Security News

US Government warns against using Microsoft Internet Explorer!

US-CERT: Beware of Internet Explorer

"The U.S. government's Computer Emergency Readiness Team (US-CERT), in conjunction with the Office of Homeland Security is warning US Web surfers to stop using Microsoft's Internet Explorer (I.E.) browser." Read the complete InternetNews.com article here: www.internetnews.com/security/article.

Here is some more information on the Micro Inquirer here: www.theinquirer.net/?article=16922.

Visit the US-CERT site here: www.us-cert.gov/

Comment: Most of my long time clients know all to well, that I have never been much of an Internet Explorer browser fan. This is mainly due to its long history of security problems. When I first posted this article back in June 2004, I  planned on leaving this link up as long as I.E. continued to suffer from its continual security problems. CERT. has since taken down the original article, but the problems with I. E. still persist today, even as Microsoft replaces the now obsolete I. E. 6.0 with I.E. 7.0. Microsoft continues to release new patches just about every patch Tuesday to fix security problems in I. E. My recommendation to my clients has always been to switch to a JAVA based browser. Recommended browsers include: FireFox, SeaMonkey, Netscape 8.x and Opera. Most of these recommended browsers were originally based on open source code released back around 2002 by Netscape. Netscape has since been purchased by AOL, who has continued its development up to the most recent Netscape v8.1x. Paradoxically Netscape was one of the original pioneering browser's that Microsoft put out of business by integrating I. E. into the Windows 95 operating system and then giving I.E. away virtually for free.

Malware Evolution: January - March 2007

May 10, 2007
By Alexander Gostev
Senior Virus Analyst, Kaspersky Lab

"IT security professionals have predicted that 2007 will be a watershed year in the battle against computer viruses, which would have an effect on computing and computer users as a whole. In 2007 virus writers will continue to be active in creating and using Trojans which are designed to steal user data. The main targets will be users of a range of banking and e-payment systems, and online gamers. Virus writers and spammers will continue to work more and more closing (sp) together, with infected machines being used not only to organize new virus epidemics and attacks, but also as spamming platforms."

Comment: Be sure to read the last section of this article subtitled "The highs and lows of Vista." This sub-section has some interesting vulnerability information regarding the recently released Windows Vista. Kaspersky Lab is finding that Vista is vulnerable to a lot of the same malware that also affects Windows XP and prior operating systems from Microsoft. You can read the full article here: http://www.viruslist.com/en/analysis?pubid=204791938

MS Watches as Vista Gets '0wned' by Rootkit

By Ryan Naraine

"Rutkowska, a Windows Internals expert, was one of several stealth malware researchers using Black Hat, the preeminent hacker conference, to discuss advancements in rootkit creation."

"During her talk, she described how scripts can be used to allocate excess amounts of memory to a process, forcing the target system to page out unused code and drivers. At this stage, Rutkowska showed how shell code could be executed inside one of the unused drivers, completely defeating the new device driver signing policy being implemented in Vista to only allow digitally signed drivers to load into the kernel."

"Rutkowska created a one-click tool to plant the rootkit and used special heuristics to automatically find out how much memory should be allocated to "knock the unused driver."

"The shell code used in the demo successfully disabled signature checking in the rooted machine, rendering the system vulnerable to the loading of unsigned drivers."

"Even as she basked in the success of the theoretical attack, Rutkowska offered Microsoft a pat on the back for its decision to block unsigned drivers. "The fact that this mechanism was bypassed does not mean that Vista is completely insecure," she said. "It's just not as secure as advertised.""

Note: You can read the full article here: http://www.eweek.com/article2/0,1895,1999241,00.asp

I.E. Unsafe for 284 Days Last Year

Comment: If you are still unconvinced regarding my reservations against the regular use of Internet Explorer (I. E.), then you should read this article on the Micro Inquirer written by Nick Farrell. I quote Nick. . . "EVEN IF you installed all the patches, Internet Exploder (sp) was only free of severe bugs and flaws for 80 days last year." By comparison FireFox (the second most popular browser) only left the user exposed for nine days during the same one year survey period. You can read his complete article here: http://www.theinquirer.net/default.aspx?article=36722.

The original article Nick quoted, first appeared in the Washington Post. Click this link to view it: http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html 

Brian Krebs who wrote the article for the Washington Post, compiled the data he used in the article from publicly available sources published on the Internet. These articles are in turn published by various computer security researchers around the world, who specialize in Microsoft Windows security. These security researchers were the same people who found the I. E. exploits that were identified. The normal procedure when a researcher finds a new security problem is for them to first write a demonstration program that reproduces the security exploit. Next they privately submit their findings to Microsoft for evaluation. Microsoft  then has to determine how important the findings really are, then decide on whether to patch the problem or not. If a problem involves a lot of complex code, then it may take Microsoft weeks, or even months for MS to engineer a fix. This delay in the patching process allows time for professional hackers to also discover the problem and then write their own exploits that take advantage of it. This can leave Microsoft's end users vulnerable in the meantime to a potential hack attack. The whole point of the article is that 284 days out of 365, is an excessively long time to leave your customers exposed to any given exploit. A lot bad things can happen during such a long security lapse.

As I am writing these comments in early January '07, its too soon to predict how I. E. 7.0 will fare as compared to its predecessor I. E. 6.0. I will continue to monitor security articles on the subject and update this article as more new data becomes available. I love to make predictions though at the beginning of each new year. I will go on record here as predicting that I. E. 7.0, when installed under Windows XP, will continue to suffer from a steady stream of security problems. I realize I am going way out on a limb here (;>)), but I base this prediction on the fact that I. E. 7.0 contains a lot more lines of code than does I. E. 6.0. Generally in my programming experience and in keeping with the "KISS" principle: The more complex a program becomes, the more likely you will have more problems with it.

