PC problems, recommended software, tips and tricks, coding and so forth. Things that make your life in the cyberspace easier.
Comments On "Securing Your Virtual Home" - In the Editorials-section
Madhava - Fri, 28 May 2004 04:36:31 +0530
Questions and comments related with the
article under editorials are welcome and expected.
bhrahmaloka - Fri, 28 May 2004 09:43:38 +0530
Well, being a 'techie', I might as well make my first post here tech oriented.
A few comments:
1. Invest in a (very cheap) hardware router for your home network. A linksys cable/dsl router usually runs around $40, add a few more $$ on if you want wireless. This gives you IP seperation from the Internet. When you connect via your broadband, many times you get a 'real' IP address, meaning you are sitting on the Internet, only as secure as your machine. One of these little devices puts your machine on a 'non-routing' IP address (usually 192.168.1.x), and takes the 'real' IP for itself. This puts you behind a wall where most 'script-kiddies' can't penetrate.
2. Don't run Windows. I can't stress this enough, don't run Windows. Its insecure by default, and with the recent release of Windows source code 'into the wild', the viruses are only going to get worse. Do yourself a huge favor and move to Linux (my prefered OS), OSX or a BSD. If you must run Windows apps, think about running them under a virtual machine ala VMWare on one of the above mentioned OSs.
3. If you must run Windows, do not use Internet Explorer and/or Outlook/Outlook Express. Excellent replacements are Mozilla Firefox and Mozilla Thunderbird. The MS products are very prone to exploit, and not using them will help immensely in keeping your system clean.
4. Seriously think about encrypting important files. Its difficult on Windows, but on Linux its quite simple. I encrypt the few important files I keep on my Internet box.
5. Run antivirus software & update the virus defs often.
Cross your fingers
vamsidas - Fri, 28 May 2004 15:40:04 +0530
QUOTE
E-mail attachments with ambiguous file extensions such as .scr, .pif and .bat are viruses in 99.5% of the cases.
I don't know what you mean by "ambiguous extensions." I thought .bat was pretty unambiguously intended to indicate a "batch" file and .scr was unambiguously intended to be a screen saver.
Perhaps "unusual extensions" is the phrase you were seeking?
Oh, and don't forget that even attachments with the well-known and unambiguous .exe extension are most often viruses. Sadly, even plain old .doc and .dot file attachments often contain Microsoft Word macro viruses.
I think you nicely articulated the fundamental approach that an e-mail user should adopt:
QUOTE
When you receive an e-mail with an attached file, do not ever open it unless you are either expecting the attachment or the message is clearly directed to you and signed by the sender.
However, even if you are expecting to receive an attached file from a sender, this does not mean it will not contain a virus -- especially if the attachment is a Microsoft Word document.
Ultimately, no amount of "caution" on your part is a sufficient substitute for an anti-virus program. You need to use
both caution and anti-virus software.
Advaitadas - Fri, 28 May 2004 15:44:05 +0530
As a devotee it's quite easy to detect a phony e-mail from a 'friend'. When the title is 'hi' instead of 'radhe radhe' and when the text of the e-mail itself is of a mundane style, quite unlike the jargon a devotee would use, it's clear one should dump it and not open the attachments.
vamsidas - Fri, 28 May 2004 15:59:41 +0530
QUOTE
To solve this, you need to turn off the viewing of remote images in your e-mails. With some e-mail clients, it may mean that you need to turn off the viewing of HTML-messages altogether. Many webmail-providers block the loading of remote images.
Several months ago, I switched to an e-mail client that does not display HTML-messages unless the user specifically chooses to view them. Instead, by default, it extracts the plain text from HTML messages and displays that instead.
Since then, the quality of my e-mail-reading experience has increased beyond measure.
It's just
wonderful to be able to open my e-mail client and
know that I won't be confronted with sexually explicit images, or with flashing text and gaudy hard-to-read marketing drivel.
If I want to look at the HTML, I can click on the HTML file and view it -- but it's
my choice, and I rarely (maybe 1 in 10,000 messages?) feel any need to do so.
