Your PC. Prepared for Anything.
Security and Privacy
Security and Privacy
LunarSoft’s Anti-Malware Toolkit: One-Click Download of Many Utilities
Oct 6th
If your family and friends turn to you for help, especially when their computer’s been infected, Lunarsoft can help you.
Their Anti-Malware Toolkit will download the latest versions of a suite of applications, definitions and utilities. Armed with this arsenal, you can be out the door and on your way to helping your friend in just a few moments.
You can find useful how-to information, such as which order to install and run these anti-malware applications, at the Lunarsoft PC Cleanup wiki.
A tiny download (394 KB for installer, a mere 60 KB for the zipped version), the Anti-Malware Toolkit can be a useful tool to have on hand before you answer your next distress call.
Photo: Holeymoon
Firefox Add-on|NoScript
Sep 18th
Since mid-August 2008, users have been reporting “malvertisements,” maliciously-designed Adobe Flash banner advertisements that copy text to the clipboard in Windows, Linux and Mac OS X.
While this “hijacking attack” does not infect computers directly, it copies the URL of a website offering bogus “security software.” Apparently the bad guys’ hope is that you would mistakenly paste their URL in an email to a friend, for example, to unwittingly trick someone to go to their website, putting your friend at risk of getting infected if they visit the bad guys’ site. More >
Before Your Laptop Is Stolen, Check out Adeona
Sep 10th
It’s a situation no laptop owner looks forward to–their laptop gets stolen. With a little planning (and hopefully, the thief’s unwitting assistance), the free service Adeona can help track down your laptop.
Currently, Adeona may be used on laptop/desktop/server type computers, but the developers are researching how to make this available for mobile devices, like iPhones. The Adeona client is available for Windows XP/Vista, Mac OS X and Linux.
Private, Reliable and Open-Source
Adeona is an open-source utility that uses a client which you install on your computer. From that point on, your information is kept private through the use of encryption techniques described in the developers’ 2008 paper. Location updates are transmitted about every 30 minutes to the community-run OpenDHT site. This information is retained for one week. More >
Tame Flash Animations with Flashblock Firefox Add-on
Aug 20th
Despite the “cool factor” that Macromedia Flash animations bring to a web page, you might want to limit Flash on your PC. You may have a computer with only a small amount of RAM that you don’t want Flash animations to gobble up.
Perhaps you’ve read about (or seen!) “malvertisements,” maliciously-designed Flash animations that display seemingly-helpful screens that say, “Your system is infected” or prompt you with a phony “System scan” option. Those fooled into clicking these convincing screens could end up infecting their computers with malware.
Flashblock, a free add-on for Firefox, prevents all Flash content from loading, except from the sites you specify. More >
NebuAd CEO Asked “Have You Stopped Beating the Consumer?”
Aug 14th
Bob Dykes, CEO of NebuAd, was recently questioned at a House subcommittee meeting by Rep. Edward Markey (D – MA), chairman of the House Subcommittee on Telecommunications and the Internet. NebuAd is one of the advertising companies which use deep packet inspection (DPI) to examine the (unencrypted) web traffic of the customers of the internet service providers (ISPs) who partner with them.
Kansas-based ISP Embarq is one of NebuAd’s partners. At issue was a data-gathering test conducted earlier this year by NebuAd against 26,000 of Embarq’s customers.
Embarq did notify its customers about the test, noting that customer’s web surfing data would be retained, and that they could opt-out of the test if they wanted.
Rep. Markey encouraged Mr. Dykes to offer an opt-in model, instead of the current opt-in option. More >
Giving that PC Away? Use DBAN to Wipe That Hard Drive Clean
Aug 8th
Photo by Jeff Epp
If you’re going to donate your old PC or sell it, make sure you don’t leave any personal information on the hard drive. The open-source [free for personal use] DBAN (Darik’s Boot and Nuke) will completely and securely wipe your computer’s hard drive.
