Andrés ValenciaPC Security
This page offers information and tools to keep your PC secure,
- General Security Advice for Internet Users General Security Advice for Internet Users
The Internet is a dangerous environment as proven by the frequent "Denial of Service" attacks, the infection of legitimate Web sites,
the "Worms" and "Trojan Horses" infecting computers to implement "remotely controlled" intrusions in networks
by means of infected and enslaved PCs; "robots", or "bots". Bots work silently, but we all see their work. Almost every spam e-mail is sent from a hijacked computer. Every time you receive a spam, a hijacked computer sent it.
Your PC is not necessarily the final target in these attacks: If infected,
it is used to attack other computers and disseminate the infection.
The attempted dissemination activity congests the Internet, in particular e-mail transit.
A Web site knows the IP (Internet Protocol) address of the PC from where you are viewing it,
and could test your PC for vulnerabilities. If a vulnerability is found, an infected Web site could exploit it. If your PC has a vulnerability, and you visit an infected site that can exploit it, your PC could be enslaved. Backdoor and key-logger programs could be installed, and a remote attack on another computer be launched from your PC. If your Web browser has been infected by "Adware" so it makes automatic visits to unknown sites (pop-up advertising), its vulnerabilities could be exploited. See Spyware, further down in this page.
If you can not install and update a legal copy of MS Windows on an Internet-connected PC,
it is possible that your vulnerabilities will be exploited even if you use a complete firewall program. Regularly update your Microsoft Office programs: visit Microsoft Office Online and select "Office Update", or visit Microsoft Update. Microsoft releases these updates on the fourth Tuesday of each month. Have your original MS Office installation disks on hand.
But if you must share files over the Internet, do not share whole drives;
only share expressly prepared, password-protected and "Read-only" folders with the required files.
Password-protected folders are available in Windows XP Professional.
In particular, never share the drive or the folder were the Operating System resides.
For example, create a folder named "Out" in "My Documents" and share it,
but do not check "Allow network users to change my files" (Properties, Sharing).
By installing malware (short for MALicious softWARE) on a machine, computer crackers can go anywhere, see and do anything they want with your computer, including banking records and your most intimate and personal documents. In addition to wreaking havoc with your machine and pillaging your personal property, some malware, specifically trojan horse servers, can even record your personal conversations if you have a microphone connected to your computer. Malware can invade your system without you ever knowing it and are designed to elude firewalls by using ports which are not blocked by network "firewall" security software or proxy servers. Many of them disable the most frequently used antivirus and software firewalls.
Protect your PC with the Ad-Aware Free Antivirus+ by Lavasoft - Protection from Virus, Spyware & Malware. Combining our legendary anti-spyware with a powerful antivirus, Ad-Aware Free Antivirus+ enhances them with real-time protection, download protection and continuously updated filters against malicious URLs, providing top-of-the-line anti-malware protection for the casual computer user.
Comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits. (Previously a-squared Anti-Malware) 2 cleaning programs in 1: Anti-Virus + Anti-Malware When downloading, you'll get the full version including all protection features for 30 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections. Install the Emsisoft Anti-Malware
See How to find and clean malware infections with Emsisoft Emergency Kit
Protect your PC with the Panda Internet Security 2015 for Virus, Spyware, Hacking and Potentially Unwanted Tools, Security Risks and Suspicious files.
Microsoft Security Essentials - Guards against viruses, spyware, & other malicious software. You can't use Microsoft Security Essentials with Windows 8.1. But if you want to protect a PC with an older version of Windows, you can use Microsoft Security Essentials to help guard against viruses, spyware, and other malicious software.
If you want a simple firewall that is very easy to configure, then you could use the Windows XP SP2 Internet Connection Firewall. But if you want more advanced control over the traffic that passes through your computer and you also want to block unauthorized outgoing traffic (traffic from your computer out to the Internet) then choose a complete personal firewall from another company.
Visit Secunia and
SecurityFocus
for Security News, Articles & Advisories. Also run the tests for vulnerabilities to Internet threats at PC Flank (Make sure you're protected on all sides). Visit the site OnGuard Online of the U.S.A. Federal Government to read practical recommendations to help you be on guard against Internet fraud, secure your computer and protect your personal information.
