What You Need to Know about All Things PC
Volume 4 Number 26Click here to return to the back issues page.Click here to return to the main newsletter page.
The Naked PC - http://www.TheNakedPC.com What You Need to Know about All Things PC Publisher: Lee Hudspeth and T.J. Lee Editor in Chief: Dan Butler Contributing Editor: Al Gordon This issue is for Thursday, December 20, 2001 - Vol. 4 No. 26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Table of Contents ** 01. Letter from the Publisher ** 02. Anti-Virus Software Manufacturer Links (by Lee Hudspeth) ** 03. How to Protect Yourself from Viruses and Other Malware (by Lee Hudspeth) ** 04. The Naked PC's Virus-Related Article Links ** 05. Belkin's Secure Networking Gateway Routers (by Al Gordon) ** 06. Featured Product - Trend Micro HouseCall (reviewed by Lee Hudspeth) ** 07. Featured Web Site - ICSA Labs ** 08. Newsworthy - a potpourri of current events and interesting stuff ** 01. Letter from the Publisher In recent months, no doubt you either have been personally attacked by a virus, or you know someone who has been attacked. Perhaps Nimda was the culprit, or Snow White or SirCam or Goner or Gokar or Badtrans or... Given the unprecedented growth of malware, and the increased risk burden this puts on all of us, Lee decided to put together a special issue of The Naked PC, covering viruses and resources you can use to protect your PC from infection. In this issue you will find a list of anti-virus software manufacturer links; these links point to each manufacturer's current anti-virus product page, technical support page, virus info page, and virus encyclopedia page. Lee gives you his checklist that you can follow to be sure you're keeping yourself protected from virus attacks, day in and day out. We include a list of links to all the articles The Naked PC has published to date on virus-related topics. Al reviews several of Belkin's secure networking products that can help you quickly share a cable/DSL connection (standard Ethernet and wireless). This issue's Featured Product and Web Site articles describe HouseCall (a free online virus scanner) and ICSA Lab's list of certified desktop anti-virus products, respectively. A special note for our TheNakedPCStore.com customers: due to the holiday shipment crush you should not expect delivery by December 25th for orders placed after December 19th. If you have a question about your order send an email to this address. Be sure to include your seven digit invoice number and one of us will get back to you promptly. mailto:orders@TheNakedPC.com Also note that TheNakedPCStore.com's Holiday Special offering is no longer available. Reader support is what keeps The Naked PC free. To this end you can help us by passing a copy on to co-workers and friends (no spam please). We even make it easy to refer people to The Naked PC... check out our Refer page: http://www.TheNakedPC.com/refer/ +++------------------------- sponsor -------------------------+++ >> "How Many Ways Will You Use These Amazing Devices?" They're incredibly handy. When we first saw these amazing little devices we thought, "these will look cool hanging on my key ring." Then we started using them. WOW - every day we find more uses. How many will you find? http://www.TheNakedPC.com/t/a/tr.cgi?swisstech +++------------------------- sponsor -------------------------+++ ** 02. Anti-Virus Software Manufacturer Links (by Lee Hudspeth) Here is a link to a supplemental page that lists all the anti- virus software manufacturers we've come across (the list is too long to publish here in the body of the newsletter). There may be a few more out there, but this comprehensive list should get you started. http://www.TheNakedPC.com/t/426/tr.cgi?av1 You'll see four links for each manufacturer: anti-virus product information, anti-virus product technical support, virus information, and virus encyclopedia. The links are presented in alphabetical order by the manufacturer's company name. The latest version number of each product is also displayed (note that many manufacturers offer multiple products). When you look at our list, keep in mind that each manufacturer has its own preferred way of presenting its "virus info" page as well as a "virus encyclopedia" page. For example, at the Symantec Security Response page when you look up Gokar in the encyclopedia, one of the latest variants is W32.Gokar.A@mm. Here is a breakdown of the information you'll find on W32.Gokar.A@mm: discovery date, type, infection length, the date of the virus definitions that include this threat, a threat assessment, an in- the-wild assessment, damage, distribution, lengthy technical description, and detailed step-by-step removal instructions. "Virus info" pages typically--although not always, and not for each manufacturer--cover topics like