Security Fix Blogger
Friday, October 9, 2009 11:00 AM
Security Fix blogger Brian Krebs was online Friday, Oct. 9, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.
Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.
Greetings, dear Security Fix readers, and welcome to Security Fix Live! Good looking crowd we have today. Before I jump into the fray, I'll issue my usual plea: Please, when you ask a question, throw me a bone as to what your computer setup looks like. Specifically, give me some clue as to what operating system you're using, any installed security software, browser of choice, etc. Doing so will dramatically increase the likelihood that I both answer your question and do so accurately and completely. Thanks, and with that....ONWARDS!
Denver, Colorado: Brian, I read about all these new attacks on our computers and wonder how we can be absolutely sure bad stuff does not infiltrate our home computers. I use McAfee and Windows Defender and check for updates every day. You provide a great service to the average computer user. Thank you, keith
Brian Krebs: Thank you, Keith. Truly, if you faithfully observe a few basic practices, you should have few -- if any worries.
-Don't click on links or open attachments from emails you weren't expecting.
-Patch your software, be it the OS, browser, plug-ins, add-ons, etc., soon after security updates are made avaialable (shameless plug: Reading my blog is a good way to stay on top of that).
-Run the operating system under a
for every day use (limited user or the built-in user account control in Vista/7).
-Make sure to have some kind of up-to-date antivirus and firewall installed.
-Be extremely careful about what you choose to install. Install updates and patches only from the source.
Upper Marlboro, Md.: Hi Brian. Thanks for all you do to help us deal with the "wild west" of the Internet. I was freaked out by your reports on the clampi trojan - especially since no security software seems to protect against it. The main solution offered up - use a second, dedicated computer for financial transactions - is a non-starter for many in this economy. Also, if the trojan infects a national bank, a home user can become a victim even if s/he does everything required for safe computing. Besides buying a second computer (not gonna happen) what are some realistic steps that home users can take? Help!
Brian Krebs: Yeah, I hear you on the buying-a-second computer thing. But there are other options. A few chats ago, I recommended Live CDs as an option. The beauty of this approach is that you download a bootable Linux installation, burn it to a CD-Rom drive, and boot from the CD straight into linux. The only cost is the penny or so for the blank CD. The operating system is free, and when you close it down, all data/changes are wiped. Clean slate. Best part is you don't need a second computer. Take the CD-Rom out of the disk drive, restart, and you're back into Windows again.
There are literally hundreds of these free Live CD distributions out there. You can install them as your main PC if you want, but by default they run striaght from the CD. The last chat, I think someone suggested Puppy Linux, and I have to say I hadn't tried it before then, but I have since, and it's extremely small, lightweight and very fast.
If you're serious about looking at this option when you do online banking, etc., check it out
. In my experience, you should have few problems booting into the CD if you do it on a desktop/tower system. Trying this for the first time on a laptop (esp. one connected via wireless) is not for beginningers, IMHO.
Starkville, MS: My mother, who is 88 lives where she has Internet access. Last week she received one of those emails, "Help, I'm stranded in the U.K. and need money." Well, she answered it. Just a short, "I'm sorry I have no extra cash." The following day (when she told me and I opened her Yahoo mailbox) I found a second email pleading for money and deleted it. There have been no more emails. Should she (we) now be concerned and change her email password? There is a good virus program on the computers where she lives.
Brian Krebs: Yikes. The problem is with these types of scams is that once you respond, the crooks known they have a potential "live one". It's like a nibble on a hook that causes a feeding frenzy: People who respond to scam emails (in any way, even to say "go away," however ephemistically) often find they get inundated with more of the same but at an accelerated rate.
Unfortunately, even the best anti-virus program isn't going to stop your mom from responding to some scammer. That's the main problem with computer security today: The bad guys know the defenses they face, and have since readjusted their strategy towards tricking people into doing things they shouldn't. You might just take some time to gently explain to your mom that she should ignore e-mails from people she doesn't know. From where I sit, the old "don't talk to strangers" adage is actually a lot more relevant as a precaution online than it is in the offline world.
