Contact Information

  • Mickler & Associates
  • Vancouver, WA
  • Voice: 360.601.0818
  • Fax: 360.397.0468

A Simple Approach to Managing Malware

Written on August 31, 2006  |  by RP Mickler  |  Leave a Comment Leave a Comment  |  Bookmark and Share

Malware is “Malicious Software”.

Malware reflects a range of software programs like viruses, trojans, spyware, active content, and attacks. Its purpose is to cause harm to a computer system.

Numerous Malware scanners on the market; some are free, some are conducted via the web, some are downloaded and installed on your computer. Scanners identify potential threats and attempt to eliminate them after the malware has been installed. More proactive tools attempt to create a real-time barrier between your computer and the malware itself – a tool that runs, stays resident in the computer’s memory, and prevents attack or infection like a shield.

Scanners detect infection and attack; agents prevent infection and attack.

What’s unfortunate, of course, is the imagination of the hacker to create what would appear to be a free malware scanner on the web only to have it be a piece of malware itself, or a launch mechanism to introduce new malware into your system.

There are plenty of debates about which scanner is most effective at detecting threats and preventing threats. To the lay-user, these arguments may sound a bit meaningless: this, that, or the other thing – who cares! Just protect my computer system. I’d like to speak to that audience right now. For a no-hassel approach for the small business or personal computer owner running WindowsXP Service Pack 2, here are my recommendations to address Malware.

1. Make sure WindowsXP SP2 is installed. To verify this, right-click on your MyComputer icon and select Properties from the context menu. On the General Tab of System Properties, the System section will display the license for Windows. Service Pack 2 should be under the System Section. If it isn’t, download it now through running http://update.microsoft.com.

2. Make sure the Windows Firewall is enabled. Under the Control Panel, double-click the Windows Firewall icon. Make sure the option is turned on. You can leave the “Don’t Allow Exceptions” checkbox to remain blank.

3. Download Windows Defender Beta 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en). Run and install this update.

4. Verify that Automatic Updates are turned on and scheduled. Under the Control Panel, find AutoMatic Updates. Enter the applette. Put the setting to automatic and the time to around 1am-4am, your choice.

What this will do is create a full-time barrier of security around the computer that runs transparently to you with services that are native to Windows. Your system will run a personal firewall to protect your system from attacks, intrusion, and worms like Blaster that took advantage of open NetBIOS ports (135-139). Further, with Defender – a running agent – the Windows system will run an active agent to prevent you from accidentally installing malware classified as adware and spyware, and will detect and eliminate these things from your system. Finally, the system will self-update without you having to do anything about it.

To further protect your system from malicious threats, I would also recommend:

1. Uninstall any 3rd party toolbars. Yahoo!, Google – anybody that offers you a toolbar is attempting to give you features in exchange for tracking information about you. Less reputable companies and software (Gator, Morpheus, etc.) will also install toolbars that actually become launchpads for malware. Uninstall these things and don’t look back – they’re conveniences that bypass traditional controls that can harm your computing experience.

2. Uninstall any 3rd party spyware and malware application. Yes, those who appreciate Spybot and others will probably take offense to this, but 3rd party tools are simply not as effective as native operating system services. Third party products may be useful to the techhead to explore granularities in their malware defense, but for an average PC user, my assumption is less-touch, more-transparency. These tools, in my opinion, only compound threats and may be portals for malware to be introduced to your system.

3. Uninstall any 3rd party TSR’s (Terminate and Stay Resident). These are applications that may provide you weather on your system tray, or, rotate your desktop wallpaper, or, adds a bit of flavor to your email messages. Each of these pretty conveniences and features come at a price: your privacy, and again, may even be launch vehicles for worse behavior.

4. Uninstall any 3rd party music (P2P – Peer to Peer) applciation. Kazaa, Morpheus – get rid of them. These applications allow others to access sections of your computer to participate in P2P networks, and install applications like Gator to send you advertising. If you must have a music application, try reputable brands like Apple’s iTunes or Rhapsody from Real Audio.

5. Turn off 3rd party personal firewalls. I recommend this even for my Norton Internet Security users. Why? Because it’s almost too complicated and restrictive for a lay-user – these products can actually accidentally inhibit the user’s online experience and are redundant to native services now offered by Windows. Again, the techhead may be interested in a granular approach to personal firewall security, but in my opinion, the lay user doesn’t require this – a simple transparent filter works fine. Coupled with a network firewall on the router/connection to the Internet, the PC is reasonably protected and at the benefit of less processing power – some people run a 3rd party personal firewall, Windows’ native personal firewall, and a network firewall on their router – overkill, and a recipe for frustration.

6. Do run antivirus software. Particularly software that scans email. Try to find a package that can both examine email and examine spyware threats within the browser, and, instant messaging environments. Stay current on this kind of package.

7. Do enable Pop-up blocking on your browser and keep it activated.

Again, this strategy is for the common user who uses their computer but doesn’t want to get involved with the intricacies of maintaining their computer. The approach is reasonable: software will work, the services will be transparent, updates are automatic, and the PC will be protected against common microcomputer security threats. In my opinion, this is a decent strategy for small businesses who are not using Group Policies from Small Business Server to control many of these aspects of their computing environment from a centralized perspective; if you do use Small Business Server, you can influence all of these configurations more efficiently through Group Policies that push these configurations onto your client computers.

