washingtonpost.com
Security Fix Live

Brian Krebs
Security Fix Blogger
Friday, May 22, 2009 11:00 AM

Security Fix blogger Brian Krebs was online Friday, May 22, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

____________________

Brian Krebs: Good morning, dear Security Fix readers. Thanks so much for joining us today. Please remember to be as precise as possible in the description of your computer setup, installed programs, error messages, affected hardware, operating system version, browser of choice, etc., anything you think may be relevant to helping me give the best answer/solution to your problem/question. With that....ONWARDS!

_______________________

Stellenbosch, South Africa: Dear Mr. Krebs,

Since updating the AVG 8.5 Free security software my laptop is slow, continually experiencing "funny stuff" e.g. the right click of my mouse suddenly won't work, it updates at strange times even if I set it up for certain times of the day, it seems to have "taken control" of my computer which i just don't like at all, to say the least! And, i cannot seem to delete it from the C drive.

I would appreciate your comment and advice as to what to do.

Regards,

Antoinette

Brian Krebs: Hello down there! Thanks for your question. A while back, I set up several relatives on the free AVG, and since then have moved them all off of that platform. For whatever reason, somehow, AVG seems to have borked its free version bad enough so that it runs awfully clunky and slow on even the faster systems out there.

I'd recommend doing the following: If you still want to pursue free antivirus, try to remove AVG using the add/remove programs setting in the Windows Control Panel. If that fails, download and run AVGremover, a removal tool from AVG. This should get rid of the program and all of its components completely.

Then, grab a copy of AVAST! The home edition is free for personal use. I think you'll be much happier with that program. You will just need to register it with an email address within 60 days of installing it to ensure that you continue to receive updates.

Hope that helps!

_______________________

Silver Spring, MD: Could you recommend downloadable software for installing password security on a USB drive that did not come with the U3 system? Thanks!

Brian Krebs: Keepass Password Safe is both free and very good. You can read about it and grab it from this link here.

_______________________

Los Angeles: If you have been "bugged" and have found the bugs using a scanner - what do you do to protect the evidence if you can't afford to hire a $500 per hour security expert? How do you present it in court?

Brian Krebs: Um...make yourself a little tinfoil hat?

Seriously (assuming your question is a serious one and not an indication of clinical paranoia, which of course would be serious also), what you're asking about it far beyond the scope of this chat.

But scanning and the like is the expertise of people practice a tradecraft known as technical security countermeasures or TSC. Most of these folks are ex-law enforcement or private investigator types, but there are quite a few frauds out there too. This type of service is very expensive as well. That's about all I can tell you. Sorry.

_______________________

Reston, Va: Is there a quick and easy way to understand what packet sniffing is, and who buys packet sniffing software, and why?

Do internet security software products offer packet sniffing detection?

Brian Krebs: Put simply, packet sniffing is the act of passively or actively listening to, watching and/or recording bits of data as they flow across a network. For the most part, all of the software and programs you would need to sniff packets on a network are free (wireshark is probably the best example).

When you browse to a Web site, that blindingly quick act is actually split up in dozens -- if not hundreds -- of tiny packets of data which flow back and forth between your browser, the local network you are on, and the remote web site and the network it is on. Anyone who happens to be on that same network as you, one in the middle, or on the receiving end can potentially sniff or intercept that traffic. If it is not encrypted (think web site url that starts with https://), then anyone who intercepts those packets can read them, and even replay them in their own browser to basically see exactly what you saw when you browsed that site, for example.

Combined with more powerful tools, such as a tool called Ettercap, it is possible for attackers on the same network as you to force all of your packets to route through their machine on the way to and from the target Web site or whatever.

Sniffing detection is beyond the scope of most security software products sold to consumers. There are certainly tools such as Snort that can detect when someone tries to use a tool like Ettercap, but these require a bit of know-how and learning to use and setup properly.

_______________________

Fairfax: Brian,

FAQ-check here. I've actually had a good experience with Live OneCare, but apparently it's riding off into the sunset (not that Microsoft bothered to tell me this). As for the other members of the cavalry - McAfee, Symantec, etc. - do you consider them to be generally reliable and good to work with? I do like the suite packages for their all-in-one approach.

Posting early so I can get the kids outside....