these: the day's active viruses, hoax listings, new virus discoveries (for the current day), warnings/advice articles or FAQs, virus calendar, glossary, regional information, links to specific virus removal tools, newsletter subscription offer (for example, "Symantec Security Response Newsletter" or "McAfee.com Dispatch"), and so on. These pages can be useful if you're intellectually curious about malware, but if you're trying to disinfect a system, you are best off in front of a friend or colleague's *uninfected* PC, studying the encyclopedia information on whatever virus you've got. Here are a few common malware terms (these definitions are quoted directly from the McAfee.com virus glossary). Should you be interested, you'll find other terms and topics defined up on the manufacturers' virus info pages. http://www.TheNakedPC.com/t/426/tr.cgi?avgloss Virus - A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies or creates the files. Some viruses display symptoms, and some viruses damage files and computer systems, but neither symptoms nor damage is essential in the definition of a virus; a non-damaging virus is still a virus. Macro virus - A macro virus is a malicious macro. Macro viruses are written a macro programming language and attach to a document file (such as Word or Excel). When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Spyware - (from Steve Gibson's OptOut page) Spyware is any software which employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission. Trojan horse - A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses. Worm - Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network. Worms often spread via IRC (Internet Relay Chat). False negative - A false negative error occurs when anti-virus software fails to indicate an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti- virus software because the may miss a new or a heavily modified virus. False positive - A false positive error occurs when anti-virus software wrongly claims a virus infects a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program. If you know of an anti-virus developer that isn't on this list, drop me a note. You can reach Lee Hudspeth at: mailto:LeeHudspeth@TheNakedPC.com ** 03. How to Protect Yourself from Viruses and Other Malware (by Lee Hudspeth) Later in this issue you'll find an article entitled "The Naked PC's Virus-Related Article Links" with links to all the articles we've published on virus-related topics. These articles provide valuable checklists for activities like optimizing (and safely testing) your anti-virus program, understanding and dealing with hoaxes, evaluating anti-virus programs for ease of use, thwarting virus attacks, and so on. Here's my checklist for use when protecting yourself from malware. (Special thanks to my colleague Mike Craven for his assistance in refining this checklist.) Note that this list is focused on folks running stand-alone desktops or peer-to-peer networks; if you're a network administrator then you can certainly extract value from this list, but I won't be talking about the special types of protection required when running a network that support enterprise-wide email services, Web servers, and the like. 1. NEVER, NEVER, NEVER OPEN OR EXECUTE AN EMAIL ATTACHMENT FROM SOMEONE YOU DON'T KNOW. Or even someone you do know if it's not a file you were expecting. And it's a good bet to call or other wise verify with the sender that they did indeed send you the file and not some virus program that commandeered their email client. 2. INSTALL AND USE A MODERN ANTI-VIRUS PROGRAM. Any one will do, but the most important thing is to use one. (I'm in the process of reviewing anti-virus programs, see the link below, and stay tuned.) http://www.TheNakedPC.com/t/426/tr.cgi?av2 3. BE AGGRESSIVE. Configure your anti-virus program to be aggressive in how it detects malware. http://www.TheNakedPC.com/t/426/tr.cgi?av3 4. GET DAILY UPDATES, AUTOMATICALLY. Configure your anti-virus program to update its virus definition files and its engine (and other software components) DAILY. 5. AUTOMATICALLY MONITOR ALL FILE ACTIVITY. Turn on your anti-virus program's "auto-protect" feature. 6. AUTOMATICALLY SCAN EMAIL. Turn on your anti-virus program's email scanning feature. 7. AUTOMATICALLY SCAN MICROSOFT DOCUMENTS WHEN OPENED. Turn on your anti-virus program's feature for scanning Office documents. 8. RUN WEEKLY FULL-SYSTEM SCANS. This is easy to configure with your anti-virus program's options settings dialog. 