you.
How do I get an anonymous proxy server?
There are many vendors who sell anonymous proxy servers. There are also free proxy servers available to you. Two such products are ShadowSurf and Guardster. Guardster (http://www.guardster.com/) offers various services for anonymous and secure access to the web, some paid as well as a free service. ShadowSurf (http://www.shadowsurf.com/) ShadowSurf provides anonymous surfing at their site for free. Go to it and you will find a box to enter a URL that you want no one to track. There are many others, but here are two that are frequently used.
Another interesting product, given the recent news about the Google search engine filtering its findings for the Chinese government, is Anonymizer (http://www.anonymizer.com). This company, among others, recently (Feb 1st, 2006) pressed that it "is developing a new anti-censorship solution that will enable Chinese citizens to safely access the entire Internet filter-free" (http://www.anonymizer.com/consumer/media/press_releases/02012006.html).
Does an anonymous proxy server make you 100% safe?
No. Still, you are much better off if you use such technology.
What other things should I be concerned about when trying to keep my private information private?
Three other items come to mind when trying to keep your information private. First, you can use an encrypted connection to hide your surfing. This article does not go into detail on this, but search the web and you will find a lot of information on this. Secondly, delete cookies after each session. Third, you can configure your browser to remove JavaScript, Java, and active content. This actually leads to limitations, so you need to think about the cost/benefit of this course of action.
Website Security Rules of the Road
In 2004, online consumer spending was at a record $65.1 billion. More and more people are attracted to the ease of online shopping and are spending higher amounts. Unfortunately, the chances of becoming a victim of Internet fraud are also increasing. The Internet National Fraud Center Watch reported that the average loss to fraud victims for just the first six months of 2005 was $2,579. This is compared to the $895 average for all of 2004.
Complaints relating to general merchandise purchases (goods never received or misrepresented) accounted for 30% of Internet fraud complaints, and auction purchases (goods never received or misrepresented) topped the list at 44%.
While many e-commerce Websites are reputable and have taken the necessary safety precautions to protect you, it never hurts to always proceed cautiously. If you are making an online purchase consider these easy steps:
1. Use only one credit card, preferably with a low credit limit, when making online purchases. Avoid using an ATM or debit card.
2. Be wary of unsolicited offers by sellers. The Internet National Fraud Information Center Watch reported that email, as a method of contact by Internet scammers was up 22% in 2004.While the offer may be legitimate, spammers like to use this tactic to side-step reputable sites that provide consumer protection for online purchases.
3. Use only reputable e-commerce websites that list a street address and telephone number in case you need to contact them directly.
4. Read the website’s privacy policy. Some websites may reserve the right to sell/give your information to a third party. Check the document to see if they allow an opportunity to “opt-out” of receiving special offers from third-party vendors or for permission to share your personal information.
5. Check for a lock symbol in the status bar at the bottom of your Web browser window. Also, do not provide your personal information if the website address doesn’t start with “https” (a sign that the site is using a secure server).
6. Choose only verified sellers. Check to see if the vendor is a verified member of a reputable third party such as the Better Business Bureau, VeriSign, or Guardian eCommerce. These third-party sites help to ensure online consumers will be protected when shopping or conducting e-commerce transactions.
7. Check that the delivery date posted is reasonable. If you have not dealt with the vendor on a regular basis, be wary of any Website that states the shipment will be delayed 20 or more days. Delivery dates of 7-10 days are more common.
8. Keep a paper trail of all online transactions. Print out a hard copy of the transaction and keep it in a file for future reference.
9. Be wary of website offers that just sound too good to be true. The Internet is littered with get rich quick scams and false advertising claims. Investigate all claims thoroughly before proceeding.
10. If you do not receive what you paid for, and the vendor will not return your emails or calls, contact your state’s Department of Consumer Affairs for further assistance.
Trojan Horse
Trojan Horse….Greek Myth or Computer Nemesis?
We have all heard the term Trojan Horse, but what exactly is it? A Trojan Horse is a destructive program that masquerades as a harmless application. Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive. One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses but instead introduces viruses into your computer.