Its still too soon to tell how I. E. 7.0 will do under Windows Vista. Microsoft has gone to great lengths to harden the operating system kernel in Vista, against many of the past security exploits that affected Windows XP and I. E. 6.0. We will have to wait until Windows Vista is released to the general public on January 31st, to see how things turn out. If anyone reading this article runs across anything more on this subject, please feel free to drop me an email at the link provided in the left blue column. Please provide me a link in your email to your source of information.

Sunbelt Software President, Alex Eckelberry, Talks about the State of the AntiSpyware Industry

"Evolving the antimalware technology model"

"Forgive the long blog entry. I need to talk a bit about the future of our technology for our partners and our customers. A lot of this is skinny that so far has been part of a skunk works project here. Those that are technically inclined and curious about current thinking in malware fighting, however, may find this subject of some interest."

"It all started over a good dinner"
"On a chilly and blustery evening last January, Joe Wells, Eric Sites (our VP of R&D) and I sat outside overlooking the water at the Island Way Grill, a favorite local hangout. We were trying to recruit Joe from his position as Chief Scientist at Fortinet and the subject was along the lines of a re-invention of the anti-malware model."

"The antispyware model: Broken"
"We have felt for some time that the traditional antispyware model has been fundamentally broken. Antispyware programs had started out originally as niche products, marketed by the likes of mavericks such as Patrick Kolla (SpyBot), Nicolas Stark (LavaSoft) and Bob Bales and Roger Thompson (PestPatrol), and they all relied upon a brute force method of removal."

"This method revolved around analyzing the files, registry keys, processes and the like associated with a malware program and putting these values into a database along with a boatload of MD5 hashes (unique signatures generated for files). Then, this database was bolted on to a system scanner. Basically, your classic antispyware product was a giant database attached to a scanning engine."

"In other words, antispyware products are basically big fat databases attached to big fat system cleaners."
"Why did WebRoot and PC Tools do so well with their tools? Both came out of the system cleaning tools business (respectively, Window Washer and Registry Mechanic). These types of tools pound through a system, looking for files names, directories, registry keys and processes. WebRoot’s SpySweeper, based on the same Delphi code that was used in the company’s Window Washer, excelled at this brute force method of cleaning."

"This model worked fine in the early days, and you could typically handle some pretty bad stuff with even SpyBot or Adaware. However, things got rough for the simple reason that spyware authors got really smart because the economics were so strong. The spyware programs got increasingly difficult to remove, such as the practice of using “resuscitators” — programs that would notice when you killed a file, and then recreate it (classic Direct Revenue tactic)."

Comment: You should read this entire blog article if you have any interest at all in the future direction of the anti-malware industry. To say the current anti-spyware/anti-virus removal model is broke, is putting it mildly. Its my humble opinion that the burden being placed on the modern PC by all of the "anti" software needed to keep a PC running, without subsiding to malware, is becoming a major drag on a PC's overall performance. Its like trying to drive your car around with a 500 LB weight tied to the back bumper. The traditional methods of detecting and controlling malware are no longer doing the job efficiently. An good example given in the article is the fact that for modern anti-virus software in order to meet industry compliance standards, has to carry around signatures in its database for viruses that existed back in the early DOS 3.3 and Windows 3.0 days. They have to do this because you never know when someone is going to pull an old floppy disk out of the attic and shove it into their PC to see what it contains. As a result a modern antivirus database can contain well over 150,000 different virus signatures samples.

In my experience the solution the big name "anti" companies offer is to simply pile on more scan engines and more signature files. This just adds more to the already heavy 500 LB weight. The other big problem with virus signature files is that they are only released after a new virus discovered. This means that some one somewhere had to catch it first and deal with it. SunBelt Software on the other hand are much smaller than the big names and as a result have to be real innovators and I think outside the traditional "anti" box. After reading this blog article I think that they are on the right track. The days of removing spyware and viruses by simply bolting larger databases on to more scan engines are done for. Here is a link to this must read blog article: http://sunbeltblog.blogspot.com/2007/01/evolving-antimalware-technology-model.html

Study: Symantec Best at Removing Rootkits; Microsoft Worst

By Ryan Naraine

"Among existing desktop security software, Symantec's Norton AntiVirus 2007 suite is the best at detecting and removing stealth rootkits, according to a study done by Thompson Cyber Security Labs."

"In the study, which was commissioned by Symantec and conducted by veteran anti-virus expert Roger Thompson, 20 randomly chosen pieces of rootkit-laden malware files were pitted against the major anti-virus and anti-spyware vendors to rate detection and removal capabilities. In both categories, Symantec's Norton came out tops, although the tool did not fully remove all 20 rootkits. The application that performed the poorest, according to Thompson, was Microsoft's Microsoft Windows Defender (Beta 2), which is being built into the Windows Vista operating system."

Comment: I always treat these privately funded studies with a grain of salt. They typically shed a favorable light on the sponsoring company's product, otherwise they would probably never see the light of day. Removing rootkits is only a one aspect of what a complete security scanning product needs to do to fully protect against all the various forms malware found in the world.

You can read the entire article here: http://www.eweek.com/article2/0,1895,2051268,00.asp

University of Michigan Recommends Against Using Google Desktop Search

The University of Michigan Information Security Services (ITSS) department is recommending that both staff and students not install Google Desktop Search (GDS) software if they are working with sensitive data, or if they want to protect the privacy of their data. This applies to both university computers and home computers use to access university data from home. They also expressed concern over coding errors they found in GDS that might make PC's loaded with GDS more vulnerable to Internet hack attacks. There are also privacy issues where more than one user has administrative access to the same machine in Windows XP. All desktop search utilities cache your data and email so they create an issue where if you delete sensitive data from your hard drive, copies of the data will remain in the cache data files and indexes for months or even years later.