9. USE A FIREWALL. I recommend that you install and use a personal firewall on your PC(s). I personally recommend ZoneAlarm. If you have a network that's sharing an Internet connection, be sure to familiarize yourself with your router/gateway's built-in firewall. http://www.TheNakedPC.com/t/426/tr.cgi?av4 10. INSTALL SOFTWARE SECURITY PATCHES. Routinely check the Web sites of all your software programs that connect with the outside world--operating system, email client, browser, personal firewall, document editing tool (like Microsoft Office) and so on--and update them by installing the manufacturer's suggested security-related service releases and/or patches. In our ebook "The Book That Should Have Come with Your Computer" we devote an entire chapter--Chapter 8--to the subject of staying ahead of the upgrade game; for information about tracking down software upgrades see the section "Tracking Down Upgrades." 11. SCAN FOR TROJANS AND SPYWARE. To identify and remove trojans that might slip by your anti-virus program, check out MooSoft's The Cleaner, available as shareware: http://www.TheNakedPC.com/t/426/tr.cgi?av16 To identify and remove spyware, check out Lavasoft's freeware tool Ad-aware: http://www.TheNakedPC.com/t/426/tr.cgi?av18 Even if you've followed all the above steps, it is still theoretically possible that a piece of malware could escape detection. If you're thinking these steps represent too much work, not so. Once you've spent a few minutes configuring your anti-virus program using my recommendations, it's "set and forget." Ditto with your personal firewall. You can subscribe to free newsletters that will automatically inform you of software security patches, or you can manually peruse various "virus info" pages (just remember to do so regularly). Other ways to stay ahead of the upgrade game are described in the aforementioned book. You can reach Lee Hudspeth at: mailto:LeeHudspeth@TheNakedPC.com +++------------------------- sponsor -------------------------+++ "Computer Tips Compendium" We've collected over 460 computer tips and have packaged them as an electronic book in PDF format. That means that the text of each and every tip is fully text searchable... you'll find the tip you need, when you need it. We've pulled together the BEST TIPS, tricks, and techniques that you're likely to ever find all onto a single CD. You also get free access to the restricted Tips Section of The Naked PC Web site! Tips on where to find the information you need on the Internet, shortcuts to settings, fixes and workarounds to problems, general computer tips, tips for specific software, over 460 tips to help people like you use your computer even more productively. http://www.TheNakedPC.com/t/a/tr.cgi?comptips +++------------------------- sponsor -------------------------+++ ** 04. The Naked PC's Virus-Related Article Links Here are links to all the articles we've published to date that cover virus-related topics, excluding the current issue's articles (alphabetical by title). "A Serious Reminder About Viruses and Backups" http://www.TheNakedPC.com/t/426/tr.cgi?av5 "Evaluating Anti-virus Software for Ease of Use" (supplemental page) http://www.TheNakedPC.com/t/426/tr.cgi?av6 "Evaluating Anti-virus Software for Ease of Use: Panda Antivirus 6.0 Platinum" http://www.TheNakedPC.com/t/426/tr.cgi?av7 "Norton AntiVirus: Resolving Subscription Problems and Upgrading to Version 2002" http://www.TheNakedPC.com/t/426/tr.cgi?av8 "Norton AntiVirus: Resolving Subscription Problems and Upgrading to Version 2002 - Part 2" http://www.TheNakedPC.com/t/426/tr.cgi?av9 "Optimal Norton AntiVirus 2000 Settings" http://www.TheNakedPC.com/t/426/tr.cgi?av10 "Safely Testing Your AntiVirus Package with the EICAR Test File" http://www.TheNakedPC.com/t/426/tr.cgi?av11 "Safely Testing Your AntiVirus Package with the EICAR Test File: Part 2" http://www.TheNakedPC.com/t/426/tr.cgi?av12 "Seeing Red Over AntiVirus False Positives" http://www.TheNakedPC.com/t/426/tr.cgi?av13 "The Budweiser Frog Virus Alert Is a Hoax, and Where To Go To Dispel Many a Tenacious Virus Myth" http://www.TheNakedPC.com/t/426/tr.cgi?av14 "Virus Attacks and How to Thwart Them When You Get One" http://www.TheNakedPC.com/t/426/tr.cgi?av15 +++------------------------- sponsor -------------------------+++ "You Can Laugh At Money Worries - If You Follow This Simple Plan" Do you sometimes have more month than money? Ever wonder how to dig out of the hole of debt? Maybe someone you know is struggling. In today's uncertain times with tens of thousands being laid off, this is one step you can take now to make your future more certain. This proven multimedia course will show you everything you need. http://www.TheNakedPC.com/t/a/tr.cgi?financial +++------------------------- sponsor -------------------------+++ ** 05. Belkin's Secure Networking Gateway Routers (by Al Gordon) I look upon the task of networking my computers with the same fondness as I attach to a dentist's drill. All I want from networking products is that they let me set up without making my life difficult. So I was happy as a clam (that would be a New England