[Running an Online Scanner under Windows Vista in general requires accessing it with Microsoft Internet Explorer in Administrator mode: Select a start icon for Microsoft Internet Explorer with a right click, select Run as Administrator]
System Requirements:
Visit Microsoft Update and install all Critical and Security Updates. See An Analysis of Conficker (SRI Malware Threat Center, February 4, 2009) See Microsoft Security Bulletin MS08-067 - Critical: Vulnerability in Server Service Could Allow Remote Code Execution (October 23, 2008)
Determine if it is infected with the Downadup worm (known also as Conficker or Kido):
The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT).
This is a stand-alone binary that is useful in the removal of prevalent malicious software,
and it can help remove the Win32/Conficker malware family. See Virus alert about the Win32-Conficker.B worm (Microsoft Help and Support)
Analyze your PC Security with the Symantec Security Check: (Free) The Web-based Security Scan and Virus Detection will help ensure a safe and productive Internet experience for you and your family. Security Scan determines whether your PC is protected from hackers, viruses, and privacy threats. Virus Detection uses Symantec's virus detection technology to check for virus infections. After analyzing your PC's current level of protection, we'll show you how you can enjoy the Internet and protect yourself at the same time. System Requirements:
Analyze your PC with the ESET-NOD32 AntiVirus - Online Scanner: (Free) The ESET Online Scanner is a good free virus scan in the Web. A user-friendly, powerful tool, the ESET online antivirus utility can remove malware - viruses, spyware, adware, worms, trojans, and more - from any PC utilizing only a web browser. The AntiVirus - Online Scanner uses the same ThreatSense technology and signatures as ESET NOD32 Antivirus, which means it is always up-to-date. ESET Online Scanner requires the following minimum system components:
Analyze and clean your PC with the Trend Micro HouseCall AntiVirus - Scan Online: (Free) The Web-based HouseCall AntiVirus - Scan Online will help ensure a safe and productive Internet experience for you and your family. HouseCall uses Trend Micro's virus detection technology to check for and eliminate virus infections, spyware, worms and other malware. System Requirements:
Analyze and clean your PC with the F-Secure Online Scanner: (Free) The Web-based F-Secure Online Virus Scanner will help ensure a safe and productive Internet experience for you and your family. The Online Virus Scanner uses F-Secure's virus detection technology to check for and eliminate virus infections, spyware and rootkits. System Requirements:
You can get rid of the Spyware/Adware in your PC by using:
Expanded Threats
Expanded Threats exist outside of commonly known definitions of viruses, worms, and Trojan horses
and may provide unauthorized access, and threats to system or data security,
and other types of threats or nuisances. Consider that an e-mail can show a faked sending (From:) address to gain your confidence and get you to execute an attached program or visit a link, believing it comes from a known address or person. See Symantec Security Response - Expanded Threats "Spyware" (Spy Software): "Spyware" programs are applications that send information via the Internet to the creator of the spyware, or the publisher. Spyware usually consists of core functionality and functionality for information gathering. The core functionality appeals to users and entices them to install and use the spyware. The End User License Agreement (EULA) informs users of the information-gathering actions, but most users overlook this information. Information that is sent to the publisher is normally used for improved direct marketing purposes. The type of sent information differs depending on the spyware program. In order for the publisher to properly digest the gathered data, some spyware programs send a unique identifier with the gathered information. Users often overlook the information-gathering functionality of spyware, leaving them unaware that the spyware publisher is gathering data from their computers. See The Dangers of Spyware in Symantec Security Response - White Papers (.pdf, Adobe Acrobat Reader)
Generally, if your Web browser has been infected by "Adware" (advertisement software, a type of "Spyware"), it will make automatic visits to unknown sites (pop-up advertising), and its vulnerabilities could be exploited. "Spyware" is a relatively new kind of threat that many common antivirus applications do not cover well. More and more spyware is emerging that is silently tracking your surfing behavior to create a marketing profile of you that will be sold to advertisement companies and used to force your browser to visit unknown sites automatically. See Symantec Security Response - Expanded Threats (Spyware)
Times have changed considerably and Symantec's approach to what were once referred to as expanded threats has evolved to meet the challenges posed by programs that are now broadly referred to as spyware. See Symantec Enterprise Solutions - Symantec's Antispyware Approach
The above tools will help you to get rid of "Tracking Cookies"
(Third Party Cookies that use personally identifiable information) stored in your PC,
but you should configure your browser to block them.
A cookie is not a program, it is a very small text file with information that a Web site can store in your PC. A persistent cookie remains when you close your browser. A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close it. First-party cookies originate on or are sent to the Web site you are currently viewing. If you do not allow first-party cookies, you may not be able to view some Web sites or take advantage of their customization features. Third-party cookies either originate on or are sent to Web sites different from the one you are currently viewing. Third-party Web sites usually provide some content on the Web site you are viewing. For example, a site may use advertising from third-party Web sites and those third-party Web sites may use cookies. A common use for this type of cookie is to track your Web visits for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary. A Web site only has access to the personally identifiable information that you provide to it, such as your log-in and preferences when visiting that site. Normally, only the Web site that created a cookie can read it. Your Internet Service Provider (ISP) assigns your PC an IP (Internet Protocol) address when you make a connection. An IP address is unique in the whole world at any time, and only your ISP can associate it with your PC at a particular time.
Adobe Flash Player is the standard for delivering high-impact, rich Web content. Adobe recommends that all Adobe Flash Player users upgrade to the most recent version of the Player through the Adobe Flash Player Download Center to take advantage of security updates.
Users of Adobe Flash Player on all supported platforms can manually check whether their installed Flash Player is the latest,
most secure version at
Adobe Flash Player - Version Information.
The Adobe Flash Player Settings panels let you make decisions about privacy,
data storage on your computer, security, notifications of updates,
and the use of the camera and microphone installed on your computer.
Use the links in the table of contents to learn how to make these decisions.
Flash Player provides a number of ways you can manage a website's ability to store information in local shared objects.
You can control storage space by individual websites or for all websites.
A third-party local shared object, sometimes referred to as a "third-party Flash cookie",
is a shared object created by third-party content,
content that is not actually from the site you are currently viewing.
Third-party local shared objects may be important for privacy
because they can be used to track your preferences or your usage across different websites that you visit. Note that if you have installed the PPAPI version of Flash Player, you must use the Flash Player Native Control Panel to configure your settings. Otherwise, use the Windows Control Panel - Flash Player Settings Manager.
.sol Editor opens, removes or creates a Macromedia Flash shared object file (.sol),
displays the content of the file and allows you to change the values.
A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit, such as installation and any form of code execution, are done without end user consent or knowledge.
Rootkits do not infect machines by themselves like viruses or worms,
but rather, seek to provide an undetectable environment for malicious code to execute.
To manually install rootkits,
attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit. The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The Sinowal Trojan, also known as Torpig and Mebroot, may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters. Dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as e-mail and FTP accounts from numerous websites, have also been compromised and stolen. Leading anti-virus vendors have indicated that the Sinowal Trojan is specific to Windows XP operating environments. Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels. A good antivirus program, like the AVG Free Antivirus & Malware Protection should detect a rootkit not yet installed. To detect and eliminate one that has been able to install, you can use the Sophos Anti-Rootkit, and the Trend Micro Rootkit Buster (Free).
See
Rootkits - A New Malware Trend (Emsisoft Blog, EMSI Software),
Do not use ActiveX applications from untrusted sources. Visit Java Download to download and install the latest available version of the Java Runtime Environment (JRE). Then uninstall any older, vulnerable versions. JRE version 7 is now available.
"The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn't get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java." "If you use any version of OS X before Snow Leopard (10.6) and you have Java installed (all versions of OS X before 10.7 include Java by default), you are vulnerable to this exploit and there is no patch available." [Disabling Java, or updating to OS X 10.7, is recommended]
See
New Mac malware epidemic exploits weaknesses in Apple ecosystem
(ZDNet, Ed Bott. April 6, 2012)
Malicious scripting attacks are a threat to Web users. A Web site can use a scripting language, like JavaScript, to exploit security vulnerabilities that could allow it to perform installations of spyware or remote control programs.
Firefox, Internet Explorer 7 and Opera have some features to prevent these exploits,
including pop-up warnings that let the user know when a Web site uses scripting.
But these all/nothing controls are not flexible enough.
Cross-site scripting (XSS) attacks occur when an attacker uses a Web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a Web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page. See Cross Site Scripting Open Web Application Security Project (OWASP)
See Cross-site scripting (Wikipedia)
None of the solutions that Web users can take are complete solutions. In the end, it is up to Web page developers to modify their pages to eliminate these types of problems.
However, Web users have two basic options to reduce their risk of being attacked through this vulnerability.
The first, disabling scripting languages in their browser,
provides the most protection but has the side effect for many users of disabling functionality that is important to them.
Users should select this option when they require the lowest possible level of risk. See Malicious HTML Tags Embedded in Client Web Requests CERT Advisory CA-2000-02
A Final Warning
Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller,
more focused attacks on desktop computers. See Symantec Enterprise Solutions - Internet Security Threat Report
One of the most successful "botnets" of 2007 has been "Storm". The Storm botnet, estimated now to contain millions of compromised computers, has advanced defenses. See Cracking open the cybercrime economy (CNET News, Dec 14, 2007)
They normally ask you to navigate to a spoofed Web site (showing a false URL) to provide, update or confirm sensitive personal information. To attract you, they may refer to an urgent situation in your account or a very attractive offer.
Some information that Phishing scams are after: Even if you don't provide what they ask for, simply clicking on the link could subject you to "silent" installations of key logging software or backdoor programs. Many of these sites open spoofing windows to obtain your authorization for an installation. Close them using the X in the upper-right corner of the window. Do not use the controls in these windows; a button can do anything, no matter how it is marked. Consider that a Web page can spoof the contents of both the Address (URL) and Status Bar. See PhishTank (operated by OpenDNS)
See New Windows 10 scam will encrypt your files for ransom (Zack Whittaker, ZDnet. August 3, 2015)
When OpenDNS is unable to determine how to resolve a URL (for example, a typo which is not in our "errors we can fix" list), then OpenDNS provides search results that are the best match for the information provided.
To try it out:
To try it out:
Akamai [a global server network that handles 20% of the world's total Web traffic] on Thursday [May 29 '08] released its first State of the Internet report and found attack traffic - viruses, worms, bots and such - derived from 125 countries, with 30% of that traffic coming from the United States and China. Some of these attacks, which occurred in the first quarter, were from worms like the Blaster back in 2003. Of that attack traffic, the top 10 countries accounted for 75% of the attacks. The surprising hotspots for attacks included Venezuela, Argentina and Brazil - three places not exactly known for their hacking communities. Russia was a no-show.
Here's the chart from Akamai's report, which requires registration:
See Fake App Attack: Misleading Application Suspicious Notification (Symantec - Norton)
The human and technical aspects of cyber threats changed dramatically in 2014. Highly evasive attacks, created from blended techniques, exploited vulnerabilities and opened cracks in old infrastructure standards. The constant evolution of technology development created a completely new set of challenges. The Threat Report by Websense Security Labs, provides advice, actionable intelligence and guidance in dealing with existing and emerging threats, taking into account the need for companies to grow and innovate, while protecting intellectual property and confidential information. There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: human behavioral trends and technique-based trends, to examine who's doing what and how they are doing it.
Download the Report: You will also get access to the recorded webcast events, with our security experts discussing the impact and future implications of these trends and threats. See Websense Security Labs report - 2015 Threat Report
My specialty is Personal Computing and I work as an independent consultant.
Updated: October 14 '15 Castellano: Sección sobre Seguridad de PCs Back: Home Page (PC Security and Updating Service) Messages: Andrés Valencia: Communications |