Virus That Wont Go Away

Got an infection that just wont go away?

Has your computer got a virus that just wont go away? You've tried disinfecting it, scanning it with different anti-virus scanners and had a friend (or us!) look over it and for a little while it seemed okay, but then it all went bad again?

In this blog post we talk about 3 other possible problem sources that you might need to check.

Other Computers

If you have other computers on your home network then they are a potential source of the infection. It's a bit like having nits in the house - to eliminate the virus completely you will need to isolate all the computers and individually disinfect them before reconnecting them to the home network.

Don't forget to pay particular attention to computers that connect wirelessly. In these cases it is easiest to either turn off the wireless access point, or disable the wireless adapters on the affected computers.

As a general rule if one computer on your home network is infected it is fair to assume they will all need some attention (if they are all Windows computers).

Infected Router

It's possible that the problem isn't your computer at all, it's your Internet router instead.

Some older Internet routers have security flaws that allow hackers to break into them over the Internet. In these cases a hacker may have broken into your router and reprogrammed it to direct your computer to sites were it gets infected. Needless to say this affects all computers on the network.

If you have an older router (normally anything less than 3 years old is unaffected) and virus infections keep on coming back it is probably worth replacing your router, or at least reloading the firmware and changing the default passwords (for many people buying a new router will be much simpler).

Pretend Anti-Virus Software

Sometimes people find themselves being tricked into installing anti-virus software which really isn't anti-virus software. As a general rule of thumb if a site pops up a message saying "your computer is at risk" or something similar, it is selling "junk" anti-virus software. Rather than stopping viruses this software often does the opposite and loads software you don't want on your computer.

If you don't have any anti-virus software, and you use your computer just for home use we strongly recommend AVG Free Edition. Even if your computer is used for work the commercial version is good value.

And if none of that helps we can always have a look at your computer for you. Our fixed price service includes a deep-scan anti-virus check which eliminates viruses that onboard AV scanners can't get rid of.

Programs You Should Run To Keep Your PC Safe

*** Note - this is advice for Home Computers ***

Customers frequently ask us what tools we recommend to keep their PC safe. Here's our recommended list for home computers - all the tools have free versions (at least for home use) and in our opinion are better than other offerings in the space, which pretty much removes any good argument not to use them:

Anti-Virus

Yes you need an anti-virus tool - our first pick for home use is AVG Free Edition which is free for non-commercial home use - you can download version 9 here.

AVG Free is effective, but light weight so your computer still has some capacity to do the stuff you ask it to.

* A word of warning - computers run really badly with two anti-virus products installed, so if you are going to use AVG make sure you uninstall whatever you are currently running first.

Anti-Spyware

Having a dedicated piece of Anti-spyware is a good choice. Anti-virus and anti-spyware are different jobs, and combined tools don't do the job as effectively as dedicated pieces of software.

In our opinon the best tool in the space is malware bytes. There is a version you can pay for, but the free one is perfectly adequate. You can get both versions at the malware bytes web site.

A Better Browser

Your choice of web browser can make a substantial difference to the security of your PC. If you go with the mainstream choice (like Internet Explorer) you will be using the most widely targeted piece of software around. However, if you go too far from the mainstream (for example Chrome) you may find that websites don't work properly.

In our opinion the stand out product in the space is Mozilla Firefox. Needless to say it is free. It's also the second most widely used browser after Internet Explorer, so you aren't wandering too far from the mainstream.

You can download Firefox from the Mozilla website.

Internet Filtering

We think the best product in the space isn't actually a product - it's a service - Open DNS. The Open DNS project is designed to use the power of collaboration to identify potentially dangerous and offensive content on the Internet.

By configuring your PC to use the Open DNS servers you can then use their categorisation system to help keep your PC safe, and better, keep young eyes away from inappropriate content. Our blog post on Open DNS explains how it works in a little more detail and how to configure your system.

There is one other thing you should do to keep your PC safe. Backups - no one likes to hear it, but they are really important.

Backups can be approached in two ways - files only, or complete system backup. We will talk some more about these in the near future.

Getting Windows Update to Work With Squid

(This blog entry is for techies only)

Caching Windows Update with Squid 2.6

Windows Update has historically been a problem for Squid administrators, particularly those that want to firewall 80/443 from their network and force traffic through the proxy.

This guide will let you set up a PARENT/CHILD pair of Squid Caches in order to enforce the never_direct directives and minimise your bandwidth usage for updates. This method works, but it does require two squid proxies, either configured to run on the same system, or on separate systems.

NEVER_DIRECT

I’m going to address this directive first, since it probably doesn’t do what you think it does.

What you probably think it does:

Never go direct to the origin server, always connect with Squid and pass on the data.

What it actually does (from the Squid FAQ):

If you are behind a firewall then you can't make direct connections to the outside world, so you must use a parent cache.

You can use the never_direct access list in squid.conf to specify which requests must be forwarded to your PARENT CACHE outside the firewall, and the always_direct access list to specify which requests must not be forwarded.

The emphasis on PARENT CACHE above is mine. If you attempt to use this directive without a parent, it will give you a NO_PARENT_DIRECT error.

REQUIREMENTS

From the above, we determine that we need at least one Squid Parent instance and one Squid Child instance.