Brian Krebs: If you asked me this question 18 months ago, I'd have told you to steer clear of the suites. Now, several of them are pretty good. Of the two, I've spent more time with Norton Internet Security, and would have no problem recommending that program. Unlike previous versions that hogged every available cpu cycle on your system, NIS2009 is extremely light on resources and is very (almost too) configurable.

_______________________

Tampa, Fla.: My brother uses BitDefender Internet Security on his Windows XP SP3 home edition PC. When the PC boots, we see a message saying "BitDefender is not responding." Then a Windows Security alert opens and says "Your computer may be at risk."

After about 2 minutes, the alerts stop and BitDefender seems to run properly. We can update definitions, run scans, etc.

Do you think this is a normal part of the start-up process?

Brian Krebs: I am not as familiar with this product as perhaps I should be. You didnt' say so, but are you running other security software that starts at boot time? That could be interfering with the proper functioning of BitDef at startup.

Has it always done this? Or is this recent/new behavior? You may consider taking your question to the apparently active and responsive BitDefender User Forum.

_______________________

Cameron, NC: I'm having a problem with my home network. I have a WRT54g router, I have 2 wired desktops 1 running Win7 the other XP pro sp3. I have 2 wireless both XP pro sp3. The problem is that the router drops the wireless portion on a daily basis. When it does this the wired computers still access the net but can't access the network or the router. When I reboot the router it all comes back except the Win7 puter has to be rebooted to access the other puters on the network. My question: is the Win7 the cause of the problem. I don't see any way to set up the other computers on homegroup it seems to want only Win7 computers on homegroup. The Win7 only recognizes the network (which is a separate category on the tree) after reboot. I'm about ready to dump 7 and go back to XP.

Brian Krebs: Argh. Double Argh. That's what I have to say about network/router problems. The reason is that diagnosing them can be maddening, and can take a lot of trial and error.

That said, it is almost certainly the fault of Windows 7 (you could help narrow that down by asking yourself if the problem started after you added W7 to the mix).

I recall something like this happening with Vista, and I believe it had something to do with IPv6 (internet protocol version 6). You can google that term later, but the point now is to get your router playing nice with W7. I would recommend trying to disable IPv6 in W7 and see if that fixes the problem.

To do this, go into the Network & Sharing Center in Windows 7, then on the left side look for "Change adapter settings. Right-click on the network card that's connected to the router and select properties, and then untick the checkbox next to Internet Protocol Version 6. Reboot. See if that fixes the problem. I'd be willing to bet money that it does.

If that doesn't work, your best bet is to try to isolate the cause of the problem. Did the problem start after you added the W7 machine? If so, perhaps remove the W7 machine for a few days or whatever the general cycle time is of the appearance/disappearance of this problem, and see if the problem goes away. If it has, then that is most likely the cause.

Otherwise, there is a Windows 7 forum that is fairly active. You might try your question there.

Either way, I'd appreciate it if you circled back in a future chat to let me know whether this worked. We'll have another one of these Security Fix Live chats two weeks from today.

Best of luck!

_______________________

Pittsburgh, Pa.: Brian,

I've used Netstumbler and inSSIDer in the past for various reasons. Are there better programs out there for identifying wireless networks and signal strength? Do you know what a good signal strength would be for my wireless N router?

Brian Krebs: Hands down the best all-around wireless discovery tools come in a "LIVE CD" distribution of Linux called Backtrack 3. You burn it to a CD and boot into it. Included in there are several such tools. By far the best (albeit less intutive for Windows users) wireless discovery program out there is Kismet. That is a tool that ships wtih Backtrack and a lot of Linux and LIVE CD distributions, of which there are many (just Google Live CD distros).

Heck, there are even several scanner apps for the iphone now. I bought WiFiFoFum a while back, in part because it has this really cool radar screen that tries to tell you how close a given network is, visually.

Tom's Hardware is generally a good site for benchmarking tests of all kinds, including networking tools. For example, here's one that looks at signal strengths for N-series routers.