Another occasion to use DBAN is to completely destroy a virus. While this is a drastic measure, there are some cases when a computer can be infected with a virus so pesky that it can survive a hard drive format. In other words, if you’re dealing with a nasty virus and decide to simply format the drive and reinstall Windows, you might still be facing that virus after all that work. If you’re going to go to the trouble of reinstalling Windows, use DBAN to completely wipe the hard drive clean first.
Preparing Your DBAN Media More >
DNS Exploit Code “In the Wild”; Are You Vulnerable?
Aug 5th
UPDATE: After Dan Kaminsky’s Blackhat presentation, Steve Friedl posted the specifics of the bug in An Illustrated Guide to the Kaminsky DNS Vulnerability.
As we mentioned last month, security researcher Dan Kaminsky discovered a serious exploit in the Domain Name Server (DNS) systems used by the thousands of internet service providers (ISPs).
- The good news: In an unprecedented cooperative effort, Mr. Kaminsky led a team of engineers from many vendors who secretly worked together to create patches to fix the exploit. The patches were simultaneously released in early July, 2008.
- The bad news: Since then, code that demonstrates how to take advantage of this exploit has been found “in the wild”
- The really bad news: Many ISPs still haven’t patched their DNS servers.
What Does This Mean to Me?
If your ISP’s DNS is not patched, and they are attacked using this exploit, you may unknowingly be redirected to a phishing site. For example, you may think you’re browsing to www.MyBank.com, but actually your browser is redirected to a look-alike site. If you enter your user name and password, these could be stolen, and the bad folks who created the look-alike site could access your account and wreak havoc.
What Can I Do? More >
Phorm, NebuAd, and Front Porch May Soon Be Your ISP’s Friend, But Not Yours
Jul 14th
An emerging and intrusive technology may soon be coming to your ISP. Three companies, NebuAd, Front Porch and Phorm, are best-known for using deep packet inspection of ISPs’ user’s browsing habits as a way to present targeted advertising to users. Advertising on the web is nothing new, but the way these companies’ services work is something you should know about.
Basically, these companies, with the consent of ISPs, install an appliance into the ISP’s network. This device acts as a proxy: when you browse to a page, this proxy device intercepts your request, then inspects the content of the requested page for key words, and uses this information to present targeted ads to the user. (Steve Gibson goes into detail regarding how Phorm’s WebWise service gathers information in his Security Now! podcast #151.)
So with these companies’ devices placed inside of your ISP’s network, ISPs make money, and their customers’ surfing habits get analyzed.
DNS Patch for Windows Released. Why You Need It (Unless You Use Vista)
Jul 11th
As part of the most recent 2nd-Tuesday-of-the-month “patch Tuesday” (July 8, 2008), Microsoft released patches for Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008. Windows Vista (neither the 32- or 64-bit versions) is NOT affected. Windows 2000/XP users who are using ZoneAlarm could lose internet connectivity after applying the patch. Read ZoneAlarm’s press release about that here.
(This patch does require a reboot.)
For specific information, read Microsoft Security Bulletin MS08-037 and Knowledge Base Article 953230.
DNS (Domain Name System) translates “friendly” site names (like preparedpc.com) into numeric addresses used by the internet computers. The problem: a basic flaw in unpatched DNS installations More >
Secunia PSI – Do I Have Any Vulnerable Applications?
Jun 29th
Keeping your Windows operating system up to date is easy. (You do have automatic updating turned on, right?) What about all of the programs that you have installed–how can you keep track of which ones have a serious security issue? And when you know which programs are “broken,” how do you fix them?
Secunia PSI (Personal Software Inspector) is a useful, free tool which scans your computer, checks the versions of applications located on your computer against its database, then reports on them. It categorizes applications as insecure, patched and end-of-life. For any applications it determines are insecure, PSI lists each application and provides a direct link to the current version of the application on the vendor’s site.
Overall, PSI provides a comprehensive solution to identifying software vulnerabilities and correcting them. Consider downloading Secunia PSI and running it today. You might be surprised at what it finds!