Security Fix Live

Brian Krebs
Security Fix Blogger
Friday, March 13, 2009; 11:00 AM

Security Fix blogger Brian Krebs was online Friday, March 13, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

The transcript follows.


Brian Krebs: Greetings, everyone, and thanks for joining us for another Security Fix Live! I'm poised to jump right into those that have piled up already, but as always just a reminder to be as specific in your question as you can about your computer/network setup, and try to let me know what operating system version, browser, security software, etc. you are using. If it's a hardware-related question, please give me some idea of what model you're using. Thanks, and with that....ONWARDS!


Tucson, Ariz.: I would like to follow your advice and set up and use a non-administrator account in Windows XP. But, I don't want to lose my favorites. How can I copy them to a new account?

Brian Krebs: My advice on running Windows under a limited user account is here. This is more for XP users; Windows Vista tries to enforce this through User Account Control, which warns you when you or some other program tries to make system-wide changes. In some cases, UAC may request you enter your password.

To your question, you can most certainly copy your favorites/bookmarks. I'm going to assume since you said "favorites" that you're using Internet Explorer as your default browser (Firefox calls them "bookmarks"). In IE7, next to the "Favorites Center", click the star with the green plus sign over it, and then select Import/Export. Then select Export Favorites. Save the file to somewhere that's accessible to multiple user accounts, such as the "Shared Documents" folder in Windows. You should then be able to use the same process in the new limited user account to import those favorites into IE.


Pasadena, Calif.: My headset jack malfunctioned right after installing what was called a critical update for the Realtek speakers/sound board function sent to me by the automatic software finding setting for my HP Pavillion. The automatic find new software setting was on my laptop when I received it from the manufacturer less than a year ago so technical support for HP informed me to NOT use the automatic find program for any new software including Microsoft so we disabled it. He advised me to manually periodically checkout available software updates for individual components and programs. Is this advisable?

Brian Krebs: It's not clear to me from your question whether you're saying you have some software update program from HP running, with Microsoft Update turned off, or vice versa. At any rate, if the advice as you understood it was to turn Microsoft's automatic updates off and leave the HP software update program on, I'd say the tech gave you a bum steer.

I would actually disable the HP software update feature. Reason being, Microsoft's Windows Update will notify you of optional updates for third-party drivers and programs, but it will never force them on you. What tips me off that you may have been advised to leave HP's updater on and Microsoft's off is that Microsoft almost never ships third-party driver/hardware updates as "critical." It almost always treats them as optional.

Furthermore, if you do chose to install optional hardware updates, Microsoft will try to create a system restore point before doing so (assuming you haven't affirmatively turned off System Restore), so that if things go south you can always restore the system file settings to the way they were before you installed the hardware update that caused your speakers to stop working.

You might still be able to revert to a restore point prior to the day when you installed the hardware update. Check out the restore point dates available to you in System Restore (Start, Programs, Accessories, System Tools).

As per Windows update or Automatic Updates, I always advise people to turn on automatic updates but set it so that it asks your permission before downloading and/or installing any updates. When prompted to install updates, choose "custom" and make sure only security-related updates are checked.


Monroe, La.: Does deleting search history really clear out all your search history, or do you need to go in and clean out any other temporary files?

Brian Krebs: I assume you're talking about a Web browser, and I will further assume you are talking about Internet Explorer? Those assumptions made, deleting the browsing history usually removes the temporary files put there by the browser, but erasing those items may not delete data created by other programs that may have interacted with the browser, such as media players and their history. Also, many other programs store data in the Windows "temp" directory.

The free "CCcleaner" program does a pretty solid job cleaning up temporary files on your system. It's available here.


pdfs: Have the potential security issues with pdf files been plugged?

Brian Krebs: Yes, at least for Windows and Mac users. I blogged about this earlier this week:

Adobe, Foxit Ship PDF Reader Updates


Albuquerque, N.M.: AVG Free 8.0 tells me it has "sent to vault", Trojan Horse 12.NUE, Downloader.Agent2.P and 18 cookies, some that worry me are Zedo,Yeildmanager, 2o7, and Adengage.