The ITSS has published an interesting white paper that explains their research and the resulting security and privacy concerns they found regarding Google Desktop Search at this website: www.itd.umich.edu/news/2006winter/03272006.html

The U of M ITSS white paper can be directly downloaded from here: http://safecomputing.umich.edu/tools/download/gd_security.pdf

Comment: To be fair to Google, other desktop search utilities such as Yahoo, or MSN, likely share many of the same security problems as Google Desktop Search does. The U of M ITSS does offer some good suggestions on how to configure GDS to mitigate some of the security issues.  I tried GDS, and my main complaint about it was that it did not update its index often enough, if at all. It seemed to make one complete tour through my hard drive and worked for a few weeks until I rearranged some folders on my hard drive. Then things fell apart. I would type in a query and GDS would reply that the article could not be found. It would display its last known location. I have a lot of technical articles stored on my hard drives from years of research, so I really need a search utility like GDS to find stuff.

Currently I am testing the free enterprise client version of the X1 desktop search tool on my main system. So far I am very impressed with it. I have not made very many hard drive changes, so its too soon to tell how it will deal with moved folders. Its supposed to be able to read and display over 300 different file formats. It does a beautiful job of displaying and color coding the information that it finds. I have read that X1 corporation is either fully or partially owned by Yahoo. You can visit this link to either download, or learn more about X1. http://www.x1.com/

Apple releases patch for 13 security flaws

One could allow remote execution of malicious code

News Story by Matthew Broersma

The flaws could allow remote code execution, security breaches, spoofing, cross-site scripting, denial-of-service attacks and other problems, according to Apple. Some of the flaws can be exploited from the Internet."

Comment: There is a common misconception among Mac users that Apple computers are somehow unaffected by viruses and malware. I personally know Mac users who don't use any antivirus, or firewall protection believing their Mac computers are impervious to these kinds of Internet based attacks. While fewer exploits exist in the wild that affect Mac computers, the reason is not because they are better designed, but rather because they represent less than 5% of the total personal computer population in the world marketplace. A recent article I just read, pegged their market share at only about 3%. Professional criminal malware writers prefer to write exploits that will have the maximum impact on the world's installed base of personal computers. They then sell these compromised computers (called bots or zombies in hacker parlance) to other criminals and spammers for cash. They consider it a waste of their time and effort to learn how to write Mac exploits. There was just recently a new exploit exposed that involved Apple's Quicktime on both PC's and Macs. Apple has released patches to fix those problems.

Linux suffers from a similar false reputation, although its much less common than the Mac myth as I call it. Both Linux and the Mac OS X operating systems are both based on Unix derivatives. Unix has long suffered from security exploits that have predated the modern PC/Windows problems that get so much press attention. Basically any software written by man can also be exploited by man, no matter how carefully its crafted.

You can read the full Computer World article here:
http://www.computerworld.com/securitytopics/security/story/0,10801,106619,00.html?SKC=security-106619

While you are at it, see this more recent article about Mac security: http://www.wired.com/news/technology/0,72423-0.html?tw=wn_technology_1

Commentary: AntiSpyware Products - What's New

I have done a lot of reading and testing over the years on various anti-spyware software products. I am finding in my consulting practice that spyware has taken over the number one spot from virus infections as the major cause of infections on my client's computers. One of the most common service calls I receive is the one where a client will complain that his or her computer is running too slowly. Most of the time these calls are associated with some kind of infection. As a result, I have been searching for a single do-it-all product that I can install on my client's machines to keep them clean, so far without any luck. The ZoneAlarm Pro suite probably comes the closest, but it really slows  down the computers I install it on. In one case I had to go back and remove it from 2 of 4 systems a client owned. The older PC's became intolerably slow to work on after ZA Pro was installed. What I've found is that no single product on the market today will completely remove 100% of all malware from a given computer. Independent testing performed by respected computer/consumer magazines, security research companies and computer journalist, all seem to backup my findings. The best solution I can recommend at this time is to go with a multi-pronged attack method. First install the free anti-spyware programs because they do work and you can't beat their cost.

For clients with light to medium spyware infection problems, I usually stick with the free antivirus programs. My two favorites are Spybot Search & Destroy and Adaware SE. These two programs when used together, seem to remove about 95% of the common everyday malware infections seen in the field. This protection can be further enhanced when used in conjunction with a good anti-virus and a good software firewall. In addition to the aforementioned protection, you should always have your Internet capable computers connected behind a router with a minimum of a hardware NAT firewall. NAT is an acronym for Network Address Translation. Both of the aforementioned antispyware programs are free to download and use and can easily be found by Googling their names on the Internet, or by visiting: www.filehippo.com/.

I currently favor the built-in firewall Microsoft provides with Windows XP Service Pack 2. My previous favorite was ZoneAlarm basic. ZA has become way too bloated for my tastes over the past few years. If you have a fast system, then by all means try ZA. It provides both inbound and outbound protection against intruders. Windows XP SP2's firewall on the other hand, only provides inbound protection. Outbound blocking protection prevents either existing or future active infection agents from phoning home for reinforcements and then doing more damage. The downside of outbound blocking is that it blocks every Internet program, even good ones. What I found is that my clients were ignoring the outbound notification warnings and as a result important programs like antivirus/anti-spyware protection could not download their daily signature updates. This left the systems involved even more exposed.

