Anything "Duochrome" or "Chameleon" can also be found using the tag "Color Shifting"

Updates & Notices

Warning: This blog and some info within is out of date. The date of any updates are usually noted at the top of each page/entry. As of 1/08/20, all pages have had dead links removed/repaired as well as 2010 entries and 2011 Jan-July.

Friday, November 18, 2011

Beat the Hackers

Links checked 12/12/13.
 
When I wrote this, I was on a Windows 7 computer so I can't swear that these tips/ideas work equally well on Windows 8.
 
So I spent the last three days ensuring my computer was in fact no longer infected from Trojans and hijacks and I've been doing a bit of thinking. This is not the first time I have had this problem, nor will it be the last because as many programs as there are out there, there are just as many hackers looking to get their kicks from invading what is not theirs. It was said once before by a friend that I seem to have a lot of trouble in this department but that's not exactly true, I just happen to have a better feel for when my computer is not behaving properly. Aside from being married to a man with a 15 year long computer tech career and the patience of a saint, I go poking my little nose into all aspects of my pc's operation, every system folder there is and all those areas a good tech looks at for problem solving.

Hackers and hacking is such a huge topic, even Playboy magazine did an article on it and I have to say, it was depressing. The U.S government's Department of Defense, according to the article, has had a worm in its network for three years but hasn’t been able to eradicate it. Last year hackers were able to implant a virus in the system of a uranium-enrichment plant in Iran that caused the centrifuges to fail at more than 10 times the normal rate. As they pointed out, this was something in virtual space causing real-world damage. Think about it, these people are bored, proud of what they do and persistent, some of them are just plain mean. If our own governments can't stop them, you think the Average Joe in cyberspace can?

No, we'll never stop them entirely. As long as you continue to access the internet, you are vulnerable; the only way to "lock down" a computer is to have no internet connection at all. "The immediate concern is that the internet could turn into a cyber South Bronx circa 1979- a neighborhood where crime is so commonplace that we stop going there."

Once, about 10 years ago, I witnessed a live action hijack of my father's computer, this person taking hold remotely and opening windows and entering passwords as quickly as I tried to shut the computer down. And if you think running anti-virus software like McAfee, Nortons or Trend Micro and paying for a yearly subscription is going to stop these hackers from trying (and sometimes succeeding), you're wrong. All it does is slow them down.

This last incident of mine was caused not by my own stupidity on clicking where I shouldn't (as my boys have done) but by doing my normal thing- window shopping. I was doing a Google Search for magnifying cabochons, clicked on a link to a legitimate jewelry supply store and was immediately hijacked. That hijack was spawned by a live person that has malicious code attached to the store, most likely completely unknown to the website owners. Followed on the heels of this hijack were multiple trojans in rapid succession and within the next few days, I finally found that little bastard Trojan downloader. Not the first time that’s happened either- I’ve gotten hijacked going to Nail Gal, the Community Nail Polish Gallery.

You can be proactive though and help to eliminate a lot of threats at the outset: use common sense, a few programs and be more secure. Just because a thief can break your window and enter your house doesn't keep you from locking the door, does it? I'm going to give you some education here and a few tools with which to arm yourself.

Let's start with the common sense stuff that apparently is not always common sense for some people.

If you are running a Windows based operating system, password lock your account and don't make it any easy one; when my husband has to service my pc, he has to ask me for the password, it's too complicated for him to remember. Yes, it can be a pain to log into your own pc every time you boot it up but it makes it more difficult to be hijacked. You also need to password lock your Safe Mode Account too.

No password should ever be the same as any other you use. Make it long, mix your caps and lowercase, use numbers and it should all be random, nothing personally relevant (like using your birth year as a PIN # for your ATM card). If it is peronal, make sure no one would understand the reference but you. This security measure is entirely obvious to me but for convenience sake, hubby tends to use the same password for everything with only slight variations which is a big no-no... he uses his own pc for gaming but not much else. My husband hates my passwords but Fort Knox would love me.

