Security Fix Live

Network News

X Profile
View More Activity
Brian Krebs
Security Fix Blogger
Friday, September 25, 2009; 11:00 AM

Security Fix blogger Brian Krebs was online Friday, Sept. 25, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

____________________

Brian Krebs: Greetings, all, and welcome to Security Fix Live! Before I jump into the questions, just want to reiterate the normal request: Please try to give me as much of a clue as possible as to your computer setup. Details that help tremendously to increase the chance of my a) answering your question, and b) giving a reasonably accurate answer include telling me what operating system you're using, any installed security software/hardware, and any error messages or codes. Thanks, and with that, ONWARDS!

_______________________

Silver Spring, Md.: Do you have any tips for speeding up downloading from the internet? It is part of job and I am going thru the company network. During day time downloads are very slow better off hours so I am assuming part is load on the system but what settings can I tweak to download faster? Thanks

Brian Krebs: Yikes. I don't have any advice for you on what to do, but I'm answering this to offer a few thoughts on what *NOT* to do.

Avoid like the plague any software or "add-on" that claims it can speed up your downloads. These are nearly always scams (ask you to pay money for little or no effect) or malware related come-ons.

Ditto for "registry cleaners" that promise to speed up your download speeds. Hogwash.

You're talking about speeding up download speeds on your employer's network? Unless you're the system admin on that network, anything you attempt to do to speed up the performance of the local network is likely to violate your company's security policy.

My (admittedly curmudgeony) advice: Ask your IT admin. If he looks at you funny, the answer is no.

_______________________

Alexandria, Va.: For some research I have spent years accumulating, I was thinking of buying a stick memory, copying the files to it and placing the stick in my bank's safety deposit box. A CD-ROM won't fit into the safety deposit box.

How long can I count on a 2 Gbye stick lasting in storage in such storage?

Brian Krebs: It may be just as well that CDs don't fit into the safety deposit box. Many of the cheaper writeable CDs on the market aren't really built for longevity.

USB isn't a bad choice, as their ability to store data (assuming you don't buy some $3 cheapo device) usually is dictated by how much you use them. Most USB devices have a theoretical limit on the number of times they can be written and overwritten before they start to act flakey.

_______________________

San Jose, CA.: If I have strong MFA Security protecting my online account accessing, then Malware designed to steal Login credentials will not be successful, right?

Brian Krebs: I'm guessing by "MFA Security" you mean multi-factor authentication, meaning the requirement to enter something you have (such as a one-time code generated by a key fob) in addition to a user name and password.

MFA is a nice addition to any security setup, but it's by no means unbeatable. Back in 2006, I wrote about phishers simply asking people for the one-time codes in their phishing sites. That seemed to be remarkably effective.

See: Citibank Phish Spoofs 2-Factor Authentication

More recently, I have written about attacks on MFA that begin at the operating system level, care of malware that gets its hooks deep inside the operating system. If this happens to you, I don't care what MFA scheme you're using: the bad guys can almost certainly defeat it. The latest malware like Zeus and Clampi can actually re-write the bank's web site as it is displayed in the victim's browser, in real time.

See:

Cyber Thieves Steal $447,000 from Wrecking Firm

and

PC Invader Costs Ky. County $415,000

These are both examples of what I just described.

A security startup called Silvertail also has a very in-depth (if long) webinar exclusively about these MFA-defeating features in Zeus.

See this link here.

The point I'm making is not to scare the living @$@!% out of people, but just to point out that MFA is not the end-all, be-all that some would have you believe. The real answer, IMHO, is better fraud detection on the (bank's) back-end.

_______________________

Ashburn, Va.: A thought for "Silver Spring": if the delays are really impeding your ability to do your job, then it might be appropriate to talk to -your- boss, and ask for his/her help in working with IT. (Not all problems have technological solutions.)

Brian Krebs: More advice for the frustrated downloader

_______________________

Rockville: Faster downloads?

Get better Internet service. Try working at night. If you had a link from home you could get online and start downloads at night. But the Internet seems 24/7 -- so I dont know if it is faster at night or not. Many years ago, librarians worked night shifts to use OCLC faster. But some times it took an hour to get a response. At 30 cps.

Brian Krebs: Yet more reader responses for the unhappy surfer.

