Site hosted by Angelfire.com: Build your free website today!
      
A HOME PC REPAIR(330) 753-8303
 
 
  SECURITY NEWS

MICROSOFT

FIGHT SPYWARE

  

 

This website is being built to provide a security resource for the home PC user. This site is under constant construction.  I will try to add links and tutorials on PC security, as I am able to.  I am going to use links to free software only, and I have tried most of the software, at one time or another .

Most Americans believe their computers are protected against viruses and spyware, but scans found that a large number had outdated or disabled security software, according to a poll released on Monday.

Sony says the rootkit-like behavior of a device driver used to run its biometric Micro Vault USM-F thumb drive was unintentional.

Don't forget the last sony root kit story folks

 The major search engines are racing to outdo each other in updating their data retention policies in an attempt to assuage concerns that they keep consumer search data too long.

WASHINGTON--Politicians charged on Tuesday that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.

Microsoft's Internet Explorer has been named one of the Internet's top 20 hacker targets by a leading security organization.

BROWSER SECURITY TEST  Can someone hack into your computer via your browser? How vulnerable are you? Can websites install spyware through your browser?

FIFREFOX 2.0  Considered by many to be the safest web browser in the world

MICROSOFT WINDOWS MALICIOUS SOFTWARE REMOVAL TOOL  The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software-including Blaster, Sasser, and Mydoom-and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

This is the best windows repair tool i have ever seen bar none!!!!!!! DAIL-A-FIX

SCAN YOUR SYSTEM -for open ports  can the hackers see you?  SHIELDS UP

SECURITY NOW NETCAST   Security Now netcast security related downloads wonderful internet radio show

TREND MICRO   Latest internet security threats

YALTA this is a leak tester.  It will show you how a trojan transmits to the internet through your system.

BUG REMOVER    removes Spy Tags on web pages

SecurAble probes the system's processor to determine the presence, absence and operational status of three modern processor features:

  • 64-bit instruction extensions,
  • Hardware support for detecting and preventing
    the execution of code in program data areas, ... and
  • Hardware support for system resource "virtualization

I THINK EVERY PERSON WITH A PC SHOULD DOWNLOAD AND RUN SECURABLE THIS IS A MUST HAVE UTILITY

 

LEAK TEST    will test your firewall for leaks
SHIELDS UP EVENT  test several known ports that are used by hackers
UN PLUG AND PLAY  will tell you if a port is open
ID SEVER -ever wonder how safe a website really is
SOCKET LOCK  if you use Windows XP, NT, or 2000, please take alook at this.
SOCKET TO ME  same as above
NO SHARE  make sure port is closed


 

INTERNET FIREWALLS BELOW

For those of us using high speed always on internet connections it is a must in my opion to have a good router with nat firewall protection

 

The basic idea behind a broadband router is to allow two or more computers to share In internet connection using a technology called NAT - network address translation .  With only a single IP address on the Internet, all of the computers in your home can be on the Internet at the same time. Additionally, NAT naturally acts as a rudimentary router firewall by masking the true IP address of our computer - thus helping to keep your systems safe from hackers.

 

WINDOWS VISTA FIREWALL HAS SOME IMPROVEMENTS

 

 HOW TO USE WINDOWS XP FIREWALL Running windows xp you should read this!!! 

 

KERIO This is the best software firewall i have ever used!!

 

ZONEALARM-FIREWALL ZoneAlarm provides essential protection for Internet users. Combining the safety of a dynamic firewall with total control over applications Internet use, ZoneAlarm gives rock-solid protection against thieves and vandals. ZoneAlarm makes ironclad Internet security easy-to-use. ZoneAlarm gives you control over the door to your computer. With Stealth Mode enabled, ZoneAlarm s Firewall renders your computer invisible to the Internet and potential intruders. If you can t be seen, you can t be attacked. Because you tell ZoneAlarm how you use your computer, the firewall only allows traffic that you understand and initiate. ZoneAlarm s firewall provides the ultimate intrusion security for your personal computer. ZoneAlarm also introduces MailSafe which enables users of ZoneAlarm to detect and control Visual Basic Script attachments to emails they receive while ZoneAlarm is running. Free for personal and non-profit use.

 

Jetico Personal Firewall can protect your computer from outside attacks, as well as from malicious programs that are attempting to communicate with the outside.

Microsoft looks to "monkeys" to find Web threats

Researchers for the software giant are building a system of Windows XP clients that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.


