washingtonpost.com
Security Fix Live

Brian Krebs
Security Fix Blogger
Friday, October 23, 2009 11:00 AM

Security Fix blogger Brian Krebs was online Friday, Oct. 23, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

____________________

Brian Krebs: Good morning, dear Security Fix readers. Welcome to Security Fix Live! Before I plunge into your questions, I will make my usual plea: Please, please, please toss me a clue or two about the basics of your setup. Are you using Windows? Great. What version? Use IE as your main browser? Okay, tell me. Have three different security programs guarding your PC? Super. Just let me know what they are. You get the idea: The more info I have about your basic setup, the more accurate I can be in answering your question. Okay, that said....ONWARDS!

_______________________

Anonymous: I'm planning to upgrade to Windows 7. I downloaded windows 7 upgrade Advisor report and ran it.It looks like my computer is almost OK except: "Virtualization Technology not supported". What does that mean exactly?? Also,"Outlook Express" is no longer included in Windows 7. Do I need this? I don't really use it anyway as I use Incredimail as my mail provider. Thank you, Robert

Brian Krebs: That message is telling you that Microsoft believes the hardware in your computer does not support the type of technology that powers one of Windows 7's most vaunted features: XP Mode, or the ability to run applications in Windows XP mode in case for whatever reason they don't function properly under Windows 7.

You didn't say how old your computer is, but I'm going to guess it's more than 3 years old. If that's the case, there's a good chance that you would be out of luck using these feature with that PC on Windows 7.

Now, hold on a second...you're not completely out of luck. It's not uncommon for a PC to be hardware virtualization-capable, but only to have that option turned off by default in the system BIOS -- the settings that PCs run through at startup to see which hardware and software defaults they should accept. That is, you may find that in your computer's BIOS settings there is an option to change the default from the "locked off" setting to "lock on." a href='http://www.mydigitallife.info/2008/07/06/comprehensive-list-of-how-key-to-press-to-access-bios-for-various-oem-and-computer-systems/">this page has decent manufacturer-specific instructions on how to access the BIOS.

If you find that option in your BIOS, and can make that switch, I'd try the upgrade advisor again after doing so and seeing if the advisor changes its tune about whether your system supports hardware virtualization. If it doesn't, you may need to upgrade to a new PC to take advantage of this feature.

RE: Outlook, MS has changed the defaults in W7, so that many of the programs that were currently bundled with earlier versions of Windows are no longer shipped with the system by default. You can still download them from Microsoft for free if you like, but if you don't use the program, why bother?

_______________________

Streamwood, Ill.: Hi Brian,

Thanks for answering my question regarding Vista SP2. I was able to ultimately install the Vista SP2 after removing the Avast Antivirus. (Go Figure :))

I was thinking to upgrade to Windows 7, but the Ungrade Advisor said, Sunbelt Windows Firewall is not supported in Windows 7. Is there a free Firewall, that you would recommend for Windows 7. It might be a good idea for you to put out a list of security software (free ones, especially) which you would recommend for Windows 7.

As always, Love your blog.

Brian Krebs: Always happy to hear from readers about their experience with my previous advice (particularly if it had a happy ending).

Re: Win7 & Sunbelt, I'm confident the folks at Sunbelt -- if they don't support W7 -- will do so soon. That said, why not take advantage of the built-in Windows firewall? It has come a long way from the early Windows Firewall days, and is probably more than sufficient for the average Windows user.

_______________________

Stuart, Va.: Brian-

Thanks for your always informative sessions. I have started using a Live CD for banking but at times find it inconvenient and I think it will cause my wife, who is strictly a user, more than a little trouble. Presumably setting our system (XP SP3) to dual boot would be as safe. If so, are there any programs for dual booting you would recommend?

