Security Fix Live

Security Fix blogger Brian Krebs was online to answer your questions about the latest computer security threats and offer ways to protect yourself and your personal information.

A transcript follows .

____________________

Brian Krebs: Good morning, dear Security Fix readers, and Happy St. Patrick's Day to you all, and thanks for joining us. If you've got a burning security question and you're feeling lucky, ask away! Now, on to the chat....

_______________________

Hyattsville, Md.: What can I do to ensure that my PC has not become a robot for some hacker and how can I prevent that from happening?

Brian Krebs: If you are following all of the standard advice (use a software and/or hardware firewall, keep your anti-virus software up to date, apply Windows patches and updates for other third-party applications when they are made available), the only other advice I would give is to be extremely wary of clicking on links that arrive in e-mail or instant messages, and never open e-mail attachments unless you are expecting a file from someone. Other that, avoid risky (adult, software piracy) Web sites, and stay away from peer-to-peer file-sharing networks. Also, you should be careful about what you choose to download and install to your PC. Take a few minutes to do your homework on third-party applications before you invite them into your computer.

_______________________

Arlington, Va.: I have win2k and last time I tried to shut down my system I was prompted to end a program called "Fax Monitor". I never ran this program which I understand comes bundled with windows. Any reason why the program was running in the first place and why it could not be shut down by itself. Thanks

Brian Krebs: Hi Arlington. You don't need this service running on your PC if you're not using it -- and especially if it is causing slowness or instability on your machine. You should be able to keep it from starting when Windows does by changing the settings in Services.msc

Go to Start, Run, then type services.msc in the window that pops up. Scroll down that list and look for an item that say "Fax Service." Right click on that listing, then select "Stop." When the service has stopped, right click on it again and select "Properties." Then under the "Startup Type" pulldown menu, select either "manual" or "disabled" and that should do it for you.

_______________________

Hyderabad, India: Sir, i am suffering with virus, it displays supu.exe file after some time the system shutdown with in one minute.

i am using windows 2000 NT operating system. i never face this type of problem in linux os.

i am using AVG antivirus

please suuggest the remidies

Brian Krebs: Hi there, India. Sounds like your PC may be infected with a worm: Check out this writeup from Trend Micro on the Plexus worm , which spreads through long-known vulnerabilities (there are patches available from Microsoft) in Windows 2000 and Windows XP. If you are getting hit with this it means you are probably also not running a firewall, which is a giant no-no.

Anyway, you need to delete a couple of files before you will be able to even begin get your system back under control (I would advise a total reinstall however); your PC is almost surely completely under the control of someone else.

When the PC first starts, enter safe mode by tapping F8 repeatedly. When the advanced options menu comes up, select "safe mode" and hit the enter key. After Windows is done starting up, search for the files "supu.exe" and "upu.exe" and delete them if found. Restart the machine and see if you can get to Microsoft.com. If so, go to the Windows Live Safety Center and let it run a full scan. If you can't get to Windows, or you're not running a legit version of the operating system, try downloading and running a scan with the free Stinger tool from McAfee.

If you still can't visit any anti-virus sites, open a command prompt and type the following instructions from Microsoft: According to Microsoft.com, if you can't get to the antivirus site and need to disinfect the computer (Windows XP, Windows 2000 or Windows Server 2003) you need to enter the following commands in a command prompt:

del/F %systemroot%system32driversetchosts

echo # Temporary HOSTS file> %systemroot%system32driversetchosts

attrib +R %systemroot%system32driversetchosts

ipconfig/flushdns

Good luck.

_______________________

Saranac Lake, N.Y.: Would you recommend for or against being one of the first kids on the block to switch to Windows Vista when it comes out?

Brian Krebs: Interesting question. I myself plan to be that kid, but then again I write about this stuff and am a total geek, so there you have it.