Tulsa, Okla.: I am using a live puppy linux CD on a Windows machine to do home banking. the session is full live - no install at all.
The only flaw that I can see is if a compromised website managed to install something like a rootkit or a key logger on the harddisk.
IS there a way to "lock" the unmounted disks as unmounted, so that no process can remotely mount the disks and compromise the installed OS?
the Puppy support forums more or less admit this achilles heal and sugesst running the browser as the spot regular user not root the super user.
BUT the disks are still mountable during the session.
Any ideas or commands?
Brian Krebs: I would say your chances of being succesfully hit by a rootkit or keylogger from browsing the web on a setup like that that would probably be less than that of being hit by lightning on a sunny day in October. Breathe easy, Tulsa.
Upper Marlboro, Md.: Thanks so much, Brian. I have a laptop on a wireless home network, but I still think I will try the bootable cd suggestion. Definitely better than buying another computer!
Brian Krebs: Sure. If you do try it on the laptop, try it first with the laptop plugged directly into the router via an ethernet cable.
Falls Church, Va.: I just bought a MAC and despite what people say, I think they can get viruses. What are some good virus protection programs for MACs?
Brian Krebs: Really? When was the last time you got a Mac virus? The only real threats I'm aware of are those that trick the user into installing them. That is, they pretend to be a browser plug-in (most often a video "codec" offered by some porn site), or they piggyback on pirated software that is distributed on peer-to-peer filesharing networks and Bittorent. I haven't yet heard of attacks that exploit vulnerabilities on the Mac or third-party software for the Mac to break into OS X systems.
That said, you can grab a free anti-virus tool for Mac systems from
I'd answer your question with a recommendation, but the thing is I haven't really tried that many security programs for the Mac. What's more, there aren't many threats to detect, so it's kind of hard to compare the performance of various products for that platform. For the longest time, I had Symantec AV corporate edition on my Macbook pro, because it came with the system, which is a loaner from my employer. But it has never made so much as a peep, and truthfully I haven't had any interaction with the program at all -- other than to disable it a few times while using the Mac system as a vehicle to download windows-based malware (.exe files) for submission to malware-scanning sites.
Olney, Md.: Since you mentioned Hotmail...what the heck is up with the empty messages? I did a search and got a lot of references, but no real answers. I send out HTML e-mail messages (to an opt-in list), and a lot of Hotmail users are saying they're completely blank.
Brian Krebs: Hrm. It really bugs me when I hear about stuff like this. Why am I not surprised to see that this not an isolated problem among Hotmail users?
I would try making sure that your messages are set to be composed in plain text, as opposed to whatever HTML kludge Windows Live/Hotmail has set up for you.
When I log into my Hotmail account (which was "upgraded" to a Windows Live account a while back), I see that when I reply to e-mails, the default is to do so in Rich Text (this pull-down option is listed directly above the information in the "from:" field of the reply email). If that's the case for you, try switching the default to "plain text" and see if you still have the problem. My guess is that you will not. Please let me know if that worked.
Another approach might be to instead of replying to the message, select the option to forward it, and then add the email address of your friend from the contacts list. If you want, you can even change the "FW: in the subject to a "Re:" so the recipient isn't confused.
Hope that helps!
Kingstowne, Va.: When I go to washingtonpost.com, I am automatically signed in. The top left of the page shows "Hello -username -- Change Preferences - Sign Out". I can view all articles and leave comments about them. When I go to your blog and want to leave a comment, near the bottom of the page it says "You must be signed in to washingtonpost.com to comment. Please sign in." When I click the link to sign in, the message "Signing in..." appears, but nothing happens beyond that; I get no message that I've successfully logged in and still no means to comment.
Is there a separate login for the washingtonpost.com site and yours and other blogs on this site? If so, how do I create the additional account to sign in to blogs vs the rest of the site? Thanks
Fairfax, Va.: Brian,
Avira or Avast?
