29
Sep
06

A Few Good Apps For the Security Minded

As much as I listen to security-oriented podcasts (by the way, Steve Gibson’s Security Now is great!) and read various websites about protecting yourself while on the Internet, there’s always the lingering fear in the back of my mind that there’s software hidden somewhere on my machine and that someone’s checking out “my stuff”. I read a great article talking about some free and tested applications in the November 2006 edition of Maximum PC and I think everyone should consider using these. (That is, if you don’t have a solution already.)

Just for the record, I haven’t been paid or asked to do this. I just find it unfortunate that spyware and malware are taking over people’s machines and I hope that this might help to counter that trend a bit. But a few preliminary words of caution….

BEFORE ANY OF THESE RECCOMENDATIONS CAN BE OF ANY USE, PLEASE MAKE SURE THAT:

1. YOU HAVE WINDOWS XP SET TO DOWNLOAD UPDATES AUTOMATICALLY!! New security breaches are being discovered all the time. (If you are not sure whether or not you’ve been running Windows Update, here’s how you can run it: (Click Start Button — Go to “Programs” — Then click on “Windows Update”). You can also set it to run automatically from within the Control Panel under the “Security Center” applet. (My options are set to automatically download new updates, at which point I can select the option to install them.)

2. YOU ARE RUNNING WINDOWS XP SERVICE PACK 2. Service Pack 2 contains many significant updates to the Windows security structure (including a software firewall.)

3. YOU HAVE A NAT (Network Address Translation) ROUTER ATTACHED BETWEEN YOUR CONNECTION AND THE CABLE OR DSL ROUTER!! They’re cheap (about $30 – $60) and they allow you to split your Internet connection — usually among four other computers. But most importantly, they act as a built in firewall out of the box to provide you a degree of protection against machines that are sniffing for open computers. You can buy practically any brand of router — Linksys, Netgear, D-Link, Belkin — just make sure you have one. (I have the Linksys WRT54G — very popular and can be found for around $50 now.)

The above recommendations are the basics. Installing the software below without having done each of those three suggestions above is like putting air in your tires when your gas tank is empty.

Once you’ve done the above, here are some great additional protection solutions:

A-Squared Anti-Malwarescanning.jpg

Practically everyone is familiar with Spybot Search and Destroy and Ad-Aware. And those apps have been my old standbys for quite awhile now and I still trust them. At the same time, A-Squared has been recommended by quite a few people and is said to have detected spyware that Ad Aware and Spybot may have missed.

The interface is certainly much more polished. It’s a free solution and in addition to spyware, it also looks for dialers, trojan horses and worms. And unlike some of the other solutions that I’ve tried with some of my customers, this is one that will actually clean the infection. (Another package that I won’t mention found all of this spyware…. but then they wanted us to pay to get rid of it. Pretty sneaky. I’m running A-Squared myself and it appears to run fine. A-Squared is from EMSI Software and can be found here.

NOTE: On the link, there are several versions. My recommendation is that you download the free version called “a-squared Free 2.0”. The difference between this and the “a-squared Anti-Malware 2.0” paid version is that the free version lacks the “ongoing support” types of features. So, for instance, you won’t have the “Background Guard” (that runs all the time and detects any spyware from sites that you might visit), “Automatic Updates” and “Scheduled Scans”. However, if you find that you really like A-Squared and want the ongoing protection, you can support them and pay for the full version. It’s $39.95 for a one year subscription. (Kinda pricey if you ask me.)

A Brief Word about “Viruses”, “Spyware” and “Adware” – Many people confuse “viruses” with “spyware” and “adware”. They are closely related, but there is a difference. Spyware and adware (which A-Squared protects you from) are programs that are seeking to either display pop-up ads on your screen as a form of advertising or that seek to take control of your machine for some malicious purpose. (That purpose could be to look for financial information on your computer, steal your music or 4c579874.jpgpictures, etc.) Viruses have been with us a lot longer. Viruses are files that infect other files or your system — which would cause you to have to run some cleaning utility. Viruses can delete directories, attach themselves to files and overall just cause your system to be rendered useless. This is where Anti-Virus software comes in. Anti-Virus software acts as both a preventative measure (so that viruses are contained as soon as they come into contact with the system) and as a treatment measure, as they remove any viruses that the system may already have.

