Security Fix Live

Brian Krebs
Security Fix Blogger
Friday, October 24, 2008; 11:00 AM

Security Fix blogger Brian Krebs was online Friday, Oct. 24, at 11 a.m. ET to answer your questions about the latest computer security threats and offer ways to protect your personal information.

The transcript follows.


Brian Krebs: Greetings, dear Security Fix readers, and Happy Friday! I'm overdue to get started so I'll keep this short. Please be as specific as possible about your computer/network setup and installed security software. With that, onwards!


Manassas, Va.: Brian,

Microsoft just sent a security fix this morning. This was not done at the normal monthly time that Microsoft sends security fixes like they just recently did. Therefore this must be an important fix. The fix apparently prevents someone from remotely taking over your PC. Do you know anything else about it? Thanks!

Brian Krebs: Hi Manassas. I wrote about this extensively in a blog post yesterday.

Microsoft to Issue Emergency Security Update Today.

It is a very important update to fix an extremely dangerous flaw in the operating system. You should install it as soon as possible, and then reboot. Already there are exploits and malware taking advantage of this flaw.


Ruidoso, N.M.: Can someone restore deleted files from a USB flash drive? If I had sensitive data, say a list of past words, on a flash drive, deleted that data, and then lost or had the flash drive stolen could that data be restored?

Brian Krebs: Most times when you delete files from your hard disk or any digital storage media really, the data is not wiped entirely -- it's more akin to trashing the table of contents. I don't know for sure if USB drives would be any different than hard drives, but I suspect not. That would ean that if someone wants to recover deleted data, it may still be possible if you did a quick-erase or simple delete.

At any rate, if you're truly concerned about it (assuming the USB drive you're asking about is still in your possession), why not just download a free tool like Eraser, and have it write over the USB drive several times in a row? That should ensure that the data is irretrievable. It's a very simple tool to use.


Cody, Wyo.: Hi Brian,

I have a new Dell Vostro 1500 laptop with Windows XP Home. I use BitDefender 2009 as my antivirus program. Until recently, I've been very satisfied with BitDefender.

However, the past several weeks BitDefender has found several email viruses that apparently sneaked by it, and which it discovered after they were on my computer. It said it deleted the viruses after discovering them, and I've had no obvious problems with the computer since then.

Since that happened I've started doing daily antivirus scans, and BitDefender has found no further viruses after deleting the ones that got past it.

I realize no antivirus program is perfect, but I guess my question is this:

If the viruses were deleted "after the fact," so to speak, is my computer okay now? Especially since BitDefender has found no further problems.

Their technical support people just ignored my question when I emailed them.

Thanks for all your great articles and discussions!


Brian Krebs: This is actually a question I get a lot. Probably the biggest vector for viruses and worms is e-mail. The malware usually comes as an attachment. But as long as you're not opening these attachments, you're not going to infect your machine just because a virus-laden attachment in an e-mail shows up in your inbox.

Anyway, if you didn't open the malicious e-mail attachment, you should be fine. Your anti-virus software is merely telling you that it deleted a few e-mails that contained nasty attachments. As to why they slipped by the program in the first place, I can't tell you. Perhaps the antivirus software lacked the latest definitions to detect it as malicious, and only did so after you'd already received the email.

That's why it's so critical to practice one of the key golden rules of PC safety: do NOT open email attachments that you were not expecting, even if they appear to come from someone you know. If it is from someone you know, drop them a reply and ask if they really meant to send it and what's in the file. If you get a reply that it was intentional, scan the attachment before opening.

Remember: the bad guys are locked in a constant arms race with the anti-virus companies, and each is trying to one-up the other. So far, the bad guys have the lead -- particularly with respect to staying one or two steps ahead of the AV companies. That's why you cannot depend on your antivirus program to save you. Street smarts and some common sense go a long way.


Kingstowne, Va.: I use the NoScript addon to Firefox, but end up spending too much time trying to determine which sites' scripts I should accept. All I seem to have to go on is the domain. This discussion page itself contains 7 different domains I have to choose to allow or disallow scripts to run.

Is there a way to tell which domains to trust without actually visiting those domains to see if I should trust them or not? (I currently only allow 4 of the 7 at this point as the page seems to work fine with just them.)