Brian Krebs: AVAST!
Chantilly, Va.: Brian,
I paid the $99 advance for W7, due to be out soon. But I found out it's W7Home only. I really wanted Ultimate. I guess I gotta pay the upgrade cost?
Brian Krebs: Let me ask you this: Why do you want the Ultimate so much? I paid for an Ultimate upgrade for Vista and was sorely disappointed. Now, granted, I'm not steeped in all that W7 Ultimate has to offer over the home version, but I seriously doubt it will be worth the $100 extra. The main benefit I could see in buying the upgrade would be perhaps the ability to run applications in XP mode, and maybe the Bitlocker encryption. Unless Windows 7 is significantly different on the data backup options from Vista, I certainly wouldn't upgrade for the backup capabilities: In Vista, they're a joke in my opinion. Better of spending $50 on something like Acronis True Image.
My advice would be to wait and see whether you actually find you need those extras, before you plunk down another $100.
Alexandria, Va.: Hi Brian,
This is the first I have heard of Puppy Linux (or any Linux Live CD) where exactly do I download this from? I want to give it a whirl on my desktop. Thanks.
Brian Krebs: I included the link in my response to the earlier reader. But here it is again.
Washington, D.C.: There is a small-town regional newspaper that is available in pdf. In the past, I've just downloaded to read at leisure.
But they have changed the location of the document. The pdf file is now in a website that begins with "http://matchbin-asset"...
I did a search to try to figure out what it is, but I can't find anything concrete. It may be a marketing firm. There could be some kind of internet business model going on. I use Norton, and they give it the green checkmark, so it appears to be safe.
But still wondering if when I download a pdf document, if a third-party could be attaching something to the pdf for advertisement or tracking purposes?
Brian Krebs: It is not at all unusual for marketing companies of all kinds to track downloads of various files. Most file types, especially PDF files, support a remarkable variety of tracking features. With e-mail, it is not uncommon for companies to use third-party services that track many things about the life of that email, such as whether and when it was opened, how long the person viewed it, whether it was forwarded, etc. So the short answer to your question is yes.
Upper Marlboro, Md.: RE: The Response to Falls Church - I can't help noticing the stark difference between the security concerns of a MAC user and a Windows user. I have to admit I am getting tired of having to be a computer security "expert" just to surf the internet. It's a wonder there hasn't been a mass exodus from Windows altogether. Even though it's a lot more expensive, I am thinking that my next laptop will be a MAC. The cyber terrorists have worn me out!
Brian Krebs: This is, sadly, a refrain I hear all too often. Hoewver, it's not a sad story if people let this affect their buying decisions and are moved to purchase a Mac next time they get a computer. Granted, this may be a good solution until such time as a much larger percentage of Windows users have moved to a Mac, at which time the bad guys will no doubt take a much keener interest in attacking Mac users. But alas that would take time, and in any event is not guaranteed to happen.
Havertown, Pa.: Enjoy the Washington Post tech newsletter with each publication, especially your advice. I run MS One Care with an expiring date of Dec. 16, 2009. Will the new MS anti virus freeware (called ??) be as good or better? Should I go ahead and get the freeware or wait until December? Thanks.
washingtonpost.com: Readers can sign-up for the Technology daily newsletter here.
Brian Krebs: I think it's safe to say the new free AV offering from MS will be as good or better than the OneCare option. I've written about it twice so far in the last couple of weeks.
If it were me, I'd go ahead and switch to the newer version rather than stick with one that Microsoft is phasing out.
Brian Krebs: We are having technical difficulties with the chat at the moment, and in any event I am out of time for today. Thanks to one and all who stopped by to read or join in the conversation. Please make a habit of cruising by the Security Fix Blog once a day to keep abreast of new security news (e.g., I just got wind that another Adobe Reader 0day threat is on the loose -- I'll have more info in a blog post shortly). Take care folks, and be safe out there!
Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.