Avast WEBforum
Other => General Topics => Topic started by: polonus on June 08, 2005, 10:54:50 PM
-
Hi folks,
To protect against malware is better, than having to clear it out afterwards. Keep both your OS and browser software up to date and with all the critical patches. Never add any site to your trusted sites zone.
Make sure you have a fully updated AV program, and keep it that way. Do not use the big two, because they are very system-resource hungry. ONLY RUN ONE AV, whatever you choose. And we think you should use AVAST.
Use a firewall or you can get infested quicker than you can download the tools for fixes. Get a temp file cookies.index. dat cleaner URLViewer suits fine or CCleaner. For prevention use SpyWareBlaster, Microsoft@Windows Anti-Spyware, SpySweeper, PestPatrol. SpyWare Scanners to use AdAware and Spybot S&D. Take ActiveX out or change the settings in IE,
or use Firefox. Get a spamfighter like Mailwasher or SpamFighter. This is a good line of defense,
greetings
polonus
-
Thank you for those great hints to avoid malware polonus.
I see you're recommending Firefox, but how do you feel about the latest Opera browser? Is it as safe/safer or less safe than Firefox? I use both but like the easy log-ins via Opera's wand but wonder if this is a security risk?
happy days to all
-
Hi, Kakapo! :D
I've downloaded Avant Browser and Opera this week: Opera is wonderful but I prefer to keep deactivated Wand. Better to delete all passwords and tracking cookies to be in peace of mind. The net is... a net! The word explain well the level of the danger... eh eh eh... ;D
-
Hi Kakapo,
I agree with my friend Kamulko ;), that Opera is also a very safe browser, only the free version show ads. It is a way of appreciation. Whatever works good for you, you can choose of these two. Opera is advised by the good old search-guru FRAVIA, go to www.fravia.org for his views. In FF I have con-query installed, where I can load a 100 search-engines, so FF for me is the search-browser par excellence. I do not like toolbars for obvious reasons. Once the google toolbar had a gigantic security hole in it, and some toolbars are renowned mal- or spyware.
Stay free of mal- and scumware, go to the forums to stay informed.
kindest regards to you,
polonus
-
Assuming you are trying to avoid malware but do get hit, if you are browsing as a user with administrator right, then the malware also has admin rights and can reap havoc. However, on an account with restricted rights the damage is greatly limited.
MS has the tool so you don't have to switch user accounts all the time, just modified shortcuts, that when launched restrict the rights for that program only. For more information and full instructions see:
DropMyRights - Browsing the Web and Reading E-mail Safely as an Administrator (http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp)
For ease of use I would suggest that you create a folder called DMR (on the C:\ drive) rather than the default location buried in the documents and settings folder. This makes the path in your shortcut much shorter, but this is your choice.
For each program (browser, email program, etc.) that you want to run with restricted rights you need to create an alternative desktop shortcut to launch it via DropMyRights.exe.
The target location in the alternative shortcut would look something like this - C:\DMR\DropMyRights.exe "C:\Program Files\Mozilla Firefox\firefox.exe". What this is doing is calling the DropMyRights.exe, which launches the program with restricted rights.
You will need to change the icon as it will look like a plain old MS DOS icon, rather than the original programs icon.
-
Thank you all very much for this useful info. We do need to be pro-active when it comes to malware which is what brought me here in the first place, but I didn't have avast! than.........
I appreciate the way you all share your knowledge.
I'll deactivate that wand Kamulko. (Always looked silly with my jeans anyway)
Good to meet you polonus - one Capricorn to another..... ;) I had never explored con-query but will do so as I do a lot of research. Fravia's going to take a little more time, but thank you for the excellent link.
DavidR, that looks like a good idea using DMR. Again, I'll have to read more to understand how it works with FF and Opera, but it's a lot easier than what I did -I set up a guest account to use while websurfing!
Wishing you all happy, sunny days - we're drying out here now.