Brian Krebs: Have you considered the AdBlock Plus add-on? After you install it, it lets you choose from a pre-selected list of sites to block from loading automatically. And you can add certain sites as well (e.g., ad networks that do the majority of the prompting and Javascript stuff). It's extremely configurable, and I think if you spent a few minutes understanding how it works, that it would address the issue you're asking about.


State of Dyspepsia: I have recovered files intact from camera memory cards, using freeware recovery tools. I'm sure it would apply to Flash drives as well.

Brian Krebs: There you go. So Ruidoso, N.M., go get yourself a free copy of eraser and rest easy.


Tacoma, Wash.: Hi Brian,

Do you have any recommendations about a good encryption program? I'm looking for something that would encrypt the data on my laptop and also have the ability to encrypt some emails. Are there any products out there that you would recommend that would do both?

Also, how easy/difficult would it be for the email recipient to decrypt the file I send to them? Would they also have to pay for the encryption program, or would there be a free tool that they would be able to use to unencrypt the email?

Thank you much!


Brian Krebs: Hello. Good on ya for tackling encryption. There are several free options. TrueCrypt is a free disk volume encryption tool that works quite well and is very powerful. It has a slight learning curve, so I'd advise you to read through some of the how-tos on their site and understand the importance of the master password *before* you encrypt the contents of your hard disk. If you forget that master password, you're out of luck. And do not neglect to make a TrueCrypt rescue disk.

Email encryption isn't hard, but it too takes a bit of patience and understanding of the steps you need to take before setting it up. Mozilla's Thunderbird e-mail client comes with support for encrypted mail built-in. You will need to install Enigmail and GnuPG as well to get this working. Lifehacker has a fantastic tutorial on how to get this set up. And yes, whoever you are sending encrypted emails will need to have some sort of encryption program installed as well in order to grab your public key and decrypt any messages you send them.

If you're looking for solution that does e-mail and disk encryption in a neat little package, PGP Desktop is a nice choice, if a tad expensive.


State of Dyspepsia: Seems to be a quiet day, so here's another:

Rob P at Faster Forward seems not to be fond of 64 bit Windows. What are your thoughts on this OS for home use?

I have my mom set up on it, and it's great, so far, but she doesn't have any old legacy apps or games, either. What real world problems could one expect running x64?

Brian Krebs: I have a Windows Vista Premium machine at home and have resisted using the Ultimate Upgrade to the 64-bit version, even though my machine's 4 Gigs of RAM aren't completely used or recognized by the 32-bit version of Vista I'm using now. I, too, have held off upgrading mainly for backward compatibility reasons. I suppose I will change at some poitn when I have need to install more RAM, but for now there are too many older programs that I want to use that simply won't run on a 64-bit OS. The problem is, it's not always easy to tell before the fact whether an older program will or won't work on 64-bit. It's that uncertainty that has kept me from upgrading. But I will, probably soon, and when I do you'll likely hear about my trials and errors in a blog post.


El Paso, Tex.: I use Windows XP Home edition, service pack 2 (have not yet installed 3), Webroot anti-virus and firewall (with updates) and Mozilla Firefox with no-script add-on (with updates). DSL connection. A stand-alone PC, no network.

When I switch between administrator user -- which I have to use for some of my software -- and limited user, I get a warning message that my anti-virus and firewall can only operate for one user at a time. So, I am logging off, and unplugging my DSL connection while I do so. Consequently, I don't use limited user as much as I'd like.

If both my admin and limited user accounts are logged on, are the contents of my hardware protected by anti-virus/firewall, although the anti-virus/firewall states it only works for one "user" at a time?

Thanks for your blog and chats.

Brian Krebs: Welcome back, El Paso. Regarding Webroot, I thought that they had fixed this problem a while back by allowing the software to run as a Windows service, and thus letting it run in the background without problems regardless of the user account you were logged in user. Are you perhaps running a licensed but older version of the software? My first piece of advice would be to check the program's interface to see if there is a new version of the program available that you can update to. Perhaps it has addressed the issue.

