Security Fix Live
Friday, November 21, 2008; 11:00 AM
Security Fix blogger Brian Krebs was online Friday, Nov. 21, at 11 a.m. ET to answer your questions about the latest computer security threats and offer ways to protect your personal information.
A transcript follows..
Brian Krebs: Hello, dear Security Fix readers! Welcome to another Security Fix Live. We're just a tad light on questions at the moment, so if you have a burning security/computer question, feel free to fire away. Please remember to tell me as much as you can about your system setup, installed security software, etc. Onwards!
Janesville, Wisc.: AOL just notified me they are cutting out their security system and want me to sign up for McAfee program. That takes 8 hours, 45 min. to download, and is only for 1 computer. For my laptop I will have to repeat the download, and pay for a second subscription. Are there good systems available on disk that I can apply to both PC's?
Brian Krebs: I'm assuming that you're on a dial-up connection? You should be able to download any of the free anti-virus tools listed at this post from last month and copy them onto a disc and then use them to install the software on another PC.
Independence, Ohio: When something is running in the background on your computer, how can you identify it?
Brian Krebs: The built-in Windows Task Manager (Ctrl+Alt+Del, or start, run, type taskmgr) was designed for this task, but sadly it's quite deficient, in that it doesn't tell you much about which program owns which process.
Process Explorer is a better, free tool that tries to match process names to program names. It also has a crazy number of other powerful features. Check it out at this link here. Good luck.
Barberton, Ohio: Brian, thanks for these chats, you have supplied so much valuable information!
My question is... I have a laptop that I want to sell and need to wipe the hard drive before I reinstall the operating system. What do you recommend?
Brian Krebs: Sure. There are plenty of tools. I've used the free D-BAN before and found it to be simple and effective. You create a boot-up disc with the program, and then boot your computer or laptop using the DBAN disk. Of course, purists will tell you that no hard drive is completely secure from being read until it is smashed into pieces or drilled through with a drill. While this will certainly do the trick, it's a tad dangerous and in my view overkill.
When you run DBAN, just make sure you tell it to write several times over the data on the disk, and you can be relatively the data will be gone.
Alexandria, Va.: I don't buy John Bambenek's excuse for McColo:
"The upstream providers may claim they didn't know, but that's about as convincing as a motel operator who is renting rooms by the hour and hearing the exploits from the hallway and being shocked when the police show up to bust the prostitution ring,"
Sure, McColo can claim ignorance on the first bust, so do the first bust and get it over with. Collar them on the second bust!
Brian Krebs: I don't believe Bambenek was talking about McColo. He was talking about McColo's Internet providers, Hurricane Electric and Global Crossing.
Cameron, N.C.: Right click on the task bar will produce a dialog box which include a link to task mgr.
Brian Krebs: More advice for the person looking for Task Manager
New York, N.Y.: Hi Brian,
I stupidly ran an exe on Vista that had a DNS Hijacker (ad-aware calls it 85.255.something) and I can't seem to get rid of it. I freaked out and bought Norton Anti-Virus which was probably the last thing I should have done. Ad-aware claims to get rid of it but upon rescan it finds the exact same elements again. The virus/adware/malware seems to prevent programs like Norton/Windows Defender/Adaware from connecting to their update servers as well.
My questions: should I be concerned about data privacy? And how do I get rid of this thing?
Brian Krebs: Yikes. Having malware that changes your DNS settings is bad bad bad, and yes, you should be very concerned. What I always find frightening is how many people when they suspect an invader or spyware on their machine immediately go to some commercial anti-virus site and provide their credit card. Shall I assume that you had no anti-virus protection to speak of before this incident?
The probelm is, as
, some types of DNS hijacking malware also changes the DNS settings in your wired or wireless router, assuming you haven't changed the default username/password or are using one that is easily guessed.
I've had success removing this class of malware with Malwarebytes' Anti-Malware, avaialble at
. This forum over at HiJackThis has a post down at the end of
that should walk you through the steps of using that.
When you're done, you may also want to check your router's DNS settings to be sure those weren't also changed.
If you manage to remove the hijacker, update all security software you have installed and run separate system scans with those.
Best of luck.
Brian Krebs: My apologies to the person asking about hard-drive wiping utilities. I neglected to include a link where one can download D-BAN. It is here.
