Ask the Geek

Guest article by Arindam Chakraborty. You can check out his blog here: http://arindamchakraborty.com

**********
Just read this article a moment ago, and thought I should let you, since it affects webmasters in a big way:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357912,00.html

There are seven ways to minimize your changes of getting hacked:

a) Use Secure File Transfer Protocol (SFTP) instead of FTP. Normally, this requires SSH access. The downside is that (from what I know) most web hosting companies don’t provide SSH access to their shared hosting customers! However, some do offer jailed SSH, which should be work as well! If you are on a VPS or Dedicated server, you should already have SSH access.

b) Use strong passwords: I use Roboform’s password generating tool for this purpose! Usually its default settings work me, but if you need stronger passwords than what the tool offers by default, you can always customize the available options!

c) Keep your PC protected with Firewalls, Antivirus tools, Malware detectors, Anti-Spyware tools, etc. If you are looking for recommendations, here is a good forum thread to get you started:

http://forums.majorgeeks.com/showthread.php?&t=44525

Remember that different security tools work and behave differently on different systems, so it might take a few months of trial and error before you find the “perfect” solution for yourself!

Above all, UPDATE these security tools regularly!

d) Always download software programs from trusted sources, such as:

http://download.com

http://www.tucows.com/

e) As soon as you have downloaded a file, scan it with an antivirus tool to make sure it is not infected, especially if it happens to be an executable program!

f) Stay away from bad sites. If you visit sites that host porn, warez, keygen, etc., you cannot blame anyone but yourself in case you get infected with Trojans and viruses!

g) Avoid downloading files from Peer-to-Peer (P2P) connections: With most P2P networks, the uploaded content is hardly monitored, so your chances downloading a Trojan are very high. Another possibility is that of identity theft. You may be happily downloading some stuff using Limewire, while a couple of thieves are busy stealing your IP address, passwords, or other secret information they can use to harm you in future! Remote attacks are also a possibility!

If you really want to use P2P networks, use a strong P2P firewall and an IP address hiding tool to protect yourself; I am not sure if these security measures would cause you any inconvenience, though! Myself I have avoided P2P networks all my life. I miss out on a lot of goodies because many of them are required to be downloaded from P2P networks, and for heaven’s sake, no matter what happens, I would never do that!

Here is a helpful article on Peer to Peer networks and how they work:

http://en.wikipedia.org/wiki/Peer-to-peer

Also, keep in mind that even if you follow the seven steps above, there is no guarantee that you would be totally protected from FTP password thieves! However, these security measures would certainly minimize the chances of attacks!

Arindam Chakraborty

I’ve been using Panda Security’s free Cloud Antivirus for awhile and I must say I’m impressed. It’s there, but you’ll never know it unless you look (the little panda icon in the system tray). I rarely get malware of any kind, but Cloud AV has caught a couple of things that were probably drive-bys. It’s so transparent that I actually had to go check on it before I noticed that malware had been caught.

This is a perfect set-it-and-forget-it AV for the regular user. It’s free, self-updating and doesn’t require any decisions on the part of the user. But the great part about it is how it works. Watch the video. It’s really slick, blocking malware within 6 minutes when encountered by anyone who has it installed; it’s truly real time updating.

That’s my two cents. You be the judge and try it for yourself.

Cheers!
The Geek

My new eBook, “14 Golden Rules of Computer Security” is almost complete and will be ready for downloading shortly. Written with the non-technical person in mind, the book is packed with proven, practical advice on how to stay safe on the Wild, Wild Web including bonus articles about creating strong, easy-to-remember passwords and email security tips. I give you tons of links to free and low-cost tools as well as special discounts for software and services by some of the best computer security companies in the business. It’s a must-have for every computer owner.

Based upon my popular “How to Secure Your Computer” series of web articles and fully updated with late-breaking information on safe searching and social networks, “14 Golden Rules of Computer Security” will help you develop your own secure computing practices and save you from the hassle of dealing with unpleasant malware attacks.

