So, you think you're virus free? (PAH)

Dave Yates (PAH)

I've had Norton forever & automatic updates & a weekly scan. Then came McCaffee & I added their software too. I thought all was well, but my computers here and at home had slowed to a turtle's pace.

Looking at computers for Mike's birthday (today) in prep for his college days & the guy at Staples says their Panda software is tops. Bought a copy for the heck of it and tried it at home. 105 infected files! 87 were viruses & the remainder spyware. So, yesterday I bought another copy & loaded it up here at work. I ended up leaving it run overnight because it wasn't finished catching and disinfecting files. When I left work, it had caught more than 500 copies of various viruses snugly tucked away in a number of internal program files. Final count? 1,073 viruses! All gone - killed dead by the new software.

<A HREF="http://www.heatinghelp.com/getListed.cfm?id=98&Step=30">To Learn More About This Professional, Click Here to Visit Their Ad in "Find A Professional"</A>

Capt.Dan

I have always been told that McAfee and Norton don't get along and will not run on the same computer, causes an internal struggle or something. Just a thought.

Dave Yates (PAH)

split duty

Norton was my virus protector while McCafee was to stop pop-ups and spyware.

Evidently my computer was being invaded by other IP addresses while I was on-line and they then planted the viruses. This morning, the Panda software blocked a number of attempted attacks. Something Norton was supposed to do, but never notified me of any attempted intrusions.

To Learn More About This Professional, Click Here to Visit Their Ad in "Find A Professional"

Constantin

Mossberrg was on NPR yesterday on this...

... he said the madness on the PC Windows side re: protection programs was a bit like needing 4 burglar alarms for you house, one for the windows, one for the doors, one for short burglars, etc. There are no good all-around products that cover Spyware, adware, viruses, intrusion attempts to protect PCs. It's pretty crazy, and one would think that MS would be working furiously to close holes instead of opening more.

Anyway, Mossberg also singled out the Macintosh as much more virus-resistant. I agree with that to a point, as many applications can open you up to issues w/o your knowledge. For example, MS Office macro viruses usually function quite well cross-platform.

On the other hand, the Mac has not suffered from the onslaught of virii simply because the OS was written with security in mind (maybe 10 native pre-Mac OSX virii come to mind). OSX also does not by default run a bazillion "services" in the background like the various flavors of windows that offer new and exciting ways to penetrate a machine. A port that doesn't answer cannot be exploited.

The inherent resistance of Mac OS to virii is one of the main reasons that I prefer to use a Mac. I simply get more done because I don't have to hold the hand of the OS all the time. And please don't go down the path of 3% Mac market share and all that, since that wouldn't explain why the MS web-server IIS has 20x more virii written for it than the dominant open-source web-server Apache. All the major web-sites use Apache for a reason...

However, I recognize that in a world filled with windows-only software a number of you have no choice but to use a Windows machine. So here are a couple of tips to keep the bad guys out of your lives:

1. Do NOT use Microsoft Internet Explorer for any browsing online. You're simply asking for trouble. Consider one of many excellent alternatives, such as Firefox, which is fast, free, etc. It'll even import your bookmarks, IIRC.
2. Always have a physical firewall between a windows computer and the internet, particularly if you're using high-speed connections. Windows OS is by default so vulnerable, the probes so prevalent, that it takes, on average, between 5-10 minutes for a Windows PC to get infected once it has been attached to the internet. A router between the PC and the internet will repel the probes with its firewall (remember to have it on though!). considering the very low cost of routers (the excellent Linksys is about $50) there is NO excuse not to use one.
3. If you have a WiFi network at home or at work, use WEP, or better yet, WPA protection to keep intruders out. Both security standards have been broken in the past, but any protection is better than nothing. I have found that the Linksys 4-port wireless router I bought for friends was easy to set up, secure, etc. Unless they're very determined and you have a lot of IP traffic on your network, the bad guys will move on to an open access point.
4. Use best-of-class virus-, adware-, spyware-, etc protection software. I have Penicillin, others swear on Panda, etc. Along with good Spam filters, these tools are ultimately which make our computers usable. I also happen to like the most recent MS product offering (gasp!) that got very good ranking removing spyware and adware. I had nothing... but then again, I almost never use my VirtualPC to browse the net.
5. Avoid using MS products, whenever you're communicating with other people. Do not use Outlook, use thunderbird or some alternative e-mail program. Outlook, like MSIE, has more holes than your average warehouse of colanders. Also, I would avoid having people sending me MS Office documents, whenever possible as they too are too vulnerable WRT macro virii.

