Tag Archives: Windows Security

A Sneak Peak at New Windows 8 Security Features

Security has always been a challenge to Microsoft. Being the most used Operating System, Windows also holds the position of being the most targeted Operating System. With Vista and Windows 7, Microsoft had done an excellent job in making  Windows  secure by adding features such as the UAC, Windows Defender, Bit locker drive encryption, etc. Now they have gone one step further to improve upon the existing features and have added new ones as well.

Here are some of the major security improvements in Windows 8.

Windows Secure Boot

Windows Secure Boot is a new feature that protects users against malware that affects the boot path. Common malware affecting boot path include boot loader viruses, boot sector viruses and rootkits that try to load as malware. Windows Secure Boot relies on allowing only signed and validated code to load during the boot process  in order to the secure the boot path. If the code is unsigned, then the Windows Recovery Environment will be started which will try to fix the problem.

This service will require UEFI based Secure Boot feature to function. A point to note is that, even though the code is validated during the boot process, Microsoft has managed to reduce the boot time in Windows 8 significantly.

Improved Windows Defender

Windows Defender is Microsoft’s anti-spyware program that first debuted with Vista. They have now jazzed it up to add protection against all types of malware such as virus, worms, trojans and rootkits. It will be using the same malware engine as that of Microsoft Security Essentials and has a similar interface. The definition updates will be rolled out through the Windows Update as usual. Windows defender will also have a new file system filter to provide real time protection against malware.

Windows_defender

Apart from the new malware engine, Windows Defender will also interface with Windows Secured Boot in real time to check against infection in the boot path.

OS Level Smart Screen Filter

Social Engineering is one of the most dangerous weapons that the hackers have. Even the most tech savvy person can fall prey to these kinds of attacks if proper caution is not taken. IE9 already has a Smart Screen filter which will warn you when you try to visit a page with suspicious behaviour. With Windows 8, Microsoft is implementing this system wide. For this purpose, an application reputation database will be used. When you download a file, a reputation check is triggered and if the application that you downloaded is not rated, a message will be displayed warning the user.

smart_screen

 Microsoft has also made  many changes internally including changes to ASLR, Windows kernel and Windows heap. Stay tuned for more posts on them.

To see a demonstration of the above features, check out the Building Windows 8 blog.

Are Public Libraries Still at Risk Because of Microsoft?

A reason to panic?

public-library-iconBack in April of this year, Yardena Arar posted an article at Windows Secrets titled Microsoft decision puts public libraries at risk.

What did Microsoft do that puts libraries at risk?

They retired Windows SteadyState. In case you haven’t heard about it, SteadyState is a free application for Windows XP and Vista which completely protects a Windows operating system from everything except a hardware crash. It makes Windows almost bullet-proof. Thousands of home users, internet cafes, schools and public libraries depend on SteadyState for protection. However, it won’t be available for Windows 7.

According to Yardena,

… not only is SteadyState incompatible with Win7, Microsoft says it has no plans to introduce a Windows 7-compatible version. That’s leaving some IT managers scrambling for replacement technology and others vowing not to upgrade to Windows 7 at all.

Windows SteadyState is going away?

I recently discovered that it’s not only unavailable for Win7, SteadyState won’t be available after Dec 31st of this year. That’s a twisted Happy New Year’s wish to everyone wanting to use it on XP or Vista. If you plan on using it, be sure to download SteadyState from Microsoft, before it’s too late.

Are there alternatives to SteadyState?

If you settled for the answer given in that Windows Secrets post, you’d give up. In the article, Yardena says:

Third-party solutions, such as Faronics’ Deep Freeze, don’t appeal to cash-strapped educational institutions, which are already spending considerable money upgrading to Windows 7.

Worse yet, if you listen to Microsoft, they’ll tell you that you don’t need it. Here’s the Microsoft spin:

We have just released a whitepaper along with an accompanying document that describes Group Policy settings that you can use to configure computer and user settings and also a reference excel worksheet which can be used to look up and filter the settings described in the whitepaper. (source)

What a load of techno-crap! Does Microsoft think a librarian, teacher, cyber-café owner, or home user is going to read their white papers?

What is my suggestion for replacing SteadyState?

Fortunately, a security company named Comodo, recently released a free replacement for Windows SteadyState. As far as I can tell, Comodo Time Machine does nearly everything SteadyState does. It’s currently supported and works in Windows XP, Vista and 7.

arrow-down-double-3Download Comodo Time Machinecomodo-time-machine-icon_thumb

If you are interested in Comodo’s offer, check out this Video Review of Time Machine.

Why do we need Windows?

Why does a public library need to depend upon Microsoft for all of their software needs? The answer from any Open Source enthusiast would be Get rid of Windows!. If you need some arguments to use against your library’s or school’s addiction to Microsoft, be sure to read about Windows 7 Sins: The case against Microsoft and proprietary software

Use Free and Open Source Software (FOSS)

If a librarian or teacher came to me and asked about setting up several public computers , I’d have two ready answers for them. I could save them money and practically guarantee that they wouldn’t have any spyware or virus problems.

edubuntu-icon1. I’d burn a set of Live CD’s with Edubuntu on them. They could disable the hard drives and put these in the CD Rom drives. Whenever the PC boots up, they’d have a fresh new operating system that’s ready to use and kid-proof.

2. I could also install Edubuntu on each PC normally, as this old timer shows in a video.

Conclusion:

Microsoft doesn’t have the answer, and they don’t seem to care. However, there’s no reason to worry.   Using either of my recommendations, secure and trouble-free public PCs can be created at no cost.

WinPatrol Cloud Brings Group Intelligence to PC Security

scotty-the-windows-watchdog

[Windows Only]

One of the first security apps that I install on a new PC is WinPatrol. I don’t feel safe without Scottythe Windows watchdog in my system tray. I was getting ready to install it on my new laptop, when I noticed that there’s a new version of WinPatrol being offered. Here’s a glimpse of WinPatrol Cloud (beta).

winpatrol-cloud

As it stands now, WinPatrol already offers you the ability to track and make changes to your Windows settings. Here’s a partial list of the features.

  • Notifies you when programs are added as autorun (launch at Windows start)
  • Notifies you when changes are made to file types (such as .EXE, .JPG or .MP3)
  • Notifies you when new toolbars or helpers are added to Internet Explorer
  • Notifies you when IE’s home page is changed by a program
  • Allows you to stop applications from being autorun
  • Allows you to delay the start of autorun applications
  • Allows you to kill normally hidden applications
  • Allows you to stop and control the running of system services
  • Allows you to view and remove cookies in Internet Explorer, Firefox and Chrome
  • Gives you information on unknown programs and services (Plus version)
  • much more …

Even without the added information from the PLUS version, the free version of WinPatrol is a great way to retain and increase your control of Windows.

At first, I didn’t see any new features in the cloud version. After upgrading my WinPatrol Cloud to the PLUS version, I discovered some of the new cloud features. Each page of information on unknown processes and services now has a place to vote on what you think of it.

winpatrol-cloud-stats-votes

As you can see, it’s also offering statistics on what other users have done with this program. This tracking of user decisions on configuration changes is one of the best new features. As the author says, it will be like the Millionaire’s “Ask the Audience” feature.

millionaire scottycloud

* Note WinPatrol is always free to use. You must purchase a license key to unlock the PLUS features. There’s also a portable version (singe EXE file) available, called WinPatrolToGo.

arrow-down-double-3 Download WinPatrol Cloud (beta)

Techie Buzz Verdict

I’ve used WinPatrol for over 6 years. It’s on almost every Windows machine I use. The addition of these new collaborative cloud features is like icing on a cupcake to me. WinPatrol always gets a big thumb’s up here.

techiebuzzrecommendedsoftware1

Techie Buzz Rating: 4/5 (Excellent)

SpywareBlaster – Low Impact Malware Protection

[Windows – all versions]

spyware-blaster-icon

Way back in the late 1990’s and early 2000’s, one of the first security apps I’d install on a PC was SpywareBlaster. These days, I don’t use it as often, however, it’s still excellent PC protection, especially if you are using Internet Explorer as your default web browser. Here’s what the website says about this application:

Multi-Angle Protection

Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
Block spying / tracking via cookies.
Restrict the actions of potentially unwanted or dangerous web sites.

No-Nonsense Security

SpywareBlaster can help keep your system secure, without interfering with the “good side” of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

spyware-blaster-main

Here’s a list of web browsers that can benefit from SpywareBlaster’s protection:

Internet Explorer
Mozilla Firefox
Netscape
Seamonkey
Flock
K-Meleon
and browsers that use the IE engine, including:
AOL web browser
Avant Browser
Slim Browser
Maxthon (formerly MyIE2)
Crazy Browser
GreenBrowser

SpywareBlaster does not have to run continuously in order to do it’s job. It simply applies a few registry settings to your PC and your browser that will help prevent drive-by downloads and bad ActiveX scripts. After you’ve installed SpywareBlaster, all you have to do is to enable the protection on the main screen.

spyware-blaster-all-protections

The free version of SpywareBlaster requires that you update it manually, however, there is a pro version that can update itself automatically. If you can remember to update it, the free version is fine for all users. The manual update process is very simple.

spyware-blaster-updates

There are a few other tools bundled in with SpywareBlaster, one of them is the System Snapshot. If you ever find yourself having a few problems with your web browser, restoring one of these snapshots may be an easy fix.

spyware-blaster-sys-snapshot

Another tool is Hosts Safe. Windows uses the HOSTS file to provide system shortcuts to various websites and some malware programs take control of this file to force your PC to places you’d never go on your own. You can create backup copies of your HOSTS file easily with this tool in SpywareBlaster and restore them later if needed.

spyware-blaster-hosts-safe

The last tool I’ll mention is a IE Settings section. As you can see, it offers two or three settings that can help you protect Internet Explorer.

spyware-blaster-ie-settings

Please note that SpywareBlaster is not a replacement for Firewall, Anti-Virus or Anti-Spyware tools. However, it’s normally quite safe to use it in addition to the tools you already have installed.


Download SpywareBlaster: Download.com

SpywareBlaster Website: javacoolsoftware.com

Techie Buzz Verdict:

SpywareBlaster is a great way to add an additional layer of security to your PC. I like the fact that it does not have to run continuously in the background in order to work. It’s been around for over 10 years and I’ve never seen any serious complaints about it. I can easily recommend it.

techiebuzzrecommendedsoftware1

Techie Buzz Rating: 4/5 (Excellent)

Windows Shell Shortcut Vulnerability Is Being Actively Exploited

Earlier this week the exploit code for a highly critical Windows vulnerability affecting all versions of Windows from XP to 7 was made public. The bad news is that malware developers are already actively exploiting this bug. Symantec has identified that the W32.Stuxnet worm, which spreads using this vulnerability, has already affected thousands of systems.

The Shell Shortcut Parsing vulnerability is a particularly worrisome bug because there aren’t a lot of things a user can do to protect himself. Even if autorun and autoplay is disabled, users can still get infected. All that the user is required to do is to open the compromised device, network share or WebDav. The only preventive measure is to disable icon rendering. However, doing so will basically cripple the Windows environment. To make matters worse, Steve Gibson from GRC research is claiming that a security researcher has already figured out a way to exploit this vulnerability through favicons.

Microsoft is obviously working hard to patch this severe vulnerability. However, an official patch may take weeks to come. Until then, ensure that your system has up-to-date malware protection, and avoid using Internet Explorer (other browsers can also be exploited, but possibly to a lesser degree).

Microsoft Security Essentials 1.0 – the best security solution??

Microsoft Security Essentials 1.0 is one of the best security packages available according to the renowned anti-virus software tester AV-comparatives. These tests are performed periodically by AV-comparatives on the numerous security solutions available.

The security software are tested basically by subjecting them to a plethora of viruses,worms,trojans etc observing how many are detected and also on the number of false positives. Also one of the most important tests is the proactive threat detection test which judges a softwares ability to detect new malware.

It was able to detect 59% of the viruses,trojans and worms thrown showing a respectable detection rate in the proactive detection test. This security package however truly made its mark in the false positives test showing only three false positives while many paid products showed over fifteen.

Its greatest advantage is that its free unlike most other security products which are paid, and their free versions are not that good. To use Microsoft Security Essentials 1.0, the only requirement is to have a genuine Windows operating system. The rest is free.

For more information : click here

To download Microsoft Security Essentials 1.0

Quickly Scan Any File with 40 Different Antivirus Engines

VirusTotal-icoThere are several online services that will allow you to check files for viruses or malware by uploading the files from your computer. One reason you might use one of these services is that you have downloaded a new program and you want to know if it’s safe to install on your computer. One of the services that I use most often is called Virus Total’.

Virus Total is a free, independent service that will analyze uploaded files with around 40 different antivirus engines. Here is the current list:

AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

They keep those engines up to date with the latest virus signatures, and they also offer detailed results from each engine in their reports. Virus Total is available in nearly two dozen languages.

To use this service, you simply visit the web page, click on the file upload button, select the file and wait for it to upload. Once the file is uploaded, you will often have to wait a few minutes for the scan results to appear. If you think that sounds pretty easy to do, you are correct. However, Virus Total now offers an even easier method, the Virus Total Uploader.

After you install the Virus Total Uploader [Windows Only] on your PC, you can right click on a file, then Send tothe Virus Total site.

virus-total-uploader-context-sendto-menu

After a few seconds, your web browser will open up to show you the results of the antivirus tests from Virus Total.

That’s not the only trick that the Uploader has for you. When you launch it from your Start menu, you’ll see three other upload options in it’s interface:

virus-total-uploader-main-interface

  • upload a file by choosing it’s process name
  • select a file by browsing to it’s location
  • type in the URL of a file on the web

Go to the Virus Total Uploader page to get it.

Techie Buzz Verdict:

Having a good antivirus program installed on your PC is a must have. The ability to double check files using 40 different antivirus engines is not required, but it sure is nice to have. If you’d like to try this application, I recommend it.

techiebuzzrecommendedsoftware1

Techie Buzz Rating: 4/5 (Excellent)

How to Find Out Who Is Spying On You

spying-on-you[Windows Only] Today, I found out that my computer at work had a trojan infection. Most of my co-workers would never have noticed the bug, but a little luck and the right tools made my discovery possible. Since I discovered the infection early, I was able to quickly  remove the malware. Do you know if evil computers are connecting to your PC? If you really want to find out, I recommend that you try two utilities from NirSoft.

Download and Install:
CurrPorts and IPNetInfo are both portable applications that are offered as ZIP files. You can unpack these ZIP files anywhere on your hard drive or even onto a flash drive to use them. CurrPorts and IPNetInfo work best if you put the files from both programs into the same folder. After I downloaded and unpacked them,   I ended up with the following files in my CPorts folder.

currports-file-list

Run CurrPorts:
You can run CurrPorts by launching the cports.exe file. It will scan your computer and display a list of processes on your PC that are using the network and internet connections. The list contains the following columns of information on each connection.

Process Name *
Process ID
Protocol
Local Port
Local Port Name
Local Address
Remote Port
Remote Port Name
Remote Address *
Remote Host Name
State
Process Path *
Product Name
File Description
File Version
Company
Process Created On
User Name
Process Services
Process Attributes
Added On
Module Filename
Remote IP Country
Window Title

Search the information:
The most important columns to pay attention to are the columns described below.

Process Name is the name of the program or service on your PC that is making the connection.

Process Path tells you where the program or service is located on your hard drive. It’s important to know this location if you suspect that you have a spyware, virus or trojan infection.

Remote Address is a set of numbers that is often called the “IP Address”. This address is needed to identify the computers connected to you by the internet.

Many of the connections you’ll see won’t even have a remote address and you don’t have to pay as much attention to them. In order to unclutter the list and concentrate on the remote IP addresses, you can use the Options menu and uncheck the item labeled “Display Items without Remote Address“.

currports-display-options

Identify WHO IS connecting:
Now that you have some IP addresses displayed, you can find out more about them by using NifSoft’s IPNetInfo utility. When you right click on any remote address shown in CurrPorts, you can find out more about it by choosing the IPNetInfo option. IPNetInfo will pop up and give you the WHOIS information if it’s able to.

currports-with-ipnetinfo

Here’s an example of the WHOIS info for a Google page in Internet Explorer.

ipnetinfo-report

IPNetInfo.exe can be run all by itself by launching the ipnetinfo.exe file. When it’s running this way, you will have to paste in the IP Addresses manually to initiate WHOIS searches.

Stop the Spies:
Once you’ve identified all the owners of those remote IP addresses, you should have a better idea about who they are. You can usually find out more about them by using the company name in an internet search. If you are still suspicious that the IP addresses you are seeing are from the bad guys, you can check in several places to find out if they are on a watch list. I recommend that you search for malicious addresses at hpHosts. Just paste the remote IP address into the search box.

If you’ve identified a connection you don’t want, you can right click on entries in CurrPorts and either “Close” the connection or “Kill” the process on your PC. If you have a process running on your machine that continues to connect to IPs that are suspect, you should probably save an HTML report as shown below, then run an Anti-Virus and Anti-Spyware scan. I recommend using MalwareBytes or one of the other good free spyware removers. If that doesn’t do the trick, get some help from one of the Anti-Spyware forums. I always visit Temerc.com‘s forums when I need help.

If you wish to ask me about some of your remote connections, you can select one or more items in CurrPorts, click on “View” > “HTML Report – Selected Items”. When the report pops into your web browser, you can copy and paste the information into the comments below this article. You can also save the report from your browser using the File > Save menu.

V

Have a good day and surf safely!

Safe Surfing and Email with Web of Trust

wot-icon[Windows, Mac, Linux] Web of Trust (WOT) is an addon or extension that identifies risky or dangerous links and websites while you are using your web browser. This addon is available for Internet Explorer, Firefox and Google Chrome web browsers. There is also a bookmarklet for Browsers such as Opera and Safari.

Here’s what the WOT website says about their product:

Protect yourself from online scams, sites with adult content, spam and other Internet threats. The WOT community has rated millions of websites so you can search, shop online and surf for fun without worrying.

When the WOT addon is installed in a web browser, it displays safety information about web sites in two different ways.

First, there will be a WOT icon at the top of the browser next to the address bar. It will be colored green, yellow or red to show you the general rating of the web page you are currently viewing.

wot-ratings

If you click on this icon, you’ll be able to see more details about the ratings.

wot-ratings-for-techiebuzz

The detailed ratings are broken down into four categories: Trustworthiness, Vendor Reliability, Privacy and Child Safety. As you can see, Techie Buzz is a winner in all four areas.

The second way that WOT displays it’s ratings is while you are searching at one of the popular web search engines. Ratings are shown for Google, Yahoo, Ask, Bing and Froogle.

wot-in-google

As you can see, there is a colored icon next to each search result. Clicking on the icons there also gives you more detailed information about each site. You won’t have to worry if it’s safe to click on search results once you have WOT installed.

Some online email services are also covered by the link identification from WOT. Here’s what my Gmail looks like in Firefox. This also seems to work in Yahoo Mail, Live Mail and AOL Mail.

wot-in-gmail

The WOT addon will make your online email far safer to use.

Downloads:

Download the WOT addons for Firefox, IE and Chrome

The WOT Bookmarklet for Opera and Safari

For those who don’t wish to install anything at all in their browser, I’ve found an online search engine which uses WOT to rate the search results.

Safe Search:

Try SurfCanyon’s WOT Search

Techie Buzz Verdict:

There are several other services that offer similar addons or toolbars to make surfing more safe. WOT is my favorite and it supports the widest range of web browsers.

Techie Buzz Rating: 4/5

New Free Virus Removal Tool from McAfee – Fake Alert Stinger

flying_wasp [Windows Only] McAfee is well known for it’s antivirus software, and you usually have to pay for their protection. They offer the free Stinger tool to help people clean out PCs that have been crippled by virus and trojan attacks.

fake-alert-scanner

There is no installation required. Just download it and run it. It works on all Windows PCs as far as I know.

I normally download a fresh copy of Stinger onto a USB flash drive or CD before I go off to help my friends with bug problems.

In addition to the standard Stinger, there’s a new version of Stinger out now called FakeAlert Stinger. It’s designed to specifically target multiple varieties of the FakeAlert trojans, such as, Kryptik, AVP Security, Fakespypro, Winwebsec, Antivirus Soft and XPSpy.

FakeAlert applications are a form of ScareWare that pop up fake warnings which attempt to trick you into running their scans and buying their premium products. It’s a huge money-making scam that’s been very effective against new PC users.

Download McAfee Stinger and FakeAlert Stinger

Notes: There are many other antivirus and anti-malware tools that can help you clean up an infected PC. Last year, Keith wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run AntiVirus on a PC That Will Not Boot.

Techie Buzz Verdict:

techiebuzzrecommendedsoftware1 There are two versions of McAfee Stinger. Both are very good, and there’s no reason not to use both of them when you need to clean up an infected PC. I have used Stinger for years and I’ve never had an issue with it. I only wish it was Open Source, so that more people could contribute to it’s effectiveness.

Techie Buzz Rating: 4/5 (Excellent)