First, I cannot find out anything about Trojan Horse 12.NUE. My friend who cleaned up my computer in January couldn't remove this one and it is still in a separate "old documents" file off-line. How dangerous is it?

What about Downloader.Agent2.P?

What about the cookies - are they dangerous. I want to "opt-out" them, but don't know how. I've only been an internet user for less than a year.


Brian Krebs: First off, just because you have a "downloader" trojan or "agent" on your system doesn't automatically mean your system is infected. These are generally used to try to download additional components of malicious software to your system. Often times, an antivirus program will block a dropper or trojan from downloading secondary components, but of course sometimes your AV program may fail to do that.

You can and should empty the virus vault. That will banish the things from your system (hopefully). Those items you mention are all browser hijacker and adware type pests, and the fact that you have them on your system is a strong indicator to me that you're using Internet Explorer as your default browser.

You said you were a novice Internet user, so let me give you one piece of advice that will make your life a lot safer: ditch Internet Explorer today, and download, install and use another browser, like Firefox or Opera. Simply put, most attacks are geared toward novice users, and more specifically toward IE users.

Second of all, but just as important; consider running Firefox under a "drop my rights" approach. This basically forces the browser to run under a mode where it has far fewer privileges to do stuff on your system that could cause problems, such as installing malicious software or changing key system settings. Check out my how-to article on drop my rights at this link here. Follow those instructions and you will be far, far safer online.

Cookies in the grand scheme of things are not much of a threat at all. Their main function is to store information about your browsing. They are planted by various Web sites (almost all Web sites use them), and are used to store certain settings, such as when you last visited, your preferences on that site, etc). Cookies can't take over your machine or change critical settings. You can manage cookies in the "options" panel of any browser, but bear in mind that if you block cookies outright, you will find Internet browsing to be an annoying and disruptive experience. Many sites simply dont' work properly unless you allow a cookie.


chicago, il: Hi Brian,

These chats are great and your blog is very helpful.

Just starting yesterday, I've had a problem with Mozilla Firefox. I get the following error messages when I open it:

"Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features." and

"An error occurred during a connection to

Can't connect securely because the SSL protocol has been disabled.

(Error code: ssl_error_ssl_disabled)"

I chatted with Firefox volunteer tech support and tried the suggested solutions but nothing clears the problem, eg. reinstall, check hard drive, check read-only file,firewalls, etc. I cannot log in to any secure site. Any ideas?

I am running Vista 64-bit, have Webroot Anti spyware, and Avira AntiVir Personal Free. The problem occurs whether I am hooked up wired or wireless on my Linksys WRT54GL router. I'm wondering if the recent Windows update had anything to do with it. Maybe there is a clash somewhere. It does not happen with IE.

Thanks for taking my question.

Brian Krebs: There could be any number of things that have gone wrong. If you haven't already done so I would suggest trying the different suggestions at this Mozilla support forum link here. The two fixes that look the most promising are removing the "cert8.db file" from the relevant directory and if that doesn't work, rebuild your Firefox profile.


SD, Virginia: What is the ideal setup/way to surf on the web anonymously in your opinion?


Brian Krebs: The Tor Browser Bundle. Read about and download it here.


Washington, D.C.: Brian, I have been submitting questions to several chats recently (that never seem to make it on!) explaining the difference between real reporting and some of the drivel I see written. I use you (and Dana Priest and Ellen Nakashima) as examples of real, honest, hard-working reporters that do more than transcribing press releases.

I just wanted to let you know personally that your nose-to-the-grindstone ethic is as fantastic as it is rare. You consistently report real and original security stories, and deserve any and all accolades that come your way.


Brian Krebs: Thanks, Washington, for that wonderful compliment. I can't imagine I would have overlooked or ignored such a comment before! I'm pleased that you enjoy my work and find it useful.


Deltona, Fla.: Should one get some sort of security suite (firewall, antivirus) for mobile devices? Are there any good ones on the market?

Brian Krebs: Meh. There certainly are security suites for mobile devices, but I'm not aware of any active threats against mobile devices that would justify recommending that people go out and buy these things. I'd be more concerned about what you would do if you lost your phone. Are you storing sensitive data/stored passwords on your mobile phone? If so, have you taken advantage of the built-in protections on that device (standard pin lock/entry, etc)? Many mobile phones (blackberries/iphones) can be remotely wiped if they are configured to work with a Microsoft Exchange server. But beyond that, what would you do if you left your phone on the subway or at a movie theater?


