MVP-HELP for Windows

...where you can have fun AND be secure

Blog

If you would like to make a comment about a particular article, right-click the title bar and choose to Open it in a New Tab. Scroll to the bottom.

Comment Rules: Computers are cool, and that's how we will be here. Insightful criticism is appreciated, but if you're rude, we'll delete your stuff. Please do not put your URL in the comment text and please use your PERSONAL name or initials and not your business name, as that comes off like spam. Have fun and thanks for adding to the conversation! Inspired by Tim Ferriss. Thanks Tim!

view:  full / summary

Remove Advertising Without Ad Blocking Addons

Posted on April 3, 2017 at 9:10 AM Comments comments (0)

Never again be told by websites to turn off your ad blockers. You don't actually need to use ad blocking addons.

-

I've been continuously online, every day for more than 17 years. My computers have never once been infected by a virus nor worm. I tried to warn the security community back in 2006 about the dangers of malware via advertising but they wouldn't listen. Now, more than 10 years later, they are getting the message. The best way to protect your computer while online is to eliminate all advertising. I'm sure advertisers won't like it, but they're going to have to change the ways that they do business if they want to stay in business. What if webmasters had to check their ads for malware before presenting them on their websites? Keep using your own methods for antimalware but this can help strengthen your computer's defenses.

-

People who are using ad blockers as addons on their browsers, Firefox, Chrome, Opera etc, are encountering web sites that block them, demanding they turn them off or whitelist them. You should never reduce your security for something like that. From my point of view, businesses that expect me to conform to their desires are walking on thin ice. I like voting with my wallet. So if a business doesn't like my online practices they can go jump in a lake (in October). They won't be getting my business either, forever after.

-

First, get a HOSTS file from the MVPs:  Complete instructions for all versions of Windows are provided at their site.

-

Second, get SpywareBlaster from Brightfort. Install it and follow their instructions. This little freeware or donationware program (originally written by Javacool) protects your computer by blocking the class IDs of known spyware, including protecting your browsers. Every program has a unique class ID. It's like a fingerprint. Spywareblaster is updated regularly. You set it and then forget it until the next update. (You may need to copy and paste the link below to your browser address bar.)

-

https://www.brightfort.com/spywareblaster.html

-

Third, get the original freeware Spybot Search and Destroy v 1.6.2 from Safer-Networking. Install it and update it. It's compatible with Windows 7, 8.0, 8.1 and 10, for both 32 and 64 bit platforms. Spybot can also augment your HOSTS file. You need to open it from the Start page on your computer, right-click it and Run (it) as Administrator. Choose Mode > Advanced mode then select the Immunize shield in the left column. You will see a window on the right side "Select Passive Protection." You'll see a green "+" sign beside the word Immunize at the top. Click it and wait a few minutes to allow Spybot to further protect your browsers, HOSTS and your entire computer against malware. (You may need to copy and paste the link below to your browser address bar.)

-

https://www.safer-networking.org/mirrors162/

-

These three combined, MVPs HOSTS, Spywareblaster and Spybot Search and Destroy have protected my computer against most forms of malware for more the 15 years. I have compared the strength of them against regular ad blocking addons and they are by far superior in every way. Also, no website will detect you blocking their ads. The few things I need watch for now are trojans that can come (rarely) bundled with downloads I get. It's interesting that what got me started in computer security so long ago was from a trojan I got. I also use MalwareBytes Anti-Exploit whenever I open my browser. I use the freeware MBAM (MalwareBytes AntiMalware) scanner and an antivirus to check downloaded files before I open them. It's a good habit to develop.

-

You don't need adblocking addons except for flash/videos. I tested this on Youtube. If you want to block the video ads then get the Adblock Plus addon. There may be other adblockers that do the same thing but I use this one.

-

https://adblockplus.org/

-

All the best and always take care of your security!





MyLockbox is NOT Locked

Posted on March 10, 2015 at 11:10 PM Comments comments (0)

Hello readers. I have been unable to change nor delete my references to My Lockbox in my other articles so this post will have to do. I discovered by accident while using a file recovery utility that My Lockbox merely pretends to hide itself and the files. It does NOT encrypt them either. I was easily able to read/view, copy and save my files to other locations. At the moment I'm checking out Safehouse Explorer and VeraCrypt as alternatives. Best wishes to everyone.

March 10, 2015

New WSC Volume 1: Addons Means AdsOff

Posted on March 19, 2014 at 3:25 PM Comments comments (0)

I've been continuously online from 2000 up to present, using Windows computers. Over the years, I used a number of different antivirus and antispyware programs. In all that time I never had a virus nor a worm, nor any warnings of them. I have antivirus, antispyware and antitrojan applications that are free to individual home use.

-

So, just what am I doing, or not doing that has prevented me from encountering any form of virus online or off? If you want my definitive and formal security practices, please get a copy of "Rootkits For Dummies," published in 2007 by Wiley Publishing Ltd. It's not at all dated, having been picked up by libraries all over the world. The information provided on securing your computer is just as relevant now as it was then.

-

I like to keep my security simple and straightforwards. Most of my computers in the past were meager on resources so I couldn't use anything that ate them. I also dislike programs that need a lot of babysitting, constantly crying for attention to make you think they're doing a great job. I prefer to load my own choice of antivirus if I want one. The one I use and trust is Avira AntiVir.

-

How I do my security has had an affect on my experience, but it's much more than that. I abhor advertisements on pages I'm trying to read. My eyes will wander when enticed by any movement or flashing. It's very distracting (and totally instinctive btw) when I read in-depth subjects at a post-graduate reading level. I have techniques to completely remove any and ALL advertising from my computer. Naturally, this goes against the grain commercially since unwilling victims of ads are one reason for doing them by websites seeking to make money from their suffering. I'm pretty sure the online search providers that serve up lots of ads aren't going to like this, that the biggest single vector for online malware, viruses and worms is advertising, especially via infected websites. They like to blame all this on the users visiting spurious websites or downloading "free" applications. I have done all that in the past including using P2P (as proof of concept), finding only four trojans and zero viruses along the way in over twelve years. The fact that I have never had a virus is no fluke.

-

Malware makers always seek to infect the greatest number of computers. My theory based on my experience is that they do it by intercepting and infecting advertising, and then sending it along the pipelines. This brings infected websites to people's computers without them having to visit. The newest malware may not be detected by most antivirus applications simply because they are unknown. A lot of antivirus programs also scan using something called, "heuristics." Heuristics are not as accurate as detections from signature files, but it is useful. In any event always get a second opinion by checking detected malware files with something like VirusTotal, especially if it's a system file. Personally, if it's a file that's not system, that I can live without, I toss it with the secure shredder included in Spybot Search & Destroy.

-

The bigtime online ad providers such as Yahoo, Fox and Google do indeed check their advertisements for malware, but the newest forms often get through simply because they're unknown. I'm a writer so I do a lot of research all over the Web. You can have more control over your Internet experience. Don't let big business try to push you around about what is secure and legitimate. The Internet wasn't started by big business, but by a bunch of scientists exchanging information with each other. They paved the way to make sure that the Web and Internet would be available to EVERYONE, even though their financing came via the military (NORAD). Smart people looking to the future.

-

Here's my recipe for no-ads security:

-

1.___ Install the MVPS HOSTS (file). It surprises me that they don't even use this basic tool where I work. Our IT has heard of it but since it's not promoted as a bigtime commercial (and pricey) security advantage, they don't use it. It's free for personal use, so please get it. It protects you from malware sites, web bugs and malware before they can ever appear in your browser. Instructions for installation are provided at their website. It's updated every few months, so you'll need to check back now and then after install. It does not automatically update. Register for Updates News.