I'm not about to tell everyone to rush out and update their systems to Windows Vista when it comes out. I do think it will make security on Windows a bit easier for most average users, and as such will be a much welcome development. In particular, if Vista fixes one huge fundamental problem -- regular programs being allowed to change system settings and install other programs -- it will go a long way toward making Windows users much more secure online.

The other thing is that Vista will be built with a faster, more robust breed of machines in mind, so simply upgrading the OS without upgrading the processor, RAM, etc. is probably not going to be as fun as purchasing a new PC with the new OS installed.

_______________________

Texas: I cannot start my PC immediately after I switched off/on the power supply. However it can be started after about half an hour. If the power supply is not cut off it can be started immediately after shutdown. It works fine and never crashes. What has gone wrong? Is it problem with the MB? Please help.

Brian Krebs: Texas, It's nearly impossible for me to diagnose what is most likely a hardware problem without knowing more. But in my experience, power supplies can be the cause of a lot of problems on machines. Many power supplies are shoddily made, and depending upon the number of components you have added to your machine (additional hard drives, DVD drives, etc) the power supply may not be sufficient for your system. Your best bet is a process of elimination: You can purchase a decent 400 watt power supply for $30-$40 from a local electronics store. If it doesn't fix the problem, you know it's something else. Best of luck.

_______________________

Mike, D.C.: Brian -- Have you heard anything about a spyware application called Alfacleaner? If so, do you have any advice as to how it can be removed?

Brian Krebs: Mike, Alfacleaner is another one of these dang fake anti-spyware programs that use scare tactics and patently false claims about threats resident on your machine to get you to buy their worthless software.

As I always say, Google is your best friend in these cases. I have not tried these remedies myself, so your mileage may vary, but the step-by-step advice at the following web site appears to be a good one to start with. how to remove alfacleaner .

_______________________

Schaumburg, Ill.: I tried to install the 'Dogpile Toolbar' on my GUEST account, but I was not able to because it is not a system administrator account.

Any way around this??

Brian Krebs: Yes. You can install programs using a lesser user account such as Guest by right clicking on the installer file, and selecting "Run As." Enter the username that has has administrator (installation) rights, and that user's password. It should permit the install if you enter the correct username and password.

_______________________

Tampa, Fla.: Can you recommend any anti-keystroke logging programs? I understand internet security suites like AVG and Norton aren't that good at detecting this malware, much less removing it. Your Security Fix blog/column mentioned Spycop and SnoopFree. Have you tried these programs? Are there any others? Do any of the internet security suites excel at this?

Also, your article "Hacking Made Easy" explained the commercial nature of these attacks. This would seem to apply users of Macs and Linux should be muich less at risk because they represent such a small part of the universe of potential victims. Is this correct?

Even though I use a Mac, I refuse to use on-line banking. It's just too risky. Even if I suffer no direct monetary loss, my credit will be ruined, since credit agencies have no real incentive to correct bad information.

Brian Krebs: This question has come in quite a bit during this chat. I have not personally used either of those programs I mentioned. That was not meant as an endorsement, merely as a pointer for readers who were looking for software specifically designed to catch keystroke loggers.

In my experience, software suites -- those that claim to offer a number of different services such as anti-virus, anti-spyware, intrusion detection and prevention and so on --- generally do all of those tasks fairly well, but not really well, hence the market for specific technologies that address specific threats.

I sympathize with Windows users who are frustrated because they feel like they need five different fire alarms for their computer just to stay safe online: But that is the sad reality of using Windows machines these days. Your question about Macs is spot on. If you don't want to have to fret too much about maintaining all of the security fences a modern Windows PC needs and are in the market for a new computer, you would do well to consider a Mac. None of this is to suggest that just because you use a Mac that security is no longer a concern. But the fact is that at least at the moment there aren't any automated threats that are attacking Mac users.

