Friday, October 22, 2004

Finally the FTC Steps In

You know your actions have to be really egregious before the FTC steps into the picture. This last week this finally happened to one of the more ingenious spyware scams going around.

If you have a copy of Spy Wiper or Spy Deleter on your system you were a victim of the scam developed by Seismic Entertainment Productions, Inc., Smartbot.Net, and Sanford Wallace.

Since December 2003, they have operated Web sites that distribute spyware. According to the FTC, the defendants used a variety of techniques to direct consumers to their Web sites. At these Web sites, consumers had spyware downloaded onto their computers. The spyware attacks a feature of Internet Explorer’s Web browser to download software, so consumers received no notice that it is being installed and did not consent to its installation.

The spyware changed the consumers’ home pages, changed their search engines, and triggered a barrage of pop-up ads. According to the FTC, the spyware also installed additional software, including spyware that can track the computer use of consumers. As a result of the spyware and other software the defendants installed, many computers malfunctioned, slowed down, or crashed, causing consumers to lose data stored on their computers.

Having created serious problems for consumers, the defendants offer to sell them a solution. The spyware causes the CD-ROM tray on computers to open, and then tells consumers “FINAL WARNING!! If your cd-rom drive(s) open. . . You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!” Spy Wiper and Spy Deleter, another purported anti-spyware product the defendants promoted, were sold for approximately $30.
One of the nice features Microsoft added to Internet Explorer was the ability to download in the background without the users being aware of it. This was intended to allow a website to download things like new version of Flash or other programs but was soon discovered by people who were a bit more challenged in the ethical sense than even Bill Gates.

Protect yourself from spyware and other rogue code. Keep the security settings on your Internet Zone set to High unless you are familiar with the site. Use the Trusted and Restricted Sites zones to track sites you trust and those you do not.

Thursday, October 21, 2004

Lockdown That Laptop

Laptop loss can ruin more than your day

Does your laptop accompany you everywhere? Is it full of work material or just your Great American Novel? Statistics show that the likelihood of your laptop being stolen is almost one in twelve. Here are some things you can do to prevent a.) your laptop being stolen and b.) the thief from profiting from the information on your laptop.

Laptop Theft Prevention
1. Never, ever leave your laptop unattended even if you are only fifteen feet away. A thief can pick up your laptop and be gone in the time it takes you to order a refill for your latte. If you get up, unplug you laptop and carry it with you.


2. Use a lock cable to secure your laptop to the table or furniture where you are using it. Practically every laptop has a lock tab that allows you to insert one end of a locking cable (much like a bicycle lock). Wrap the other end around the table or desk leg and make sure it is secure. These are available for under $50.Use the lock in your hotel room or even a client’s office if you are going out for lunch.

3. Use a laptop case that doesn’t look like one. Dump that black leatherette case that scream laptop and buy a fabric or hard case that looks more like a regular bag or attaché case. You can acquire a padded inset to actually carry the laptop in to protect it.

4. Purchase the software service that announces your laptop’s position if it is put on the Internet after being stolen. There is an annual subscription for this service (about $50). Once notified of the theft of the laptop, these services can often track it to a specific address and possibly even the floor where it is being used.

Most thieves don’t care about what you have on your laptop; they will fence it for just a few dollars anyway. But your boss or client might not like having their business plan, deposition or financials floating around on a stolen laptop.

Laptop Data Protection
1. Use a password-protected login and screensaver. Make sure your account requires a login name and password to login. Most thieves, if they can’t get your operating system to run without a password, will simply reformat your drive and reload the operating system from disc. Your laptop is still stolen but your data will be wiped.


2. Encrypt your data. There are a number of programs out there that will encrypt your data so it is unreadable without the correct password. If you carry sensitive data on a laptop, this should be the first thing you do when you purchase one.

3. Make frequent backups of your laptop data. Even if the data on your laptop is personal, it will take your hours if not weeks of labor to reproduce it. Most laptops today have CD or DVD burners installed so it is easy to copy your data files to CD-Rs or DVD-Rs periodically.

4. Carry and use a surge suppressor. You can purchase quality surge suppressors from APC or other vendors that have only one to two outlets. One good voltage surge can fry a laptop and make it a paperweight.

This isn’t rocket science or even complex. Use common sense and you should be safe from most any problem short of a mugging.

Monday, October 04, 2004

Spyware and Adware

Spyware consists of two types of software, surveillance software such as keystroke loggers (sometimes installed by paranoid corporate systems administrators or even spouses) and advertising software. Both are typically installed without the knowledge of the user. Advertising spyware is designed to harvest information from your computer. Much adware is relatively benign, it only tracks the websites you visit then transmits this information back to the advertiser to help them market you more effectively.

There are a number of spyware programs however, that harvest personal information, passwords and anything else they can locate on your hard drive. The major players in the spyware dissemination game are the popular peer-to-peer programs available today. Kazaa, Bearshare, Limewire, etc. although there are lots of other sources as well such as free software advertised on the web such or downloaded when you join a new ISP or Internet service of some kind.

The loss of privacy problem is annoying enough but many of these programs are also designed to present “targeted” marketing to you via pop-up ads. A number of the worst ones also take control of your browser to such a degree that it becomes unusable. In the worst cases you may have to reinstall your operating system and applications.
How do I know if I am infected with spyware?


The following symptoms may indicate that spyware is installed on your computer:

  • Pop-up windows begin appearing even if you don't open a new page.
  • When you select a favorite or type a URL in your browser you are redirected elsewhere.
  • When you click "search" you get an unexpected search engine.
  • New toolbars appear in your web browser.
  • New, unexpected icons appear in the task tray at the bottom right of your desktop.
  • Your browser home page suddenly changes.
  • Your computer seems very slow when opening programs or processing tasks (saving files, etc.).
  • Certain keys fail to work in your browser. For example, the Tab key no longer works when you are in a form.
  • You begin getting Windows errors.

How do I get rid of Spyware or Adware?
There are several good spyware remover programs that are free. Two of the best known are
Ad-Aware and Spybot Search and Destroy. Just like anti-virus programs, they are constantly updating their definitions files so be sure to check for updates frequently.

In some cases, you may have to make registry changes or run specialized software to try and resolve the problem.

How do I avoid getting reinfected with Spyware or Adware?
The best way to avoid reinfection is to clamp down on your browser security. Many say that moving to Mozilla's Firefox browser is enough but they are already finding security holes in that product as well.

These are basic steps to avoid possible infection.

  • Don't click on buttons or links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the X icon in the title bar instead of a Close button or link within the window. Don't even use the Close or Cancel buttons in the pop-up.
  • Be wary of free software downloads - Many sites that offer toolbars or other features that are designed to appeal to you. Never download programs from sites you don't trust. If you do, you may expose your computer to spyware by downloading some of these programs.
  • Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.
  • Set your browser security to a high setting - If you are using Internet Explorer, this is easy. From the menu select Tools Internet Options and clink on the Security tab. Click on the icon for the Internet Zone to highlight it then move the sliding control to High and click the OK button. Some pages won't load very well because you have disabled running Active-X controls but, hey! Active-X is the same language used to run the bad stuff as well!


If you're more computer-savvy, you may want to make the following changes to your Internet Explorer instead.

  1. From the menu select Tools Internet Options and clink on the Security tab.
  2. Click on the icon for the Internet Zone to highlight it then click Custom Level.
  3. Choose Medium from the drop-down box at the bottom.
  4. Click the Reset button.
  5. Click OK, then click Custom Level again.
  6. In the Security Settings box, set your options as listed below:

NET Framework-reliant components

  • Run components not signed with Authenticode (Disable)
  • Run components signed with Authenticode (Prompt)

ActiveX controls and plug-ins

  • Download signed ActiveX controls (Prompt)
  • Download unsigned ActiveX controls (Disable)
  • Initialize and script ActiveX controls not marked as safe (Disable)
  • Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
  • Script ActiveX controls marked safe for scripting (Prompt)

Download (This is optional based on whether or not you download files from the web in HTTP mode)

  • File download (Enable)

Miscellaneous

  • Access data sources across domains (Disable)
  • Drag and drop or copy and paste files (Prompt)
  • Installation of desktop items (Prompt)
  • Launching programs and files in an IFRAME (Prompt)
  • Navigate sub-frames across different domains (Prompt)
  • Software channel permissions (High safety)
  • Userdata persistance (Disable)

Scripting

  • Allow paste operations via script (Prompt)
  • Scripting of Java applets (Prompt)

Some stuff from sites won't load with your security locked down like this but that has more to do with the poor security-mindedness of many web designers than anything else.

Wednesday, September 22, 2004

Beware of Security Scams

Now that there is so much activity and awareness on the Internet about computer security, people are jumping on the bandwagon to scam unsuspecting computer users.

Please note, Ad Aware and SpyBot are shareware spyware removal utilities. They are easy to install, cost you nothing if you choose and do not require the services of an expert!

I am already aware of one company offering "home security audits" for $200 or so. They send a tech out to your house to install a free program and run it the first time then charge you. Below is an example of this.


For only $199 a member of the CSP Team will come to your home or office to provide the following services:

Search & Destroy All Pop-Ads Hidden On Your Computer.
Securely Erase All Unwanted Files
Check To See If Your Network Is Safe From Hackers.
Install Firewall Software To Keep Hackers Out (if needed).
Install & Configure Anti-Computer Theft Software (if needed).
Install & Configure A Password Manager To Secure & Keeps Track Of All Your Passwords.
Check & Secure Your Wireless Network (if needed).
Install Computer Recovery Software Just In Case Your Computer Is Ever Stolen.
This includes anti-spy software, anti-virus software, firewall software, computer recovery software, anti-pop-up and password management software. There is no software to purchase and there is no hourly fee to install and configure.