-

***How It Works - Every Windows computer has a HOSTS file. When you click on an address link in your web browser the computer checks the HOSTS first. If it finds nothing there, it then checks with the DNS (Domain Name Server) to find out where to go. The HOSTS is basically a text file with the names of websites on one side and the address of your own computer on the other side, (127.0.0.1). You can open it in Windows Notepad under "All Files" if you wish to see it. The idea is to have a list of bad websites with 127.0.0.1 as their address. Your browser will then display a blank area or page instead of the bad website.

-

The HOSTS does have a tendency as it gets larger to impact your browsing speed. If you're spoiled like me with a fast browser, you can speed things up by disabling the DNS Client via Windows Services. They have instructions at the MVPS Hosts site for that as well.

-

2.___You can use Internet Explorer, the default web browser that comes with Windows. Although it uses some plugins it's still behind browsers such as Firefox or Opera. I avoid using Google's Chrome, as it's designed to leverage ads and track your movements. Firefox and Opera are free. I use both. After you install it, get the following security extensions for it. These extensions also work in Opera.

-

Adblock Plus: Links to the right of the Install button are provided for other browsers.

-

Adblock Plus Pop-up Addon: Blocks mouse-click popups, popup windows and tabs.

-

Element Hiding Helper for Adblock Plus: Blocks text ads. Simplifies blocking rules.

-

Better Privacy: Gets rid of the new super flash cookies, but be sure to keep the ones you need.

-

and if you use Facebook, get F.B. Purity: Cleans Up Facebook.

-

All of these extensions/addons currently work in Firefox 21 (I tested them on Windows Eight.) You might resist using the latest Firefoxes as they come out because it sometimes takes awhile for the extensions or addons to catch-up to them. I don't care to get a new fangled browser that doesn't support my purposes 100%. You get those extensions/addons by clicking Tools on the Firefox Menu Bar, and then selecting Add-ons, when you're online. Just type them into the search bar, or use the links above. Download, install and restart the browser for each of them.

-

3.___ Get Spywareblaster by Javacool. Very simple and easy to use security tool, free for personal use. You can get autoupdates for a donation to the cause. Spywareblaster is a passive security tool. You set it and then forget it. What it does is block the Class ID's of known malware. Every program has a unique Class ID embedded within it, no exceptions. Block the Class ID, and that program cannot even load on your machine. It will set Class IDs and Restricted Sites for all of your browsers, and make a System Snapshot for backup purposes. I've used this since it first came out. Thanks so much Javacool! Spywareblaster ROCKS!

-

4.___ Spybot Search and Destroy. I loved this program up until recently. I don't know what the author Patrick Kolla was thinking when he made the latest release (Spybot + AV) into bloatware for babysitting. You can however get the old version of Spybot S&D v 1.6.2, and it still updates. Do NOT use the "Tea-Timer" (nor the bloatware version) unless you LOVE babysitting. Install, and update it. When you've done the update (remember to skip the Tea-Timer update - more babysitting), click on Immunize (shield button on left side). This does a similar action as Spywareblaster for all your browsers and your MVPS Hosts. If this version of Spybot S&D is ever discontinued, then I will no longer be using it. I have used it since it first came out (and donated to it). Please developers - GET A CLUE! The more you overtake the plumbing, the easier it is to plug up the drain.

-

As an addition to Spybot S&D, I've started using the freeware version of MalwareBytes AntiMalware or MBAM. It's an excellent on-demand antispyware scanner. Using the right-click menu (added during installation), I use it to scan all the files that I download before opening them. I also run it on quick-scan once a week to ensure general security. I manually update it as needed (they update every day). You can download the free version. You will need to provide them with a valid email address to get it, but it's worth it.

-

Since I'm on the subject of scans, you can do a free, on-demand virus scan using online sources. Trend Micro Housecall or Kaspersky have free online scans that are quite good. If dirty files are detected, I run them through VirusTotal for a 2nd opinion before securely deleting them using a file shredder. Most malware files aren't usually dangerous unless you open them. If you run into problems and still cannot figure it out, go to SpywareHammer. The experts there will help you. Do please read their instructions to learn how to post your problems to them.

-

5.___If you have trialware from Norton or McAfee that you don't want, go online and search in Google for the Norton or McAfee Removal Tools. WikiHow has good instructions for Norton. PCHell has instructions for both Norton and McAfee. Before applying any of these tools to your computer, make a System Restore Point. It doesn't take long and can save you misery later should anything go horribly wrong. I haven't had any bad experiences using these tools but it's best to be on the safe side. Here's instructions for Windows 7 on creating a System Restore point.

-

VERY IMPORTANT!!! Go to Microsoft and get all the updates for your system. Be aware that this will take some time to do, like a couple hours for a new PC. It's a necessary procedure if you want to stay safe online. Just do it. Windows Update

-

6.___ Unless you use a Virtual Private Network (VPN), and you're on a modem, get a router. Wireless or wired it's worth the investment as it acts like a hardware firewall between your modem and the Internet. It stops simple hacking attempts cold. If you get one, be sure to set it up properly from the start. Set a username other than admin and a complicated password. Basic instructions can be found here. In addition to using a router, it's important to still use a software firewall as it can stop stuff from inside your computer attempting to "phone home." I'm using the Windows Firewall supplied with the operating system as it's more than adequate for my needs.

-

You might consider getting yourself a travel router for use with public access points. Many types are available at reasonable prices.

-

7.___ Google Search is okay if you don't care about being tracked and recorded. EVERYTHING done on Google is tracked and recorded, by Google and your ISP. Google keeps its records for up to 18 months worldwide. If you do not wish to be tracked or have your surfing recorded, use a proxy search site such as Ixquick. You can read all about the company at Wikipedia. I used to use Scroogle, but it no longer functions no-thanks to Google.

-

Remember to setup your Firefox or Opera to erase all your history whenever you close the browser. If you do use Google for something you can clear the history at anytime from the Tools menu in Firefox. Of course, they will still have a record.

-

Well, there it is. Many people have asked me in the past how I do my security, or how they can stay safe online. This will get you started. No security setup is perfect, so do read the Disclaimer section of this site. Some security experts may strongly disagree with how I do my own security or my opinions about it, but it has stood the tests of time and actual use. Viruses are still a burgeoning threat to many on the Internet. If you already have a strong security setup that you have faith in, then you will not likely need my advice. But as some people are fond of saying, never stop learning. I'm no exception in that respect. Thanks for reading.

 

 


Windows Security Checklist - Part 8: IM Insecure

Posted on July 8, 2011 at 4:02 PM Comments comments (4)

by Larry Stevenson, aka Prince_Serendip, (former) CastleCops Staff Writer

Revised and republished: June 8, 2011

-

This article was first published on January 16, 2005. It's been six years, and not that much has changed in the instant messaging game. It's still insecure, and many of the tips and techniques provided then are just as useful now.

-

IM Insecure

-

Instant messaging allows you to know when your friends are online and send them messages in real-time. It's a great way to keep in touch with friends, family and business associates. It's is one of the fastest-growing and largest segments on the Internet. Instant messaging, or just IM, makes it easy and fun to keep in touch. As with any other activity on the Internet, pitfalls and dangers await the unwary. How can you use Instant Messages while still maintaining your privacy and security?

-

IM Threatened

-

Instant messenger server networks provide the ability to transfer text, voice, video messages and files. Thus, instant messages can transfer worms, viruses, trojans and spyware, otherwise known collectively as malware. IM's can also provide an access point for backdoor trojan horses. Cyber-criminals can use IMs to gain backdoor access to computers without opening a listening port, effectively bypassing the firewall. Finding victims does not require scanning unknown IP addresses, but by simply selecting from an updated directory of Buddy Lists. In addition to file transfers, all the major instant messenger networks support peer-to-peer (P2P) file sharing where one can share a directory or an entire drive. This means that all the files on a computer can be shared using the IM application, thus leading to the spread of files that are infected with malware. This also makes information being shared by IMs available for unauthorized viewing.

