Andrés Valencia
PC Security
This page offers information and tools to keep your PC secure,
free of intrusions in the Internet.
- General Security Advice for Internet Users
- Anti-Spyware/Anti-Adware Online Scanners
- Expanded Threats: Spyware, Malicious Dialers, Rootkits, Malicious JavaScript
- Anti-Spyware/Anti-Adware Software Scanners
- A Final Warning
General Security Advice for Internet Users
The Internet is a dangerous environment as proven by the frequent "Denial of Service" attacks,
through "Worms" and "Trojan Horses",
infecting computers to implement "remotely controlled" intrusions in networks
by means of infected and enslaved PCs; "robots".
The computers with the highest risk of infection are those with a permanent connection to the Internet.
Your PC is not necessarily the final target in these attacks: If infected,
it is used to attack other computers and disseminate the infection.
The attempted dissemination activity congests the Internet, in particular e-mail transit.
The unavailability of the infected computers can cause damage to people and property.
And you could be an involuntary co-responsible.
The most employed attack method is the exploitation of "vulnerabilities" in the operating system or networking software
to install malignant non-authorized programs ("Malware") in your computer.
A Web site knows the IP (Internet Protocol) address of the PC from where you are viewing it,
and could test your PC for vulnerabilities. If a vulnerability is found, the Web site could exploit it.
Once infected, a simple firewall (like the one in Windows XP) would not be a defense,
as it is the Malware in your computer that will be requesting the traffic.
A complete firewall would not be a defense either,
if you grant permission to communicate to unknown software that has already infected your PC.
If your PC has a vulnerability, and you visit a site that can exploit it, your PC could be enslaved. Backdoor and key-logger programs could be installed, or a remote attack on another computer be launched from your PC.
If your Web browser has been infected by "Adware" so it makes automatic visits to unknown sites (pop-up advertising), its vulnerabilities could be exploited. See Spyware, further down in this page.
To eliminate your vulnerabilities keep your operating system and networking software updated
(Web browser, mail program, etc.).
In the MS Internet Explorer menu: Tools,
Windows Update.
Or visit Microsoft Update.
Install all Critical and Security Updates as soon as possible.
Microsoft releases them on the second Tuesday of every month.
However, if a security threat occurs, such as a widespread virus or worm that affects Windows-based computers,
Microsoft will release a corresponding update as soon as possible.
Other types of updates can be released whenever they are ready.
Service Packs SP1 and SP2 are free, but only available to legitimate Windows XP users.
Install all Service Packs.
If your PC clone came with an illegal copy of Windows XP,
you can buy and install an original without loosing your installed programs or your documents.
If you can not install and update a legal copy of MS Windows XP on an Internet-connected PC, it is possible that your vulnerabilities will be exploited even if you use a complete firewall program.
Regularly update your Microsoft Office programs: visit Microsoft Office Online and select "Office Update", or visit Microsoft Update. Have your original MS Office installation disks on hand.
Download and run the
Microsoft Baseline Security Analyzer (MBSA),
an easy-to-use tool that helps determine your security state in accordance with Microsoft recommendations
and offers specific remediation guidance.
Improve your security management by using MBSA
to detect common security misconfigurations and missing security updates on your computer.
Microsoft Baseline Security Analyzer (MBSA) is free, but only available to legitimate Windows 2000, XP, 2003 o Vista users.
Considering that exposure to a single malicious site can turn your PC into a robot,
a spam generator or a slow performer, and steal login information;
securing your Web search activities is an important function.
Simply visiting a bad, hacked Web page can expose your machine.
Vulnerabilities and exploits
continue to permit hackers to spread rootkits and open backdoors on computers around the world.
![[LinkScanner Lite]](xpl_logo_100AV.gif){kind=logo}
Exploit Prevention Labs (xpl)
LinkScanner Lite
integrates with major search engines to check search results for a variety of online threats before you click.
LinkScanner Lite is free for personal use and integrates with major search engines (Google, MSN, Yahoo),
that can be tricked to carry links to malicious sites.
Internet Explorer and Firefox supported. Compatible with major anti-virus, anti-spyware, and firewall products.
[Is part of the AVG Anti-Virus]
Use the Secunia Software Inspector
![[Secunia Software Inspector]](si_85x30.png){kind=small}
to detect the programs installed in your PC that contain vulnerabilities, so you can update them or to eliminate them
(requires the Java Runtime).
This includes old vulnerable versions that are not uninstalled after updating the program,
like for example, the Java Runtime
and the Adobe Flash and Shockwave Players.