Lastly, there is the issue of whether we can or cannot trust software firewalls/intrusion detection software to give adequate protection. In my mind, I would use a firewall/IDS package on each PC within an organization even if the organization is firewalled at the router level. The simple reason is that any laptop that travels into and out of your network can thus effectively bypass the protection of the router.

Also, there has been at least one documented case of a "drive-by infection" where a open WiFi access point allowed an infected PC in a car to transmit its payload to the network within the company. This is yet another reason to secure wireless access points.

Weezbo

*~/:) Thanks that was very imformative Constantine wow.

it must be much worse in the main stream than on the fringes of the internet...i heard of Spiders some sorta deal in australia and new zeland and africa that areby nature part of their systems functioning...all these sorts of hassels joe public thinks oh i got norton adaware spy ware zone alarm this that and another and after a few years it seems the pop up blockers dont, the spam begins creeping in,the programs seem to be falling asleep ,i think it is like high school stuff for a prank for the most part....only thing is it creats more garbage for someone else to clean up.

Carl PE

Firewalls

Dave, you might also think about downloading a copy of "zone alarm". It's free, and works great.

Dean_7

Virus and Macintosh

Interesting observation. I agree with you. I have had Mac's for over 10 years with almost no infection problems (ok one virus last year from a MS Word macro) For about ten years I did small computer systems work and MS programs security flaws were one of the reasons I quit doing it. I also have a linksys router between all three of my networked computers and the internet. Just out of curiousity what operating system do you run I'd appreciate an e-mail if you would rather not reply here and it doesn't impose on you. I switch back and forth between various OS flavors mainly do to some older software issues. Everyone else please listen to the man he knows what he is talking about.

Dave_13

Viruses

Where I work, we bring in an outside IT guy. Great guy- works magic on any machine I ever seen. 90% of his time is consumed with people who call that there computers have slown down and aren't running good. His first step is to always run Lavasoft Ad-aware. I run it every day- works great!

Unknown

I agree and disagree.

We are a mac shop and of course you have basically nothing to worry about from viruses with macs. However I don't think it's primarily an emphasis on security; it's more 'security through obscurity', really. If you want to write a virus to steal credit card numbers and passwords, or to send bulk spam emails from an infected zombie, will you write for 5% of the world's computers (macs) or 95% of the world's computers (windows)? It's simple math.

Plus, most virus writers are in the 95% themselves; why would they learn a whole new system well enough to hack it when so few people use it?

As for windows, I have a Wintel at home. I experimented; I downloaded and burned a firewall program (Zonealarm; get it, it's free). I took my computer off of the internet, reformatted it and reinstalled windows 2k, and then installed zonealarm and set it up to tell me when I was getting hit by outside traffic...

(for those who don't know, you don't have to click emails to get infected anymore. Worms can find you simply by scanning for unprotected computers on the internet)

... Then I got onto the internet and started downloading the windows updates immediately. I was on a high speed connection so this was a ten minute download.

In that ten minutes, I got 3 "red" or "probably dangerous" hits on my firewall (zonealarm). I could have been infected 3 times before I even got my windows updates downloaded.

With that in mind, I tell my windows using family members the following:

get and burn the following programs: Zonealarm, spybot search and destroy (both are free). Zonealarm is a firewall and spybot search and destroy protects against spyware and viruses.

Install spybot, search the computer, get it clean.

Save ALL Data you want to keep to disk.

