antivirus

Impact of Information Leakage

Information Leakage: Protect Against ‘Google Hacking’

Until recently, the primary focus of network security was to guard the perimeter and keep the bad stuff out. Firewalls were employed to segregate the internal network from the external network and prevent unauthorized network traffic or potentially malicious content from penetrating into the corporate network. Antivirus, anti-spam and other technologies were deployed on email gateways and other perimeter-facing servers to monitor and block potentially malicious content from entering the network. It was assumed, in many cases, that any data on the internal network was safe and that there was no need to monitor or block data on its way out.

Information security has matured in many ways though. Some good, some not so good. For starters, technologies such as firewalls and antivirus applications have become commoditized. There is often very little practical difference from one product to the next and they all have virtually the same success rate, so the perimeter is safe. Unfortunately, as mobile computing and portable storage devices have taken off, the perimeter has disappeared and the line between inside and outside the network has been all but erased.

The battlefront has moved now. Week after week there are stories of security breaches and lost laptops compromising millions of credit card numbers, social security numbers and other private information. Regulatory and private-sector mandates such as Sarbanes-Oxley, HIPAA, or the credit card industry’s PCI Data Protection standards require that companies control and protect sensitive or personally identifiable information. It is imperative that companies be aware of the data that is leaving their network.

Ben Rothke, a New York city-based security consultant with INS, notes that information leakage is a significant issue since we have a perfect storm of very curious people, ubiquitous high speed internet access, and overall poor security on the servers storing that information. “When you put those three factors together, they combine to create the situation where confidential data can be quickly leaked and shared with an enormous amount of information. Once the data is shared in such a manner, it is effectively impossible to get it back in a secure state.”

Tags: Perimeter Security by Tony Bradley
Comments Off

Norton Internet Security 2009

Rating four

The Bottom Line

Symantec has long held a position as one of the major players in antivirus and PC security products. One complaint users have about computer security software, but particularly with Symantec, has been the size of the install and the way it bogs the system down. Often the trade-off of performance is not considered worth it to protect the computer. Symantec has taken those issues to heart in creating Norton Internet Security 2009- it is smaller, and faster, and yet still offers all of the protection of its predecessors and then some.

Pros

  • Faster and lighter than previous versions of Norton Internet Security
  • White listing feature allows you to designate applications as trusted
  • Quick and intuitive installation and configuration
  • Pulse updates keep system up to date every 5 minutes

Cons

  • Confusing to choose between NIS 2009 and Norton 360

Description

  • Proven to be fastest and leanest PC security suite available. Installs in under 1 minute and uses less than 7Mb of memory
  • Up to the minute updates with Pulse keep your PC protected even against emerging threats by updating every 5 to 15 minutes
  • New Recovery tool boots and repairs systems even when badly infected
  • Identity Safe protects your identity from theft, and also enable users to automatically fill in data on online forms
  • Real-time SONAR (Symantec Online Network for Advanced Response) protects your PC from being compromised by bots
  • Norton Insight targets at-risk files to perform faster, less frequent scans more intelligently

My Review – Norton Internet Security 2009

One of the complaints that many users have about computer security software is that it is bloated. As vendors have battled it out to capture their piece of the market, they have continued to add more bells and whistles. In theory, those bells and whistles are nice and offer additional protection and convenience. But, the reality is that additional features generally means additional hard drive space, and additional system memory, and additional processing power. In other words, bloated security software is a resource hog that bogs down the PC and affects overall performance.

What happens when security software hogs the resources and bogs down the system is that users simply disable it. PC protection isn’t worth having a slow computer system. So, a PC security suite that impacts system performance with additional bells and whistles often results in no protection at all.

With Norton Internet Security 2009, Symantec learned that lesson. The software is leaner and faster than the competition or its predecessors. Symantec made the suite install faster and use fewer resources, but didn’t really sacrifice any bells and whistles in the process.

Norton Internet Security 2009 (NIS 2009) can be found for around $20 for a single license (or around $50 for a 3-PC license), which is a great and economical price for the scope and caliber of protection it offers. NIS 2009 provides a complete suite of security tool including antivirus, personal firewall, antispyware, antiphishing and more.

My only issue really is with Symantec offering both NIS 2009 and Norton 360. They are both solid products with similar feature sets an an identical target market. It seems to me that Symantec should make the purchasing decision easier by merging the two products together. The result would be an industry-leading, comprehensive computer protection product.

