Security Fix Blogger
Friday, March 28, 2008 11:00 AM
The transcript follows.
Brian Krebs: Good morning, and happy Friday, dear Security Fix readers. Got a security/computer question/problem? Fire away, and I'll do my very best to tackle it before the hour's up. Please be as specific as possible in describing your system setup, installed security software, etc.
Verona, Italy: I use Windows XP Home (SP2 and auto updates) and after reading your advice I created a separate user account and now I use the Administrator account only to add new software. Before creating the user account I had disabled MS Messenger via the msconfig option. It continues to load into the system tray upon start-up in the limited user account, but not the Administrator account. Any advice? Thanks.
Brian Krebs: Hi, Italy! You should be able to just double-click on the MS messenger icon, and then select options/preferences. There should be a box or radio button next to an entry that says "start messenger when windows starts." Uncheck that and you should be golden. If that doesn't work, you can nix the program from starting using something like Hijackthis!
Arlington, Va.: Hi Brian,
I use Firefox on both my XP and Vista Home machines. I do use the NoScript Firefox add-on which seems to work very well.
I have noticed that there are fairly regular updates (sometimes daily) to this extension, which got me to thinking:
Are these constant updates the result of compromised security in any way? i.e., am I at risk while visiting websites before I have updated the Noscript to the most recent version?
Brian Krebs: Yeah, that's one of the annoying things about noscript: there seems to be a new version almost every day. On the one hand, it's nice that the author of this add-on takes such care in updating it to fix things and add new features, but it seems to have an update for noscript almost every time I restart the browser. So to answer your question, you're not alone, and the updates don't compromise your security in any way.
Dallas, Texas: What is the best antivirus/antispyware solution for Windows Server 2003?
Brian Krebs: Mosey on over to the blog post we ran a few days ago about anti-virus tests. There's a link to some test results that grade more than 30 different anti-virus products on various peformance aspects.
Fairbanks, Alaska: Two weeks after reading your post on the Skype chat message virus link scam, I received an "urgent" Skype chat message informing me that my computer was infected with a virus and that I needed to click on an link in the chat message to download a program to fix my computer. Thanks to your blog, I immediately realized that this message was a scam and that clicking on the link would be very ill-advised. Thank you very much.
Brian Krebs: Very glad my warning was helpful. Would you be so kind to drop me another question or e-mail linking to the post that you're referencing here? I ask because this sounds a lot like a blog post I almost put up recently but didn't, and now I'm feeling like I'm losing my mind. Thanks!
Washington, D.C.: Posting early before the Friday rush at my office. Is there someone for me to forward e-mails addressed to my ISP-specific e-mail address after I no longer belong to the ISP? For example, let's say that I once used AT&T as my ISP (just suppose). I have tried to change my e-mail address and/or notify friends/businesses that my e-mail has changed, but I'm sure there's someone who will try to contact me at the old e-mail address. Is there some kind of service I can use to get those AT&T e-mails forwarded to me at my new address? Thanks.
Brian Krebs: Yup. There are plenty of e-mail forwarding services, most a free for a short period and then after that operate on a subscription basis. Fanmail is a free e-mail forwarding service that should work for what you want, if I understood your question correctly.
Chantilly, Va.: Brian,
When you go online and enter your personal information such as name, address etc.,does the computer store this information somewhre ?
The reason I ask is when I went to another site to enter my info, some of it was already there.
How can I remove that data ?
Brian Krebs: Ah yes. Thank you for reminding me about the subject of a blog post I meant to write. The feature you're talking about is built into Internet Explorer, and it's called "autocomplete." You can -- and in my opinion -- should disable it in the Options page of IE (in IE7, go to Options, then "Content" tab and you should see the autocomplete options button).
I'll have to poke around a bit, but I'm sure somebody's already figured out and posted a way for malicious sites to steal whatever data is stored in your autocomplete cache. I mean, until recently a "feature" of IE allowed any Web site to steal any data stored in your Windows clipboard.