I just did a quick search of the help forum at Webroot, and found this answer, which seems to indicate that the software should run fine regardless of which account you are using. However, I could find nothing in that document or anywhere else that describes the exact problem you're seeing, which has to do with being logged in to two accounts at one time, obviously.

For my part, I wouldn't tolerate that kind of behavior or warning from my antivirus software (NOD32). There are just too many other decent choices out there (some of them even free). I'm currently trialing the latest version of Norton Internet Security (2009) and am pleasantly surprised they appear to have completely nixed the performance issues that dogged its previous versions. Used to be all I got was complaints in this chat from people frustrated with Norton's slowness and other performance issues. Seems like Norton has been replaced by Webroot on that front lately.


Bethesda, Md.: Brian,

In a chat a while ago, I seem to think I heard you say to run as fast as possible away from Webroot. Do I remember correctly?

I ask because I have Webroot Antispyware and Antivirus, and for the most part it's worked well for me, but once I downloaded Norton Antivirus 2009 onto my machine, the two programs basically caused my XP to crash several times a day. I can't figure out if this is caused by Webroot or Norton (though I'm betting Norton, because Webroot used to be compatible with earlier versions of Norton Antivirus).


Brian Krebs: Ugh. Okay: Setting aside the question of which program you should uninstall for the moment, having two anti-virus programs actively running on your system at the same time is PURE INSANITY. Crazy. Loco. Not a good idea. At all.

The reason is that anti-virus software is designed to work at very low and fundamental levels of the operating system and to look for other things trying to do suspicious stuff at that level as well. So you can imagine what happens when two of these programs are installed on one machine: each views the other as a threat and consequently tries to monkey with the other's operations, and pretty soon your machine becomes unusable as the two programs begin to duke it out. That's a recipe for instability and serious system problems -- if not dreaded blue screens of death (and it sounds like you've experienced that firsthand several times now).

Pick one of the programs, and remove the other. If it were me, I'd probably uninstall Webroot and keep NAV2009. Either way, you should notice the stability programs going away once you nix one of the programs.

Good luck.


64-bits: What do you need 64 bits per data point for? Maybe if you were editing graphics and needed more colors, but I can't think of any other benefit.

Brian Krebs: One big reason is memory recognition. As I alluded to in my response, 32-bit operating systems do not recognize all of the memory being loaded into today's faster systems. At best, 32-bit machines will be able to realize about 3.5 Gigs of memory, and probably not that much in most cases.

A lot of people who buy shiny new computers are learning this the hard way. While so many of these new computers come with 4 gigs of RAM, unless the operating system is a 64-bit OS, those new machines aren't going to be able to use all of those resources.

So, e.g., while the motherboard on my new Vista PC can take up to a whopping 16GB of RAM, as long as I'm using a 32-bit version of Vista, it's not even going to recognize and use the full 4 Gigs I already have installed.



Arlington, Va.:"Microsoft just sent a security fix this morning. ..."

I checked both my Vista and XP (Home) machines this morning, the automatic updates did not direct me to install this fix. What gives?

Brian Krebs: Patience, grasshopper. I'm sure Microsoft is just throttling some of the downloads due to demand. Check again later today. Or try enabling Automatic Updates and see if it detects anything.


Washington, D.C.: Hi,

Today I received an invoice from a magazine which I had not ordered. I called customer service, which first suggested that I intentionally or accidentally subscribed online, which I denied. Then CS told me that someone had ordered it online using an email address (not mine) that had my name.

The magazine did cancel "my" subscription and said I'd be removed from its mailing list, but I'm not sure if there's anything else I can or should do.

BTW, I searched online for the email address, but came up with nothing. (I did not write to it, as that did not seem to be a good idea.) Also BTW, I doubt whoever did it knows me, as I don't use my full name.

I check my statements for unauthorized charges (there was one about 10 years ago), but what else would you suggest I do?

Brian Krebs: You could do worse than to order a copy of your credit report (you are entitled to a free report each year from each of the three major credit bureaus, so don't be tricked into purchasing a copy of your report; you can get your free report from

But I'm not sure I'd be too worried if you see nothing amiss on your report, and especially if your credit or bank account was never charged for the subscription. If someone can subscribe you to a magazine just by entering your e-mail address, chances are decent that it was an honest mistake, or an overzealous salesperson. I wouldn't sweat it too much.


