|
|||
|
IN THIS ISSUE: 0. EDITORIAL: Dealing with Rootkit Trojans 0.0 EDITORIAL How to Deal With Trojan RootkitsRootkits are increasingly being used by writers of viruses, spyware, trojans and other malware products to hide their unwanted programs from you and your security products. At the moment rootkits are not exactly common, however they are becoming more common and this is causing concern in the computer security industry. Rootkits are not themselves malware programs but are programs that offer a system or technique to hide the presence of malware programs. They do this using a variety of clever tricks to manipulate the Windows operating system itself, the effect of which is that you cannot see the cloaked malware product on your computer using normal Windows programs. For example, you will not be able to see any malware files that are protected by a rootkit by using Windows Explorer or any other common file viewer. Nor will you be able to see any of the malware processes by using Task Manager or most other process viewers. Similarly, there will be no visible malware entries in the Windows Startup folder or other startup locations. Even a HijackThis log will show nothing. In other words, the malware infection is totally stealthed by the rootkit from your view and the view of most of your security software products. Because of this stealthing, your security software may report that your PC is totally clean from infection when in fact you are infected. That's why rootkits are so appealing to writers of malware products. Rootkit detectors are special programs designed to look through these stealthing techniques. There are several products on the market and, thankfully, most are free. Detecting rootkits is only part of the problem. If you find one, then there is the issue of how you get rid of it. Perhaps most important of all is knowing how to avoid being infected in the first place. I'd
like to address all these issues here but I'm afraid it
takes more space than I have available. So, what I've done is
write a special article for you dear subscribers and it's now on
the Tech Support Alert web site at this address: I
suggest you check out the article and follow the instructions
to thoroughly scan your PC. Of course, the chances of your PC
being infected are quite small but it's definitely worth a few
minutes of your time to make sure. I'm sure no one wants to be
in the position of believing their PC is totally clean when it
is in fact, totally compromised. If anyone does detect a rootkit on their PC, please write to let me know. See you next month. Gizmo PS This month I'm giving away six free copies of the the top rated Anti virus NOD32 plus lots of Google GMail invites. For details, keep reading. Support Alert relies on paid subscriptions to survive. If you feel that you've benefited from reading this newsletter perhaps you would like to consider donating by subscribing to the premium "Supporters' Edition" of this newsletter. The Premium SE Edition contains almost twice the number of great tech sites, free utilities, tips and other content as the free edition. It's also ad-free. You'll also get immediate access to the archive of all past issues of the Premium Supporters' Edition of the newsletter where you can catch up on the hundreds of great utilities you missed in the free edition. The SE Edition is a great deal and at $10 per year it's a bargain. This month I'm giving away to new subscribers, six free copies of the the top rated Anti virus NOD32. NOD32 is a brilliant program for protecting your PC yet it only consumes a modest amount of your computing resources. That's why I use it on my key work computers. At $39 it's good value but it's even better value when you can get it for free. The six copies I'm giving away will be allocated at random but your chances of scoring one are actually quite good. So if you have been thinking of subscribing, now's the time. I'm also giving away invites to Google Gmail to new SE subscribers. Last month everyone who wanted one got one and I expect the same to happen this month. Just email me at editor@techsupportalert.com after subscribing to the Premium SE Edition and I'll send your invitation. Even if you don't win anything you'll still get my special report "Gizmo's Desert Island Utilities" which outlines the software I use myself, including many free products. HOW TO SUBSCRIBE TO THE PREMIUM SE EDITION 12 months subscription to the Supporters' Edition costs $10 which can be made by check or credit card using either ClickBank or PayPal or simply send cash. Use
the link below to subscribe now: 1.0 TOP TECH SITES AND RESOURCES1.1 Free Spyware ScanI've
written before about Trend Micro's excellent free online
anti-virus scanner. Now they are offering a free anti-spyware
scanner [1] as well. This one is not online; you have to
download the 1.7MB file and then run it on your PC. It works
just like McAfee's Stinger program in that there are no
signature file updates so if you want to run the program in the
future you have to download the latest version of the full
program once again. It's a pretty competent anti-spyware scanner
and will fix any problems detected. It's well worth the download
even if you are already using another anti-spyware product; two
opinions are always better then one. While at the Trend Micro
site why not try their free online anti-virus scan as well?