Albuquerque, N.M.:

Sorry Brian, just read your instructions of info you need:

I use Firefox Mozella as my web browser. Was using IE when I got infected in Dec 08.

AVG Free 8.0 tells me it has "sent to vault", Trojan Horse 12.NUE, Downloader.Agent2.P and 18 cookies, some that worry me are Zedo,Yeildmanager, 2o7, and Adengage.

First, I cannot find out anything about Trojan Horse 12.NUE. My friend who cleaned up my computer in January couldn't remove this one and it is still in a separate "old documents" file off-line. How dangerous is it?

What about Downloader.Agent2.P?

What about the cookies - are they dangerous? I want to "opt-out" them, but don't know how. I've only been an internet user for less than a year.


Brian Krebs: No problem. Glad to hear you're now using Mozilla. It's not terribly important to find out all the ins and outs of what a particular piece of malware does or doesn't do. For one thing, almost all anti-virus products have shifted dramatically to generic detections, such that even if you were to find a writeup on the malware your software says it detected, it's unlikely to be very informative or instructive of what you should do about it.

The simple fact is that you don't want this software on your machine.


Manchester, Conn.: Any suggestions for security software besides McAffee? Absolutely the worst company to do business with. Can't log in to their site and can't get answers to why after paying for my subscription the app tells me I'm not covered!

Brian Krebs: If you're willing to pay for it, I'd recommend Antivir (premium/av-only or their suite), or Eset's NOD32. If you're looking for an all-in-one firewall/av suite that is low on system resources and has a decent cost-per-pc deal, Symantec's Norton Internet Security 2009 is pretty good. I know, I know, I beat up on them a lot in previous chats, but have been using this product on two systems of mine for the past few months and found it to be remarkably light on resources. It also found several serious threats that a previous install of NOD32 missed.


maun, ngamiland, botswana, africa: does a blue error screen indicate a system crash?

Brian Krebs: Usually. However, I recently saw a system infected with fake antivirus software cover the entire screen with a bogus bluescreen that complained about a crash due to a non-existent threat on the system, and then it proceeded to show a fake Windows boot-up screen, complete with the scrolling green bar on the familiar black background with the Windows name and logo. Below the scrolling bar, it said, Windows has detected that you are running an unlicensed version of Antivirus360. Pretty slick little marketing ploy, but the machine never rebooted, just looked that way.


Roswell, Ga.: Hi Brian,

Our home "network" is small and simple - A Netopia DSL modem is cabled to an Airlink wireless-N router; a no-name desktop PC is hardwired to the router through an Ethernet card and our three elderly Compaq laptops connect to the router wirelessly at 300 Mbps via Airlink PCMCIA adapters; the router's built-in firewall is fully enabled; the wireless connections are WPA encrypted; all four computers run fully-patched XP Pro (Airlink's network utilities are not installed - XP manages the wireless connections directly.), all four machines run ZoneAlarm, AVG, and Spybot S&D; and we use only "User" rights accounts when accessing the 'net.

We have used this little rig to share the single broadband connection for some time without any problems. The four machines have been used pretty much independently and both file and printer sharing are disabled on all four.

Now, however, some of us need to share both disk files and the PC's printer and so my security questions are these: Will we increase our vulnerability to external perils by creating a "work group" and enabling file and printer sharing among the four computers in our little domestic network? If so, what steps can we take to minimize any increased exposure?

Thanks for the tips, alerts, and warnings ...

Brian Krebs: I don't think it will significantly make your network any less secure to turn on networking on the internal network, provided you take some basic precautions. You didn't mention this precaution as one you have already taken, but I would make sure the machines each are protected by a secure password, and that you only share specific folders, not the entire C drive.


Easton Pa.: I can't bring windows firewall up on the screen in vista. It says associated services is not running. How do I get the firewall back? Thanks Dick.

