0
cameramonkey

Helpful PC Internet security tutorial.

By cameramonkey, in The Bonfire

Recommended Posts

cameramonkey    0

cameramonkey
AirAnn gave me the idea and I wanted to share with the rest of my skydiving friends. Bear with me as this is pretty long. Hopefully you will consider it worth the reading and learn something new (and hopefully make life easier for yourself as well).
This document is still in draft mode, but I am working on getting a working copy on my web site. Check in there for final copies if you wish.
http://jump.havencomm.com
(Others in the technical fields bear with me and save the flames. Many concepts are generalized and vanilla-ed out for ease of understanding by the masses and may not be 100% accurate, although harmlessly so.)
As a professional Network Consultant, every day I run into people that have virus and general security problems, and have no idea that what they were doing was dangerous. Hopefully this will act as a bit of a computer/internet security primer, and prevent many problems later for all my friends.
Antivirus software:
Most users either don’t use anti virus software, or simply don’t realize the copy they purchased with their system 6 months ago is completely useless. Most users assume that like all other programs they purchase, it will run right out of the box indefinitely. Not true, and here's why.
Contrary to popular opinion, virus software doesn’t magically know what a virus is. Here is the basic way it works. Someone in the IT industry notices a strange file doing weird or damaging things. They send that file to someone like Symantec, who analyzes the file. If it is determined that it is truly a virus, they inspect it and learn all they can about it. They then add that file's properties and habits to the virus database. during the next update, your virus software downloads this definitions file and now knows what to look for.
here's an analogy that seems to work well in educating my clients. I liken the process to mug shots on a post office wall. You walk down the street and see a shifty looking character. Sure, he's just a shady character, but nothing big, just another person (like your uncle Ed. Scary, but harmless). You visit your post office and see his mug shot on the wall. You now know he was an axe murderer. on the way back home he is still standing there on that same street corner. Now that you have seen his picture, you know he is a wanted felon, and call the police. Without going to the post office, you never would have known he was a criminal. That’s pretty much how the software works; it doesn’t know what to look for till you give it a reference.
They estimate that there are dozens of new viruses written per week in the world (most never see the light of day).
I recommend Norton Antivirus 2001 or higher (approx retail $50 USD). In my experience, it is the easiest to use, and the easiest to update. By default, it checks the 'net for updates to its database every two weeks in the background and usually never requires input from you. The virus list subscription lasts 1 year.
Here is a link to their site with lots of cool and useful info on the subject.
http://www.symantec.com/specprog/happypc/index.html
If you already have a virus software package installed, check with the manufacturer's website for (most likely) free virus list updates.
Email:
In today's times, it is very easy to get a virus via email. ESPECIALLY when using the most common reader, Outlook Express. It originally was made more powerful for people like me to distribute system corrections, updates, and modifications, but was quickly exploited by hackers as a means to distribute viruses and cause general mayhem.
In general, DO NOT accept ANY attachment from ANYONE unless you are expecting them(not even dear old mum). There are self replicating viruses that use the address book to send itself to all the people you know. Several even add the recipient's name and some comments to the body to make it seem like you sent it.
It generally goes something like this. you get a strange spreadsheet from a client. It makes no sense why he would send you a spreadsheet on the growing patterns of male boll weevils, but you open it anyway. Well, nothing you care about, so you delete it. Damage is done, you have been infected (the virus was attached to the spreadsheet).
It now proceeds to grab a random doc off your PC and forward it to everyone on your list. one version of this virus actually pulls a different file for every user. It sends these out to everyone along with a snippet, intended to get them to open the file. Another by-product of the virus... distributing potentially sensitive material to others, like Grandma's secret cookie recipe, or even worse, company financials or proprietary data such as payroll info (containing SSN's).
Meanwhile, you have no idea what is going on; you don’t see any outward signs of the virus. Since they know you, they open the doc, and the process starts all over again. Meanwhile, the virus goes into overtime, making your PC run funny, act weird, slow down to a standstill, deleting files, etc. One version actually has the potential to overwrite the system BIOS (hardware brains) on certain un-protected systems. Erasing this chip info causes the system to become a paperweight that can’t be easily repaired. the entire mainboard usually has to be replaced. This can cost between $100 and $1000 depending on the system. That problem luckily, is far and few between.
In general, don’t accept any attachments that you aren’t expecting or that don’t look right. one good way to tell if its legit, is that the body will usually have SPECIFIC details and information in it to tell you it wasn’t generated by a script. Some even place your name in the greeting (from the address book "name" fields". so just because it says "Dear Bill," as an opening, doesn’t mean it is legit. Generally speaking, the auto forwarded messages by viruses have the equivalent of "here read this" in the body; no details.
Email the sender back or call to verify the validity. if they say "I didn’t send you anything" delete it immediately.
A happy system that is properly protected by a real time antivirus solution helps to reduce any damage by viruses.
Email forwards:
This started as a part of "Email", but I got a bit carried away and it grew into its own section.