![[Haute Secure]](HSlogoflame.gif){kind=small}
Use the Haute Secure Malware Protection Toolbar
to detect and block the Web contents that could exploit vulnerabilities in your MS Internet Explorer and Mozilla Firefox.
Make sure your computer is not sharing anything over the Internet.
This is especially important if you are using a permanent connection.
Avoid printer sharing over a LAN running on the TCP/IP protocol,
from the computers capable of directly connecting to the Internet.
(Control Panel, Network Connections, Local Area Connection Properties, General:
Do not check "File and Printer sharing for Microsoft Networks")
But if you must share files over the Internet, do not share whole drives;
only share expressly prepared, password-protected and "Read-only" folders with the required files.
Password-protected folders are available in Windows XP Professional.
In particular, never share the drive or the folder were the Operating System resides.
In Windows XP Home, share only temporarily, for the shortest period of time.
For example, create a folder named "Out" in "My Documents" and share it,
but do not check "Allow network users to change my files" (Properties, Sharing).
Using this system, all network users will be able to download files from the others Out folders,
but no one would be able to upload files to another computer.
This minimizes the possibilities of intrusion, but not of data theft.
Password protection minimizes both and should be used additionally.
In Windows XP Home, share only temporarily, for the shortest period of time.
Consider that some e-mail viruses fake the sending address to gain your confidence and
get you to execute an attached program, believing it to come from a known address.
Configure your e-mail program for high security.
In the MS Outlook Express menu: Tools, Options, Security: Restricted sites zone (More secure).
You should also select to "Warn me when other applications try to send mail as me".
Configure your antivirus program to examine the contents of your e-mail.
Never open or execute attachments before they are examined by your (recently updated) antivirus program!
No computer should be connected to the Internet without antivirus software of the highest quality, recently updated,
and configured for maximum security, that is, checking all files on entry, from any source.
Install an antivirus program, like the
AVG Anti-Virus Free Edition
from Grisoft (Free, in various languages).
If you use Windows Vista or Windows XP SP2, install a complete security program, like the
Comodo Internet Security (Free),
offering complete protection from Hackers, Virus, Spyware, Trojans and Identity theft,
and a Host Intrusion Prevention System that stops malware from being installed.
An extensive white list database of trusted applications helps reducing the number of initial alerts after installation.
[Best results in the Matousec Firewall Challange]
The Comodo Firewall Pro (Free) is also available, without the antivirus component.
If you use Windows Vista or Windows XP SP2, you can activate the Internet Connection Firewall on the Internet connection
of computers that connect directly to the Internet.
It will protect you against external (from the Internet) unauthorized access.
But this simple firewall does not fully protect you from exploitation of vulnerabilities.
Use: Control Panel, Internet Options, Connections, Settings, Properties, Advanced.
If you want a simple firewall that is very easy to configure,
then you could use the Windows XP SP2 Internet Connection Firewall.
But if you want more advanced control over the traffic that passes through your computer
and you also want to block unauthorized outgoing traffic (traffic from your computer out to the Internet)
then choose a complete personal firewall from another company.
See Security Essentials for Windows XP Service Pack 2.
Use only one firewall program and only one antivirus program at the same time in your PC.
Two firewall programs, or two antivirus programs, can interfere with each other and block your PC.
Install all Windows Critical and Security Updates
Keep your antivirus software updated
Use a complete Firewall
Visit a security evaluation site on the Web, such as Steve Gibson's
Gibson Research Corporation.
There you can run the ShieldsUP! tests to see how well your machine is protected (or not). (Free)
Also run the tests for vulnerabilities to Internet threats at PC Flank (Make sure you're protected on all sides).
Visit Secunia and SecurityFocus for Security News, Articles & Advisories.
Visit the DeepSight Threat Management System from Symantec to learn the global level of the threats.
Visit the site OnGuard Online of the U.S.A. Federal Government to read practical recommendations to help you be on guard against Internet fraud, secure your computer and protect your personal information.
See my Antivirus Information Section
Anti-Spyware/Anti-Adware Online Scanners
Analyze your PC Security with the Symantec Security Check: (Free)
The Web-based Security Scan and Virus Detection will help ensure a safe and productive Internet experience for you and your family. Security Scan determines whether your PC is protected from hackers, viruses, and privacy threats. Virus Detection uses Symantec's virus detection technology to check for virus infections. After analyzing your PC's current level of protection, we'll show you how you can enjoy the Internet and protect yourself at the same time.