The Trojan can be tricky. Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus? Or, even more frightening, you receive an email that claims to be alerting you to a new virus that can threaten your computer. The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their “free”, attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable. You proceed to take them up on their offer and download the software. In doing so, you have just potentially exposed yourself to a massive headache and your computer to a laundry list of ailments.
When a Trojan is activated, numerous things can happen. Some Trojans are more annoying than malicious. Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons. The more serious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware such as viruses, spy on the user of a computer and secretly report data like browsing habits to other people, log keystrokes to steal information such as passwords and credit card numbers, phish for bank account details (which can be used for criminal activities), and even install a backdoor into your computer system so that they can come and go as they please.
To increase your odds of not encountering a Trojan, follow these guidelines.
1. Remain diligent
Trojans can infect your computer through rogue websites, instant messaging, and emails with attachments. Do not download anything into your computer unless you are 100 percent sure of its sender or source.
2. Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.
3. Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms. Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.
4. Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.
Nothing can guarantee the security of your computer 100 percent. However, you can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines.
Department of Defense Crackdown on Security
The top commander of the department of Defense network operations just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006, Lt. General Charles Croom is quoted as saying, “The attacks are coming from everywhere and they’re getting better.” His talk was the keynote address at the Department of Defense Cyber Crime Conference held on January 9 - 14, 2005 in Clearwater, Florida. The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force. Over 500 computer crime specialists from the FBI and the military attended the event.
The crackdown was related to a recent arrest of a “Computer Virus Broker” named Jeanson James Ancheta. On further investigation, a Department of Justice press release from Nov 3rd, 2005 offered the following information on this incident, “In the first prosecution of its kind in the nation, a well-known member of the “botmaster underground” has been indicted on federal charges for profiting from the use of “botnets” – armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.”
The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to: http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )
“Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta’s adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.
Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta’s illegal activity.”
Some recent news. Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.
Spyware Beware
Spyware and Adware are not only an ever increasing nuisance for computer users everywhere, but also a booming industry. According to Webroot Software, Inc., the distribution of online advertisements through spyware and adware has become a $2 billion industry.
The aggressive advertising and spying tactics demonstrated by some of these programs, require an equally aggressive response from a seasoned eradicator. Sunbelt Software is such a company. A leader in Anti-Spyware, Anti-Spam, Network Security and System Management tools, they gave consistently remained on the cutting-edge of anti-spyware programming since 1994.
One of their more notable software applications is CounterSpy 1.5. CounterSpy is designed to detect and remove spyware that is already in your computer system. Additionally, it provides real-time protection while preventing browser hijacking and changes to your computer’s Registry.
Other notable features include:
• Detection and Removal of Tracking Cookies – while it is true that applications like Microsoft AntiSpyware Beta are free, they do not include the ability to detect and remove tracking cookies like CounterSpy does.
• History Cleaner - erases any traceable trails left on your computer as you surf the Internet.
• Secure File Eraser - a powerful deletion tool that can completely eliminate all files you want removed from your computer including images, music, movies and applications.
• PC Explorer - allows you a look into files and areas that are normally inconvenient to access, such as your startup programs, browser helper objects, and ActiveX programs that are being downloaded or used.
• Support for Older Operating Systems – includes Windows 98SE, Windows ME, and Windows NT.
Recommended by PC World, ConsumerSearch, and Dell, CounterSpy holds one of the highest effective ratings for spyware removal. It also received high marks from TopTenReviews (2006) for ease of use, customization/installation, and help/support. For only $19.95 per machine, users can receive a one year subscription with updates, upgrades, and technical support from real live humans. CounterSpy definitely provides ease of use and affordability for just about any computer user from the novice to the expert.
Computer Viruses that Come a Callin’
Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.
Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”
Surfing the Web Anonymously – Questions to Ask
When you surf the web it is possible to learn information about you even when you don't want to advertise who you are. This is true even if your system contains no virus or malware software. Specifically information that is easily available online includes your IP address, your country (and often more location information based on IP address), what computer system you are on, what browser you use, your browser history, and other information. It gets worse. People can get your computer's name and even find out your name if your machine supports programs like finger or identd. Also, cookies can track your habits as you move from machine to machine.
How do people get this basic information about you?
When you visit another web site, information about you can be retrieved. Basically, information is intercepted and used by others to track your Internet activities.