_______________________

Annandale, Va.:: I've been having a problem with printing from Firefox with my new MacBook (Leopard) and Canon PIXMA MP620 printer. I use an Apple AirPort Express with the printer plugged into it by USB (although the printer claims to be wireless capable). The problem is that Firefox crashes every time I try to print twice from the same window or tab, or after having canceled the print window the time before. Any ideas what or with which device the problem is?

Brian Krebs: This is a known issue that appears from my limited reading on the Mozillazine forum threads to stem from Firefox/Canon confusion over which printer (preview?) driver to use. It's not clear to me which program is at fault; maybe both.

This thread appeared to have a Mac-specific solution that looks promising, although none of the other people in that thread with the problem responded as to whether it fixed the problem for them.

_______________________

Lovely Richmond, Va.: Hi, Brian-

I have Comcast's cable Broadband modem service, use Netgear wireless router, use Firefox for my browser, Windows Vista on a laptop new earlier this year, and have been having issues with uploads and attachments (e-mailing pics, posting on Craigslist, FB, etc.) freezing up and causing me to have to cycle and reset the modem, and reboot. And yahoo mail itself seems to be kind of unstable lately on Firefox.

Happened on a visiting friend's computer too when using regular ethernet wired connection.

On the flip side, my work laptop (Win Xp) on ethernet wired connection with Explorer due to IT dept settings does not have this problem.

Any advice much appreciated. Thanks for these chats!

Brian Krebs: Hi Richmond. Hardware problems are tough to troubleshoot in chats, but it would help to know whether it suffices to cycle down the router vs. the modem. You seem to know the difference, but maybe you misspoke in your question about having to reset the modem. Did you in fact have to cycle and reset the wireless router?

Also, how old is the Netgear router, and what version is it, if you can tell me that?

_______________________

Washington, D.C.: Brian, I'm trying to figure out where to search for computer advice without having to rely on you and Rob Pegoraro as free tech support. When I do a search for help on a problem, I get a world of results from sites I've never heard of and that I'm reluctant to trust. Basically, if I've heard of something from you or Rob I trust it's ok, otherwise I assume it's fishy. Anyway, if you do have any free advice I still have IE6 on my home computer, a 5+ year old HP with AMD chip running XPHome with all updates. Back when IE7 came out, I delayed upgrading to it because I didn't want WGA running on my machine, but I finally loaded WGA yet IE7 would never install. The installation would run for a few minutes then at the end I'd get a message that the installation failed with no additional information. Now same thing happens when I try to load IE8. I'd never use IE except in order to access DoD sites as a military reservist (Firefox doesn't work with some of them) so I take small comfort that I probably won't get hacked staying on those official sites. But I'd rather have IE8 running. Microsoft help sites are either too vague or too technical.

Brian Krebs: If I recall correctly, IE7 had some problems installing when users also had Zone Alarm firewall and/or Spybot products active. You didn't say (tsk, tsk) what security software you're running, but if it's ZA, you may need to actually remove that software and reboot before you can upgrade to IE7.

I believe I helped someone fix this problem at some point a while back, and I think the solution was to be found at this this thread.

As to your question about security advice from random forums, it's tricky sometimes. It would be impossible for me to list here all of the legit help forums, b/c there are so many. Ditto for pseudo-forums that really just try to get you to install some program or buy some service/software.

My advice is be extra careful about any site that tries to get you to download and install a driver, .exe or .dll file that didn't come from the affected vendor. E.g., often times people will have trouble with a Windows driver, and they start searching on the .dll file name that's causing the error prompt. Bad idea. There seem to be no end to nefarious sites that use these error messages to snare unwitting people.

User your head: If you're looking for an answer to a problem about a Canon printer driver, for example, the best bet is to start a google search with the driver name or error message and "site:canon.com" for example, and then expand your search from there. Most commercial software and hardware makers have their own support forums, and those are usually the best places to start.

Hope that helps.

_______________________

Macon, Ga.: Brian,

You always fill a void for security information down here in Macon. Thanks!

My question concerns the use of the UAC in Win7. I used limited user accounts in XP now I'm using Win7 RC and the UAC is set to the always notify - highest level. I only have an Admin account but my applications act as if they are being used in a limited user account as in XP. As long as I keep the UAC at the highest level, do I need to make a separate limited user account in Win7? I'm the only user of this computer and I use Win7 with secure and safe practices.

Thanks again for your always good info.

Brian Krebs: Thanks for the kind words, Macon.

The behavior in W7 is not unlike the UAC behavior is Vista, which is to say the user is prompted whenever something wants to install or change important settings on the system. Provided you use UAC, and pay attention to the alerts (ask, did something I just did prompt this alert?), there should be no need to create a secondary, lesser account on the system.

_______________________

Alexandria, Va.: Hi Brian,

I don't know who I'd send this problem to, so I'll try you. I tried to use the Virginia DMV's website and I requested a PIN number. When I tried to register this number, I got the message "We were unable to process your transaction."

When I called the DMV and relayed this problem, their only response was that there were no reported problems with the site, and they would send me a new PIN. Huh? Are there any settings on my computer that would cause this? I'm running XP SP3 and Firefox, with McAfee installed.

Thanks for any clues you can provide.

Brian Krebs: Sure, it could be that VA's DMV site is designed to run best with Internet Explorer (why is it that government sites are the most frequent culprits here?). A review of the HTML source for that site suggests it does some serious checking to see if you're running IE or not. Have you tried (gasp!) seeing if you get the same results using IE?

Obvious question: You say you're browsing the site with Firefox: are you also using the noscript plugin, and perhaps still need to enable some script on the page?

_______________________

Washington, D.C.: Two weeks ago, my laptop was infected by a spyware virus. Unfortunately, my antivirus software was not up-to-date. I have successfully moved all my important folders/files that I've housed on my laptop for five years to a server online.

I have purchased Norton 360, but I am having difficulty installing it on the laptop. Is there a way I can install Norton on my laptop? At this point, the laptop doesn't even read a flash drive. I don't know what to do. Thanks, Lory A

Brian Krebs: If you're removed all your important files and folders from the sick machine, why not just nuke it and start over? That would be the safest option, and when all is said and done probably the most straightfoward. Assuming you have the OS installation disk and your Windows license key written down somehwere, of course.

When you've got the computer resinstalled (XP/VISTA!!!?!?...i'm going to assume XP) along with all of the relevant updates and your favorite programs consider setting it up to run under a limited user account for everyday use.

The Importance of the Limited User, Revisited

Seriously, on XP, a limited user account may be the most important security step you can take. Security software like 360 or whatever should be considered a second line of defense after this important step of limited the rights of the everyday acocunt you use.

_______________________

Sterling, Va.: I recently updated to Zonealarm Extreme Security from the Security Suite. My wife and I both visit Pogo.com to play games, but my wife uses IE and I use Firefox in Win XP, all of which are up to date including our JAVA. When my wife plays, and Force Field is active, we receive error logs which are dumped onto the desktop. This never occurs with Firefox and the errors don't appear to have an effect on my wife's playing. Here's what the part of the log that I can understand has to say:

A fatal error has been detected by the Java Runtime Environment:

EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d09bfbb, pid=4492, tid=4528

JRE version: 6.0_15-b03

Java VM: Java HotSpot(TM) Client VM (14.1-b02 mixed mode, sharing windows-x86 )

Problematic frame:

C -awt.dll+0x9bfbb]

If you would like to submit a bug report, please visit:

http://java.sun.com/webapps/bugreport/crash.jsp

The crash happened outside the Java Virtual Machine in native code.

See problematic frame for where to report the bug.

Any ideas? Thanks much!

Brian Krebs: Sorry, Sterling. You stumped me there. Crashes with Sun's virtual machine are beyond my understanding. I'd recommend reading this:

Understanding VM Crashes in Java

If that offers no wisdom, take your question to the Java support forum.

I'm sorry I can't be more helpful here.

_______________________

OCLC!: Rockville's reference to OCLC makes me think of the very first time I ever used a computer in the early 70s. I was an underpaid grad student at the University of Illinois who took a night job at the library inputing data for OCLC. I still remember my first training session, when the instructor told us to move the cursor and I had to ask what a "cursor" was. Boy, have things progressed since them.

Brian Krebs: LOL. It's fun when the old-timers wax nostalgic here. Ah, the glory days of VAX systems and mainframes. We liked it! We loved it!

_______________________

Brian Krebs: Sorry, Sterling. Here's that link to the Java JRE support forum.

_______________________

Washington, D.C.: Has Adobe changed the mechanism by which pdf files may be saved? Or am I seeing a virus?

There is an online pdf report I wanted to save. In the past, an option to save was right there on the viewer. Now that option has vanished; and been replaced with a send function, and a conversion to pdf function which apparently requires info for registration?

Brian Krebs: Have you tried going to the link itself, and instead of opening the link, right-clicking on the link and selecting "save link/file as" to see if it lets you save it as a .pdf file? That sometimes works for me, in Firefox at least.

Another thought: Perhaps there's some Adobe mojo put on that pdf so that you can't save it? Have you considered switching to the much more lighweight (and arguably safer) free Foxit Reader?

_______________________

Streamwood, Ill.: Hi Brian,

Love your blogs. I have an HP a6010n desktop PC running Windows Vista Home Premium SP1. I have Avast and Sunbelt running as security software.

I have been able to apply all the Windows Patches except the SP2. SP2 always gives me the error: 800B0100

I have tried all the things Microsoft has recommended to fix this error but to no avail. Am I missing something by not installing SP2? Am i making my system (has all other Windows updates) more vulnerable by not installing SP2

Brian Krebs: According to Microsoft, Vista SP2 security improvements include:

* Secure Development Lifecycle process updates, where we identify the root cause of each security bulletin and improve our internal tools to eliminate code patterns that could lead to future vulnerabilities

* Reliability

* SP2 addresses previously released reliability updates, as well as addressing crashes, caused by Microsoft code, discovered since the launch of SP1

There are definitely some performance benefits to applying SP2, and perhaps a few hotfixes, but provided you're keeping up with the patches via Windows Update or Automagic Updates, you should be fine, and really not any more vulnerable than you would be having installed SP2.

_______________________

Baltimore, Md.: What kind of back-up do you think is best (ie:online backup vs. external device backup)

Thanks, Dennis

Brian Krebs: Online backup services are a great idea, until you can't for some reason get online when there's a problem.

I prefer to have my backed up data on a physical drive that's within reach. That's just a preference. Yes, if the house burns down (heaven forbid), then I guess I'm toast (along with my data!). I'll take my chances.

I've been known to recommend Acronis True Image, as a great solution to keeping a solid basic backup image of your drive -- if not also incremental updates. Imagine my surprise when a few days ago an alert reader tipped me off that this program is actually being offered for free to Western Digital hard drive users.

Check it out at WD's site. No clue how long that offer will stand.

_______________________

Sydney, Australia: Hi Brian, This one's a lulu. A neighbour informed me during a discussion about online security that he used Takeown in the Command Line (I'm familiar with it) to edit the hosts file to block not only the usual suspects, but Microsoft as well. His reasoning was that trojans, viruses etc are now so sophisticated that they can piggyback on Windows Vista updates. I said wouldn't trojans etc have to invade Microsoft's server (or something), and wouldn't Microsoft's people instantly know? "Oh no, they can hijack the updates download on its way to your hard drive. That's how they get past your firewall."

I've never heard of this and not being an expert could not convince him otherwise, so I referred him to your column. Surely anyone who knows how to edit the hosts file would know if such a hijack was likely.

I would love to know your view of such a "precaution".

Also it seems the Windows 7 hosts file cannot be edited, at least on the Release Candidate version (I've been playing with it, I like getting my hands dirty).

What is Microsoft's rationale for this do you suppose?

I'm now recommending your Security Fix column to everyone I know. I really admire the all the effort you must put into your research. I guess its disheartening when various companies and businesses you try to contact don't bother to answer your queries.

All kindest regards, Peter in Sydney, NSW.

Brian Krebs: Your friend isn't loopy. He's actually right. There are plenty of examples of malware that -- once they get their hooks into your system -- piggyback on the "background intelligent transfer service" (BITS), a legitimate process used by Microsoft to download updates gradually so as not to disrupt your browsing, etc.

See:

New Attack Piggybacks on Microsoft's Patch Service

It's important to recognize that this type of malware only uses that service once it has infected a system.

That said, editing one's HOSTS file entry is an attempt to prevent the browser from visiting certain domains or IP addresses that have been known to be associated with malicious/malware activity. It works pretty well, as these approaches go, but this approach should not be used as a standalone approach to blocking malware -- only as a complement. What's more, it's not terribly effective unless you're pretty vigilant about manually maintaining the file with the latest HOSTS updates.

_______________________

Sweden, STH: You wanted to know a live CD that could handle just about anything. The trick is that after you install a live CD to a thumb drive and boot it you make a regular hard drive install to another USB flash drive. Preferably to a fast (30MB/s) but cheap SDHC card 8 GB or more. For simplicity use Ubuntu 9.04 and make sure the boot loader is only on that USB flash drive.