System Requirements:
- Microsoft Windows 98/Me/XP or Windows NT 4.0 Workstation/2000 Pro
[Macintosh: OS 8.1 or higher] - Microsoft Internet Explorer 5 or newer, or Netscape 4.5 or newer
[Macintosh: MS IE 4.5 or newer, or Safari 1.0 or newer] - Cookies must be enabled in your browser's security settings
- ActiveX and JavaScript must be enabled in your browser's security settings
- If you are going through a firewall, it must be configured to transmit browser information (user agent) to the Web server
- If you use the AOL browser, please upgrade to the latest version [Keyword: Upgrade]
Analyze your PC with the Trend Micro HouseCall AntiVirus - Scan Online: (Free)
The Web-based HouseCall AntiVirus - Scan Online will help ensure a safe and productive Internet experience for you and your family. HouseCall uses Trend Micro's virus detection technology to check for and eliminate virus infections, spyware, worms and other malware.
System Requirements:
- Microsoft Windows 95/98/XP or Windows NT/2000
- Microsoft Internet Explorer 4.0, Netscape 3.01 or newer
- ActiveX and JavaScript must be enabled in your browser's security settings
Analyze your PC with the a-squared Online Malware Scanner: (Free)
Analyze and clean your system with the a-squared Online Malware Scanner for Trojans, Backdoors, Worms, Dialers, Spyware/Adware, Keyloggers, Rootkits, Hacking Tools, Riskware and Tracking Cookies. Completely free, directly from your web browser.
System Requirements:
- Windows 98/ME/2000/XP or 2003 Server
- Internet Explorer 5.0 or later with ActiveX enabled
Analyze your PC with the F-Secure Online Scanner: (Free)
The Web-based F-Secure Online Virus Scanner will help ensure a safe and productive Internet experience for you and your family. The Online Virus Scanner uses F-Secure's virus detection technology to check for and eliminate virus infections and spyware.
System Requirements:
- Microsoft Windows XP or Windows 2000
- Microsoft Internet Explorer 6.0 or newer
- ActiveX and JavaScript must be enabled in your browser's security settings
Analyze your PC with the Panda Active Scan: (Free)
Analyze your PC with the Panda Active Scan for Virus, Spyware, Hacking and Potentially Unwanted Tools, Dialers, Security Risks and Suspicious files (free analysis).
Expanded Threats
Expanded Threats exist outside of commonly known definitions of viruses, worms, and Trojan horses
and may provide unauthorized access, and threats to system or data security,
and other types of threats or nuisances.
Expanded Threats may be unknowingly downloaded from Web sites, email messages, or instant messengers.
They can also be installed as a by-product of accepting the End User License Agreement
from another software program related to or linked in some way to the Expanded Threat.
Consider that an e-mail can show a faked sending (From:) address to gain your confidence and get you to execute an attached program or visit a link, believing it comes from a known address or person.
See Symantec Security Response - Expanded Threats
"Spyware" (Spy Software):
"Spyware" programs are applications that send information via the Internet to the creator of the spyware, or the publisher. Spyware usually consists of core functionality and functionality for information gathering. The core functionality appeals to users and entices them to install and use the spyware. The End User License Agreement (EULA) informs users of the information-gathering actions, but most users overlook this information. Information that is sent to the publisher is normally used for improved direct marketing purposes. The type of sent information differs depending on the spyware program. In order for the publisher to properly digest the gathered data, some spyware programs send a unique identifier with the gathered information. Users often overlook the information-gathering functionality of spyware, leaving them unaware that the spyware publisher is gathering data from their computers.
See The Dangers of Spyware in Symantec Security Response - White Papers (.pdf, Adobe Acrobat Reader).
Generally, if your Web browser has been infected by "Adware" (advertisement software, a type of "Spyware"), it will make automatic visits to unknown sites (pop-up advertising), and its vulnerabilities could be exploited.
"Spyware" is a relatively new kind of threat that many common antivirus applications do not cover well. More and more spyware is emerging that is silently tracking your surfing behavior to create a marketing profile of you that will be sold to advertisement companies and used to force your browser to visit unknown sites automatically.
See Symantec Security Response - Expanded Threats (Spyware)
In response to this new area of risk (which Symantec termed expanded threats)
Symantec began helping customers by enabling them to detect spyware and other undesirable programs on their computers
using the Norton AntiVirus product.
Times have changed considerably and Symantec's approach to what were once referred to as expanded threats has evolved to meet the challenges posed by programs that are now broadly referred to as spyware.
