washingtonpost.com
Security Fix Live

Brian Krebs
Security Fix Blogger
Friday, July 31, 2009 11:00 AM

Security Fix blogger Brian Krebs was online Friday, July 31, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

____________________

Brian Krebs: Welcome, dear Security Fix readers, to another Friday edition of Security Fix Live, where I endeavor to tackle all of your tech, privacy, security and otherwise geekery questions. Please try to be as specific as possible about your problem, your computer setup, and if the question is about security, please give me some idea of what's running on your system (e.g. what kind of anti-virus, what browser are you using, what operating system, etc). Thanks, and with that.....ONWARDS!

_______________________

Houston, Texas: Thanks for your great site. Regarding the Clampi threat, you and Mr. Stewart endorse using a Live CD or second computer for safe browsing. As a nontechnical person, I some time ago concluded that the most practical solution for me was to use one computer for general browsing and email, with a separate computer exclusively for on-line banking.

Given the rise of attacks on routers, should one also use a separate router for each computer? If so, does this introduce technical problems that will need to be addressed? Calling my ISP didn't seem to elicit an informed answer, but perhaps I didn't know what to ask.

Brian Krebs: Thanks for the praise. Regarding Clampi, the reader is referring to a post we published yesterday:

Clampi Trojan: The Rise of Matryoshka Malware"

Using a separate computer for sensitive things only like online banking, checking mutual funds, paying bills, etc. is a great idea and a wonderful way to add another layer of security, if you have the extra computer and don't mind the hassle.

To your question, having two routers would not make much sense, and wouldn't add much security (in fact, it would probably diminish it by adding unnecessary complexity). The recent attacks on routers you are referring to...I'm guessing you're referencing the vulnerability in the DD-WRT router firmware which got some press recently. That attack only works if the bad guy is on your local network (i.e., 192.168...etc). The only way you could be attacked remotely by this vulnerability would be if you had remote router management turned on, and that feature is turned off by default in pretty much all routers.

_______________________

Manassas, Va.: Brian,

I read your blog last night, and I have implemented the upgrade to Adobe Flash Player per your blog. I am getting in the habit of reading your blog everyday since it contains such topical information concerning security issues. Thanks for all you do.

Brad

Brian Krebs: Manassas -- Thanks so much for being a loyal reader. There will be another Adobe update later today, for Reader and Acrobat.

The reader is talking about this important update:

Critical Update for Adobe Flash Player

_______________________

San Bernardino, Calif.: Recent news articles make it clear that most PC's can be infected with new Trojan and spyware programs. I have relied on TrendMicro PC-cillin assuming it kept me safe, how reliable is this protection software and how can I find out if my PC has malicious software that I have not detected previously?

Brian Krebs: Antivirus software is hit or miss, and I don't care what brand you're using: some malware will get through. It's a constant arms race, and one the bad guys eventually win. That is why i emphasize defense in depth, not running as administrator, and staying up to date on patches.

To your question, there are several things you can do to get a second opinion. As I've mentioned before, there are plenty of free, online scanners that will provide that. I like ESET's online scanner, but there are other options, from F-Secure, Bitdefender, to name a few.

Also, if you have your Windows installation disc and you're using Windows XP, you can download something like the free and excellent Ultimate Boot CD for Windows (this doesn't work for Vista, unfortunately). You basically download a large installer file, run it, then follow the directions for creating an installer image (.iso) file that you can burn to a CD. When you boot up into that CD, you have a familiar WindowsXP-like point-and-click environment that includes several anti-virus scanners and anti-spyware tools, as well as a host of other system administration/cleanup tools.

_______________________

Raleigh, N.C.: Hi Brian,

My question is about running XP from a non-privileged account. I asked you this by e-mail, and got a very prompt response, but I think that you misunderstood the question.

A friend asked me for help because she was trying to connect to a wireless network. When XP tried to associate with the secured access point, she got a password prompt from the network driver as you'd expect, but she couldn't type anything into the password box. The box wouldn't accept input. You suggested running her browser as administrator, but this was NOT a password box from a web browser, and the browser wasn't even open. She was not trying to log into the router's web interface. She couldn't connect to the network at all. She had no problem connecting to the network from an admin account, but a regular user account did not work. I did some googling, and found quite a few others with a similar problem, but I couldn't find a solution. I don't have access to her system, so I don't know about what patches, er, updates are installed.

