Some security-ish short takes

Windows 7 SP1 is coming soon. Possibly as soon as this weekend.

Historically, service packs tend to get off to a bit of a rocky start, so I’m not going to be installing this right away. But since it’s so imminent, I’m not going to be installing Windows 7 on anything else yet either. I’ll probably give it a couple of weeks, then slipstream and install. Being the first on the block to install a service pack usually isn’t a good idea. Seems to me that in one Slashdot poll several years ago, given the choice between installing a service pack on the first day or watching the movie Master of Disguise, the really bad Dana Carvey movie won out. There’s a reason for that.

Microsoft Security Essentials, Take 43,291. And while we’re picking on Microsoft, my biggest beef with Microsoft Security Essentials is that it doesn’t update itself quickly enough. But you can make it check for updates as frequently as every hour. Directions are at http://lifehacker.com/5733597/change-microsoft-security-essentials-update-frequency

They cite this as a good thing to do on laptops. I completely agree. My laptop gets used just sporadically enough that it has trouble staying updated, and usually, when I use it on the road, it’s not up to date at first, and it’s when you’re using strange networks that you most want to be up to date.

Frankly I think it’s a good thing to do on your desktop too. When the signatures get updated, would you rather get the updates right away, or tomorrow? I’ll vote for right away.

When I was administering antivirus for a living, when I updated my AV server, my clients got the updates within an hour or so. Sometimes it was within a few minutes. That system wasn’t even directly connected to the Internet. So if that system needed its updates that fast, so do home PCs.

Passwords. It’s now possible to test 400,000 passwords per second using Amazon’s services, at a cost of 28 cents per minute. So, testing 24 million possible passwords costs 28 cents.

Strengthen your passwords. Going to 16 characters with two uppers, two lowers, two special characters and two umlauts is overkill, but you want to be using more than 8 characters, and use at least one number, one upper and one lowercase letter, and one special character like a punctuation mark. If your password is something like “popcorn,” well, let’s do the math. It takes one second to test 400,000 passwords, and there are arguably a million words in the English language, so cracking a simple one-word password should take a maximum of two and a half seconds and cost 3 cents.

Defrag scareware

This isn’t exactly news, as word has been going around for a couple of weeks, but if you haven’t heard about it elsewhere, there are some fake defragmenters going around.

I heard mention of it today, and it reminded me that I saw one last week when I was working on my mother in law’s computer. This was especially obnoxious, considering that at the time, I was running Firefox and I was visiting a mainstream site.

So there are a couple of things you need to keep in mind.
Read more

Unlocking the Malicious Software Removal Tool

When Microsoft’s┬ámonthly security patches come down, if you’ve ever clicked on the button to see what it’s installing, you may have noticed the Malicious Software Removal Tool.

If you’re wondering, it’s a rudimentary antimalware tool that removes selected vermin from your system. It doesn’t remove all known malware. And I don’t know exactly how Microsoft decides what to remove and when. But given the number of people who don’t run any kind of antimalware software, it probably seemed like a good idea when they rolled it out in 2005. And in the first 15 months they pushed the tool out with the monthly patches, it removed 16 million instances of malicious software. Not bad.

The tool has some power that you can unlock that normally isn’t exercised when you do your monthly updates.

Note: In a corporate environment, you may not get the Malicious Software Tool automatically if you’re managing Windows updates yourself. Microsoft has instructions for deploying it to your enterprise.

Read more

Don’t use Internet Explorer this Christmas

In case you haven’t heard elsewhere, there’s a nifty unpatched vulnerability for Internet Explorer floating around. And it’s actively being exploited. Metasploit, an exploit toolkit used by penetration testers and script kiddies alike, is able to detect and utilize it.

Under these circumstances, Microsoft has been known to rush out a patch before the next scheduled Patch Tuesday, but the Christmas and New Year’s holidays will obviously slow things down.

In the meantime, installing Firefox and/or Chrome is prudent. I have and use both, since, to my knowledge, there hasn’t been a time yet when both of the two most popular alternative browsers had unpatched exploits in the wild.

How to clean viruses off other people’s systems safely

What should you do when someone hands you a computer, tells you they think it has a virus, and asks you to clean it?

Proceed carefully, that’s what. You don’t want to infect your other computers with whatever it has.

To get it gone safely and effectively, you really need two things: an antivirus live CD, and a spare router.
Read more

Speeding up a sluggish HP Mini 110

My mom’s HP Mini 110 Atom-based netbook (with the factory 16GB SSD) was hesitating, a lot. Frankly it was really frustrating to use–it would freeze up for minutes on end, for no good reason. It was so slow, calling it “sluggish” was being kind. But it’s fixed now. I did six five things to it. Here’s how to speed up an HP Mini 110.

Read more

Fix host hijacks or host file hijacks for free

Sometimes your antivirus will tell you that you have host hijacks or host file hijacks, but not elaborate on how to fix them. Some people charge way too much to fix them. Here’s how to fix host hijacks or host file hijacks for free.

A former classmate’s computer suddenly stopped letting him get to search engines. Aside from that, his computer appeared to be normal.

Fortunately he had some antivirus and antispyware software installed, so he was able to run it and get a relatively clean bill of health, but he still couldn’t use Google or Bing or Yahoo.

One of the pieces of software he ran mentioned a host hijack or hosts file hijack, but didn’t offer to clean it up without ponying up some serious bucks.

That was enough to tell me how to clean it up though. You don’t have to buy anything. Read more

Blocking malware at the operating system level

In recent months I’ve been recommending that everyone run Adblock Plus with the malware domains subscription, to get extra protection beyond what your antivirus/antispyware suite can give. Given a choice between detecting and blocking bad stuff, or not downloading it at all, it’s much better to not download it at all.

There are some downsides to this. Adblock Plus uses a fair bit of memory. It’s tolerable on my desktop PC with 2 GB of RAM, but less so on my netbook with 1 GB of RAM. And if you have to use a browser that doesn’t have a compatible version of Adblock Plus available, you’re unprotected.

The solution is to block at the operating system level, using the hosts file.

Here’s a script that does it, with instructions.
http://www.ericphelps.com/scripting/samples/Hosts/index.htm

But I know of one malware site list that his script doesn’t use: http://www.malwaredomainlist.com/hostslist/hosts.txt. Luckily, it’s not hard at all to add that. Open the file in Notepad or another text editor, go to line 21 and add the following on a new line:
& ” http://www.malwaredomainlist.com/hostslist/hosts.txt” _

Follow the author’s instructions for turning off the DNS client service if you run Windows 2000 or newer, then run the script to generate a mega-hosts file that will keep your PC from acknowledging the existence of the known bad guys. I’ve said it before, but it’s worth repeating: Detecting and blocking malware is fine, but it’s much better–faster and safer is better, right?–to not even download the stuff in the first place.

The script explicitly works with Windows 98, NT, 2000, XP, and Vista. There’s no reason why it won’t work with Windows 7, and it might even work with Windows 95 (no guarantees though).