How do you stop this from happening?
First of all, it is possible to serf the web anonymously and thereby stop leaving a trail for others to find. Note that this is not fool-proof, but it makes it much harder for people to know who you are. There are products called anonymous proxy servers that help protect you. The anonymous proxy server replaces your Internet address for its own. This has the effect of hiding your IP address and making it much harder for people to track you.
How do I get an anonymous proxy server?
There are many vendors who sell anonymous proxy servers. There are also free proxy servers available to you. Two such products are ShadowSurf and Guardster. Guardster (http://www.guardster.com/) offers various services for anonymous and secure access to the web, some paid as well as a free service. ShadowSurf (http://www.shadowsurf.com/) ShadowSurf provides anonymous surfing at their site for free. Go to it and you will find a box to enter a URL that you want no one to track. There are many others, but here are two that are frequently used.
Another interesting product, given the recent news about the Google search engine filtering its findings for the Chinese government, is Anonymizer (http://www.anonymizer.com). This company, among others, recently (Feb 1st, 2006) pressed that it "is developing a new anti-censorship solution that will enable Chinese citizens to safely access the entire Internet filter-free" (http://www.anonymizer.com/consumer/media/press_releases/02012006.html).
Does an anonymous proxy server make you 100% safe?
No. Still, you are much better off if you use such technology.
What other things should I be concerned about when trying to keep my private information private?
Three other items come to mind when trying to keep your information private. First, you can use an encrypted connection to hide your surfing. This article does not go into detail on this, but search the web and you will find a lot of information on this. Secondly, delete cookies after each session. Third, you can configure your browser to remove JavaScript, Java, and active content. This actually leads to limitations, so you need to think about the cost/benefit of this course of action.
Website Security Rules of the Road
In 2004, online consumer spending was at a record $65.1 billion. More and more people are attracted to the ease of online shopping and are spending higher amounts. Unfortunately, the chances of becoming a victim of Internet fraud are also increasing. The Internet National Fraud Center Watch reported that the average loss to fraud victims for just the first six months of 2005 was $2,579. This is compared to the $895 average for all of 2004.
Complaints relating to general merchandise purchases (goods never received or misrepresented) accounted for 30% of Internet fraud complaints, and auction purchases (goods never received or misrepresented) topped the list at 44%.
While many e-commerce Websites are reputable and have taken the necessary safety precautions to protect you, it never hurts to always proceed cautiously. If you are making an online purchase consider these easy steps:
1. Use only one credit card, preferably with a low credit limit, when making online purchases. Avoid using an ATM or debit card.
2. Be wary of unsolicited offers by sellers. The Internet National Fraud Information Center Watch reported that email, as a method of contact by Internet scammers was up 22% in 2004.While the offer may be legitimate, spammers like to use this tactic to side-step reputable sites that provide consumer protection for online purchases.
3. Use only reputable e-commerce websites that list a street address and telephone number in case you need to contact them directly.
4. Read the website’s privacy policy. Some websites may reserve the right to sell/give your information to a third party. Check the document to see if they allow an opportunity to “opt-out” of receiving special offers from third-party vendors or for permission to share your personal information.
5. Check for a lock symbol in the status bar at the bottom of your Web browser window. Also, do not provide your personal information if the website address doesn’t start with “https” (a sign that the site is using a secure server).
6. Choose only verified sellers. Check to see if the vendor is a verified member of a reputable third party such as the Better Business Bureau, VeriSign, or Guardian eCommerce. These third-party sites help to ensure online consumers will be protected when shopping or conducting e-commerce transactions.
7. Check that the delivery date posted is reasonable. If you have not dealt with the vendor on a regular basis, be wary of any Website that states the shipment will be delayed 20 or more days. Delivery dates of 7-10 days are more common.
8. Keep a paper trail of all online transactions. Print out a hard copy of the transaction and keep it in a file for future reference.
9. Be wary of website offers that just sound too good to be true. The Internet is littered with get rich quick scams and false advertising claims. Investigate all claims thoroughly before proceeding.
10. If you do not receive what you paid for, and the vendor will not return your emails or calls, contact your state’s Department of Consumer Affairs for further assistance.