Brian Krebs: Are you running the built-in Windows Defender, by any chance? Also, are you running any other kind of firewall, such as one that would ship with an anti-virus package or other security suite? I ask b/c those programs will usually make sure that Windows Firewall is disabled.

Try this fix:

Hit Start, then Run, and then type "cmd" without the quotes and hit Enter key.

in the box that pops up type:

netsh winsock reset

hit return.

try again.

please let me know whether that fixed the problem.


Pittsburgh, Pa.: Brian,

I'm getting the internet through my Dlink 615. My pc is hard wired, and my laptop is wireless. Since the router has a firewall built in, what IP address is seen from the outside? Each computer, or just the router?

Brian Krebs: You can tell what external IP address your ISP has assigned to you -- hence the one other web sites see -- by going to, or to


20036: Brian, I voted for your blog here:

Brian Krebs: Aww. Thanks. Unfortunately, I don't think they will count that, as I have agreed to be one of the judges for that award. Thanks all the same, though.


Ft Polk, La.: what is the difference between laser mouse and optical mouse

Brian Krebs: basic optical mouse uses a "light emitting diode" or LED -- in combo with some digital image processing technology to tell when you have moved the mouse.

a laser mouse instead uses a laser to do the same thing.

the difference you probably care about is the price and precision. laser mice are generally much more precise, but they also are generally more expensive than optical mice.

that help?


Chantilly, Va.: Brian,

Pc has W2K, laptop has XP home. Very happy with W2K which has been a rock steady platform, less trouble than the XP. Looking toward Windows 7 as my next OS on my next computer. I'm a little reluctant to load the virtual version currently available, so I'm relying on people such as yourself for your input and thoughts. From what I've read, they're making 7 more user friendly as well as more stable. Your thoughts?

Brian Krebs: In my limited testing so far (I have installed Win 7 twice so far, both on virtual machines), the main difference is that W7 is quite a bit more responsive and easier on system resources than Vista. That said, remember that this is a beta product and so is constantly changing.


Lohja-Finland: I have Real player and Wind med player whats the point of media player -adobe

Brian Krebs: It all depends on your prefernce. I, for one, would relegate Real Player to the bottom of the ocean if it were my choice, mainly because of Real's history of jacking media settings, displaying intrusive ads, tracking users, etc, and overall consuming way too many system resources.

That said, some files -- generally those ending in ".ram" can only be played through Real Player.

WMP is built into Windows. I'm not crazy about it, but it does the job pretty well. Personally, I prefer Winamp for music files, the free Media Player Classic for DVDs, and VLC for everything else.


chicago, il: Hi Brian,

It's me from Chicago again with the Firefox error problem. Thanks for your suggestion on creating a new profile. It worked!


Brian Krebs: YAY! So glad to hear back on advice I give, whether it worked or not.


Firefox browser: Brian,

I'm using Firefox to go to certain websites, instead of the dreaded IE. I've noticed it to be slow and nagging. Nagging every time I don't close it the way it wants to be closed. Slow on initial boot and accessing certain websites. I've seen Chrome, and it took me all of 2 minutes to decide that it's just a cheap Netscrape knockoff. Otherwise, my main browser of choice is Opera, which I dearly love for its simplicity and non-nagging.

Brian Krebs: Thanks for sharing. May I ask, do you have the latest version of Firefox? Sounds like 2.x behavior. Or, you have bogged the browser down with too many extension/add-ons.

As per the "nags" you mention, I rather like being asked whether I really want to close all of the tabs I have open (you can disable this setting if it's really bothering you). I tend to work with more than a dozen tabs in one window, and freak out when i lose them all at once by an errant click.


Albuquerque, NM: Dear Brian

What do you know about Trojan Horse 12.NUE?

Brian Krebs: As I said in my second response to you, no, I don't know about this particular threat. But what difference does it make? You didn't invite the thing onto your system (at least intentionally, I hope), and it's designed to do something bad to it. Just get rid of it already.


laser mouse and optical mouse: Brian,

I bought a Logitech L8 wireless laser mouse for under $40. Good size, 5 button and tilt wheel for left/right scrolling.

Brian Krebs: More mouse advice.