Another Phenomenon is the FWD principle. You get an email alert about something, and it says you should forward it to everyone you know or something bad will happen, etc. Bull****. If a company has something to say, they will send it to all the users themselves instead of asking other users to pass it on. This is a phenomenon known as a socially engineered virus. It isn’t dangerous, but it uses peer pressure and a good story to get you to forward a bogus email, thus wasting time and Internet bandwidth. I liken it to electronic graffiti. its fake and they write it to see how far it will spread.
One of my favorite responses to this phenomenon is on my web site:
http:// http://jump.havencomm.com/ODD/chainletter.html
One common one right now is one that is circulating is one that says that hotmail users are being asked to forward a warning that hotmail is running out of server space and will start deleting unused email addresses. If you don’t forward this email to at least 15 other hotmail accounts, they will assume yours is unused and will delete it. Sounds silly doesn’t it? Most people don’t stop and think that if hotmail had something like this to say, they would say it themselves. Its kind of like Ford calling you and saying they have a recall on mustangs, and if you wouldn’t mind, please call all your friends and tell them. In reality, hotmail is doing this, but only if you don’t log into your account every 90 days. and then they only empty your mailboxes as needed. the accounts don’t go away.
Also, contrary to popular belief, there is no general way to tell who is sending email where and how many copies you forwarded. So the silly forwards that say if you send it to at least x number of people something cool will happen (like tigger bouncing across your screen) is false and just wishful thinking. So don’t expect that $1000 check from bill gates for forwarding that particular email. Besides, how can someone send you that check? they can’t get your name and snail mail (postal) address from your email (generally speaking). If users would only stop and use their heads before hitting the FWD button, they would figure it out themselves, but alas alot of users only believe what they want to without regard to the possible repercussions down the road (what can one email hurt?). When confronted with these facts, most users admit that they really didn’t believe it, but HOPED it was true and in a twisted way expected it to happen even though they knew it really wouldn’t happen.
Instant Messaging:
Same thing. There are several viruses that take advantage of instant messenger platforms by replicating across the web. One particularly ingenious one is actually interactive. Once infected, your PC asks (hidden from your screen) everyone on your buddy list as they log on " I just took a new picture of myself yesterday, do you want to see it?"
If you send an acknowledgement that is in its list such as "sure" "yes" "uh-huh", etc. it will start to transfer a file called Pic1324(randomized characters).exe to you. most people don’t notice the .exe extension, meaning it isn’t a picture, but a program and run it, thus repeating the cycle. This particular worm is relatively harmless, but is designed to choke the msn messaging system; No known threats to your PC. But, this is just the beginning. others may modify the worm, and make it dangerous.
Once again, a happy system that is properly protected by a real time antivirus solution helps to reduce any damage by viruses, and will catch them before they infect your PC.
File Types:
No matter what someone says in the message, if the file ends in .exe, .vbs, .com, .pif it isn’t a picture, it’s a program file and is potentially harmful. The most common types are .jpg .jpeg .gif .bmp .pcx . Generally speaking, anything other than any of the file types listed as pictures could be damaging to your system.(Note, these are by no means a definitive list, but a summary of the most common file types)
By default, some systems don’t show a file extension (the 3 letters after the period, like .exe) for known types. Turning this back on helps to tell what kind of files they are.
Icons are sometimes another indicator. if the other pictures on your hard disk show for instance a Photoshop icon, but this file being sent named "picture" shows a white box with a blue top, beware.
Individually. these indicators are by no means foolproof, but putting all these indicator together can sometimes make sense and stop a problem before it happens.
I guess the bottom line is THINK and be wary of everything.

Firewalls:
For those of us fortunate enough to have a direct connection to the net via cable modem or DSL, another problem arises. Physical access. This “always on” Internet connection gives us a new set of problems. Normally, the windows desktop family (95, 98, ME) does not ship with active server programs that would enable a hacker to attach to our systems. Normally, the worst they can do to us is what is called a DoS attack (Denial of Service). This type of attack usually renders our PC useless for network communication until we reboot thanks to a flaw in how windows reads some network packets. No real harm done, just annoying.
However, due to some viruses known as a trojan horse, it is possible for them to remotely install such a program. This threat is fairly low, but once they have access to your PC, its hard telling what they can do. Such examples include looking at the hard drive data, or using your PC to attack other systems so they can’t be traced as easily (zombie attacks).

That’s where a firewall comes in. It can be a hardware device, or a piece of software that prevents unwanted access to a pc. The hardware solutions start at about $100, and software solutions can be free. In fact, a free one called Zone Alarm rated higher than several commercial packages.
Generally speaking, a firewall doesn’t hurt if you are on a modem either, but due to the fact that you seldom get the same internet address when you reconnect, you are at a lower risk.
http://www.zonealarm.com/zap26_za_grid.html
General:
Windows 98 and newer has a neat utility known as "windows update" with this internet based application, you can quickly and easily apply software updates and security fixes to the operating system with just a few clicks of the mouse. Some exploits are due to a bug in the original software, and can be disabled by using this update utility. One part of this package can even be downloaded so that it checks periodically and warns you whenever a new update is available. That way you don’t have to keep checking in.
Well, that’s about it for my babbling. Hopefully this helps to educate the masses a bit more. Feel free to ask any questions if something doesn’t make any sense.
Bibliography
Email:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
http://www.symantec.com/avcenter/venc/data/[email protected]
http://www.snopes.com/inboxer/hoaxes/hotmail.htm
http://www.snopes.com/inboxer/nothing/billgate.htm
Instant Messaging:
http://www.symantec.com/avcenter/venc/data/w32.annoying.worm.html

Share this post

Link to post
Share on other sites

mountainman    0

mountainman
I use Norton Anti-Virus Corporate and it has a LiveUpdate feature that I actually use about twice a day. Over-kill, maybe....safe, absolutely.
Skymonkey....thanks for the great tutorial. Now, 45 minutes later, I'm done reading it. That was very informative and have it all bookmarked for future reference. Thanks again for taking the time to do that.
--------------
click me for a good time

Share this post

Link to post
Share on other sites

fonz    0

fonz
> Email:
>
> [snip] but was quickly exploited by hackers
I suggest you use the word cracker instead of hacker...
> In general, DO NOT accept ANY attachment
Once your mail messages have been fetched from the server, you've already accepted them.
I think opening is a better word.
> Email forwards:
>
> [snip] In reality, hotmail is doing this
English is not my native language, but I think that "this" is referring to the wrong thing.
You probably mean Hotmail does terminate idle accounts, but the way I read it, it looks like you're suggesting that Hotmail sends out these chain letters.
You're making a good point here, though! [trophy]
> File Types:
>
> [snip] The most common types are .jpg .jpeg .gif .bmp .pcx
Similar remark. One might think you're suggesting that .jpg etc. are the dangerous file types.
"The most common PICTURE types" is a lot clearer, I think.
These are just some small remarks. Overall, you wrote a good story. Things may be simplified, but at first glance I can't spot any real incorrectnesses.
Just trying to be helpful,
Alphons
http://www.liacs.nl/~avwerven

Share this post

Link to post
Share on other sites

cameramonkey    0

cameramonkey
Thanks alot. I have taken some of those editing changes and corrected the (more) final document. (I left the "hacker" term alone as in this geographical area its the more broad definition of an internet person with bad intentions)
Its amazing what happens when you spend several hours writing something like that. Even 10 proofreads and edits dont help after a while LOL
Anyone else that has ideas for clarifying this, those comments are welcome, especially those that speak english as a second language. (my old english teachers might argue based on my grades its still a second language for me)
I will eventually be rolling this out to my clients as a form of user education and want to help make it as clear as possible.
the working document is now located here...
http://jump.havencomm.com/Internetsecurity.html

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
I'm not overly thrilled with the line about hackers. I consider myself to be a hacker ,and i get paid to do it too, but I'd never do harm to anyone since I don't have bad intentions. I do vurnerability accessments for the company I work for and that takes way more skill then most s' kiddies ever will have.
Crackers on the other hand.... They are on my list of people that I would'nt mind seeing disappear from the world.
A rainy day at the DZ is better then a Sunny day at work

Share this post

Link to post
Share on other sites

cameramonkey    0

cameramonkey
As I Indicated, I was oversimplifying terms... otherwise I would have pointed out there are Black hats, white hats (your type) and those that occupy the grey areas in between...
I dont like the term "Honkey" either, but I am one so I guess I gotta live with it LOL
Remember, I'm not out to explain it all, or be all touchy feely and PC. Just summing this stuff up so the average Joe that just uses a PC for work will be more informed and less dangerous (to himself) as a whole.
Gilligan
"If you think education is expensive, try seeing how much ignorance costs."

Share this post

Link to post
Share on other sites

airann    1

airann
Dude- You are awesome!
It is beyond bizzare how you can easlily get viral weirdness from say a thread in a news group. And the person doesnt even know it that sent it to you, accidently.
Even if your heads up note is super sweet with honey on top and extra altitude sprinkles, you have just 'acused them' of doing something. Even if Unkle Norton has it plainly in quaranteen with peoples names all over it. Trying to explain this has eluded me.
Basicly the bad guys will frame the good guys.
If you tell the good guys they sent you something from a bad guy...
then you are the bad guy all of a sudden and for the rest of your life you are the bad guy. Haunted.
Skydive~Friends~Happiness
AirAnn
http://www.AirAnn.com

Share this post

Link to post
Share on other sites

Donna    0

Donna
Ann -
I'd like to know why you keep making digs at me about this. I told you I never sent you a virus on purpose and so far no one has been able to explain to me how it could have even happened. If it was true I would like to know so I know what to look for in the future. I don't understand how you can get a virus from a text only post on a newsgroup and why only one person who read that post would pick up the virus and how it could go an attack their webpage. Like I said before I had a brand new Gateway computer that I had just gotten that week. The only thing that we had installed on it was netscape, which is the browser we use and I had downloaded the latest updates to Norton antivirus. No virus was ever found here and after you said you had gotten a virus from my post I ran the antivirus scan a bunch of times. Nothing ever showed up anywhere. I have never used outlook express for mail and you were never in my address book and at that time I didn't even have an address book yet. I honestly don't understand how I could have sent you something and if it's possible I would truly like to know how it happens so I can make sure nothing like that ever happens again. Why would only one person who clicked on the post get it and no one else? I didn't even think it was possible for a text only post to contain a virus. Maybe it is and if so I am truly sorry. I had no idea. I just wish you would stop saying things about me in this roundabout way. I honestly don't know what else to do here.
Skies,
D :P

Share this post

Link to post
Share on other sites

cameramonkey    0

cameramonkey
I am sure I am a little out of the loop and probably missing a few key items, but I may have an idea.
From the sound of it, this might just be a case of a virus having very bad timing. If this happened back in the early summer, the virus activity was at its highest with code red floating around out there.
I have to agree with donna, as I dont see a way for that virus to flow that way. Its probably just a case of the virus coming in coincidentally at the same time that this wreck dot crap (and there is sooooo much of it) went down.
(not taking sides, just making professional observations)

Share this post

Link to post
Share on other sites

airann    1

airann
Look,
I didnt mention your name. I NEVER have in an open forum.
However, all I know is this, I was using Outlook.
Norton put a virus in quaranteen, the word Donna was on it.
That is all I know.
At the time I wrote you a very polite note to tell you that.
I knew good and well that YOU didnt send it to me on purpose. Nobody puts their real name on a virus then sends it to someone on purpose!
I am sorry you got upset then, now and likely in the future over this mess. But it continues to haunt me as well. ALL the time.
I cant get away from it.
Skydive~Friends~Happiness
AirAnn
http://www.AirAnn.com

Share this post

Link to post
Share on other sites

Donna    0

Donna
Look,
I know you didn't mention my name here but you did in that e-mail you originally sent which wasn't sent to me alone but to others as well. I wrote back trying to find out more info so I could try and figure out if a virus did indeed somehow come from my computer. You never replied. I checked and rechecked and scanned and tried all I could and came up with nothing.
What virus was it exactly? Are you saying it was called the Donna virus or it came from an e-mail from Donna? Can you give more details? Know what's weird? My e-mail doesn't say Donna on it anywhere, just TY.
Quote

I knew good and well that YOU didnt send it to me on purpose. Nobody puts their real name on a virus then sends it to someone on purpose!

So are you saying you didn't get the virus from me or that I didn't do it on purpose?
Because in the e-mail you sent you said you got it from me.
Then in another post on here you called the person who gave it to you a scumbag and said they were very clever in giving it to you. That sounds like they did it on purpose.
I'm very sorry that your webpage got ruined. I had thought it was a great site and enjoyed it very much. I love dogs and used to have a great dane myself. I would also love to see more women get into skydiving and applaud your efforts. Why on earth would I ever try to ruin all your work? Had I ever been mean to you? No! Just the opposite. Check google and see the replies I made to your posts. I tried being nice and I feel like I'm being unjustly slammed now.
I would have just e-mailed this to you but I'm afraid to do that.
Skies,
D :P

Share this post

Link to post
Share on other sites

Zennie    0

Zennie
Whoa! Whoa! Gang! :o
There are tons or worms/virii out there that could explain this.
The latest virus/worm fad, brought to you courtesy of Microsoft's scripting extensions to IE & Outlook, is to embed a program into an email and send it to people who run email programs which support Microsoft's scripting extensions (i.e. Outlook/Outlook Express). The recipient opens the email, which then executes the worm/virus. The worm/virus will go through that person's address book, compose an email message, attach itself to that email message and send itself to everyone. The worm may also have a virus component which destroys files on the recipient's computer.
So in a nutshell, it spreads by going through address books and sending itself to everyone in it. Those people get it and the process repeats. So you can see how quickly something like this can spread. Very bad news.
The worst part is that it can create misunderstandings, because the person sending the virus had absolutely no idea it was happening.
Here's an sample description of such a virus off Symantec's website:
"W32.Magistr.24876@mm is a virus that has email worm capability. It is also network aware. It infects Windows Portable Executable (PE) files, with the exception of .dll system files, and sends email messages to addresses that it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which are used by mail clients such as Microsoft Outlook and Microsoft Outlook Express,. The email message may have up to two attachments, and it has a randomly generated subject line and message body.
NOTE: In many cases this virus will "touch" files and send them out as email attachments. Such files do not contain viral code and should be considered clean. In such cases it is safe to delete the file and it would be prudent to inform the sender that their system has been infected by the virus."
So don't be so quick to blame the sender. They could have sent it, but completely without knowing it. Rather, thank our friends in Redmond, Washington for providing this wonderful service which makes virus/worm writing so ridiculously easy.
"Wear the grudge like a crown. Desperate to control. Unable to forgive. And we're sinking deeper."

Share this post

Link to post
Share on other sites

Donna    0

Donna
Zennie - I have heard of those virii and that's why I was trying to find out more info in case I had somehow unknowingly sent a virus but the thing is at that time I had just gotten a new computer and didn't even have an address book set up yet and I never use IE or Outlook. I didn't know if there could be similar virii though that somehow attach themselves to outgoing e-mail. There was no attachment on my post or at least I didn't put one there. It was just text.
Ann.. for gosh sakes... I don't hate you. All I was trying to do was to find out what happened. I'm so sorry about your site and I certainly don't want it happening to anyone else so I'd like to know how it happened and how it could be prevented. This is my last response to this nonsense.
Skies,
D :P

Share this post

Link to post
Share on other sites

cameramonkey    0

cameramonkey
I think I might have another idea.
Donna, Just for giggles, I would find someone else with a CURRENT (updated virus list within the last 2 weeks) copy of norton antivirus and make a set of rescue disks. boot your pc with those disks and run a scan on your pc. ( I can burn a CD and send it if all else fails)
what can explain you not finding any viruses, is that some have the ability to mask themselves from scanning software. These are called "stealth" viruses. the only way to detect and remove them is if they are not running at the time in memory. booting off clean disks will prevent it from loading and hiding itself.
overall it sounds to me like maybe we have two people at odds because of a sneaky piece of virus crap, that is causing bad feelings all around without either party understanding exactly what is going on. (perfectly natural) Just wish I could clear it up so everyone is happy again. oh well, slowly but surely.

Share this post

Link to post
Share on other sites

airann    1

airann
They way I understood it back in like July/August was that "things" can stick to a thread, if you email off the thread that is how it rides in.
And from the very beginning I knew you did not send it to me on purpose.
That is how the clever scumbags do it.... they frame the unsuspecting persons who wont be looking for these files or maybe dont have protection like an updated virus checker or a firewall.
AS they say even if you know the person be careful, there could be crap attached and you wouldnt even know. Like in this situation. 2 innocent people, and blam big ole mess.
Sorry I could not explain it -but I for sure didnt know how.
Skydive~Friends~Happiness
AirAnn
http://www.AirAnn.com

Share this post

Link to post
Share on other sites

mountainman    0

mountainman
AIRANN....have you ever done some searching on a virus that would happen to have the name of "donna"? Seems to me that all of the files that my Norton has quarenteened have some type of file name and I can go in to see the file names of ALL of the known/checked viruses. Some of them have regular names.
I'm not sure if you thought you got this from a certain email from Donna, but if so, does it actually TELL YOU that it came from that email?
And about your website, I know that if there is a website problem, you can go in and clear your whole server space out and reload a whole website in about five minutes. It's not that hard is it?
There is no need to fight about this. Seriously.
--------------
click me for a good time

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing