Fred Avolio's Musings

iChat Status

musings on security and other topics topics archives
January
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
most recent headlines other links, other blogs  

:: home ::
Thu, 06 Jan 2005
What Every Home PC User Needs (UPDATED--see below)

Last year, when I was still writing the monthly NetSec Letter I wrote promoted Personal Firewall Day, an idea of friend and security colleague Paul Robertson. (See http://www.personalfirewallday.org/.)

PFD was January 15. I don't know what, if anything, is planned for this year. But, it is obvious to be that in addition to personal firewalls and anti-virus software, a critical add-on to home computers is spyware detection software. I have just recently wrote on problems friends and I have had with spyware. (See what I wrote last month in " Spyware/Adware Removal Disables Windows98 Machine" and " Malware -- the threat is real," and today in " Spyware/Adware Removal Disables XP Pro."

Why this blog entry then? I want to simply spell out what every home PC should have in a form that you and I can send out to relatives and friends.

Every home PC should have the following:

  • Antivirus software. You know this. Surely you have it. If you do not, you are foolish. Keep it up to date. It's worth the money. Really it is.
  • Personal Firewall. Use a free firewall, such as ZoneAlarm (that's what I use) or any others you find at www.personalfirewallday.org/firewall.html. If you run Windows XP, enable the firewall that comes with XP. Your antivirus vendor might have a deal with bundled AV and personal firewall. Check it out.
  • Spyware removal software. This is a new (over the last year) problem, and one that many home-users are ignoring. Don't have spyware? I bet you do. Ever click on something that said "Click here to speed up your Internet connection?" Ever install "free" software? Maybe you've added a neat item on your toolbar that shows the weather or stock reports. Computer running slower and slower? Are you now plagued with pop-up advertisements? There is a good chance you have some spyware running on your computer.

    Something called Marketscore has gotten attention recently. Security vendor WatchGuard recommends treating it as spyware. They write, "Marketscore claims to be 'Internet accelerator software'..." See the complete write-up at www.watchguard.com/RSS/showarticle.aspx?pack=RSS.Marketscore. The University of Maryland, and others, classify it as spyware. See their spyware alert at www.helpdesk.umd.edu/documents/4/4444/.

    Get and run some spyware detection software. Your AV vendor may have something. Microsoft, the University of Maryland, and others (including me) recommend

Other resources:

Be careful out there.

Oliver (no last name given) commented, "SpyBot installs 'DSO Exploit'" I find no evidence of that, just that earlier versions tagged this exploit but could not deal with it. Everything I see says Spybot gets good grades.

He also recommended Ad-Aware (as I did, above) and SpyWare Doctor.

Colleague and paisano Dave Piscitello has an interesting article on this subject on securitypipeline. Check out "What's The Difference Between Spyware And Viruses?"
This slashdot post, refers to Microsoft's AntiSpyware annoucement, and this review of it. It is a test release.

It is worth pointing out that most people recommend using two different products for countering spyware (for example, both SpyBot and Ad-Aware.

Be careful you get the correct software. Some companies put tags on their webpage such that if you do a search for one product, a competitor's product shows up. This is not merely the search engine company helping you out. It is "deceptive marketing practices," as Dave Piscitello says in his weblog. See entry #336 in the spam and spyware section of his weblog.

An example of something similar, not as sleazy, but nearly as obnoxious... Type "adaware" (note no hyphen -- the product is Ad-Aware) in a Google search and the first thing that you get is a sponsor's (i.e., paid advertiser) link to something called "NoAdware"" indicating it is the "2005 highest rated spyware remover." Hmmmm. 2005 is 6 days old as I type this. Must have been a quick test. It does not say that on the web page -- not that I can see -- but in the adverstisement on Google it does. On the web page it says, "21,756,915 downloads by people in over 100 countries as of 04:02PM EST, Jan 06, 2005." I wonder how many of them thought they were getting Ad-Aware? This product might be great. I just don't like this practice. But, then Dave did point out that they were infamous in other places. For example, they show up in the The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites.

Comment on this.
[/security/] permanent link

Malware -- the threat is real (Updated)

A friend was spending part of his day last week cleaning up malware (adware, spyware) from a home computers, including his business computer in his home office. (Search for "spyware review" will turn up a lot of sites including this review in PC Magazine. Friday, he IMed me the following:

Remember I told you I was battling spyware and the like? Well, my debit card was denied yesterday. I checked the bank statement on-line and found an unexplained charge for over $1K from [name1 omitted]. Turns out I made a legit purchase from [name2 omitted] for $100 and some trojan program tagged along and xferred over $1K to someone else's account at [name1 omitted]. They tagged it as suspicious and blocked further withdrawals. I talked to them and they will refund (and I hope will prosecute).

Now, this wasn't your average spyware... or was it? It did what any spyware/adware/malware can do. It just did something illegal.

Yesterday (12Dec04), Marcus Ranum posted the following in the firewall-wizards list.

... What is the cost of enumerating viruses and malware and running antivirus software ($19/year/desktop...) versus the cost of telling the system exactly what code you want to allow to run. (Hmmm, let's see - I could define my desktop computer's "allow" list in 3 seconds: Eudora, Opera, Photoshop, Powerpoint, Word, and directory toolkit) The obvious answer is "default deny" rather than "default permit and block/enumerate all evil."

Good idea. Where can I (average consumer) buy it? And will any average consumer want to run it?

On the list, Marcus suggested:
There are a few products out that do this. Citadel has a pretty cool package ( SecurePC) that's designed for kiosk applications. I've considered using it as a lock down tool for my laptop but the tool is a bit more "enterprisy" than I need. I think it's designed for locking down ATMs and stuff like that from a central point. What I want is something that has a ZoneAlarm-like "smart interface" that lets me reverse-engineer a policy over time.

I agree, it is overkill. Another friend and colleague, Jon McCown, pointed me to Prevx (neither Jon nor I work for them). Looks worth a field test. It works on XP and 2000. See http://www.prevx.com/prevxhome.asp.

A reader sent me a Google-discovered link to http://force.coresecurity.com/. It is in a beta-test period, apparently. The screenshots indicate program-level control (what can execute) as well as authorization (what that program may do). It may also be worth a look.

And today in a newsfeed this article mentioned another product with a free version, AntiHook 2.0. Lots to check out...

Okay, enough already! Marcus sent a pointer to FreezeX. Where have all of these been? Where have I been? :-)

A friend tested PrevX on his home computers. He wrote:
It is very happy (and effective) on my wife's Win2K computer. The kids go "various places" on it an tend to pick up barnacles, which seem to have a much tougher time now. I passworded the PrevX console so they can't just click "shoot me" as easily. And the best news was that it didn't break anything. :-)

Comment on this.
[/security/] permanent link