| Author |
Topic: A question to Wiz |
Anders Brundell
From:
Falun, Sweden
|
Posted 19 Sep 2006 12:16 am |
|
Wiz;
I just got a warning from a friend that MSN could be a danger since some viruses specializes in sneaking in that way. Does Microsofts updating services counter that or should I uninstall MSN?
Are there other leaking programs as well that often causes infections? (I'm a bit concerned after that recent attack thru an un-updated Flash Player.)
Thanks!
Anders
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 19 Sep 2006 8:10 pm
|
|
Anders;
I'm not sure what you are telling or asking me about, but viruses can only "sneak in" if you have not protected your computer by implementing the best possible security procedures. This includes using anti virus and anti spyware programs, a firewall, applying Windows Updates and updating your security programs. Additionally, you can really improve your browsing security by not using Internet Explorer except for obtaining Windows Updates. Firefox or Opera are much more secure and are not as easily attacked as is Internet Explorer.
Lastly, as I have mentioned many times before, if you are using Windows 2000 or XP you should run as a Limited Privileges User, or even a Power User (Win 2000 and XP Pro), to avoid infection from any accidentally downloaded threats. My website has information about this in my FAQs, and on my blog (see links in signature).
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices
|
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 21 Sep 2006 9:13 am
|
|
Wiz,
We have two accounts on our computer. I use Firefox for everything except Windows Updates, as you have suggested. The other account uses IE, but is a Limited User. I am still an Administrator. We have also recently created a third account recently, named "The Administrator". Should I change my account to Limited as well?
My other question is, I am unclear about these security threats that get deep into the computer through misleading the user into "opening" something that has something bad in it. How can one know if one has anything like that? I sometimes get the impression that the bad guys can get, so to speak, behind the backs of one's security programs, or even get embedded IN them, so that whatever scans one runs don't find them. Is that so, and what can one do about it? ( My computer seems to be functioning fine, by the way. I have ZoneAlarm Firewall,and run Norton Antivirus, Spybot S&D, AdAware SE, and Windows Defender scans twice weekly. Also Windows Update.) |
|
|
|
Larry Clark
From:
Herndon, VA.
|
Posted 21 Sep 2006 11:52 am
|
|
| Quote: |
| by not using Internet Explorer except for obtaining Windows Updates. |
I get my windows updates while using Firefox. Should I be downloading update through IE?
BTW Thanks a lot Wiz for keeping us up to date on this stuff. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Sep 2006 4:53 pm
|
|
Larry asked: quote:
I get my windows updates while using Firefox. Should I be downloading update through IE?
BTW Thanks a lot Wiz for keeping us up to date on this stuff.
Larry;
Firefox cannot receive manual Windows Updates because the Windows/Microsoft Updates website uses ActiveX controls to determine which updates are available for your particular setup, and Firefox does not use ActiveX controls natively. This is a security measure. Private authors may write extensions that allow ActiveX to run within Firefox, but I sure wouldn't install such an extension. Use IE to check for and download/install manual Windows/Microsoft Updates, or just use the Automatic Updates on a schedule of your choice. The important thing is to get Windows and Microsoft security patches and rollups as soon as they are released.
And, you are very welcome!
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Sep 2006 5:01 pm
|
|
Brint;
I go along with the Microsoft Baseline Security Analyzer tool when it suggests no more than two Administrator level accounts on one computer is enough. I do not browse the Internet as an Administrator on my own computers, and I know what I am doing. Unless you have good reason to operate as an administrator, all day long, why risk it? That is the equivilant of a MAC user running his computer as "Root."
Specifically, you already have an administrator level account on that computer, but it is not named Administrator. Why do you need to create a third account and give it Administrator level privileges, when one already exists?
quote:
My other question is, I am unclear about these security threats that get deep into the computer through misleading the user into "opening" something that has something bad in it. How can one know if one has anything like that? I sometimes get the impression that the bad guys can get, so to speak, behind the backs of one's security programs, or even get embedded IN them, so that whatever scans one runs don't find them. Is that so, and what can one do about it?
I believe you are referring to rootkits that hide themselves from the Windows Graphic User Interface and from security tools. Rootkits are evil things in most cases, even when they are not intended to be evil (Sony/BMG Rootkit fiasco of last Halloween). Rootkits that are used by malware purveyors are hidden so that you aren't aware of their existence. They get placed on vulnerable computers that are logged in with administrator privileges only. Once embedded into the Kernel they have free run of your computer's various functions. Some use their power to download email relays or proxy servers, to turn your computer into a spam relay. Others make your computer a member of an army of compromised computers awaiting unified commands to attack websites. These are referred to as Zombie Computers, and they are members of BotNets, controlled by BotMasters using IRC chat channels. Only bad things come out of such root level infections. Some are so hard to remove that even Microsoft engineers and security researchers have resorted to formatting the hard drive and reinstalling Windows and all applications.
All of this can be avoided by running as a Power User (Windows 2000 or XP Professional), a Limited User (XP Home/Pro), or a Windows 2000 "User." All Microsoft security advisories include a paragraph explaining that the attack vectors listed in the advisory are limited by the privileges assigned to the logged in user and that users with lesser rights are less likely to be impacted than those with full administrator rights.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices[This message was edited by Wiz Feinberg on 21 September 2006 at 06:18 PM.] |
|
|
|
Anders Brundell
From:
Falun, Sweden
|
Posted 22 Sep 2006 10:19 pm
|
|
Wiz;
My pc recently got a pretty serious virus attack (http://steelguitarforum.com/Forum12/HTML/003315.html)
despite the fact it's loaded with protection programs that I keep well updated, and that concerns me. I don't know how that virus got thru but I suspect a leaking Flash Player since I did'nt even know at the time that it needed updating for security reasons.
Now I wonder if there are other potential holes in the pc's security shield, where to look for them and how to seal them.
Anders
[This message was edited by Anders Brundell on 22 September 2006 at 11:20 PM.] |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 22 Sep 2006 10:35 pm
|
|
| Quote: |
| Now I wonder if there are other potential holes in the pc's security shield, where to look for them and how to seal them. |
Anders;
I already told you what you should do to bullet-proof your computer against viruses and spyware. Run as a Limited User (XP Home), or a Power User (Win 2000, or XP Professional). It requires that you create a new password protected account on the computer, with (Computer) Administrator level privileges, then log off your current account and onto the new administrator level account (do NOT name it Administrator!). From there, open the Control Panel and find the Users and Passwords icon and open it. Locate you other account and change the account Type from Computer Administrator to Limited User (XP Home).
Use the Administrator level account to obtain and install Windows Updates, to defragment, run Chkdsk, install or uninstall programs, or do other things that a Limited User is not allowed to do. Do not browse the Internet from that account. When you are done updating, etc, log off that account and onto the other account, which will now have reduced user privileges, protecting you against viruses and spyware infections.
Here is what it says on every security advisory on the Microsoft Technet, including the new critical VML Vulnerability advisory:
quote:
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
I have much more about running with limited user rights here and here.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices[This message was edited by Wiz Feinberg on 22 September 2006 at 11:41 PM.] |
|
|
|
Anders Brundell
From:
Falun, Sweden
|
Posted 23 Sep 2006 3:54 am
|
|
Thanks, Wiz!
I've already followed your advice at the firefox paw bite thread and have one password protected (a safe one with letters, digits and special signs mixed in) administrator account and one limited user account, and I use them according to your advices - I surf with the limited rights user account.
I hope that that's sufficient protection, and I'll be back and make some noises if it ain't.
Anders |
|
|
|