Tags: Product Reviews by Tony Bradley
Comments Off

A Preview of Windows XP SP2 Security Center

There may be a large number of people out there in the world- people with jobs and lives who don’t lurk around computer security web sites or fish through computer magazines in all their free time- who may be unaware that the long awaited Windows XP Service Pack 2 (SP2) will be released by Microsoft soon. But, whenever Microsoft has to push back a release date it becomes front page news around the globe so its possible that even those people know. Regardless, Microsoft has released the release candidate (RC1) which is typically the last phase prior to a public release so we can expect to see SP2 available in the next month or two I would guess.

One of the most talked about additions in SP2 has been the Security Center and the changes Microsoft has made to a number of different features in the name of security. When Windows XP was first released it was hailed as the most secure yet. Windows XP Home edition, although it still lacks some of the most important security features of its Windows XP Pro sibling, was a quantum leap better in stability and security than its Windows home operating predecessors such as Windows 98 or Windows ME (Millennium Edition).

But, one of the chief complaints has been that there are still insecure features that are enabled by default while the security features such as the built-in firewall are disabled by default. This means that users must know enough to determine that they want the security feature turned on and then figure out how to navigate through Windows to find the feature and enable it. Its a little like selling a car with brakes, but having them be disabled until the user finds the right switch to turn them on.

Windows XP Service Pack 2 includes many new or modified features designed to make the operating system more secure such as:

  • Managing IE add-ons
  • Stopping malicious scripting in IE
  • Blocking pop-up ads
  • More secure Outlook Express email
  • A vastly improved firewall
  • New Security Center feature
  • Modified Automatic Updates configuration
  • Disabled Windows Messenger Service
  • Restrict ability of network services to propagate threats

Below is a more detailed explanation of each of these new and improved security features:

  • Internet Explorer Updates
    • Manage Add-Ons: Many programs install a plug-in or add-on which adds some functionality to the Internet Explorer (IE) web browser. Many users go about happily clicking OK and may install add-ons they don’t really want or need and some malicious programs might secretly install add-ons. This utility allows you to view the add-ons installed on your system as well as add-ons that have been used by Internet Explorer but not installed. You can enable or disable the different add-ons from this utility as well.
    • Pop-Up Blocking: Yes, you read that right. Internet Explorer will finally have the ability to block those annoying pop-up ads. Most other web browsers have already had this functionality, and many Internet Explorer users have adopted tools like the Google Toolbar which is a plug-in you can add to Internet Explorer to block pop-up ads among other things, so the annoying advertisers have already been busy trying to find other ways to get their ad in front of you. But, there are still plenty of sites with pop-up ads and this new feature will help make sure you don’t have to see them.
    • Modified Scripting Functionality: Unscrupulous sites can use scripting to accomplish a variety of mischievous, if not outright malicious, actions. With the current IE it is possible for a web site to open new windows that aren’t even visible on the screen or to open new windows that don’t have the normal status and toolbars which make them difficult, if not impossible to close via normal means. After SP2, IE will not allow developers- mischievous, malicious or just mis-guided- to do these sorts of things.
  • More Secure Email: SP2 makes changes to the way Outlook Express works that will help protect most users from unknowingly or accidentally infecting their systems with viruses or Trojans. Outlook Express will block a variety of file attachment types such as EXE or COM files which are executable and may contain malicious code. Graphic images are blocked by default, but allow you to right-click and download them anyway. This can help prevent the display of potentially offensive pictures in spam email.
  • New and Improved Firewall: EDIT: This section has been revised after I learned that some of the information I had regarding the improved firewall was incorrent.
    This is one of the best updates in SP2 in my opinion. The Internet Connection Firewall (ICF) that comes with Windows XP is not intuitively named or configured and is disabled by default. With SP2 the firewall gets a new name, Windows Firewall, and a number of significant changes that improve its functionality. Primarily, the Windows Firewall is enabled by default and is monitored through the Security Center. It also allows you to enable or disable it on an interface by interface basis rather than the all-or-nothing approach of ICF. This firewall is leaps and bounds better than ICF but probably not sufficient to replace a 3rd-party personal firewall such as ZoneAlarm.
  • New Security Center: With SP2, Windows XP adds a new option in Control Panel called Security Center. The main screen of the Security Center displays information on the current status of your firewall and antivirus protection as well as whether or not automatic updates are enabled. Each item can be green (On), red (Off) or orange (Unknown). Windows does not come with antivirus software, but it will check for 3rd-party antivirus software and let you know if it is running and up to date. The firewall portion favors that you simply use the Windows Firewall. When I disabled the Windows Firewall and ran my ZoneAlarm Pro instead the firewall check turned orange. Security Center was able to tell me that ZoneAlarm Pro is installed, but it was unable to verify it was running or properly configured so it marks the status orange. Regardless, this is a handy step in the right direction. It gives even novice users a sort of “one stop shopping” place to look to see whether their system has the basic protective measures turned on or not.
  • Automatic Updates: Automatic Updates are not new. Microsoft has long offered the option of enabling Automatic Updates so that your Windows system could periodically phone home and learn of any new critical updates that might be available. Depending on how you configure it, these updates can occur without your intervention while you’re snug in your bed, thereby keeping your system more or less proactively patched without any effort on your part. With Windows XP a little icon would appear in the Systray asking the user whether they wanted Automatic Updates turned on or not, but with SP2 the question of Automatic Updates is made much more obvious and harder to ignore. Hopefully this new approach will lead more home users to enable this feature.
  • Disabled Windows Messenger Service: This is not to be confused with the Microsoft MSN Messenger instant messaging program. The Windows Messenger Service is used to communicate between network devices and send alert messages and such to administrators. It is arguably unneccesary for home users and has been hijacked by spammers as a means for popping up unsolicited messages on users machines. Disabling it by default will stop this annoying spam from showing up on your computer.
  • Stop Network Attacks: In the past year or so flaws in the Remore Procedure Call (RPC) and Distributed Component Object Model (DCOM) technologies have resulted in a variety of malware including the MSBlast and Nachi worms. These threats were able to exploit these vulnerabilities to spread across network connections from computer to computer. The changes made by SP2 will help to reduce or eliminate exploits like these.