Reformat, reinstall windows, install zonealarm and spybot search and destroy BEFORE connecting to the internet again.

Connect to the internet, download windows updates immediately.

Set windows and spybot to automatically search for and download their updates.

Staying patched, and using spybot with zonealarm together should keep you safe from then on.. at least, as safe as you can be.

If you're really paranoid, use Adaware as well, but it and spybot can fight sometimes.


To Learn More About This Professional, Click Here to Visit Their Ad in "Find A Professional"

Dave Bush

I've been running Panda Platinum 7

Antivirus and Zone Alarm Pro firewall for two years and NEVER had a problem.

If you don't already have it, Google up "Spybot" and use that to get rid of tracking cookies that an antivirus and firewall won't see.

"Ad-Aware" from Lavasoft is another excellent similar program.

Dave Yates (PAH)

firewall included

with the Panda software

To Learn More About This Professional, Click Here to Visit Their Ad in "Find A Professional"

Dave Bush

I tried the Panda firewall,

But went back to Zone Alarm Pro after a couple weeks. Just a personal preference, I guess, but I felt more comfortable with ZA Pro, as it's a bit more user friendly, and is really omnipotent on the desktop itself, I mean, if ANYTHING happens, you know it right away.

I recently upgraded to the XP service pack with the Windows firewall, and I tried that one for a period, also, but went back to ZA...

Constantin

Hi Dean,

I am currently running OSX 10.3.7. I have no issues being on the bleeding edge with Apple, so I leave the auto-update on by default and simply sign off on updates after confirming on Macintouch, etc. that they don't cause huge issues.

To date, the only kernel panics I have experienced were due to using AdGate and Safari in tandem. That shouldn't happen (an application shouldn't be capable of bringing down the system) but there you go.

I got really good at trouble-shooting windows PCs because I would spend weeks in the field with no access to the IT department at my old job. At the root, messing around with registry keys isn't that much different from doing conflict resolution with control panels, extensions, etc. under OS9. Relearning my Unix CLI commands under OSX has been a neat side-benefit whenever the OS decides for me that I shouldn't have access privileges for certain operations.

Constantin

Allow me to disagree

Rob, I think there are a number of fundamental design differences between OSX and Windows that put a much greater emphasis on security in OSX from the beginning.

For one, OSX is built on a flavor of Unix that has been around for ages. Yes, exploits exist, but the code-base is pretty open and as a result, the students, teachers, etc. that have been contributing to BSD have done their homework (literally) closing them down for the most part.

Next, OSX doesn't allow you to run all your processes as root by default the way windows does. Granted, starting with NT (and now XP) it is finally possible for people to run their machines in anything but administrator mode. However, when was the last time that XP asked you for your password when you wanted to install something? The answer is, XP doesn't have a lot of security features turned on by default, instead, they are turned off.

In OSX, if you want to run any number of services (such as enabling SSH dialin, for example), you have to enable the feature. That is, the "service" isn't running in the background by default. Thus, if SSH is found to be vulnerable to an external threat, it won't affect a OSX user unless they have turned on the SSH-dialin feature.

Furthermore, the firewall that ships with OSX is actually effective. That is, you have to manually punch holes into it to allow others to access the ports on your machine. To the best of my knowledge, Windows machines ship with no effective firewall on by default. But perhaps this is something that SP2 addressed with the security center.

I don't buy the obscurity argument either. As I pointed out above, most web-servers on the internet run Linux and Apache for a reason... In my experience, they are much harder to hack and only go down whenever the server they run on breaks down due to a hardware failure. Yet, despite having very few web-sites under its belt, IIS has been penetrated more often than I can count.

So, from my perspective, I prefer to use a computer OS that has shown some resilience over the years to being hacked. This is not to say that it cannot be done (of course it can) but the prevalence of backdoors, exploitable buffer-overruns, etc. seem to be far more of an issue with Windows OS than any other modern OS.