-

IM Wormy

-

Worms not only travel by email but also through instant messages. These threats can be dealt with by effective gateway (firewall) monitoring and by installing desktop antivirus protection. Be sure that the antivirus is set to maximum protection, and use the heuristics if you use Instant Messengers.

-

The way in which these worms replicate varies. Some of the worms spread by both email and instant messaging. Others spread only via IM. As more IM users become aware of the threats and how to prevent them, the success of these worms can be significantly reduced.

-

IM Backdoor Trojans

-

One can share every file on another computer using an instant messenger. All the popular instant messengers have file sharing capabilities or the ability to add how to do that by applying patches or plug-ins. As the instant messaging applications allow peer-to-peer file sharing, a trojan horse can configure the instant messaging application to share all files on the system with full access to everyone, and in this way gain backdoor access to the computer. The benefit for a cyber-criminal using an instant messenger to access files on a remote computer instead of installing a backdoor trojan horse is that even if the computer is using a dynamic IP address, the login name will probably never change. The cyber-criminal will also get a notification each time the victim computer is on-line. Keeping track of and accessing infected computers is very easy for the cyber-criminals. They do not need to open new suspicious ports for communication, but can use already open instant messaging ports.

-

Trojan horse programs exist that target instant messaging. Some modify configuration settings so file sharing is enabled for the entire hard drive. These types of trojans pose a large threat, as they allow anyone full file access to the computer. Trojans need you to install them, by clicking on a link, or downloading and installing something right away. Viruses and worms don't need you to infect your machine.

-

Classic backdoor trojan horses can use instant messengers to send messages to the author of the trojan, giving the cyber-criminal information about the infected computer. The cyber-criminal can harvest system information, cached passwords, and the IP address of the infected computer. In addition, the cyber-criminal can send messages to the infected computer via IM instructing it to perform some unauthorized action.

-

Backdoor trojan horses that allow access to the computer by using instant messenger applications may be harder to prevent than classic backdoor trojans. Classic backdoor trojans open an outgoing listening port on the computer, forming a connection with a remote machine. This can be blocked by a desktop firewall. If the trojan operates via the instant messaging application, it does not open a new port. The users have already created an "allow rule" in their desktop firewall products for instant messaging traffic to be outbound from their machines, thereby allowing the backdoor trojan horses using the same channels to go unblocked. The number of backdoor trojan horses using instant messengers is increasing steadily.

-

IM Hijackings and Impersonations

-

Cyber-criminals can impersonate other users in many different ways. The most frequently used attack is simply stealing the account information of an unsuspecting user.

-

To get the account information of a user, the cyber-criminal can use a password-stealing trojan horse. If the password for the instant messaging application is saved on the computer, the attacker could send a trojan to an unsuspecting user. When executed, the trojan would find the password for the IM account used by the victim and send it back to the cyber-criminal. The means for sending back the information varies. They include using the instant messenger itself, IRC, and email.

-

Since most of the major instant messaging protocols don't encrypt their network traffic, attackers can hijack connections via middleman attacks. By inserting messages into an ongoing chat-session, a cyber-criminal can impersonate one of the chatting parties.

-

Though more difficult, one can also hijack the entire connection by using a middleman attack. For example, a disconnect message, which appears to come from the server, can be sent to the victim from the cyber-criminal. This will cause the application to disconnect. The cyber-criminal can also use a simple denial of service exploit to keep the application disconnected.

-

Since the server keeps the connection open and does not know that the application has been disconnected, the cyber-criminal can then impersonate the victim.

-

IM Encrypted

-

Stolen account information for any instant messenger can obviously be very damaging. Because the cyber-criminals can use this information to disguise themselves as trusted users, the people on the victims Buddy Lists will trust the cyber-criminals and may share confidential information or execute malicious files. Losing a password for an instant messenger account can be dangerous for more people than just the user who lost it.

-

To mitigate against these kinds of problems you can share encrypted instant messages using products such as Trillian, IMsecure by ZoneLabs, Meebo, and Pidgin. All have/are freeware versions.

-

IM In-Denial

-

Instant messaging can make a computer vulnerable to denial of service (DoS) attacks. These attacks may have different end results: some DoS attacks make the instant messenger application crash, others will make it hang, and consume a large amount of CPU resources, causing the entire computer to become unstable.

-

Cyber-criminals have many ways to cause a denial of service on an instant messenger program. One common type of attack is flooding a particular user with a large number of messages. The popular instant messaging applications contain protection against flood-attacks by allowing the victim to ignore certain users. However, there are many tools that allow the cyber-criminal to use many accounts simultaneously, or to automatically create a large number of accounts to accomplish the flood-attack. Adding to this is the fact that once the flood-attack has started, and the victim realizes what has happened, the computer may become unresponsive. Putting the attacking user accounts on the ignore list of the IM program may be very difficult.

-

Even though denial of service attacks are more of an annoyance than they are dangerous, they can be used in combination with other attacks, such as the hijacking of a connection.

-

IM Not Keeping Secrets

-

Information disclosure could occur without the use of a trojan horse. When the data that is being transmitted over the instant messaging network is not encrypted, a network sniffer, which can sniff data on most types of networks, can be used to capture the instant messaging traffic. By using a sniffer, a cyber-criminal could sniff the packets from an entire IM chat session. This can be very dangerous, as they may gain access to privileged information. This is particularly perilous in the corporate environment, in which proprietary or other confidential information may be transmitted along the IM network.

-

IM Keeping Secrets

-

Most instant messaging applications allow all communications to be saved in log-files. Even though this is a feature that is often requested and required by businesses, it can be very dangerous to keep logs, as the logs may include sensitive data. This was made evident in a case where a cyber-criminal stole logs from an IM application belonging to the CEO for a company. The cyber-criminal posted the logs to several places on the Web, creating one of the worst possible corporate nightmares. The logs included sensitive company data regarding business partners, employees and affiliate websites. After the posting of the logs, several members of their senior staff resigned.

-

This case shows how dangerous it can be if a cyber-criminal is able to monitor IM sessions. Even though the log-files were stolen in this case, sniffing the data-packets could have caused the same damage. Encrypted IM chat and log files would have helped prevent this catastrophy. Storing sensitive files and chatlogs in an application such as My Lockbox is a way to worry-free computing. It has both a free version and paid.

-

Blocking IM: Forget it

-

The most effective way of preventing instant messaging is to deny it access to the network in the first place. Preventing the use of instant messaging is difficult. Simple port blocking firewalls will not be effective because IM applications can use common destination ports such as HTTP port 80 and FTP port 21. Most of the IM applications will auto-configure themselves to use other ports if the default port is blocked.

-

Firewalls with protocol analysis may prevent instant messaging applications from communicating via common destination ports, such as port 80, because instant messaging traffic is different from HTTP traffic. However, the latest versions of all the various IM applications embed the traffic data within an HTTP request, bypassing protocol analysis.

-

IM Security

-

Securing instant messaging is not a difficult task. One of the best ways to secure the information being transmitted along an IM network is to encrypt it. There are currently many companies that offer encrypted instant messaging communication. IM encryption applications are available, four of which are noted above. If P2P file transfer via the instant messaging network is not required, then disable it. A comparison and list of all IM applications can be seen at Wikipedia. Comparison of IM Clients.