clam, of course) when Belkin Components rolled out a wide lineup of Ethernet and 802.11b ("WiFi") products, and discovered that I could actually get them to work. Quickly. For more details, links, and pictures, please see my supplemental page: http://www.TheNakedPC.com/t/426/tr.cgi?al1 Belkin networking products are particularly helpful to users with broadband Internet connections. The flagship products--the Wireless Cable/DSL Gateway Router (F5D6230-3) and 4-Port Cable/DSL Gateway Router (F5D5230-4)--both have robust firewall technologies to protect your "always on" connection from hackers. The wireless gateway also has five different encryption levels for your wireless transmissions. The gateways also have the crucial capability to clone your network card's MAC address. This allows you to set up the gateway so that as far as your broadband ISP is concerned, it is still connected to your original card. This is a safeguard, not against hackers, but rather against ISPs that impose extra fees for plugging in a network to their broadband service. The competition in small office and home networking, such as Linksys and Netgear, are known for quality gear, but for which setup sometimes can be a struggle. Belkin has correctly noted that ease of use would be a major competitive edge and has emphasized that in its products. We will have more on setup (including setup in Windows XP) in future issues. But for now, if your holiday shopping plans include a SOHO network, give Belkin a look. You can reach Al Gordon at: mailto:al@TheNakedPC.com ** 06. Featured Product - Trend Micro HouseCall (reviewed by Lee Hudspeth) HouseCall is a Web-based tool that scans your PC, for free, over the Internet. To start, click the link shown below; to do an immediate scan click the "scan without registering" link (you can register, but it's not required). Next indicate what country you're from (more about what data the tool gathers in a moment). If you're interested, there's a link on the page that allows you to see the top virus lists by continent and country. The first time you run HouseCall you may have to wait several minutes while the scanner loads, even if you have a high-speed connection. (The scanner is packaged as a VeriSign-certified CAB file from Trend Micro, so you will need to click Yes to the query "Do you want to install and run..." to proceed.) On subsequent visits the wait time will be shorter. When the scanner loads, a tree view of your computer's drives appears. You select one or more drives--or individual folders--to scan, check "Auto Clean" to have HouseCall disinfect any suspect files (the "Auto Clean" check box is *not* checked by default), then click the "Scan" button. The scanner displays a dialog box with a full progress report, including the current file being scanned, the number of files scanned, the number of infected files found, and infection details. You can stop the scan at any time by clicking the "Stop Scan" button. In my test, HouseCall v5.50.0 (Engine 5.630-1025) scanned a 1.5 GB partition in 31 minutes, and identified two of the three EICAR test files. It caught eicar.com and eicar.zip (with eicar.com inside), but failed to flag eicar.com.txt, a file that Norton AntiVirus 2002 flags as an "EICAR Test String.70" infection and Panda Antivirus Platinum 6.0 flags as "EICAR-AV- TEST-FILE". The information HouseCall returns to Trend's tracking center is the country of origin and number of files scanned; if an infection is found, HouseCall also reports the virus name, the number of infected files found, and the number cleaned. According to the site, "No personal files from your computer are ever sent back to our server. All virus tracking information is anonymous. We do not log IP addresses or collect any personal information about individual users in the Virus Tracking Center database. The email address you submitted for receiving security alerts is stored in a separate database." (If you choose not to register, no email address is gathered.) The site explains that this data gathering process helps in the center's analysis of country- specific malware issues. http://www.TheNakedPC.com/t/426/tr.cgi?fprod ** 07. Featured Web Site - ICSA Labs ICSA Labs is a division of TruSecure Corporation, a security solutions provider. The main interest that The Naked PC readers are likely to have in this site is the lab's list of certified anti-virus products. "ICSA Labs Certification criteria are public, objective, fair, credible criteria that yield a pass-fail result. To remain consistently results-oriented, certification criteria is based on resistance to threats and risks or on successful outcome, and not based on fundamental design or engineering principles or on an assessment of underlying technology. In most cases, this mirrors a 'black-box approach'." For