_______________________

Cameron, NC: I'm having a problem with my home network.: Brian,

The poster has 2 options. Download DDWRT and flash the current router to see if that helps. The other is to get an N class router, such as the Dlink Dir 615, for $40. Sounds like the present router is burning out on the wireless side, which happened to me with 2 of those units, because of the horizontal positioning not permitting adequate cooling. The Dlink is vertically oriented with lots of cooling area exposed. These routers put out a lot of heat, as witnessed by looking at the power supply, which is rated for 2.5 Watts. That's a lot of power for something with 0 moving parts.

Brian Krebs: Yes, it could be that the questioner's router is just fried. Again, attempting to isolate the problem may work. Installing a third party firmware may also fix the problem. I always try to give advice that doesn't involve buying more stuff before you figure out whether the old stuff is broken or not, but of course that's always another approach. Thanks for your input.

_______________________

Fairly computer illiterate: I don't know much about computers and you may have covered this before but recently I've been getting spam emails from my own email address ( I know this because when I respond the email comes to me ). How is this possible and can I really gain three inches on my private parts or is that just hokum ?

Brian Krebs: Thanks for reminding me of another question I want to add to a security FAQ I'm building.

I have answered this before but it's a good one, so I'll bite again. The answer is that spammers use large lists of e-mail addresses to send e-mail to, obviously. But they also use those email addresses to spoof the "from" address.

Now, if the spammer uses your e-mail address as the "from" address in a spoofed email message, and that message is sent to a mail server that is improperly set up and/or does not recognize the address in the "to:" field, it may send a reply back to what it thinks is the sender (your email address), complaining that it could not deliver the message.

Clear?

_______________________

Los Angeles: RE: Removing Key Logger Software from Mac I have a MacBookPro running OSX v 10.4.11, intel cored 2 Duo processor Have been told that I have key logging software on here and the other computers in my home/creative office (five total) - would like to know how to detect it - recently found a "document" with no name about 34.7 mb residing on "/" -also found some shortcuts in the same area of the disc referring to temp files and a systemulserver.plist file as well as a zip file called "off_down__zip" -could those be related? -how do I get this off without backing up and reformatting - I have many downloaded updates to my software and this is a very sophisticated graphics/editing setup - yikes! thank you!

Brian Krebs: Who or what has told you that you have a keylogger on your Mac? I smell a rat.

My guess is that you installed some "add-on" or video "codec" that you shouldn't have, and now you've got some kind of rogue program on your system trying to convince you to pay for some bogus security or privacy program.

It may or may not help, but you can grab a free anti-virus program for the Mac called ClamXAV from this link here.

_______________________

Brian Krebs: As I suspected, the person who asked about the Windows 7 and WRT54G problem is not alone. I just checked over at the Windows 7 user forum and found that many other Windows 7 users with that router model are having the same wireless reset problems. See this thread here for more info.

_______________________

Arlington, Va.: Brian, I have been running a variety of -nix variants on my home computer (Linux Mint, PCLinuxOS, gOS, etc.). they always have the latest patch and I never run under root if I am doing admin only. Should I worry about anything?

Brian Krebs: You probably have little to be concerned about, but I'd still recommend running the systems behind a hardware firewall, such as those that come built-in to most wireless and wired network routers. Do that, and be careful about the origin of packages you install (I'm sure you know about MD5s), and you'll be solid.

_______________________

Washington, D.C.: Hi Brian, I currently use the free version of Avira Anti-Vir on both my home computers. I see above that you recommended Avast. Is Avast superior to Anti-Vir, and should I switch over? Thanks!

Brian Krebs: I wouldn't say one is superior over the other. I just mentioned AVAST because Anti-vir has a nag screen to purchase the full version that pops up quite a bit, and many people find it pops up at the most inopportune times and gets annoying. As far as I know, AVAST doesn't do that.

Technically, the two programs are probably comparable in terms of detection rates and speed.

_______________________

wgb, mb, ca: re: Fairly computer illiterate

I think what is happening there is that to defeat spam filters the spammer is using the same to and from address - FCI's not asking about the bounce messages, but about getting mail from himself.

Brian Krebs: Again, spammer is using your e-mail address in the from field.

_______________________

Spyware 2009 invasion...HELP: There seems to be no way to go online to search for a way to remove this from my PC because it overrides any webpages that may come up. Any ideas?

