Computer Security, Malware and Internet Poker

[NobleTruths]

I saw a post earlier today here about someone's computer being infected with a virus, so thought I would give some ways to better protect your computer.

The following article can be found on spywareinfoforum.com (SWI) here. This article is printed with the full knowledge and blessing of the SWI owner. If you wish to learn more, please browse SWI, or join our Boot Camp to become a Helper on the site.

If you have any particular questions, please post them or PM me. If you have an idea for a topic you would like me to address, please let me know. And please ..... Surf Safely



So how did I get infected in the first place?


You usually get infected because your security settings are too low.

Here are a number of recommendations to help tighten them, which will hopefully make you a less likely victim:



Safe Computing Practices


1.) Keep your Windows updated!

• Go to Start > Windows Update or navigate to http://windowsupdate.microsoft.com, and install ALL Critical security updates listed (you will need to use Internet Explorer to do this). If you're running Windows XP, that includes Service Pack 3, see Here for details.
  If you are running Vista, be sure to install The latest Service Pack.

• If you suspect your computer is infected with Malware of any type, please do NOT install any updates yet. Read the SpywareInfo FAQ and post a HijackThis log in our forums to get help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 (or SP1 for Vista) to help prevent against future infections.

• It's important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
  Please either enable Automatic Updates under Start > Control Panel > Automatic Updates, or get into the habit of checking for Windows updates regularly.

2.) Watch what you download!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.

• Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others are amongst the most notorious. If you insist on using P2P software, please read this article from MalwareRemoval.com for information on Clean and infected P2P Programs.

• Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!

3.) Avoid questionable web sites!

• Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.

• Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.

• In addition, never give out personal information of any sort online. And never click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!

• For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

Must-Have Software

*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other. Of the following programs, passive protection like SpywareBlaster, IE-SPYAD and MVPS Hosts file can be used with active resident protection programs effectively. The free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used. Only one scan at a time should be run.


4.) Antivirus

• An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free antivirus programs are Avast, and AntiVir. Please run only one antivirus resident at a time!

• It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

5.) Internet Browser

• Many malware infections install themselves by exploiting security holes in Microsoft Internet Explorer. It is strongly suggested that you consider using an alternate browser.

• Both Mozilla Firefox and Opera are next-generation browsers that are more secure and faster than Internet Explorer, immune to most known browser hijackers, and outfitted with built-in pop-up blockers and other useful accessories.

6.) Firewall

• It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows XP. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. (The built-in Vista firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.

• Two good free ones are Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" after the trial period expires. Please only use one firewall at a time!

7.) Install Javacool's SpywareBlaster

• This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
• Don't forget to check for updates every week or so. Also see this tutorial by Grinler. (Note: This tutorial is for an earlier version, so there may be some minor differences)

8.) HOSTS file

• Another good program is MVPS HOSTS. This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
• For information on how to download and install, please read this tutorial by WinHelp2002.

Other Cleaning / Protection Software

9.) Spybot

• Spybot Search & Destroy is a good free scanner. See this topic for instructions on how to run a scan with Spybot.
• Spybot has an "Immunize" feature which works roughly the same way as SpywareBlaster above.
• Another feature within Spybot is the TeaTimer option. TeaTimer detects when known malicious processes try to start and terminates them. It also detects when something wants to change critical registry keys and prompts you to allow this or not. See this tutorial by Grinler for more information. (Note: Tutorial is for an earlier version, so there may be some minor differences)

10.) Malwarebytes' Anti-Malware

• An outstanding all-purpose anti-malware scanner and cleaner is Malwarebytes' Anti-Malware. Although there is also a paid version with added features, the free version is fully functional.
  See This Article for details on how to download and scan with Malwarebytes' Anti-Malware.

11.) Windows Defender

• Microsoft now offers their own free malicious software blocking and removal tool, "Windows Defender" (Not compatible with Windows 98 and ME.) It also features real-time protection.

12.) Lock down ActiveX in Internet Explorer

• Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it locked down is very important.

• 
  For IE7 and IE8, open IE and go to Tools > Internet Options > Security > Internet, then press "Default Level", then OK.
  
  • For IE6, now press "Custom Level."
  
  In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
• So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?

13.) Finally, after following up on all these recommendations, why not run the following Browser security tests. They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

• PCFlank.com
• Qualy's BrowserCheck
• ScanIt Browser Test

Happy safe computing!

[kiwiMark]

What if I'm a pretentious mac user and didn't read your post 'cause any joke that I could make that was actually on topic would get momentarily deleted with the rest of this thread?

Please advise.

[UG]

too many colors my head hurts

[NobleTruths]

What if I'm a pretentious mac user and didn't read your post 'cause any joke that I could make that was actually on topic would get momentarily deleted with the rest of this thread?