See Symantec Enterprise Solutions - Symantec's Antispyware Approach
Anti-Spyware/Anti-Adware Software:
You can get rid of much of the Spyware/Adware in your PC by using:
Ad-Aware Free
- Detection/Removal of Spyware (with Free version, from Lavasoft)
Spybot - Search&Destroy
- Detect & Remove Spyware (Free, from Patrick M. Kolla),
a-squared Free
EMSI Software Anti-Malware - Malware Scanner and Remover Software (Free)
AVG Anti-Spyware Free Edition
Grisoft Free Advisor - Malware Scanner and Remover Software (Free)
Microsoft Windows Defender
Protects your computer against pop-ups,
slow performance and security threats caused by spyware and other unwanted software (Free)
Free Spyware Doctor Starter Edition for Google Pack
Prevents, detects and eliminates intrusions (Free,
from PC Tools,
or Google Pack)
Free Norton Security Scan for Google Pack
Detects and eliminates intrusions (Free,
from Google Pack)
Ad-Aware Free detects and eliminates the intrusions already occurred and residing in your PC.
Spybot detects and eliminates the intrusions already occurred and residing in your PC,
it can also inoculate your MS Internet Explorer against the more common.
a-squared Free (A2) detects and eliminates the intrusions already occurred and residing in your PC.
AVG Anti-Spyware Free Edition detects and eliminates the intrusions already occurred and residing in your PC.
Microsoft Windows Defender features Real-Time Protection,
a monitoring system that recommends actions against spyware when it's detected.
Microsoft Windows Defender is only available to legitimate Windows XP-SP2 users.
Free Spyware Doctor Starter Edition for Google Pack users
detects and eliminates some intrusions in real time, and the intrusions already occurred and residing in your PC,
it can also inoculate your MS Internet Explorer against the more common malicious Active-X programs.
With the Free Norton Security Scan for Google Pack,
users have an easy-to-use tool that scans their PC specifically for viruses and spyware.
In addition to the scan feature, the Google Pack version of Norton Security Scan removes all existing viruses,
trojans and worms found on a user's PC and provides them with helpful tips on how they can further improve their PC security.
SpywareBlaster anti-spyware protection
(Free, Javacool Software).
SpywareBlaster doesn't scan for and clean spyware - it prevents it from being installed in the first place.
This program prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers,
and other potentially unwanted programs.
It can also block spyware/tracking cookies in IE and Mozilla/Firefox,
and restrict the actions of spyware/ad/tracking sites.
SpywareBlaster inoculates MS Internet Explorer against many intrusions, to prevent spyware from installing,
and it can be deactivated in case of problems.
Only after deactivation it should be uninstalled, if this is what is wanted.
These tools can all be installed in the same PC as they are basically scanners and will not interfere with each other
or an antivirus program.
This is recommendable as each specializes in a different kind of spyware.
Tracking Cookies:
The above tools will help you to get rid of "Tracking Cookies"
(Third Party Cookies that use personally identifiable information) stored in your PC,
but you should configure your browser to block them.
In the MS Internet Explorer menu: Tools, Internet Options, Privacy (Medium, at least).
A cookie is not a program, it is a very small text file with information that a Web site can store in your PC. A persistent cookie remains when you close your browser. A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close it.
First-party cookies originate on or are sent to the Web site you are currently viewing. If you do not allow first-party cookies, you may not be able to view some Web sites or take advantage of their customization features.
Third-party cookies either originate on or are sent to Web sites different from the one you are currently viewing. Third-party Web sites usually provide some content on the Web site you are viewing. For example, a site may use advertising from third-party Web sites and those third-party Web sites may use cookies. A common use for this type of cookie is to track your Web visits for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary.
A Web site only has access to the personally identifiable information that you provide to it, such as your log-in and preferences when visiting that site. Normally, only the Web site that created a cookie can read it.
Your Internet Service Provider (ISP) assigns your PC an IP (Internet Protocol) address when you make a connection. An IP address is unique in the whole world at any time, and only your ISP can associate it with your PC at a particular time.
Malicious Dialers:
These are small malicious programs that connect over a telephone line a PC to a Dial-Up Network (DUN) at very high rates of cost to the user.
In general it is required to examine your PC with an updated antivirus program to detect and eliminate them. Some can be detected by a user by examining "Internet Connections" in the Windows Control Panel.
Malicious dialers are generally installed in your PC by visiting an infecting Website or by a new kind of virus that has one as a payload.