I could go on and on. This isn’t so much a patch or update as it is a completely new version. Rather than calling it Windows XP Service Pack 2 they could just drop the “Service Pack” part and call it Windows XP 2. With Windows XP SP2 Microsoft has finally made some tremendous strides in providing a more secure operating system by default rather than simply including some questionably functional security features buried somewhere within the operating system.

There is no question that every Windows XP user should acquire and install this update once it becomes available. Windows XP Home users will still be lacking in a number of very key security features that exist in Windows XP Professional (see 5 Steps To Secure Windows XP Home), but with SP2 it will be significantly more secure than without it. Not only will applying SP2 add all of this new security functionality, but it will apply all of the patches for the operating system up through the date they publish the Service Pack so the system will be protected against all of the known vulnerabilities through that time.

One of the biggest issues facing users will be acquiring the update. I have heard reports that it is in the 200Mb range, however the RC1 version that I downloaded was a 475Mb download which would take approximately 20 to 45 hours to download on a standard dial-up connection. While broadband use is growing rapidly, there are still a vast majority of users- the very users who need the updated security the most- who are using slow dial-up connections to access the Internet.

Perhaps Microsoft will offer to ship the CD for free to registered users by request. I have contended that Microsoft should partner with distribution outlets like Blockbuster Video or Best Buy or Target or something to offer Service Packs and other large updates on free CD’s for the taking the same way the ubiquitous America Online CD’s are pushed. If neither of those things occur, you might consider downloading it at work if you have highspeed access and won’t be violating the AUP (acceptable use policy) of your employer, or find a friend with broadband access and a CD burner to help you get the patch.

Tags: Windows XP by Tony Bradley
Comments Off

Horrible, No-Good, Nasty, Worst-Ever Virus

  • If you receive an email entitled “Bedtimes” delete it IMMEDIATELY. Do not open it. Apparently this one is pretty nasty. It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer.It demagnetizes the strips on ALL of your credit cards. It reprograms your ATM access code and screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD’s you attempt to play. It will program your phone auto dial to call only 900 numbers. This virus will mix antifreeze into your fish tank.

    IT WILL CAUSE YOUR TOILET TO FLUSH WHILE YOU ARE SHOWERING.

