This page offers information and tools to keep your PC secure,
- General Security Advice for Internet Users
General Security Advice for Internet Users
The Internet is a dangerous environment as proven by the frequent "Denial of Service" attacks, the infection of legitimate Web sites,
the "Worms" and "Trojan Horses" infecting computers to implement "remotely controlled" intrusions in networks
by means of infected and enslaved PCs; "robots", or "bots".
Bots work silently, but we all see their work. Almost every spam e-mail is sent from a hijacked computer. Every time you receive a spam, a hijacked computer sent it.
Your PC is not necessarily the final target in these attacks: If infected,
it is used to attack other computers and disseminate the infection.
The attempted dissemination activity congests the Internet, in particular e-mail transit.
A Web site knows the IP (Internet Protocol) address of the PC from where you are viewing it,
and could test your PC for vulnerabilities. If a vulnerability is found, an infected Web site could exploit it.
If your PC has a vulnerability, and you visit an infected site that can exploit it, your PC could be enslaved. Backdoor and key-logger programs could be installed, and a remote attack on another computer be launched from your PC.
If your Web browser has been infected by "Adware" so it makes automatic visits to unknown sites (pop-up advertising), its vulnerabilities could be exploited. See Spyware, further down in this page.
If you can not install and update a legal copy of MS Windows on an Internet-connected PC,
it is possible that your vulnerabilities will be exploited even if you use a complete firewall program.
Regularly update your Microsoft Office programs: visit Microsoft Office Online and select "Office Update", or visit Microsoft Update. Microsoft releases these updates on the fourth Tuesday of each month. Have your original MS Office installation disks on hand.
But if you must share files over the Internet, do not share whole drives;
only share expressly prepared, password-protected and "Read-only" folders with the required files.
Password-protected folders are available in Windows XP Professional.
In particular, never share the drive or the folder were the Operating System resides.
For example, create a folder named "Out" in "My Documents" and share it,
but do not check "Allow network users to change my files" (Properties, Sharing).
For additional protection, also install the
Comodo BOClean Anti Malware software (Free).
By installing malware (short for MALicious softWARE) on a machine, computer crackers can go anywhere, see and do anything they want with your computer, including banking records and your most intimate and personal documents. In addition to wreaking havoc with your machine and pillaging your personal property, some malware, specifically trojan horse servers, can even record your personal conversations if you have a microphone connected to your computer. Malware can invade your system without you ever knowing it and are designed to elude firewalls by using ports which are not blocked by network "firewall" security software or proxy servers. Many of them disable the most frequently used antivirus and software firewalls.
If you want a simple firewall that is very easy to configure, then you could use the Windows XP SP2 Internet Connection Firewall. But if you want more advanced control over the traffic that passes through your computer and you also want to block unauthorized outgoing traffic (traffic from your computer out to the Internet) then choose a complete personal firewall from another company.
Visit a security evaluation site on the Web, such as
Rapid7 (Vulnerability Management & Penetration Testing Software).
Also run the tests for vulnerabilities to Internet threats at PC Flank (Make sure you're protected on all sides).
Visit the site OnGuard Online of the U.S.A. Federal Government to read practical recommendations to help you be on guard against Internet fraud, secure your computer and protect your personal information.
[Running an Online Scanner under Windows Vista in general requires accessing it with Microsoft Internet Explorer in Administrator mode: Select a start icon for Microsoft Internet Explorer with a right click, select Run as Administrator]
Downadup (or Conficker) is a self-updatable network worm that takes advantage of a Windows vulnerability to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites. Conficker disables the Microsoft Windows Firewall service.
Visit Microsoft Update and install all Critical and Security Updates.
See An Analysis of Conficker (SRI Malware Threat Center, February 4, 2009)
The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.
See Virus alert about the Win32-Conficker.B worm (Microsoft Help and Support)
The Web-based Security Scan and Virus Detection will help ensure a safe and productive Internet experience for you and your family. Security Scan determines whether your PC is protected from hackers, viruses, and privacy threats. Virus Detection uses Symantec's virus detection technology to check for virus infections. After analyzing your PC's current level of protection, we'll show you how you can enjoy the Internet and protect yourself at the same time.
Analyze your PC with the ESET-NOD32 AntiVirus - Online Scanner: (Free)
The ESET Online Scanner is a good free virus scan in the Web. A user-friendly, powerful tool, the ESET online antivirus utility can remove malware - viruses, spyware, adware, worms, trojans, and more - from any PC utilizing only a web browser. The AntiVirus - Online Scanner uses the same ThreatSense technology and signatures as ESET NOD32 Antivirus, which means it is always up-to-date.
ESET Online Scanner requires the following minimum system components:
Analyze and clean your PC with the Trend Micro HouseCall AntiVirus - Scan Online: (Free)
The Web-based HouseCall AntiVirus - Scan Online will help ensure a safe and productive Internet experience for you and your family. HouseCall uses Trend Micro's virus detection technology to check for and eliminate virus infections, spyware, worms and other malware.