Alexandria, Va.: The mention of AOL dropping the security software they provide matches an email I got yesterday from Verizon. They also will be dropping the software they provide in early December. While they didn't recommend a specific brand, they suggested getting something else quickly.
Brian Krebs: Yes, it sounds a bit rude and irresponsible, but then again AOL is not alone. Very few ISPs are continuing these freebies for much longer. They will tell you it's because only a tiny fraction of their users actually use the licenses they provide, which cost the ISPs money regardless. Not defending AOL here, just trying to give some context.
Chantilly, Va: Brian,
I've been reading the reviews for my Linksys WRT150N wireless router and most of them are saying that it doesn't work very well until you upgrade the firmware with DD-WRT. I went to that site, but can't find the version specific to my wireless router. Any ideas?
Brian Krebs: Hi. This site appears to have step by step instructions on where to get the firmware and how to get your router in shape to accommodate DD-WRT.
Washington, DC: Everyone who sends me a bill or statement wants to do so online now -- it makes sense financially, ecologically, and greatly reduces that depressing monthly pile of paper. Would you consider it safe to do so for bank or investment accounts? Would you do it if you stored your email at yahoo or gmail?
p.s. Congrats on your efforts in calling attention to spam networks and the resulting action.
washingtonpost.com: Host of Internet Spam Groups Is Cut Off (Nov. 12)
Brian Krebs: Thanks for the kind words.
Question for you: Do you feel comfortable banking online and managing your investment accounts from your home computer? If so, would you consider it any more dangerous to get your statements online also?
Arlington, Va.: Re: Mac security...
What do you advise/recommend as the minimum setup for Mac security?
I am a Windows PC guy so have the full armada going, but I set up my parents' new iMac last weekend and it confirmed my strong desire to go Mac when my current PC dies.
I have a LOT of sensitive financial data etc., and use Quicken Billpay, online financial downloads from mutual funds etc.
Given that (or even in my parents' simpler setup), what do you recommend? I'm assuming that part of the beauty of the Mac is somewhat getting freed up from the constant need to run spyware (currently AdAware and Spybot on my PC), antivirus (eSet NOD 32 now), WinPatrol type of programs, etc.
Brian Krebs: Enable the built-in Firewall, install updates from Apple as soon as they become available. Use anti-virus if you want, but probably not necessary (free ClamXav here). Also, make sure you update third party software like Adobe reader, Flash, etc. as soon as updates for those are avaiable.
Finally, but most importantly, be very judicious about the software you install. Understand where it is coming from. If you are asked for your password on a Mac, it is usually because the system is being asked to make an important change or install a program. If you didn't initiate an install process or seek to change a key setting, this should be a red flag.
Arlington, Va.: The Navy just banned the use of thumb drives and camera memory cards on its networks. What makes these any more vulnerable to carrying a virus than files on a CD or an old fashioned floppy disk?
Brian Krebs: You may be thinking about this from the wrong direction. Flash drives and camera memory cards can just as easily be used to cart off data as they can bring unwanted stuff into/onto the network. I suspect they are just as if not more concerned with sensitive/secret data being copied to these devices and slipping out the door in someone's pocket or via the mail.
Chantilly, Va: Brian,
Thanks for the link to the DD-WRT install page. It's very detailed and has the whole operation down step by step.
This must be the reason I'm always online for your chats. Keep up the great work.
Brian Krebs: Sure, happy to help, Chantilly.
State of Dyspepsia: Brian, is there a branch of Gov that has or should have any responsibility for the type of internet malfeasance your investigations have recently uncovered? Should there be a Federal tech czar, and would that person have any impact on consumer technology?
Brian Krebs: A number of branches of government have authority/responsibility in this area, from the FBI, Secret Service, US Postal Service and Customs, to name a few. Spam is a global nuisance that costs companies billions of dollars each year, and it is a major vector for financial scams and other activities that funnel cash out of Americans' pockets and into countries that for the most part do not have our best interests at the forefront of their agendas.
It's not really my place to make that call about a Federal Tech czar, but we are hearing lots of talk that the Obama administration is poised to take a much more public and visible approach to cyber security issues and clarifying the govt's role here.
Brian Krebs: That's all I have time for today, people. Thanks to everyone who stopped by or contributed in some way. Please join us again in a couple of weeks, and in the meantime have a great Holiday week (if you're a US reader), and don't forget to make it a habit of stopping by the Security Fix blog. Be safe out there!
Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.