I'm using a mail handler that is only available on the Macintosh, so my specific product recommendation (Mailsmith, paired with SpamSieve) won't do most readers here much good. But from firsthand experience I can testify to the benefit of using a mail handler that doesn't force you to read HTML messages.
Madhava - Fri, 28 May 2004 17:29:37 +0530
Forgot to add this paragraph:
QUOTE
There are excellent free applications, such as
Spybot and
Ad-Aware, designed specifically for detecting and removing spyware and adware from your PC. If you ever install free software from the interent, It is a good idea to install such a detection program and run it after installing new software to ensure that nothing unwanted has taken a foothold at your PC.
Madhava - Fri, 28 May 2004 17:31:54 +0530
QUOTE(vamsidas @ May 28 2004, 10:10 AM)
QUOTE
E-mail attachments with ambiguous file extensions such as .scr, .pif and .bat are viruses in 99.5% of the cases.
I don't know what you mean by "ambiguous extensions." I thought .bat was pretty unambiguously intended to indicate a "batch" file and .scr was unambiguously intended to be a screen saver.
Perhaps "unusual extensions" is the phrase you were seeking?
Indeed. Fixed.
Madhava - Fri, 28 May 2004 17:41:58 +0530
QUOTE(bhrahmaloka @ May 28 2004, 04:13 AM)
1. Invest in a (very cheap) hardware router for your home network. A linksys cable/dsl router usually runs around $40, add a few more $$ on if you want wireless. This gives you IP seperation from the Internet. When you connect via your broadband, many times you get a 'real' IP address, meaning you are sitting on the Internet, only as secure as your machine. One of these little devices puts your machine on a 'non-routing' IP address (usually 192.168.1.x), and takes the 'real' IP for itself. This puts you behind a wall where most 'script-kiddies' can't penetrate.
A hardware firewall + router is a good idea, if you have more than one computer at home. Otherwise, it may be a bit overkill.
QUOTE
2. Don't run Windows. I can't stress this enough, don't run Windows. Its insecure by default, and with the recent release of Windows source code 'into the wild', the viruses are only going to get worse. Do yourself a huge favor and move to Linux (my prefered OS), OSX or a BSD. If you must run Windows apps, think about running them under a virtual machine ala VMWare on one of the above mentioned OSs.
First off, Linux is often an awfully difficult OS for a non tech user to install. I mean, the initial installation itself is not all that problematic, but the subsequent hassle with getting all of your hardware, such as WLAN-cards and such, operational. Particularly with laptops, it is a pain. Been there, done that, and still on Windows.
Second, any operating system is insecure by default. Of course Linux is better equipped due to the fact of the users being jailed out of root, but nevertheless frequent security patches are by no means the exclusive domain of Windows. Most mainstream distros get security patches on a weekly basis. The main reason why the vulnerabilities of Linux are not targetted is due to its small market share. If ever it grabs a decent percentage of the market, rest assured, it will be exploited to the max.
Madhava - Fri, 28 May 2004 17:42:55 +0530
QUOTE(Advaitadas @ May 28 2004, 10:14 AM)
As a devotee it's quite easy to detect a phony e-mail from a 'friend'. When the title is 'hi' instead of 'radhe radhe' and when the text of the e-mail itself is of a mundane style, quite unlike the jargon a devotee would use, it's clear one should dump it and not open the attachments.
Haha yes, it's been a while since we've seen a virus that says, "Haribol Prabhu, check out this cool pix!"
Madhava - Fri, 28 May 2004 17:53:57 +0530
QUOTE(vamsidas @ May 28 2004, 10:29 AM)
It's just wonderful to be able to open my e-mail client and know that I won't be confronted with sexually explicit images, or with flashing text and gaudy hard-to-read marketing drivel.
...
I'm using a mail handler that is only available on the Macintosh, so my specific product recommendation (Mailsmith, paired with SpamSieve) won't do most readers here much good. But from firsthand experience I can testify to the benefit of using a mail handler that doesn't force you to read HTML messages.
Mozilla Firebird gives you the option to turn off remotely loaded imags. Ever since turning them off, I haven't seen a single image in the spams I get (and that get auto-sorted aside).
adiyen - Sun, 30 May 2004 14:47:17 +0530
My ISP seems to run a very successful protection regime and I feel like a coddled child on my home email, in contrast to my hotmail address which I abandoned due to spam overload.