-

Cyber-criminals generally target specific computer systems, so they are not the biggest threat for any IM network as a whole. However, worms are non-discriminating and target all the computer systems of a particular network. They appear to pose the biggest threat for the future. We have seen worms that use security exploits, becoming widespread in a very short period of time.

-

The number of worms for instant messaging is increasing each year, and looking at the success of some of these worms, clearly instant messaging is a primary platform for malicious threats. Many exploits are available for the various IM applications. Computer professionals and users alike need to be aware of the security issues involved with instant messaging. The best way to ensure the security of IM services is to educate users to the risks involved and the means of mitigating those risks.

-

Basic good security for instant messaging can be obtained, even for free.

-

Use a reputeable antivirus such as Avira AntiVir Personal Edition (When you install it you will be asked to install the Ask Toolbar and/or Webguard. It's up to you but you may not need them. See the Beefs and Bouquets heading of this site for more info.) Most antivirus applications can do the more popular trojans and worms.

-

MBAM: Detect and remove spyware and trojans using Malwarebytes Anti-Malware. The free version works only as an on-demand malware scanner and remover. The Pro version comes with realtime scanning and removal, which can be important to users of IM.

-

MSMVP HOSTS: Please refer to the previous article 7 for more info. The HOSTS can block any address, with or without a browser. It can protect you from clicking on links to malware sites in IM.

-

Windows Firewall or better

-

IMsecure by Zonelabs

-

Trillian

-

More about Meebo and Pidgin can be discovered at How to Encrypt Your Instant Messaging Chats by Tim Watson.

-

If you need further help with anything here, then come see us at SpywareHammer.

-

-

Best regards and always take care of your security.

Windows Security Checklist - Part 7: HOSTS: Blocking Unwanted Web Sites, Malware and Ads

Posted on December 24, 2010 at 6:27 AM Comments comments (0)

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 9, 2005

Revised and Updated: December 24, 2010

(Preamble skipped. You can read it below in previous articles.)


HOSTS: What It Does


To remove and block web site ads and banners, offensive content and malware, you can purchase specific software or you can use free techniques available for any browser. The HOSTS file is built into Windows but comes blank with no entries. It can be used to block ads, banners, cookies, web bugs, and even most hijackers, by blocking the Servers and sites that provide them on your own computer. The following entry 127.0.0.1 ads.badsoftware(example only).com blocks all files provided by the badsoftware Server to the web pages you look at while stopping it from tracking your movements.


The HOSTS is the first place a browser looks for an address after you click on a link or type one into your address bar (unless you are using a proxy server, more on that later). When you type in an URL such as www.happycampers(example only).com. If it does not find the domain name in the HOSTS file, only then does the browser ask the DNS server. It is this fact that makes the HOSTS file an excellent means for blocking web site ads and other threats.


HOSTS is a text file you can open in Notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. A default entry in every HOSTS file looks like this:


127.0.0.1 LOCALHOST #THIS IS THE UNIVERSAL IP ADDRESS OF ALL LOCAL COMPUTERS


127.0.0.1 is an IP address called the "loopback" because it refers to your local computer only. The loopback address gives developers a way to test web software without being physically connected to a network. This prevents errors in network hardware or software from obscuring test results. The loopback address can be used to stop web ads from displaying.


To use the HOSTS file to block web ads, you add a list of hosts serving offensive or malicious content with these domains associated to the loopback address -- your own computer. When you go to a site that contains ads, the browser looks on your own machine for the ads and never visits the ad server. The ads are never displayed and the ad server has no opportunity to put tracking cookies on your computer.


Ad-blocking HOSTS files, for various purposes, are available for download on the Internet.


Regularly Updated AdServers List: http://pgl.yoyo.org/adservers/#foursteps


Windows automatically looks for the existence of a HOSTS (file) and if found, checks the HOSTS first for entries to the web pages you request. The 127.0.0.1 is the address that points to your computer, so when the entry "ad.doubleclick(example only).net" is requested your computer thinks 127.0.0.1 is the location of the file. When this file is not located it will say that it's unable to connect to that address on the page in your browser. It then skips onto the next file and thus the ad server is blocked from loading the banner, cookie, or (perhaps) malicious javascript file.


This takes nanoseconds, which is much faster than trying to get a file from the other side of the planet. Another nice feature of the HOSTS is that it is a two-way file, meaning if some malware does get into your system it cannot get out (call home) as long as the proper entries exist. For this reason it's essential to keep your HOSTS file up to date.


A very large HOSTS can slow down a browser on NTFS platforms (XP, Vista & Win7) To resolve this issue open the Services Editor.


Start > Run (type) "services.msc" (no quotes)

Scroll down to DNS Client,

Right-click and select: Properties

Click the drop-down arrow for Startup type

Select: Manual

Click: Apply/OK and restart.


HOSTS need regular updates since new ad servers keep popping up. If you see an ad while using an ad-blocking HOSTS file, it means one of two things, either the ad is hosted on the site's own server, or it is new. To find out where the ad is coming from, right-click on it and select "Copy Shortcut." If the ad is hosted on the site, you cannot block it with a HOSTS file as HOSTS files only block whole sites. For a new ad server, paste the domain portion of this URL into your HOSTS file with a redirect to 127.0.0.1.


Blocking More Than Ads with MVPS HOSTS


Traditionally, the HOSTS is used to block ads and banners, but it was determined by Microsoft MVPs (Most Valuable Professionals) that many of the parasites and malware that get onto our machines by surfing websites can also be blocked in this fashion.


It serves no purpose if you block the ad banner from displaying, as most other HOSTS files do, but get hijacked by a parasite from a script or download contained on the website. The object is to surf faster while preserving your safety, security and privacy.


Direct Download of the MVPS HOSTS: http://www.mvps.org/winhelp2002/hosts.zip


How to install MVPS HOSTS:


You can also right-click the link and select "Save Target As." Unzip in a "temp" folder and place in the appropriate installed location. The MVPS HOSTS zip comes with a batch file you can run in XP, Vista and Win7. In Vista and Win7 you will need to have Administrator rights to open and run it. It will automatically install the new HOSTS in the appropriate location, while making a backup of your old HOSTS.


Using HOSTS with Proxies


If you connect to the Internet using a remote proxy server, the HOSTS may not work. A remote proxy server does the DNS requesting for you preventing the HOSTS from being used. Your browser will route its request through your proxy server before your machine looks up an entry in HOSTS.

If you are using a proxy server:


In IE, go to the Internet Options > Connections tab and choose your connection.

Make sure the box called "bypass proxy server for local addresses" is checked.

This type of change should only be made on a stand-alone machine. If you are Networked (ie part of a large business or institution) you should check your configuration with your IT department prior to making any changes. You may also wish to check this change with your ISP (Internet Service Provider) as it could disconnect you from the Internet.


HOSTS: Problems and Solutions


The HOSTS technique is useful, but there can be some problems with it. Ad-blocking HOSTS files can include sites that have ad servers you do not want but you may still want to see them. This occurs because some ad servers provide other types of content. For example, the ad server akamai.com also provides streaming media for many web sites, including Microsoft, for whom they handle Windows Updates. If you block akamai.com, you will not be able to access Windows Updates.


You would like to see something else in place of ads, but in actual practice there are "Action Canceled"  or "(the browser) cannot display the web page" error messages repeated wherever an ad would have been. This can be fixed, as you will soon see.


Problems with delays occur. HOSTS redirect ad-server requests to IP addresses that are not servers. Internet Explorer will fail immediately if it cannot find a server, but other browsers can wait much longer before quitting.

Both these problems can be solved by installing a small, single purpose, local-only HTTP server that does nothing but serve GIF images (which you can determine) when requests are received on the loopback address. This replaces unsightly error messages with the images you prefer, and eliminates delays because the browser receives an immediate response.