It's accessible from the same page as the spyware scanner. It
will only work with Internet Explorer but Firefox and Opera
users can use this [2] version. 1.2 Disposable Email Address ServicesThanks
to subscriber JW for letting me know about this directory
listing of 16 different services with brief descriptions of each.
1.3 Free Anonymous BrowsingThis
site allows you browse the web anonymously using any of 11
different anonymizing services. You can optionally disable
cookies, scripts and ads as well. 1.4 File Extensions ExplainedSubscriber
Per Christensson wrote in recently to let me know
about his site FileInfo.net. It provides extensive information
on various file extensions and, unlike similar sites, it
provides a good explanation of each type rather than a simple
listing. Definitely one to bookmark. 1.5 Google Search-As-You-TypeDon't
confuse this with Google's own suggest-as-you-type [1].
This is a third party service called Inquisitor that uses an
AJAX front end to provide snappy Google search suggestions.
Works best in Firefox and Opera. Another impressive use of AJAX.
1.6 How to Check Out a New Program Before InstallingThis
little known Microsoft site [1] provides a wealth of user
comments on many applications and is a valuable resource for
anyone thinking of buying or installing a new program. As ever,
some of the comments are well informed and valuable, others are
inane. SnapFiles [2] also provides user comments on software but
beware - some of these are really from vendors seeking to
bolster the reputation of their products. ** Additional Items in the Premium SE Edition ** 1.7 Collaborative Search Engine is Hot1.8 Use MS Office-Style Apps Online for Free 1.9 The Free Programs Hidden in Windows 1.10 How to Fix Dead Pixels in Your Monitor Got
some great tech sites to suggest? Send them to:
editor@techsupportalert.com 2.0 TOP FREEWARE AND SHAREWARE UTILITIES2.1 The Best Free Browser ScrubberThere's
no doubt that when you browse the web you accumulate
huge amount of stored data. The sheer quantity is surprising;
often gigabytes. A lot of this is just junk while other parts
can be useful. Just what is and what isn't junk is a personal
decision. For example, I regard the information stored in my
browser's history as a valuable resource but I know a lot folks
see it as clutter or even an embarrassment. That's why the
flexibility to choose exactly what you want to keep or delete is
a key requirement in any browser cleaning utility. It's in this
area that CleanCache excels. Yes, there are a few other cleaner
programs that also offer this but when you take into account
CleanCache's speed, ease of use, automation features, near-
forensic thoroughness and the fact that it works with Internet
Explorer, IE Clones such as Avast, Firefox and Opera, then you
have a clear winner in this category. Note that it requires the
26MB Microsoft .NET Framework to be installed on your PC.
Freeware, Windows 2000 and later, 1.3 MB 2.2 How to Restore Desktop IconsEveryone
knows the annoyance of having your desktop icon layout
scrambled. There are lots of causes; a system glitch, booting in
safe mode, Windows Explorer crashing and more. Icon Restore is a
tiny free utility that solves this problem by adding two new
items to your right click context menu: one to save your desktop
layout the other to restore it. What could be simpler? Thanks to
my friend Mikel Peters for this contribution. Freeware, all
Windows versions, 281KB. 2.3 Free Tool Analyzes End User Licensing AgreementsIf
you are one of those people who never reads EULAs when you
install software then this utility [1] may be just what you have
been looking for. Just cut and paste the EULA into EULAlyzer and
it will flag for your attention any areas of concern. I tried it
on five agreements and it picked up about 80% of what I detected
manually including most surreptitious adware installation
clauses. That's pretty good and well worth the effort. BTW,
check out this really funny cartoon [2] about EULAs. All Windows
versions, 1.7MB. 2.4 Free Utility Identifies Download File SizeIt's
often useful to know the size of a file before you download
it, particularly if you have a slow connection or are
approaching your bandwidth quota. Most folks do this by starting
the download and then looking at the indicated file size in
their download manager but InternetFileSize offers a far simpler
solution. It works by adding a menu item to the right click
context menu. All you do is right click on a download link and
InternetFileSize shows the true file size, modification date and
the true download path. Freeware, Windows 98 and later, 575KB.