By the way, I am totally off of the Microsoft Antispyware products like Windows Defender. This product left a lot of my clients high and dry when the first beta version expired at the end of July, 2005 without any prior notice. Microsoft did a poor job of migrating customers to the updated beta 2 version. My updated beta 2 version crashed while being installed and had to be manually deleted to clean up the mess. I guess that is why they call it betaware. After downloading and installing the beta 2.0, I noticed that it was catching and removing less spyware than the original beta 1 version. This is quite the opposite of what I would have expected. Some recent articles in the trade journals confirmed my suspicions. The word on the street has it, that several ad serving advertisers threatened to sue Microsoft if they kept removing their ad serving software products with Windows Defender. Taking into account Microsoft's overall record on security over the past several years and I have to rule them out when it comes to security applications.

Lately, Microsoft has been playing fast and loose with the term spyware. They have taken to redefining it to remove many past products that had been previously black listed as spyware. Their reasoning for this goes lie this: If the spyware software vendor agrees to document that they will be installing either their own, or other 3rd party ad serving software in their End User License Agreement (EULA), then all is well and good in Microsoft's opinion. Talk about caving in. The problem with this logic is that most end-users never read the ad serving EULA's when they are displayed by the spyware advertising software vendors. Most people including myself are in the habit of just clicking those things away as fast s possible without ever reading them. Even if you do read them in many cases you would need a lawyer to decipher the true meanings of the terms.

There is a lot of money to be made on serving Internet advertisements and things can get real ugly, real fast where huge sums of ad dollars are at stake. The other problem is that these so-called legal ad serving applications frequently fail to uninstall completely if at all in the event that you decide you no longer want them. Many take you to their website where they bombard you with sales pitches on why you really don't want to remove their ad serving product from your machine. Frequently the website removal links don't even work, or are difficult to locate on the spyware vendor's website. I think that software products that don't provide a Windows Control Panel based Add/Remove entry that works, should be banned from the Windows OS and listed as malware. Anything else is just unacceptable. I'm sorry, but I own my computer, not the malware vendors.

Besides adults not reading EULA agreements, many children including teenagers who are active on the Internet, can easily be tricked via human engineering methods into clicking OK on these EULA's. They manage this by means of enticing: icons, offers of free games, free wallpaper backgrounds, Etc. Another reason most people don't bother to read EULA's is their sheer size. I saw one EULA that consisted of over 15 pages of all capitalized text. The authors of these all caps EULA's know all to well, that most mortal people find it very difficult to read even a single all capitalized paragraph, let alone a 15 page document containing all caps.

As a result of these new spyware classifications by Microsoft, they have reprogrammed their latest version of Windows Defender to ignore spyware from major ad companies like: 180 Solutions, Claria Corporation, AKA Gator, and Aurora Better Internet, Etc. I have read that approximately eight other similar spyware products have likewise been reclassified to "ignore" status as a result of these new spyware interpretations. You can manually edit the detection settings in Microsoft Windows Defender to flag these products, but how many people would know, or even take the time to do that? Because of these deficiencies I can no longer recommend Windows Defender.

Based on the PC-Mag review a friend of mine recently purchased a copy of SpySweeper. I installed it for him and then ran the update utility. We then turned it loose on his two hard drives. After several minutes of whirring and purring SpySweeper completed its scan and announced that it had found two minor spyware problems. As I recall they were tracking cookies. We next directed it to remove the offending items, which it did. Just for kicks I next updated and ran the free Spybot Search & Destroy v1.4. It ran about five minutes, then announced it had found 22 more spyware problems. My friend was flabbergasted to say the least. We directed Spybot to remove the remaining 22 products and then ran a third scan after a reboot. This time the system came up sparkling clean. This just confirms my earlier statement that you should never rely on just one antispyware product. Your mileage may vary.

Sunbelt software also has an interesting Blog with up to date info on what is going on in the spyware business and what you need to be aware of here: http://sunbeltblog.blogspot.com/

Hacking for dollars

By Joris Evers, CNET News.com
Published on ZDNet News: July 6, 2005, 4:00 AM PT

Criminals send malware levels soaring

By Alice Lander and Graeme Wearden
ZDNet UK, July 04, 2005, 17:25 BST

"Security firm Sophos has seen a dramatic rise in the number of viruses, worms and Trojan horses this year as more organized criminals turn to cybercrime. The firm reported last week that it had detected 7,944 new pieces of such malware in the first six months of 2005 — almost 60 percent more than the same period in 2004. The biggest growth was in Trojan horses — programs that can damage a user's files, steal information, or even create a backdoor that can be used to compromise that PC."

See the complete article here: http://news.zdnet.co.uk/0,39020330,39207187,00.htm

Is Spyware Illegal Under Existing Laws?

New Zombie Trick Expected to Send SPAM Sky-high

According to this article on ZD-Net a new Trojan Horse virus purposely written for the SPAM industry makes it possible to take over end-users PC's and then use them to relay SPAM messages through their ISP's mail servers. In the past spammers converted the Zombie PC into a mail server to do their dirty work. By using the victim's ISP servers instead, it makes it very difficult to filter or block the sources of the SPAM messages. You can't block a major ISP without shutting them down and all of their subscribers.

See the full article here: www.news.zdnet.com/2100-1009_22-5560664.html?tag=nl.e589

Spyware: IT's public enemy No. 1

According to this recent article on ZDNet (see the link at the end of this article), spyware has now replaced the common computer virus as the number one problem plaguing Information Technology managers at the businesses surveyed. Spyware was rated worst at 67%, followed by viruses at 23% and Phishing exploits at 10%. Spyware enters most business networks from the Internet, either as infected email attachments, when employees click on infected web sites, or when downloaded as free software. 

I have personally seen a huge increase in the number of calls that I am receiving from small businesses and end-users complaining about slow computers and computers locking up, as a result of spyware infections. Its used to be virus infections were the main culprit.

Once installed on the victim's computer, spyware begins scanning the victim's hard drive for information to upload to whomever wrote the spyware. This "whomever" can be almost anyone. Typically the spyware monitors where the victim travels on the Internet and to whom he or she associates with. It may also stream ads and popups to the victim's desktop or browser. In some cases the spyware will download additional files, rootkits and other malware on to the infected hard drive. In the worst cases the victim's computer can be converted into an advertising, or SPAM relay server. These are used to stream noxious advertisements and SPAM messages to other infected computers on the LAN network, or the Internet. Spyware can also be used to generate Denial of Service attacks against other computers on the Internet.

One of the most common ways computers become infected by spyware is from employees and end-users installing free software such as: password managers, browser tool bars, free icons, weather bugs, Etc. These free programs in addition to providing a useful function also carry a hidden payload in the form of spyware applications. One of the more brazen examples I have seen is a program that advertises itself as a spyware removal utility. After first charging the victim to download it, then after its installed and run, it only removes competitor's spyware. After the competitor's spyware is out of the way, it then downloads and installs its own brand of spyware. Some cure eh?

Spyware is most often written and distributed by: crackers, spammers and web advertisers. Some but not all freeware can contain spyware. If you read the EULA (End User License Agreement) that accompanies the freeware, it will say something to the effect that in return for the free use of the (insert name) software you agree in return to allow the software provider to monitor your Internet surfing habits, or serve you advertisements.

The only way to know if the freeware you wish to install has spyware embedded in it, is to read the complete EULA that is displayed during the initial installation process. This is the license agreement you have to click on to either agree or disagree with it, before the new software will install. Always read the complete EULA agreement before clicking on the "agree" button. The problem is most people blow pass the EULA agreement in their zeal to install a new application. To encourage this kind of behavior, many EULA agreements are purposely written to be long winded and vague to discourage potential users from reading the complete agreement.

If you live in the Detroit Metro area and think you might be a victim of spyware, feel free to call me for a consultation.

To view the original article on ZDNet follow this link: www.news.zdnet.com/

AOL drops Microsoft anti-spam technology

"AOL has backed away from introducing anti-spam Sender ID technology after a key component was rejected by the IETF because of patent concerns.

AOL said in August that this month it would add SPF (Sender Policy Framework) to screen incoming e-mail. It already used the technology for outgoing email. However, it has now confirmed that it will not be using Sender ID, which comprises SPF and Microsoft's Caller ID, because of concerns by a standard body that Microsoft was not making known pending patents on the technology."

You can view the full article in TechWorld here: www.techworld.com/security/news/index.cfm?NewsID=2249

Comment: Sender ID and SPF (Sender Policy Framework) are new technologies being developed to verify whether email being sent is SPAM or not. Microsoft has hinted for years that it would like to see one or more of its proposed email, or IP Internet technologies implemented. Microsoft would love to be able to charge a royalty tax on every Internet email transaction that takes place in the world. Think of the vast amounts of revenue such a system could generate for Microsoft. Monopoly would not be a strong enough word for what they would have going for them.

I am glad to see AOL and the IETF reject Microsoft's Caller ID system. If MS wanted to play it straight and turn their technology over to the world to use without royalties, I would say yeah for MS! But instead they have not been forth coming as to whether they would seek out patents on their IP. I was disappointed in the past when AOL decided to use I. E. browser inside it's AOL access software, instead of Netscape's Java based browser technology. The really bad part is that AOL owns Netscape. Go figure on that one, but I digress.

Recent measurements put total SPAM volume at over 80% of all email being handled by Internet Service Providers (ISP's) world wide. SPAM due to its record high volume levels is straining ISP's email servers and even slowing down Internet access in many cases. The sad part is that SPAM exists solely because 1% or less of email readers, reply to SPAM advertisements. This 1% response rate is what continues to makes it feasible for spammers to stay in business.

Until a workable solution is found to curtail SPAM, the best advice I can give my readers and clients is to never open or click on any SPAM messages. Just delete them, or better yet, install a SPAM filter to do it for you.

Mac OS-X Security Myth Exposed

"Windows is more secure than you think, and Mac OS-X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia."

The next time a Mac user tells you OS-X is more secure than Windows XP, show them this article. See the full article here: www.techworld.com/security/news/index.cfm

For people who think that Mac's have fewer problems than PC's, here is a site you should check out: www.macfixit.com/index.php.

Comment: I don't post articles about Apple (Mac) computers on my web site just for spite, but rather to help educate potential PC to Mac buyers about what to expect if they switch to a Mac. Its not all roses on the other side.

One of my pet peeves is that I occasionally run into misguided, if not loyal Mac users at trade shows, or computer stores, who like to brag about how Macs are supposedly immune from malware attacks. Nothing could be further from the truth. This was probably more true in the past, before Apple switched from their proprietary Motorola based operating systems, to the newer FreeBSD unix based operating systems like OS-X.

In my consulting business I run into many new PC users who are frustrated by problems with their new PC and who have talked to friends or relatives who own Macs. The Mac users love to propagate this myth that Macs are more trouble free and reliable than PCs and how the world made a huge mistake by not making Apple the dominant computer vendor. It reminds me a lot of the Sony Betamax versus JVC VHS video cassette wars years ago. People who owned Betamax VCR's continued to claim they were better than VHS systems, even though the video quality difference were not visible on the majority of the CRT TV sets of that time period. The shorter recording times, slow rewind and fast forwarding in combination with the higher deck and media prices are what finally killed off the Betamax. The problem with these opinionated Mac users is that most of them don't know enough about the computer(s) they own, to even load and run an A/V scanning application on their Macs. If they did they might be in for a rude awakening. This is a case where ignorance is truly bliss.

Since switching to a FreeBSD Unix open source operating system called OS-X, Apple has had to contend with more exploits than they ever had with their older proprietary operating systems. The number one element that still protects the Mac platform from malware attacks is it small 3-5% user base following. If you are a hacker and want to make a name for yourself, you are not going to spend hours writing a new computer virus that only attacks 3-5% of the world's potential victims. This is one of the main reasons why Windows users are the hardest hit. With the newer Mac's running today on Intel processors you can't blame Intel for the PC's malware woes.

Both OS-X and the Linux operating system have better built-in security because they don't automatically log the user in as an administrator, better known as a Super User in Linux. Users instead are logged in under limited access user accounts in both of these Unix based operating systems. There is a good opinion article on the Register here: www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/, about the different security approaches used in Linux, Macs and Microsoft Windows.  The new Windows Vista runs in a limited access user mode. A user has to click a dialog box to escalate his privileges to administrator mode, when making any serious system changes.

Many of the problems that exist in the more recent versions of Windows can be traced directly to the monoculture attitude that exists at Microsoft. One reason Windows is more vulnerable is the fact that the I. E. browser is embedded into the low-level OS kernel, instead of being loaded at the higher application run level. Linux is also more modular in that you only need to install the exact service modules needed for the particular application the computer will be used for. If it won't be used as a client for web browsing then leave off the browser and TCP/IP services and just install the server modules. Likewise if you don't need DCOM services, or IPSec, then don't install them. With Windows very little is left up to the user to decide what he or she wants to install. Instead just about every possible service is loaded in by default. This also slows down the bootup process and loads down the PC more all the time its running. Naturally the more services that are installed by default, the more potential weak points there are for hackers to exploit.

Advertisers exploit I.E. bug to push advertising

IE/OE users beware, a new exploit being used by some unscrupulous websites infects your PC with a Trojan Horse virus, when you click on a link on the website. The virus then makes several changes to your system and browsers settings. This is another reason why I try to move my clients off of Microsoft Internet Explorer and Outlook Express. Many good alternatives exist, including: Sea Monkey, FireFox, Netscape and the Opera browsers. Here is a link to the full article on Geek News: www.geek.com/news/geeknews

Michigan Wireless hackers face jail

By: Nick Farrell of the Inquirer
Monday 07 June 2004, 07:42

Spammers get fussy as zombie army grows

By: Munir Kotadia
ZDNet UK
May 21, 2004, 17:15 BST

Here is a link to an article in ZD-Net UK, that talks about how spammers have so many Zombies to choose from, they can now afford to be choosy over which PCs they commandeer and infect.

http://news.zdnet.co.uk/internet/security

Safe Computing

To avoid expensive computer repairs and loss of your data I recommend you follow these Do and Don't suggestions for safe computing. This is especially important if you have an always-on high speed Internet connection; however, dial-up modem users also need to exercise caution on the Internet. The Internet is a public network, and like all public places must be used carefully since you have no control over others who frequent the Internet.

A special note for those with high speed connections: Many hackers purposely seek out computers attached to always-on HS Internet connections due to their higher speed and constant availability. Hackers can use PCs attached to high speed networks to attack other computers that belong to either private individuals, businesses, or governmental agencies. They can commandeer your computer to use it in what is known as a Denial of Service attack, or DoS attack for short.

A DoS attack is accomplished by loading a backdoor program onto your computer via an email attachment or via a directed attack on your TCP/IP ports, browser, or other susceptible software running on your PC. Your PC is then turned into what is known as a Zombie in hacker parlance. Your PC, without your knowledge, is then used to direct malformed or corrupt packets at another computer or web site on the Internet. It could be either a server, mainframe computer, or another private PC. Many hackers accumulate hundreds of Zombie computers under their control. This way they can direct millions of bad data packets at the victim computer or website essentially knocking it off-line. This can be done in the background without your knowledge. You might only notice a slight slow down in your computer's response time.

Many large SPAM operators are now hiring hackers to use their Zombie computer fleets to relay email SPAM messages to other Internet users. This is similar to techniques used by money launderers to cover there tracks over. By relaying SPAM through a third party Zombie PC the owner/victim of the Zombie gets the blame for sending the SPAM. This can result in the Zombie owner's ISP cutting off their Internet service access, or their ISP being black listed by Anti-SPAM sites. The Zombie victim could also be left open to any resulting prosecution or law suits. The burden of proof would then be on him or her to prove they did not originate the SPAM, or receive compensation for relaying it. This is why a personal firewall is so important these days. Addendum: A new angle has come up where hackers use a Zombie to download illegal music and video files. The victim PC owner then gets sued by the RIAA or MPAA for copyright infringement. They only become aware of the problem when they receive the legal notice in the mail from the copyright holder.

Here is a list of Do’s and Don’t’s to help you maintain a secure environment on your computer:

•  Do install and maintain a good third party software firewall. This helps keep your data in and while keeping unwanted people and software out of your computer while it is connected to the Internet. It does this by blocking, or stealthing, your Windows TCP/IP ports. ZoneAlarm, Kerio and Sygate both offer excellent free firewalls. Black-Ice, McAfee Internet Security and Norton Internet Security are some common commercial offerings. (Independent tests indicate the free software above is as good or better at protecting your PC). ZoneAlarm is available here: http://www.zonelabs.com, or you can download Kerio and or Sygate here: www.filehippo.com/
•  Don't get into the habit of blindly agreeing to alerts from your firewall programs when new programs ask for Internet access. Be especially wary of program names you don't recognize, or did not click-on, or those requesting server rights. Very few if any programs ever need server rights to function. Going server allows them to broadcast data packets from your PC across the Internet. These could contain personal information, or be used to conduct a DoS attack.
•  Do maintain a good antivirus program and keep the virus detection signatures up to date. Updating your antivirus signature files daily is not too often, since new viruses are spread on the Internet every day. Enable the auto update feature to automate this process. Keep both the background and email scan protection activated. Most modern Trojan Horses and script viruses arrive as email attachments, or embedded in downloaded files. AVG (Grisoft Corp.), Computer Associates, Dr. Solomon’s, McAfee’s, Symantec Norton, Sophos, and Trend Micro are all good antivirus program vendors. AVG is available here for free: www.filehippo.com/
  
