Quantcast

Computer Security Warning

The Rocketry Forum

Help Support The Rocketry Forum:

rbeckey

Well-Known Member
Joined
Jul 19, 2012
Messages
1,517
Reaction score
1
In my position at work I get inundated with unusual computer related problems. I know that some of you on this forum have much more computer knowledge than me, and it is likely that some of you have far less. I have learned a little through hard experience. I do not claim the attached letter is comprehensive, but a place to start if you have done little or nothing as of yet. It was written for a person who has little computer skill to be able to follow.
This is a long post, and not about rockets, but if your machine isn't running, no Rocketry Forum for you! If nothing else, even if you do have an IT degree, please read the section at the end about spyware. It really can save you some hassle, and maybe worse. There are huge privacy issues and I know two families who lost their OS due to massive spyware infections.

"In recent months it has come to my attention that many people do not have adequate security on their personal computers. The PCs here are automatically protected by the network, and are still susceptible to certain kinds of attacks. If your home computer is connected to the internet in any way, you must take certain precautions to safeguard your personal information. If you have a broadband connection, your risk is greatly magnified. With a few simple precautions you can secure your PC.

Most of us are aware of computer viruses that can infect our systems, and possibly lead to data corruption. The threat is much more serious than that. A type of virus called a Trojan can let another person completely control and access your home computer as if he were sitting at the keyboard. Do you use your PC for shopping, banking or taxes? All of this information can be copied from a distance, without your knowledge, if the right virus can get into your system.

If you have an antivirus program and do not regularly update the virus definitions (at least weekly) there are several recent viruses that will disable the antivirus program and any new version of it you install, but make it look as if were actually functioning. You must keep your virus definitions up to date AT ALL TIMES. There are settings in the antivirus software that will do this for you automatically. If you have not been seamlessly protected for the past year or so you must be certain that your system is free of certain viruses before you can trust the antivirus software to function correctly. Both the Symantec and McAfee web sites have online tools for this purpose.

Most viruses are spread via email. We have all seen the admonishments from the Network Administrator not to open certain emails because they contain known viruses. At home, you must use common sense. Do not open any email with a generic subject, such as "This is Cute" or "You'll love this." Set your email client not to open attachments that may carry viruses. In Outlook Express 6, this can be found under "Tools," "Options," "Security," "Virus Protection." You may disable this feature temporarily to view things from persons you trust, IF: They warn you in a separate message they will be sending an attachment AND you are certain they maintain adequate virus protection. Remember that the message containing a virus likely comes from a known person whom you have received email from in the past. The virus will email itself to you from their computer without their knowledge. Trust no one completely unless you are certain that they maintain adequate security on their own computer.

In addition to the threat of virus attacks, there are other types of attacks that Windows based operating systems are vulnerable to. One is called a port probe. This is traditionally called "Hacking." Ports are Windows utilities that are used by other programs to access the operating system. They allow third party software and device drivers to function in the Windows environment, among other things. If left unprotected they can also let unauthorized persons take control of your computer, destroy your operating system, or copy sensitive data. Antivirus software, even when functioning properly, does not protect your system from this kind of attack. A device or program called a firewall is required. In Windows XP Home and Professional systems a firewall is included in the operating system, but must be activated by the user. Follow the directions below to set up your firewall.

To enable or disable Internet Connection Firewall

1. Open Network Connections

2. Click the Dial-up, LAN or High-Speed Internet connection that you want to protect, and then, under Network Tasks, click Change settings of this connection.

3. On the Advanced tab, under Internet Connection Firewall, select one of the following:

a. To enable Internet Connection Firewall (ICF), select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.

b. To disable Internet Connection Firewall, clear the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.



If you are using an older Windows operating system, you may down load a free software firewall called Zone Alarm, which is simple to use and highly rated. There are also other solutions available from antivirus companies and other freeware. I do not endorse any specific program, but you absolutely must choose and install one of these services. After you install a software firewall you may be asked to specify which programs are allowed to access the internet from your computer and vice versa. Do not allow access unless you can determine the purpose of the program involved.

If you have a broadband connection in your home, consider installing a router. This device allows multiple computers to share a broadband connection and can often be found for $30-40 after rebates at Best Buy, CompUSA or Circuit City. In addition to allowing several computers to connect to the internet or share a single printer, they offer hardware firewall protection for all connected machines. Some expert opinions are that a hardware firewall is more effective than a software firewall, but some software firewalls offer more control.

Another type of attack that is more recent and much less widely known is spyware and malware. These are very small and simple programs that are covertly installed in your computer while you are doing something as innocuous as surfing the web or reading email. Once again, even properly functioning antivirus software will not protect you from this threat. Typical malware and spyware reside quietly in your hard drive and track your movements on the web, sending a constant flow of information back to their owners about where you go and what you buy. They can also act as Trojans, which were defined above, or key loggers, which record every keystroke you make, and send that information to a specified person. Obviously, this could include private information and passwords. They also allow popup ads to proliferate on your computer. One symptom of this is popups that occur when you are not online. Internet browsers, such as Internet Explorer, use "cookies" to enable personalization of certain web content. This technology has been perverted to include tracking cookies, which can be used to track your movements on the web and target you for advertising. Another symptom of malware and spyware is that your computer seems to be taking longer to boot up or shut down, or that your internet connections seems slower than it used to be. That is because each of these programs uses a certain small percentage of your computer's resources to function, and as they add up, the deficit becomes noticeable.

