Security Fix Live

Security Fix blogger Brian Krebs was online Friday, Dec. 15 at 11 a.m. ET to provide advice on how to protect yourself and your personal information online.

The transcript follows.

____________________

Brian Krebs: Good morning, dear Security Fix readers, and Happy Friday and Happy Holidays to you all. The questions are piling up in the queue, so I will jump in right away. Please remember, if you have a security question about your computer or network setup or problem, please remember to give me some basic information about your computer, operating system, and other relevant installed software.

_______________________

Phoenix, Ariz.: Brian, Is there a tool that I could use in a windows PC that would prevent copying of files to USB drives and CD Drives without permission?

Brian Krebs: Yes, I think I found a couple of tips that appear to accomplish what you're looking for, although they're not software, they're registry hacks (i.e. FREE). Be sure to backup your registry (and that you understand how to restore it) before mucking around with the registry, though.

Disable CD-Burning in Windows XP (this hack may only work in XP Pro)

Disable USB-writing in Windows

Let me know if those don't do it for you. Good luck.

_______________________

Lititz, Pa.: I am using the new version Webroot Spysweeper with Antivirus all in one executable file and find that the footprint is much smaller than the other security suites that I have tried in the past. I have an entry level 3 year old PC with limited resources (Celereon 2.2 CPU and 384 RAM). Will I get noticeable improvement adding more RAM? I do not multitask--just email, google search, and online chess. Sincerely, Mark

Brian Krebs: Adding more RAM is about the surest way to speed up the performance of your computer. When I first built the PC I'm using to write this, I put in 512 MB of RAM, and it ran fine. Later, I upped it to 2 Gigs, and the difference was incredible. Hardly any slowness at all, and multiple applications run very quickly.

Unfortunately, a lot of older Windows PCs (HP, Dell, among others) restricted how much memory people could add. Some even put the ceiling at 512 MB or a Gig. That's too bad if that's the case with your machine, but if you can afford it, get the max. Check out Crucial (www.crucial.com) to make sure you order the correct RAM for your system.

_______________________

Baltimore, Md.: Brian: On Tuesday, I made the mistake of saying "yes" to an offer from Symantec as my security subscription was expiring and replaced Norton 2005 (preloaded when I bought the Compaq) with a download of 2007. Of course, there was a download screw up and the product won't launch. I have the information needed to uninstall and have cancelled the order, with a refund promised.

But my question is, what is the best anti-virus, anti-spyware product for home users? If you say Norton, I will buy it on CD, because the download was a nightmare even before the failure to launch--took about an hour over a DSL line, required two restarts, etc. Of course, my 2005 version had performed flawlessly for a year and half. There's a lesson here...

Brian Krebs: I get this question almost every chat I do, and I'm usually reluctant to answer it because I don't want to tell people what anti-virus software to buy, but this time I'll bite. I've made no secret of my distaste for Norton and its resource-hungry ways, and I've made the same criticism of other AV products. I use Eset's NOD32 on a couple of my machines, and have been quite happy with it (aside from one incident in which it wouldn't play nice with Google Desktop, but I figured out how to fix that.) For most people, it's important that they have SOME kind of AV on their system if they're using Windows. AVG Free is nice, and Anti-vir (Avira) recently received very high marks for detecting new (unknown) malware, even in front of all of the other non-free AV products.

If you're looking for comparative testing, check out the reports at AV Test and AV Comparatives.

_______________________

Arlington, Va.: Hi Brian, Have you discussed the U3 system for flash drives yet? I couldn't find a prior discussion, but I may have missed it. In theory it sounds great: bring your base PC settings to any public PC, do some serious work (whether MS Office or internet), leave no trace on that PC after you leave, etc. It also includes Virus scanning (presumably before it lets you do anything), a password repository, and some other stuff.

I'm especially interested in how secure it is in practice. Does it really make it safe to use those PCs in libraries and i-cafes for more than just net surfing? If so, it might make it worthwhile to put up with the hassle of using the U3 apps.

Brian Krebs: Hi Arlington. Thanks for your question, which is kinda spooky because I've actually been reading up on U3 quite a bit over the past few days. It appears to be a promising technology, but from the comments I've seen from people who have used the U3 devices, some appear to be unreliable and prone to freezing up. I'm sure that is not the case for all of them. As for security, I don't know because I haven't used them myself, but I plan to fix that very soon.

They are cheap (Newegg.com has 4 GB U3 Flash drives for about $60 bucks) and I could see them being very useful for PC techs and those who find themselves constantly in family-pc repair mode (like yours truly).

At any rate, I may soon publish a review on this. I think it's useful and interesting, and as more companies get interested in it (or perhaps an open standard is advanced) some of the kinks will be ironed out.

_______________________

Brian Krebs: Sorry. I meant to include links in the last response to where people could read up more on U3: Read more at Wikipedia and at the official U3 site.