These can be two physical servers, two virtual servers, or a multiple instance configuration on one server (http://wiki.squid-cache.org/MultipleInstances). However, for simplicity and security, we used two physical servers and the Firewall shown in the diagram below is actually on the Parent.

The network layout we’ll use in this example is:

SQUID CONFIGURATION

From the above diagram, we get the following Squid configurations.

THE PARENT

The parent configuration is simple; add the bolded directives to squid.conf:

We also define:

http_port 3128 cache_dir ufs /var/spool/squid 50000 16 256 maximum_object_size 1000 MB

That is:

• the default http_port, referenced below by the child.
• a cache of 50Gb, more than enough but you may need to allocate less on a small disk.
• a maximum_object_size of 1Gb, large enough to cache any update.

Either cache may also require a “visible_hostname” directive, depending on how you have configured the underlying machine.

Also note “firewalled_clients 192.168.0.0/24” above would need to reflect your client network - we’ll call this “localnet” on the Child and this would also need to reflect your network addresses.

THE CHILD

First we need to define the Windows Update servers, and our local network. In the same place as the acl above:

acl localnet src 192.168.0.0/24 acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain au.download.windowsupdate.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com acl wuCONNECT dstdomain wpa.one.microsoft.com

Then in the http_access section:

http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet

Also in this section, to force using the Parent cache:

never_direct allow localnet

We also need to define the Parent, and allow access to it:

cache_peer 10.0.0.1 parent 3128 3130 proxy-only no-query cache_peer_access 10.0.0.1 allow all

Whilst we have to specify an ICP port, we aren’t interested in checking if the Parent has the object cached as it is the only available source anyway, hence “no-query”.

We also set “proxy-only” as there is no benefit in caching the results here and on the Parent.

NB, 10.0.0.1 is the IP address of the Parent from the diagram, adjust it to match your Parent if necessary.

CLIENT CONFIGURATION

For this example the client network will need to point to this proxy server: 192.168.0.1:3128

Setting this proxy in Internet Explorer will also allow Windows to do automatic updates through the proxy.

FIREWALL CONFIGURATION

The firewall can be configured on either of the proxy servers, the main firewall, or all three if desired (perhaps because you don’t administer all those machines). However, this is outside the scope of this article.

AUTOMATIC PROXY CONFIGURATION IN WINDOWS

The next question most people ask is how to set up WPAD (Web Proxy Autodiscovery Protocol) so they don’t have to configure each Windows client on their network.

You will likely want to achieve this with a combination of DHCP and HTTP servers.

There is an excellent post explaining this by David W. Hankins at http://www.mercenary.net/blog/index.php?/archives/42-HOWTO-WPAD.html

Please read carefully however, as the default configuration will simply stop WPAD from trying DNS should DHCP fail to reply to the request as a security measure to guard against DNS poisoning.

Internet Explorer Freezing

We've noticed in the last few days that customers that are using Internet Explorer, and have their default home page set to "ninemsn", seem to be having some issues with Internet Explorer freezing, and not letting them type anything in.

By the looks of it "ninemsn" is giving some information to IE which is causing it to lock out for a while.

If you are affected you have three options:

1. Update Internet Explorer (new versions don't seem to be affected). You can get Internet Explorer 7 here (we aren't recommend IE8 at this stage).
2. Use Firefox instead (it is a better, more secure browser all round). Firefox Download Site.
3. Change your home page away from Ninemsn - instructions below.

Changing your home page is the quickest fix to the problem, but to some extent only a temporary one. Never the less, here is how you can do it on Windows XP, without having to re-open Internet Explorer. If you have Windows Vista you already have IE7 - if your browser is running slowly chances are it is because of viruses and spyware. You should probably book it in for a service.

To change your home page without having to open Internet Explorer (because it will freeze again) open your control panel

and choose Internet Options.

Once you have Internet Options open then choose the general tab. Your home page setting is right at the top of the window. You can either type in a new home page, or choose "Use Blank" which will just give you a blank screen. Using either a blank screen, or a minimalist home page like Google are both pretty good choices.

Here we are using a blank page:

Note your window may not look exactly like this. This is actually the IE7 dialogue. IE6 (the browser that is having trouble) is quite old - we couldn't even quickly find one to get screen shots from, so change your home page in the short term, and plan to either update to IE7, or install Firefox in the near future using one of the links above.

Why You Should Back Up Your Hard Drive (and a really simple procedure for home computers)

Hard drives are the part of your computer that stores all the information (including music, documents, spreadsheets, photos, videos and everything else) that you put onto your computer. All the information that makes it your computer. They are also, for a variety of reasons, one of the parts of your computer most prone to failure.

When they fail the results can range from a busted computer which someone needs to carefully pick the data off, through to all of your information being permanently and irretrievably lost. However, usually some, if not all information (photos, music, documents, spreadsheets etc) is lost when a hard drive fails.

Now we can talk about the odds of a computer hard drive failing after so many hours, or this percentage failing etc, but that may not necessarily give you a particularly good sense of what that means. So here's something that might seem a little more concrete. Over your lifetime of owning home computers chances are you will have at least one hard drive failure.

Think about what you keep on your computer. Do you have a copy of it? If not it's about time your got some backups started.

For home these don't need to be complicated. Something as simple as an external hard disk, or even a USB memory stick (although if you have lots of photos you will probably find they are a bit too small, but heh its something) can do the job. For a really simple backup attach your external hard drive and then copy your "My Documents" folder onto it using the procedure below. Hopefully the pictures below will make some sense out of it (Sorry for those that know this bit - not everyone does so you will just have to be patient). The "My Documents" folder will contain most of the stuff you have put onto, or created on, your computer, but there can be exceptions.

So to backup your "My Documents" folder open an explorer window grab my documents with the left mouse button:

Once "My Documents" is highlighted go to "Edit" and choose "Select All":

Once this is done all the files on the right will be highlighted. Now using your left mouse button grab the group of files on the right, and drag it to your removable disk.

Once you let go of the left mouse button the files will start copying to the new location.

If the files dissapear from their original location, or anything else seems to go wrong then you can use the undo command to reverse the last action:

Using an external hard drive for backups is a perfectly good solution (for home), provided you are disciplined about it. That "discipline" bit is often where people get into trouble. if you are worried about forgetting then the good news is that technology can help. There is software available that can make backups even easier to do (automatic in many cases).

If you think you want an automated software solution then let us know. There are some good solutions in the space that will help with making backups routine.

Why We Use NAS Rather Than Tapes

If you took a look at our last blog entry you might wondering what we use for backups if we don't use tape.

That's easy - we use Network Attached Storage (NAS for short).

Compared to tapes NAS have three major advantages:

1. They can keep up. Tapes are so slow that many in the industry now do what is called "Disk to Disk to Tape", where the backup is first done to another set of high speed disks, which can then slowly and ponderously stream that data to a tape drive. Getting rid of the "to Tape" bit is the next logical step.
2. Less External Dependencies. A NAS unit is a complete system that you can attach to your network and start pulling files off. A tape needs a tape drive, a semi functioning computer, driver software, backup software, and they all need to be accessible before you can start pulling off files.
3. Unlike tapes, which are a bit of an out sider from a mainstream technology perspective, NAS units use normal everday Hard Drives. So as the capacity of normal every day hard drives increase, the capacity of NAS units keeps pace. Tapes on the other hand are always playing catchup, and are usually around an order of magnitude behind in terms of cost effective storage.

Now if you are seeking a long term archive then tape is still your best bet, but that is not what most businesses are after in our experience, particularly once retention of data in programs like MYOB/QuickBooks etc is explained. Even then, NAS, which is powered up once every couple of years is probably just as good. Tape has the benefit that it can be just left to sit on the shelf for 10 years. Now, where did I leave that tape driver software...

5 Common Mistakes Business Make About Backup and Recovery

We are going to be talking about backups over the next few weeks - we are going to be talking about backups quite a lot. More precisely we are going to be talking not only about backups, but the other less frequent but oh so important bit - recovery.

The problem with the way most businesses approach backup is that they might take some backups (might) but they have never given a whole lot of thought to the other side of the equation - recovery. And there are some sobering stats here - probably the most sobering I have come across is this one:

"93% of businesses that loss access to their critical data for 10 days or more file for bankruptcy within 1 year. 50% of them file for bankruptcy immediatelly" - US National Archives and Records Administration.

So it's not only if you can get access to your information again, it's how quickly you can do it. And that is where things start to get interesting.

To get us started on our month of DR (Disaster Recovery) here are 5 common mistakes that businesses make about backup that means when push comes to shove they can't recover:

1. As long as I have my data I'm okay

Wrong.

Access to your data is contingent on a number of other pieces of infrastructure being in place. Sometimes this is a simple as a computer with say Microsoft Office installed in which case provided you can find a computer you are probably okay. But sometimes it relies on an application server, which has had 100 patches applied to it, which no one exactly remembers, and there was some bizarre tweak that someone had to give it to make it work etc.

Can you get access to the data again - probably. Will you get access to the data again before you are out of business? Much harder to know.

2. An Online Backup Over The Internet Is Our Best Option

Usually Wrong.

Online backup solutions are targeted at home users, and small businesses. They provide handy interfaces to help you see which files you are backing up, history etc. The problem is they are driven by people who, due to their limited IT knowledge, don't actually understand which critical parts of the system need to be backed up. For example, if you are using Exchange server only the system adminstrator has the access they need to the mail store.

If your whole server packed it in exactly how long will it take your online backup company to get you a copy of your data - a day, two days, a week? Have you ever asked? Have you ever tested their ability to deliver?

Also, as 1 above just backing up your data isn't really enough.

3. We Use Tapes

Wrong.

There are so many issues with tapes it is hard to know where to start:

• You need a tape drive (seems obvious right). But what if your previous tape drive was damaged (say by a power surge) so you can't move it across to the new server you just bought. Can you still buy the type of tape drive that you had previously keeping in mind it's probably three or four years down the track? This is what we call in the industry a "depedency".
• Tapes aren't growing in capacity fast enough to keep up with modern hard drives. Time and again we see new customers which have been sold a tape drive which can't backup a tenth the capacity of their server hard disks.
• Tape drives can subtly alter the length of tapes over time so that tapes will only work with that particular tape drive. Even if you can find a replacement tape drive your tapes may not work.
• Tapes need to have the basic operating system up and going to support the correct drivers. So if you are rebuilding from scratch you need to build a basic server, then install the tape drive and software, then restore (hopefully) and then reconfigure the server.

4. If a Part Fails In Our Server We Will Be Able to Get a Replacement Part

Wrong.

The scenario is like this - components in the computer industry tend to turn over on 12-24 month timeframes. After that the big PC/server manufacturers (HP, Dell, etc) will continue to carry spares for "warranty" customers. However, chances are they wont "sell" you one of their components - they need to hold an inventory to cover the customers which did pay for warranty.

Normally parts fail after at least a couple of years in service, meaning chances are you can't buy a replacement anymore. So if you don't have a warranty you probably can't get a like for like replacement. If you can't get like for like replacement then there is an awfully good chance that you will have to rebuild the system, or at least use a time consuming process to make the new part work with the old system.

Now this isn't true for some parts, like the power supply, or a non-integrated network card. These can often be easily replaced. But for the big components - like the RAID controller, Main Board and Hard Drives, it usually is.

5. If Our Server Crashes It Will Only Take a Day or Two to replace it

Wrong.

Yes you can go to Harvey Norman and buy a PC this afternoon. Servers are a different type of beast entirely. Because there are less of them sold they haven't reached the point where they are a standard item that retailers carry.

If you are lucky, and your business is small enough you may be able to limp along on a PC for a few days, although depending on your restoration strategy it could take days to get it correctly installed.

We will be discussing some of strategies we think you should pursue over the next few blog posts. Stay tuned.

Filtering Your Internet Connection with Open DNS

As we mentioned in our recent newsletter there is now a really quick and simple way to filter your Internet connection to:

1. Stop kids from seeing content they shouldn't.
2. Keep people away from sites they shouldn't be accessing.
3. Protect you from phishing sites and other Internet nasties.

That method is "OpenDNS.com".

Setting up OpenDNS is really easy, and will take only a few minutes. To do it for your home network or computer read on.

First - do you have just one computer or a number of computers using your Internet connection at home?

If you have just one computer then you can follow the instructions for setting up your computer. If you have a number of computers you are probably best of configuring your router so that the setting will apply to all of your computers without having to change each computer individually.

Once you have done that you are now being protected by OpenDNS at a minimal level (which just protects against phishing). However, to get the best out of OpenDNS you should now go and create an account.

After you have created an account you can adjust what sort of websites you would like to be filtered. By default you will find the category level is set to minimal which just stops known phising attacks.

There are some really easy options to choose here. For example "Low" will also filter out pornography, while moderate will filter out other adult related content. So for home, you might set this to low or moderate. You can also "customise" and choose exactly which categories you want people to be able to see, and which ones you don't.

Go and take a look - this is a really neat tool and compared to what you used to have to do to solve these sorts of problems is very simple.

If you would like to try setting it up for the office network just let us know. We can also give you a hand at home if you need some assistance.

Protecting Your Private Information Online

Protecting your information online is tricky, and worst of all, is not only dependent on you. But there are a few things you can do to prevent running afoul of this phenomenon.

Firstly lets talk about why you need to protect your information online. Apart from the obvious discomfort at information you consider private being learned by others there are a number of ways that this information is used by criminals that will eventually cause you some distress. The first of these is credit card fraud. If unscrupulous people learn your credit card details (and we will talk about how this, and other identity theft can happen below) then they will use it to try and buy goods and services, which the credit card company will try and bill you for. Depending on the card agreement, the merchant usually takes the risk and so eventually you will probably not have to pay these fraudulent charges. But you may spend a long time on the telephone getting the matter sorted, and it may take months to resolve. During that time you may not be able to use your credit card either.

Another way the crooks might try and use this information is for "Identity Fraud", where they pretend to be you in order to enter into some sorts of agreements/contracts, typically to obtain credit of some sort or another, usually for a highly mobile asset which they can quickly sell. So it is unlikely they would buy a house using your identity - the goods would be too easy to recover when the fraud came to light, but they might try and get a 50,000 overdraft in your name, secured against your house. Usually the amounts of money involved are substantially higher, and the creditors (bank or whoever) are far more tenacious at chasing up the bad debts. In the end chances are you wont be held to account for the fraudulent transactions, but it isn't unusual for people to have to spend a substantial amount on solicitors to prove they aren't the guilty party.

And of course there are the minor irritations such as increases in addressed junk mail that turns up in your letter box.

So, how do you protect yourself? Apart from making sure your computer is reasonably secure (and there are other articles here on the blog about this) the other thing to do is to make sure you don't inadvertently give your private information to the bad guys...

Be Careful Who You Are Giving Your Information To

A snazzy looking website is not that hard or expensive to set up. Running a secure website, that protects people's information is very difficult, and is something that a lot of organisations get wrong. So it isn't that the people asking for your information are dodgy - most of them are honest enough. The problem is they normally don't have the time or the resources to protect your information properly.

The Padlock Doesn't Mean What You Think It Does

You may have been told to look for the padlock on browser windows as a way of checking the security of a web site. While the padlock is better than nothing it perhaps doesn't mean exactly what you think it does. The padlock means that data can't be stolen while it is travelling between you and the website, but it is no guarantee the information can't be stolen from the website once it gets there, or that the website itself can be trusted. That's why sometimes it is better not be to be completely honest with websites and to...

Make Up Another Identity

Make up another identity for yourself, and use it when a website requires registration. Now there are times you mustn't do this - like for an Australian Government website, an airline booking, the electric or phone company, but if this is just an online forum, or a newspaper that requires registration before it will let you read the paper then make up an identity apart from your own and use that.

You might even like to have a "standard" made up identity that you use, with a birthday you can easily recall etc.

Some of you may say that marketers need some of this information to understand who they are selling to better. Perhaps, but they only need to understand general demographics, not your exact details. If you are worried about this make the alternate identity similar to your own (born the same year, same gender etc).

Others may question the ethics of not being completely honest with websites. It's a reasonable point but consider this - if some people you didn't know came up to you in the street and asked you where you lived, and what times you were home you would probably, quite rightly, refuse to tell them.

Give as Little Information as Necessary

Most of the time when you register for an account on the website you will see that some of the fields are marked with an asterix "*" while others are not. You don't need to complete those without an asterix - you can just leave them blank.

Have a Gmail or other Temporary Email Account for Registrations

A lot of websites insist on getting your email address as part of the registration process. Don't give your real email address to these websites.

Instead, set up an email address with google mail, or some similar free email provider. In this way you will keep your real email account free of spam, and after a couple of years you can simply move onto another temporary email account if necessary.

Don't Let Websites Store Your Credit Card Details

Some websites, if you are buying things using a credit card, give you the option of storing your credit card details for your next purchase. Unless you are back there every day it is best to not store your credit card, and to simply enter it every time you need to buy goods using that site.

If a hacker breaks into that website, and steals their database, then if you have saved your credit card number they now have all the details they need to start buying goods and services using your card.

Privacy Statements are No Guarantee of Security

If you are dealing with an Australian business or organisation then they are obligated by law to comply with their privacy statement. However, if they say in their privacy statement "we will sell your information to the highest bidder" then they can sell your information to the highest bidder, and dodge the Privacy Act because they "informed" you what they were going to do. So unless you've read the privacy statement you really can't rely on it. And even if the company has the highest standards in its privacy statement, there is no guarantee their information will not be stolen.

As for overseas companies well - they might comply with their privacy statements. There might be legislation in that country that requires them to comply. But it might only require them to comply for citizens of that country, or any other of a dozen ways that they might be able to dodge their responsibility to you.

Now - it isn't our intention to unfairly characterise all businesses and organisations in this way. Many (the majority in fact) will try and look after your information. But not all of them. Even those that do try to handle it ethically are usually not well resourced enough to make sure the information is really secure. So take some of the steps recommended here to protect yourself.

In the end avoiding identity fraud is a bit like road safety - you can just be unlucky, but if you only give your real information to people who need to know it you can go a long way towards preventing this from happening to you.

Other Resources

• Stay Smart Online - Australian Commonwealth Governent - there is some useful stuff here including the Budd:e learning package for primary and secondary students.
• Get Net Wise - Site with plenty of practical help on how to keep your private information private.
• Protecting Your Information On FaceBook - If you use social networking sites you need to check (and possibly restrict) who can see the information on your facebook (and other pages).

Don't Be The Catch of The Day - Avoiding Phishing Scams

(Note: This is an extended version of our article from the June 2009 Newsletter)

Phishing (pronounced “fishing”) emails and websites are created in order to trick you into divulging confidential information, like passwords, bank account information or credit card numbers.

The most common type of phishing scam is an email with a link to a website which looks like the genuine article, but is just pretending to be the real thing to trick you into entering your real username and password. This is how much of credit card and bank account information is stolen online.

The most recent phishing scam, which started targeting the Commonwealth Bank and then moved onto other banks was a step up from what we have seen in the past, with vastly improved English, and a number of clever psychological tricks to make a person feel compelled to act quickly. Some of the most effective messages even claimed to be a “Security Alert” or claimed that your account had been compromised. Other emails included topics such as “There has been an error in an online transaction. Please log into your account via this link to verify the transaction.”

The whole purpose of a phishing attack is to get you to click the link.

From here, one, or possibly both of the following will occur:

1. This link will take you to a webpage that looks quite similar or even identical to the login page for whatever banking site you use and there will be a field for your username and password. After you have typed in your information, the information gets sent off and recorded so that they may use it to log into the real account and steal your money.
2. The fake website will install malicious software on your computer.

Because of this, as a general rule, banks and financial institutions will never send you emails with direct links to a login page (and if they ever do perhaps you should move your money to another bank).

You need to always be vigilant about links in emails simply because it is so easy to make fake emails that look like the genuine article. If you receive an email from a site you signed up to, or you went to a site and asked to have your password reset then those links are probably okay. If an unexpected email arrives asking you to log in to a system then you should treat it with a great deal of suspicion.

So if you ever receive an email claiming to be from the bank asking you to “Click this link,” or “Click here to enter your financial details,” or “Login here to verify your account” then treat them with a great deal of suspicion. If you are still not sure, call the organisation that claims to have sent the email. Alternatively, if you know how to login to the page then use your browser and navigate yourself there. Don’t click the link in the email

Keeping Your PC Clean of Malicious Software

(Note: This is a reprint from our April 2009 newsletter)

Following on from the newsletter article last month, we will recommend some tools that we use to keep our machines clean and explain their use.

Anti-Virus Tools

There are several out there, some of them good and a lot of them bad. The main ones that you may have heard of are:

• AVG Anti Virus
• Norton Security
• McAfee Anti Virus
• Avast AV
• PC-Cillin
• Kaspersky

Out of all these programs, we generally recommend AVG. The rest will do an adequate job, but they all suffer from the problem of slowing down computers.

This has a lot to do with the way that these programs have been designed and added to over the years. Generally, instead of starting from scratch for a new release of the software, they add more and more to an older version, which makes them bloated and can cause severe slow down on machines. McAfee and Norton are serious offenders when it comes to this, installing several processes on your machine that, in our opinion, in many cases are completely unnecessary.

AVG has been around for about 4 years, thus making it relatively new on the market and we have not had any issues with their software to date.

Malware Removal Tools

Malware removal programs are more offensive in nature than Anti Virus programs, which is to say that malware removal programs seek out and destroy malware, while Anti Virus Programs defend your computer from attack. When you do manage to get an infection, sometimes the Anti Virus program is unable to remove it, or it has become infected itself, making it blind to the infection. In this case, there are some tools that you can download that have a good chance of removing the malicious software.

• MalwareBytes
• Spybot Search and Destroy
• AdAware
• HiJackThis

Now these programs are less well known by the standard user, but are quite effective at removing nasty programs. MalwareBytes is designed to eliminate any infection, be it spyware, malware, viruses, phishing software, tracking cookies. Spybot S&D and AdAware are more aimed at the spyware and phishing programs, which are the most common form of infection. Spyware and Phishing programs track your internet usage to see what websites you go to and can open popups to infected sites. Phishing is particularly dangerous as it can track your credit card and pin numbers if you do online banking. HiJackThis is a more complex tool and is generally only recommended for the advanced users. It allows you to view running processes (much like task manager) and remove the programs associated with these processes. This can you do not know what you are looking for, so please use with caution.

Hopefully this advice will help keep your machine safe.

Browsing the Internet Safely

(Note: This is a reprint from our March 2009 Newsletter)

One of the questions we are most frequently asked is how to browse the internet safely and not come in to contact with any nasty or malicious programs. Most people these days have heard of a Computer Virus, some have heard of Spyware and Malware and everyone knows that having an up to date Anti Virus program on their machine is vital in this day and age. The problem is that having an Anti Virus program does not completely stop you from accessing malicious software. It does lessen the risk, either through straight up blocking the program, or warning you of the possibility of a program being malicious and then requesting permission to continue. The problem you may ask yourself is, how do you stay safe? Those of us who are aware of these problems know a few ways of minimizing these risks and we hopefully can pass some of this knowledge on to you.

Assuming you have a virus scanner, probably the most important rule online is “know what websites you are looking at and what you are downloading”. If you are on a website that looks a bit dodgy (good indications can be several advertisements trying to sell emoticons, Viagra or the like), you need to make sure you know exactly what it is that you are looking for on the particular website. I will use an analogy to try and explain this one a bit better. Say you are walking down Kings Cross, shopping for a particular item. On the way you walk past an alley. Now it's possible the item you want is at the end of the alley, but there are some obviously undesirable looking people lurking down there as well. Now we instinctually know to NOT go down that alley as something unpleasant may be waiting down there. The Internet is very similar. It is massive city full of Giant Shopping malls and Theme Parks, but there are also dodgy alleys. The only difference is that in the real world we can all recognize these dangerous places. Not all of us are able to recognize the dodgy alleys that you will come across online.

Another good step is not using Internet Explorer, which is the default Internet Browser that comes with every Windows operating system Internet Explorer is the most commonly used Browser on the planet, which makes it a big target for people who write malicious software. A large portion of malicious software written is designed to attack loopholes and faults in Internet Explorer. Generally we recommend using Mozilla Firefox as a browser (download here), though there are other Browsers out there that do just as good a job. Firefox is free to download and is much less widely used than Internet Explorer. This does not mean that it won't function as well as Explorer. On the contrary, it has many more useful tools that can be added and downloaded to it. Useful tools like Flashblocker, which will stop any Flash images, which can have viruses or malware embedded in them, from loading on a webpage. Flash images are embedded moving images on a webpage, usually used for advertising or displaying movie files, like YouTube. What FlashBlocker does is stop Flash images from loading automatically, but allows you to run them by clicking on the Flash image that you wish to view.

One of the most common ways of having malicious software installed on your machine is for a website to have a popup window with an error that says something like “We have detected a virus on your' computer! Click yes to find out more information or to remove the virus!”. Ironically enough, this is usually a virus trying to trick you into installing itself on your machine. If this warning was not generated by the Anti Virus program that you know is installed on your' PC, then you can safely assume that this is some sort of malicious software trying to install on your' PC. You need to remember that in most cases, you have to physically install or browse to a website that has a virus attached to it. It is very rare that a virus can install itself without your active participation. Several Anti Virus programs have pop up blockers built in to them to stop exactly these kinds of attacks. Most Internet Browsers have programs built in to stop these pop ups as well, Mozilla Firefox has a particularly efficient one.

So, be mindful of where you are browsing (have you turned into a dark alley), think about using a different browser to Internet Explorer, and ignore any virus warnings on websites unless it is software you know you have installed.

Next issue we will talk about some of the free tools and techniques to help keep your machine safe from Internet nasties.

Going Wireless

(Note: This is a reprint from our June 2004 Newsletter - much of it is still relevant today)

Customers may recall that when wireless technology first started to become prevalent we cautioned against using it, largely because the security for wireless communications was inadequate. The advice was well founded. For example, 128bit WEP (Wireless Encryption Protocol) was the best protection available under the old 802.11b standard, but could be broken by a normal computer in only a few minutes. That is, an attacker could sit outside your premises, and break your security in a matter of minutes using a normal notebook and a wireless card.

The advice was well founded then, but is starting to become obsolete now. The new wireless standard, 802.11g, contains a number of new security measures that have drastically improved the security of wireless networking. In addition to this, the price of 802.11g capable equipment has come down significantly from when it was first released to the point where it is affordable and only slightly more expensive than 802.11b equipment.

So where might you think about using wireless? As always, where it makes sense for the business by either being cost effective compared to alternatives, or giving you a capability you need. For example, if you had a building that you need to setup an office in, and had no data cables in place already, you might decide that setting up a wireless network at approximately $150 a station was a better strategy than paying an electrician $200 per point to setup data points and data cabling.

This would apply double if there were reasons you couldn’t easily modify the building, such as solid concrete walls/floors/no ceiling space. Another example might be if you wanted people to be able to use their notebook computers in a conference or meeting room, but didn’t want to have to cable the room. Finally, if you had wireless devices necessary for your business process, such as using PDAs for managing stock inventories in a warehouse, wireless is a good solution.

On the other hand are some examples of places where wireless was used without good business justification. One client told us that one of their users had decided to install wireless, seemingly purely out of their own interest, and had the system setup so that the base station (that connects to the main network via a cable ), and the wireless computer were on the same desk. The radio signal traveled all of three feet. They had no real need to work away from their desk.

Net result = money wasted, no new required capability delivered, and because this was in the 802.11b days, the security of the network severely reduced.

There are some other things to keep in mind when considering wireless networks. For example, if you were thinking about using wireless for a whole office, rather than cabling, you need to consider how you are going to deliver telephone to people’s desks.

There are ways to do this over a computer network, such as VOIP (Voice Over IP), but very few of these solutions would be cost effective for smaller organizations, and the technology is still a little immature (things are a bit different in 2009).

Another thing to consider is what your actual bandwidth requirements will be. For example, 100Mb switches are now the entry level standard for cabled connections. However, the 802.11g standard is only at 54Mb shared between all computers. If you have network intensive applications you may find, with only a few computers (say 4), that 802.11g does not give you the performance you need.

None of this is to say don’t do it, only that, as always, and particularly with new technology, you should convince yourself of the benefits at a business level. Believe me, this is hard advice for a geeks (like us) to give, but it is what we consistently advise. New technology is always interesting, and for us, fun to play with. That doesn’t mean it is necessarily right for customers.

Quick Tips on Wireless Security for the Enthusiast (may not make sense to others):

• WEP under 802.11b is better than nothing, but that is about it. An attacker can break 128 bit WEP in minutes with a notebook and wireless card, sitting outside your home/office. Yes, people do wander about looking for these connections, often just to obtain a free Internet connection. Your risks of this increase if you live/work in high density areas but it could happen anywhere if you have the wrong neighbors.
• MAC address security is not really much security at all. MAC addresses seem like long random numbers, but they aren’t really. Most manufacturers publish the MAC addresses they use (they have to, so others don’t make gear with the same addresses), and there are tools on the Internet that let a person try and test all possible MAC addresses in seconds.
• WEP and MAC address security combined is not really very strong. If you choose to use just this, for convenience, just be aware in your own mind that there is some risk. Ways to control the risk include putting a personal firewall on all the machines connected to the wireless network, and keeping an eye on your broadband usage throughout the month to make sure you don’t get a nasty shock.
• If you can afford 802.11g equipment then buy it, and use rotating WEP keys and other security features. These features start to offer real levels of security.

Anti-Virus Defences

(Note: This is a reprint from our August 2003 Newsletter)

Recently Green Light IT had too help a customer clean up after a virus infection, and I was reminded how expensive an exercise this can be for an organization, in terms of money for services from people like Green Light IT and in terms of lost productivity.

Just after this work came the blaster virus, which some customers were properly protected against due to good management, and others have, so far, survived due to good luck. So far no customers have been infected thankfully.

The nature of viruses continue to evolve to the point that good anti-virus protection relies on more than just having current anti-virus products and using them.

Instead we are seeing viruses that need effective “network security” to prevent them.

Of course, although this breed of viruses may seem new, it really isn’t. As I look back through previous stuff we have written I note that in October 2001 we wrote an article about the Nimda virus that made it clear that we can expect virus writers to start using recently announced security exploits as new ways to propagate viruses.

The article is still on the website at: http://www.colmancomm.com/ (this link is no longer valid sorry). It’s the fourth item in the list of “Stuff”. In fact I felt so much of what was written there was still relevant, that I was tempted just to reprint it as this newsletter’s editorial. It might be worth your time to read it, and make sure that your business is at least doing the basics mentioned there. However, I thought I might expand on the nature of these newer viruses, and what you should be doing to protect yourself.

Most businesses these days connect to the Internet in one way or another. What is also clear these days is that most viruses come from the Internet, whether via email, downloading infected files from the web, or even an infected machine trying to directly connect to your network and infect it.

Given that this is the entry point for most viruses it does deserve special attention. So of the three infection vectors I mentioned above (email, web and direct connection) what are three ways to mitigate the risk.

Email:

By and large email has carried the lion’s share of destructive viruses over the last few years. In addition to running desktop anti-virus products, your email should be scanned by another set of anti-virus products, either by you, or a third party. We offer an economical service that does this, but your ISP may also offer it as a standard part of their service. For those of you that host your own email server (i.e. not done by the ISP) you should see to this immediately.

Web:

Web is difficult to protect against because there is no real opportunity for any system to inspect a file until it is fully downloaded on the users computer (although there are some products that try to do it I don’t think any of them are satisfactory for use) (note - fast forward to 2009 - there are options now).

The two strategies that work against this are 1) getting Anti-Virus products on every vulnerable system inside your environment and keeping them up to date (including servers) and 2) educating users about the danger of downloading programs and other executable content from the Internet.

In our experience 1 is far more likely to have success than 2, but if you can do both that is better.

As another step it might be possible, depending on your network configuration, to prevent most users from downloading dangerous files. If these files do need to be downloaded, you can have it done by one person only in the office, who is hopefully a little more judicious than others.

Network:

Network borne viruses, which try to directly connect across the network and infect other machines, are the type that have been increasing in prevalence over the past couple of years. They also seem to be the ones that cause the most trouble these days, including such notorious candidates as Code Red and now Blaster.

It is well and truly past time that you should be operating a firewall on your connection to the Internet. For customers still connecting to the Internet through winproxy setups and the like, and those customers connecting through straight windows dial up, it is time to take some action.

Personal computers, which do not always have the protection of a network firewall, such as home PCs, roving laptops etc, can be protected by installing a good personal firewall product, such as ZoneAlarm from ZoneLabs (note for 2009 - most AV products include firewalls now).

Systems that provide connectivity for a whole network should probably be replaced by a dedicated firewall. Exactly what product best suits depends on your requirements. As all of our customers know, we market the SENSEI Firewall, but there are many other options too depending on the features you are after. Blaster is the wake up call. It is time to reconsider the anti-virus defenses for your business and make sure they are in good nick.

As always, you can contact us for advice and assistance.

Open Source Software

(Note: This is a reprint from our June 2003 Newsletter)

By now you have probably heard about Open Source Software, and wondered what it was all about.

We thought we might do a bit of a Q&A session on open source software this newsletter that might explain some things about open source software to you.

Question: So what’s the deal with open source software?

Answer: Well, it’s free, basically.

Question: Your kidding right?

Answer: No, it’s free.

Question: So what’s wrong with it?

Answer: Well, nothing really.

Question: So how come it’s free?

Answer: Because the people that make it are not seeking to make profit from moving units of software.

Question: How can they afford to do that?

Answer: A couple of reasons; 1) unlike creating physical commodities, the incremental cost to create a copy of a piece of software is effectively zero. 2) The development is usually funded either by donation, or by businesses that have a business model that doesn’t involve selling software.

Question: But you get what you pay for right? So I imagine this stuff isn’t much good?

Answer: Actually it’s quite good; in many cases it is equal to or better than the commercial equivalent. As for getting what you pay for, remember that the incremental cost to make a second copy is zero.

Question: So what sorts of free software is there?

Answer: All sorts; operating system software, such as Linux and FreeBSD, free server software including mail servers (Sendmail, Postfix) , file sharing (Samba), databases (MySQL, Postgres) and web servers (Apache). Also, software for the desktop including office suites (Open Office), photo and picture tools (The GIMP), Email clients, encryption and VPN tools and more.

Question: But you couldn’t run a whole business on it could you?

Answer: Maybe, maybe not, it depends on what specialist software you may need, and what platforms it will run on.

Question: So who is responsible for supporting it?

Answer: No one, it does come as is with no warranty. However most open source products are supported strongly by their developers as well as the community of people using the products. You can almost always find help, and usually someone has had exactly the same problem as you before.

Question: So there is no one to sue if something goes wrong?

Answer: True, but do you seriously think you could sue Microsoft if something went wrong with their software.

Question: So it’s free, how else does it help?

Answer: In many cases it is more stable, but heh, isn’t free enough? MS Office Pro is running over $1000 per licence, and you can get open office for nothing.

Question: So if I got this open office thing I could do all the stuff that MS Office does?

Answer: Pretty much. There are sometimes issues opening MS Office files with open office, but you can always ask your correspondent to send it to you in another “standard” format (MS Office is not a standard format, although it is a defacto standard). As for sending stuff to clients, you should be using a PDF format anyway, to prevent clients from trivially changing the content.

Question: So what are the other problems?

Answer: Well, you also want to make sure that you pick the winners in terms of choosing open source software that has been around for a while and should continue to be well supported. This is usually easy enough though, particularly if you consult someone in the know. There can also be issues with compatibility, a bit like Open Office. Once again, consult with those in the know.

Question: Okay, so you save money, it is as reliable or better, with no unmanageable problems. Why isn’t everyone doing this?

Answer: Open Source Software doesn’t have money to run expensive marketing campaigns. Many people are simply not aware that it exists. Add to that a strong misinformation campaign by software vendors (people that make money selling software) and you have a combination of ignorance, and unjustified skepticism.

Hope you enjoyed the Q&A session. If you have more questions than answers at this stage feel free to drop a line to the office.