You can eliminate malicious dialers from your PC with the a-squared Anti-Dialer Freeware! - free of charge Dialer scanner and remover.
See Symantec Security Response - Expanded Threats (Dialers)
Rootkits:
A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit, such as installation and any form of code execution, are done without end user consent or knowledge.
Rootkits do not infect machines by themselves like viruses or worms,
but rather, seek to provide an undetectable environment for malicious code to execute.
To manually install rootkits,
attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques.
In some cases, rootkits can be installed automatically upon execution of a virus or worm,
or by browsing to a malicious website.
Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels.
A good antivirus program, like the AVG Anti-Virus Free Edition from Grisoft, or the a-squared Free, should detect a rootkit not yet installed. To detect and eliminate one that has been able to install, you can use the Sophos Anti-Rootkit, or the Trend Micro RootkitBuster (Free).
See
Rootkits - A New Malware Trend
(a2 Knowledgebase, EMSI Software)
and
Symantec Security Response - Windows Rootkit Overview
(.pdf, Adobe Acrobat Reader).
Malicious JavaScript:
Malicious scripting attacks are a threat to Web users. A Web site can use a scripting language, like JavaScript, to exploit security vulnerabilities that could allow it to perform installations of spyware or remote control programs.
Firefox, Internet Explorer 7 and Opera have some features to prevent these exploits,
including pop-up warnings that let the user know when a Web site uses scripting.
But these all/nothing controls are not flexible enough.
You should allow the execution of JavaScript only from trusted Web sites.
But typically, a Web site will present scripts coming from other Web sites.
The NoScript Firefox extension provides extra protection for
Firefox,
and other Mozilla-based browsers:
This free, open source add-on allows potentially dangerous JavaScript, Java, Flash and other plugins
to be executed only from trusted Web sites of your choice (e.g. your online bank).
Cross Site Scripting:
Cross-site scripting (XSS) attacks occur when an attacker uses a Web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a Web application uses input from a user in the output it generates without validating or encoding it.
An attacker can use XSS to send malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.
See Cross Site Scripting Open Web Application Security Project (OWASP)
See Cross-site scripting Wikipedia, the free encyclopedia
Malicious HTML Tags Embedded in Client Web Requests:
None of the solutions that Web users can take are complete solutions. In the end, it is up to Web page developers to modify their pages to eliminate these types of problems.
However, Web users have two basic options to reduce their risk of being attacked through this vulnerability.
The first, disabling scripting languages in their browser,
provides the most protection but has the side effect for many users of disabling functionality that is important to them.
Users should select this option when they require the lowest possible level of risk.
The second solution, being selective about how they initially visit a Web site,
will significantly reduce a user's exposure while still maintaining functionality.
Users should understand that they are accepting more risk when they select this option,
but are doing so in order to preserve functionality that is important to them.
See Malicious HTML Tags Embedded in Client Web Requests CERT Advisory CA-2000-02
Security information is of a time critical nature.
The
Symantec Security Advisories
contain information about major security developments, including Symantec's response to the situation.
A Final Warning
Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller,
more focused attacks on desktop computers.
The new threat landscape will likely be dominated by emerging threats such as robot networks (botnets),
customizable modular malicious code, and targeted attacks on Web applications and Web browsers.
See Symantec Enterprise Solutions - Internet Security Threat Report
During 2007 the number of samples of malicious code has doubled,
having taken 20 years to reach the size it was at the beginning of this year.
One of the most successful "botnets" of 2007 has been "Storm". The Storm botnet, estimated now to contain millions of compromised computers, has advanced defenses.
See Cracking open the cybercrime economy (Tech News on ZDNet, Dec 14, 2007)
The signature inventory of pests recognized by a-squared Free and a-squared Anti-Malware
had somewhat more than 500,000 entries at the beginning of last year.
At the beginning of 2008 this has already reached a record of 1.1 million Malware signatures.
Whereas 1.4 million Malware infections were reported by a-squared users in 2006,
this rose to an unbelievable figure of 1.9 million last year.
The shocking fact is: on average, every PC was infected with 8 different types of Malware!
Malware is no longer being built for self promotion purposes, or for fun,
but rather with the primary aim of earning large amounts of money.
Most of the newly discovered Worms, Bots and Trojans no longer contain destructive routines.
They are purely designed for the purpose of hijacking computers to allow them to be remote controlled.
Spammers use this computing power to anonymously send millions of e-mails.
Other shadowy organizations use the storage capacity to store and distribute illegal data,
such as child pornography or similar.
