Free Computer Consultant ………. Daily Insights

There has been quite a bit written recently about the computer software firewall tests performed by Matousec and the results posted here.

I would like to make a number of comments on this topic:

• I do recommend using both a hardware firewall, preferably a top notch true firewall like a Fortinet, but I fully realize that the cost for that is prohibitive in most home environments, and a software firewall. If you value your business however, it’s a no brainer to buy a Fortinet or equivalent.
• I also support the use of a software firewall, which is what the above test results are regarding. Here is where the rub comes in.
• A quality hardware firewall will protect you from the outside (inbound attacks), and can give you good outbound protection if configured properly.
• The software firewall is probably what is giving you outbound protection. BUT, only if the user understands what’s going on. As I and others have written many times, what good is a prompt from a software firewall that says “Program lsass.exe wants to connect to the Internet. Approve or Deny?“. One writer indicated that you have to be somewhat savvy to know what to do with this kind of message. I counter with - Who, including most PC Guru’s, truly know what to do with most messages of this kind? Helpful - NOT!
• Further, specifically regarding the test mentioned above, I draw your attention to a comment by LavaSoft a bit further down the page from those results: “2008-05-20 (Lavasoft Personal Firewall 3.0.2293.8822 scored 70%): Thank you very much for your inclusion of the Lavasoft Personal Firewall 3.0 in the Matousec research. Upon review of the results, we were surprised to find that the Lavasoft Personal Firewall program received a ‘good’ rating and could not be a recommended firewall, whereas our firewall technology partner, Agnitum, received an ‘excellent’ score with recommendations for the same firewall technology. We hope that you will take this under consideration with your next round of research, and continue your good work.Michael Helander
  Vice President
  Lavasoft” The answer, of course, is that the tests weren’t the same of every product! Then how can the results be of much value?
• You can spend all of your working day tracking down the best component of a good computer security suite. Find the best firewall today, it’s the worst (according to someone’s test) tomorrow. Same with Antivirus, same with Antispam. This is particularly frustrating if you have paid products and not free products. The solution is to accept that you will never have the best of everything for long. And never will every reviewer or tester agree which is the best in any category.
• Since your chance of infection of some type, as I have long said, depends in greatest part on YOUR INTERNET SURFING BEHAVIOR, keeping your PC clean has more to do with you than it does the security products you install on it.

My Recommendation:

• Examine your surfing habits, I’ve written on this before.
• Don’t rely on free computer internet security products if you want a fire-and-forget solution. Free requires (IMHO) a bit more savvy and work on your part.
• If you are buying a product, get one that is well respected even though it may not always score at the top of every single test; then only OCCASIONALLY check those test results. They change daily and may be skewed by any number of factors, not the least of which may be a financial tie somewhere.
• Do make sure whatever computer internet security suite or combination of products you use stays up to date. If you don’t understand how to do this then you definitely want to buy a competent product with a free trial and tech support.

Some recommended Computer Internet Security Software (Paid):

ZoneAlarm Internet Security Suite - My novice computer user clients find this easier to use than most

TrendMicro Internet Security Suite - Never scores the highest in all tests, but a long term success story

Lavasoft - This is a personal firewall only, NOT a full suite; also highly recommend AdAware product

Free Computer Internet Security Softare:

For right now I will leave this debate alone. Tempers run high in this area (why? - it’s like Yankees vs Red Sox..) so I will leave that to another post. I have offered many recommendations in the past in other posts and newsletters and will likely update from time to time.

I have said for a long time that the biggest risk to your computer’s health is your own surfing behavior. Now an article at [Yahoo! link now dead] reports on findings by McAfee that, indeed, some domain “extensions” are more dangerous than others.

Of particular note are domains “.hk” (Hong Kong), “.cn” (China) and “.info” (information). Of the .hk sites 19.2% were found to be dangerous or potentially dangerous; 11.8 for .cn and 11.7 for .info.

As a comparison, just over 5% of “.com” domains were found to be hazardous.