-
It really isn't that difficult, here is a very simplified explanation of creating the shortcut that executes DropMyRights, which in turn calls firefox, but it is best to print off the instruction on the MS web page of the link I gave.
Firefox example - Create a second shortcut for firefox (copy the first) and check the path to the executable and compare the difference here D:\DMR\DropMyRights.exe "C:\Program Files\Mozilla Firefox\firefox.exe" it is just a case of putting the 'D:\DMR\DropMyRights.exe' without the quotes in front of the existing path and changing the Start In folder to D:\DMR.
Repeat the exercise for each program that accesses the internet, once you have that done you just click the 'Firefox (non-Admin)' shortcut. Notice I have tacked on (Non-Admin) to the shortcut name to make it easier to see the difference. If you ever need to have full administrative permissions, close the non-admin occurance and start again with the normal shortcut.
-
This is a very useful tool, DavidR; thanks for sharing this information. I've been using it for a while now, and it's very easy to use.
-
Howdy inconnu,
I found up this free anti-malware scan address. It is from a reliable source, the makers of spysweeper:
http://www.webroot.com/services/spyaudit_03.htm
Go there for a free scan.
Have a nice day,
polonus
-
It's been telling me I've got:
Spy #38ef1 -- Research In Progress
for months.
I'm pretty sure this is a false positve, as nothing else has picked up anything.
-
Hi FreewheelinFrank,
This sounds fishy. I hope they are not putting in FP's to lure potential customers to download their software. My position now-a-days is trust no-one until prooven trustworthy.
Have a nice day,
polonus
-
Thanks for the link, polonus. Webroot is (as of now) still one of the legitimate ones according to SpywareWarrior. I used to use the free version, which was without updates. Seems like I had a few more false positives with it than usual, but I can't remember for sure.
But I share your hesitation about trusting them ... there are so many scams in this area today, and so many things going on, that I am becoming habitually suspicious.
-
I just ran the Webroot Scan. Everything seems clear except for some cookies.
I don't want to get rid of all my cookies. I did that once and got confused (again)
But I don't know how to find and get rid of the several that are mentioned.
I use IE usually only for updating or for something I can't seem to do with Mozilla.
Thanks for any simple help telling me how to rid myself of these cookies.
-
mmmm.......cookies!
There's a fellow here who just loves to gobble up cookies, either one at a time, or a whole bunch together!
He likes Explorer cookies and Firefox cookies just fine.
But remember to move any cookies you want to keep to the preserved list, or he'll gobble them up too!
Who is this cookie loving fellow?
Why, it's the cookie monster!
(http://www.200b.org/images/misc/mycookie.jpg)
http://www.ampsoft.net/utilities/CookieMonster.php#Download
-
:) I use a "cookie manager", the good & FREE "CookieWall"
available from www.analogx.com . However, after
installation & configuration, any time a "New cookie
detected..." screen appears, ALWAYS click "Temporary
Accept", then right-click the yellowish cookie icon in the
System Tray, selecting "Add/Remove". When that screen
appears, move all items in the middle column either to the
left to "Delete/Kill" for the future or to the right to "Keep/
Save" for the future . The "Always Delete" & "Always
Accept" tabs do not seem to work, especially concerning
future occurrences .
-
For those having a problem finding the program, take a look HERE (http://www.analogx.com/contents/download/network/cookie.htm).
-
Hi bob3160,
What is according to you the best cookie policy? I leave my cookies on, as far as they are necessary to come to certain sites. All cookies that ad-aware shows are deleted. In FF I have chosen not to accept third party cookies. Some anti-ad experts say that is bad, but then you don't know what's on your system. Persistent cookies and tracking cookies are some kind of risk. Can you give a rule of fist? After a while I take all sorts of crap from my machine using System Security Suite 1.04 (IE files. temporary files, history files, cookies the lot) Works great for me.
Yours faithfully,
polonus
-
Hello Polonus, how's it going?
If you use SpywareBlaster, there's an option to block all spy/tracking cookies (both IE and Firefox). Ad-Aware will remove any that get through, as you said.