Trojan Horse
Trojan Horse….Greek Myth or Computer Nemesis?
We have all heard the term Trojan Horse, but what exactly is it? A Trojan Horse is a destructive program that masquerades as a harmless application. Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive. One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses but instead introduces viruses into your computer.
The Trojan can be tricky. Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus? Or, even more frightening, you receive an email that claims to be alerting you to a new virus that can threaten your computer. The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their “free”, attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable. You proceed to take them up on their offer and download the software. In doing so, you have just potentially exposed yourself to a massive headache and your computer to a laundry list of ailments.
When a Trojan is activated, numerous things can happen. Some Trojans are more annoying than malicious. Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons. The more serious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware such as viruses, spy on the user of a computer and secretly report data like browsing habits to other people, log keystrokes to steal information such as passwords and credit card numbers, phish for bank account details (which can be used for criminal activities), and even install a backdoor into your computer system so that they can come and go as they please.
To increase your odds of not encountering a Trojan, follow these guidelines.
1. Remain diligent
Trojans can infect your computer through rogue websites, instant messaging, and emails with attachments. Do not download anything into your computer unless you are 100 percent sure of its sender or source.
2. Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.
3. Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms. Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.
4. Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.
Nothing can guarantee the security of your computer 100 percent. However, you can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines.
Department of Defense Crackdown on Security
The top commander of the department of Defense network operations just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006, Lt. General Charles Croom is quoted as saying, “The attacks are coming from everywhere and they’re getting better.” His talk was the keynote address at the Department of Defense Cyber Crime Conference held on January 9 - 14, 2005 in Clearwater, Florida. The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force. Over 500 computer crime specialists from the FBI and the military attended the event.
The crackdown was related to a recent arrest of a “Computer Virus Broker” named Jeanson James Ancheta. On further investigation, a Department of Justice press release from Nov 3rd, 2005 offered the following information on this incident, “In the first prosecution of its kind in the nation, a well-known member of the “botmaster underground” has been indicted on federal charges for profiting from the use of “botnets” – armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.”
The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to: http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )
“Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta’s adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.
Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta’s illegal activity.”
Some recent news. Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.
Spyware Beware
Spyware and Adware are not only an ever increasing nuisance for computer users everywhere, but also a booming industry. According to Webroot Software, Inc., the distribution of online advertisements through spyware and adware has become a $2 billion industry.
The aggressive advertising and spying tactics demonstrated by some of these programs, require an equally aggressive response from a seasoned eradicator. Sunbelt Software is such a company. A leader in Anti-Spyware, Anti-Spam, Network Security and System Management tools, they gave consistently remained on the cutting-edge of anti-spyware programming since 1994.
One of their more notable software applications is CounterSpy 1.5. CounterSpy is designed to detect and remove spyware that is already in your computer system. Additionally, it provides real-time protection while preventing browser hijacking and changes to your computer’s Registry.
Other notable features include:
• Detection and Removal of Tracking Cookies – while it is true that applications like Microsoft AntiSpyware Beta are free, they do not include the ability to detect and remove tracking cookies like CounterSpy does.
• History Cleaner - erases any traceable trails left on your computer as you surf the Internet.
• Secure File Eraser - a powerful deletion tool that can completely eliminate all files you want removed from your computer including images, music, movies and applications.
• PC Explorer - allows you a look into files and areas that are normally inconvenient to access, such as your startup programs, browser helper objects, and ActiveX programs that are being downloaded or used.
• Support for Older Operating Systems – includes Windows 98SE, Windows ME, and Windows NT.
Recommended by PC World, ConsumerSearch, and Dell, CounterSpy holds one of the highest effective ratings for spyware removal. It also received high marks from TopTenReviews (2006) for ease of use, customization/installation, and help/support. For only $19.95 per machine, users can receive a one year subscription with updates, upgrades, and technical support from real live humans. CounterSpy definitely provides ease of use and affordability for just about any computer user from the novice to the expert.
Computer Viruses that Come a Callin’
Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.
Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”
How To Enable or Disable Simple File Sharing in Windows XP
Simple File Sharing is a feature introduced in Microsoft Windows XP. Simple File Sharing removes some file sharing security options available in other versions of Windows. This helps Windows XP administrators quickly set up folder shares.