Analyze and clean your PC with the Emsisoft Anti-Malware:
Comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits. (Previously a-squared Anti-Malware)
2 cleaning programs in 1: Anti-Virus + Anti-Malware
When downloading, you'll get the full version including all protection features for 30 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections.
The Conficker Worm shocked PC security experts. Millions of computers were supposed to have been infected. The free program Emsisoft Emergency Kit checks whether Conficker (or other worms) are present in a computer. In the worst case, the free program can immediately remove the security risk.
Install the Emsisoft Anti-Malware EMSI Software - virus and malware prevention and remover software
Analyze and clean your PC with the F-Secure Online Scanner: (Free)
The Web-based F-Secure Online Virus Scanner will help ensure a safe and productive Internet experience for you and your family. The Online Virus Scanner uses F-Secure's virus detection technology to check for and eliminate virus infections, spyware and rootkits.
Analyze and clean your PC with the BitDefender Online Scanner: (Free)
Analyze your PC with the BitDefender QuickScan for Virus and Spyware.
Expanded Threats exist outside of commonly known definitions of viruses, worms, and Trojan horses
and may provide unauthorized access, and threats to system or data security,
and other types of threats or nuisances.
Consider that an e-mail can show a faked sending (From:) address to gain your confidence and get you to execute an attached program or visit a link, believing it comes from a known address or person.
"Spyware" (Spy Software):
"Spyware" programs are applications that send information via the Internet to the creator of the spyware, or the publisher. Spyware usually consists of core functionality and functionality for information gathering. The core functionality appeals to users and entices them to install and use the spyware. The End User License Agreement (EULA) informs users of the information-gathering actions, but most users overlook this information. Information that is sent to the publisher is normally used for improved direct marketing purposes. The type of sent information differs depending on the spyware program. In order for the publisher to properly digest the gathered data, some spyware programs send a unique identifier with the gathered information. Users often overlook the information-gathering functionality of spyware, leaving them unaware that the spyware publisher is gathering data from their computers.
Generally, if your Web browser has been infected by "Adware" (advertisement software, a type of "Spyware"), it will make automatic visits to unknown sites (pop-up advertising), and its vulnerabilities could be exploited.
"Spyware" is a relatively new kind of threat that many common antivirus applications do not cover well. More and more spyware is emerging that is silently tracking your surfing behavior to create a marketing profile of you that will be sold to advertisement companies and used to force your browser to visit unknown sites automatically.
See Symantec Security Response - Expanded Threats (Spyware)
Times have changed considerably and Symantec's approach to what were once referred to as expanded threats has evolved to meet the challenges posed by programs that are now broadly referred to as spyware.
You can get rid of the Spyware/Adware in your PC by using:
The above tools will help you to get rid of "Tracking Cookies"
(Third Party Cookies that use personally identifiable information) stored in your PC,
but you should configure your browser to block them.
A cookie is not a program, it is a very small text file with information that a Web site can store in your PC. A persistent cookie remains when you close your browser. A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close it.
First-party cookies originate on or are sent to the Web site you are currently viewing. If you do not allow first-party cookies, you may not be able to view some Web sites or take advantage of their customization features.
A Web site only has access to the personally identifiable information that you provide to it, such as your log-in and preferences when visiting that site. Normally, only the Web site that created a cookie can read it.
Your Internet Service Provider (ISP) assigns your PC an IP (Internet Protocol) address when you make a connection. An IP address is unique in the whole world at any time, and only your ISP can associate it with your PC at a particular time.
Adobe Flash Player is the standard for delivering high-impact, rich Web content.
Adobe recommends that all Adobe Flash Player users upgrade to the most recent version of the Player through the Adobe Flash Player Download Center to take advantage of security updates.
Users of Adobe Flash Player on all supported platforms can manually check whether their installed Flash Player is the latest, most secure version at Adobe Flash Player - Version Information.
The Adobe Flash Player Settings panels let you make decisions about privacy,
data storage on your computer, security, notifications of updates,
and the use of the camera and microphone installed on your computer.
Use the links in the table of contents to learn how to make these decisions.
Flash Player provides a number of ways you can manage a website's ability to store information in local shared objects.
You can control storage space by individual websites or for all websites.
A third-party local shared object, sometimes referred to as a "third-party Flash cookie",
is a shared object created by third-party content,
content that is not actually from the site you are currently viewing.
Third-party local shared objects may be important for privacy
because they can be used to track your preferences or your usage across different websites that you visit.
Note that if you have installed the PPAPI version of Flash Player, you must use the Flash Player Native Control Panel to configure your settings. Otherwise, use the Windows Control Panel - Flash Player Settings Manager.
.sol Editor opens, removes or creates a Macromedia Flash shared object file (.sol),
displays the content of the file and allows you to change the values.
These are small malicious programs that connect over a telephone line a PC to a Dial-Up Network (DUN) at very high rates of cost to the user.
In general it is required to examine your PC with an updated antivirus program to detect and eliminate them. Some can be detected by a user by examining "Internet Connections" in the Windows Control Panel.
Malicious dialers are generally installed in your PC by visiting an infecting Website or by a new kind of virus that has one as a payload.
You can eliminate malicious dialers from your PC with the Emsisoft Emergency Kit EMSI Software Anti-Malware - Malware Scanner and Remover Software (Free).
A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit, such as installation and any form of code execution, are done without end user consent or knowledge.
Rootkits do not infect machines by themselves like viruses or worms,
but rather, seek to provide an undetectable environment for malicious code to execute.
To manually install rootkits,
attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques.
A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit. The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see.
The Sinowal Trojan, also known as Torpig and Mebroot, may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters. Dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as e-mail and FTP accounts from numerous websites, have also been compromised and stolen. Leading anti-virus vendors have indicated that the Sinowal Trojan is specific to Windows XP operating environments.
Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels.
A good antivirus program, like the AVG Free Antivirus & Malware Protection should detect a rootkit not yet installed. To detect and eliminate one that has been able to install, you can use the Sophos Anti-Rootkit, and the Trend Micro Rootkit Buster (Free).
Rootkits - A New Malware Trend (Emsisoft Blog, EMSI Software),
Do not use ActiveX applications from untrusted sources.
Visit Java Download to download and install the latest available version of the Java Runtime Environment (JRE). Then uninstall any older, vulnerable versions. JRE version 7 is now available.
"The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn't get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java."
"If you use any version of OS X before Snow Leopard (10.6) and you have Java installed (all versions of OS X before 10.7 include Java by default), you are vulnerable to this exploit and there is no patch available." [Disabling Java, or updating to OS X 10.7, is recommended]
New Mac malware epidemic exploits weaknesses in Apple ecosystem
(ZDNet, Ed Bott. April 6, 2012)
Firefox, Internet Explorer 7 and Opera have some features to prevent these exploits,
including pop-up warnings that let the user know when a Web site uses scripting.
But these all/nothing controls are not flexible enough.
Cross-site scripting (XSS) attacks occur when an attacker uses a Web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a Web application uses input from a user in the output it generates without validating or encoding it.
An attacker can use XSS to send malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.
See Cross Site Scripting Open Web Application Security Project (OWASP)
See Cross-site scripting Wikipedia, the free encyclopedia
None of the solutions that Web users can take are complete solutions. In the end, it is up to Web page developers to modify their pages to eliminate these types of problems.
However, Web users have two basic options to reduce their risk of being attacked through this vulnerability.
The first, disabling scripting languages in their browser,
provides the most protection but has the side effect for many users of disabling functionality that is important to them.
Users should select this option when they require the lowest possible level of risk.
See Malicious HTML Tags Embedded in Client Web Requests CERT Advisory CA-2000-02
A Final Warning
Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller,
more focused attacks on desktop computers.
One of the most successful "botnets" of 2007 has been "Storm". The Storm botnet, estimated now to contain millions of compromised computers, has advanced defenses.
See Cracking open the cybercrime economy (CNET News, Dec 14, 2007)
They normally ask you to navigate to a spoofed Web site (showing a false URL) to provide, update or confirm sensitive personal information. To attract you, they may refer to an urgent situation in your account or a very attractive offer.
Some information that Phishing scams are after:
Even if you don't provide what they ask for, simply clicking on the link could subject you to "silent" installations of key logging software or backdoor programs.
Many of these sites open spoofing windows to obtain your authorization for an installation. Close them using the X in the upper-right corner of the window. Do not use the controls in these windows; a button can do anything, no matter how it is marked.
Consider that a Web page can spoof the contents of both the Address (URL) and Status Bar.
When OpenDNS is unable to determine how to resolve a URL (for example, a typo which is not in our "errors we can fix" list), then OpenDNS provides search results that are the best match for the information provided.
To try it out:
To try it out:
Akamai [a global server network that handles 20% of the world's total Web traffic] on Thursday [May 29 '08] released its first State of the Internet report and found attack traffic - viruses, worms, bots and such - derived from 125 countries, with 30% of that traffic coming from the United States and China. Some of these attacks, which occurred in the first quarter, were from worms like the Blaster back in 2003.
Of that attack traffic, the top 10 countries accounted for 75% of the attacks. The surprising hotspots for attacks included Venezuela, Argentina and Brazil - three places not exactly known for their hacking communities. Russia was a no-show.
Here's the chart from Akamai's report, which requires registration:
See Fake App Attack: Misleading Application Suspicious Notification (Symantec - Norton)
The human and technical aspects of cyber threats changed dramatically in 2014. Highly evasive attacks, created from blended techniques, exploited vulnerabilities and opened cracks in old infrastructure standards. The constant evolution of technology development created a completely new set of challenges.
The Threat Report by Websense Security Labs, provides advice, actionable intelligence and guidance in dealing with existing and emerging threats, taking into account the need for companies to grow and innovate, while protecting intellectual property and confidential information.
There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: human behavioral trends and technique-based trends, to examine who's doing what and how they are doing it.
Download the Report:
You will also get access to the recorded webcast events, with our security experts discussing the impact and future implications of these trends and threats.
My specialty is Personal Computing and I work as an independent consultant.
Updated: June 22 '15
Castellano: Sección sobre Seguridad de PCs
Back: Home Page (PC Security and Updating Service)
Andrés Valencia: Communications