A Computer Recovery Walkthrough With Free Trinity Rescue Kit

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option)

Four different virus scan products integrated in a single uniform command line with online update capability

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows, or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Has the ability to act as a network boot server itself, without any modifications to your local network.

Trinity Rescue Kit is now in Version 3.4, and is better than ever before.

Getting started with TRK.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world. Why not pay a visit to Mark’s site today.

This article was originally posted here on March 11, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Update Firefox – Firefox 3.6.13 Released – Fixes 11 Critical Issues

Firefox 3.6.13 was released by Mozilla on Thursday (December 9), which addresses 13 documented issues, 11 rated as critical – including a vulnerability which can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following (older), graphic illustrates. However, I do allow the update to download.

Fixed in Firefox 3.6.13

MFSA 2010-84 XSS hazard in multiple character encodings

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cleanup Your Startup with Free MSConfig Cleanup

MSConfig (System Configuration Utility), is a small Windows applet launched from the Run command, when the user enters “msconfig”.

MSConfig is a great checkbox driven tool for diagnosing Windows configuration issues – including system services, modifying startup programs,  gaining access to the Windows Boot Manager/Boot Configuration Data, and more.

As well, the Tools menu is a relatively complete set of system tools, as the following screen capture indicates.

I test a lot of applications, many of which like to auto start on boot up. At some point, after completing testing,  I need to stop these applications from auto starting or, I’d be facing some serious system resources issues.

It’s in this role of denying an application auto start privileges, that MSConfig gets a real workout around here. But, here’s the problem. While MSConfig will disable items, it continues to list them in the Startup tab as the following screen capture shows. Noticed the unchecked/disabled applications.

So what’s the big deal, I hear you saying? Well, here’s the deal – if you are a highly active user who likes to test software, the Startup tab can soon become an unmanageable mess. An unmanageable mess is an accident waiting to happen.

MSConfig Cleanup is a neat little free system utility that does just one job – it cleans out the Startup list. You’ll notice in the following graphic, the disabled items from the previous screen capture are listed and ready to be deleted.

The Startup list, after running MSConfig Cleanup, is shown in the following screen shot. Neat and tidy –  and unlikely to lead to confusion!

After you make the changes, your computer will need to be rebooted for the changes to take effect.

A caveat: Do not disable programs you don’t know. Do a search on Google if you are not certain what an application does.

System requirements: Windows XP, Vista, Win 7.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Another Day in the Trenches: Killing XP Antivirus 2010

Popular guest writer Mark Schneider, walks you through a computer recovery operation, following an infection by a rogue security program, XP Antivirus.

I hate rogue antivirus programs. They seem to be getting more numerous and harder to get rid of all the time. Case in point: At work, I noticed a shared computer suddenly popped up a Window announcing it was doing a scan, and that I was infected with over 4,000 Trojans and other forms of malware.

Nice try I thought, so I used Control Alt Delete to start task manager, and I closed Internet Explorer and all running processes involved. Fortunately, it was a limited user account that was infected, and that turned out to be a important factor in removing it.

I immediately ran Malwarebytes from that user and found a number of infections including the rogue antivirus product I was afflicted with. These cretins that come up with this crap can’t even come up with something creative – we’ve seen XP Antivirus for a few years now; each year they just tack on a year to make it look current.

Sad thing is, I’m sure somewhere out there is someone who renews this crap every year. Imagine paying yearly to be infected – oh right, we already do that it’s called McAfee, but don’t get me started.

Well back to the task at hand: I rebooted the machine and logged into an administrator account, updated Malwarebytes and ran it again… and found more junk, actually the same junk. Malwarebytes found it, but could not kill it.

Next, I downloaded Superantispyware, a great application that I always run at home but it wasn’t on the work machine. The first thing I do now after I download a anti-malware application is rename the installer. I do this because I often find the malware knows how to prevent anti-malware from installing – these guys aren’t creative, but they’re getting smarter.

To rename a file, right click on the file and select rename and type anything.exe and install the program. Superantispyware did its thing and found a ton of additional files. I removed the infected files and rebooted again, and ran both my programs again. I still found junk!

I repeated the sequence two more times until nothing was found. I then ran a scan in all user accounts to confirm “the kill”. So far so good, until I went into the user account where the infection had started, now whenever I tried to launch any program from the desktop I’d get the “Choose what Program you want to use to Open this File” message. This means I had to fix file associations and a great site with XP file association fixes is here. I used the .exe file association fix and it worked great.

The last thing I did was to run Process Explorer, and Autoruns from Syinternals. These utilities give a great in-depth look at what is currently running and starting on your machine at boot-up. Finding nothing suspicious I deemed the computer clean, for now.

So a few lessons I learned on this one: Don’t use IE – this was caused by a flaw in Internet Explorer I believed it was just fixed this week. Second, running as a limited user is still far safer than running as an administrator, even though its trivial to elevate to administrator level, most malware seldom does, and this makes cleaning an infected PC much easier.

Next, running your cleanup tools multiple times and rebooting after each scan is the only way to give the anti-malware tools a chance against the bad guys.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Firefox 3.6.3 Released – Fixes Critical Security Issue

If you don’t have Firefox’s automatic update feature turned on, then you need to manually update your version immediately, to Version 3.6.3.

According to Mozilla “A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest.” Apparently, this exploit only affects Firefox 3.6 and not earlier versions.

Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

Some time back, I took a running shot at Firefox (this was one of my very infrequent “the glass is half empty” days), when I wrote here, “For the umpteen time, in just a short time frame, Mozilla has released a patched version of Firefox ….. this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.”

I felt justified in chastising Mozilla for what I perceived to be, a series of continuing flaws in Firefox, leading to very frequent updates. Until, that is, I received an email from Mozilla’s Christopher Blizzard, in which he pointed out the following –

“Our goal is to try and update as quickly as possible to get fixes into user’s hands. Sometimes this means that we update frequently. As an example 3.5.1 was turned around in 48 hours from the release of an proof of concept exploit. And we had no warning before it was public.

So we worry about the time-to-fix as opposed to the number or frequency of releases. Firefox’s userbase happens to update pretty quickly when we release an update and this often means that our users are also the safest.

The faster you can get fixes into people’s hands, the less likely they are to run into something that’s exploitable.”

We also schedule releases every few weeks to fix known problems and fix non-severe and non-critical security fixes. But sometimes we get something that causes us to release early.”

Christopher’s sensible explanation removed a certain anxiety, and a sense of worry, that I would have to give up my beloved FF, and my stable of crucial add-ons.

To paraphrase Winston Churchill – “This was not my finest hour”. In fact, my tech friends are still laughing at me over that one.

If you have ever questioned Firefox’s frequent update history, then consider Christopher’s closing statement –

“I would point out that all browsers have security problems. And it’s how you respond to them that counts. So that’s why you’re seeing frequent updates from us.”

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Trinity Rescue Kit – Recovery From a Windows Calamity

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Here ‘s a sum up of some of the most important features, new and old:

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option in 3.3)

Four different virus scan products integrated in a single uniform command line with online update capability (5 in version 3.3)

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities (version 3.3)

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Version 3.3 has the ability to act as a network boot server itself, without any modifications to your local network.

Although version 3.3 is still beta, it is recommended that you download this version, as most features which were included in version 3.2 are still running just fine (and are more up-to-date) and the new stuff is presumed to be running fine too.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

ANOTHER Firefox Patch – Update Now!

Mozilla likes to advertise Firefox as “The faster, more secure, and fully customizable way to surf the web”. Obviously, Mozilla doesn’t subscribe to the principle of truth in advertising.

In the first place Firefox is NOT the fastest browser available; it may be the most customizable, but it is a long way from being the most secure.

Until recently, any mention of Internet Explorer’s safety record, amongst my techie friends, was sure to draw a huge round of laughter when compared with Firefox’s record. But, no longer.

For the umpteen time, in just a short time frame, Mozilla has released a patched version of Firefox – this one is version 3.5.2, to address the following issues:

Fixed in Firefox 3.5.2

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

In just over a month, since the release of version 3.5, we have had to download and install two patched versions due to severe, or critical, security issues. I’m not laughing; this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.

The only thing that keeps this unreliable browser on any of my systems is the add-ons.  Without this customizing ability, Firefox – you’d be gone!

If you haven’t updated yet, I strongly urge you to do so.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Should You Need a License to Surf the Internet? – You Decide

Car drivers must be educated, practiced, and licensed in order to drive a car. This legal requirement of course, does not stop drunk drivers from getting into a car and killing innocent victims.

And it certainly does not eliminate our exposure to the speeders, tailgaters, and the road ragers that seem to plague our highways. Licensing then, doesn’t seem to eliminate the risks we face on the road.

So would requiring a license to use the Internet make it a safer place for all of us? Would requiring a license from the “Department of Computer Literacy”, protect us from the ever increasing exposure we all face to Trojans, Spyware, Virus’, Phishing Scams, Identity Theft, ….. the list goes on.

You may think that I’m being facetious; but I’m not. The fact is the dangers on the Internet are not, in a sense, unlike the dangers and risks we face while driving on our streets and highways.

Unlike the need to be educated and practiced, in order to qualify for a driver’s license; to access the Internet all that is required is a modem attached to a computer. There’s no need to prove qualifications. There’s no need to prove an awareness of the very real dangers that the Internet presents.

Being involved in computer security, I am amazed at the lack of knowledge exhibited by typical computer users, and most importantly, the lack of knowledge concerning the need to secure their machines against the ever increasing risks on the Internet.

I’m not talking about unintelligent people here. I am talking about people who are intelligent in every other aspect of life, but who view computers like cavemen who saw fire for the first time.

The problem, it seems, is multifaceted. Part of the problem is simply fear. People do not understand computers, so they are afraid of them in a sense. Secondly, people generally, are simply not interested in learning about computers sufficiently to make the fear go away. The question is, of course, should they need to know anything other than how to turn on a computer? Well maybe not.

Many computer experts agree that it is primarily flawed computer software, and not just inadequate user knowledge, that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where no user interaction is required to maintain the security of the system.

We now live in the age of the “Interconnectedness of All Things” in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of:

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system:

Install WOT (Web of Trust), a free Internet Browser add-on. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe sites.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

The Internet Super Highway – Are You Licensed to Drive?

Car drivers must be educated and licensed in order to drive a car. This legal requirement of course, does not stop drunk drivers from getting into a car and killing someone. And it certainly does not eliminate our exposure to the speeders, tailgaters, and the road ragers that seem to plague our highways. Licensing then, doesn’t seem to eliminate the risks we face on the road.

So would requiring a license to use the Internet make it a safer place for all of us? Would requiring a license from the Department of Computer Literacy, protect us from the ever increasing exposure we all face to Trojans, Spyware, Virus’, Phishing Scams, Identity Theft, ….. the list goes on.

I’m being facetious of course. Unfortunately however, these dangers on the Internet are not, in a sense, unlike the dangers and risks we face while driving a car on our streets and highways.

Unlike the need to be educated and practiced, in order to qualify for a driver’s license; to access the Internet all that is required is a modem attached to a computer. There’s no need to prove qualifications. There’s no need to prove an awareness of the very real dangers that the Internet presents.

Being involved in computer security, I am amazed and frankly frustrated, at the lack of knowledge exhibited by many typical computer users, and most importantly, the lack of knowledge concerning the need to secure their machines against the ever increasing risks previously noted, on the Internet. I’m not talking about unintelligent people here. I am talking about people who are intelligent in every other aspect of life, but who view computers like cavemen who saw fire for the first time.

The problem, it seems, is multifaceted. Part of the problem, in my view, is simply fear. People do not understand computers, so they are afraid of them in a sense. Secondly, people generally, are simply not interested in learning about computers sufficiently to make the fear go away. The question is, of course, should they need to know anything other than how to turn on a computer and a minimum knowledge of the applications they use? Well maybe not.

Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with outwardly simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where no user interaction is required to maintain the security of the system.

We now live in the age of the “Interconnectedness of All Things” in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and in this new political environment we now live in, perhaps even terrorists.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps that you can take to decrease the likelihood you will be the victim of a successful attack on your computer. If you reduce your exposure to successful attacks on your machine, then downstream you are helping to protect my machine and those of others.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of.

• Trojan horse programs
• Back door and remote administration programs
• Denial of service
• Being an intermediary for another attack
• Unprotected Window shares
• Mobile code (Java, JavaScript, and ActiveX)
• Cross-site scripting
• Email spoofing
• Email-borne viruses
• Hidden file extensions
• Chat clients
• Packet sniffing

Security Checklist: Actions you can take to protect your computer system.

• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer.
• Install a personal firewall on the computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
• Ensure the anti-virus software scans all e-mail attachments.

The following tutorials are offered free of charge on CNET, one of the most widely respected sites on the Internet. If you are unfamiliar with basic computer security issues, I highly recommend that you visit this site.

Quick Tutorials

In these interactive slideshows, CNET’s experts take you step by step through PC security best practices.

• Erase Data on an Old PC
• Eliminate Spyware for Free on your Windows PC

Online Courses

Join the discussion about spam, spyware and virus control with others in free online classrooms.

• PC Protection 101
• Combat Spam and Phishing
• Combating Spyware and Adware

Quick Tips

• How not to get hacked
• How to use Ad-Aware
• Wi-Fi security on the road
• Protect your home network with your old PC

PLAY_MP3.exe – Media File Trojan!

Every day, millions of computer users share files online. Whether it is music, games, or software, file-sharing, used safely, can provide computer users with access to a wealth of computer resources.

All that’s required to participate in Peer to Peer file sharing is the installation of the necessary file sharing software that connects a computer to an informal network of other computers running file sharing software. Millions of users could be connected to each other through this type of application at one time. File sharing applications are often free, and easily accessible as a download on the Internet.

Sounds promising, right? Maybe, but make sure that you consider the trade-offs and the very real risks involved. The number of times I have been called upon to rescue a friend’s computer because of system damage caused by Peer to Peer downloading, has convinced me to give this form of file sharing an automatic “thumbs down”.

In the last few days a new computer Trojan disguised as a media file has been described by security provider McAfee Inc. as the most significant malware outbreak in three years. Consistent with this, users of McAfee’s VirusScan Online have reported over 360,000 detections of this new threat

According to McAfee’s Craig Schmugar, “This is one of the most prevalent pieces of malware in the last three years. We have never before had a threat this significant that arrives as a media file.”

The media clip the user thinks has been downloaded isn’t actually present; instead they’re directed to download a file named PLAY_MP3.exe. Enticed to download this file, the user begins the process of infecting their computer with adware.

As Schmugar described it, the user is “left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display pop-ups but also to block them, and more adware that successfully displays pop-up and pop-under ads.”

It’s obvious then that Peer to Peer file sharing has inherent risks attached to it. Other issues you need to be aware of if you participate in Peer to Peer file sharing include:

• Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share.
• Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues.
• Adult Content: If you are a parent you may not be aware that your children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them.
• Spyware: There’s a high risk that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system.
• Viruses: Files you download could be mislabeled, hiding a virus or other unwanted content.
• Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk.

I am not an advocate of Peer to Peer MP3 file sharing; however if you insist that this type of file sharing is still for you despite the risks, there are free tools available for download on the Internet that purport to detect fake MP3 downloads.