In my opinion, the best strategy for the lay user is a common-sense strategy of leveraging operating system components. This fall, look for Microsoft to release the next version of its Internet Explorer browser (version 7) which will also offer another layer of protection from scams, attacks, and phishing. And in the next year, look for Microsoft to get into the anti-virus business – embedding an antivirus package into Vista so you don’t need to invest in 3rd party malware scanners and sweepers.

Microsoft’s long-term strategy is similar to my thoughts: regular end-users should not be bothered with security settings, threats, and countermeasures; the security system should be transparent to their experience online. Try these tricks out if you believe the same.

Good luck!
R
CISSP MCSE
www.micklerandassociates.com

iPod Hacking

Written on August 29, 2006  |  by RP Mickler  |  Leave a Comment Leave a Comment  |  Bookmark and Share

A bit of iPod hacking today.

I was attempting to fix a problem with my Nano and ran across an interesting site on hacking the Nano:

http://www.makezine.com/blog/archive/2005/09/how_to_ipod_nan.html

Central to the article is a firmware updater called iPodWizard from iPodWizard.net:

http://www.ipodwizard.net/showthread.php?t=8951

…and a tool called iHack:

http://www.ipodwizard.net/attachment.php?attachmentid=2302&d=1120841578

…which apparently converts alphanumerics to hex.

The screenshots on iPodWizard suggest a hex editor capable of redressing some of the stock messages and o/s responses on the iPod, allowing you a bit of customization over the iPod’s narratives. It also allows you to customize fonts and change the graphics on the iPod.

Not for the faint hearted, toying around with the firmware on the iPod could result in catastrophic loss of your music, so make sure you’ve synchronized recently and are prepared to restore the firmware from Apple’s site with the iPod Updater:

http://www.apple.com/ipod/download/

In a way, this gives you an out: if you make a big mistake, you can always just reset the iPod and reload the firmware.

Great for the teen who also likes to show off their understanding of cheat codes at the video game console (grin).

R
www.micklerandassociates.com

Looking at the IM Threat

Written on August 21, 2006  |  by RP Mickler  |  Leave a Comment Leave a Comment  |  Bookmark and Share

Battle Ground Chamber of Commerce
THE THREAT OF IM
Prepared by Russell Mickler, CISSP MCSE
Principal Consultant, Mickler & Associates, Inc.
© 2006. All Rights Reserved.

About the Author:

Russell Mickler works a technology consultant in Battle Ground, WA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, and a Masters Degree in Information Technology. His website can be found at www.micklerandassociates.com and he can be contacted at 360.600.9508; mickler@micklerandassociates.com.

Not sure what IM is? Instant Messaging (IM) is big. IM is facilitated by products like Yahoo! Messenger, AOL Instant Messenger, and MSN Instant Messenger. A recent study by the Gartner Group in 2005 identified instant messaging as surpassing email as the primary way people interact electronically; more than 85% of all enterprises report using IM for business. Chances are your employees use IM products every day for personal and professional correspondence.

Unfortunately, the market is moving so fast in adopting IM that security mechanisms to protect your network haven’t caught up. IM is a complicated threat to the confidentiality, integrity, and availability of your company’s information system because of what it is: IM is an application that allows direct access to a computer. IM not only provides a way to exchange text messages, but it can also be used to share files, transmit screenshots, and even take over your computer.

Furthermore, IM can provide an easy backdoor for worms and viruses to infect a PC.
IM bypasses the safeguards introduced by your firewall – piggy-backing on traffic reserved for your Internet browser – which makes it easy to use but difficult to filter out. IM also bypasses the security of your anti-virus software which is programmed to look only at files and email, not instant messages, as a potential threat. In fact, Symantec – the manufacturer of Norton Anti-Virus software – claimed that IM and peer-to-peer applications were in seven of the top 10 threats to corporations in 2004; they also IM identified that threats are growing at 100-percent every six months. And that was just in 2004.

This kind of exposure can concern anyone with intellectual property but even more so regulated industries (medical, financial firms, education, pharmaceutical, and law) who may take great care to monitor inappropriate conversation by email but are totally missing IM.

Ideas for handling IM in the work place:

1. Block it. The most effective way – albeit the most painful for end users – is blocking instant messaging on your firewall or proxy server to deny its use on your network.

2. Remove it. Also effective but very painful, removing the applications and preventing their installation on client workstations.

3. Encrypt it. If IM must be used, make sure to encrypt the traffic – this is usually an option in the IM client software. Also check the vendor’s website on how to secure the IM client software for corporate use.

4. Upgrade it. Upgrade the IM client software to the latest version. IM software vendors like Microsoft address these vulnerabilities as soon as they can. In fact, there is a new and more secure version to Microsoft’s MSN IM at http://get.live.com/messenger/overview.

5. Audit it. Make sure the IM client software is not set to share the contents of your computer’s hard drive or network drives.

6. Set a policy on IM. Management can take ownership of this issue by placing a policy over IM use in the workplace.

7. Keep your antivirus product up-to-date. New features to handle instant messaging vulnerabilities are being introduced in the next year.

Instant messaging represents a new frontier in securing the corporate network. It is popular and easy to use; users can casually download and install it at will. However, there’s a threat in such convenience – it is also the area most likely area to see an attack from an outside party. A few good precautions may be able to contain liability and spare you a few headaches in the long term.

R
www.micklerandassociates.com