Simple File Sharing (SFS) is always enabled and cannot be disabled in Windows XP Home Edition. The below step-by-step instructions explain how to enable/disable SFS in Windows XP Professional.
1. Open My Computer from the Start Menu or Windows XP Desktop. A new My Computer window will appear.
2. Open the Tools menu and choose the "Folder Options..." option from this menu. A new Folder Options window will appear.
3. Click on the View tab and locate the "Use Simple File Sharing (Recommended)" checkbox in the list of Advanced Settings.
4. To enable Simple File Sharing, ensure this checkbox is checked. To disable Simple File Sharing, ensure this checkbox is not checked. Click inside the checkbox to alternately enable and disable the option.
5. Click OK to close the Folder Options window. The settings for Simple File Sharing are now updated; no computer reboot is required.
Tips:
1. The Simple File Sharing checkbox should be at or near the bottom of the Advanced Settings list in the My Computer Folder Options.
2. Enabling Simple File Sharing prevents the ability to assign user-level passwords to shares. When Simple File Sharing is enabled on a computer, remote users will not be prompted for a password when accessing that computer's shares.
3. If the Windows XP Professional computer is part of a Windows domain rather than a Windows workgroup, this process for enabling or disabling Simple File Sharing has no effect. Simple File Sharing always remains disabled for computers joined to domains.
What You Need:
• Computer running Windows XP Professional
Simple File Sharing (SFS) is always enabled and cannot be disabled in Windows XP Home Edition. The below step-by-step instructions explain how to enable/disable SFS in Windows XP Professional.
1. Open My Computer from the Start Menu or Windows XP Desktop. A new My Computer window will appear.
2. Open the Tools menu and choose the "Folder Options..." option from this menu. A new Folder Options window will appear.
3. Click on the View tab and locate the "Use Simple File Sharing (Recommended)" checkbox in the list of Advanced Settings.
4. To enable Simple File Sharing, ensure this checkbox is checked. To disable Simple File Sharing, ensure this checkbox is not checked. Click inside the checkbox to alternately enable and disable the option.
5. Click OK to close the Folder Options window. The settings for Simple File Sharing are now updated; no computer reboot is required.
Tips:
1. The Simple File Sharing checkbox should be at or near the bottom of the Advanced Settings list in the My Computer Folder Options.
2. Enabling Simple File Sharing prevents the ability to assign user-level passwords to shares. When Simple File Sharing is enabled on a computer, remote users will not be prompted for a password when accessing that computer's shares.
3. If the Windows XP Professional computer is part of a Windows domain rather than a Windows workgroup, this process for enabling or disabling Simple File Sharing has no effect. Simple File Sharing always remains disabled for computers joined to domains.
What You Need:
• Computer running Windows XP Professional
How To Restore Hal.dll From the Windows XP CD
The hal.dll file is a hidden file that is used by Windows XP to communicate with your computer's hardware. Hal.dll can become damaged, corrupted or deleted for a number of reasons and is usually brought to your attention by the "missing or corrupt hal.dll" error message.
Follow these easy steps to restore the damaged/corrupted or missing hal.dll file from the Windows XP CD using the Recovery Console.
1. Enter Windows XP Recovery Console.
2. When you reach the command line prompt (detailed in Step 6 in the link above), type the following and then press Enter:
3.
4. expand d:\i386\hal.dl_ c:\windows\system32
Using the expand command as shown above, d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\windows represents the drive and folder that Windows XP is currently installed on. Again, this is most often the case but your system could be different.
5. If you're prompted to overwrite the file, press Y.
6. Take out the Windows XP CD, type exit and then press Enter to restart your PC.
Assuming that a missing or corrupt hal.dll file was your only issue, Windows XP should now start normally.
Follow these easy steps to restore the damaged/corrupted or missing hal.dll file from the Windows XP CD using the Recovery Console.
1. Enter Windows XP Recovery Console.
2. When you reach the command line prompt (detailed in Step 6 in the link above), type the following and then press Enter:
3.