Brian Krebs: Are you telling me that the latest Ubuntu Live CD will handle most wireless clients on a (Windows-built) laptop? Didn't hear you say that, because my suspicion is that it won't. The reason I say this is I tried the latest Ubuntu Live CD on two relatively recent laptops I own, and it wouldn't even get past the hardware detection screen. It hung on detecting the wireless drivers.

As for installing to a phsyical drive, that's fraught with difficulty as well: Unless the clueless user knows what HDA1 and HDA2 etc. mean, he or she is likely to overwrite their hard drive.

_______________________

Arlington, Va.: You mentioned in your last discussion that a mac is less likely to get a virus. My wife has been trying to talk me into getting a mac for the last few months. How would some of the other security issues you talk about here be the same or different on a mac? For example, do you still recommend some kind of drop my rights set up? Should I run Firefox with the no script add on? Should I be running an anti-malware program like Malwarebyte's? How about online banking? Thanks and these discussions are great.

Brian Krebs: Get a Mac. If you can afford it, you wont' regret it. There's a learning curve for Windows users, but it's really not that bad.

As for Firefox and noscript, I enjoy having controls over scripts -- regardless of what OS I am using -- so yes, if you're comfortable with that add-on, I'd recommend installing FF on your new Mac. Safari 4 is quite fast (maybe faster than FF), but use what you like.

Malwarebytes for the Mac? Didn't know they made that (I'm pretty sure they don't). Just be careful about what programs you choose to install (most attacks these days are social engineering -- getting the user to install something that should give them pause), and the origins of the software you're installing. My rule of thumb, which I never seem to tire of repeating: If you didn't go looking for it, DON'T INSTALL IT.

Best of luck.

_______________________

Palm Harbor, Fla.: What is the real threat, if any, to Mac OSX from viruses, spyware and trojan horses. I am considering a new MacBook Pro running Snow Leopard but wonder if it's really safer online that a less expensive Wintel running Windows 7.

Brian Krebs: You're asking me to predict whether the brand-new OS X version will be more secure than the brand new Windows 7 version. My crystal ball there is kinda murky at the moment, but I'll set that aside and take a swing anyhow.

My prediction: Hackers will still keep targeting Windows systems mostly, focusing more on Windows XP and Vista users. W7 does seem to have some serious security updates in the OS, at least enough to keep it largely out of the sphere of updates that Microsoft has had to fix in earlier versions of Windows.

I still think the bad guys will continue to attack Mac users, if perhaps mainly through social engineering attacks. The user base is increasing too swiftly for criminals to ignore: The pay-per-install model works just as well for Mac users as it does for Windows users.

In fact, just this morning I was reading about a pay-per-install program detailed by Sophos that targeted Mac users.

Stay on your toes out there folks, regardless of what OS you use.

_______________________

Portland, Ore.: Hi, Brian. My subscription to PC Shield virus software is running out and a friend who's an IT tech told me to not spend money on virus software; he said that there are comparable free subscriptions you can get that work just as well or better. Is this true and if so, is there one you recommend. If it's not true, can you suggest one that is low priced and will still protect my PC?

Brian Krebs: In terms of the best free AV options, I'd recommend either AVAST! or AVIRA (the former requires you to go through their free registration process at some point in order to keep receiving updates, while the latter has a somewhat annoying nag screen that pops up every once in a while).

_______________________

Washington, D.C.: I have a PC that is from 02 - have pics on it and it has windows 98 on it with no cd burner on it. Not connected to the internet and all the recent software isn't supported on it. Any ideas how to get the pics off the old computer? Take it to BestBuy?

Brian Krebs: Even a Win98 machine is going to have a USB port or two in it, in all likelihood. It may not be in the easiest place to access, but it's almost certainly there somewhere (probably on the back on the machine, near the video or power plug). It won't support faster USB 2.0 devices, and you may need to download a driver (from Microsoft.com or the USB Drive maker's site ONLY!) for whatever USB device choose, but USB is your answer, my friend.

_______________________

Brian Krebs: Okay, people, I am fresh out of time today. Thanks to all who stoppped in to make this a lively conversation, and to all of you who are just taking a gander at the transcript. We'll host another Security Fix Live in a couple of weeks from today; In the meantime, please make the Security Fix Blog a regular stop on your daily Internet peripetations. Be safe out there, folks!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.


© 2009 The Washington Post Company

Network News

X My Profile
View More Activity