Hartford, Conn.: What's up with the latest Java update with "JavaFX" ? Is it just more junk?

Brian Krebs: I'm tackling the Java update in a blog post later today. Stay tuned. Thanks for your question.


Norton Internet Security (2009): Brian,

Do you still have to buy a license for each computer that you own? That, and the perpetual nag screens when it's about to run out is why I've gotten away from the Nortons and the McAfees of the world.

Brian Krebs: I believe Norton and most of the antivirus/security suite vendors now offer multi-user licenses for a little less than double the cost of a single license. E.g., you can buy NIS2009 for a 5-seat license for about $100. They may offer a 3-seat license for home use also, but don't quote me on that.


Melbourne, Australia: Wondering what is your opinion of Firefox's Stealther add-on? Frankly, I'm not overly bothered about someone seeing what websites I've visited so I haven't installed it in my XP. But do you think there is some other legitimate security reason for having Stealther? I read the Browser Privacy report mentioned in your blog. I already have a fair number of Firefox add-ons, i.e.: Adblock Plus, IE View, Gmail Notifier, Scrapbook, Dictionary Lookup. Useful add-ons are one of FF's attractions, but I don't want to gratuitously install them willy-nilly. Thanks for your view.

Brian Krebs: I receive quite a few questions about cookies and Web browser privacy, and in some ways it's difficult to explain to people why they should care about this. On the one hand, cookies and browser history may seem innocuous, esp. when compared to some of the other threats we're all having to deal with every day.

Browser history and other things that Stealther tries to shield sites from seeing can be used by malicious sites in subtle and devious ways. Most folks are unaware of just how much info your browser can give a Web site. For example, check out the test at this site to get an idea of how much data leaks out through your browser.

That said, I'm not terribly impressed with Stealther. It doesn't appear to do much more than wiping your browser history and other details using the "Clear private Data" defaults built into Firefox.


Brian Krebs: My apologies for the delay in answering questions. We've had a power outage in the building following a fire alarm, and I've lost a few questions and answers that I was working on. Will try to tackle a few more before signing off (or before my laptop battery dies).


Phila., PA: Dear Brian,

I am looking for a data back-up solution that's ultra-easy (for my parents' home pc and financial data). I know that just about every external drive (disk and flash-based) comes with back-up tools. Is there any one brand/title (or method) that stands out as "parent-proof?" I am a techie and have no problem doing the set-up work.

As an aside, I applaud your past efforts to explain the business relationships that enable the spammers, malware distributors and generally ill-meaning Internet citizens to exploit the rest of us.

This helps the greater community to understand -how- these activities come to fruition. With knowledge and understanding, the social engineering so widely used can be negated user-by-user. Every computer not under the control of bot net managers is a win in my book.

Brian Krebs: I've received a few questions very similar to this, all about backup solutions. I did a series about a year and a half ago about backup solutions, and it looks like it's time to do one again, as the market has changed quite a bit. Many of them, like Norton360 -- which backs up data regularly to an online server -- focus on being grandparent proof. I realize it's not much help to you now, but stay tuned for a primer on that soon.


Rockville, Md.: Hi Brian,

Somehow the "Purchased" folder in Itunes has disappeared, any way to get this back?

Brian Krebs: You may need to re-authorize the computer you're using. I forget which menu dropdown lets you do this in iTunes, but that may cause the purchased folder to re-appear.

Second suggestion: Go to the iTunes store, sign in with your id and password and check your purchase history. Copy it down with a cut and paste that info. Then visit this URL for some instructions on how to recover your downloaded/purchased music. Chances are very good that the songs are still on your computer somewhere, and that iTunes just lost track of them.

Good luck.

Since the person who was moderating this chat and sending questions can no longer access that page due to our ongoing power outage here, I'm going to have to sign off from this chat now.

Thanks to all who stopped by and/or participated in this chat. My apologies, again, to those who did not get their questions answered. We lost a few of them in the outage.

Please join us again in two weeks for another Security Fix Live. In the meantime, please consider making the Security Fix Blog a regular stop on your daily browsing rounds.


Editor's Note: moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. is not responsible for any content posted by third parties.

© 2008 The Washington Post Company