 

A free utility for this purpose is eDexter. It also cures Opera's endless searchings. For more info and downloads: http://www.pyrenean.com/eDexter

It works in all Windows platforms, and is also available for use with Macintosh.


Back Button Problems


You click the Back button to return to the previous page and it appears that nothing happens. What usually occurs is that the HOSTS has blocked one or more ad pages that are embedded into the web page you were viewing. To verify this click the small drop-down arrow on the Back button. Is an ad server listed? In some cases the web page can contain a script to prevent the user from returning to a previous page. Simply skip to a valid link.


Making the HOSTS More Powerful


You can augment and strengthen your HOSTS with two freeware security applications.


SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected. Those who donate to SpywareBlaster can recieve automatic updates.


Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your HOSTS will be augmented with Spybot's protections against bad cookies and nasty web sites.


The HOSTS with these two applications work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious spyware and hijacker threats on demand.


Merry Christmas, Yuletide Greetings or Happy Winter Solstice to All, and always take care of your security.


This document is provided "AS-IS" without warranty, and confers no rights.

Windows Security Checklist - Part 6: Invisible Internet Browsing or Talk to the Proxy

Posted on June 20, 2010 at 6:37 PM Comments comments (0)

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 2, 2005

Revised and Updated: June 20, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 6: Invisible Internet Browsing or Talk to the Proxy


It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.


Invisible Internet Browsing


Each computer on the Internet is marked with its own special IP-address. (IP stands for Internet Protocol.) For cable users you probably have one or two static addresses that rarely change. For High Speed-DSL and Dialup users, you may have dynamic ones which change with each logon or fairly often. On high speed-DSL you can usually change your assigned IP address by turning your modem off, waiting 30 seconds and turning it back on, then reconnecting to your ISP's network. Dynamic IP's can be traced using Reverse-DNS where the network or ISP you are on allows for it. Each Reverse-DNS address is unique. Even if your dynamic IP-address changes, the Reverse-DNS address will remain the same.


Your IP-address allows your ISP and other computers to communicate with your PC. To be completely without an IP-address would be the same as a telephone without a dialtone. There would be no communication, and you would be offline. However, there are ways to mask or encrypt your IP-address.


Proxies are simply servers that connect users to a network. Usually it connects to another network (for example, the Internet) from a local network such as a business or even an ISP (Internet Service Provider). It allows many to access a network with one or several addresses. These servers can be very useful, contributing security, speed and privacy to those who wish to truly enjoy the Internet without giving up their identities.


There's basically three kinds of anonymous proxy services of interest to home users. Public Anonymous Proxy Listings which you can use by selecting, then inserting their addresses and port numbers into your web browser. You can find instructions for doing that with most popular browsers here: Using Proxies. Btw, their instuctions for Internet Explorer 6, apply to 7 and 8 as well. That article also explains about transparent, anonymous, distorting, and high anonymity proxies. Note: Try to avoid using proxy toolbar browser addons as many of these include tracking spyware, rather counterproductive to privacy.


By using an anonymous (http) proxy server, you are using their IP instead of your's to access the Internet. An anonymous proxy removes, masks or encrypts your IP on any requests you make when it passes these along to Internet websites. They talk to the proxy, not to you. For these proxies to be truly effective it is important to disable Java, Javascript and third-party cookies in your browser. If this detracts from your enjoyment then leave them on. Be aware though, that by doing so it is riskier. Additional risks also exist for these types of proxy servers, most especially from unencrypted traffic containing logins and passwords. If the anonymous public proxy you're using belongs to a malicious owner, you could be in trouble. You could likely encounter that kind of thing when using random choices from anonymous proxies lists without checking them to see if they're okay. You can look up IP addresses and whois at a site such as What Is My IP. You can find more such sites by searching for whois in your favorite search engine. Btw, Google is never anonymous. I use Scroogle all the time. Donations to Scroogle help us all, so be generous. As a general rule I stay away from anonymous proxies located in Eastern Europe, Russia, anywhere in Asia, Africa and South America.


Tip ...especially for dialup users: Large downloads can be agonizingly slow on dialup. By connecting to a web proxy server you can speed up the download by having the proxy get the files first, and then give them to you at their speed. You may have to test and expirement to find a server that can do that. You can also search for Premium Link Generator Sites. They have features where you can download large files from file sharing sites. You download the file to their server, then you get it from them. Be careful though, as there are some link/sync sites which offer browser addons that are spyware.


For large downloads, I would strongly advise that you get a Download Manager--even if you're on a high speed connection. These types of programs can resume downloads that have stopped without warning or become broken somehow. They can greatly speed up the download by simultaneously splitting the file into smaller segments and downloading them all at once. My favorite one is Free Download Manager.


Another kind of anonymous proxy server is accessed via a web page service. There's no need to program your browser. Simply open the web page and insert the URLs/addresses you wish to visit in their search bar. IPHider is one such service, and it's entirely free.


The third way is by means of a VPN, a Virtual Private Network. A few of these are free, but most are subscription based. Please refer to this article: 8 Free VPN Services.


Warning (Tip)...do not try to join security forum boards using an anonymous proxy. You could be banned. They don't trust members who are not forthcoming.


Besides using anonymous proxy servers on the web, you can use a free program that does even more. Proxomitron is shown below.


Proxomitron has these features:


Stop windows that pop-up, pop-under, or pop-over

Stop those un-closable endless banner chains

Stop pop-up JavaScript message boxes

Remove web-branding and other scripts tacked on by "free" web providers.

Convert most ads and banner pictures into simple text links

Freeze all animated gifs

Make blinking text appear as bold instead

Remove slow web counters

Stop web pages from "auto-refreshing"

Prevent pages from changing fonts

Get rid of or replace web page background images

Protect against getting "trapped" inside someone else's frames!

Make all frames resizable

Close top or bottom frame banner windows

Make background MIDI songs play only when you choose.

Remove status bar scroll-texts

Remove "dynamic" HTML from pages

Disguise your browser's identity and version from JavaScripts

Remove style sheets

Un-hide URLs when the mouse is over a link

Disable frames or tables altogether

Change or delete cookies

Change your browser's user-agent and other identifying fields

Hide where you've been previously from inquisitive web servers


For more information please refer to: The Proxomitron - Universal Web Filter


This article is meant to be a general introduction to the use of anonymous proxies, and not a detailed dissertation on the subject. Thanks for reading.


Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.

 


Windows Security Checklist, Part 5: Are Cookies Really GUID for You?

Posted on May 29, 2010 at 1:29 PM Comments comments (0)

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: December 26, 2004

Revised and updated: May 29, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 5: Are Cookies Really GUID for You?


It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.


Are Cookies Really GUID for You?


Cookies have received a lot of bad publicity, but you need cookies if you want to visit websites. And, rightfully so people want to know how to remove them from their computers. This becomes especially important with the kind of cookies allowed in your browser. It has become a popular practice among adware and spyware developers to use third-party cookies to insert Global Unique IDentifiers (GUID) onto your computer. GUIDs are mathematically generated, unique hexa-decimal numbers which can be used to track your activities anywhere online. It's the mathematical equivalent of a UPC barcode or RFID tag.


Cookies are not executable programs placed on your computer to collect data on your computer usage. They cannot replicate themselves. A cookie cannot read any data from your hard disk, including the data stored in other cookies, but they can be read. With a little clever manipulation, cookies can be cross-referenced between different sites monitored by a single company. Using cross-referenced cookies, that include GUIDs and your personal information between linked websites, it's possible to track your online activities in detail.