Sydney NSW Australia: Dear Brian, I'm worried about the Sinowal trojan when I do online banking. Does a hard drive re-format wipe off the Master Boot Record or do I need to delete the partition and the re-install? I'm using Vista with service pack2 I've Googled this query and cannot find a definitive answer, even on Microsofts' website. Kind regards Peter

Brian Krebs: If you blow away the hard drive (do a full format), that should require the MBR to be re-written. But if you want to be doubly sure, I'd do as you suggest -- since you're already there reformatting and resinstalling, and just blow away the entire partition, create a new C partition, and go from there. If you really want to do it right, create at least two partitions -- one big enough for the C drive and all the programs you want to install (100 GB is usually more than sufficient), and then create a second partition where all your data will be stored, making sure that you point "my documents/my music/" et. al. to a folder on the secondary partition. Then, use image or backup software to make a known-good copy of your C drive after you have it set up with all your programs, so that when/if things go south, you always have that original, pristine backup that you can use to write over the broken one. Of course, periodically backing up the data on the secondary drive to a removable drive is also a good idea.


LEXINGTON, MA: You're a bold boy, Brian - - - having your live show on a particularly notable Friday the THIRTEENTH!! Does this mean you're sure the Downadup et al are at bay?? I have Mac OS X G5,v. 10.4.11, downloaded the 25 Feb 2889 Adobe patch & standard palette of Norton products. How can I be fairly certain (not sure yet) that I will be able to keep this sinister worm at bay?? Besides not downloading unknown files & no random clicking. PLEASE ADVISE

Brian Krebs: Hi Lexington. You seem to be a little confused about this threat. First off, last time I checked the Conficker/Downadup worm only infected Microsoft Windows systems. Also, which Adobe patch are you referring to? Adobe didn't release the update for the security hole that hackers were exploiting recently until earlier this week (see the link/reference in my answer to one of the first questions of this chat).


Pittsburgh, Pa.: Brian,

I notice a lot of computers are offered with the Vista downgrade to XP. Is this just a way for Microsoft to inflate the Vista sales numbers?

Brian Krebs: Not sure how downgrading to XP would inflate Vista's install or sales numbers. At any rate, it's being offered because PC manufacturers have heard the cry from consumers who simply don't want Vista, and are quite happy with XP.


Alexandria, VA: Hi Brian,

Over the past week XP (SP 3) has been installing updates nearly every time I log off. How can I see what exactly is being installed at shutdown? Do other vendors' updates get installed at XP shutdown too? Thanks.

Brian Krebs: This behavior means you have XP set up to download and install updates automatically. You can change this setting by going to Start, (Settings), Control Panel, Automatic Updates. Change the default setting from "Automatic" to "Download updates for me, but let me choose when to install them." Then, when it tells you that you have updates available, click the little yellow shield in the taskbar, and select "Custom Install" in the box that pops up. That should tell you which patches are available. Uncheck any you don't want to install.


Virginia Beach, Va.: Brian

I was reading this article, CNBC Under Fire: Sticking Up for the Big Guy? on Time's web site, when I received this warning from Avira:

When accessing data from the URL, a virus or unwanted program 'HTML/Crypted.Gen' -virus] was found. Action taken: Blocked file

Avira's AntiVir WebGuard again detected it, notified me, and presented me with these options:

Move to quarantine Deny access Ignore

I "moved to quarantine" or should I have selected "Deny access?" What's the difference between the two? For example, if I deny access, does that Avira prevents the program engaging with my system altogether? If I have the option to move to quarantine, then it's definitely on my system?

Thanks for your help and your column.

Brian Krebs: If I understand what happened correctly, the browser tried to download a Web page (basically an HTML file and some associated content, such as images, etc), and Avira detected there was some malicious content on the page. It's not clear whether the content had already been downloaded, but if it were up to me, I'd have picked "deny access". If you have the option to move to quarantine, yes, that does suggest at least some troublesome component was downloaded, but it doesn't mean it was executed or run or fully downloaded.

Quarantine is basically like a jail for malware. It's included in almost all antivirus products because occasionally security software will detect good files as evil, and in those cases you don't necessarily want the antivirus product to go around obliterating system files, etc. This is more of a feature built in to systems for use in enterprise environments, where such "false positive" detections are far more common.