** Additional Items in the Premium SE Edition ** 2.5 How to Copy Songs From Your iPod to Your PC2.6 A Utility That Civilizes the Command Prompt 2.7 Open Source Alternative to MS Exchange Got
some top utilities to suggest? Send them to 3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES3.1 Microsoft Security NewsThis month Microsoft released nine Windows updates covering 14 vulnerabilities including three considered "critical." All three of these, if exploited, could allow someone to take control of your PC, so please ensure your computer is updated ASAP. One of these patches, MS05-51, is of particular importance. It covers four individual flaws, one of which has the potential to be exploited through a network worm. Such a worm attack is now looking certain as proof of concept code is already circulating on the internet. The catch is that there have been implementation problems with this particular patch. Microsoft has officially acknowledged this and has offered work-arounds [2] but claims there have only been a few isolated instances of the problem. Whatever, it puts sysadmins into a difficult position; patch and risk bringing down the system or don't patch and risk getting attacked by a worm. Full
details of all patches can be found at the third link below.
3.2 Scanning Vulnerability in Avast Virus ScannerSecunia
is carrying a report of a flaw in the Avast "Anti-Virus
scan engine, which can be exploited by malware to bypass certain
scanning functionality. The weakness is caused by an error in
parsing certain malformed archives and can be exploited via a
specially crafted archive with additional characters pre-pended
to the header. Such malformed archives can be correctly
extracted by some archiving software. Successful exploitation
allows malware packed in malformed archives to pass the email
anti-virus scanning gateway undetected." No fix is currently
available from Avast so in the interim it is recommended that
Avast users unpack all archives and scan the contained files
rather than execute files within archives. 3.3 Is Firefox Secure?With
all the recent Firefox security patches I've been getting
quite of lot of email from subscribers asking whether Firefox
can still be considered more secure than Internet Explorer. The
answer is unequivocal; yes. Two main factors contribute to this:
First, FF does not support ActiveX, one of the major sources of
malware infection for Internet Explorer users. Second, Mozilla
fixes new reported vulnerabilities in FF really quickly, often
within hours while, in contrast, Microsoft takes many months.
Consequently, there are virtually no exploits circulating on the
internet for FF while there are dozens for IE. In fact, I have
never myself even seen a circulating FF exploit while I
encounter IE exploits daily. Case closed; FF is way safer than
IE. Yes, there have been a lot of FF security patches and yes,
there will be more. That's to be expected for a product whose
source code is publicly available. But all those patches are a
good sign; they tell you that Mozilla is at work fixing
potential problems. It's not the patches you should worry about
folks, it's the number of reported but unpatched flaws. If you
use IE, depress yourself by checking out Secunia's list of IE's
outstanding unpatched flaws, 20 at last count and rising.
3.4 US Govt Backdoor in Windows Security RevisitedI
ran into this 1999 article over at StumbleUpon. I recall that
at the time MS denied it outright and claimed the researcher had
jumped to the wrong conclusion. Does anyone know how this was
finally resolved? In any case, in these terrorism-dominated
times it makes very interesting reading. 3.5 New Beta of Firefox 1.5The
second Beta of Firefox V1.5 is now available, though I don't
recommend you download it unless you are willing to live with a
few bugs - as they say, "beta" stands for "broken." The full
release is tentatively scheduled for November and, based on what
I've seen from the beta, it's something to look forward to. It's
considerably faster than V1.07 when browsing back and forth
between sites, has improved rendering and a much better system
for handling extensions and updates. ----------------- sponsored links ----------------------- The
Best Windows Backup Software The
Best SpyWare Detector The
Best Remote Access Software The
Best Anti-trojan Scanner ------------- end of sponsored links -------------------------- 4.0 OTHER USEFUL STUFF4.1 Ethernet Cable Tester for $5.95How
neat; an RJ45 cable tester that fits on your keychain at a
ridiculously low price. It checks for both broken and shorted
wires and even handles both male and female plugs and sockets.
4.2 How to Check Whether Your PC has High Speed USB PortsThis
is a question I get regularly from subscribers. Thankfully
someone has finally documented how to do it. 4.3 Sort Algorithms ComparedAt
this site they have animated displays of 17 different sort
techniques in operation. Geeks will find this quite fascinating;
I know I did. ;>) 4.4 Lots of GMail Usage Tips42
tips at last count. A great resource for all Gmail users.