Honorable mention for danger are, no surprise, “.ro” (Romania), with 6.8 percent, and “.ru” (Russia), with 6 percent of sites flagged as dangerous.

How about the safest sites? Here McAfee claims that “.gov” (government) at 0.05%, “.jp” (Japan), with 0.1% and “.au” (Australia) with 0.3% are the least risky domains by domain extension.

Pay attention to where you are going. And while I don’t particularly care for McAfee’s internet security software I do highly recommend that you download and use their free SiteAdvisor web surfing safety tool.

Virus Bulletin is a paid service that, among other things, tests antivirus products and rates them according to how well they catch virus, trojan and other malware threats.

They recently released the results of tests run on Windows Vista PCs and included threats known to be circulating in early 2008.

Of those tested, five products scored a perfect 100%.

Want to know what they are?

• Avira Antivir Personal (free for noncommercial use) - I mentioned this one recently in an update to my subscribers. It has gotten a lot of attention lately.
• ESET NOD32 - Been around for a long time; not known for ease of use, but good reputation.
• Fortinet FortiClient - This surprised me; I use FortiClient for secure IPSec VPN’s to client firewalls (Fortinet Fortigate Firewalls) but have never used the antivirus feature.
• Frisk FPROT - Another name that has been around a while.
• Symantec Norton Antivirus - It pains me to see them in this category. In times past they have missed infections that free online scanners have caught. Known for being a resource hog and slowing your computer down.

These five scored a perfect 100, but most names you know scored a 98 or 99.

Keep in mind however, that this is one set of tests. If those same tests were run today (whatever day you read this) you may find a different group in the 100% category. Also, as I noted above, no antivirus program is known for having more problems slowing down your computer or giving you difficulty installing or uninstalling than Symantec Norton Antivirus. I personally wouldn’t use it if it were free and always rated a 100.

The important points are these:

• Do select a quality antivirus program and make sure it is always up to date.
• Do employ a quality firewall, hardware (like the Fortinet Fortigate) if possible, software otherwise. This may or may not come with the antivirus software.
• Do use common sense when using email and surfing the web. I have written about this on my website - look under Computer Security.
• Do NOT engage in illegal file sharing.
• Do NOT act recklessly on social networking sites (myspace, facebook, etc). A news article just came out indicating that’s where hackers are spending most of their focus.

One product that scores very well overall, though not perfect in this test, comes with both antivirus, software firewall, antispam and other features is ZoneAlarm Security Suite from Zone Labs. This product I have found to be much easier to understand than many of its competitors.

The best product in the world can be useless if you don’t understand how to operate it. And these days, any comprehensive antivirus and firewall product will take some level of understanding by the user to make sure it is working properly protecting you.

Like many computer security suites today, you can pay one fee and cover multiple computers. Save $20 when you Download ZoneAlarm Security Suite today
.

And a side trip to Daylight Savings Time

Yahoo just had a story highlighting Symantec’s list of Worst Computer Viruses Of All Time. The story includes a short description of each virus, including some cost figures of damage done.

Many of these viruses were as damaging as they were only because computer users, probably bored at their jobs, exhibited poor judgment and in many cases even violated corporate policy.

I have just updated the Internet Security Software page on my website so you can see how my clients prevent serious problems.

I also have a page about user behavior that is quite pertinent also.

But since the above mentioned Yahoo article talks about cost, has anyone calculated the cost to corporate America to deal with the cost-increasing, not cost-decreasing debacle of Daylight Savings Time, in particular, the costs associated with George W’s 3 week adjustment made in 2007?

I guarantee you that number is STAGGERING; yet it was only political posturing. I saw fallout from that this year on new servers installed and updated in January 2008 that did not automatically get the proper patch from Microsoft.

It’s one thing to suffer at the hands of ne’er do wells, usually in some foreign land who hate American’s anyway, but the Daylight Savings Time debacle was brought upon us by those sworn to look after our well being. And the Daylight Savings Time issue has research going back to 1976 showing that is doesn’t save energy or our environment the way it was alleged to.