    It will drink ALL your beer. FOR GOD’S SAKE, ARE YOU LISTENING?? It will leave dirty underwear on the coffee table when you are expecting company! It will replace your shampoo with Nair and your Nair with Rogaine.

    If the “Bedtimes” message is opened in a Windows 95/98 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub.

    It will not only remove the forbidden tags from your mattresses and pillows, it will also refill your Skim milk with whole milk.

    ******* WARN AS MANY PEOPLE AS YOU CAN. *******

    And if you don’t send this to 5000 people in 20 seconds, you’ll fart so hard that your right leg will spasm and shoot straight out in front of you ,sending sparks that will ignite the person nearest you. Send to everyone.

    For those who may not have caught on yet- THIS IS A JOKE!

I received the joke hoax above from a friend and thought it illustrated the point well. It sounds ridiculous, doesn’t it? Of course you wouldn’t fall for that. Even if you were hooked into thinking that maybe there really is something called “subspace field harmonics” that can scratch your CD’s from afar, you hopefully realized that this was a joke by the time you got to the part about it drinking all of your beer.

While this is an extreme example, it isn’t that far off from some of the chain-mail and spam hoaxes that people fall for every day. The little boy in England dying of cancer does not want you to send him any more greeting cards. Congress will not be voting any day now on a bill to implement a modem tax. Neither Microsoft nor Disney has implemented any next-generation email tracking system that will make you rich if you just forward the email.

So- the joke cited above may be a little on the extreme side, but the fact of the matter is that people receive these messages frequently and for whatever reason- superstition, gullibility or just because they think its humorous- they propagate it to everyone they know and continue clogging the email boxes of the world with more junk.

Have you ever seen this message:

  • BlankA virus has been passed to me by a contact. Our address book in turn has been affected. Since you are in our address book there is a good chance you will find it in your computer too.We followed the direction below and eradicated the virus easily. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee anti-virus systems (nor OnTrack). The virus sits quietly for 14 days before damaging the system.

    It is sent automatically by messenger and by the address book whether or not you sent emails to your contacts.

    Here is how you check for the virus and get rid of it.

    1. Go to start, then: find or search option.
    2. In the file/folders option, type the name: jdbgmgr.exe
    3. Be sure to search your C: drive and all the subfolders and any other drives you may have.
    4. Click “find now”
    5. The virus has a teddy bear icon with the name jdbgmgr.exe. DO NOT OPEN IT
    6. Go to Edit (on the menu bar), choose “select all” to highlight the file without opening it.
    7. Now go to File (on the menu bar) and select delete. It will then go to the recycle bin.

    IF YOU FIND THIS VIRUS,YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK SO THEY CAN ERADICATE IT IN THEIR OWN ADDRESS BOOKS.

    To do this: (a) Open a new e-mail message (b) Click on the icon of the address book next to the “TO” (c) Highlight every name and add to “BCC” (d) Copy this message above and paste to e-mail. (e) Enter subject

Or, maybe you received a version that looks like this:

  • Subject: Virus AlertA virus has been passed to our computers. As your contact is in our address book, you may have received this virus from me as well.

    Please see the instructions below to delete and pass on to your contacts. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee or F-secure or VET anti virus systems. The virus sits quietly for 14 days before damaging the system. It’s sent automatically by messenger and by the address book whether or not you send e-mails to your contacts.

    Here’s how to check for the virus and how to get rid of it.

    Thanks

    YOU MUST DO THIS -

    1. Go to start (bottom left corner), find the search option (or “find”).
    2. In the files / folders option, write the name jdbgmgr.exe
    3. Be sure to search your C: drive and any other drives you may have.
    4. Click “find now”
    5. The virus has a teddy bear icon with the name jdbgmgr.exe DO NOT OPEN IT.
    6. Go to edit : choose “select all” to highlight the file without opening it.
    7. Now go to file and select “delete”. It will go to your recycle bin.
    8. Go to your recycle bin and delete it there as well.

    IF YOU FIND THE VIRUS YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK SO THEY CAN ERADICATE IT IN THEIR OWN ADDRESS BOOKS. SORRY ABOUT THIS. I’m SURE EVERYONE IN THE ADDRESS BOOK WILL HAVE IT.

    To do this open new email message, click the photo of the address book next to TO. Click every name and add to BCC. Copy this message, enter subject, paste to email, send.