I don't think we ought to have to buy several maintenance programs and to keep them updated, just so we can access the internet without the risk of losing all our info in a flash. I am surprised that there aren't more people that are outraged by the inability of MS to get security right before moving on to adding more useless features to an already-bloated featureset.

Anyway, if it was my choice, our business would only run on Macs simply because a) you don't have to me a MSC to admin them, b) they have lower lifecycle costs than windows boxes, c) and the stuff we do doesn't require anything beyond MS Office for the most part. You guys aren't as lucky as the best hydronics/HVAC calc packages run Windows-only.

In fact, the greatest use I am currently getting out of my copy of Windows XP Pro on VirtualPC is rendering the company web-site I am developing on the various flavors of Windows IE to make sure that their quirks don't cause any problems.

Ed Lentz

My two cents

I've been a reader of this site for a few months and I can't tell you guys how much I have learned from all that you guys talk about. So here is something I know about.

If you are using a Windoze PC then here's what I use.
Zone Alarm for your firewall
AVG Free edition for a Virus Scanner (Been using it for two years and no infections either at home or the office (6 systems there)).
AdAware and Spybot Search and destroy. for all the ads

I recently switched to Mozilla Firefox and it stops the popups COLD.
I use Mozilla Thunderbird for my email client, has a real good spam filter. You tellit which email is spam and then you don't see anymore from them again.

And for when I occasionally delve into the darker side of the Internet I boot up Mandrake Linux and don't look back!

Everything I am using is free downloads and all registered. Just google for it and they are easy to find.

As I said just my 2 cents

Ed

Weezbo

no more ..Hi iam Zambilli the presidents only living......

and Your loans have been approved? which one ....wheree these guys even think this stuff up i dont know how they ever got my e-mail i havent a clue and Why Me has been puzzeling me for years.

Robert O'Connor_9

Zone Alarm

Yep Zone Alarm and Mozilla Firefox thats what I use . Seemingly very secure.

Regards

Robert

ME

Maine doug

I have

2 laptops and 2 desktops on a wired and wireless network. Linksys cable modem and Linksys router. All PC's are on Windows 2000 Pro, Service Pack 4. For me this was the most stable Windows platform (18 years in IT, 20,000 users, Multi-terrabyte IBM Unix boxes, 6 billion a year in $ volume)

Am planning to move from MS Internet Explorer and Outlook after many years but will also have to find a sub for Outlook that works on the Compaq pocket PC.

singh

My first, last and only computer I'll ever own, or will own in the future is MAC.
yeah they cost 2x as much but worth every penny. I always grin when I see a commercial for crappy desktop for $600.,you don't get protection at those prices.
Good explanations Constatine.

singh

My first, last and only computer I'll ever own, or will own in the future is MAC.
yeah they cost 2x as much but worth every penny. I always grin when I see a commercial for crappy desktop for $600.,you don't get protection at those prices.
Good explanations Constatine.

Uni R

This Mac vs PC is pretty ironic

That's like saying brand X boiler is the only way to go. People should always base their platform choice on what applications they most need. Also, I wouldn't be so quick to say the Mac OS is more secure. I'm sure if the hacker crowd had more access to Macs and Macs had better programming tools, we'd quickly find that Mac integration of applications leaves just as many security holes as MS does by allowing too much power for one application to access another.

Constantin

That was not my point

As I stated above, the Mac likely has security issues as well - any OS does. However, the fundamental architecture of the Unix OS was built with security in mind, unlike Windows. Hence, the whole distinction between different processes and at what UID they are running, etc. Not everything has to be executed at the root (administrator) level.

Furthermore, a computer is only as useful as the software it can run. This makes a Mac less useful in the hydronics field as I am not aware of a single good heat loss/gain application, there are no suites like Wrightsoft that help automate your business, etc.

Considering how similar the various flavors of Linux, Unix, and OSX are and how they are often built on the same distros for the underlying OS programs they run (i.e. SSL, SSH, Apache, qmail, etc.) there is a large body of folks that can and have penetrated these platforms. In fact, one guy even managed to get into the Debian source tree and just about inserted a backdoor before he was caught. Debian is pretty obscure...