4. expand d:\i386\hal.dl_ c:\windows\system32
Using the expand command as shown above, d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\windows represents the drive and folder that Windows XP is currently installed on. Again, this is most often the case but your system could be different.
5. If you're prompted to overwrite the file, press Y.
6. Take out the Windows XP CD, type exit and then press Enter to restart your PC.
Assuming that a missing or corrupt hal.dll file was your only issue, Windows XP should now start normally.
Securing Windows XP Home Edition
Use Private Folders To Protect Data: As mentioned in Step 1 above, Windows XP Home uses something called Simple File Sharing for sharing files, folders and other resources. When you mark a file or folder as Shared, anyone who can get to your computer can access the share and the data it contains because of how Windows XP Home uses the Guest account and its blank password (unless you have followed the information in Step 1) to grant access. Windows XP Home does not allow for more customized file and folder sharing like you would find in Windows 2000 or in Windows XP Professional (with Simple File Sharing disabled).
Windows XP Home does offer the polar opposite of sharing though- marking a folder Private. If you mark a folder as Private the contents of that folder and any sub-folders will be accessible only by you.
To make the most of this feature it helps if you keep all of your personal or confidential data in one place so that you can just mark the one folder as Private rather than having to scour the computer looking for various folders you might want to keep Private. Your User Account folder under Documents and Settings which contains your My Documents folder, your Favorites and other personal configuration data for Windows is marked Private by default in Windows XP Home.
To mark a folder as private you need to right-click on it and select Sharing and Security. On the Sharing tab click the checkbox that says "Make This Folder Private". If the folder is owned by another user or by the operating system itself this option will be grayed out. You may also see a checkmark inthe box that is grayed out if the folder is a sub-folder of a different folder already marked as Private.
4. Use Limited Accounts For Everyday Use: Windows 2000 and Windows XP Professional offer a number of different user account types and also provide a means to create your own custom user account types. Windows XP Home essentially offers two choices- Administrator and Limited. The Administrator account has essentially full control over anything and everything on the computer. The Limited account can use the computer, but is extremely restricted in its ability to install software or alter system configurations in any way.
One of the primary reasons for using the Limited account is to protect the system from yourself. It's possible that a family member with Administrator access can accidentally change or delete critical information on the computer. It is also possible that someone with an Administrator account may have their account hacked or become infected with a virus or worm of some sort. Typically, the attacker or malware will be able to wreak havoc on the system using the access privileges of the account that has been compromised. So, it makes sense to save your Administrator account for when it is needed, but use Limited accounts for everyday use by most users.
To choose an account type in Windows XP Home click on User Accounts in the Control Panel. Once you select a user you can click on the "Change My Account Type" button. You will be able to choose between Administrator and Limited and can see a brief description of the abilities of each account type. You are required to have at least one Administrator account, so be sure to leave or create one- but save it for use when necessary and stick to using Limited accounts wherever possible.
5. Upgrade to Windows XP Professional: I realize that switching operating systems isn't exactly helpful for securing the one you have. However, it is truly my best recommendation for someone using Windows XP Home edition that wants to ensure a high degree of security on their system.
The Simple File Sharing "feature" which doesn't let you protect individual files or select which users can simply read the file vs. which ones can change or delete it turns out to be a feature you may not want if you're trying to be secure.
Windows XP Home lets you mark folders and their data as Private, but does not include support for EFS (Encrypted File System) which you can use in Windows 2000 and in Windows XP Professional to encrypt your data for even more protection from unauthorized access.
These are just a couple of reasons. The bottom line is that it seems that Microsoft did not have security in mind when selecting the features and options to include in Windows XP Home. Users who truly want to be secure (and don't want to switch to Linux or another operating system entirely) should move to Windows XP Professional
Windows XP Home does offer the polar opposite of sharing though- marking a folder Private. If you mark a folder as Private the contents of that folder and any sub-folders will be accessible only by you.
To make the most of this feature it helps if you keep all of your personal or confidential data in one place so that you can just mark the one folder as Private rather than having to scour the computer looking for various folders you might want to keep Private. Your User Account folder under Documents and Settings which contains your My Documents folder, your Favorites and other personal configuration data for Windows is marked Private by default in Windows XP Home.
To mark a folder as private you need to right-click on it and select Sharing and Security. On the Sharing tab click the checkbox that says "Make This Folder Private". If the folder is owned by another user or by the operating system itself this option will be grayed out. You may also see a checkmark inthe box that is grayed out if the folder is a sub-folder of a different folder already marked as Private.
4. Use Limited Accounts For Everyday Use: Windows 2000 and Windows XP Professional offer a number of different user account types and also provide a means to create your own custom user account types. Windows XP Home essentially offers two choices- Administrator and Limited. The Administrator account has essentially full control over anything and everything on the computer. The Limited account can use the computer, but is extremely restricted in its ability to install software or alter system configurations in any way.
One of the primary reasons for using the Limited account is to protect the system from yourself. It's possible that a family member with Administrator access can accidentally change or delete critical information on the computer. It is also possible that someone with an Administrator account may have their account hacked or become infected with a virus or worm of some sort. Typically, the attacker or malware will be able to wreak havoc on the system using the access privileges of the account that has been compromised. So, it makes sense to save your Administrator account for when it is needed, but use Limited accounts for everyday use by most users.
To choose an account type in Windows XP Home click on User Accounts in the Control Panel. Once you select a user you can click on the "Change My Account Type" button. You will be able to choose between Administrator and Limited and can see a brief description of the abilities of each account type. You are required to have at least one Administrator account, so be sure to leave or create one- but save it for use when necessary and stick to using Limited accounts wherever possible.
5. Upgrade to Windows XP Professional: I realize that switching operating systems isn't exactly helpful for securing the one you have. However, it is truly my best recommendation for someone using Windows XP Home edition that wants to ensure a high degree of security on their system.
The Simple File Sharing "feature" which doesn't let you protect individual files or select which users can simply read the file vs. which ones can change or delete it turns out to be a feature you may not want if you're trying to be secure.
Windows XP Home lets you mark folders and their data as Private, but does not include support for EFS (Encrypted File System) which you can use in Windows 2000 and in Windows XP Professional to encrypt your data for even more protection from unauthorized access.
These are just a couple of reasons. The bottom line is that it seems that Microsoft did not have security in mind when selecting the features and options to include in Windows XP Home. Users who truly want to be secure (and don't want to switch to Linux or another operating system entirely) should move to Windows XP Professional
How To Restore NTLDR and Ntdetect.com From the Windows XP CD
The NTLDR and Ntdetect.com files are important system files that are used by your computer to start the Windows XP operating system. These files can become damaged, corrupted or deleted for a number of reasons and are usually brought to your attention by the "NTLDR is Missing" error message.
Follow these easy steps to restore the damaged/corrupted or missing NTLDR and Ntdetect.com files from the Windows XP CD using the Recovery Console.
1. Enter Windows XP Recovery Console.
2. When you reach the command prompt (detailed in Step 6 in the link above), type the following two commands, pressing Enter after each one:
copy d:\i386\ntldr c:\
copy d:\i386\ntdetect.com c:\
In the command listed above, d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\ represents the root folder of the partition that Windows XP is currently installed on. Again, this is most often the case but your system could be different.
3. If you're prompted to overwrite either of the two files, press Y.
4. Take out the Windows XP CD, type exit and then press Enter to restart your PC.
Assuming that missing or corrupt versions of the NTLDR and/or Ntdetect.com files were your only issues, Windows XP should now start normally.
Follow these easy steps to restore the damaged/corrupted or missing NTLDR and Ntdetect.com files from the Windows XP CD using the Recovery Console.
1. Enter Windows XP Recovery Console.
2. When you reach the command prompt (detailed in Step 6 in the link above), type the following two commands, pressing Enter after each one:
copy d:\i386\ntldr c:\
copy d:\i386\ntdetect.com c:\
In the command listed above, d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\ represents the root folder of the partition that Windows XP is currently installed on. Again, this is most often the case but your system could be different.
3. If you're prompted to overwrite either of the two files, press Y.
4. Take out the Windows XP CD, type exit and then press Enter to restart your PC.
Assuming that missing or corrupt versions of the NTLDR and/or Ntdetect.com files were your only issues, Windows XP should now start normally.
Subscribe to:
Posts (Atom)