Do NOT save passwords or account information on your computer and don't allow websites to save that information for you. Even if that info was in a password locked document, it is not safe. The same goes for auto-completion of entries (in your browser) for these things.

When possible, use web based email such as Yahoo, Hotmail etc. Some viruses spread through sending emails to those in your address book but this is not possible if the email is web based as opposed to using Microsoft Outlook or a similar email program installed on your pc, because addresses are not being stored on your hard drive.

Don't be a dummy and open attachments or emails from senders you don't recognize. If you must, download it to your computer first, virus scan it and then open it. Always choose "save" instead of "open" or "run" for that very reason on most things unless a program you are intentionally using specifies otherwise.

Again, with emails, if the subject line reads "Re: " but the sender is unknown, exercise caution opening them. They can't "Re: " you if you've never emailed them, there's nothing to respond to. And don't go clicking links in odd emails either.

The temporary files your computer saves should be deleted periodically and there are temp files in more than one place on your pc. You will acquire many of these simply by browsing the internet and they can be deleted by going to your internet options/browsing history in Internet Explorer. Cookies hide there and not all cookies are harmless. Temporary files can also be deleted by doing a disk clean up on your hard drive(s). There are other ways as well but I'll get into that later.

Your Disk Defragmenting tool from Windows is more valuable than you might think. If you view your pc as a big stack of papers, the defragmenter’s job is to put everything back in order that gets moved during operation. If you defragment often enough, you’ll also observe patterns here than can alert you to a potential issue- like if it spends an inordinate amount of time on one section of your pc it doesn’t normally. This doesn’t necessarily mean you do have a problem though so don’t assume you do, verify the issue with other programs.

Hubby claims half my problems with hackers and viruses come from running Windows XP instead of Windows 7 which he’s been trying to talk me into for years. He says Windows XP has too many vulnerabilities to exploit, much like trying to plug all the holes in a ship before it sinks. The Java platform in particular on XP is a favorite target of Trojans and worms.

That was the common sense, now we’ll move onto antivirus and protection programs.

The majority of viruses are going to go into the drive Windows OS is in and any drive you install programs to but that doesn’t mean they won’t go elsewhere so you should do a full scan once in a while with a thorough program. Also, not all viruses are going to cause trouble right away- some attach to files or programs and will not activate until you access them which means they can lay dormant on your system and go undiscovered. Others may replicate every time you restart because they are buried in the startup, even after being removed/cleaned.

There are paid programs with yearly subscriptions and free programs that do most of the same things and no single program is going to catch everything. So what’s the difference between a paid antivirus program and free ones? I asked Hubby this and his response was that some have better scan engines and update definitions more frequently, meaning they are going to catch more and stop more. I will also add that they give you added control over your firewall but most people don’t know enough to go tweaking the settings. Besides, if you bothered to watch and track the traffic that hits your pc during the course of a normal day, it would make you paranoid.

If you want to go the paid route, he recommends ESET or Trend Micro- each company has a variety of protection programs. The caveat here is that if you don't pay the yearly subscription fee, once the 'script is up, you don't get updated virus definitions. ESET and Trend Micro also have free online scanners although in the event of a serious infection, you may not be able to get to them. To ESET’s credit, their online scanner picked up some things this evening that everything else had missed.

I personally dislike the hefty subscription fee so going with free, my first suggestion is Ad Aware by Lavasoft, specifically Ad-Aware Free Internet Security. They have a paid version with some additional features but the free version gets the job done, updated definitions included. It will pick up a lot of infections and most of your internet cookies and, if enabled, has live protection that will run in the background. If you use this enough and pay attention, you see patterns in its scanning which can alert you to suspicious activity just by how long it takes to scan a particular area (like with the defragmenter). A full scan and a custom scan are going to look for the same things but the full scan is going to take a while depending on the size of your hard drives. The custom scan allows you to decide which drives you want it to scan, saving time.