If you use a program like IE Privacy Keeper, you can create a list of cookies you want to keep- say from sites you visit regularly, especially when you want the site to recognise you we you come back. When you do an internet cleanup, all the rest will be deleted. (Despite the name, it does the same with Firefox.)
Regards,
FF
-
Hi forum members,
This is an interesting link to check, good info:
http://mvps.org/winhelp2002/unwanted.htm
But malware is a growing problem, not so much for the malware aware user, but the man and woman, who are not aware of the modern threats on the internet, are endangered. They start to complain, when their machines have some 20 or more nasties on it. These "Jack and Jills" have a strange policy, you click yes, and if that is giving the unwanted result, you can always click no., or can't ye? These are the potential zombie owners, the spam spreaders, the virus goggler's. Is there still hope?
Stay hopeful,
polonus
-
Hello forum members,
To avoid malware these tips may help.
1. Keep a patched system and programs. Once an advisory has been released apply available patches, else stay informed.
2. Be informed. Find out the severity, impact and where it is exploitable (network/local etc.). If no available work-around, use an alternative product until the problem is fixed.
Receive last security advisories from:
- Secunia http://secunia.com/secunia_security_advisories
- SecuriTeam http://www.securiteam.com/
Last but not least keep your security software updates with
Calendar of Updates at: http://dozleng.com/updates/index.php?act=calendar
In this way you have not missed a thing ;).
For the ones who want to filter internet networks and server, used for malware servers and find blocking scripts or check a certain address for these activities check The Malware Filter List at: http://www.spylist.org/ (http://www.spylist.org/)
kindest regards,
polonus
-
Hi fellow malware hunters,
Your malware to be removed could be unwanted toolbands, toolbar icons, unwanted browser helper objects or so-called BHO's, context menu extensions, download managers, protocol handlers, side-search-bars, start-up appl. originating from RUN registry keys.
A tool here if you know what you are doing is ToolbarCop v.3.3 at
(http://windowsxp.mvps.org/toolbarcop.htm
) You must know what you do manually with the registry.
Else you have to ask help from someone who knows how to go about with registry keys. Always back-up registry first.
Mind you ToolbarCop comes without manual and guarantee.
It is recommended by the big anti-spyware forums though.
Manual procedure:
>1. Click [Start] [Run] type [REGEDIT]
>2. navigate to the key.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt.
>Each subkey of this key represents one menu item. Many will include an ampersand (&) to define the underlined key associated with the command.
> Highlight the key, you want to delete,
Choose Export from the Registry Menu and export that branch to a file.
Now delete the key.
BHODemon is the quick and easy. ToolbarCop is kind of an expert tool.
Enjoy,
polonus
-
xxxxxxxxxxxxxxxxx
-
Hello forum members,
A good link to visit in case of malware: 8)
http://www.bluemedicine.be/start_eng.htm
Check it out.
greets,
polonus
-
For those of us that might forget the basics. Here is a good place to go to get reminded of what we need to start out doing. If you want to read something basic but informative please go HERE (http://www.trendmicro.com/en/security/general/guide/overview.htm) to read about it. :)
-
Hi neal63,
Now that I have gone over it again, I agree with you that for us here in general this is very basic stuff. But there are lots of Jacks and Jills on the net, the people that click first and think later, that lack this information bitterly. Else the malware makers would not propsper that easily, and there would not be thousands and thousands of zombie machines on the Internet, whole armies of them actualy serving third parties.
greets,
polonus
-
Polonus,
Greetz, the basics are WHERE everyone HAS to start when learning the Internet and their computer. The post I made before this one about the basics does describe to anyone reading about not clicking with their mouse on anything they see. Please read this THAT (http://www.trendmicro.com/en/security/general/malware-propagation/overview.htm) is part of the basic link that I gave in my other post. You will see that it DOES instruct anyone reading it what to do and not to do. That is why I listed it as basics as some of the folks I believe tend to forget that good surfing habits along with all of this other information help make a safe and secure experience while surfing the interent. :) Greetz
-
This topic is very interesting and full of good links, compliments guys! :)
If I can submit my opinion, a great unsolved problem is the tunneling. When the packets are encrypted into an encrypted communication (packet into packet!), and when the firewall softwares (like ZA) are based in filtering of the packet type and not the packed size (and viceversa for other firewalls)... well, is impossible to be in peace of mind. Persons don't know that is possible to be infected even when the pc is off! The best way is disconnect from the phone-line the machine after the logoff. The proxies are another problem: they use the caching system to increase the speed and share the contents between hundred of users. Is this safe? There are more and more of dangers and I can understand why many persons (also experienced persons) they have a fatal day in which they say "F..k off the paranoia! Let me surf!" ;D
-
Very good points. Especially about tunneling. If I may I found a site where viewers can go take a look and read some more upon which you mentioned about tunneling. If anyone wants to please go HERE (http://www.ssh.com/support/documentation/online/ssh/winhelp/40/tunneling.html) and read and view what it's all about and settings that can be made. :)
-
Hello, my friend Kamulko,
You are addressing something very interesting here. I have heard even that it is possible for the technically apt to enter your machine on ADSL even when the computer and the monitor are off. I do not know if this is the case as the modem has a password installed, what a lot of people do not by default.
Do you have more information on this. I have read the advice that whenever you are going away for the day, you'd better unplug from the Net. Is this true?
your friend,
polonus
-
Yes, Friend. This is the presentation of the GOOD use of the tunneling... we know how the SECURE (?) sending can be used even to send DANGEROUS contents. Every golden medal has the dark side, we says in Italy. :-\
-
I don't know about AdsL modems, but I do know about MY cable modem. When I am not using my computer I have a switch on the modem that I can turn off that acts like an external firewall. No data can be transferred through the modem while this switch is activated. This helps compliment my software firewall also. I turn off the computer, activate this switch on the cable modem and go about my business. So far, so good, haven't had any problems doing this. When talking to the cable company technicians they agree that by activating this switch I am protecting myself. :)
-
Yes, Friend, I unplug the router after the log off.
-
Neal, your modem is off because it is not powered by you usb or ethernet. Your pc is off but probably the circuit is in standby and not completely disconnected. The telephone lines are powered by milliamperes. This is the reason why, in case of electric black-out, the phone is available. So you can understand well. I know: is a incredible thing. Myself the same, didn't believe it before. :o
ADDED: More in "Firewalls and Internet Security: Repelling the Wily Hackers" -Second Edition- Pearson
Publishing/Addison Wesley Professionals - 2003 - Euro 32,00
-
Kamulko,
I have tried accessing the Internet with my pc turned on when the modem switch has been turned off or effectively stopping any transfer of data to/from my pc. I have forgot to turn my modem back to an active status and wonder why my monitor screen basically says "this page cannot be found offline". So, I know that when this switch on the modem is turned off my modem will not allow anything to pass through it to or from my computer.
This being the case I really don't have any worries about anything or anyone accessing my computer for personal information. I could disconnect the "Ethernet" cable from the back of my pc but doing the other thing with my cable modem serves the same purpose. By the way, my cable Internet does NOT use the telephone lines like DSL or ADSL. They have their separate transmission line that runs into my home and then to my cable modem. Also telephone lines over here in the area where I live have a voltage rating of about 44-48 volts on their lines. That's why when the electricity goes off if I have a hardwired telephone I can still make phone calls. :)
-
Milliamperes are a different measure from volts. Power and Intensity. Phone line come from external power; pc (and other peripherals) are powered by the lines in your home. A classic (not wireless) telephone can be amplified and active because the power from the external line. I repeat: I had your same thing before read the book. The authors are Cheswick (firewall engineer), Bellovin (Director of Security and Engineering Task Force, member of the National Academy of Computer Science); Rubin (Associate Professor of Computer Science - John Hopkins University and Technical Director JHU Information Security Institute).
-
We are talking about the same thing when we talk about phone lines.
I already stated that the phone lines here have about 44-48 volts on them provided by the phone company. That is external and separate from the other electricity that my pc runs off of. I know that. I am not arguing that at all. All I am saying is that a Cable Company uses a different line for their digital/analogue/data transmissions to the customers home.
Also I am saying that when my cable modem is turned off no data, I repeat no data is transferred from or into my pc whether the pc is turned off or on because I am effectively removing the modem from being connected inline to my pc when I turn off this switch.
With the cable modem removed from the circuit the cable line itself cannot use or see data transmissions to/from my pc. It can however transmit video, audio, which it also does for the cable companies Television customers. The cable transmission line needs the cable modem connected inline to be able to do any data transfers. So, what I have said is that when I turn off this switch on the cable modem the data information is not allowed through the modem into or out of my pc.
I am not saying anything at all about telephone lines concerning my computer as I do not use telephone lines to access the internet from my home. The other thing that I have not mentioned is this: When my cable modem is off I effectively do NOT have an I.P. address or in others words my modem, pc, are invisible to anyone else on the Internet. It's almost like this, if I were to try and make a phone call from my cell phone with it turned off the call could/would not be made. Likewise the phone when off would not be able to receive any calls. Same priniciple that I am talking about with the cable modem issue. HTH :)
-
Ok, Neal. Now I understand. Language problems :-\
-
Just one little comment.
The switch places the modem into 'Standby mode'. Your cable co. can still pole your modem even though
the computer isn't turned on. It's basically the same as leaving the TV or Stereo in standby mode.
The main unit is off but a simple click on the remote wakes it back up again.
In the case of the modem, turning the switch back to the on position again allows communication once
the computer is rebooted.
-
My little comment. First of all the "Jack and Jill" assessment is very correct. Now that I have that said here goes.
First of all when my modem is in the standby mode that I put it into the cable company can ping my location and will not get a I.P. unless they try and reset the modem as you say via remote. Then they, can obtain my I.P. But, they cannot access my pc. They cannot undo the standby condition that I have put my modem into by using the standby switch, that's a fact. They are unable to access any of my computer information as long as I have my modem in this standby mode.
If I take my modem out of the standby mode and then they ping my system they still will not see anything as long as I have my Z.A. Pro activated, that's another fact. Also when I have my pc already turned on, my modem out of the standby mode I can then put the modem into standby and will not be able to access the Internet. Now, I then can take the modem out of standby and I can then access the Internet WITHOUT rebooting my pc as you state. My modem probably is one of the better ones in that it resets itself I.P. wise when I reset it without my pc having to be rebooted. Thats another fact. If you wish I can give you the toll free number of my level 2 tech support guys and they will be more than willing to verify what I have just stated after telling me that I was correct in my knowledge of how the modem works.
So, while this is a free country, a free forum, the general topic section of this forum, once again you have interjected something into one of my posts. That's alright, I don't mind a bit. Proves what I have said all along. But, when I know something about what I am talking about and someone comes into the conversation and more or less indicates I don't know what I have just talked about I will certaintly respond as I have here. Good to see your paying attention to my posts as always even when outside of your "Off Topic" part of the forum. ;D
-
Neal
Since you've made it impossible for me to talk to you on a PM basis, you again force this ugly and unnecessary reply....
Why do you assume that every time some one posts anything in regard to something you've said, that it's an attack?
I didn't attack what you said only clarified what you said. No more, No less.
Stop interjecting things into my reply that aren't there.
-
Hi folks,
Nobody reading into each others words. I sti;ll have this question here. Why security people advize end-users to turn off there modems when they are not at home. What is the risk. OK. I understand that leaving your computer on and running, and you leave the house, is running certain risks. Somebody can dust your computer in a way you do not like.
greets,
polonus
-
Bob,
Life's a bummer isn't it? If you were trying to agree with what I said why didn't you just say I agree with what Neal said? I had already explained how my modem works with my cable company. Yes, that is correct. Anything you have to say to me will be here. Have a nice day.