_______________________

Cody, Wyo.: Hi Brian, Your December 13th article on yet another Windows security vulnerability, this time a wireless access flaw, was very interesting. I used to have my laptop set up for wireless access for when I needed to be on the road a long time. But after beginning to understand all the wireless security vulnerabilities, I quit using it. Instead, I started using hard-wired access whenever and wherever I travelled. I realize wireless access is a great convenience for frequent travellers, particularly business folks. And hard-wired access is just not as readily available. Seems to me, though, since security is such a huge issue today for all of us, it might be worth a little inconvenience to find a greater degree of security. I don't have a question, just wanted to offer my opinion -- which is from someone who is definitely a non-techie type. Thanks for your always great and valuable columns. John

Brian Krebs: Hi John, nice to see you again. Thanks for the compliment. He is referring to this blog post:

Microsoft Tweaks XP Wireless Security

If you use Windows XP on your laptop, and haven't applied this update, take a second to read the blog post and update your computer.

_______________________

Madison, Wis.: While all the attention is on the PC, what antivirus would you recommend for the Mac/Intel machine? Thanks, Dr. B.

Brian Krebs: I would recommend ClamAVX for Mac users. It's free. Check it out at this link here.

_______________________

Arlington, Va.: Brian, Do you know why I have to continually reboot (every other day or so) my wireless router (D-link 624)? Even though my wireless laptop says it can see the router, it can't acquire an IP address. My neighbor complains of a similar problem with his Linksys. Once rebooted, everything works fine. Thanks, Rob

Brian Krebs: No idea. Have you tried changing the channel that your router broadcasts its wireless signal on? Could be that you and your neighbor's routers are broadcasting on the same channel and causing mutual interference. The router administration page should let you choose which channel to broadcast on. But that's just a shot-in-the-dark guess.

Also, wireless device makers occasionally develop poorly written firmware, the software that powers hardware devices, and this may be the case for your device. Perhaps there is a firmware update that you can apply that fixes this problem? Let's see.

Mosey on over to D-Link's support page for this product, and you'll see that "There are multiple revisions of the DI-624." Follow the directions there to find out which revision you are using, and then click on the support link for that. You can check which version of the firmware you are running by going to the router administration page (i think it's just 192.168.0.1 in your browser address bar) and looking for the firmware tab or option. If there is a firmware update available, apply it and see if it fixes your problem.

_______________________

Haifa, Israel: In a reply to a question on this session, you have mentioned AVG Free Anti-Virus. I have been using it for several months now. However, I receive now notices that it is discontinued on January 15, 2007. -They offer an upgrade, but this won't be free anymore. Is this universal, or only affects some users like myself? If universal, you should let other users. TIA, Robert

Brian Krebs: I covered this in a blog post this week. Please see:

Finding the Free Version of AVG 7.5 Anti-Virus

_______________________

I-270 Exit 1: I took your advice from a previous blog or chat and work through limited user account in Windows rather than the administrator account. However, for added security I prefer to disable the network connection if I'm not using the computer for a long period of time (e.g. overnight) as it is more convenient than shutting down the system and rebooting later. I am unable to disable the network connection from a limited user account. Is this at all possible, must I switch to the administrator account to do this, or is it not necessary.

Brian Krebs: Do you have a DSL or Cable modem? Most of those come with switches that you can turn off and on to disable and enable them. If so, why not just use that? I don't really think it's necessary, but it's not a terrible idea. You can't attack what isn't there, right?

_______________________

Cody, Wyo.: Hi Brian, Regarding the participant who talked about his/her "Norton nightmare," I also have had tons of trouble with Norton products. I recently dumped them all, and replaced their antivirus program with BitDefender. It was highly rated by Consumer Reports, and I love it -- no problems at all. Of course, it's not free. But it's cheaper than Norton. John

Brian Krebs: Here's another complaint from NJ: Livingston, N.J.: The 2006 Symantec security suite brings my two computers to a crawl. Does the Microsoft suite do the same? How about Kaspersky?

Symantec are you listening? I swear, every chat about one-fifth to a quarter of all the questions are gripes about the latest Norton products. I don't know what they've done to muck it up so badly, but I've heard nothing but nasty complaints about their 2007 suite.

_______________________

Minneapolis, Minn.: My ex girlfriend some how has bugged my personal computer. She knows the websites I go to, such myspace, etc. She knows the details. I have ran spybot, but I can not find anything. Any ideas?

Brian Krebs: Ooh. That's a tough one. You're in something of the pickle, there, my friend. It's one thing if a virus or Trojan horse gets on your machine, but it's entirely another story when someone malicious has physical access to your computer. Who knows? You can buy hardware devices that plug into the mouse/keyboard ports that steal data; or you can buy any one of dozens of commercial and legal keystroke logging programs that will monitor and relay information about what users read, surf, chat, etc. Note, the sale of the programs is legal, but many uses of them are not. And most of these can be configured to hide from the taskbar and from the Windows Task Manager.