Brian Krebs: Well, many Linux OSes that start as Live CDs also allow you to install the OS, and by default use the GRUB boot loader, which allows you to choose between multiple operating systems at boot time. The main thing I would encourage you to do if you decide to explore the dual boot route is to make sure you have a whole disk image backup of C: drive before proceeding. In order to make Windows fit side by side on a hard disk with another operating system, you will need to use a disk partitioning tool to resize the existing Windows partition, to create another partition, and to move the location of the existing Windows partition. There are linux versions that you can use for this process, but they are not very user-friendly, are command line based, and you'd better know what you're doing before you use these tools. Anyway, there are plenty of tutorials out on the Web on how to do this.

I have recommended Acronis Disk Director for this task because I find it works very well. But regardless of the approach you use, if you decide to go wtih a dual-boot system, you should understand the process for recovering from a corrupted "master boot record," (MBR), the filetable that tells your computer which operating systems are available to load. If this table gets trashed (and this has happened to me at least twice over the past decade when I've played with dual-boot systems), you'd better know how to recover or repair the MBR or you're hosed.

_______________________

Silver Spring, Md.: Today, i have been bombarded with Cyber Security. Sometimes scary stuff. i have Norton and every thing is working. How do I get rid of CB. When i try to remove it It says removal disabled. Any suggestions will be appreciated.

Brian Krebs: I really want to answer this question, but I'm not sure what the question is. Could you try again? Being bombarded with cyber security is, alas, not the worst thing that could happen, I suppose.

_______________________

Lexington, Mass.: Many moons ago, you (and a blogger from Florida) helped me with Darwin kernel panic situation (complete with real bells & whistles) that occurred on iMac G5 with ethernet. On 15 Oct the screen went all black and white in blocks, but Firefox continued working. Then a message in 4 languages appeared-- you need to restart your computer. Did so & then the following appeared (but would not let itself be printed): Unresolved kernel trap(cpu8).(No bells or whistles this time.) Well - - - what was THAT??

Brian Krebs: Kernel Panic, sir, reporting for duty! Seriously, I have no idea what the problem is there, soldier. But I can offer a couple of tips.

Kernel panics sometimes are caused by hardware issues, other times because of a corrupt filesystem deep in the operating system. I would try the following:

Grab your OS X installation CD, pop it in and a run the Disk Utility and choose the Repair Disk option. You might also run Software Update to make sure you've got all the available hardware and software updates installed.

Sometimes, reinstalling the operating system is the fastest, most painless way to fix stubborn, hard-to-diagnose problems like this.

I'm sorry I don't have more specific answers for you -- but in the traditional of this particular thread -- I'd be interested in hearing advice from other readers. Good luck!

_______________________

Pleasant Hill, Calif.: Okay Brian, all your info is good stuff and I enjoy your articles immmensely. However, it's getting to be little like "whack a mole" with this cybercrime. How much damage has to be done until the banks, the government start to do something proactively? This is like the wild west and I find it very depressing that nothing seems to be being done about this. Judging from your articles our only protection we have right now is our own security. Do you know of any movement by the banks or the government to start doing something to protect us?

Brian Krebs: I share your frustration sometimes, California, about the constant attacks. Unfortunately, the lure of easy money is just too strong, and the likelihood of getting caught too low, for the less scrupulous to consider abandoning this line of work. I believe this true regardless of what the banks and law enforcement do about it.

That's my opinion, of course. I think there is a great deal more that banks and law enforcement *could* be doing. For example, banks could be doing a LOT more in terms of combing their customers' transactions for signs of fraudulent activity, much the way that credit card companies build profiles of what's normal activity for their customers and send up red flags when there is drastically different activity. Sure, this results in false positives from time to time. But by and large that approach is very good at spotting fraud.

However, I think your intuition -- that security falls to the Internet user, ultimately -- is correct. Having the basic security setup -- with keeping software up-to-date, using some form of current anti-virus, and a firewall -- is a good start.