Nonetheless I'm very grateful for your free advice Madhava.
My Norton subscription ran out, and I just downloaded the free AntiVir program you recommended.
For spyware and trojans I run Spybot and Ad-aware. Both are good in different ways and seem to complement each other.
Jagat - Sun, 30 May 2004 16:47:26 +0530
I am having a little problem with something called "My Search", which is a toolbar and other peripherals (including popup ads) that invades my Explorer and seems impossible to get rid of by ordinary means.
Madhava - Sun, 30 May 2004 17:09:31 +0530
Jagat, download and run Spybot. The link is in the editorial under Spyware / Adware.
jatayu - Thu, 03 Jun 2004 00:15:24 +0530
QUOTE(Madhava @ May 30 2004, 11:39 AM)
Jagat, download and run Spybot. The link is in the editorial under Spyware / Adware.
Spybot did a good job on my machine and even detected that hackers were using my internet account for surfing. My daughter downloaded a dialer at a supposed school website which was also killed by spybot. Now there was a presentation of a new browser called firefox, someone has already some experience with it? What about having two browser installed?
FirfoxInfo
Madhava - Thu, 03 Jun 2004 01:40:46 +0530
I use Firefox as my main browser. An excellent choice, with lots of optional modules you can install if necessary. I have four browsers installed, I need to test the websites I design on all major platforms. Actually I should have the regular Mozilla installed, too. There is no restriction on having many browsers installed.
Jagat - Thu, 03 Jun 2004 02:35:41 +0530
I used Spy-bot and Ad Aware, which picked out between 29 and 77 files and destroyed them, and it's still there every time I boot. Spybot says it's "Backweb", but it reroutes through www.searchweb2.com.
It also gives me its own toolbar above and below, the elimination of which boots adware. It also installs all kinds of undesirable favorites to casinos, porno sites, etc.
arekaydee - Thu, 03 Jun 2004 03:15:42 +0530
QUOTE(Jagat @ Jun 2 2004, 05:05 PM)
I used Spy-bot and Ad Aware, which picked out between 29 and 77 files and destroyed them, and it's still there every time I boot. Spybot says it's "Backweb", but it reroutes through www.searchweb2.com.
It also gives me its own toolbar above and below, the elimination of which boots adware. It also installs all kinds of undesirable favorites to casinos, porno sites, etc.
Give this a try. It worked for me.
QUOTE
Manual removal
Please follow the instructions below if you would like to remove MySearch Bar.C manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If MySearch Bar.C remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Delete 'HKEY_LOCAL_MACHINE SOFTWARE Classes CLSID {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}', if it exists.
Delete 'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}', if it exists.
Exit the registry editor.
Restart your computer.
Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.
From
http://www.kephyr.com/spywarescanner/libra...r.c/index.phtml
Madhava - Thu, 03 Jun 2004 03:22:39 +0530
And watch your steps while in the registry, make sure everything reads exactly as it says above, otherwise you might mess up things bad.
jatayu - Tue, 08 Jun 2004 02:39:13 +0530
Latches Onto Chat Server - block TC port 6667
http://www.bangladeshobserveronline.com/ne...04/06/06/it.htmThe worm essentially attaches itself to the IRC server, which handles online chat communications. Once inside, it can download any information in the computer, he explained.
Companies and individual users should block TC port 6667, which connects the computer to the IRC server, Hughes advises. With this outbound port blocked, he says, the worm cannot propagate.
As of this morning, the number of Korgo infections has tapered off after spiking on Wednesday, wreaking havoc primarily among consumers, according to Symantec.
dirty hari - Fri, 11 Jun 2004 01:30:07 +0530
I used to have a problem like Jagats, I couldn't get rid of some some junk even with the spyware removers, once I started using
regseeker my problem was solved, just run clean registry and it finds everything that is useless and lets you delete or delete with backup.
Madhava - Fri, 11 Jun 2004 01:40:16 +0530
I might recommend doing it with backup... sometime such programs take one entry too many and crash things. Of course they are far easier than manual removal if one isn't tuned into the registry otherwise.