Brian Krebs: My apologies if I misunderstood your previous question. Can you please provide me with more information, such as which brand of wireless router your friend is using, and whether the computer she's using to try to connect to the router has built-in wireless or whether she's using an external card? If it's external card, please tell me the brand of that card.

It wouldn't be the first time wireless networking equipment didn't play nice unless user was admin. Check out this list of offenders:

Non-admin unfriendly hardware/software

_______________________

Appleton, Wisc.: Will a Dell 4600 run as well with Windows 7 as XP assuming there are no compatibility issues?

Brian Krebs: From reviewing the system specs at Dell it appears the PC has the horsepower to run Windows 7, with a few caveats. One is that it looks like it has capacity for up to 4GB of RAM. If you don't have 4MB, you may want to get that (although if you opt for a 32-bit version of Windows 7, your system probably will not recognize more than maybe 3.2GB of RAM). RAM is super cheap these days, and upping RAM to the max is one of the best ways to squeeze more performance out of a PC (as long as the extra RAM matches the specs for your system and doesn't run at different Bus speeds -- check crucial.com for the right RAM for your PC).

_______________________

Arlington, Va.: On my Yahoo mail, I've twice now gotten notifications that my mail session had ended because I was apparently signed on at another location. To combat this, I've changed my password each time this happens, but is there any other way you'd recommend I combat this? The first time it happened was on my home computer, which I protect with Norton Antivirus 2009. The second time was on my work computer, and I honestly have no idea what my company uses for online security (if anything).

Brian Krebs: I would consider whether someone you know -- i.e., someone who has physical access to one or more of the computers you use -- is eavesdropping on you for some reason. Maybe a jealous boy/girlfriend? (Assuming you're picking a relatively strong password and not something like your graduation date or birthday or dog/child/car's name).

_______________________

Manassas, Va.: Brian,

The memory question of the previous person makes me wonder about my system. I have a Dell Inspiron E1505 with 2GB of ram. The PC is 3 years old. How can I find out if I can add another GB of ram so that I have 3 GB of ram?

Brad

Brian Krebs: You have the maximum amount of RAM for that machine, according to Dell's site.

_______________________

Lexington, Ky.: Hi Brian. I always enjoy your columns and live chats. I enjoy the Opera browser on the Mac. I know the Norwegian browser is not as popular as Firefox, IE on Windows machines or Safari.

But I really enjoy some of its features. After reading several articles about how many Opera users stick with old (and probably not as secure) versions, I make sure that I'm running the latest version of Opera.

My problem? On a Mac running Mac OS X 10.5.7 (Leopard), it fails to load the www.washingtonpost.com Web site. The site loads just fine on all of my other browsers (including Camino, OmniWeb and the others mentioned above).

Could you ask the guys and gals who create washingtonpost Web pages to check this out and see why the pages fail to load in Opera Mac?

I do have Java and Javascript activated on Opera.

I suspect it has something to do with the Post's photo above the fold that changes automatically once the page loads.

Thanks!

Brian Krebs: I will forward this along and make sure the tech folks here see this comment. Thanks for reading and for telling us.

_______________________

Alexandria, Va.: My blue tooth keyboard stopped working 2 days ago. I tried to get it going, but couldn't. Any suggestions?

Brian Krebs: I'd start with the obvious. Most bluetooth devices are wireless and therefore run on batteries. Have you checked whether the batteries may be the problem?

If that's not, you might consider checking the device maker's Web site to see if there are any hardware or software updates that might explain/fix the problem. Also check Windows Update optional updates (see left hand portion of WU page after scanning for available updates and look under optional/hardware.

_______________________

LaGrangeville, NY: Since Tuesday's Microsoft update, my XP system has been crashing and having log-in problems, and my mouse has lost some functionality. Any solutions?