A cookie is just an ordinary DOS-text file, stored by your web browser, that is a record of specific information about each time you visit a particular website. The record in the cookie can contain any information, especially personal information and passwords. Cookies began in the early days of Netscape (1994), the first really popular web-browser, invented by Lou Montulli. The people at Netscape discovered that the Internet has amnesia.


Whenever you want a web page, you bring it up with your browser, either by typing in the name of the page or clicking on a link. When the browser opens the page for you, it disconnects from the computer that had the page.


This allows the Internet to have many connections. However, it makes your connections to the Internet a lot harder. Since you use separate connections with each web page, the website you are viewing cannot tell if you are the same person at each page in turn. This makes it harder to provide the proper information and to remember where you were.


Cookies are a way to solve this problem. Without cookies, websites and their servers have no memory. A cookie, like a car key, enables swift passage from one place to the next. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a totally new visitor.


Session cookies are used by web sites to ensure that you are recognised when you move from page to page within one site, and that any information you have entered is remembered. For example, if a commercial website did not use session cookies then items placed in a shopping basket would disappear by the time you reach the checkout. You can choose to accept session cookies by changing the settings in your browser. Session cookies are deleted when you logoff from the website or close your browser.


First-party cookies are for particular websites with which you have accounts. With these cookies, you can specify your personal preferences for the features that the web sites offer, such as to display the current weather conditions of the city you live in, provide the skin of your choice for the site, the colors you like, etc. Each time you visit that web site in the future, it automatically recalls your choices, using the cookie.


Third-party cookies come from a web site different from the one you are currently viewing. They provide extra content on the web site you are on, like a web site within a web site. These sites may use advertising from other web sites that may also use cookies. Often this type of cookie is used to track your web page use for advertising or marketing purposes. Third-party cookies may be temporary or persistent.


Advertising networks are companies that use third-party cookies, paying software developers and web sites money for allowing their ads to be shown when people use their software or visit their sites. The ads are often in the form of popups or banners, presenting you with some form of advertisement. The problem with these networks is that they place third-party cookies on your computer each time you open an ad served by the particular network. This allows the advertising network to track your movements across the Internet by reading the information contained in the cookies every time you connect to a site that they are on. Any of the most popular web search engines also do this by default. Information in the cookies is recorded on their servers, and the GUID numbers provide identification with time and date specified. It should be noted that cookies don't identify a specific person, but track the user account, computer and web browser. This kind of information can then be provided to law enforcement (for example) to assist an investigation if the user account has been engaging in illegal activites, or sold to another company seeking to use the information for their own purposes.


How to Block ID Tracking by Search Engines


Most major search engines online use tracking cookies, and record your IP address when you use them. The information recorded in their cookies is stored in permanent files on their servers hard drives. If you want your search history recorded for all posterity then by all means keep using them as you have in the past. Alternatives do exist. Two search engines (trusted) that don't use tracking cookies nor keep permanent records of your visits are Scroogle and Startpage.  Click on the links to see what each is about. Each has plugins so they can be added to your browser's search engine selections. Here's the multi-language plugin list on Scroogle for Firefox.


What To Do About Poisonous Cookies


Cookies are far from perfect. Although they are not executable they can be stolen, replaced, redirected, and rewritten for illegal or nefarious purposes. Instructions for blocking Third-Party cookies in Internet Explorer are provided below, and at the links for Firefox and Opera. But just blocking cookies may not be enough. Three freeware applications can provide extra muscle to stop poisonous cookies dead in their tracks. (I use these every day online.)


1. Get the MVPS-Hosts file. A full explanation of what the Hosts file does and how to install it are provided at this site. If you hate ads when you surf, this will get rid of them.


2. SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected.


3. Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your Hosts file will be augmented with Spybot's protections against bad cookies and nasty web sites.


These three work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious threats on demand.


Blocking Third-Party Cookies


You can learn how to configure your browser to accept only first-party and session cookies, and to deny all third-party cookies. Follow these steps to block only third-party cookies, for Internet Explorer 7+:


Click Tools > Internet Options, select the Privacy tab and click the Advanced button. Put a check in the box beside Override automatic cookie handling, then select Allow, Block or Prompt for First Party and Third Party cookies. In this case, Allow First Party and Block Third Party. By putting a check in the box beside Always allow Session cookies, these will be saved on your computer instead of being deleted when you close your browser. You don't have to keep them if you don't want to. Session cookies are used for browsing specific web sites, and using extra content they may have.


Enabling or Disabling Cookies in Firefox 3.6


Cookies for Opera 10.53


P3P (Privacy Preferences Platform)


Established by the World Wide Web Consortium (W3C), P3P provides Internet users with greater privacy when surfing the Internet. W3C is the official web standards body, which essentially attempts to bring law and order to the Internet.


P3P was started to reassure user concerns about the amount of data collected by websites. The idea is that any site gathering information about its users should state why it wants the information, and how long information will be kept. A user visiting a site with a P3P policy has access to its privacy policies and can decide whether or not to accept cookies or use that site at all. That's why you see so many sites that have stated privacy policies and terms of service. You need to read them carefully depending on how you choose to use those sites. For more information.


Here you have the basic nuts and bolts of cookies online, what to keep, what to avoid and how to mitigate against malware attacks through your browsers. It's still important to surf carefully, even with added protection. Malware authors are always trying to screw us over, so do your best to stay safe online.


Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.

 


Windows Security Checklist - Part 4: Securing Your Network Configuration or Home LAN Security

Posted on May 23, 2010 at 12:10 PM Comments comments (0)

First Published by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer: December 19, 2004

Revised and updated: May 23, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 4: Securing Your Network Configuration or Home LAN Security.


It's not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.



Please take note that the following information and instructions are provided for single (private) computers, and private home-based Local Area Networks (LANs), not for commercial/business networks, nor for Microsoft legacy operating systems prior to Windows XP/Server 2003. This document is provided "AS-IS" without warranty, and confers no rights.


Why Disable NetBIOS?


NetBIOS (Network Basic Input-Output System) is a set of software interfaces that can allow the sharing of files or folders across a network with other hosts (computers) through Windows Network Shares. Developed in the 1980's, and brought forwards through all of Microsoft's operating systems up to and including Windows XP and Server 2003. It does not exist as such in Windows Vista and beyond due to security concerns. The Common Internet File System is the tool of NetBIOS. This permits a host to use remote files on another PC as if it was on their own computer. This makes NetBIOS a threat to individual privacy and security on the Internet for users of XP/Server 2003 operating systems. It can leave your PC open and vulnerable to anonymous logons, remote Registry accesses, and remote procedure calls, all from total strangers.


The importance to securing your home network configuration is understanding what is meant by binding. Binding means that there is a shared and continuous connection between two or more network services, communications drivers, and adapters. The easiest way of seeing these relationships is to organize the various network components into sections.


The Network Services Groups section contains application and server services used by your computer: Applications for Microsoft Family Logons, Microsoft Networks, File and Printer Sharing for the Microsoft Networks.


 

The Communications Protocol contains protocol drivers that apply various network communication protocols: TCP/IP, PX/SPX, NetBEUI (NetBEUI is the NetBIOS Extended User Interface, a more advanced form of NetBIOS.)


The Hardware Adapter section contains the actual peripheral adapters which connect the system to the Internet: Cable/DSL Interface, Dial-Up Adapter, Local Network Interface.


With this sectioned, the parts in each network group are seperate and divorced from the components in the other groups. However, when you get your XP/Server 2003 computer for the first time, brand new, all of these parts are bound together and interconnected by default. Having this many bindings to drivers, services and protocols allows unauthorized uses of your computer online by hackers, or anyone else.