There are several parts to solving this problem. The first and most simple is not to download and install anything from the internet that promises a free utility unless it is from a trusted, known source. Examples of free programs that include spyware or malware are "Weatherbug," "Comet Cursor," "Bonzi Buddy," and most notorious, "Kazaa" and other file sharing clients. Downloading and installing one file sharing program can result in as many as 200 unauthorized programs and cookies on your computer. If you require the use of one of these programs, search the web until you find a "cleaned" version of it.

Another required action is to disable ActiveX on your computer. Under "Tools" in the internet browser you will find "Options." Under "Options" is "Security" and "Custom Level." The ActiveX controls can be disabled there. ActiveX is a utility that can be exploited to run malicious software on your computer. If you have ever had your homepage changed to something you did not authorize, this is one very mild way ActiveX controls can be exploited.

A final and most effective method to control these pests is to acquire and use programs such as "Spybot" and "AdAware" that seek and destroy known spyware, malware and tracking cookies on your computer. Free versions of both are available for download. You must update the definitions of these programs and run them at least weekly. It is not uncommon for a first time user to find 200-300 unauthorized and identified malicious processes and cookies on their computer. One person I know found 600! Weekly totals after that will depend on your habits, but 30-40 is not uncommon. There is nothing found in these searches that has a legitimate purpose. If a certain program does not work after you delete the offensive content, which is common with "Kazaa" and other file sharing clients, then you must delete the entire program and find a cleaned version of it to install, or accept the risks of leaving your computer open to intrusion at any time.

I would also suggest that you go to the Windows Update page at Microsoft and install at least the Critical Updates as soon as possible. A link to Windows Update can be found under "Tools" in the top of the browser window.

If you attempt these security measures and find that you are already infected with an antivirus disabling virus, or ActiveX or other programs that you cannot seem to remove, contact a computer repair service for assistance. Remember that every day that you leave these matters unattended, YOU ARE AT RISK."
 

Zippy

Well-Known Member
Joined
Oct 30, 2003
Messages
457
Reaction score
0
OMG, and I hate to use that Oh My God Shi-. I really didn't read through all of it. Look don't worry about stuff like that especially if you have virus software like Norton. If you have a broad band connection then you definatly need Norton or McaFee. In my experiance McaFee sucks and slows down your computer while I call Norton " Snortin Norton" and is barely noticable.
 

cydermaster

Well-Known Member
Joined
Jan 19, 2009
Messages
2,604
Reaction score
0
I use Nortons AV, AdAware Pro and Zone Alarm Pro - killer combo! :kill:

Nortons does suffer from not being 100% at detecting Trojans, once they've managed to install themselves; so always scan your files after downloading, especially if you file share! ;)

I speak from experience. A PC at work got infected with a trojan, which was able to cloak itself from Nortons, once it had installed itself. It was AdAware which noticed the Registery anomoly, which lead me to discover the bugger!
 

Zippy

Well-Known Member
Joined
Oct 30, 2003
Messages
457
Reaction score
0
and most notorious, "Kazaa"
I just had to quote that. If you get the old kazaa lite and use virus software you can go literally for years without a problem. But I didn't say that.

CyderMaster: I use Adaware freeebee, in an of it self it is worth the cost. Ton's of spyware is found.
 

n3tjm

Papa Elf
Joined
Jan 21, 2009
Messages
7,346
Reaction score
223
Location
Penns Creek, PA
A final and most effective method to control these pests is to acquire and use programs such as "Spybot" and "AdAware" that seek and destroy known spyware, malware and tracking cookies on your computer. Free versions of both are available for download.
Do you know where I can find these free versions of the software?
 

rbeckey

Well-Known Member
Joined
Jul 19, 2012
Messages
1,517
Reaction score
1
I read the thing again and it sounds a little condescending. That is my fault, but I work in a place where most people consider a computer a good way to keep the fan from blowing away the takeout menu from the Chinese restaurant while they dail the phone. When their home computer ***** itself, they think I should fix it for free since we work together. I wrote it to save myself some future aggravation.

AdAware is what I use myself, and it can be found at http://www.lavasoftusa.com/. From the home page, click on "Ad-aware" on the left (Make sure it is plain Ad-aware and not the Pro or Plus version.) Partway down that page is "Download our software" Click on that and the very top paragraph has the word "freeware" in red. That is a link to the download page.

I would be intersested in a spyware compition. When I ran mine the first time I got 232 hits. Anybody beat that?
 

Zippy

Well-Known Member
Joined
Oct 30, 2003
Messages
457
Reaction score
0
rbeckey,

Sorry I didn't catch the condesending (did I spell that right?) part.
 

cydermaster

Well-Known Member
Joined
Jan 19, 2009
Messages
2,604
Reaction score
0
Originally posted by ZippyOgiveHead
CyderMaster: I use Adaware freeebee, in an of it self it is worth the cost. Ton's of spyware is found.
It was the freebie version of AdAware which found the Trojan. I use the pro version at home, but I find Zone Alarm Pro's Ad blocking to be adiquate, so I don't really use the extra features of AdAware Pro.

Stick with the freebie AdAware, and keep it updated! Your computer will thank you! ;)
 

Stymye

Well-Known Member
Joined
Jan 21, 2009
Messages
7,568
Reaction score
4
Doug ,
you can find all of the mentioned downloads at Cnet
plus a whole lot more

http://www.download.com/


I use Zonealarm pro ,If you purchace it ( it's worth every penny)
you also get the Pest Patrol suite with it,
it controls cookies and irradicates the latest spyware

or get AdAaware.I have used it and found it very effective as well!

at the least ,install the zonealarm basic. firewall
 

firemanup

Well-Known Member
Joined
May 2, 2002
Messages
1,307
Reaction score
80
Location
Central Iowa
What about the spyware you've added to the computer yourself to keep an eye on children on the computer and internet...?

Will these programs disable that also..?
 

Zippy

Well-Known Member
Joined
Oct 30, 2003
Messages
457
Reaction score
0
The programs will list the names of those things and it's up to you to check (and delete) them or add them to the ignored list. The problem is recognizing wich are wich. I've had to re-install some programs becouse I let the software delete them and then found found out later I really neaded those .dll's!
 

rbeckey

Well-Known Member
Joined
Jul 19, 2012
Messages
1,517
Reaction score
1
A fellow at work uses Iopus Starr to watch the kids. He was able to set Spybot up to ignore that particular bit of "spyware." I imagine the same could be done with Ad-aware. There is a user specified ignore list in both programs, so you can leave in what you want even if it IS spyware. You can also restore the files from quarantine, at least in Ad-aware, if you find that something you need no longer functions after a cleaning.
Imagine that software you use to watch the kids, record their chats and emails and follow their browsing doing the same thing to you, and reporting the results to a stranger. It might be happening right now.
 

n3tjm

Papa Elf
Joined
Jan 21, 2009
Messages
7,346
Reaction score
223
Location
Penns Creek, PA
I just reinstalled Norton Firewall on my PC... it is interesting to watch how many applications try to access the interent and read cookies. This forum alone pings a cookie report at least a dozen times to make this post!. But those are good cookies... since this is good software ;)
 

rbeckey

Well-Known Member
Joined
Jul 19, 2012
Messages
1,517
Reaction score
1
Ad-aware has never disabled a good cookie, as far as I can tell. It never tried to report cookies from this forum as tracking cookies.
 

NewEntity1

Well-Known Member
Joined
Dec 4, 2003
Messages
273
Reaction score
0
Generally, its 3rd party cookies that are the "bad" kind. These are cookies that are used by websites that are different from the website that gave you the cookie in the first place.

I have an older copy of Spybot search and destroy available on my website for download if you have trouble finding a current version. I don't have a link to it though...I'll add one.

Update: Ok I've updated my website to include a download link.

Here is my website

Just click on this link, then click on the link on the upper right of the header page that says 'Spybot'.

Once installed, you should be able to update to the latest version using links built into the software itself.
 

NewEntity1

Well-Known Member
Joined
Dec 4, 2003
Messages
273
Reaction score
0
Incidentally, at home I have a hardware firewall via my own router connecting to the cable modem.

The router runs NAT which, in addition to allowing each individual computer in the household (behind the router) to have it's own internal IP address, but means that any PC behind the router is basically invisible to any direct attack methods or packet sniffing.

Basically, the router is assigned a dynamic IP such as 126.2.25.199 (for example) by the cable modem when it connects. The router then goes and assigns each computer connected to it a series of IPs such as 192.68.0.1, 192.68.0.2, 192.68.0.3 etc.

Anyone attempting sniff packets coming from my physical location will see the packets coming from Ip 126.2.25.199, regardless of what internal ("intranet" as opposed to "internet") they have. The outsider can try to hack the router itself, but since the router is not an actual computer, there is no software on it, and thus not a whole lot that can be hacked :D

Note that the router does not protect against INDIRECT attacks. If I visit a malicious website with spyware or full blown trojans on it, the router will route (hence the name "router") the malicious program straight to the computer that is visiting the website, because a "legitimate" network session has already been established. The browser itself may be able to block the trojan, or a program like spybot s&d detect the trojan's existance; however, neither the router nor any kind of software firewall (that is JUST a port blocker) will help.

Direct hacking attacks rellie on finding open ports on a computer that are not being blocked. If it finds an open port, it tries to establish a network session on that port using various exploits. Indirect attacks lie in wait, waiting for their victims to come visit THEM, establishing an OUTGOING network session. Firewalls prevent incoming sessions from being formed, not outgoing sessions.
 

rbeckey

Well-Known Member
Joined
Jul 19, 2012
Messages
1,517
Reaction score
1
I use a router myself, for that purpose. (And I can print from my laptop and update it via cable modem.) I also plan a home network in the near future, when I finish the basement. Next spring I'll be building a new P4 super system, and this one will be the kids' box.
 
Top