The book will cost $9.95 for the general public, but all Ask the Geek subscribers will be sent a download link and password for a free copy, so be sure to sign up. (If you already closed the subscription panel, you can sign up by clicking here or on the Sign Up! link on the Pages sidebar.)

Sign up today and then watch your email for the release announcement and download instructions.

Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). This new revision supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based  scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.

Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit. Because of  the popularity of this toolkit, I am getting bills for excess bandwidth useage. If you find this toolkit useful, please consider making a donation by clicking the “Donate” button. As soon as I am notified of your donation (any amount, minimum $1), I’ll send you the link to the toolkit that contains the ISO image I originally tested.

I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).

Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:

1. I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
2. I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
3. If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
4. Download the BLTDVS toolkit from the link I send you.
5. Extract the folder to the root of your hard drive.
6. Download the Kaspersky Rescue CD ISO image
7. Move the CD ISO image to the BLTDVS_toolkit folder 
8. Plug in your thumb drive.
9. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
10. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
11. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
12. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
13. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
14. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)  NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
15. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.

Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.

As always, feedback is welcome. I want to know how this tool is working for you.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008  http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

Spam-o-Meter is a Kool Tool that gives you an idea of how much spam is on the Internet. You can download a Mac OSX gadget, Flash for a website (like you see here), even a screen saver for Windows, all free. Check it out. I’ve posted it on a page over there to the right.

I want to let everyone know of some new features you’ll be seeing here at Ask the Geek. First off, you’ll notice that there are more pages being posted. These are permanent pages that will always show up on the site, unlike the posts that usually wind up in the archives. I’ll be updating these frequently. The latest page is “Safe Computing Tips” and I suggest you check it out.

You’ll also notice a sign-up pop-up on some pages when you go to them. Please sign up so I can keep you up to date on new content and special offers from select vendors. I promise I won’t spam you with a bunch of useless junk; I will pass on any special offers that I become aware of from reputable hardware and software sellers.

For now, check out the “Safe Computing Tips” and sign up for my list. And be on the lookout for a new page that reviews top freeware, Open Source, and commercial software offerings.

As always, I’m glad to be of service and I look forward to keeping you as a loyal reader. If you ever need anything at all, feel free to hit the “Ask a Question” or “Leave Feedback” links over at the right.

Cheers!
The Geek

Here’s what you’d get:

Here’s an easy game to play.
Here’s an easy thing to say:
If a packet hits a pocket on a socket on a port,
And the bus is interrupted as a very last resort,
And the address of the memory makes your floppy disk abort,
Then the socket packet pocket has an error to report!
If your cursor finds a menu item followed by a dash,
And the double-clicking icon puts your window in the trash,
And your data is corrupted ’cause the index doesn’t hash,
Then your situation’s hopeless, and your system’s gonna crash!
You can’t say this? What a shame sir!
We’ll find you Another game sir.
If the label on the cable on the table at your house,
Says the network is connected to the button on your mouse,
But your packets want to tunnel on another protocol,
That’s repeatedly rejected by the printer down the hall,
And your screen is all distorted by the side effects of gauss
So your icons in the window are as wavy as a souse,
Then you may as well reboot and go out with a bang,
‘Cause as sure as I’m a poet, the sucker’s gonna hang!
When the copy of your floppy’s getting sloppy on the disk,
And the microcode instructions cause unnecessary RISC,
Then you have to flash your memory and you’ll want to RAM your ROM.
Quickly turn off the computer and be sure to tell your mom!

Cheers!
The Geek

Though I haven’t had any problems of my own, I know a couple of people who installed IE8 and then complained about it running very slowly, sometimes completely bogging down their systems. This type of behavior usually signals a problem with system resources, but thanks to Ed Bott over at ZDNet, there may be a simple fix. His article, “Is IE8 really fat and slow?” gives a simple command that may help (restart your computer after running the command):

regsvr32 actxprxy.dll

That re-registers the ActiveX Interface Marshaling Library, an obscure DLL that most people (even Microsoft experts) had never heard about. (Update: 27-Mar: Note that if you try this using Windows Vista, you must do this from an elevated Command Prompt window; type cmd in the Start menu Search box, right-click the Cmd.exe shortcut, and then choose Run As Administrator.)