4.5 Preventing Computer-related Neck and Shoulder ProblemsAnyone
who uses a computer for long periods is at risk of
developing these problems. I certainly did. In this article I
show you how I solved the problem. It worked for me and I hope
it works for you too. 4.6 Useless Waste of Time DepartmentThis
is a well-known site always rewarding to re-visit. Dr.
David G. Alciatore at Colorado State University has this amazing
collection of slow motion videos of everyday events. Among the
many fascinating clips, you must check out the computer hard
drive video. It will leave you wondering how these things manage
to work at all. ** Additional Items in the Premium SE Edition ** 4.7 How to Write Email That Gets Answered4.8 A Web Site That Can Change Your Mood 4.9 A Simple Way to Improve Your Job Resume 5.0 TIP OF THE MONTH5.1 How to Find Out If You Are Secretly Connected to the InternetOne of the most unnerving computer experiences is to notice sudden unexpected internet activity from your PC when you're not using the internet at the time. It can be brought to your attention several ways; for example the lights on your modem might start blinking furiously, your firewall may indicate internet activity or your download/upload monitor could show that a lot of information is being received or transmitted. When this happens to me, the first thought that goes through my mind is that a malware program may be "phoning home" to some remote PC divulging all my personal information. Now I know this is unlikely because my PC is well protected but I know enough about security to know that it's possible. So whenever this happens I immediately investigate what's happening. So should you; in the following paragraphs I'll show you how. When you are connected to the internet you are not connected at one point but at multiple points. These different points are called ports. Data can flow in and out each of these ports. It's a bit like the way flies get into your house. They can get in (or out) the front door, the back door, the windows or the chimney. These openings in your house are just like the ports in your computer. There can be up to 65000 ports on your computer but normally these are shut. When you start a program that connects to the internet such as your web browser, that program opens one or more ports to make the connection. So when you computer shows signs of unexpected internet activity what you need to do is to track down what ports are open and then identify the programs that opened those ports. There's a whole class of utilities called port enumerators that will do this job for you. In fact, there are more than a dozen such programs currently available. Additionally, many firewalls and most anti-trojan programs have in-built port enumerators though these are often quite basic. I've looked at most of these products and found two that are outstanding: My favorite free port enumerator is called CurrPorts from Nirsoft. It works best with Window 2000 and later though Windows 98 users can still use the product with less information displayed. CurrPorts, like all port enumerators, shows all the ports that are currently open on your PC. It also shows you the process that opened each port and the time the port was opened. Most importantly it flags in pink, any suspicious ports. Now "suspicious" here just means worth checking. However this flagging makes the job of interpreting results much easier for less experienced users. CurrPorts also allows you to track down the remote site a particular port is connected to. If it's somewhere like North Korea, China or Romania you have a problem. If you do have a problem CurrPorts allows you to immediately shut down that port. That reduces the potential damage but of course doesn't solve the problem. To do that you need to find the malware program responsible. How
you do that is unfortunately, beyond the scope of this
article. As a quick guide I suggest you download HijackThis
from the link below and follow the instructions on the same
page how to paste the output to the Tom Coyote web forums.
The folks on the forum should be able to help you permanently get rid of the problem and it won't cost you a cent either. CurrPorts is a great product but it has one weakness; it doesn't tell you the amount of data flowing in and out the open ports on your computer. This is a really important piece of information when you are trying to track down sudden unexplained internet activity. There may be dozens of open ports on your PC but what you want to know the ones that are currently being used to transmit or receive data. I couldn't find any free port enumerator that provides this information but there are two shareware products that do: Port Explorer from Diamond Computer and TCPView Pro from SysInternals. Port Explorer is the standout pick. Port Explorer works with all versions of Windows and a home license is $29.95. Simply put, it's the best port enumerator I've ever used. Port Explorer does pretty well everything that CurrPorts does and more. It combines ease of use with great power; a rare quality in technical utilities. In
this context its greatest ability is to show for each open
port, the amount of information being transmitted and received.