the quality assurance minded among you, the site goes on at great length to explain the details of its certification process. ICSA Labs' main Web page is here: http://www.TheNakedPC.com/t/426/tr.cgi?fsite1 You can study ICSA Labs' "On-Demand/On-Access Anti-Virus Product Certification" list here: http://www.TheNakedPC.com/t/426/tr.cgi?fsite2 ** 08. Newsworthy - a potpourri of current events and interesting stuff *-* Microsoft warns Internet Explorer 5.5 and 6.0 users to IMMEDIATELY patch IE. This latest patch eliminates all security holes discovered over the past few months, as well as three new holes. http://www.TheNakedPC.com/t/426/tr.cgi?news1 *-* Four Israeli teenagers have been arrested and admit to writing the "Goner" email worm, allegedly to compete with some rival hackers. http://www.TheNakedPC.com/t/426/tr.cgi?news2 Get more Newsworthy bits on The Naked PC Web site: http://www.TheNakedPC.com/newsworthy/ Have you come across something newsworthy? Drop us a line: mailto:hottips@TheNakedPC.com **PLEASE SUPPORT THE NAKED PC BY VISITING OUR ADVERTISERS** +++----------------------- classifieds -----------------------+++ Tweaki...for Power Users Designed for all Windows operating systems, Tweaki is your Swiss army knife of utilities. Implement security, lock down your Desktop, tweak Microsoft Office, optimize Windows--roughly 500 tweaks in all! Tweaki also comes with a built-in undo function that restores any tweaked setting the utility tracks, no matter how long ago you tweaked it! http://www.TheNakedPC.com/t/a/tr.cgi?tweaki +++-----------------------------------------------------------+++ PROTECT Your PRIVACY with Anonymizer! Sign up and use our proxy server to stay 100% anonymous! Convenient and effective privacy protection -- no one can see where you surf. Blocks Cookies, Java, JavaScript, and other tracking methods. Cookie Encryption - lets you safely access and use Web sites that require cookies. URL Encryption - encrypts your page requests so your ISP can't log them. http://www.TheNakedPC.com/t/426/tr.cgi?anon +++-----------------------------------------------------------+++ **NEED INK? SAVE 40-70% OVER RETAIL!** High Quality Inkjet Printer Cartridges, JetPaks, Refill Kits. Super Prices! Your Satisfaction IS Guaranteed. NEW! We now offer High Quality Remanufactured Toner Cartridges Save 30-40% * FREE Printer Utilities! * MaxPatch Ink Supplies http://www.TheNakedPC.com/t/a/tr.cgi?maxpatch +++-----------------------------------------------------------+++ LEARN HOW TO USE A FEW SPARE BUCKS TO START ANY BUSINESS YOU WANT OR EXPAND YOUR CURRENT BUSINESS WITH LITTLE OR NO RISK http://www.TheNakedPC.com/t/426/tr.cgi?class2 +++-----------------------------------------------------------+++ DISCLAIMER Personal computers are individual machines with performance that can vary with components, software, and operator ability. The Naked PC is not responsible for the manner in which the information presented is used or interpreted. Also, although we work hard to provide you with accurate Internet links in The Naked PC, we are not responsible for Internet links herein that represent sites owned and operated by third parties. We are not responsible for the content, accuracy, performance, or availability of any such third-party sites. So there. REDISTRIBUTION POLICY We encourage you to forward this newsletter to your friends, associates, and colleagues for their review and enjoyment. However, please do so only by sending it in full, thereby keeping the copyright and subscription information intact. We do request that, once they've reviewed an issue or two, they subscribe independently rather than continue to receive issues from you. This helps The Naked PC grow and prosper, thereby funding its continued publication. Also, if you wish to post this newsletter to a newsgroup or electronic discussion group, you may do so if you preserve the copyright and subscription information. Thanks. SUBSCRIPTION SERVICES To subscribe or unsubscribe, surf on over to: http://www.TheNakedPC.com/subscribe.html To make comments or suggestions, surf on over to: http://www.TheNakedPC.com/tnpfeedback.html or send email directly to: mailto:tnpc@TheNakedPC.com WEB BULLETIN BOARD Check out our 24x7 Web bulletin board. If you've got a technical question about PC issues, or suggestions of your own, this is the place to hang out: http://www.PRIMEConsulting.com/annoyanceboard/ ADVERTISING To advertise in The Naked PC go to: http://www.TheNakedPC.com/tnpcadvertising.html Mail services provided by Blue Horizon Enterprises, one of the very few "Mom and Pop" operations left on the Web: http://www.bhorizon.com Copyright (c) 2001, PRIME Consulting Group, Inc. and Dan Butler. All Rights Reserved. The Naked PC is a trademark of PRIME Consulting Group, Inc. ISSN: 1522-4422 TNPC Hot Tips:
|