So I don't buy the security through obscurity argument. Any platform that has millions of users is an attractive target, particularly for the wide-spread attempts to glean personal information, send spam, etc. I can't think of a single platform that will have more access to high-speed internet connections or high-value customers (think of the customer profile).

Anyway, this is not meant to be a "Mac is superior" position. It's simply a better computer for me and my family. My father is a happy "switcher", and I love that he no longer has to rely on me all the time to give him tech support in Germany (one 17-hour session with Norton and the Klez-virus convinced me that something had to change).

All I say is: What is your time worth? If you find yourself babysitting a PC instead of using it, you're wasting time. Yes, you can buy the best of class programs to protect Windows PCs, you can keep them updated, etc. and hence run a relatively trouble-free (my Windows XP has yet to quit). But for the average user, it is evidently too difficult to keep their Windows boxes up to date, otherwise we wouldn't have huge numbers of zombie machines sending spam, infecting other machines, etc. on the internet today.

Steve Ebels_2

You guys

might as well be speaking Swahili or Slovakian or Greek. I don't have a clue what you are refering to with all the acronyms and abbreviations.

Can you recommend a good book that will bring a computer illiterate like myself up to some semblance of normal computer IQ? How about something that starts with "In the begining..........". I'd really like to understand more about this stuff because it's not going to go away.

Craig R. Bergman_2

Don't mix..

two seperate anti-virus programs. Most of them DO NOT
play well together

Boiler Guy

I am

in total agreement with you Steve. I am one of the semi-compu-illiterate.

Glenn Harrison_2

I believe the...

___ for dummies writers have different books for computers, such as I have Windows ME for dummies on my shelf from when I had ME on my PC. so I'm sure there is a Window XP for dummies out there.

Constantin

This is something I have wrestled with myself...

... there are few books on computers that I can recommend, and the few that I do like deal with some pretty obscure stuff as far as the average home user is concerned (CSS and the like).

My recommendation would be to go over to Amazon.com and see what books the readers recommend. Better yet, go to a large bookstore where you can browse books to better understand if their way of conveying information actually works for you. All our brains are wired differently, some people can make do with words, others need lots of screenshots to help them further.

Lastly, while this is not a PC-support forum, I'd like to think that Dan would be OK with some questions being asked on the Wall, or you can always e-mail those that seem to know about a topic of interest. Anyway, you mentioned acronyms, so I'll try and be pedantic about it all.

There are several tyupes of nasties out there that can infect your computer. the traditional problem was a Virus, which is basically a program that (like its biological counterpart) tries to replicate ad nauseum by infecting fellow files on your computer and also by using the computer as a means to find new hosts to infect.

For example, Mr. Yates discovered that some machine out on the internet tried to infect his machine several times once he had installed software to make it harder to infect his machine. Such software can be a simple virus checker but it may also include other features like Intrusion Detection Systems (IDS) that basically cry out whenever a fellow computer tries to infect yours with something or other.

Viruses can come in many forms, from standalone programs to macro viruses. Macro viruses generally written using a langauage called Virtual-Basic (VB) which was created by Microsoft to allow people to program their Office documents qucikly. However, given that VB was not written with security in mind has ensured that literally tens of thousands of macro virii are floating out there in MS word documents, etc. waiting to infect your computer.

Since MS Office was written for several computer platforms, Macro virii were also the first virii to be platform-independent. They could infect a Macintosh just as well as a Dell, as long as both computers were running MS Office suites.

Another issue is the ease with which Internet Explorer (MSIE) can be exploited. Just this week, MS found another 3 critical holes in MSIE. Here, MS tried to make it easy to install useful programs like toolbars and the like to make MSIE friendlier. However, the lack of attention to security has ensured that instead of installing useful toolbars, most of the "extensions" are spyware, malware,etc. foisted on users that visit the wrong web-sites.

Some more acronyms pop up in the wireless world, where most access points use a piece of unregulated spectrum around 2.4GHz to communicate. The WiFi alliance of equipment manufacturers have set a number of standards that allow the various access points, routers, cards, etc. to work with each other. They also came up with several forms of encryption to make penetrating wireless network harder.

The first standard was called Wired-Equivalent-Protection (WEP) and usually consisted of a 64bit key, which was later raised to 128bits once US export regulations were relaxed. BTW, as far as the US government is concerned, cryptographic devices fall into the same category as nuclear munitions as far as export penalities are concerned.

Anyway, WEP was found to be full of holes, and several revisions later the industry had ratified a new standard called Wifi Protected Access (WPA). This standard is much harder to break than WEP and should be considered adequate for most home environments. In order to use WPA, you have to run a modern OS (Windows XP, Mac OSX, Linux) on your computer, as most devices to not offer legacy drivers with WPA support.

BTW, a driver is basically a little piece of software that allows a device to communicate with the computer. Without the proper drivers, no computer can hence work properly. Hence also the constant quest to ensure that all the drivers that are required for your system are up to date.

VirtualPC is a piece of emulating software that allows me to run a Windows PC on my Apple Macintosh. It's slow, but it works. The CLI refers to the command-line-interface, i.e. the lowest level of the computer operating system (where you don't have the benefit of the Graphic User Interface (GUI).) You may remember the CLI from your Disk-Operating-System (MS-DOS) days, when you had to enter commands like "dir" to change directories, etc.

IT refers to Information Technology... Windows, OSX, and Linux are the most popular operating systems for microcomputers today. Windows OS only runs on Intel-compatible hardware, while OSX is limited to Apple-made computers. The various flavors of Linux can run on either Intel-compatible hardware or Apple computers. Linux and OSX are pretty similar in terms of security, though I find OSX easier to learn and use.

Much of the Linux and OSX code-base is based on or was inspired by the Berkely Software Distribution of UNIX, usually called BSD. That was a research collaboration between Bell labs and Berkley University in the 70's. BSD has since morphed into a number of open-souce collaborative efforts, where people offer their help for free to advance the various flavors of OS'.

SSH and SSL are standard protocols that allow you to connect to another machine securely. SSL is used almost every time on the internet when you visit a merchant like Amazon (in the areas they call secure). They do this by establishing an encrypted "tunnel" where the data streams that pass between your computer and the server are garbled.

A UID is a UNIXism, which basically assigns privileges (and hence limits) for the various programs that are running on your computer. The idea behind a UID is sort of like probation: A program only has the freedoms to do what the OS deems necessary. Thus, should the program fail, the OS and the computer will be protected to a limited extent from any fallout.

"Root", "Superuser", etc. all decribe the account with unlimited system priviliges on a Unix machine. In other words, as a hacker your goal will always be to get root privileges, since that'll enable you to do anything you want on a machine. Thus, UIDs are a bit like Master keys in structures, where one key may open all areas but other keys can only open one or two rooms. Any compromise will thus be limited (unless it's the master key).

I've gone on too long now. Must sleep. But if you have questions that I can answer, fire away, either here or by e-mail. Besides, I'm sure Alex (a.k.a. stonehouse) has a thing or two he could add re: computers, security, etc. since that was his bread and butter for a while...

Glenn Harrison_2

Thanks Dave,

I just used Panda Software's on-line scanner, and it found 10 "Infections" and zapped them for me, that Norton's had missed.

Looks like it's time for a software change.

Dave Yates (PAH)

Glad it helped!

Every day since I've installed Panda (on four computers now), I check the report it generates. It's amazing to see how many times outside programs attempt connecting to my computer and how many adware/spyware intruders are caught/eliminated/blocked.

All of the computers are now running at speeds more like when they were new. We even dumped the free one-year Norton on a new laptop & loaded up Panda.

To Learn More About This Professional, Click Here to Visit Their Ad in "Find A Professional"

Kal Row

the abacus, as long is you dont lend it out, is virus free