If you are not interested in file-sharing (think also of P2P) and wish to have a more secure Internet experience, what you need to do is to disable the bindings to all protocols, services and adapters except for TCP/IP bound to either the Dial-up Adapter, the DSL Adapter, Cable Interface, or the LAN Interface. You need to be the administrator of your PC to change these settings. If you are only a user on another administrator's PC (e.g. students, office workers) you will need to let your IT people know of your concerns, and wishes regarding this issue before anything can be done. Some places provide instructions for those who need them.


For safer and more secure communications, the system's TCP/IP protocol is bound only to the interfaces or adapters that have contact with the Internet. Since the various Internet-using applications like web browsers, e-mail and proxies etc, do not use or need the Microsoft Networking services, there is no need to bind them to the global Internet TCP/IP protocol.

 

Adapters, Protocols, and Service Bindings


What are Network Adapters for Windows?


On Windows XP/Server 2003 click on Start, Control Panel, then double-click Network Connections. In Windows Vista and Winows 7 double-click Network and Sharing Center.


This will open a window containing a list, The following Network components are installed. This list contains a certain number of lines with an icon on their left. Each of these lines represents a Network Adapter.


On Windows Vista and higher you get a window showing a simplified view of all the connections and shares used by your computer. You can change them here if you wish. For more info please refer to http://www.online-tech-tips.com/windows-7/network-and-sharing-center-windows-7-overview/


A Network Adapter is a program component that helps your computer link a Network peripheral to Windows. Here are some explanations for a few classic Network Adapters.


Network Adapter examples for Ethernet ISA or PCI cards. You have these Adapters if you have an ADSL Internet connection or if your PC is connected to a Local Area Network (LAN). (From one of my old computers.)


(icon) 3Com Etherlink 10 ISA

(icon) SN-3200 PCI Ethernet Adapter


Remote Access Card type Adapters are used for telephone modems or ADSL USB modems.

(icon) Remote Access Card


What are Network Protocols?


Using TCP/IP as an example. Transmission Control Protocol/Internet Protocol: is the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is used by all the Internet, making it the global standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.


All communications between devices require that the devices agree on the format of the data. The set of rules defining a format is called a protocol. At the very least, a communications protocol must define the following:


-- rate of transmission (in baud or bps) (pronounced as bode and bips)

-- whether transmission is to be synchronous or asynchronous

-- whether data is to be transmitted in half-duplex or full-duplex mode


In addition, protocols can include sophisticated techniques for detecting and recovering from transmission errors and for encoding and decoding data.


Communications Protocols are compatible formats for transmitting data between two devices. The protocol determines the following:


-- type of error checking to be used

-- data compression method, if any

-- how the sending device will indicate that it has finished sending a message

-- how the receiving device will indicate that it has received a message


There are a variety of standard protocols from which programmers can choose. Each has particular advantages and disadvantages. Some are simpler than others, some are more reliable, and some are faster.


From a user's point of view, the only interesting aspect about protocols is that your computer or device must support the right ones if you want to communicate with other computers. The protocol can be provided either in hardware or in software.


Service Bindings: What are they?


With many server applications, a binding is an association between a network connection point (the combination of an IP address and a port number, for example) and a network service (e.g. a mail server or web proxy). This defines the interface over which a server process will provide service to a computer. It stands to reason that in order for a service to be accessible to a computer, it must be “bound” to an interface that is available to it.


Bindings allow PCs to connect to network services, and allows the administrator to specify which service will respond to the connections, and on which interfaces and ports. Security issues are associated with providing remote access to services. Bindings therefore need to be considered a point of security control.


Are You Vulnerable to NETBIOS Problems?
Try these tools to determine your NetBIOS vulnerabilities:


Nmap: Free network exploration and security auditing utility. http://nmap.org/


NLtest - very powerful tool, included in Windows Server 2003 Support Tools which can be found on the product CD. NLtest can obtain a wealth of information about potential configuration vulnerabilities.


For Windows XP, and Windows Server 2003, the Microsoft Baseline Security Analyser will report hosts that are vulnerable to SMB exploits and may be used to fix the problem. The tests can be run locally or on remote hosts. http://technet.microsoft.com/en-us/security/cc184924.aspx


Windows XP and Windows Server 2003 users can simply type net share from the command prompt to see what resources are being shared. For more information about the net share command, type net share /? Windows Vista and Windows 7 have this feature disabled by default.


Important Note: This article contains information about changing shared resources. Before changing any shared resource, make sure you understand how to restore the resource, if a problem occurs. For information about shared resources, click on the following articles to view them in the Microsoft Knowledge Base:


Saving and Restoring Existing Windows Shares

 


How to set, view, change, or remove special permissions for files and folders in Windows XP


How to disable simple file sharing and how to set permissions on a shared folder in Windows XP


How to Copy Files and Maintain NTFS and Share Permissions


Safely Block NetBIOS Ports Over TCP/IP to all Internet Traffic at the Firewall


This will prevent outside access to the contents of your hard drives via these ports whether you do file sharing or not. Block incoming and outgoing access to ports 135, 137, 138, 139, and 445 with your firewall.


ZoneAlarm does this by default when you set the Internet Zone Security level to high. The medium default security setting only blocks incoming access to NetBIOS ports, but you can manually change that to include outgoing. Remember that any setting lower than high is not recommended for use in the Internet Zone. Note that these configurations should be possible with other software and hardware firewalls. Please consult their manuals.


Disable NetBIOS Over TCP/IP By Using DHCP Server Options (for XP and Server 2003)


Disable NetBIOS in W2K/XP/2003


Author's Note: This article was published at a time when there was a dearth (not much) of understandable instructions on Home LAN Security issues. A lot more info is available now, but much of it still reads like technical manuals for starships. Hope this article helps you understand.


Best regards and always take care of your security.

 

 

 

 

 

 

 

 

 

 

Windows Security Checklist Part 3: Safe at Any Speed Online

Posted on April 25, 2010 at 3:11 PM Comments comments (0)

First published at CastleCops by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer, December 12, 2004.


Edited, updated, and republished: April 25, 2010.


This article was originally written for Internet Explorer 6, but most of the information is still current and useful. Updates have been added for IE 7 & 8, Vista and Windows 7.


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 3: Safe at Any Speed Online. (Btw, "Safe at Any Speed" is a futuristic, sci-fi short story by Larry Niven.)


It is not as complicated as it may first appear, although there is a lot of information to absorb. The experts at Spywarehammer.com can help you if you have questions about any of these techniques and applications. The applications featured here are compatible with all Windows platforms, unless otherwise noted.


Browsing the Shelves


Configure your browser for maximum privacy. **Force it to prompt you for permission for everything possible.** (To be absolutely honest I prefer settings which do not interfere with my surfing. Personally, I don't like a lot of promptings.) You can configure Internet Explorer to provide good security with a minimum of fuss. For more details on how to do this please refer to the following articles, depending on which version of Internet Explorer you are using:


IE6: http://www.helpwithwindows.com/techfiles/surf-safe.html


IE7: http://www.helpwithwindows.com/techfiles/ie7-surf-safe.html


IE8: http://cybercoyote.org/security/browsers.shtml


For all other browsers please refer to their Help sections.


With Internet Explorer, clear your browser cache, called "Temporary Internet Files" or TIF, and browser history often. Always clear these after visiting any site where you performed personal business such as online banking or buying products. Click Tools > Internet Options. On the General Tab see Browsing History and a button labelled "Delete..." For those who would prefer an application to do it for them, this little freeware can speed up the job. CCleaner at http://www.piriform.com/ccleaner

Other browsers, such as Opera and Firefox, can be set to clear cache and history just by closing the program.