Brian Krebs: Yes. Go to a different machine, download the installers for SuperAntiSpyware Free and Malwarebytes free, burn those to a CD (or put on a USB stick), and then bring them over to the sick PC. Install them both, run them both, and reboot. Repeat, lather, rinse, etc. as necessary. That will probably fix the Spyware 2009 invasion.

If you are using XP, consider adopting the Limited User approach, or drop my rights approach, both linked to in the first part of this chat. Also, if you're using Internet Explorer, consider switching to Firefox.

_______________________

Burke, Va.: This isn't a question, but just a pet peeve: why on earth is Adobe still pushing Adobe Reader 9.1 as its default download (instead of the patched 9.1.1)?

This is just inexcusably irresponsible -- sure, followers of Security Fix know to download updates for any new software install, but I'll bet 90% of Adobe's customers don't.

Brian Krebs: I just grabbed the installer from Adobe's main Reader page, and it does appear to be installing 9.1.0. Thanks for bringing this to my attention. I will bring it to Adobe's attention as well.

_______________________

Denver, Colo.: Brian, first - I really appreciate your blog - you consistently have a lot of great info and updates. I am considering loading my old laptop with Linux - Ubuntu or Fedora. Are there considerable security vulnerabilities that I should consider with these? Do they receive patches relatively quickly compared to OSX/Windows?

Thanks!

Brian Krebs: Thanks, Denver. Congrats on your move to Linux. These operating systems you mention do receive updates just like any other OS, but they may differ a bit in how you grab them. Fedora I believe ships with an auto-update type system that alerts you from the desktop when new updates are available. I believe Ubuntu also has auto-updating capabilities, although I'm unsure whether they are turned on by default. The patches are made available as they are available; there is no Patch Tuesday for Linux updates. And you'll find they're fairly frequent, but not overly so.

As I mentioned to a previous poster, you might consider running the OS behind a hardware firewall, if you don't already have one.

_______________________

Windows 7 and WRT54G problem : Brian,

I'll bet the software on that router is not written for W7. Check the website. DDWRT may be the answer. It's waaaaaay better than what Cisco puts into the LinkSys.

Brian Krebs: Agreed. I run a custom firmware on my WRT as well (not DDWRT), and it is way better than the stock firmware, which is pretty lame.

I'm still curious whether changing the IPV6 setting fixes this problem. If anyone knows for sure, I'd really like to hear from them. It appeared to have worked for several people who posted to that Windows 7 forum.

_______________________

London, UK: Hi Brian, thanks for the chats, always informative. I have Windows XP home, SP3, 2 gig RAM, all uptodate. Whats in your opinion the best paid-for antispyware software? Or which one is most effective? Dr Spyware, Counterspy? Lavasoft? I have Counterspy and had some problems and their tech support is amazing. Reply within 24 hours to email, friendly, courteous on the phone (I spent once 50 min with one rep). Cant say that of to many companies. Didnt get transferred to somebody in India which you barely understand. Have nice weekend

Brian Krebs: I've never paid for anti-spyware software, and have no intention of doing so. If you run XP under the admin account for every day use, as I continually advise against, then you probably DO need anti-spyware software.

So again, I don't have much experience with paid AS software. That said, Sunbelt, which makes the Counterspy product, has a reputation for being very good at customer service, so that doesn't surprise me.

_______________________

Chantilly, Va: Brian,

Here's a link to DDWRT. Some searching will be required.

Brian Krebs: More offers from DDWRT fans.

_______________________

Brooklyn, New York: Hi Brian, lately I have to often on my WXP SP3 2 gig RAM.80 gig HS pc Blue Screen of Death, BSOD. Gives me all kinds of mumble jumble errors and only way of restarting pc is pushing the off button twice to restart pc. Should I be concerned? Anything to do about it? pc is over 5 years old but works "perfect", clean and well protected. Thanks

Brian Krebs: The two biggest causes of dreaded BSODs on Windows are drivers/hardware recently added that corrupt something in Windows, or malware. Occasionally, faulty RAM/memory will cause this behavior as welll, or unmatched RAM pairs or RAM pairs of different Bus speeds on a machine that requires strict matching pairs.

I would be concerned if my machine was bluescreening a lot, yes. 5 years is not a bad lifespan for a tower PC, but then again I understand if you're not anxious to go off and buy a new one (particularly one that ships with Vista, ew).

Have you given any thought to backing up your data (shame on you if you haven't already done that given the problems you're now having), and reinstalling Windows? That's probably what I would do.

_______________________

Anonymous: I recently heard something regarding the loss of GPS. Do you know anything about such?

Brian Krebs: I'm only answering this question to point out how not to ask a question, because I wouldnt' begin to know how to answer this.

_______________________

Cody, Wyo.: Hi Brian,

I loved your article on MyIDscore.com. I really like their service.

Toward the end of your article, you said they advise people with mid-range or higher (worse) scores to place fraud alerts on their credit files and/or credit freezes on their accounts.

I did both of those things many months ago. But my risk score, according to MyIDscore.com is very low -- 77. Is this overkill for someone like me?

Thanks, Brian!

John

washingtonpost.com: MyIDscore.com Offers Free ID Theft Risk Score

Brian Krebs: I don't think it's overkill. It just makes good sense. Why shouldn't you take advantage of this free service to better protect your identity?

After all, that is a big part of what subscription identity protection services will do: automatically renew your fraud alert for you every 90 days so you don't have to. You could just as easily set an auto-reminder on your calendar every 90 days to call the credit bureau and renew it (i think now it's mostly automated, touch-tone type stuff anyway).

_______________________

Carlton: I have Windows XP, Zone Alarm Pro, Eset Nod32, Super Anti-Spyware Free, Malwarebytes Anti-Malware Free, Router Firewall. I am extremely careful of what I open, and have had no malware or virus issues in a couple of years. My question is: Can you think of any reason why I shouldn't cancel my (rather expensive) subscriptions to Eset Nod 32 and Zone Alarm Pro when they come up for renewal in a month or so and instead use Avira Free and ZA Firewall Free. I understand Windows is going to be rolling out a free anti-virus program this year. One or two of your web security colleagues is even advocating dropping all anti-virus and anti-malware stuff and relying on careful habits and firfewall. I resent paying 100 bucks a year for "protection" that Windows ought to be providing free. Do you think a "cocktail" of good, free anti-virus, anti-malware and firewall apps is sufficient? Thanks

Brian Krebs: I don't think it's a bad idea at all, actually. As far as I remember, ZAP comes with anti-spyware built-in, so you're actually running three anti-spyware programs, two of which are configured by default to run at Windows startup (SAS Free and ZAP). That's probably more than you need, as you're already aware.

As for going with only free anti-virus, I'd say go for it! I recommend people use free AV all the time: In fact, that's the advice I give to my family. It's better that people use free antivirus than pay for antivirus or get a free trial and then forget to renew it and have a false sense of protection.

Avira free is okay, except you will probably get sick of the nag screen that pops up quite a bit in the free version. Might consider AVAST! as an alternative. It's gotten quite slick, and still gets very high marks for detection and speed.

On XP, I would still recommend switching to a limited user account or at least adopting a drop might rights approach with the browsers you use.

_______________________

Glen Burnie, Md.: I currently have three computers that have different functions. One computer is used strictly for work, one computer is used for web surfing and one computer is used for banking.

My work computer and surfing computers are protected by Norton Security Suite and the machine that is used for banking is Red Hat Linux. The firewall is enabled; what is a good anti-virus program to use for the Linux system? I have been in discussions where I've been told that you really don't need anti virus on Linux because of the execute privs required. But as of now, my Linux box will only visit my bank and my brokerage.

-Rob

Brian Krebs: I wouldn't worry about antivirus for your Linux box. Make sure your network is behind a wireless or wireless router that has a firewall built in, and don't run services (Web browser/DNS server/Web server, other internet-facing apps) on the Linux box as root/admin and you'll be fine.

_______________________

San Jose, Calif.: In terms of claims of improved security (and in spite of conflicts with McAfee anti-virus which Microsoft admits), is it worth the hassle to download and install Internet Explorer 8? Is it significantly better than IE7?

Brian Krebs: Not really. It does load and run a bit faster than IE7 in my experience, but then again my advice on this sort of assumes you don't use IE for everyday browsing. If that's the case, then yeah, I say go ahead and grab the latest version. Otherwise, it's not really ready for prime-time yet. Too many Web sites need you to click the "compatibility view" option to display properly.

_______________________

Devon, Pa.: I have had trouble installing the recent Microsoft Office Powerpoint update on one of my home computers (I was successful on three others with similar operating and security settings). I get a general error message that the install was not successful. The computer is home built and runs MS Windows XP Professional with all the updates and security patches (except Powerpoint)installed. The security programs are Avast Antivirus, CA-Comodo Firewall, Super Anti-Spyware, Adaware, and Spybot Search and Destroy. I have tried installing via the automatic update feature and directly from the website. Secunia System Scan confirms that the update has not installed properly. Any suggestions?

Brian Krebs: You didn't say which version of Office you have installed. I ask because depending on which version you're using, this patch won't install unless you have a basic level of other Office patches already installed.

Try visiting Office Update, letting it scan and see what updates you need for Office. It could be that you're missing a critical Office Service Pack. Try visiting Office Web site, then click the "Office Update" link to the left under "Downloads" and "Updates", and see what it says you're missing.

_______________________

WXP SP3 2 gig RAM.80 gig HS pc Blue Screen of Death, BSOD. : Brian,

Here's a cheap fix(maybe). Change the Lithium battery on the motherboard. Or, at least take it out for 30 seconds and put it back in, then start. BIOS may have gotten confused.

Brian Krebs: I doubt this will do anything other than cause someone attempting this to slice their finger trying to pry the battery out of the case. But I suppose if all else fails, it's worth a try. Remember, when working inside of a computer, always to disconnect all power cables and peripherals BEFORE opening the case, and touch something metal like the side of the computer itself before touching anything near the motherboard.

_______________________

Medford, Ore.: Every time I click on an article in the Wash. Post I get a small screen from Windows installer saying "Preparing to Install". I get this also with a couple of my Email addresses when I try to open an Email. Everything opens OK, but it's annoying. Anything I can do about it? Jim S.

Brian Krebs: Perhaps you don't have Flash installed? I know WP.com makes heavy use of Flash on the homepage and other landing page, and that may account for the message. Does it say what it's preparing to install?

_______________________

Cameron, NC: I was going to mention that it started since Win7 although I did say I'm about ready to dump 7 and go back to XP. My bad on that. Thanks for your suggestions and I'll let you know how I make out.

Brian Krebs: Ah, okay. Yes, please do circle back next chat. Thanks.

_______________________

Kensington, MD: I know, Brian, that you have some affection for Macs so maybe this question will provide you with another opportunity to praise them and I think my issue might be useful for others as well.

I'm a retired IT guy who still dabbles now and then but almost solely on Windows clients with old networks - Banyan Vines and Novell Netware. A client's wife came to me practically in tears - even though she really really knew better, it seems she had fallen to a phishing scam with her bank account and had entered account info. After a couple days she final realized her error and contacted the bank to change all her relevant data there. She's only used other PCs since that event.

But the bank staffer - apparently a lower level help desk person reciting from the script - told her that in no uncertain terms that "you have a virus on your laptop and even though the Mac is better than the PC, you have to have it cleaned professionally."

If it were a Windows PC I'd know how to handle it but not a Mac (one of the last Motorola MacBooks with the pre-Tiger OS, I think.)

So the questions are: are there any known infections that can hit a Mac by opening a phish-page in Safari and sending bank-type data to the bad guy? If so, what procedures are appropriate to address the infection?

A nice lady's heartfelt thanks for whatever your answer might be! And mine!

Brian Krebs: Very phew phishing scams/sites also try to install malware on your computer. I'm not aware of any phishing scams that also try to install malware that infects a Mac.

I am acutely aware, however, that most customer support people who work answering phones for banks and other companies that are used to dealing with customers on these sorts of issues tend to read from a script and tend not to deviate from that script, even when common sense might dictate otherwise.

I would tell your friend not to worry about it. Make sure she understands that this is a good reminder of why clicking on links and responding to requests for information sent to you via email is always a bad practice, regardless of which operating system you are using. Mac users like to boast about how they don't have to worry about viruses and worms, etc., but they are just as susceptible to phishing scams as the rest of the world.

_______________________

Virginia Beach, VA: Hello Brian

I used Secunia PSI and received this message for two ancient versions of Windows Media Player after it completed scanning my hard drive (the fabled Dell Dimension, XP Professional, SP3.)

------- Microsoft Windows Media Player 6.x This installation of Microsoft Windows Media Player 6.x was detected as being patched.

The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed. Installation Path c:-Program Files-Windows Media Player-mplayer2.exe

This installation of Microsoft Windows Media Player 5.x was detected as being patched.

The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed. Installation Path

---

I just deleted them from the hard drive, but they of course would not permanently go away. I don't use WMP, I like VLC instead, but I always accept the upgrade to the new version and currently have WMP 11 installed on the system. Much like Java, when I upgrade, why does the older version of WMP still hang around? Is there some component that is still needed?

Brian Krebs: I like and have recommended Secunia's PSI on many occasions because I find it a useful, free tool. But it's important to keep in mind that it is just that, and that a lot of programs are very tenacious and even after you remove them will leave behind components that may fool PSI into thinking they're still active.

Chief among the culprits of programs most likely to do this are Microsoft programs that have their hooks deep inside the OS. I found this thread at Annoyances.org to be potentially useful for people having trouble banishing old versions of WMP. Your mileage may vary.

_______________________

"Behind a firewall": Can you please explain what it means to be "behind a firewall" in reference to a wireless router? How do I know if I am (I'm using a Linksys WRT54G)? I've looked, but I don't see anything on the router's setting page that looks like a firewall setting. (I am using McAfee's software firewall.)

Brian Krebs: Again, almost all hardware routers -- be they wireless or wired -- ship with a firewall built in. That is, they are configured by default to simply drop Internet traffic that comes to your network unbidden. If you didn't initiate the connection, the router will simply "drop" the incoming connection or block it. That is what's meant by a hardware firewall.

Software firewalls, on the other hand -- like Zone Alarm and the one built into Windows -- can block both incoming and outgoing suspicious traffic.

_______________________

La Verne, Calif.: With a strong password how secure is online banking?

Brian Krebs: About as secure as your home computer. :)

_______________________

Bozeman, MT: Love your chats! Is this update necessary, and what is it? Microsoft .NET Framework 3.5 Service Pack 1

How do we know what to upgrade when this sort of stuff comes through? Thanks.

Brian Krebs: Yes, this is a functionality and security update for the .NET framework. .NET is a bundle of software from Microsoft that a great many applications depend upon to function properly, and chances are this package was installed when you installed one of these programs. The fact that Microsoft is telling you that this service pack for .NET is available means you have .NET on your system. Not a big deal: Go ahead and install it. It's somewhat large, and may take some time to download and install, but I haven't encountered any reports of problems with this update.

_______________________

Tuskegee, Ala.: I'd like to listen to live broadcasts of BBC Radio, but it requires me to download RealPlayer (the free version)...I've heard horror stories about RealPlayer bringing in malware, messing up music files, etc. Is it worth it?

(My system is MS Vista Home Premium 64-bit w/4 GB of RAM)

Brian Krebs: There has to be a way of listening to this stream without Real Player, which as you note I have panned on many occasions and urged people to avoid installing.

This page here seems to indicate that a number of the BBC streaming programs can be heard via Windows Media Player. Not sure if the program you're after is, though. There is a program I've mentioned before (can't find the link now) called Real Alternative, that may be worth investigating.

_______________________

Brian Krebs: Apologies, forgot to post that BBC link. It is here.

_______________________

San Diego, Calif.: How can I index flash drives to make them searchable by google desktop?

Brian Krebs: Try going to Options, and then "Add a Drive or folder to search" under the Search Locations settings area.

However, you will then need to tell google to begin indexing your computer again and wait some time before it indexes it.

Of course, even after all that, the information on that thumb drive -- other than maybe the filenames -- won't be available next time you do a Google Desktop search for those files unless the thumb drive is connected.

_______________________

Brian Krebs: I am out of time for this week, folks. Thanks to everyone who stopped by to read or participate in this chat! We will hold another Security Fix Live in a couple of weeks. Meantime, please consider dropping by the Security Fix blog once a day to stay abreast of the latest security news, warnings and perspectives. Have a great holiday weekend for those of you US readers. Be safe out there, people!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.

View all comments that have been posted about this article.

© 2009 Washingtonpost.Newsweek Interactive