Club Officers
Dates and Times
Muggings
Lou's Views
About Spam
Member Pages
Membership Virus Info
About MUG Tech Support Free Stuff
Character Map Keyboard Shortcuts
Today is

Safety Links

Go Back
Homepage
Contact
Muggings...

Articles and Information
by Members for Members

Novice SIG topic for June 2005: Anti-Malware

Good appliances are devices that enrich and simplify life's tasks. A new lamp, plug it in and turn night into day; a refrigerator, connect it to an electric source and a water line to enjoy copious crescents of ice for cool drinks and reduction of swelling of bruises; a radio, plug it in and hear music, world news, and great local bargains.

Television has advanced a little bit to lighten your wallet. It is no longer a simple task of rooftop antenna adjustments to maximize over-the-air reception. For those hundreds of channels with nothing worth watching, we must have a cable or a satellite dish and a monthly bill.

 

All of the above provide links to known resources whose content is relatively safe. (Exactly how "clean" is your water and electric current?) The ubiquity of personal computers has elevated (?) them to the status of an appliance. Few PCs operate without a connection for data from a worldwide source via an ISP (Internet Service Provider). The Internet is a duplex (two-way) channel to and from your home. Once you open that portal, information can flow out as well as in.

 

Once upon a time you bought a home computer which came with a mini-shelf of manuals. You read and re-read these and kept them within quick reach. You learned to write files and found you could name them anything as long as you stayed with eight characters for the file name and three special characters for the file name extension. You shared programs and files with friends by shuttling 5 1/4 inch floppy (really floppy and fragile) disks back and forth. You subscribed to clubs that delivered fun-filled and educational floppy disks monthly, via the Post Office. That venerable Post Office is now abbreviated to USPS -- four syllables replacing three, but only four characters replacing eleven. Welcome to the brave new world of condensed information.

 

Would you feel secure living in a home without locks for the doors and windows? When you venture onto the Internet, you need protection against those who would do you ill. Viruses, Trojan horses, Worms , Ad-ware, and Spam all conspire to deprive you of the benefits of the latest communications network. It would be foolish to drive cross-country without a spare tire and a modest toolkit. Likewise, we must add tools to defend ourselves against malevolent software as we journey the World Wide Web.

 

Your first order of business should be an antivirus program. The two leading vendors of these programs are McAfee and Symantec, with the latter's products going under the trade name Norton. The most important thing for you to know about these programs is that they must be updated frequently; primarily for their antivirus definitions, but also for their program updates. Originally the single purchase price bought a lifetime of updates; however, with the proliferation of viruses, the companies went to ever escalating subscription plans of a year's duration. An alternative to paying annual fees is a very good free program, AVG from Grisoft, a company in the Czech Republic . It is free for personal home use on individual computers.

 

After installing a good up-to-date antivirus program, you will next want a firewall. These security gates to the Internet come in two varieties: hardware and software. If you have a home network employing a router or switch, these devices include a hardware firewall. A combination of hardware and software firewalls is acceptable, unlike multiple antivirus programs which can conflict with each other. There are many commercial products available, mostly in security suites. An excellent free version is Zone Alarm from Zone Labs. Again, the free license is only for personal home use. The role of a firewall is that of a guard at the gate to the Internet. Unlike Microsoft's firewall (included in Windows XP), Zone Alarm monitors outgoing traffic as well as incoming. Thus, if you get a virus that tries to spread its contagion, Zone Alarm will alert you to outgoing traffic. Your e-mail buddies will thank you for that.

 

Not too many years ago, an antivirus program and a firewall would be all the protection you needed to safely surf the Internet. These days we really need to add a third genus, Anti-Spyware. Spyware are programs that surreptitiously load themselves onto your computer as you visit websites. Typically they accompany "free" games that will not play without the parasitic spyware. Their purpose is to follow and report the URLs you visit, assess your habits, and deliver pop-up ads and unsolicited e-mails, also known as Spam.

 

Unlike a firewall or an antivirus program, anti-spyware programs do not usually run in the background; you must periodically use them to scan your hard drive. As with antivirus programs, they must be updated to work efficiently. Two must-have utilities are Lavasoft's Ad-Aware SE (2.5 MB) and Safenetworking's Spybot: Search and Destroy (4.2 MB). Round out your arsenal of protection with Meijn Bellekom's HijackThis utility (183 KB). However, b efore using HijackThis, set A Restore Point and do a full backup of the Registry. As opposed to Ad-Aware and Spybot, HijackThis gives an extensive log of Browser Add-ons and Registry settings, not all of which are malevolent. In fact, some are indispensable and removing certain items could cripple your PC. When troubleshooting Registry entries, be sure to make incremental backups prior to disabling or enabling values in the Registry. Fortunately there are several web forums that will scan your HijackThis log for you and tell you what to kill and want to keep. For a list of these forums go to Merijn's web site.