For Internet Explorer users: Get a web content/browser filter to prevent remote site contact through ad banners and embedded web bugs. Proxomitron is an example of a web content filter. For more info, please visit http://www.proxomitron.info/ 


Also, get a cookie filter. They are built into most browsers these days, but third-party programs usually offer better filtering options. For IE there is CookieWall: http://www.analogx.com/contents/download/Network/cookie/Freeware.htm

Another excellent application for browser filtering and to prevent hijacks is WinPatrol: http://www.winpatrol.com/


Internet Explorer can be a safe and able browser if you configure and protect it properly. Some of the reasons as to why IE has had security problems are due to a combination of inept and uninformed users, malware writers and browser hackers. These articles help alleviate that by informing and educating all users.


Take Care of Your Information


 

Be careful about what information you share on websites. Use common sense when filling out forms or providing any personal data, unless you are completely sure it will not be misused. Read their Privacy Policy or Statement. Just because they have one does not mean they will not still use your information against your better wishes. Read it carefully. If it is vague, unclear, or absent, do not share anything with them.


Stay away from everything to do with mailing lists and requests to use your personal information. Avoid sites that offer some sort of prize or free gift in exchange for your contact details. These are sure to be some form of identity theft scam or for spam.


Do not use "click here to unsubscribe" with spam e-mails. What this really does is verify that the spam was delivered to a valid e-mail address and confirms that you saw it. The sender has no intention of honoring your request. By responding you are certain to get even more spam from the same sender, as well as those who were sold your confirmed address. Delete the spam without responding to anything. Most webmail outlets provide a place for spam. You may have to check it to be sure no legitimate e-mails are there before deleting.


Do not use your personal e-mail address when posting to message boards, or newsgroups. Always use a webmail address. Spiders and crawlers are constantly checking these places for valid addresses to use for spam. Many websites provide a choice in your profile whether to hide or reveal your e-mail address.


Also avoid giving your personal e-mail address to your friends. They may not be as well protected and informed as you. Use a disposable, free webmail account instead. These are easily obtained from Hotmail (Windows Live), Yahoo, Google etc.


Anonymizers or proxies can help where both privacy and security are at risk when browsing to new websites and posting to certain newsgroups.


Be informed. Visit Spywarehammer, and other security websites frequently. Read the news and apply what you learn.


Test the Waters First


Try one or both of the free services listed below to test the security of your computer connection to the Internet. Be sure to include a check for identity vulnerabilities and port scanning.


ShieldsUP! by Steve Gibson Research Corporation: https://www.grc.com/x/ne.dll?bh0bkyd2


Symantec Security Check: http://www.symantec.com/norton/sygate/index.jsp


Look at the results. Make adjustments to your firewall or network settings, and apply software patches as required for the best defense.


Check your firewall and router logs often for suspicious incoming or outgoing traffic. If you suspect that you are a victim of a hacker attack, that someone did in fact compromise your system for criminal intent, go to the Internet Crime Complaint Center: http://www.ic3.gov/complaint/default.aspx for instructions on gathering proof and filing a report. Look for changes on your hard drive, unknown or changed files and folders with decreased hard drive space. Do not delete. Quarantine anything suspicious as you will need this information for evidence. An easy way to quarantine files is to encrypt them so they cannot be opened except by you. A useful (free) tool for doing this is My LockBox: http://download.cnet.com/My-Lockbox/3000-2144_4-10789387.html My Lockbox can also be useful for protecting sensitive personal files and folders. Use strong passwords.


Always Have a Backup!


Keep current backups of all personal and system files. Backups restore lost data in the event that your system security is compromised or your critical files become corrupted. Keep copies of everything you need whether for a simple or a major restore. In the event of something catastrophic, like a hard disk failure or major file damage, you need to be prepared to re-install your Operating System. This means keeping your installation CD for Windows, the CDs/DVDs for all of the other programs you have installed, copies of programs downloaded put on CD/DVD, a flash/thumb drive, or an ISB Hard drive, and any personal files in a safe place seperate from your computer. These will be destroyed when you re-format a hard drive partition.


Always create a backup of your registry before installing any new program or making any changes to your system settings. Instructions to do this are in your Windows Help Files. An easy way to do this on XP, Vista and Windows 7 is to make a System Restore point. A shortcut is placed by default under System Tools in the Start Menu via Control Panel.


Added Security for Internet Explorer (any version)


An up-to-date Hosts file (free): http://www.mvps.org/winhelp2002/hosts.htm will block a lot of malware out there.


Spybot Search & Destroy (free): http://www.safer-networking.org/en/download/ will strengthen your Hosts file using the Immunize feature, as well as applying extra security to your browsers.


SpywareBlaster (free): http://www.javacoolsoftware.com/spywareblaster.html will bolster security on most of the popular browsers, a set-it and forget-it type of program.


You can't go far wrong by implementing the above advice and techniques to secure your browser and your computer. Good luck always favors the prepared. You can surf with confidence, knowing what to do if trouble comes. If you need further help, come see us at http://www.spywarehammer.com/



Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.


 

 


 

Error Message: Display Driver nvlddmkm stopped responding and has recovered

Posted on February 7, 2010 at 5:46 AM Comments comments (0)

First the display hangs or freezes for a few seconds, then the entire display shuts down. Not a black screen, but one without any power running to it. The display then powers up and the above error message appears as a balloon down by the System Tray (lower-right corner). Running Windows Vista Home Premium 64-bit (OEM) on a Toshiba Qosmio laptop (15 months old).


I started getting these problems back at the beginning of January, 2010 while playing online videogames. Researching this online yielded a plethora of results. Seems a great many people have had similar messages and problems with this Nvidia driver (even on ATI) as far back as 2007. The driver itself appears to have obscure origins as it's not even listed as a primary driver in the list of Nvidia drivers in System Information. I use a freeware program called SIW (System Information Windows) to get extremely detailed information on my computer's workings and properties.


I suspected at first that I had a trojan or some other form of malware, that are famous for yielding cryptic operational messages. I checked that as thoroughly as possible, but as far as I can tell, my system is clean. I put it that way because it's impossible to be 100% certain that a system is malware-free. Some malware, such as rootkits, can fool even the best scanners.


After a thorough reading of the problems other people have encountered, I first updated my Nvidia drivers to the latest rollout from their website: http://www.nvidia.com/Download/index5.aspx?lang=en-us

The frequency of these error messages dropped sharply after implementing it.


Next, I tried turning off Windows Defender and its updates, replacing it with Avira AntiVir http://www.free-av.com/ in the System Security Center. I had only one error message since making this change. A good site I found for help on this problem is http://www.nvlddmkm.com/


Since my system is portable, it has a battery. However, in the past three months I've had the laptop plugged-in all the time. Something in January appeared to have changed my laptop's Power Profile from Balanced to High Performance. I had made no such changes myself. Could the computer have done this automatically? I had read online that these error messages occurred most frequently for others when running their computers flatout at the highest power settings. So, I put the Power Profile for the laptop back to Balanced. This uses less power than High Performance, but if more power is required it's still available as needed. Since making this change, I've had no error messages at all.


This was my solution. Other people have been successful at ending these error messages using entirely different methods and techniques. If you are researching this problem, get as many different answers as you can before deciding to do something about it. Above all, be careful when you make changes of any kind to your computer. My best advice is to go slowly, have a backup, and if you think you need to make a major change, consult with an expert at a site such as http://spywarehammer.com/ or http://social.technet.microsoft.com/Forums/en-us/categories/ They have experts that do both hardware and software.


This posting is provided "AS IS" without warranty, and confers no rights. Written by Larry Stevenson, MVP Consumer Security 2006 to present.



Rss_feed