•  Do a full antivirus scan of your hard drive at least once per week.
•  Don't forget to scan Zip disks, homemade CD-ROM’s, DVD's, Flash drives and floppy disks since these can spread viruses, or re-infect a cleaned system.
•  Do keep informed about newly released viruses and what to watch out for. Both McAfee’s and Symantec Norton Antivirus have free newsletters you can subscribe to on their web sites. These will automatically be sent to your email box whenever new viruses are released into the wild that you should know about.
•  Another excellent security newsletter that I subscribe to is: http://www.securityspace.com. This is published weekly as the: Weekly Security News Headlines email newsletter. It is available for free by signing up here: http://www.securityspace.com/secnews/subscribe.html.
•  Do test your antivirus software to make sure it has not been compromised by a virus. To do this is simple. Go to: http://www.eicar.org/anti_virus_test_file.htm and download the EICAR test virus and save it to your hard drive. This is an industry test virus that does not contain any harmful instructions in it. Next, run your antivirus scanning software. Your antivirus program should detect and offer to remove the EICAR test virus if it is working correctly.
•  Don't open emails from people or companies you don't recognize.
•  Don't open SPAM messages. Never reply to SPAM messages.
•  Don't open email attachments except from people you know closely and trust. If you were not expecting an attachment from a trusted individual, call or email them first to confirm they sent it and that it is safe to open before opening it.
•  Don't open an email or attachment if the subject line seems strange or out of character. Even a friend could send you an email with a Trojan unknowingly, if his/her system has been compromised without their knowledge. Most worm viruses replicate by emailing every person in the infected computer's email address book. This is done secretly in the background without the victim's knowledge. Many victims do not even know they are infected with a worm. One of the latest exploits used by email worms is to address an infected email as if it came from a friend with the pitch that they are sending you a cure for a previously transmitted email infection. Never open these emails.
•  Do keep your email preview screen closed. A preview window will automatically open and display any email message your cursor happens to land on. If its infected, now your computer is too! Always read the subject line and know the author before opening any email. Only open email messages in a separate new window.
•  Don't install new downloaded software without first reading the full End User License Agreement (EULA) text completely. Be especially wary of free, or ad supported software. Nothing is free in life, there is usually a catch involved. Most trial shareware is safe to install, but read the EULA first.
•  Don't load free software like: Gator, search bars, time setting software, free icon software, free weather bugs, or any other free software that promises to make your life easier without first reading the complete EULA. As stated elsewhere in this publication, nothing is ever free in life. Most of these programs contain a Catch-22 in the form of ad serving back-door programs that can turn your PC into a 24-hour advertising display machine. This will, in turn, slow down your machine and eat away at your Internet bandwidth.
•  Do run the Ad-aware scan software at least once per week to remove any ad serving software and cookies that accumulate on your computer. Run the auto-update feature first to insure your Ad-aware scanner files are up to date. Go to Ad-aware’s website to check for the latest version of Ad-aware: http://www.lavasoftusa.com
• Do install pest removal software. The two most popular are Pest Patrol and Spybot Search & Destroy. You have to purchase Pest Patrol, but Spybot is offered for free as a public service. Use either of these programs to scan your system at least once per week for backdoor programs, keyboard loggers, spyware, malware, web bugs and Trojan horse software. Ad-aware mainly detects advertising software, Pest Patrol and Spybot are designed to find more harmful programs that might be missed by Ad-aware and antivirus software. Spybot has garnered better ratings lately than Pest Patrol. You can download Spybot from here: www.filehippo.com/.
  


•  Don't visit hacker web sites, or sites run by independent webmasters with unknown, or dubious credentials. Avoid game hack sites. Many of these have files uploaded by hackers or gamers who may not bother to scan them for viruses, or who may intentionally plant viruses, or Trojans in their postings to infect others.

•  Do run Windows Update at least once per week to check for critical security updates. Better yet you can now set Windows Update to check for updates automatically as soon as they are released. Most of these updates are to correct for security problems in Windows or other related Microsoft programs. Install all critical updates ASAP. I generally set Windows Update to download updates and then notify me before installing them. The reason is that over the years some updates have caused severe problems including system crashes. Usually by the time you get around to manually installing updates the news should be out if a bad one surfaces, or MS would have had time to recall or update an update.
  

  Addendum: Lately it has been popular for hackers to quickly develop exploits based on newly discovered security exploits in Microsoft applications and operating systems. Many of these exploits now appear within days of Microsoft releasing a critical update, or even before an update patch is released. Because of this, it is recommended to install Microsoft updates ASAP to protect your computer. In the past it was recommended to hold off for 30 days in case an MS-Update had harmful side effects that were not detected during the normal prerelease testing. I generally hold off one or two days in case a problem surfaces. Always backup before installing any updates. Windows SP2 will make a system restore point before installing any new updates automatically now.
  