Second is Microsoft Security Essentials. There’s not much in the way of additional tools included with this program but it's live protection finds a lot of my Trojans, alerts me to hijacks the second they happen (if I didn’t already know) and removes/stops the threats. This also has full scan/custom scanning options.

Third is Spybot Search & Destroy by Safer Networking. They currently have two versions available for download but the second is still in the beta testing stages. I’ve used both but am at the moment using the original because the second, while having much more live protection and built in tools, eats up a lot of system processes when running in conjunction with other programs like the ones mentioned above. Spybot v.1 (the original) also has a Secure Shredder tool which enables you to load temp files stored on your pc and “chop them up”, effectively destroying them.

What do you do if you suspect you have an infection? Yes, I have advice for that too but get your shovel ‘cause it’s time to go digging, or at least acquire a program to do the digging for you. Assuming you’ve used your other programs, online scanners and either been unable to find it or eradicate it all, you can use a couple “behind the scenes” tools.

Trend Micro’s Hijack This. This is an effective program but unless you’re a tech, you may not know what you’re looking at so it would be a good idea to run it when your pc is operating normally and familiarize yourself with what appears in the log. This way, when something abnormal pops up, you’ll recognize it for what it is… but as the program itself warns, exercise caution when deleting entries; “if you are not a professional user Trend Micro encourages you to submit your log file to one of the HijackThis forums.”

Trend Micro’s RootkitBuster and Kapersky Lab’s TDSSKiller are both antiroot-kit utilities which can be helpful in finding and removing things buried deep within your system. They do the same thing but they aren’t going to find the same things, at least in my experience. If they find something, it usually is a problem so you should allow it to clean them out and then delete anything in quarantine. For TDSSKiller, once program loads, click on Change Parameters and select BOTH Additional options and then run the scan. RootkitBuster will not work on 64bit systems.

I’m only satisfied when one after another, all these programs come clean… for however long it lasts.  Knowing hackers and their ever-evolving code, it won’t be very long. With a few programs, I can generally service my pc without my husband’s intervention but that’s not due to just experience, I’m not afraid to look things up if I don’t know what they are. There are a multitude of support forums out there for that reason- MK

7 comments:

  1. Thx for posting this! I have had the same problem since Wed. I went to a nail blog/website that wasnt on blogger and knew right away I had a trojan because a popup came that said I needed to buy some software to fight a virus and I couldnt get out of it. I am still fighting it! I cant search on Google. I have anti-virus software but its not working! I will not ever go on that site again!

    ReplyDelete
  2. Your welcome, hope it helps. At least you remember the site you visited. I have no idea what jewelry supply store nailed me so I haven't searched for my cabs since. Your antivirus software probably doesn't have the definition or it may be infected too. Just a possibility to consider.

    ReplyDelete
  3. This is fantastic info! I'll say that I used XP for years and years and I was always running into nasty stuff but after switching to 7 I don't think I've had any major problems. I'm going to run ESET in a while, I've never heard of it. My typical setup is free AVG that scans daily. Malwarebytes, Ad Aware, and Spybot at least once a week. and PeerBlock it's kind of an odd one but it lists incoming ips it blocks and what they are.
    Micki-Lacquer Nirvana - I had that before! Try scanning in safe mode with the internet turned off. Pretty sure i finally did a Hijack this log and posted it, friendly forum people helped me fix it up.

    ReplyDelete
  4. Thank you for sharing this! You are so multi-talented- awesome at frankening AND computers too?!

    ReplyDelete
  5. Hi MK, I've awarded you the Versatile Blogger award which you can claim here http://glazedtalons.blogspot.com/2011/11/versatile-blogger-award-who-me.html

    ReplyDelete
  6. Thank you Thalie although finding 15 other bloggers to pass it on to is a tall order to fill.

    ReplyDelete

Thank you for taking the time to visit my blog- and for leaving a comment if you do. Some get away from me but I try to respond to every one.