AVG Free Edition

Right now I’m using NOD32 for my Anti-Virus protection and it comes highly recommended in the security community. However, if you’re on a budget, AVG Free Edition sounds like a good free alternative. I haven’t tried using this software, but according to Maximum PC, it does all of the standard things you’d expect, such as regularly update the definition library (so that it knows about new infections) and scans your machine at regular intervals. If you are careful in your browsing, stay away from “warez”, peer-to-peer sharing apps and don’t open attachments or have scripts enabled in your e-mail, you should be fine and probably won’t need Anti-Virus software. However, since most people aren’t careful, this is great free layer of protection.

AVG Free Edition is from Grisoft and can be found here.

Unlocker

(This isn’t really malware protection, but it gave me peace of mind, so I’m includin’ it here.)

For a long time, there was a windows behavior that led me to think that the 2600 folks were after my data. Occasionally when I’d listen to an mp3 or download a short music video, after I was done with it, I’d try to delete it. And occasionally Windows XP would report this error:

example.png

It had been driving me crazy. To me, the implication was that there was someone else who was using my data and that had it open, causing me to be unable to delete it! Well, thanks to Cedrick ‘Nitch’ Collomb, by using his Unlocker application, I found out that it was only a bug and that usually Windows Explorer still had a process running (even though all of my windows were closed.) Using Unlocker, you can see any of the processes (which you can’t see in the Task Manager) and stop them. Oh happy day!

Unlocker is a free application and it is available here. (BTW, Cedrick is an independent developer — if you have this problem and if you find Unlocker useful, he has a PayPal account that you can use to donate to him and support his efforts.)

Blacklight

I left the most sinister form of malware for the end. The dreaded rootkit. A rootkit is a form of malware that runs at a layer under the actual Windows Operating System and, for the most part has been considered “virtually undetectable.” (You may recall Sony getting into a bit of trouble by having some of their music CDs install rootkits on customer’s machines. Kinda makes you not feel quite so bad about all the exploding battery problems that they’re having now.) Anyhow, Blacklight is software that claims to be able to detect rootkits and then remove them.

A word to the wise… I think this is a great effort. Blacklight looks like a solid attempt at detecting rootkits. However, because of the very nature of rootkits (and their inability to be detected by most scanners), I hesitate to recommend this as a solution that completely resolves all rootkit problems. I’d say that it’s better to have run this program than to suspect that you may have a rootkit and not know for certain.

If you run Blacklight and there’s no sign of any rootkit, I guess you can rest somewhat easy. However, if you run Blacklight and it actually does find something, my strong recommendation is that you back up all of your documents, bookmarks, pictures, media and settings to an external hard drive, format the hard drive and do a complete reinstallation of Windows XP.

Blacklight is a free download from F-Secure and it is available here.

————————————————-

They say that an ounce of prevention is worth a pound of cure. Unfortunately, most of the customers that I work with don’t seem to take this to heart until after they’re downloading music from Kazaa or downloading an application that gives you 500 different smiley faces. These four featured applications (coupled with the advice at the top of the post) combine to form a sound solution that is largely free and will keep you safe (for now — new stuff is always being discovered) while you enjoy your web browsing experience.

Advertisements

3 Responses to “A Few Good Apps For the Security Minded”


  1. 1 Jeff T
    September 29, 2006 at 2:19 pm

    The “Can’t Delete File of Folder” message that you mentioned is not a bug. When you run applications which access other files such as the Mp3 you mentioned, then close the application, it takes a short time before the application releases the memory it used when playing the file. Basically it’s like trying to delete a file while your playing it. I can reproduce this error at any time.
    But I have encountered a case with Adobe Reader where I close the program and still find the process running in the background and I have to manually end it.

  2. September 29, 2006 at 3:07 pm

    This is definitely not be the same problem that I’m talking about…. there have been times when I’ve done entire reboots (even a couple of times in Safe Mode) only to log back into Windows and not be able to delete the file. I’m familiar with applications needing a few seconds to release the a file. This is a bit different.

    Here are just a few of the other folks having the same problem:
    http://labnol.blogspot.com/2005/06/windox-xp-error-cannot-delete-file.html
    http://www.annoyances.org/exec/forum/winxp/t1061299714


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: