Security Fix Live
Friday, November 9, 2007; 11:00 AM
A transcript follows.
Brian Krebs: Good morning and Happy Friday dear Security Fix readers! Welcome, and please feel free to drop in any security questions or concerns. But please try to be as specific as possible about your setup, including information about the type of security software and hardware you're using, and any error messages or strange behavior you may be dealing with.
San Francisco: What's the latest on the Storm virus, which you wrote about recently? Do you know how seriously the government takes this threat, and whether a major mobilization of security experts has happened? Do we have much chance of beating, or containing, this scary thing?
Brian Krebs: *Gets up on soap box*: There has been a major mobilization of resources to combat Storm, which as you say has been incredibly successful, mainly through the use of novel, ever-changing social engineering techniques to trick users into clicking on malicious links to sites that try to foist malware.
The problem as I see it is kind of a classic problem with respect to cyber crime and cyber crime enforcement. The resources being rallied against Storm are considerable, and there are a tremendous number of people that are contributing to the effort to blunt the success of this scourge. But the problem appears to be a lack of coordination among these efforts.
The sheer number of Storm-infected PCs appears to wax and wane, usually to tune of the amount of attention it generates. So, while there are a great many resources being brought to bear against this monstrously complex virus, those efforts don't appear to be nearly coordinated enough yet to effectively take out the criminals behind this network.
*End soap box rant*
Chevy Chase, Md.: If I have a unsecured wireless network, could someone see the data I'm transmitting?
Brian Krebs: Absolutely. Say I am Joe Nosey Neighbor, and I'm within a few hundred feet of your house. I could easily jump on your network -- and using freely available tools -- force your machine into routing all of your traffic through mine. With that kind of power, I could redirect your traffic to specific counterfeit sites, I could prevent you from being able to visit sites, eavesdrop on your instant messages, or even boot your machine off the network.
Almost all wireless routers come with some kind of encryption technology built in, usually either WEP or WPA. WEP encryption is fairly easy to crack, while WPA combined with a strong passphrase is fairly solid, though not unbreakable. There is no excuse for not using these built-in protections. At the very least, you're asking for someone to park outside your home and use your open wi-fi network to do something illegal.
A while back, I blogged about some very user-friendly and easy-to-follow online videos that walk you through setting up encryption on the most commonly sold wireless routers. Check it out at this link here.
Melbourne, Australia: G'day Brian,
I think I may be overdoing the security bit, but am not sure. I have XP Pro desktop with: Eset Nod32, Zone Alarm Pro, Windows Defender, Spybot SD Resident, Ad-Aware 2007, Spyware Blaster, Secunia Update Inspector, SP2 and a broadband router with firewall. Is this overkill? If so, which applications do you recommend I uninstall?
Also, are third-party tracking cookies really dangerous? Most of the above virus/security aps listed above treat them as dangerous. But a few websites (i.e. Google Page Creator) don't work as well if I don't allow tracking cookies. What will happen if I decide to simply allow all the tracking cookies they want to dump on me?
Thanks. Basically I'm starting to get security fatigue and would like to ease off a bit on the vigilance bit.
Brian Krebs: Well, other than that, maybe take some Vise grips and apply about 100 foot pounds of pressure on the Internet cable going into your house. That ought to make for a great hardware firewall.
Seriously, though, I know what you mean about "security fatigue." It's unfortunate that so many people have to become de facto system administrators just to stay safe with Windows these days, but that's sort of the reality.
You sound like you've got a pretty good setup there. My thought it you could probably do without one or the other anti-spyware tools (I'd lose Windows Defender, but that's just me).
New York NY: Hi Brian!
I'm a Luddite with a Macbook Pro (dangerous combination, like a 5-yr old violin student with a Strad). After my latest go-round with Verizon DSL cust. service (I'm on the phone with them for a couple hours once every month or 2 because their internet dsl service disappears for no apparent reason... but that's another story). This time, the tech hooked me up wirelessly. I'm now connecting w/my modem via Airport and a password. Unbelievably convenient, but is there a possibility of being hacked into? Do I need to turn on the Mac firewall-thingy?
Thanks, I read your chats religiously & forward crucial stuff to my PC friends!
Brian Krebs: Hello, New York. Your Luddite description made me laugh. But, if you're an inexperienced Internet/computer user, you could hardly do better than to go with a Macbook. Good for you.
The built-in firewall "thingy" on the Mac is pretty solid, and I'd recommend turning it on and keeping it on. There really is no reason not to.
Great Falls, Va.: Brian,
I have always learned something new from your column. Thanks.
Is Vista included in Patch Tuesday ?
Brian Krebs: Yes, Microsoft uses the second Tuesday of each month to push out security updates for its software, which includes patches for Windows Vista, Windows 2000, Windows XP and Server 2003. The company also uses Patch Tuesday as its called to release security updates for most of its other products, including Microsoft Office.
To your question, it does not appear, however, that Microsoft intends to ship any updates for Vista this month. Neither of the two patches Microsoft has said it plans to push out next week apply to Vista, but Microsoft always cautions that its plans can change, so check back at the Security Fix Blog next Tuesday for the rundown on the latest updates.
Antwerp, Belgium: Hi Brian,enjoy your chats.I have a SMC wireless rooter Barricade 802.11g hooked on to my main PC. For a second PC which is a few rooms and walls away I use a SMC USB wireless N adapter. But I have difficulties getting an Internet connection. The adapter gives a good-very good connection 50-60 percent but can't get a Web page. Only way I can is using an extension cord&bringing it a few feet closer to the main PC but its still a bit away. My service guy suggests I get a DLink N rooter DIR635 with 3 antennae that carries further & should give a better reception. Better than a G type rooter. And what is best positions of the antennae, straight or slanted?Any comment? Thanks and have a nice weekend
Brian Krebs: Hello, Belgium. Thanks for coming by. I don't have much experience with SMC's products, but I referred another guy who asked a similar question recently about the N adapter to DSL Report's FAQ page on SMC products, which is fairly comprehensive. Check it out here. Good luck, and sorry I can't be more helpful here.
Arlington, Va.: What's this cyber jihad all about and can they really cause mass havoc?
Brian Krebs: The reader is asking about recent stories suggesting that some coordinated "cyber jihad" attack is supposed to take place against American commercial and government Web sites. I didn't write about this mainly because it seemed pretty thinly sourced (the sole source is a vehemently pro-Israeli site).
We've seen these kinds of rumors come and go before, and each time they turn out to be much ado about nothing.
Symantec has a writeup on a e-jihad for dummies type tool that is apparently designed to let even your dog conduct denial-of-service attacks against Web sites with the click of a mouse. However, the download sites are all....well, down at the moment.
The reality is that e-jihad or no, there are no shortage of these point and click tools that any idiot could use to try and knock a Web site offline. It's also true that these kinds of coordinated attacks happen every day.
So, in short, nothing to see here.....move along.
San Diego, Calif.: Good morning Rob. I recently got a message from Zonealarm that it encountered a problem and had to shutdown. The problem reported was with SonicWall.net and the service that stopped was mantispam. I don't have any SonicWall hardware or software. ZA was actually still running but not mantispam. I restarted ZA and the problem has not reoccurred. Any idea what happened?
Brian Krebs: Um...this is Brian Krebs, not Rob.
Now that we've got that straight, I'll bite. Unless I'm mistaken, mantispam is a component of Zone Alarm Pro (you don't say you're using Pro, but I'll be you are) designed to integrate with Outlook and help you block spam, nasty e-mail viruses etc. I'm guessing for some reason the program just crashed. If it hasn't happened since, I'd say no worries. But if you're not using it, I'm pretty sure ZoneAlarm has an option to turn it off or disable it.
Pittsburgh, Pa.: Hi Brian. Enjoy your column. Have a Dell quad core notebook at high end. Yet it is slower than Emachines desktop with Athalon 64 3500+ in opening and running a stock graphics program. Standard spy and utities sweeps yield zilch. Task Mgr shows Isass.exe. Some sites say worm and "buy our product", others say not. Any insight?
Brian Krebs: Hi Pittsburgh. Is the machine slow only when you use the Stock graphics program? If so, it may be a glitch in that program itself.
Lsass.exe is a normal Windows system component, and at least one version of that system process will be running as long as Windows is.
If a virus check and anti-spyware run give you a clean bill of health, consider checking to make sure you don't have a large number of harmless but otherwise unnecessary programs running at startup. A couple of great tools for this check are Process Explorer-- which tells you in plain English which processes are running and who made them -- and HijackThis!, which lets you control which programs should be allowed to start up when you boot into Windows.
Run both of those programs on your system, and whittle away at programs that don't need to be run at startup (QuickTime helper programs, other pre-installed crapware, etc).
MAC OSX: Hello - I haven't upgraded yet to the newest MAC version. Am I OK, or should I go ahead and upgrade ASAP?
Brian Krebs: You're asking about upgrading to Mac OS X 10.5 (Leopard)? Upgrade if you want, but as long as you've got the latest patches installed, you're fine. A number of my co-workers and friends have updated and are happy with it, but I don't plan to anytime soon, as I don't really see the need.
If, however, you're looking for a good backup solution for your Mac, upgrading to Leopard might make sense. I have heard rave reviews of the built-in Time Machine backup feature that supposedly makes backing up your data on a Mac a cinch.
Rockville, Md. : Brian:
I used to use Ghost for backups to an external hard drive, but my last three system backups have used the Windows backup (Windows Vista Ultimate).
Can I start my computer with the install disc? or do I need some boot program on a CD or flash memory?
I should know this, but for some reason it has never been presented in a way that I understand.
Brian Krebs: I'm not sure I completely understand your question, but I'll give a shot at answering it anyhow.
Most computer data backup solutions come with or prompt you to create a boot disc that is designed to be used when your Windows installation fails to boot up for whatever reason. These boot discs generally allow a small bootloader program to run that is then capable of finding backed up images of your drive on external or networked drives.
Generally, then, you are given the option to replace the current image of Windows installed on your machine with a known, working backup. Bear in mind that if you choose this option, you are essentially overwriting any data on the drive that was not saved during your last backup.
Hope that answers your question.
Oh, and since there are still several unanswered questions in the queue about which type of backup software I use, I use Acronis True Image 9.x, which has helped me on numerous occasions to fix machines that for one reason or another failed to boot up correctly.
Brian Krebs: That's all the time we've got today, folks. Thanks to everyone who stopped by to read or toss a question in the hopper. We'll have another Security Fix Live two weeks from today. In the meantime, please consider visiting the Security Fix blog regularly to stay up to date on the latest security warnings, news and advice. Be safe out there!
Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.