As to your point about online banking, I really can't argue with that. I do a lot of business online, but I can fully understand your sentiment. Just yesterday I sat in on a hearing on Capitol Hill about the cybersecurity threat to small businesses, and a guy from the Secret Service mentioned how they're starting to see online criminals going after retirement accounts. It doesn't get any scarier than that, as far as I'm concerned.

_______________________

Rock Hill, S.C.: Thanks for your articles yesterday!

We use Zone Alarm Pro, Spy Sweeper, and Firefox browser whenever possible, update our software, and are really aware of hazardous email/websurfing behaviors, yet Spy Sweeper still flagged a keylogging monitor on our PC. I've been the default tech administrator for small nonprofits that I have run, and keep up as much as I can as a somewhat savvy layperson, and I'm sure there are many users like me.

If/when our systems do get breached, do you know if the banks, credit card companies, etc, have any safety net ... or do we lose our shirts?

your fan Anne in SC

Brian Krebs: Hi Anne, Thanks for your question: I actually got a very similar question in e-mail just yesterday from someone who said they thought they were doing everything right security-wise and then anti-virus turned up a keystroke logger on their computer.

The reality is that keystroke-loggers can be just as stealthy as other online threats, except that in many cases they tend to be used in more targeted attacks, which means the attacker has taken care to lovingly wrap the nasty file he's sending you in a unique digital envelope that can be unfamiliar to many anti-virus applications, at least initially.

To your question, credit card companies under law cannot hold you responsbile for more than $50 worth of fraudulent charges, provided you report the fraud in a reasonable amount of time (lost cards = 48 hours, eg.) but exactly what types of fraud related to your bank account are reimbursable varies by bank. Banks tend to be more forgiving with consumers than they do with businesses. There's a case ongoing with a guy who owns a business in Florida who had something like $90,000 transfered from his Bank of America account to somewhere in E. Europe as a result of a keylogger infection (at least *I think* it was a keylogger). B of A refused to reimburse him the money, but the guy is now suing B of A, claiming the bank should have figured that something was fishy about the whole transaction. So, to make a long answer longer, if you're counting on your bank to police your transactions, you may in for a rude awakening.

_______________________

Washington, D.C.: Spectacular article today. How long did it take to get that together? Also, does anti-viral software find and remove rootkits?

Brian Krebs: Thanks, Washington. Took about a week to report and a couple of days to write. Tracking down the individual victims and getting them on the phone was the hardest part.

Anti-virus software is not your best bet for removing rookits, which -- for the rest of our readers out there -- are programs designed to completely subvert the security of the system so that the user can no longer trust his PC or security programs that run on top of it to report the truth about the state of security on the user's operating system. These types of threats generally attempt to interecpt system processes at a very basic level, and so can fool even anti-virus software into thinking everything is okay when the real situation is just the opposite.

If you are concerned about rootkits, I might suggest F-Secure's free "Blacklight" tool , which is very effective and easy to use. Sysinternals also has a free rootkit detection program , but in my opinion it is not really designed with the average home user in mind.

_______________________

St. Simons Island, Ga.: The average home user could sure use a handy resource (like a pre-computer-flight checklist) to help them keep their computers (and computing, e.g. wireless surfing) secure. Where are the best security sites on the web where such resources are available?

Brian Krebs: So, I have tried to do this in a number of different ways on the blog and in articles, a few of which are pinned to the front of the Security Fix blog. Here are a couple of good starting points:

7 Tips for Safe Computing

Security Fix Video Guides to Securing Your Computer

...and this one that a reader just e-mailed in that I'd not seen before but looks like a great collection of tips (written by none other than Fred Cohen, the guy who pioneered the early anti-virus research in the 1980s/90s.)

50 Ways to Protect Your Information Assets When Cruising the Internet

Hope that helps!

_______________________

Brian Krebs: That's about all we've got time for this week, folks! Thanks to everyone who participated, and I'm sorry I could not get to all of the questions. Until our next chat -- scheduled for March 31 -- come by the Security Fix blog once a day for your daily dose of security news.

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Live Online discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.