The following is an excerpt from Merijn's website:

Online Help Forums

"As I am very busy with school, programming and other things, I will not have time to check each and every log you guys send in to me. Thankfully, there are numerous support forums out there that will take the time to go over your log with you. Here are a few good ones (keep in mind there are dozens of forums out there I don't even know about that help with HijackThis logs so they may not be listed here).

Note: every forum has its own rules. Be sure to read the forum rules before posting to make sure your problem gets fixed as soon as possible.

Spywareinfo Forums : This is one of the best support forums. Within minutes of posting your log or question, an expert will be reviewing it and you will have the answer you seek within those very minutes. They are very quick, accurate, and friendly!

Cexx Forums : This is another good one with friendly users, helpful people that are very smart.

DSLReports Forums : This has got to be one of the busiest forums. They are quick to respond, accurate, and everything else.

Net-Integration Forums : These are excellent forums! The home of Spybot Search and Destroy forums! Everyone here knows what they are doing. They are extremely friendly. Also post here with Spybot problems you may have.

Lavasoft Support Forums : From the makers of Ad-Aware. There are a few people here who know how to read logs. Also, if you have any problems with Ad-Ware post here.

TomCoyote Forums : This forum is another excellent resource. The people here a friendly, helpful, and support both Ad-Aware and Spybot and Hijackthis logs.

Techguy Forums : Like most places, they have tons of helpful, friendly experts.

D-A-L forums : A smaller online help forum, working hard to increase the size of their community.

ComputerCops.biz Forums : A great forum, with lots of interesting stuff besides the forum itself, which is also very large with short response time.

SpyWare BeWare! : A relatively new forum ran by Maddoktor2. Not as formal as most, but a good place to relax and still find help.

BleepingComputer.com : Bleeping Computer is a community devoted to providing free original content, consisting of computer help and tutorials, in such a way that the beginning computer user can understand it.

TechMonkeys : A tech help forum that recently opened up for HijackThis logs. Their forum is also very complete for other topics than malware issues.

PCHelp Forum : A new support site for all PC related problems. We cater for all levels of PC user, regardless of experience. Downloads, forums, chat and news. We are dedicated to helping you with your PC problems."

 

Spam, already mentioned, is the mass mailing of unsolicited commercial messages. By most surveys, Spam now surpasses 80% of e-mail traffic. There are a number of techniques used to combat spam including hierarchical, Bayesian, and peer networks. Many ISPs are employing anti-spam software to help fight this scourge but few are efficient enough to keep your inbox uncluttered. The major problem of ISP blocking is false-positives, identifying legitimate mail as Spam. Most anti-spam programs that reside on your hard drive redirect probable Spam to a special folder rather than block or delete it. I have been using Cloudmark's SpamNet, a peer network solution, (grandfathered into a free version) for a few years and have been quite satisfied. It creates a Spam folder and provides two buttons on a toolbar, Block and Unblock. Selecting what you consider Spam and hitting the Block button reports that e-mail to the peer network. Selecting messages from the Spam folder and hitting the Unblock button moves them back into the Inbox folder but does not report that action to the network, it only modifies your "black|white list."

 

There are other e-mail hazards against which the only defense is knowledge and common sense. A recent technique, known as phishing , tries to get confidential information by posing as a legitimate organization. Requests for account numbers, balances, confirmation of passwords and PINs, Social Security numbers and the like must be considered bogus. If you receive an e-mail with a link to a web site never click on that link, it may contain hidden or deceptive characters. Substituting a numeral “1” for an alpha “l” and vice versa, can be hard to catch. To be safe, write it down and enter it manually in your browser's address box.

 

Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing . Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming  'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser , however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

 

As you can see the conveniences of modern life come with attached responsibilities. There was a time when automobiles did not have ignition keys and door locks. When engraving your Social Security number on a piece of equipment was a deterrent to theft, now it could be a target to steal your identity, not just the item. Consider keeping confidential information on removable media such as a CD or flash memory rather than your hard drive and store it in a safe place. Like visiting a strange or new neighborhood, we must be vigilant while traveling the Internet.

back to top