Annandale, Va.: Do you have an opinion about some of the free products mentioned in the comments section of your blog such as SnoopFree and Threatfire? I run my XP laptop using AntiVir, ZoneAlarm, and AdAware on a limited user account and have not had any problems. But their claims that they don't just look for scripts, but rather behaviors, seems appealing. But I am skeptical.
Brian Krebs: I've written about SnoopFree and recommended it on several occasions. I havent' used Threatfire, so can't vouch for its worth or performance. But SnoopFree is free, and adds a nice layer of protection. I will say however that its alerts can be very scary, and sometimes unexpected. For example, one time recently I was updating QuickTime I think and for some reason the updater wanted to hook the keyboard, and I nearly jump out of my chair when the dang alert box popped up. It still isn't clear to me why QuickTime wanted to hook the keyboard (I disallowed it, to no apparent ill-effect on the update).
In this case I wasn't terribly concerned because the alert popped up right after an action I'd initiated. But I mention the experience to let you know that while SnoopFree is great at detecting anything that tries to snoop on your keystrokes, its false positives can be unsettling.
Arlington, Va.: What would you suggest doing about the Show Passwords option in Firefox? I just realized that even on my limited user account, someone could launch Firefox, go to Tools, Options, Security and click on Show Passwords to see my login name and password, and some of them are for banking sites. What can one do to protect themselves from this? Thanks.
Brian Krebs: Yes, as I've recommended before, you should set a master password in Firefox, which will prevent anyone else who uses that computer from viewing your stored passwords. For the record, I don't recommend storing senitive passwords in Firefox or IE. If you must store passwords for financial sites, paypal, ebay, and the like, you should consider storing them in a program that offers strong encryption.
See Safeguarding Your Passwords for some recommendations here.
Maybe I'm obsessed with security, but my I have my wireless router set to WPA with MAC authentication, and I also set it to stealth mode so that others do not detect it. And the router's password is 40+ digits long with letters, numbers, and symbols. And I've got Norton Internet Security 2008 installed. I still cannot bring myself to set the permissions on my desktop to allow me to share files from my laptop on the same network. Am I being crazy? If someone broke into the network through all that security, would enabling file-sharing add appreciably to the risk? Your thoughts would be welcome!
Brian Krebs: Every time you add features to a system, you necessarily expose more potential ways to break into it. Adding filesharing to a windows network is certainly opening up a broad new avenue of exploration, should an attacker manage to break in to your network.
That said, your setup seems to be very secure (as far as wireless goes). If you decide to enable file sharing, I'd advise you to only share specifc folders, and not to enable sharing on the entire hard drive. You can also specify which users or systems on the network should be allowed to access a given folder.
I'd also advise anyone who wants to enable filesharing in windows to understand the limitations of doing so. Simple filesharing is enabled by default and cannot be disabled in Windows XP Home. Under simpe filesharing, any files marked for sharing will be available to anyone on the local network (well, provided the machines share the same workgroup name).
The feature you're talking about is built into Internet Explorer, and it's called "autocomplete": Brian, I use Opera 95 percent of the time, IE the rest. Would this also apply to Opera, or just IE? BTW, I'm using IE 6.0.
Brian Krebs: No, IE's settings should not impact Opera, however having auto-complete turned on in IE6 may impact other installed applications, as it seems like people are always discovering new and wonderful ways in which IE is stitched into the fabric of Windows. Just turn it off. And stay away from IE6 already.
Fairfax, Va.: I have a MacBook and temporarily don't have Internet access at home. How dangerous is it to access secure sites like bank accounts or Web merchants from public wi-fi at coffee shops, libraries, etc.? Are there specific things I can do to reduce my risks?
Brian Krebs: I get this question from someone I know almost once a week (minus the macbook part, usually). The thing you must understand is that if you do not control the network, there is always a greater-than-average level of risk for accessing sensitive sites. Now, if you are accessing the site over an https://link, the traffic (and any passwords sent) would appear to be gibberish to anyone intercepting the traffic on the network.