I agree that this is confusing, and generally sucky. However, usually it's safe to remove files from quarantine.

I hope I've helped to answer your question. You might also put the question to someone at the AntiVir forum.


Silver Spring, Md.: Hi Brian, I submitted a question earlier, but it appears to have been lost in the ether. I have a desktop PC running XP w/the latest service packs and symantec home protection with firewall, etc. Recently I purchased a new laptop with Vista Home Premium. Almost immediately upon connecting my laptop to the home network, the PC began crying about 'port scans' from my laptops IP address. Not sure what could be going on. Is Vista scanning for ports to connect to on my PC? Is it a virus?

Brian Krebs: I doubt there is anything malicious going on, but it's hard to say without more information. I would take your question to the Norton support forum. It could be a false positive, or it could be that some setting needs to be tweaked. For example, see this thread (which includes a link to said user forum).


Washington, D.C.: Hey Brian, I took Adobe off my computer (XP Professional) and installed Foxit and last night I wanted to watch a TV show on and the screen popped up that I needed to download Adobe 9. Is there a way to watch my TV shows on the computer with Foxit?

Brian Krebs: Er...Foxit is a program designed to display/manipulate portable document format (.PDF) files. It has nothing to do with movies. Ditto for Adobe Reader. You may be confusing Adobe Reader with Adobe Flash, which does in fact render movies and may be required by some multimedia sites to function correctly. Instructions for determining which Flash Player you have and for getting the most recent version are available here.


Firefox followup: Brian,

I have the latest version installed and I do not have any add-ons, at least none that I know of. Slow or not, it's still less risky than using the dreaded IE.

Brian Krebs: Ah. That stinks. Well, have you tried rebuilding the profile (instructions for doing this linked in answer to question from another reader above)?


Hartford, Conn.: Hi, I have everything set up on my WinXP machine as you suggest, including using the Limited User account. I've started using Norton 2009 AV only, not the internet security suite that has a firewall with it. (previously I used Norton security suite, gave up on it a few years ago & used AVAST, then AVG, with the window firewall) But lately I've been wondering about a two way firewall, as I use the Windows firewall, which only checks incoming traffic, not outgoing. Should I be using a 3rd party firewall that also checks outgoing traffic. Part of the reason I wonder about this is that in the long ago past when I was on dial-up on this machine I had the occasion of not keeping up to date on MS updates and AV updates. But for the past several years I've been diligent. So I wonder if it's possible that a firewall that checks outgoing traffic would catch something that my new Norton AV hasn't found in it's scans that got on the computer years ago.

And of course thanks for all the great work.


Brian Krebs: Yes, two-way firewalls are more configurable and overall a safer alternative than the built-in Windows firewall, which as you note has limited two-way blocking ability.

A couple of other options on the free side are PC Tools' Free Firewall and ZoneAlarm Free.


Appleton, Wis.: For a computer running Windows XP Home, SP3, free Zone Alarm Firewall, Avira AntiVir Premium, SuperAdBlocker/SuperAntiSpyware, MalwareBytes, Hostsman, Trusteer Rapport FireFox 3 with RefControl, AdBlock Plus and NoScript as addons, and Internet Explorer 6 with Google blocked, Secunia, CCleaner and a few more small programs which I won't mention (some of this thanks to you and your column and all of it promptly updated - it takes awhile): is there an http_referer blocker for IE6 that a normal human being - not a script writing computer expert - use?

Thanks for your column!

Brian Krebs: Good lord. You're running all that software and still running IE6 instead of 7? Why?

In answer to your question, there is no add-on for IE (IE6 doesn't have add-ons) that will do what noscript does. You can disable scripting except for sites added to your "Trusted Sites" list, but this is clunky and annoying, IMHO. As for referrer blocking, in IE6, I have no idea. Anyone else?


Takoma Park, Md.: Over the last two weeks my computer has been attacked by Trojan viruses/malware (lots of it). Fortunately I always download updates, make sure my firewall and anti-virus protection is turned on. I'm using a trial-offer product called "One Care" (trial lasts for another 44days)to tune-up my pc.

Questions: Do you know anything about this product by Microsoft (One Care)?