•  Don't conduct monetary (credit card or PayPal transactions) or private business over non-encrypted connections. SSL encryption scrambles and encodes your data transmission so that others who might intercept it can not read its contents very easily. Your browser should notify you when entering or leaving an encrypted connection. Netscape also has a small padlock in the lower right corner of the screen. When the padlock is closed you are using a (safe) encrypted connection.
•  Don't visit Internet Relay Chat (IRC) chat rooms. IRC is inherently insecure and is inhabited by many hackers.
•  Don't use AOL, IRC, or MSN, Trillian, or Yahoo instant messenger software on business computers, or home computers with sensitive data. More hacker exploits are taking advantage of holes in IM software to compromise computers. IM software is typically not essential for conducting normal business communications.
•  Don't install File Sharing software such as: BitTorrent, Kazaa, Limewire, Morpheus, Napster, Etc. Not only can this software expose you to expensive lawsuits by the MPAA, or RIAA, but it also turns your PC into a public Internet server. To do this the file sharing software opens TCP/IP ports up to the Internet that are normally kept closed. This makes your PC highly visible to hackers looking for potential Zombies to infect. The FTC has published a web page: http://www.ftc.gov/bcp/conline/pubs/alerts/sharealrt.htm, warning consumers about the dangers in using file sharing software.
•  Do perform regular backups of important data on to floppy disks, Zip drives, CD/RW or DVD/RW, tape, or other removable media. Store a second backup copy off site at another location in case a fire, flood, or other disaster destroys your primary location. You can always replace your computer; however, without a backup you cannot replace your valuable data. Acronis True Image 9.0 is a great backup product available at a discount from: www.newegg.com/.
  
•  Do create a Zip, or floppy based emergency recovery disk set, mark it and save it. Update it at least once per month, or after any major system changes. Many antivirus programs have a feature or wizard to walk you through how to do this. Both Windows 2000 Pro and XP offer a similar recovery disk making utility.
  
•  Don't visit porn sites. Many of these sites can infect your computer with scripts or other backdoor programs simply by clicking on them. These exploits can vary from simply turning your PC into a porn ad server, or even go so far as to scan your PC for credit card numbers to steal.
•  Do beware of Phishing exploits. Phishing is pronounced like fishing and is similar in meaning. This is a fairly new exploit that hackers and crooks are using to steal personal financial information such as: your online banking account numbers, private passwords, PayPal account information, and especially credit card numbers. The way the scheme works is simple:

  The crook sets up a mirror image of a legitimate web site such as: eBay, or PayPal, Bank, or a credit card site for example. He then sends you an official looking email including real company logos, fonts etc., advising you to visit and update your online banking, eBay, or PayPal account. When you click on the convenient link provided in the email alert, the crook redirects your browser to his realistic looking mirror site versus the real site. In some cases the phishers even commandeer legitimate sites and redirect unsuspecting customers to their crooked localize sites.
  

  The phisher's goal is to trick you into typing in your private financial information, such as your credit card number and expiration date, social security number, online banking user name and password, Etc. Once the crook has collected this information he or she can then easily steal your identity or rob the affected account funds.

  To avoid being phished, be leery of emails that are worded strangely, have spelling or grammar errors, have oddly named URLs, or in other words don't look legitimate. Call the company in question and ask if the email is real or not before responding to it. Most licit companies will never send these kind of emails in the first place. If you visit the web site link make sure the web site is using SSL encryption and verify the site certificate. Most crooks don't bother to incorporate secure connections, or maintain valid site certificates. This could change though. Try clicking on other links in the website to make sure they all work. A web site with many broken links is a sure sign of a fake site.

•  Do take advantage of the free Microsoft ERU (Emergency Recovery Utility) program provided on the Windows 9x CD-ROM disk, to backup your windows registry and startup files at least once per month. This nifty program can accomplish this task in only seconds. Windows 2000 and NT users can download a freeware program called ERU-NT. WinME and XP users can use the built-in System Restore feature to create a restore point before installing new software or making any significant changes to your computer’s configuration. System Restore allows you to roll your computer’s configuration back in time before the new configuration changes took place in case the new changes caused it to crash or misbehave. Ask me for help on how to do this. Note: System Restore, ERU, Etc. are not substitutes for a good backup system.
  
•  Do stay abreast of the latest on-line security news. Visit sites like: http://www.grc.com, GRC ShieldsUp!, http://www.grisoft.com, http://www.us.mcafee.com http://www.informationweek.com, http://www.sophos.com, http://www.symantec.com, http://www.zdnet.com. All of these sites can be accessed by clicking the links above, or by searching on Google.
•  Here is a great article about keeping your home computer secure by the Carnegie Mellon Software Engineering Institute, CERT® Coordination Center: http://www.cert.org/homeusers/HomeComputerSecurity
•  Do check out the Langa-List newsletter at: http://www.langa.com. The LangaList is an email newsletter that is published twice weekly. It is full of important news and recommendations on how to maintain and improve your computer. The cost is free for the basic email list, the “Plus Edition List” is $12.00 per year. Most of the proceeds go to children's charities. Fred Langa (the author) is a well known computer columnist that is careful about testing software and other products before recommending them to his Langa-List readers.
•  Do consider joining a computer user group. There are many computer user groups that meet monthly in the Detroit Area. Check out the SouthEastern Michigan Computer Organization, or SEMCO as they are better known as at: http://www.semco.org. SEMCO held their first meeting in 1976 and has been going strong ever since. They just recently celebrated their 30th anniversary. Visit one of their local meetings, or see their Hot Links section for information on other computer user groups in the Detroit area.

Note: The advice given in this white paper is based solely on my own personal research of other security articles and papers. It is not intended to be a comprehensive document on computer security. I will not be held responsible for any detrimental effects, loss of data, or loss of business that may result as a consequence of implementing any of these suggestions.

Copyright © 2002-2004, by Bill Woelk - User Friendly Computers of Royal Oak. Contents of this article may be redistributed or republished freely, so long as the contents is not modified and credit to the original creator and contributors is maintained.

Download - Printer Friendly PDF Version (58 KB)

Web page last updated:

Web site Copyright © User Friendly Computers of Royal Oak - 2006