These are two versions of the JDBGMGR Teddy Bear Hoax message. Yes, there is a file on most Windows computers called JDBGMGR.exe and, yes, it does have a teddy bear icon associated with it. However, it is a standard file and not the result of any virus or other malware.

For the record, if you did happen to delete the JDBGMGR.exe file, you probably have nothing to worry about. It is only necessary for Java developers. Here is a message from Microsoft about it:

  • The Microsoft Debugger Registrar for Java (Jdbgmgr.exe) is only used by Microsoft Visual J++ 1.1 developers.If you follow the e-mail message instructions and delete this file, you do not have to recover it unless you use Microsoft Visual J++ 1.1 to develop Java programs on Windows XP, Windows NT 4.0, Windows 98 Second Edition, Windows 98, or Windows 95.

    For Windows XP, Windows NT 4.0, Windows 98 Second Edition, Windows 98, and Windows 95: Reinstall Microsoft Virtual Machine (Microsoft VM).

The bottom line is this- if a message implores you to send it on to everyone you know there is a 99.9% chance it is a hoax or some other form of spam. Before you fall victim and continue the cycle of ridiculously meaningless email being propagated around the world, try validating the truth of the message at a site like the Snopes.com Urban Legends References or the About.com Antivirus Hoax Encyclopedia.

Tags: Email Security by Tony Bradley
Comments Off

Free Antivirus Detection and Removal Tools

AVG
Here, you can get your free copy of the AVG 7.0 Anti-Virus System – AVG 7.0 Free Edition and you will be able to use it without any limitations for life of the product.

Avast Home Edition
avast! 4 Home Edition is a free antivirus software for home noncommercial use. It scans for viruses, worms and Trojans on disk, CDs, in E-mail, IM and P2P . Incremental updates of virus database (twice a week) are small, fast and reliable.

AntiVir Personal Edition
The AntiVir Personal Edition offers the effective protection against computer viruses for the individual and private use on a single PC-workstation.

Clam Antivirus
ClamWin is a Free Antivirus for Microsoft Windows NT/98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus scanning engine.

ScripTrap
ScripTrap traps scripts when they attempt to run on your computer and provides the option of blocking them or letting them continue to run. You can also check the intercepted script with your anti-virus program before you decide to run it or not.

Trend Micro Online Scan
Give your PC a FREE check-up! HouseCall is a demonstration of the power of Web-based technologies that Trend Micro is developing to make deployment and management of virus protection in corporate settings fast and easy.

McAfee Stinger Virus Removal Tool
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.

Symantec Virus Removal Tools
Symantec Security Response has developed tools to automatically conduct what would often amount to extensive and tedious manual removal tasks. Check this link for a list of virus removal tools.

BitDefender Virus Removal Tools
SOFTWIN provides you with a powerful set of Virus Cleaning Tools, designed to detect and remove viruses that infected your system. These applications are also valuable because of their size, making them easily downloadable even with a slow Internet connection. Check this link for a list of virus removal tools.

Tags: Free Tools, Protect Against Malicious Software by Tony Bradley
2 Comments »

Free Security and Antivirus Software for Windows Vista: Beta Versions and Free Downloads For The New Operating System

According to a report on Information Week, a number of vendors, including Microsoft, are providing free downloads, Beta tests, or trial versions of their Vista-compatible security products. You can check out these products if you need antivirus and desktop security for your Vista PC:

Tags: Configuring Vista Security, Free Tools by Tony Bradley
Comments Off

Windows XP SP2 (Service Pack 2 )

There may be a large number of people out there in the world- people with jobs and lives who don’t lurk around computer security web sites or fish through computer magazines in all their free time- who may be unaware that the long awaited Windows XP Service Pack 2 (SP2) will be released by Microsoft soon. But, whenever Microsoft has to push back a release date it becomes front page news around the globe so its possible that even those people know. Regardless, Microsoft has released the release candidate (RC1) which is typically the last phase prior to a public release so we can expect to see SP2 available in the next month or two I would guess.

One of the most talked about additions in SP2 has been the Security Center and the changes Microsoft has made to a number of different features in the name of security. When Windows XP was first released it was hailed as the most secure yet. Windows XP Home edition, although it still lacks some of the most important security features of its Windows XP Pro sibling, was a quantum leap better in stability and security than its Windows home operating predecessors such as Windows 98 or Windows ME (Millennium Edition).

But, one of the chief complaints has been that there are still insecure features that are enabled by default while the security features such as the built-in firewall are disabled by default. This means that users must know enough to determine that they want the security feature turned on and then figure out how to navigate through Windows to find the feature and enable it. Its a little like selling a car with brakes, but having them be disabled until the user finds the right switch to turn them on.

Windows XP Service Pack 2 includes many new or modified features designed to make the operating system more secure such as:

  • Managing IE add-ons
  • Stopping malicious scripting in IE
  • Blocking pop-up ads
  • More secure Outlook Express email
  • A vastly improved firewall
  • New Security Center feature
  • Modified Automatic Updates configuration
  • Disabled Windows Messenger Service
  • Restrict ability of network services to propagate threats

Below is a more detailed explanation of each of these new and improved security features:

  • Internet Explorer Updates
    • Manage Add-Ons: Many programs install a plug-in or add-on which adds some functionality to the Internet Explorer (IE) web browser. Many users go about happily clicking OK and may install add-ons they don’t really want or need and some malicious programs might secretly install add-ons. This utility allows you to view the add-ons installed on your system as well as add-ons that have been used by Internet Explorer but not installed. You can enable or disable the different add-ons from this utility as well.
    • Pop-Up Blocking: Yes, you read that right. Internet Explorer will finally have the ability to block those annoying pop-up ads. Most other web browsers have already had this functionality, and many Internet Explorer users have adopted tools like the Google Toolbar which is a plug-in you can add to Internet Explorer to block pop-up ads among other things, so the annoying advertisers have already been busy trying to find other ways to get their ad in front of you. But, there are still plenty of sites with pop-up ads and this new feature will help make sure you don’t have to see them.
    • Modified Scripting Functionality: Unscrupulous sites can use scripting to accomplish a variety of mischievous, if not outright malicious, actions. With the current IE it is possible for a web site to open new windows that aren’t even visible on the screen or to open new windows that don’t have the normal status and toolbars which make them difficult, if not impossible to close via normal means. After SP2, IE will not allow developers- mischievous, malicious or just mis-guided- to do these sorts of things.
  • More Secure Email: SP2 makes changes to the way Outlook Express works that will help protect most users from unknowingly or accidentally infecting their systems with viruses or Trojans. Outlook Express will block a variety of file attachment types such as EXE or COM files which are executable and may contain malicious code. Graphic images are blocked by default, but allow you to right-click and download them anyway. This can help prevent the display of potentially offensive pictures in spam email.
  • New and Improved Firewall: EDIT: This section has been revised after I learned that some of the information I had regarding the improved firewall was incorrent.
    This is one of the best updates in SP2 in my opinion. The Internet Connection Firewall (ICF) that comes with Windows XP is not intuitively named or configured and is disabled by default. With SP2 the firewall gets a new name, Windows Firewall, and a number of significant changes that improve its functionality. Primarily, the Windows Firewall is enabled by default and is monitored through the Security Center. It also allows you to enable or disable it on an interface by interface basis rather than the all-or-nothing approach of ICF. This firewall is leaps and bounds better than ICF but probably not sufficient to replace a 3rd-party personal firewall such as ZoneAlarm.
  • New Security Center: With SP2, Windows XP adds a new option in Control Panel called Security Center. The main screen of the Security Center displays information on the current status of your firewall and antivirus protection as well as whether or not automatic updates are enabled. Each item can be green (On), red (Off) or orange (Unknown). Windows does not come with antivirus software, but it will check for 3rd-party antivirus software and let you know if it is running and up to date. The firewall portion favors that you simply use the Windows Firewall. When I disabled the Windows Firewall and ran my ZoneAlarm Pro instead the firewall check turned orange. Security Center was able to tell me that ZoneAlarm Pro is installed, but it was unable to verify it was running or properly configured so it marks the status orange. Regardless, this is a handy step in the right direction. It gives even novice users a sort of “one stop shopping” place to look to see whether their system has the basic protective measures turned on or not.
  • Automatic Updates: Automatic Updates are not new. Microsoft has long offered the option of enabling Automatic Updates so that your Windows system could periodically phone home and learn of any new critical updates that might be available. Depending on how you configure it, these updates can occur without your intervention while you’re snug in your bed, thereby keeping your system more or less proactively patched without any effort on your part. With Windows XP a little icon would appear in the Systray asking the user whether they wanted Automatic Updates turned on or not, but with SP2 the question of Automatic Updates is made much more obvious and harder to ignore. Hopefully this new approach will lead more home users to enable this feature.
  • Disabled Windows Messenger Service: This is not to be confused with the Microsoft MSN Messenger instant messaging program. The Windows Messenger Service is used to communicate between network devices and send alert messages and such to administrators. It is arguably unneccesary for home users and has been hijacked by spammers as a means for popping up unsolicited messages on users machines. Disabling it by default will stop this annoying spam from showing up on your computer.
  • Stop Network Attacks: In the past year or so flaws in the Remore Procedure Call (RPC) and Distributed Component Object Model (DCOM) technologies have resulted in a variety of malware including the MSBlast and Nachi worms. These threats were able to exploit these vulnerabilities to spread across network connections from computer to computer. The changes made by SP2 will help to reduce or eliminate exploits like these.