As the victim, you usually do not notice that your computer is being used as a trading place for this type of data.
The only clear indications are usually only an Internet connection that becomes continuously slower
and less computer performance for your own applications.
See Malware Annual Report 2007 (Emsi Software, 1/17/2008)
Spoofed e-mails (also known as Phishing) that appear to be from a supplier (with a false From address) can put you in danger.
They normally ask you to unknowingly navigate to a spoofed Web site (with a false URL) to provide, update or confirm sensitive personal information. To attract you, they may refer to an urgent situation in your account or a very interesting offer.
Some information that Phishing scams are after:
- Credit or debit card numbers
- PINs or Passwords
- Account Numbers
- Personal ID numbers and other personal data (like names and addresses)
Even if you don't provide what they ask for, simply clicking on the link could subject you to "silent" installations of key logging software or backdoor programs.
Many of these sites open spoofing windows to obtain your authorization for an installation. Close them using the X in the upper-right corner of the window. Do not use the controls in these windows; a button can do anything, no matter how it is marked.
Consider that a Web page can spoof the contents of both the Address (URL) and Status Bar.
Don't follow links to your suppliers provided in unsolicited e-mail or untrusted Web sites.
Write the known URL yourself and then navigate the supplier's Web site.
Always do this for banks, financial services and on-line stores.
To navigate the Web, your browser requires access to a DNS (Domain Name Server) service that translates the URLs you type
(i.e. www.somedomain.com) into a set of 4 numbers that is the actual IP (Internet Protocol) address of the Website.
But generally, DNS servers are only directly available from connections provided by the ISP to which they belong.
This means you are generally limited to directly using
the DNS server of your Internet Service Provider (ISP).
If your DNS service directs a certain URL to your own PC, this URL is blocked,
and you get a 404 Error (page not found).
Avoiding the blockage requires using a public DNS service,
like OpenDNS (Free),
which also offers an anti-Phishing service.
Additionally, using OpenDNS
guarantees your movements on the Web can not be tracked through the DNS use log at your ISP.
When OpenDNS is unable to determine how to resolve a URL (for example, a typo which is not in our "errors we can fix" list), then OpenDNS provides search results that are the best match for the information provided.
Security researcher Dan Kaminsky announced on July 8 '08 that a major bug affecs DNS software.
Here's a quick way to tell if your DNS servers are at risk:
While browsing from a PC in your network,
head to DoxPara Research, Kaminsky's site,
and look for a button on the right named "Check My DNS". Click it.
PC World - Business Center: Have You Fixed Your Company's DNS Servers?
If your DNS server appears safe, you should get:
Your name server, at ...., appears to be safe,
but make sure the ports listed below aren't following an obvious pattern.
Make sure that the listed ports do not follow an obvious pattern.
Multiple DNS implementations vulnerable to cache poisoning:
DNS cache poisoning (sometimes referred to as cache pollution)
is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver.
US-CERT Vulnerability Note VU#800113
OpenDNS is proud to announce that they are one of the two DNS vendors / service providers
that were not vulnerable when this issue was first discovered by Dan Kaminsky.
OpenDNS Blog » OpenDNS - Keeping you safe day after day
More news will be coming about this DNS vulnerability, and a major anouncement by Kaminsky is expected in August 6 '08 during the Black Hat conference in Las Vegas.
State of the Internet: Old worms live on; Delaware speediest state; South Korea a broadband king
ZDNet Blogs, May 29th, 2008. Posted by Larry Dignan @ 4:55 am
Akamai [a global server network that handles 20% of the world's total Web traffic] on Thursday [May 29 '08] released its first State of the Internet report and found attack traffic – viruses, worms, bots and such – derived from 125 countries, with 30% of that traffic coming from the United States and China. Some of these attacks, which occurred in the first quarter, were from worms like the Blaster back in 2003.
Of that attack traffic, the top 10 countries accounted for 75% of the attacks. The surprising hotspots for attacks included Venezuela, Argentina and Brazil – three places not exactly known for their hacking communities. Russia was a no-show.
Here's the chart from Akamai's report, which requires registration:
See Akamai Report: The State of the Internet
- 1st Quarter 2008, 2nd Quarter 2008
My specialty is Personal Computing and I work as an independent consultant.
Updated: November 18 '08
Symantec and Trend Micro Security Alerts Boxes
Castellano: Sección sobre Seguridad de PCs
Back: Home Page (PC Security and Updating Service)
Messages:
Andrés Valencia: Communications