The display can even be sorted on this criterion so the ports
moving the most data appear at the top. This makes Once the cause of the internet activity has been identified Port Explorer provides a whole raft of tools to help you identify the remote computer using the port. It even includes a packet sniffer so you can see what information is being transmitted. Both Port Explorer and CurrPorts can provide you with the information you need to identify the cause of unexpected internet activity. I suggest you check out both and go with the program that best suits your needs. Whatever, every experienced user should have a port enumerator installed on their PC ready and waiting to track down those mystery internet connections. You may only occasionally require such a product but it's a great comfort to have one on hand when you really need it. CurrPorts: http://www.nirsoft.net/utils/cports.html NOTE: No standard port enumerator can detect open ports that have been stealthed by Rootkits. To detect these you need a specialist rootkit detector. For more information see this months' Editorial. 6.0 FREEBIE OF THE MONTH6.1 The Best Free Instant Messaging ClientI don't use IM so I asked regular contributor Craig Vollmar to review this category for me. Here's an abbreviated version of Craig's full review which is available online [4] from the Tech Support Alert web site. If you're like me, then you probably have friends and family using a variety of IM networks. One way to talk with people on each one of these networks is to open an account for each and then download and install each IM client on your computer. However, running four different IM applications on your computer uses a lot of system resources, is difficult to manage, and broadens your attack surface. Therefore, I would recommend using a multi-protocol IM client. These applications not only allow you to connect to multiple IM networks, but they are also advertisement free, more secure, and have features that allow you to easily manage your various IM accounts. I have been using Trillian Basic since its infancy. It is a
great application and supports the AIM, ICQ, IRC, MSN, and Yahoo
networks. However, during this evaluation, I have decided that
IM2 Messenger [2] is slightly better than Trillian Basic if you
only need to connect to the aforementioned IM networks. Its
interface is much cleaner and easier to use and it supports
video messaging (in addition to text and voice messaging). Now,
if you're a power user and want support for more networks and
the ability to add features via plug-ins, then definitely check
out Miranda Instant Messenger [3]. In addition to the networks
supported by IM2, it has native support for Gadu-Gadu and Jabber
(it also will connect to the Google Talk [1] network with a
little plug-in tweaking!). Its interface is minimalist, but the
application is very extensible through the use of plug-ins.
Miranda IM is now my IM client of choice! ** Bonus Freebie in the Premium SE Edition ** 6.2 Free Utility Cleans Out the Junk from the Windows UninstallerMost users who try out lots of programs end up with dead entries in the Windows Uninstaller (aka the Add/Remove Programs utility) that can't be removed or uninstalled. The usual cause is program uninstalls that went wrong or programs that have no uninstaller. A number of commercial utilities are available that will delete these defunct entries but this free utility does the same thing. It removes the offending program from Add/Remove programs and cleans the corresponding Windows uninstaller registry entries. A nice way to tidy up your PC. ...
full details in the Premium SE Edition of this newsletter. GET THE PREMIUM "SE" EDITION NOW Stop missing out on all this extra information! Subscribe now to the premium "SE" Edition of this newsletter and immediately receive the current issue containing nearly double the information contained in this free edition. Get twice as many great web sites, get twice as many top utilities and great freebies. It's also ad-free. You'll also get immediate access to the archive of all past issues of the Premium Supporters' Edition of the newsletter where you can catch up on the hundreds of great utilities you missed in the free edition. The SE Edition is a great deal and at $10 per year it's a good value. Use
this link to subscribe online now: This month I'm giving away to new subscribers, six free copies of the the top rated Anti virus NOD32. NOD32 is a brilliant program for protecting your PC yet it only consumes a modest amount of your computing resources. That's why I use it on my key work computers. At $39 it's good value but it's even better value when you can get it for free. The six copies I'm giving away will be allocated at random but your chances of scoring one are actually quite good. So if you have been thinking of subscribing, now's the time. I'm also giving away invites to Google Gmail to new SE subscribers. Last month everyone who wanted one got one and I expect the same to happen this month. Just email me at editor@techsupportalert.com after subscribing to the Premium SE Edition and I'll send your invitation. Even
if you don't win anything you'll still get my special
report "Gizmo's Desert Island Utilities" which outlines the
software I use myself, including many free products.
Use the link below to subscribe now: Use
the link below to subscribe now: 7.0 MANAGE YOUR SUBSCRIPTIONSupport Alert is a free newsletter. If you liked this issue why not email it to a friend. Anyone can subscribe by signing up online at Back Issues If you no longer wish to receive this newsletter just go to To change your delivery email address go to For lots more free IT newsletters see Thanks to subscriber A. Belile for proofreading this issue. You can contact this newsletter by snail mail at: Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2005 See you next issue Gizmo
|