However, an attacker on the local network could very easily hijack your internet connection and redirect any requests to a site of their choice. Alternatively, they could present you with a fake SSL certificate to intercept your encrypted traffic, but then you would see a notice warning you about a site/encryption certificate mismatch. If you EVER see one of these warnings while on a public/wireless network, do not proceed, as there's a good chance someone has compromised the network.
Long answer short: I personally never use public wireless networks to access sensitive information, but then again I'm about as paranoid as they come. Use your head and observe some of these simple precautions when surfing public networks and you should be fine.
Columbia, Md.: I teach students to have an Internet Security Suite on their computers, and constantly update the anti-virus definitions, the anti-spyware definitions, and the patches. But I don't do it myself as often as I should. I use live update with McAfee, but I don't like using live update with Microsoft. I'm not using a separate spyware program.
I also have used your advice to setup separate user accounts, and don't use the administrator account.
How vulnerable am I? How much maintenance is necessary? If I'm struggling to keep up with security maintenance, I doubt most of the students are.
Brian Krebs: I congratulate you on running Windows under a limited user account, but that doesn't mean you can quit applying patches. You need to stay up to date with patches that Microsoft releases for Windows and Windows components.
Also, you need to stay up to date on patches for third-party apps. I know it's a pain. If you're feeling overwhelmed, my suggestion is to set a schedule for maintenance. One a month, make it a point to run the free Software Inspector program from Secunia to see if any of your installed apps need updates, and then update them.
In the end, patching is like anything else: If you ignore it, it only piles up and creates more work. Plus, you're leaving dangerous holes into your system open.
Wireless Card Connection Problem: Inspiron 1525 Laptop with Wireless 1395 802.11g Mini Card.
Sometimes when I turn on my computer, I don't get an internet connection. I can fix it by disconnecting and reconnecting, but that's annoying.
Any thoughts as to why I can't always get an immediate connection?
Brian Krebs: I don't know for sure, but I suspect your situation is the result of a conflict betewen the wireless configuration utility that shipped with the wireless card and the built-in utility that ships with Windows.
Use one or the other, but not both. I'd recommend using the built-in wireless configuration utility (it's called the "wireless zero configuration" in Windows Services and it's on by default in Windows laptops) and disabling the one installed by the card.
RE: SnoopFree: Thanks for your answer to my SnoopFree question. As a follow-up, would you recommend using it in addition to the other programs I am running (Avira, ZoneAlarm, AdAware) or is that just overkill?
Brian Krebs: Nope. Not overkill at all. And it uses hardly any resources. Anyway, give it a try. Don't cost nothin.
Austin, Tex.: I recently installed Panda Internet Security 2008 on a new desktop. Since then, the computer occasionally fails to boot, and Outlook occasionally hangs.
I'm not looking for a diagnosis, of course, or for specific details about this anti-virus package. But more generally, do anti-virus programs often cause these kinds of problems? If so, any idea what to do about it?
Brian Krebs: Let me see...well, preventing Windows from booting is one way of keeping it from being hacked, I suppose. Otherwise, it's not terribly useful if you can't use Windows, is it?
I've never been impressed with Panda's offerings. Plus, they have an absolutely horrid track record with spamming people. Sign up for one of their free online virus scans if you want to see what I mean (for the love of Pete, don't do it with an e-mail address you value). You'll get no fewer than 10-15 emails a week hawking their stuff.
Obviously, anti-virus software shouldn't render your machine useless. It should do its job quietly, unobtrusively, and without demanding too many resources. My experience with NOD32 is that it excels in all three of these categories, and I would recommend it without reservation to anyone running a Windows system. But don't take my word for it: The program appeared to score among the highest in every category under testing from AVtest.org.
Brian Krebs: That's all I have time for today, folks. Thanks for stopping by, and please join us again in two weeks for another Security Fix Live (and I apologize for missing last week's: We decided Good Friday would probably not be the best time to hold a chat). Until next time, please drop by the Security Fix Blog regularly to stay on top of the latest security news.
Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.