Please advise.

I would suggest being patient. A Mac is not coded safer than a PC. Because there are significantly fewer of them, malware writers ignore them because the ROI is too low. If Macs become too popular, they will end up having the same problems as PCs. Pray they continue to be under-utilized.

[oskar]

*deleted cuz of pointlessness*

[kiwiMark]

I would suggest being patient. A Mac is not coded safer than a PC. Because there are significantly fewer of them, malware writers ignore them because the ROI is too low. If Macs become too popular, they will end up having the same problems as PCs. Pray they continue to be under-utilized.

This always makes me laugh. It's like saying "Your skin is not any tougher than a gazelle's. You're only safe from lions because there aren't any in New Zealand." It's not gonna make me go out and buy a rifle.

[Halv]

It's really not. It's more like saying something like "you starve just as easily as an etiopian" only better, cuz I suck at analogies.

Poker players are more often victims in targeted attacks, and if someone is targeting you specifically it won't matter much what OS you're using.

[NobleTruths]

This always makes me laugh. It's like saying "Your skin is not any tougher than a gazelle's. You're only safe from lions because there aren't any in New Zealand." It's not gonna make me go out and buy a rifle.

[kiwiMark]

I think oskar has the right idea. I was really expecting this to get snap-deleted, rather than any kind of discussion to ensue. Does this not count as spam?

[NobleTruths]

Does this not count as spam?

Not sure why it would be. These are great computer safety recommendations. I reference multiple sources to protect your computer. And SWI (ranked as one of the top internet sites for help) is a free forum, which does not charge for helping people with malware issues.

[kiwiMark]

A'ight.

[a500lbgorilla]

What in the hell is this? Useful information from a noob?! IN THE COMMUNE?!

[kiwiMark]

Hence my call for a kick/ban. Seems warranted.

[a500lbgorilla]

I think it's really our only option.

But I'm going to let it to play out freely because banning someone would mean actually doing something and that's just not in my playbook.

Welcome to FTR, NobleTruths. Post more.

[NobleTruths]

Cool, thanks, a500lbgorilla. I have other computer safety topics I would like to post, but if anyone has a particular reasonable topic (hint, kiwiMark ), please pm me or post here.

P.S. I did not realize it was against rules for noobs to have something useful to say.

[kiwiMark]

In these parts, it's against the rules for anybody to have something useful to say.

[NobleTruths]

In these parts, it's against the rules for anybody to have something useful to say.

[CoccoBill]

I like the first 3 suggestions, the rest are something between optional, recommended and spam. However, arguably the most important suggestion is missing: always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do. Google the Principle of Least Privilege.

"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
- Bruce Schneier

[Hawk]

I like the first 3 suggestions, the rest are something between optional, recommended and spam. However, arguably the most important suggestion is missing: always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do. Google the Principle of Least Privilege.

While this is good standard advice, it doesn't help most home users a whole lot. For most people, their data is all that really matters. OS/software can be reinstalled. Anything that can only fuck up whatever the user has access to can destroy everything that really matters.

"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
- Bruce Schneier

Nice quote. The frustrating part for me, as an especially security conscious geek and "the computer guy" for almost everyone I know, is that people assume that because they installed an antivirus program they have nothing to worry about. Trying to explain otherwise is like trying to explain poker concepts to someone that doesn't really care to learn them. It's useless. All I can really do for them is install the standard security softwares and set everything to autoupdate. Until they lose something that really matters (i.e. more than a few days without the computer) they won't ever really care.

Also, another tool for people to look at is Secunia Personal Software Inspector (PSI) (PSI - Consumer - Products) which scans the software on your computer and tells you what software needs to be updated.

[CoccoBill]

While this is good standard advice, it doesn't help most home users a whole lot. For most people, their data is all that really matters. OS/software can be reinstalled. Anything that can only fuck up whatever the user has access to can destroy everything that really matters.

This is what most users think, because they haven't yet had their identity, credit card and online banking details stolen. Losing the mp3s, family photos and pr0n is a bummer, but those things can actually hurt. In the bigger picture the important thing is that their computers won't become a part of a botnet. If the user account is not able to install bg services and rootkits or modify system files, the likelihood of the bad things happening is lowered dramatically.

[NobleTruths]

always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do.

Please read this article on Limited User Accounts and attack vulnerability.

In part, it states:

No, LUA still leaves computers vulnerable from drive-by download attacks that steal password/credentials, copy data records and documents, destroy files, ransom user content, serve as an attack platform inside an enterprise firewall, and serve as one of thousands of other computers as part of a Botnet. LUA just makes it more difficult for attackers to burrow their malware so deep into a computer (i.e., rootkit) that it may never be detected.