Brian Krebs: Have you considered using System Restore to restore to a restore point that was made prior to Tuesday? Go to Start, Programs, Accessories, System Tools, and click System Restore, and (assuming you haven't turned system restore off) pick one of the restore points prior to Tuesday, reboot and see if that fixes your problem. Bear in mind that if it works, you won't have the protection from the IE patch, but this could be less of a concern from an operability standpoint if you regularly browse the Web with something other than IE (as I recommend).

_______________________

Carmel, NY: Can you research your response on the Yahoo "you have been disconnected from chat" problem? From my reading, this is due not to hackers, as you suggest, but due to Yahoo now trying to force all email users to automatically sign in or out of chat, a new feature. When one opens a second yahoo email page or tab, yahoo sees this as a conflict and automatically disconnects the chat. Or perhaps it is the more scary fraud you suggested. Please clarify! It's the top question/problem on Yahoo's questions and help boards, so no one seems to have a clear answer, including Yahoo!

Brian Krebs: Carmel, thanks for your question/comment. I wasn't aware this was such a widespread concern/problem. I will of course look into this further.

_______________________

Pittsburgh, Pa: Brian,

Took advantage of the Offer from MS for the advanced copy of W7. I thought $99 was a good price for a full update. Now, this will require a format install, since I'm using XP PRO? This isn't like when I went from XP Home to pro, is it?

Brian Krebs: Hi. Unless things have changed, I don't believe you'll be able to do anything but a clean install of W7, which may mean it will blow away anything that's already on the hard drive. Either way, I would strong advise you to back up any and all data you want to keep anyway before proceeding with installing Windows 7.

XP Home to Pro=not that big of a shift. XP -> W7, major shift.

_______________________

Kensington, Calif.: I wrote last session about the problem I have maintaining a stable wireless Internet connection with a browser open. I asked if getting rid of AVG 8.5 AntiVirus might help.

You suggested that I (and others) dump AVG and substitute AVAST! Free. I did that (although AVG was hard to wash out completely), but the Internet connection problems still happen when I have any browser open.

The connection failures happen with and without the firewall active. I have scanned for viruses AVAST! and MalwareBytes and used two online scanners: ESET and F-Secure. No problems found.

I told you that I had found a REALLY WEIRD WORKAROUND: If I first open Windows Media Player and get a radio station streaming, I can maintain a relatively stable connection with the browser.

Do you have any suggestions?

INFORMATION Windows XP (version 2002, Service Pack 3, automatically updated) 1.5 GB of RAM, Pentium III, 933 MHz, 133 MHz FSB (An older, fairly slow processor), ZoneAlarm 8.0 Free Firewall AVAST! 4.8 Home Edition, SUPERAntispyware, SpywareBlaster, SpywareGuard, MalwareBytes, McAfee SiteAdvisor (I update regularly with Secunia.), DSL router (2WIRE Gateway 1701 HG) via a Netgear WG311T wireless PCI adapter.

Brian Krebs: Hrm. Have you tried isolating your connection, to see if somehow the router is on the fritz? Is your DSL router also a wireless router? Have you tried troubleshooting this with your ISP? They may been able to suggest better tweaks than I can on this.

Anyone else have ideas for this reader?

_______________________

Providence RI: Love your chats. How often should you replace your PC? I purchased one about 3 years ago from Dell. Its running XP. I use it mostly for email and web browsing. It runs fine but I am about to move and have FIOS internet and if I could move to a wireless platform that would give me more flexibility in where to setup my office. If I should replace, should I stay with the tower or move to a laptop?

Brian Krebs: Thank you. I generally get between 3-5 years out of a machine before I feel the serious need to upgrade. But I also tend to buy PCs in parts and put them together myself, which allows me to pick components that are expandable to meet future needs. I don't think I'll need to upgrade from my current 2-year-old tower to a new PC anytime soon (crosses fingers).

The choice between a tower or laptop comes down to how you want to use it. Towers are more expandable, you can access stuff inside far easier. Laptops, obviously, are more useful if you plan to do a lot of mobile computing, or you simply don't like having to be in the same place in your house everytime you use your system. If you are leaning toward a laptop, I'd encourage you to take a look at a Macbook. They're great, lightweight and fun little machines.

_______________________

Appleton, WI: Maybe this is a stupid question, but I have wondered it for a long time. In public WI FI situations, encrypted Internet connections such as TOR (free) or Comodo Trust Connect (needs to be paid for) can and should be used for safety and privacy. My question would be, should these encrypted connections be enabled right away after the computer is booted up, even though one might be doing something on the computer which does not require an Internet browser connection, such as downloading pictures from a camera to the computer or composing a letter on resident software. At what point can some evil sniffer view the files on my computer or install malware, if he or she is so disposed?

Brian Krebs: First off, Tor (The Onion Router, free anonymization software) is about anonymity, not privacy or security, per se (I can't speak for the other product you mentioned because I've never used it).

Keep in mind that anyone who bothers setting up a system to snoop on wireless traffic is in all likelihood not interested in your pictures; they want your usernames and passwords and credit card numbers, etc. Provided you take care only to pass those credentials to sites that are using encryption (the site address starts with https://), you should be fine (avoid continuing to a site that requires sensitive credentials while on wireless if you receive a warning or error about the site's encryption certificate: this could be an attempt to intercept those communications).

_______________________

For Kensington, Calif.: Friends don't let friends use Pentium III computers!!! Dude, step into the 21st century!!

Brian Krebs: Haha. P3s actually are great for a lot of things. I have 3 PCs actually at home that I use quite often that are all P3 processors. Provided they don't have the base/lowest RAM amount, they will run XP just fine or a LIVE CD distro or Ubuntu install.

_______________________

Woodbridge, Va.: I use McAffee security software to clean my PC. I have not "cleaned" System Restore Points, but notice that I can free 16GB of space by doing so. Should I consider cleaning the SRPs as long as I am comfortable with the state of my PC? thanks

Brian Krebs: I see no harm in that, provided as you say your system is working fine now. I don't believe System Restore gives you the option to pick and choose which restore points you want to keep. It's either all or nothing, so if you choose to remove them, they will all be wiped. Just make sure that if you still want to use this feature that you keep it enabled after destroying old restore points, and that you create a new one after that.

_______________________

Washington, D.C.: I went to the Adobe link for the Flash update and it says:

". . . upgrade . . . by using the auto-update mechanism within the product when prompted"

So, I don't have to fool with downloading anything?

Brian Krebs: Adobe's auto-updater works on its own time schedule, so of course you can wait until prompted by the program, but who knows when that will be? If you're fine with waiting, then by all means wait. I, for one, don't like having software on my system with known flaws when hackers are actively exploiting them and there is a patch available, but as I said the the choice is yours.

_______________________

New York, N.Y.: I have been trying to download "Ultimate Boot CD for Windows Version 3.50" to use the iso file to create a disc. Some of the mirror sites are confusing while others offer other products and I can't find the above one. Some don't let you go back to the prior site. Do you have a reliable download site please?

Brian Krebs: I believe the 3.5 version I downloaded recently was from Softpedia, by clicking the big fat "download" button at this link.

_______________________

Bethesda, Md.: Hi Brian . . . what a great service you perform! One stop shopping for info about latest hazards on the net.

My question: In yesterday's Fix advisory, you mentioned that Adobe was expected to release further critical security updates today (Friday), this time for Reader and Acrobat. Now that Friday has rolled around, do you have any further news about these updates? Thanks!

washingtonpost.com: Security Fix: Critical Update for Adobe Flash Player

Brian Krebs: Thanks. Nothing yet from Adobe on Reader and Acrobat. Perhaps because Adobe is on the Left Coast, I don't know, but they tend to release these things later in the day. I'll have an update on the blog soon after they're released.

_______________________

Allen, Texas: Can hackers enter a computer that is shut down but still physically attached to a cable network? If so, how can I protect myself?

Brian Krebs: Is it theoretically possible? With all of the middleware being put in hardware these days, yes it's possible. Is it likely to ever happen to a regular user? Not in the least.

_______________________

Mesa, Ariz.: In removing some unwanted programs from my PC, I think I removed a sound driver. I have no audio out of the computer. Have tried, to no avail, to subscribe to a 'Driver Dectective' service. Have since cancelled that. What can I do to get audio going again?? Thanks, George

Brian Krebs: Ugh. Stay away from driver services and web sites. In my experience, most are scam sites that play on peoples' desperation to get their PC back to working order, to either fleece them out of money or to get them to install malware.

Take a deep breath. Go to Start, Settings, Control Panel, System, and then pick the Hardware tab. The click Device Manager. Look under Sound Video and Game controllers and see if it lists any specific brand/product, other than the generic audio/legacy/media devices. If nothing interesting there, just Google the make and model of your PC, or go to the manufacturer's Web site and find the product specs page for your exact system. Then look and see what sound card/device ships with your system. The drivers you need may be at that hardware maker's Web site.

Alternatively, have you tried the Add Hardware option from the Control Panel? Generally speaking, if you uninstall device drivers for connected hardware, Windows will try to immediately reinstall the drivers for it. But sometimes it just doesn't. You might try going to the Add Hardware tab in the Control Panel and letting it scan for any hardware changes, to see if it prompts you to reinstall the drivers.

If none of this works, try visiting Windows Update and scanning for available updates. When it's done, choose "let me pick which updates to install/custom" and then look at the left hand side of the results page under optional/hardware updates available ,and see if there is a driver update for your sound card.

Good luck.

_______________________

Berlin, Germany: Helllp! I think my computer might have some variant of the Conficker worm. It's certainly got something wrong with it - I'm getting lots of random 404 errors, and when I try to look at virus-related web pages on Windows, I get something that purports to be a PC World 404 Error. (The URL displayed at the top is still Windows.) I run my computer under a limited user account and I scan daily with AVG Free. I live clean, dang it!

But my question is: So what can I do with it? Is installing other anti-virus stuff at this point just closing the barn door after the horse is gone? I rely on this computer for my business. I did a full backup about a week ago, but for all I know it was infected then, too.

Also, I tried to download an update from Windows that is supposed to help - using a proxy server, the only way I could get to the site - and got the message "This update does not apply to your system."

Hellllllp!

Brian Krebs: If you can, visit these two sites and grab the installer files and put them on a CD or removable drive, then bring that media over to the sick PC, and install the programs, run them, and remove whatever junk it finds. Rinse, reboot, repeat.

Supersantispyware

MalwareBytes' Antimalware

_______________________

Alexandria, Va.: I've got a couple of vacations coming up -- could you remind me of how to stay safe on the Internet when traveling? I already know not to check my bank accounts on just any old computer terminal, but if I use the enhanced-security version of my email (Hotmail), for example, is that safe on someone else's computer?

Brian Krebs: The issue is that if the PC you're accessing the accounts from has a keystroke logger on it, it's not going to matter. Things like passwords for free Web mail accounts are not as sensitive, because you can always reset them. But PLEASE make sure that your free webmail accounts are tied to another email address you control and have access to, because eventually if you need to ever reset your password when you get locked out of your account, if you don't have a secondary email attached to that account, you will in all likelihood be out of luck.

_______________________

Vista Services: Thanks for taking my question.

So Vista is killing me on memory and I decided to shut down some automatic services. Problem is there are so many services, most of them I don't use or need. For instance, I have a service that ensures your Tablet PC is working properly. The catch is I have a regular laptop, so I don't know why this service would be on this machine.

Is there a list of services that one should keep running -- so that Vista performs properly -- vs the nice to have or just in case? I'm afraid that I might shut the wrong thing down and never be able to successfully start my machine again.

Brian Krebs: Yes! Thanks for your question. I have long referenced a wonderful site called BlackViper, because it does a fantastic job of explaining what all these services really do, how much memory they suck up, and whether or not most users really need them all. I'm happy to see he's updated the site to reflect this for Vista as well. I believe this guy has all the info you're looking for. And if something doesn't work right after you disable a service, you can always reenable it.

BlackViper.com

_______________________

Brian Krebs: That's all that we have time for today, people. I'm only sorry I wasn't able to get to all of the questions. Thanks to everyone who stopped by, and we'll do this again in two weeks' time. Meanwhile, please consider making the Security Fix blog a regular stop in your daily Web browsing. Be safe out there, folks!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.

View all comments that have been posted about this article.

© 2009 Washingtonpost.Newsweek Interactive