I could go on and on. This isn’t so much a patch or update as it is a completely new version. Rather than calling it Windows XP Service Pack 2 they could just drop the “Service Pack” part and call it Windows XP 2. With Windows XP SP2 Microsoft has finally made some tremendous strides in providing a more secure operating system by default rather than simply including some questionably functional security features buried somewhere within the operating system.

There is no question that every Windows XP user should acquire and install this update once it becomes available. Windows XP Home users will still be lacking in a number of very key security features that exist in Windows XP Professional (see 5 Steps To Secure Windows XP Home, but with SP2 it will be significantly more secure than without it. Not only will applying SP2 add all of this new security functionality, but it will apply all of the patches for the operating system up through the date they publish the Service Pack so the system will be protected against all of the known vulnerabilities through that time.

One of the biggest issues facing users will be acquiring the update. I have heard reports that it is in the 200Mb range, however the RC1 version that I downloaded was a 475Mb download which would take approximately 20 to 45 hours to download on a standard dial-up connection. While broadband use is growing rapidly, there are still a vast majority of users- the very users who need the updated security the most- who are using slow dial-up connections to access the Internet.

Perhaps Microsoft will offer to ship the CD for free to registered users by request. I have contended that Microsoft should partner with distribution outlets like Blockbuster Video or Best Buy or Target or something to offer Service Packs and other large updates on free CD’s for the taking the same way the ubiquitous America Online CD’s are pushed. If neither of those things occur, you might consider downloading it at work if you have highspeed access and won’t be violating the AUP (acceptable use policy) of your employer, or find a friend with broadband access and a CD burner to help you get the patch.

Tags: Windows XP by Tony Bradley
Comments Off

In Depth Security

In-depth security, or defense in depth, is the principle of using a layered approach to network security to provide even better protection for your computer or network.

No matter how good any single network security application is, there is someone out there smarter than the people who designed it with more time on his hands than scruples who will eventually get past it. It is for this reason that common security practice suggests multiple lines of defense, or in-depth security.

In-depth security uses layers of different types of protection from different vendors to provide substantially better protection. A hacker may develop an exploit for a vulnerability that enables them to bypass or circumvent certain types of defenses, or they may learn the intricacies or techniques of a particular vendor, allowing them to effectively rendering that type of defense useless.

By establishing a layered security you will help to keep out all but the cleverest and most dedicated hackers. As a baseline I suggest implementing the following computer and network security products:

Tags: Firewalls, Intrusion Detection / Prevention, Protect Against Malicious Software by Tony Bradley
Comments Off

Keep Your Windows XP Running Steady

Depending on the activities you engage in and the sites you visit, you can get some questionable, or sometimes outright malicious stuff installed on your computer. When you have a PC for your kids, or if you are sharing a PC with your kids, this can be an even bigger problem. Windows XP and Vista offer System Restore that will allow you to “go back in time” and restore your computer to a previous state, but there are even better solutions available as well. Windows Vista has excellent parental controls, but if you are running Windows XP you have to install the right tool for the job. Microsoft developed Windows Steady State to allow users of Windows XP more control over how the system is accessed and used (particularly by children) and to provide users (or parents) with a simple method for returning the computer to its formerly pristine state.

Tags: Blog by Tony Bradley
Comments Off