[revolvingiris]

safe computing practices


1.) use virtualization or separate computer to look at porn!

fyp!

[Warpe]

Noble Truths, why do the links you provided route through cardschat.com?

[kiwiMark]

Noble Truths, why do the links you provided route through cardschat.com?

BOOM my spidy-senses still work.

[NobleTruths]

This same post was placed on CC. I initially thought of doing a computer safety post after a friend there had a virus infection. Decided that helping others avoid getting infected because of security vulnerabilities was something I wanted to share here as well. There is no ulterior motives.

If I was purely a spammer, then 1) I would not be here as often as I am to answer your questions, 2) would have been playing the tournies here as long as I have, and 3) I would not be a member for as long as I have been before this post.

Is there something you have against people having a secure Internet experience? I am beginning to wonder if you run botnets, lol.

[kiwiMark]

The more helpful and reasonable you are the more it turns me against you. Am I a bad person?

[NobleTruths]

No, just makes me love you even more.

[JKDS]

I was like, lol spammer!

But then i was like...wait 4reals?

So now im curious if these links are safe and legit cuz then this is a pretty kick ass thread

[NobleTruths]

So now im curious if these links are safe and legit cuz then this is a pretty kick ass thread

If these links are not safe, I will eat your computer.

[wufwugy]

download.com exists for a reason

[UG]

seriously wufwugy

you have to change your signature I can't stop watching

[Juked07]

seriously wufwugy

you have to change your signature I can't stop watching

+1. I was trying to read the SHNL digest and his sig put me on a tangent..

[CoccoBill]

Please read this article on Limited User Accounts and attack vulnerability.

In part, it states:

Yes, I'm aware of this. How is this not completely in line with what I said? Btw I might play poker in my cowboy suit at night, but during daytime I fight crime as a security consultant.

[NobleTruths]

CoccoBill,

I wanted the readers to understand that a LUA does not fully protect them from potentially becoming part of a botnet or having other malicious events occurring. Decrease the probability? Maybe. If you go to an attack site, your computer will be targeted. LUA won't prevent that. It will potentially limit the depth of attack on your computer, but compromising your system is still likely.

The bigger picture is the layers of protection you can create for your system.
Safe Surfing-->Firewall-->Antivirus/Antispyware-->Updated System-->Registry Monitor.

I have not addressed the importance of System Backups; this will be for another post. However, if all else fails, and repair is not possible, having a way to recover via Backup is wonderfully preferable to wipe and reinstall OS from new. Just a brief preview on this: creating an image of your existing system, and storing that image on an external Hard Drive, will save you much grief. My tool for this is Acronis True Image. Another choice is Norton's Ghost, but.....I made my preference clear, i think.

[CoccoBill]

CoccoBill,

I wanted the readers to understand that a LUA does not fully protect them from potentially becoming part of a botnet or having other malicious events occurring. Decrease the probability? Maybe. If you go to an attack site, your computer will be targeted. LUA won't prevent that. It will potentially limit the depth of attack on your computer, but compromising your system is still likely.

Please explain how you're going to create a bot if you don't have privileges to install services, modify the HKLM registry or system files. I mean this in the nicest possible way but unlike poker and many other subjects, regarding computer security I really know what I'm talking about. Of course a limited user account won't fully protect you, nothing will. There's no such thing as 100% secure, there's just appropriate controls and effort to balance the risk exposure to your risk appetite. If you have solutions to make something 100% secure against anything, please let me know.

The bigger picture is the layers of protection you can create for your system.
Safe Surfing-->Firewall-->Antivirus/Antispyware-->Updated System-->Registry Monitor.

I'd rather talk about logical layers than software layers. Security aims to ensure the confidentiality, integrity and availability of resources and it consists of equal parts of processes, technology and the human aspect. It doesn't matter what technological controls you have in place if you actively circumvent them, don't understand how they work or have new emerging exploit vectors that aren't covered by your technology. Patch your computer regularly (not just the OS, all apps and middleware also), be aware of the security threats and have a natural distrust of everything and make sure you always use everything with minimum required privileges, and you're as safe as any home user can be expected to be.

I have not addressed the importance of System Backups; this will be for another post. However, if all else fails, and repair is not possible, having a way to recover via Backup is wonderfully preferable to wipe and reinstall OS from new. Just a brief preview on this: creating an image of your existing system, and storing that image on an external Hard Drive, will save you much grief. My tool for this is Acronis True Image. Another choice is Norton's Ghost, but.....I made my preference clear, i think.

Agreed.

[NobleTruths]

If a user has not installed necessary patches, the LUA will not protect as it should. And spyware, keyloggers and other malicious events can occur.

Boy, I wish I had a 100% solution. Thank goodness I never said I did.

Logical layers and software layers sound good together...after all, multi-prong security is essential.

[rong]

I am security thick when it comes to computers. SO have a few questions.

Someone on another thread on here recommended superantispyware. Is that better than the others you have mentioned or can it take the place of any of them.

When I use Superantispyware it finds tons of stuff that other things like adaware don't find. But there is so much there that I'm reluctant to delete it all incase I need any of it for things that I do want on my computer, eg holdem manager (or whatever), I have no idea if S-A-Spyware sees things related to this and thinks they are bad.

So what I'm trying to say is, should I use that software and should I just accept what it tells me and delete the hundreds of things it finds?

Thanks

[Ash256]

I don't know the software; could you post a screenshot of its results?

[NobleTruths]

SUPERAntiSpyware is an excellent program. Like Malwarebytes' Anti-Malware, it comes in a free, as well as paid, version. Real-time protection is only available in the paid version. It is an excellent on-demand scanner in the free mode.

It will detect Spyware, Adware and Malware (Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products) and many other types of threats.

Pretty much everything it detects, you do not want on your computer. It will not see Holdem Manager as a "bad" program, but if HM has infected files, they will be flagged for cleaning/deleting. If you are concerned, you could look at everything one-by-one. But, again, if it is flagged, there is a problem.

[rong]

I got bored waiting and deleted it all, and all is working fine. Just being a retard I think. Thanks for your response.

[CoccoBill]

Pretty much everything it detects, you do not want on your computer.

Just like with any antivirus/antimalware product, it can and will produce false positives. Just blindly deleting everything any of these products suggest will end up also killing some legit programs and functionality.

Many people measure the effectiveness of antimalware products by the number of findings they produce on an identical system. If one product reports 50 findings while another one only 5, the former must be better, right? You can bet the software developers are aware of this and tend to trigger fairly easily false positives, if not completely fake results.

[NobleTruths]

You make a very good point, CoccoBill, that we should be cautious with the programs we run on our computer. There are many Rogue programs that try to scare us into things we don't need. Fortunately, SUPERAntiSpyware (SAS) is a trusted program that does not inflate its reported findings. Certainly, any program can have false positives, that is why it has a quarantine...in case something needs to be restored.

[Warpe]

90 percent of Windows 7 flaws fixed by removing admin rights

[Jack Sawyer]

Pwn2own2010

" pwn2own 2010 is under way, and after day one of the annual security showdown the results are darn near an exact replica of last year's. Safari was the first to fall, followed by internet explorer 8 on windows 7. Firefox on windows 7 x64 was also taken down, as was the iphone's mobile safari. Google chrome, however, has yet to succumb.

Once again, it's chrome's sandbox which is making things difficult. At last year's pwn2own, charlie miller had this to say:

"there are bugs in chrome but they're very hard to exploit. I have a chrome vulnerability right now but i don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With chrome, it's a combination of things - you can't execute on the heap, the os protections in windows and the sandbox."

miller successfully targeted safari on osx using one of 20 exploits he had at the ready -- exploits which he uncovered using a simple 5-line python script. "tomorrow, i'm going to describe exactly how i found them, so hopefully that means apple will replicate what i did and they'll find my 20 [bugs] and probably a lot more," miller stated.

The mobile safari attack was particularly impressive, since running code on the iphone requires a valid digital signature. By rearranging bits of pre-signed code, halvar flake of zynamics was able to deliver a malicious payload via safari and force the iphone to cough up its complete sms database. Contacts and messages were laid bare -- including deleted ones.

While most (if not all) of these exploits aren't being used in the wild, it's still an indication of just how scary the landscape of the internet is right now. How do you stay safe? Google chrome looks like a good choice, obviously, but there's another option: Opera.

As one participant put it, "i use opera, but that's basically because it has a tiny market share and as far as i know, nobody is really interested in creating a drive-by download for opera."

gotta love security by obscurity -- am i right, apple fans? "

[Albus]

i had a similar problem with windows xp media addition, could not get onto our web site or ebay & some other sites but then had no problem with others,
it happened a few times usualy after about 3 months of use,
turned fire wall off antivirus off still no joy in the end i had no option but to re install, system restore did not cure it for me,
now running xp home,
its windows its over priced crap,
me iam going on to linux ubutu next time it throws a wobbly,


anti keylogger

[NobleTruths]

Updated some broken links.

[mbiz]

This always makes me laugh. It's like saying "Your skin is not any tougher than a gazelle's. You're only safe from lions because there aren't any in New Zealand." It's not gonna make me go out and buy a rifle.

A mac is worse than a virus. If you installed effective anti virus software it would just incinerate the mac after printing out a piece of paper that says buy a PC.