According to Ed, when one of his colleagues did this, the results were stunning and IE8 was stable as well as performing faster.

Let me know if you’ve had any trouble and if this tweak helps.

Cheers!
The Geek

Two router options, both of which I’ve said are security risks (see This Router Configuration Option Can Be Dangerous), can now be exploited to turn routers into zombie botnet members. My latest post at Security Corner, Worm Targets Home Networking Equipment, gives details and references to more news items. You can read those if you want, but for now, here’s what you should immediately do:

1. Power cycle your router.
2. Disable WAN-facing telnet, SSH or web-based configuration interfaces.
3. Change the passwords to something unguessable (see this article).
4. Upgrade to the latest firmware.

If you’re not sure how to handle this, find a geek who can. While the hacker who wrote this worm appears to have disabled the botnet’s control center, others will follow and it could get ugly.

You should also read and apply the Safe Computing Tips available as a free PDF download. Just click on the link to the right.

As always, I’m looking out for you.

Cheers!

The Geek

The original title of this article was “Nine Steps to System Security – 2008,” but the date is misleading—these tips are just as applicable now as they ever were and will probably hold true for a long time. The new title is “Safe Computing in a Web 2.0 World.” I guess I’ll have to change it again when we get to Web 3.0 You can download a PDF version here: http://cli.gs/jHVvWd, but here it is for you to read online:

Safe Computing in a Web 2.0 World

It isn’t getting any better on The Wild, Wild Web, despite state and federal government attempts to arrest and prosecute those responsible for electronically-perpetrated criminal acts. Spyware and malware of all kinds are increasingly more stealthy and difficult to remove thanks to rootkit technology. With the advent of Web 2.0 and its emphasis on sharing and collaboration, web-based attacks are more prevalent than ever, especially those that rely on JavaScript and other scripting languages.

CAN-SPAM did little to deter or eliminate spammers, and today the spam problem is even worse thanks to huge botnets run by organized cyber-crime syndicates. Phishing attacks are harder to detect and more frequent. Recently, I spent the better part of two days cleaning up the aftermath of a mass mailer worm infection for one of our clients; their email is still being blocked by some servers. In its September 2005 issue, Consumer Reports said, “One Third Of Net Users Damaged By Malware.” Considering that article is three years old, I’d wager that the number of infected computers has doubled since then.

In my job as a systems engineer for Connective Computing, Inc., I deal with the effects of malware nearly every day. My previous releases of this article, "Seven Steps to System Security - 2004" , and "Eight Steps to System Security – 2005", listed the field-proven steps I recommend to everyone I know. It’s been nearly three years since I published the last guide, but those eight steps haven’t changed much; they just need to be brought up to date, and a new step involving disabling scripting in the browser has been added. Computer users still haven’t learned safe surfing practices, however (will they ever?), and must modify their on-line behavior–particularly by applying the first step–for rest of these steps to be truly effective.

Did I mention these things are proven? They are. These are practices have been protecting computer users in homes and businesses for as long as I’ve been using them. This is free advice that’s really worth something:

1. Repeat after me: I will NEVER, EVER click on any pop-up of any kind - NEVER, EVER. Not even on the “X” (it’s usually safe, but why take the chance?). Use the key combination Alt-F4 instead; it safely closes the current window. In the slimy world of sleaze-ware, “No” means yes, “Cancel” means yes, “Close” means yes - ANY click on a button means yes. So many times users ask, “How did I get that? I clicked ‘no’ when it asked me!” Well, sorry, but you clicked, so they got you. NEVER, EVER CLICK!
2. Although Internet Explorer 7.0 has enhanced security and has been detached somewhat from the Windows operating system, it is still too big a target. Crackers are still writing malware that exploits IE security flaws. I recommend you use Firefox or Opera to browse the Web. (Some web sites still require IE, so you’ll be forced to use it for those, but you should minimize its use otherwise.) Whatever browser you use, be sure you configure your preferences to block all unwanted pop-ups or install a pop-up killer like the Google Tool Bar. And while you’re at it, re-read #1!
3. Patch your system. If you’re still running XP, make sure you have at least service pack 2. If you’re a home user, install service pack 3. (I still see systems that are running XP with service pack 1 or 1a, probably because they turned off automatic updates. While some argue against it, I recommend you turn them on.) And be sure to install any recommended security updates and patches for ALL software on your system, - especially Microsoft Office - not just Windows. If you’re running Windows Vista, you benefit from its enhanced security, but you still need to keep ALL of your applications patched. Secunia’s Online Software Inspector is an excellent tool for scanning your system’s applications to discover those that need updates.
4. Besides installing a NAT router (see How to Secure Your Computer: Maxim #2), run a properly-configured, proven software firewall. Don’t rely only on Windows XP’s built-in firewall - it blocks inbound attacks only (see this article) and it has flaws of its own (see this article). It will not stop back-door Trojans, adware, spyware, and the like from “phoning home” with your sensitive information. (See this article for more info.) While Vista’s firewall does offer outbound filtering, it isn’t much better (see this article for more information). My favorites are the Comodo Personal Firewall (free), and the Sunbelt Kerio Personal Firewall (full-featured for 30 days, then runs free in limited-feature mode, $19.95/yr for full version).
5. Run a good anti-virus program. Choices abound. I have used AntiVir Personal Edition (free) and Grisoft’s AVG (free). Other good ones are Avast! and Comodo AntiVirus.
6. Run multiple anti-spyware/anti-adware programs and keep them updated. I recommend: a. Spyware Blaster. This free program blocks adware and spyware from installing in the first place and is frequently updated; b. Ad-Aware. Scan weekly, more frequently if you are a heavy surfer; c. Spybot S&D. Run it on the same schedule as Ad-Aware; d. Microsoft’s Windows Defender is an excellent product and is installed by default in Windows Vista. Configure it for real time protection and automatic updates. One of the best commercial anti-spyware applications is Sunbelt Software’s CounterSpy. It is a PC World Best Buy award winner. Comodo BOClean:AntiMalware is also a good one and it’s free.
7. Run a spam blocker to isolate junk e-mail. Most malware and all phishing attempts rely on spam. You want to isolate this stuff and delete it. NEVER, I repeat, NEVER, EVER click on a link in any e-mail you are not absolutely certain is legitimate. And to be as safe as possible, always type in the address of your bank, credit card companies, and any other site that you want to keep secure. (See #1 above and apply that principle to links, too!) One of the best programs is Open Field Software’s ella for Spam Control. It uses wizards to “train” it to your personal specifications. There are free and paid versions that work with Outlook, Outlook Express. My clients swear by it. Another good program is Sunbelt Software’s iHate Spam.
8. On Windows XP, set up a restricted user account and use that for routine tasks. Only log on with administrative privileges when you need to install or configure software. This will prevent rogue programs from affecting your system - they won’t be able to install. You can activate the “run as” feature so you can do administrative tasks while logged in as a restricted user. Microsoft Knowledge Base article Q294676 explains how to activate and use this feature. If you are running Vista, you don’t have to worry about this step: User Access Control (UAC) takes care of it.
9. Finally, disable scripting in your browser. If you use IE (you probably shouldn’t, see Step 2), Tony Bradley gives you an excellent step-by-step procedure to accomplish this. Firefox users have a more elegant solution in the form of an add-on: NoScript. I use it on every PC. Scripts are blocked globally by default, but you can selectively activate them if you trust the site. For example, you can trust the main site’s scripts but keep blocking any advertising or other third party scripts with no ill effects.

While total immunity is impossible - new infections and variations on existing exploits appear daily - these nine steps will help prevent, catch, or clean 98 percent of the junkware out there. As for the other two percent - or if you are already badly infected - you’ll need to hire a geek like me.