Researchers at Microsoft are creating their own version of a million monkeys to crawl the Internet looking for threats in an effort to secure the Web for Windows.

The software giant's Cybersecurity and Systems Management (CSM) research group are building a system of virtual Windows XP computers that crawl the Web looking for sites that use unreported vulnerabilities to compromise customer's PCs. Dubbed "honeymonkeys," the virtual machines run a full version of Windows XP with monitoring software and crawl high-risk areas of the Web looking for trouble.

"Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week.

The research is part of Microsoft's continuing effort to rein in the potential effects of vulnerabilities in Windows XP. The software giant has already added a host of security measures to the consumer operating system with its August security update, Service Pack 2. This month, Microsoft also announced that it would provide interim guidance on security threats to its users in the form of security advisories. In addition, the company has made several attempts to reach out to vulnerability researchers to limit the release of flaw information before its product groups have had to a chance to fix security problems.

Wang's research could give the software giant a heads up when a vulnerability is not reported to its security response team, but instead used by Internet crime groups to spread spyware or used as part of a Web worm. The virtual PCs will crawl the seedier side of the Web, which Wang calls the Exploit-Net, using addresses culled from spam e-mail message and from the users of Microsoft's anti-spyware network. In addition, the virtual machines, which can test 7,000 sites a day, will crawl through the top million legitimate links just to check that no spyware has infected popular sites.

So far, Wang has set up a half dozen computers running various patch levels of Microsoft's consumer operating system, Windows XP, within virtual machines. Soon, his research group will have about three dozen machines running the software. The computers run an application known as Strider, also created by the research teams, which looks out for registry and other configuration changes as a way to detect surreptitious installations of malicious programs.

The technique is not totally new. The Honeynet Project , a group of researchers that focus on creating tools and monitoring Internet threats using networks of honeypots, is also looking into actively crawling the Web with specially configured computers, which the group calls client honeypots.

The group has made a name for itself by creating networks of heavily monitored computers and waiting for attackers to exploit the systems. With the new researcher, the group intends to go out and seek sites that are installing malicious programs.

"As the bad guys are constantly adapting their tools and tactics, so too must we," Lance Spitzner, founder and president of the Honeynet Project, stated in an e-mail. "Client honeypots represent just one such application of that."

The tactics has become a staple of some anti-spyware firms as well. Webroot Software , for example, uses computers to scan Web pages on the Internet, looking for those sites that automatically try to install spyware applications. While Microsoft seeks to find sites that exploit previously unknown flaws, Webroot instead seeks previously unknown spyware, even if it requires users interaction to be installed.

"Our system finds all the sources for all the bad stuff, then we turn the list over to a automated system," said Richard Stiennon, vice president of threat research for Webroot. "I think that is the only effective way to stay on top of the spyware menace."

Microsoft would not comment for this article, but a spokesperson did stress that Wang's research was preliminary.

Wang believes that an expanded system of honeymonkeys, but perhaps not the proverbial million, could patrol the Web of the future, seeking hot zones before actual PC users are put at risk. Depending on the threat, the company could take legal action, contact law enforcement, or refer the issue to an internal product group.

"If any Web sites exploits a recently found vulnerability, we would talk to our patch team and security response teams to tell our the customers to apply the latest patch," he said. "If we ever identify a fully patched machine that got exploited, we got a big problem. We would involve the IE team and show them the threat."

His research has also illuminated the connection between the three tiers of the spyware problem: Content providers and advertisers, sites that install by exploiting flaws, and spyware software makers. Together, the three tiers have created a seedy part of the Internet that forms what Wang calls the Exploit-Net.

A widely deployed system would put spyware mavens on notice, he said.

"We will tell them, you are being watched," he said. "So, hopefully, if I get my way, and this is run completely automatically, Internet safety will be different."

  

 
Powered by VM7.com

 
   SECURITY NEWS  

VIRUS PREVENTION TOOLS

AVG-ANTIVIRUS SCANNER   AVG Anti-Virus Free Edition is an anti-virus scanner that offers Resident Protection, e-mail Scanner, On-Demand Scanner, Virus Vault for safe handling of infected files and automatic updates. The free version is limited in features, but includes all basic scanning functionality and real-time protection. It uses the same scanning engine as the commercial version, however updates are provided on a low priority basis.

AVAST HOME EDITION   avast! Home Edition is a complete anti-virus package, that is is free for registered home non-commercial users. It contains an on-demand scanner with two interfaces (simple for novices and advanced for experienced users), an on-access scanner with Standard Shield (which protects against execution and opening malware programs) and an embedded e-mail scanner which scans incoming and outgoing email messages. avast! Home integrates with the Windows Explorer right click menu and also includes a special screen saver which is able to scan your system while your computer is not in use. Updates are incremental and frequently made available for manual or scheduled download. You will download a 60 days demo, if you would like to continue free usage beyond that time, you`ll need to register from the home page to obtain a free activation key by email.

  AntiVir PE (Personal Edition Classic) offers the effective protection against computer viruses for the individual and private use on a single PC-workstation. It detects and removes more than 50,000 viruses and an Internet-Update Wizard for easy updating. The built in resident Virus Guard serves to monitor file movements automatically, for example when downloading files from the internet. Heuristic scanning protects Protection against previously unknown macro viruses

BitDefender Free Edition offers ICSA Labs certified virus scanning of your files. It includes an on-demand Virus Scan, Scheduler, Online Update, Quarantine and reports.

PC Tools AntiVirus Free Edition is an anti-virus scanner, that provides real-time protection against viruses, worms and Trojans. It also offers on-demand scans, as well as automatic updates and real-time scanning of incoming and outgoing mail. Other features include heuristic scanning and scheduled scans. The Free Edition offers limited support and non-priority updates.

FREE ONLINE VIRUS SCANNER  Think you might have virus, you can scan system now online.

PC PITSTOP A very good online virus scanner

 

TrueCrypt  is an open-source encryption software that enables you to create a virtual encrypted disk within a file and mount it as a virtual disk, that can be accessed via a drive letter. Any file that is stored on this virtual drive is automatically encrypted on-the-fly, and can only be accessed while the drive is mounted with the correct password or key. TrueCrypt supports a variety of encryption algorithms, including AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish. Other features include support for FAT32 or NTFS formatting, hidden volumes, hotkeys for mounting/dismounting and more.

ROOTKITS

Rootkits are not themselves malware programs. Rather rootkits are programs that hide the presence of malware programs.

They do this using a variety of clever tricks to manipulate Windows itself, the effect of which is that you cannot see the malware product on your computer using normal Windows programs.

For example, you will not be able to see any of the malware files in Windows Explorer or any other common file viewer.

Nor will you be able to see any of the malware processes by using Task Manager or most other process viewers.

Similarly there will be no visible malware entries in the Windows Startup folder or other startup locations. Even a HijackThis log will show nothing.

In other words, the malware infection is totally stealthed from your view and the view of most of your security software products.

Because of this stealthing your security software may report that your PC is totally clean from infection when in fact you are infected.

In the past rootkits have been mostly used by hackers to hide trojans. Increasingly however there are being used to hide spyware or mass circulation viruses and worms. That's bad news for users as they are far more likely to encounter these infections than hacker trojans .  

Detecting the presence of rootkits and the products they are stealthing is not easy  Certainly most anti-virus and anti-spyware scanners can't detect them though a few are just now starting to add features to help with detection. What is needed is a specialist rootkit detector.

Rootkit Detection

If a uninfected copy of the test system is available as a reference rootkits can detected  by doing a file-by-file comparison while working from the uninfected copy. Here the infected system is treated just as data so the cloaking effect of the rootkit is not in play. In this situation, the rootkit and its payload can be easily discovered.

However this is a situation that would be rarely encountered in practice as almost no one has a reference copy of their system. Quite separately, systems are not static anyway; legitimate changes are constantly taking place within a system and such changes make simple file comparisons difficult.

So in real-life rootkit detectors have to work from within the potentially infected system. Detecting rootkits in this situation is really tough but there are several different techniques that can potentially be employed and new ones are being developed. None however, are perfect.

To make matters worse,  rootkit developers are aware of these techniques and are constantly developing their products to evade new detection methods. In effect it's become a cat-and-mouse game between the bad guys and the goodies.

What that means is there is currently no such thing as a perfect rootkit detector. The good news is that it also means there is probably no such thing as a perfect rootkit either.

This situation means that users should not lock into the idea that one particular rootkit detector is "the best." Indeed I suggest you adopt the practice of using several detectors. You should also ensure that you regularly update your detectors as the current cat-and-mouse game means that products are constantly evolving.