Anyway, I'm not sure what to tell you, except that perhaps you should consider a reinstall of the operating system. Alternatively, you could download and use a "Live CD" distribution of Linux like Ubunutu or Knoppix. If it were me, I'd download some tools that allow me to watch my own Web traffic going in and out of my machine so that I could find out which process is doing the spying and reporting and to which Internet address. To get started, you might check out Process Explorer (just bought by Microsoft but still free...I think validation may be required, though) to get an unbiased look at the processes running on your machine. Also, if you'd care to familiarize yourself with the Windows command line tool netstat you can get an idea of which ports are listening and communicating on your computer with the outside world.

_______________________

Gaithersburg, Md.: Brian, What causes the firewall in Windows XP to become greyed out and not allow you to check to turn it back on ? Thanks

Brian Krebs: It *could* be malware related, but I doubt it. This is probably the result of some policy set on your machine. Are you referring to a computer at work or one that was previously part of a domain or larger network? It may be that the group policy was set on the machine to disallow access to that feature.

Alternatively, if you have taken my advice and are running the PC under a limited user account then you will not be able to access this feature unless you are logged in as administrator.

Hope this helps.

_______________________

Arley, Ala.: Sir: when I forward email with pictures attached, the people I email to always get a white box with a red x, I see the pictures fine. I also notice that when my mother sends me forwarded pictures, I get the white/red. I have started to put the pictures into Picaso and then emailing them from this program which works fine, but why sure I have too?? Thanks, love your column. Harry

Brian Krebs: This is a good example of how having more information about your setup and programs you're using (in this case which e-mail client) would be very helpful in getting an answer to your question.

_______________________

St. Louis, Mo.: i have a gateway laptop, has there been a patch released for the wireless (broadcom)problem you mentioned a few weeks ago??

Brian Krebs: I don't know for sure, but perhaps. They issued one that fixed the problem on my HP. Check for yourself: Visit Microsoft Update, let it scan, and then select the the "Hardware/Optional" option at the left hand side of the screen. Drop me a line at brian-dot-krebs-at-wpni-dot-com and let me know what you found, please.

_______________________

Washington, dc: this is probably pretty basic stuff, but I just bought a new PC last night and will want to get rid of my obsolete old one. how do I wipe out the hard drive? I live in Crystal City - is there a place I can recycle the monitor, printer, old scanner, and CPU?

Brian Krebs: Security Fix had a longish discussion a while back on ways readers could wipe old hard drives. Check it out here.

Here's a list of ongoing "e-cycling" centers/efforts in Virginia. Some of those programs also specialize in refurbishing old computer equipment and distributing it to local schools.

_______________________

Arley, Ala.: Very Sorry, I use MS ME os with outlook express and so does my mother, I have 512mb of ram, and my Gateway runs fine, and I use DSL. Thank you., Harry

Brian Krebs: Apparently you are not the only Outlook Express user having this problem. This guy here seems to suggest it has something to do with an OE patch gone awry and has some suggested workarounds. E-mail me please if his advice doesn't work for you.

_______________________

I-270 Exit 1 (again): Thanks for the response. I use the modem provided by Comcast. It has no on/off switch. I can only detach the power cord.

Brian Krebs: Hrm. Okay, why not just shut down the computer when you're not using it? That would essentially accomplish the same goal.

_______________________

Rockville, Md.: Brian: I set my security level down and then had a problem when I wanted to regain my administrator status. It was lucky that I had another account for my wife that was still "administrator." My screen saver does not work in the limited status and my Dell network assistant does not work. Is there any chanced to fix that? The screen saver (Gallery Player) company said perhaps in the next version. I have not contacted Dell just yet. I do hope my security is better.

Brian Krebs: There are a couple of ways to address this. One is to use another screensaver that doesn't require admin access. Same with the "Dell Network Assistant." Sounds like an unnecessary add-on from Dell. Have you considered just removing the assistant? Windows has a built-in feature that manages wireless clients, and if this is a desktop system I'd definitely remove it. Have you searched Dell's user support forum about this yet?

But if that advice is too drastic (a lot of people would probably yell at me for that), maybe just consider Microsoft's somewhat kludgy workaround for troublesome programs in limited-user mode:

1. Right-click the program's file name or shortcut.

2. Click Advanced, click Run with different credentials, and then click OK.

3. Start the program.

4. When you receive a prompt, enter an administrative user ID and password.

_______________________

Oklahoma City, OK: You mentioned in an earlier piece in the last week or so that you were having problems with AVG 7.5 and ZoneAlarm. Is it the free version of ZoneAlarm? If so, could you describe the problems and-or provide a link to that prior piece. Thanks for this segment that really empowers "the readers" and makes the news process a two-way street.

Brian Krebs: Hi Oklahoma. Thanks, and you're welcome.

I will update that blog post, but essentially the program just started working after a day without my doing anything. I could have been merely a glitch with the update servers combined with my impatience to get it working. In any event, it appears to be working and updating just fine now with AVG 7.5. Go figure.

_______________________

Brian Krebs: Thanks to everyone for making this another lively Security Fix Live chat. Please join us for our next chat on the first Friday in 2007. Until then, don't forget to stop by the Security Fix blog once a day. Be safe out there, and happy holidays!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Live Online discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.