But it's also vitally important to understand that fraud detection starts with your brain, and some basic street smarts: Is this too good to be true? Well, then it probably is. Should I open this email attachment or click this link? Well, if you have to ask, then you have to ask. Assuming it appears to have been sent by someone you know, send them a quick note confirming they meant to send you an attachment. Should I download this file/install this program? If you can't be sure about where the file/program came from (you're not downloading an add-on or plug-in from the source itself, or you're downloading programs from P2P networks), then you're playing Russian roulettte.

_______________________

Bill B, Eugene, Ore.: When formatting containers in Truecrypt, the program requests that I move my mouse, the more the better, in order to improve encryption. What is a reasonable length of time to do this? Thanks for the great Web chats and columns.

Brian Krebs: Hi Bill. That mouse movement it's asking you for is so that you can introduce randomness into the encryption key that it is devising. By all means, don't wear your wrist out; a few seconds of wild, random jiggles is probably sufficient.

_______________________

Columbus, Ohio: I use both NoScript and RequestPolicy with Firefox (my default browser) and like them both. When I "lower my shields" in NoScript to permit scripts on a trusted (per McAfee SiteAdvisor) web page, I almost always see a permission line for google-analytics.com. I routinely leave that domain denied, both because I don't know what it's for and because leaving it blocked never seems to intefere with the functionality of a web page. What exactly is "google-analytics" and why--if ever--should I allow it scripting privileges?

Brian Krebs: Google Analytics helps sites track visitors. It is often integrated with a Google Adwords account to track ad conversions, click-throughs, etc. I haven't encountered many sites that fail to work properly if you deny this script from running. At worst, you will deny that site the ability to use that tracking function.

_______________________

Palm Harbor, Fla.: I saw the recent story about vulnerability of Time Warner cable modems to hackers. I have a cable modem from a TW spinoff, Bright House. How can I tell if my cable modem is secure, and if it isn't, what can I do to protect my home computer?

Brian Krebs: The device in question is manufactured by SMC, and the model number is SMC8014. You can see the specs and a picture of this device at this link here. If you have this device, your only real workable solution is to replace it with a newer, less crappy router.

_______________________

Bowie, Md.: For the user who considers dual boot: I would suggest to first try and put a Live Linux distro onto a USB thumb drive. Puppy Linux is a good choice for this. You can then store a persistent home directory on the same memory stick, which will allow you to store your desktop preferences, bookmarks etc. (first boot off a Live CD, then there's a program to prepare the USB stick).

Before you do this, check the BIOS to see if your machine can boot off a USB drive.

I'm using this setup to allow my kids to use my (employer-supplied) PC - they got used to it as well...

Brian Krebs: More advice for the dual-boot guy. Thanks, Bowie!

_______________________

a chick: you are super cute and so nice. someone is lucky in this life to have latched onto you. she is lucky. you're my #2 virtual crush. #1 is Joe Kernen from CNBC. but you come close! post more pix! throw me a bone, or two.

Brian Krebs: Aw shucks. Thanks for your..um..question. But really? I'm #2??

_______________________

Vienna, Va.: You are more positive about Windows Firewall than I expected. I've been using the free version of Zone Alarm for several years. Should I just uninstall it now and rely on Windows Firewall? I'm on XP and do not intend to upgrade this computer to Windows 7.

Brian Krebs: That's because my views on the overall efficacy of software-based firewalls in the face of advanced threats has evolved quite a bit over the years as has my understanding of these threats.

The issue is what happens when you get malware on your system. Some of the more advanced malware will try first thing to disable any security software on your system, including ZA and the built-in WF.

What I'm trying to say is that software firewalls are great for blocking incoming Internet bits that you don't want or didn't ask for. They're not so great at stopping bad things that you allow onto your system through downloaded files or exploits that take advantage of browser exploits. So, it's important not to overstate the function and ability of the firewall, is what I'm getting at.

I've recommended programs like ZA free because they give people some idea of what programs are trying to dial out of their machines. But a lot of people don't like being pestered and would just assume the program made that decision for them. That's what the Windows firewall does, and does pretty well as long it's turned on. I guess, given the choice between two firewalls that can just as easily be disabled by malware that happens to make it past my first line of defenses, I'd choose the one that takes the least amount of system resources.

I hope that helps explain some of my (evolved) thinking on this issue.

_______________________

Upper Marlboro, Md.: Hi Brian. Thanks again for staying on top of all these never-ending security issues.

I have a Toshiba laptop with 2G ram running WIndows XP Media Center. I use Verizon Fios for internet with WPA2 enabled. I use Firefox as my internet browser. For security, I use System Suite 9 by Avanquest which has a firewall, anti-virus and spyware bundle.

When doing a scan recently, I got a notice from Avanquest that my virus definitions need to be updated. No problem - except now they want to charge $14.95 whereas in earlier versions, updating just occurred automatically.

Would it make sense to skip System Suite 9 altogether in favor of Microsoft Security Essentials and the Windows firewall? If so, would I need anything else to have workable security on my system??

Brian Krebs: Hrm. I wish I had more words of wisdom for you about Avanquest, but your question is actually the first time I've even seen this company's name. They're defnitely legit, having been around for a while it seems, but everthing I can find about them says this suite is sluggish and does not peform too spritely. Amazon reviewers mostly panned this latest version.

It sounds like you're of a mind to keep to a free solution, and if that's the case I'd say nix the Avanquest install and follow your gut. If you don't care for MSE, my favorite free AV solution is AVAST!.

_______________________

Stockholm, Sweden: Brian, just as a follow up to your comment on corrupted MBR files, Partition Free and Mount (http://findandmount.com/) offers free partition recovery software which would seem to be ideal for Windows users unfamiliar with doing things via the command line. I haven't tried it myself, as I generally deal with problems of this type via the Ubuntu command line, but it received a very nice review (http://preview.tinyurl.com/yjwve2l ) on Gecko&Fly a couple of weeks ago....

Henri

Brian Krebs: Thanks, Henri. Welcome back to the chat.

_______________________

Reston, Va.: How secure is Verizon's mobile broadband connection? We're planning on using our cell phone as a modem for our Netbook whenever a WiFi hotspot isn't available, and I was wondering what security risks that may introduce.

Brian Krebs: Honestly, every hacker convention I've ever attended I've used either a Sprint or Verizon aircard, and I know a number of other security pros who do exactly the same. Before that, I still refused to get on the regular wireless networks at hacker cons, so I would tether my laptop to my Sprint phone and use their dial-up instead. It was slow, but man did I feel a lot less paranoid.

You may actually be more safe using the mobile broadband connection than an open wifi hotspot. In any case, the Rest easy, Reston.

_______________________

Anonymous: I have installed a Windows Live One Care for my notebook Sony-Vaio VGN-FZ18E Vista Home premium.The expiring date is in March 2010.Must I install now the new free anti-virus by Windows or must I let the program expire? Thanking you in advance. Yours Truly, Pierpaolo

Brian Krebs: You can do either. Or neither, and remove the program and go with another option, of which there are many.

As regards your specific question, you don't have to nix the OneCare solution; you may certainly wait until it expires next year, then remove it and go with something else, MSE if you so choose. If it were me, and I were choosing between the two MS offerings, I'd go with the one they weren't phasing out in a few months; I'd switch to MSE.

_______________________

Bethesda-ish, Md.: I just bought a refurbished Dell Latitude D610 (1.7 Ghz, 512MB, 40GB, XP Pro) for my mom to upgrade her ancient laptop. So far, I've downloaded Windows Updates, installed AVG, IE7, Firefox, and created a limited user account for her. What's next? Do you have a primer for new computer setup?

Brian Krebs: You probably want to make sure automatic updates are turned on, and if you have backup software installed, make a backup of the C drive installation with everything just so, so that in case things go south later you can just reimage and start over.

Also, if your mom is the kind of person who will need remote tech support, you might think about setting her up with something like LogMeIn Free and a strong passowrd, so that when that "help!" late night tech support call comes from Mom you can quickly hop on and help her out.

_______________________

London, UK: Hi. Love your chats. I have Spyware Doctor as one of my antispyware applications.After the scan it found stuff to remove but it tells me some threats could not be removed.How come?I use WXP SP3,2 gig RAM,clean and well maintained PC. Thanks

Brian Krebs: Without more information about what files can't be removed and where they are located on the Windows system, this is going to be a hard question to answer. But I will say that I get this question a lot, and often times the files that can't be removed are files that have been quarantined by the anti-virus program resident on the machine. These are files that the AV program has detected as possibly (and probably) malicious, and the default setting on the AV software is to put said files in a kind of software jail instead of outright destroying them.

You might try emptying the quarantine bin in your anti-virus application, and scanning again. Just a thought.

_______________________

Virginia Beach, Va: I tried and tried to make a LiveCD with Puppy. It worked fine except I couldn't connect to the Web using the Firefox browser. I looked specifically for a Firefox "build." I then tried Puppy with SeaMonkey and had the same results. Then, I tried the Ubuntu version, as suggested by you, and things worked fine. Is there something that I missed with Puppy? Even though, I did this at work, I just wanted to try it. I really didn't want to get into changing my Internet connections, and with Ubuntu, I didn't have to do that.

In the comments section, many posts suggested everyone should use the LiveCD method for banking. I gather you are saying that as consumers, and not actual businesses, the banks will reimburse us? Did I interpret this correctly? (Full disclosure: I generally use a Mac to check my accounts.)

Brian Krebs: Yes, as a consumer, your bank will generally reimburse you due to losses from cyber fraud. So, for instance, you get a Trojan on your system, someone steals a few hundred bucks from your debit account...provided you notify your bank relatively soon after the incident (after 10 days it gets much trickier), you should be fine. I'm not saying you'll get the money back right away, but you should eventually. With credit cards, of course, you just need to call your bank or issuer, and alert them, and they will reverse any unauthorized charges, close out the account and issue you a new card.

_______________________

Washington, D.C.: Should I worry about using a library computer?

If I check my email and visit web sites at the library instead of on my home computer, does that mean that any viruses, spyware etcetera remain in the library computer, or could they also be somehow infecting my e-mail and/or email attachments, and then getting in my computer when I do log on at home?

If a library computer does get infected, could the bad stuff infect my webmail and steal my mail, address books and email attachments while I'm at the library? And my flash-drive if I plug it in to copy something onto it?

Do you think libraries probably have stronger anti-virus and anti-spyware programs than what most of us use at home, the same way they usually have stronger disinfectants?

Brian Krebs: Any public computer you use that has malware on it can be a problem for you if you're using it to log into sites that require a user name and password. If that machine is infected with a keylogger, it will steal your credentials and the credentials of anyone who uses that computer. It's that simple. And plugging your USB drive into strange computers is a good way to pick up unwanted hitchhikers.

That said, I know that a great many libraries have been doing this computer stuff for a long time, and most of them get pretty tired of cleaning up constantly infected PCs. As such, many schools and libraries have moved to implement a free Microsoft tool called

Steady State

, which essentially makes it so that critical areas of the system are off-limits to the user, and that any inicidental changes can be destroyed when the system is rebooted.

There's a very easy way to tell whether the public PC you're using has this type of protection installed: Click Start, Run, and see what happens when you type "msconfig". If you get an error message, in all likelihood that computer is locked down pretty good.

_______________________

Brian Krebs: Okay folks, I'd love to do this all day, but I'm out of time for today. Thanks to everyone who dropped by to submit questions, and also to those who came through here just to have a look at the transcript. We'll do another one of these Security Fix Live chats in a couple of weeks from today. In the meantime, please stop by the Security Fix Blog on a regular basis to keep up to date on the latest security and technology threats and tips. Like today, we introduced a semi-regular new feature called Nastygram, which warns readers about especially sneaky and nasty new e-mail threats.

Be safe out there, people!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.

Post a Comment


Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

© 2009 Washingtonpost.Newsweek Interactive