Could part of my problem with the Trojans/malware be inadequate internet security from company (Comcast) providing my internet access?

Brian Krebs: Yeah, Microsoft is planning to phase out OneCare in June (see this link for more info on exactly when and why.

I don't have direct experience with this suite, but from what I've read Microsoft is axing this program for good reason.

Comcast, as far as I know, doesn't do much -- if anything -- about malware "in the cloud" as it were, before it gets to your PC. They may in fact quarantine some of the worst actors on their network, and occasionally blacklist certain IPs, but for the most part they do nothing to stop you from mucking up your system.

You should seriously consider ditching OneCare and paying for something more solid, like NIS2009, or one of the other security suites available, like one from NOD or Avira/AntiVir.


lake Toxaway, nc: Hi Brian, I use XP and recently installed Macafee security. I use Outlook Express for my email. When I open an email in OE I can only see the body of the message if I check the box for "read all messages in plain text"--without that box checked I can see the message header, but the body of the message is blank. How can I view the message in HTML? Thanks, George

Brian Krebs: You may be blocked from viewing certain HTML content because OE is set to block the display of images. Maybe check the OE options to see if it allows this as well?


Columbus, Ohio: I recently (2/19/09) had a tech wipe my hard drive and reinstall my XP Home OS (with all MS updates) on a 4-yr. old computer. Among other problems, I had been unable to run flash content.

When I ran a Secunia vulnerability scan today, I got this message: "This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is"

The files currently in my Macromed-Flash folder are: flash.ocx, flashplayer.xpt, install (a text file), NPSWF32.dll, NPSWF32_FlashUtil (version, uninstall_plugin. Only flash.ocx (an active X control) lists version in its properties.

On the Adobe site, I put in the search bar and got multiple results. When I typed, I got nothing. With so many Adobe products having security issues (I refuse to use their reader), I want to make sure my flash player is the safest. But what's up with this one lone file? Should I/how do I replace it with If I click on the update link in the scan's warning panel about, it just takes me to the Adobe page for downloading Flash version I already have!

I'm totally confused, but flash is now running well on my cleaned-up system. Plus, I know better than to mess with any files in Windows or its subdirectories. Thanks for whatever insight you can provide.

Brian Krebs: I have seen this error reported before by other Secunia users, and I seem to recall that there was some setting or remnant file that prevented Secunia from seeing that you indeed have the latest version installed. I would not lose too much sleep over it if you have installed the latest version and are not having any problems with Flash content.


Roanoke VA: I got a bank that doesn't digitally sign and encrypt their main page which contains login fields. The fields go to an https connection but of coarse half the point of the public key/cert. system is for them to authenticate themselves to you via such info which helps prevent phishing. Hence is there any useful resources I could quote (FDIC,FTC) that would maybe make their phishing dept wake up.

Brian Krebs: Not sure what bank you use, but I'd be very surprised if they didn't use https://to encrypt what you send. A while back, I wrote about this phenomenon that still persists to this day, sadly. What you're seeing is a tricky use of frames and one that is supposed to save the bank site in terms of bandwidth and resources, but that is a lame excuse.

See this story for more on what's going on here.


As for referrer blocking, in IE6, I have no idea. Anyone else?: Brian,

My only idea is to dump IE and go to Opera.

Brian Krebs: More advice for the IE6 user


Birmingham, AL: Do you feel the amount of PII we put out there through twitter-services, social networking, and IM is going to bite us in the rear down the road? What will is be like when a future candidate for President has his Facebook from when he was 17 pulled up along with adolescent blog posts?

Brian Krebs: You might consider checking out the story I wrote, included in this blog post. It's somewhat on the long side, but it strives to answer the questions you pose here.


Brian Krebs: I am out of time today, folks. Very sorry I could not get to more questions, but I think I managed to tackle a good number of them. At any rate, thanks to everyone who joined us, either during the chat or afterwards to read the transcript. Join us again in a couple of weeks for another Security Fix Live. Until then, please make a habit of dropping by the Security Fix Blog daily to stay on top of the latest threats, tips, and advice. Be safe out there!


Editor's Note: moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. is not responsible for any content posted by third parties.

© 2009 The Washington Post Company