This particular company, Ligatt Security is just one of many offering this "service." You can do the same things your self by installing AdAware or SpyBot, AVG's free anti-virus software and some other freeware and shareware.

Tired of Outlook blocking attachments?

Tired of having files and links you try to send to friends, clients and coworkers blocked by Outlook? If you are running Outlok 2000 SP3 or greater, Slovak Technical Services has a tool for you!

Attachment Option is an add-in for Outlook that allows you to move file types from Level 1 security to Level 2 so you can send and receive them without having Outlook block the action.
No more renaming file extensions so you can send them across the office. You can even send a link from Internet Explorer rather than the entire page

Be careful here. Once you make these file types available you have reduced your security so remember to never click on a link or open a file you are not expecting. You should also make sure your anti-virus software checks your email traffic and the virus definitions are always up-to-date.

If you are reading this and wonder what I am talking about . . . ignore this message. You don't know enough about email and Outlook to use the tool properly.

Tuesday, September 21, 2004

Put the Default Names Down

Here we go again. Another client running a business on a DSL router with ADMIN as the login and 192.168.1.1/255.255/255/0 as the IP address and submask. If that wasn't bad enough, they used Microsoft workgroup file and device sharing with MSHOME as the workgroup name.

Sure, any competent hacker could break in even if they didn't use the defaults but face it, there just aren't that many competent hackers out there with nothing else to do!

Most businesses need just about as much computer security as they do physical security - a reasonable amount and little more. But the baseline for that security should be the easy stuff anybody can do to protect their network from dodos who know the default logins, passwords and workgroup names used by the common equipment.

In many cases, all you have to do is browse to the Internet side of the router and the login prompt will tell you the router brand then you can pull the defaults off the *%$#! website.

Please, please people. Follow these basic rules to set up your networks to keep them safe from casual hackers.

  1. Change the administrator login and password for your router from the defaults.
  2. Change the IP range and mask from the default (try 192.168.23.101 or something).
  3. Create a local name for your workgroup and use passwords to protect your shared folders.
  4. Make sure every user ID on your PCs is password protected.

This is kindergarten stuff but it will help you from coming in one morning to discover someone has sucked your systems dry or screwed them up beyond belief.


Sunday, September 19, 2004

Shields Up, Commander Data

Tired of getting burned by browser hijackers and other malicious code? Change your browser security settings and take advantage of the security zones built into Internet Explorer to easily surf safe sites while keeping security high for those sites you don't trust or aren't sure about

When you first start Internet Explorer, the security is set to medium. Microsoft developers sitting behind their corporate firewalls and DMZs decided this was the most reasonable mix of security and ease-of-use. But most of us aren’t sitting behind corporate firewalls and DMZs with a whole host of security experts monitoring our Internet access. We need to keep our doors and windows locked.

Internet Explorer offers four “content zones,” each with its own security level that allow you to define how much security you want to use to protect your PC from spyware, viruses and rogue content on web sites you visit.

1. Internet Zone – This zone contains all web sites you have not placed in another zone.

2. Intranet Zone – This site contains all sites on your local intranet and really doesn’t apply to home or most small offices.

3. Trusted Sites – This zone is where you can add the URL of sites you trust not to damage your computer or data.

4. Restricted Sites – This zone is where you put sites that cannot be trusted not to damage your PC or data.

Rather than accept the “medium” default setting on the Internet Zone, I set this to “high.” This blocks downloads and potentially dangerous Active-X code. I usually add sites I visit often, such as news sites and business sites, to my Trusted Sites list. This takes about 30 seconds per site and means I can see all content and download files without problems. I only do this to mainstream sites.

If you aren’t sure about a site, you can temporarily reduce your Internet Zone security to medium to view the site but remember to reset it to high when you leave. I avoid file-sharing sites such as Kazaa and MP3 sites like the plague. In my work as a consultant I have seen more PCs infected by these sites and peer-to-peer file sharing than any other method.

My rule of thumb is; if you can’t see the majority of information on a web site without reducing your security setting from high, you really don’t want to go there.

If you do plan to install some sort of napster-like peer-to-peer file sharing, my recommendation is to acquire a second PC that is used strictly for this purpose. This way, when a virus, hijacker or rogue script does infect you, the infection will not be on a PC that contains important data or programs.

In the workplace, every company should have a policy that no such peer-to-peer (P2P) programs are allowed on company PCs, on pain of termination. Most big companies automatically block these sorts of applications.

All of this security is easy to get to in Internet Explorer. From the main menu select “Tools Internet Options” and click on the “Security” tab. From here you can set the security level of each zone as well as add or remove sites from your Trusted or Restricted site lists.

Yes, this may be more work than you’d like but wait until your browser is hijacked and you will understand why paying a little attention to security settings can save you a lot of grief.

New Game in Town

I thought it would be better to put my technical musings in a separate blog from my political rants to avoid overshadowing my trenchant technical insights with the color of my politics. I will be using this blog to publish bits and pieces of useful information for the Windows/Intel world.