Rootkit Detectors (RKDs)

There are over a dozen RKDs available but most are difficult to use or are targeted to detecting specific rootkits. The following four programs seem to be the best  for general use. I suggest you use all three.  Between them will detect the  majority of current rootkits. I have added a fifth program called IceSword but it's really only suitable for experienced users.

These programs are all free and require Windows 2000 systems and later. They all require Administrator user rights to run.

I wish I could offer alternatives for Window 9x users but there are simply no comparable products available.

  BlackLight from F-Secure

This is a free beta that's F-Secure will incorporate into its commercial security products at a future date though they have pledged BlackLight will remain free until March 2006. The program is currently being updated around once a month.

F-Secure does not give much information how the program functions other than to say it "works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software."  BlackLight will detect hidden files, folders and processes but not hidden registry keys.

BlackLight is currently the easiest RKD to use. It requires no installation and it  scans very quickly - less than a minute on my test PC.

It also offers a removal option for any rootkits detected by renaming the files involved.  Before using this option I suggest you read the section on rootkit removal below. 

BlackLight requires Windows 2000 or later (32 bit only) and the download is 611KB.

RootkitRevealer from Sysinternals.

This free utility compares users mode information to kernel mode and reports differences that exist in the Windows Registry and file system .

Like BlackLight it requires no installation, just double click the .exe file. To start a scan select File/Scan. It took about 20 minutes to scan my test PC.

The program has an option to scan NTFS alternate data streams for hidden code. This option is normally off as it can generate a lot of false positives particularly for those who use products like Kaspersky AV V5 that legitimately store data in these data streams. Experienced users however may want to play with this setting.

RootkitRevealer will not remove rootkits. The authors suggest users conduct a Google search on how to remove any detected malware or re-format the drive and re-install Windows.

Malicious Software Removal Tool from Microsoft

This program is not a dedicated RKD but rather was designed to detect and remove several major virus and worm families. It does however have the capacity to detect the Hacker Defender rootkit and detection of other rootkits may be added at a future date. The program is updated monthly and distributed via the Microsoft and Windows Update services.

If you receive the program through the update service it will run automatically once it is installed.  You will only know that it has run if a malware product is detected on your PC

I can see the logic in this but personally I like to run the program more often That's not a problem as Microsoft provide an online scan using the latest Removal Tool.

You can access the online scan here but note that you need Internet Explorer as the web page uses ActiveX controls.

The latest version of the program can also be downloaded from here.

Scanning took around one minute on my test PC. The only indication you get the program is working is the hard disk activity light but at the end of the scan you are presented with a list of malware that is scanned for and a statement for each whether they are present or not.

  Rootkit Hook Analyzer

The folks over at Resplendence are currently offering Rootkit Hook Analyzer as a free beta of what will eventually become a commercial product.

As the name implies it identifies any active kernel hooks in your system. Now some kernel hooks may be established by legitimate programs so you need to be very careful interpreting the results. Also some rootkits don't employ kernel
hooks so it won't catch these. These reservations aside, it is a useful tool.

The program  runs on Windows XP, 2000 and 2003 Server with the exception of the 64 bit editions and the download is 993KB.

IceSword  (Suitable for experienced users only)

This free Chinese utility is arguably the biggest gun in the rootkit detection war.

It's not really an automated rootkit detector in the manner of BlackLight but rather is a suite of tools that allow a skilled user to detect the presence of a rootkit.

These tools include a process viewer, a startup analyzer,  a port enumerator and more.  These tools will reveal the presence of rootkits and the products they are stealthing but it's up to you to do the identification. In the hands of an skilled user, its an amazing tool.

The program was originally only documented in Chinese but an English version  has now appeared.  The Chinese download site is very slow but David Wasson has provided a local mirro r.   (565KB)

Removing Rootkits

Removing rootkits presents two quite separate problems. The first is the removal of the rootkit itself. The second is the removal of the malware that the rootkit was stealthing.

Because rootkits work by changing the Windows operating itself, it may not be possible to remove the rootkit without causing Windows to become unstable or non-functioning.

Removing the malware hidden by the rootkit presents the normal problems of removing any malware. However you won't be able to do this until the rootkit is removed  at which point the whole system may become unstable to the point that the malware can not be completely removed.

Restoring your drive from a drive image is another possibility providing you are sure the image was created before the rootkit infection and that your imaging program restores the boot sector on your disk