With this mornings update (3/5/08), C:\Windows\System32\WUAUCLT.exe (windows update agent) is being stopped by Comodo BOClean as DRP-AGENT.SCK malware.

Is this another false positive like the USERINIT.Exe fiasco of a few weeks ago or is this real?

I posted to Comodo’s BOClean forum and someone else promptly indicated the same thing happened to them. I have had quite a few clients receive this prompt, with at least one selecting “Yes” to BOClean’s offer to delete the file.

As of 24 hours later, Comodo has not chimed in; although my laptop, the first to experience the problem, updated the definition file again around 4pm and then no longer reported the problem.

This is frustrating. Yes, Comodo gives away BOClean for free, but I have a number of clients who paid for it just a year or two ago.

Compound this with the ongoing “file corrupt” message that only goes away if you know the trick (I have a video), and the UserInit.exe false alarm just a short time ago that rendered many PC’s unable to login (and me glad I typically install Windows Recovery Console on PC’s), and I’m about to pull my support of the formerly fantastic product and uninstall from all of my client computers.

Very sad. As another poster commented: “This never happened when Kevin (owner of NSClean who created it) was running the show”.

Software as a service is a generally bad idea that I have written about before.

For those who don’t value my opinion, perhaps you will listen to security expert Bruce Schneier or Marcus Ranum. In Bruce’s most recent Crypt-O-Gram he and Marcus mention how Software as a Service is really a trick that allows businesses to lock up their customers indefinitely.

He specifically mentions the phenomenally popular iPhone which allows only certain companies to provide software for it. And on the other side of the PC - Mac gulf, Microsoft’s Trusted Computing initiative is really another lock-in measure, one touted as a security measure.

Nice to be in good company.

A couple days ago my wife got one of those annoying emails warning of the “Life is Beautiful.pps” powerpoint attachments which, if opened, it warned, would wipe out your entire C: drive. And, and this is the good part, they get your PASSWORD too!

Just so you don’t check it out yourself, at the bottom of the email it says “verified by Snopes.com”. Which of course, it isn’t..Snopes exposes the hoax. So does TruthOrFiction.com. But people don’t check things out for themselves.

It’s a hoax that dates back to 2002.

Your first clue is the “it will wipe out your hard drive”. Very few viruses ever did. Why would they? They want to profit from their work and wiping out your hard drive just doesn’t pay. They want to turn your machine into a spam bot that they control. At least nowadays they do. There have been some malicious, destructive viruses, they just aren’t that prevalent.

My wife of course sent that family an email with a link to both snopes.com’s review of the hoax and truthorfiction’s with the suggestion that they send out a correction to everyone.

With one BIG difference.

We suggested they use BCC (Blind Carbon Copy) instead of the CC that they used on their email. Why? We sent this link also:

Why and How to use BCC.

Bottom line is that not using BCC exposes our email address to spam and gives our address to everyone they know. Sorry, but our email is kinda private - primarily because we don’t like spam.

Making that person look bad

We chose not to make that person look bad and sent our email to just them (She replied instead of “reply to all”). But you know what? They never did send out a correction. Probably didn’t read about BCC either. That’s just rude, IMHO. If I ever send out faulty info, I send a correction as soon as I’m made aware of it. Everyone should.

The next day someone else did a “Reply to All”. Another reason to use BCC. This other person pointed out the hoax for them to everyone else. Makes them look kinda stupid. Much more so than if they would have sent the correction themselves.

But even this second person used CC instead of BCC and the resulting email was such a disaster that I didn’t even look at it the first time. Only when I wanted to blog about how bad it was did I see, clear at the bottom, the purpose for their correspondence.

Folks, I know it sounds like I’m just trying to generate sales, and yes, I do appreciate the sales, but take a look at my email etiquette ebook - I’m still selling it for less than 10 bucks.

Is it worth 10 bucks to not look so inept? Is it worth 10 bucks to have people read your email instead of deleting it on sight?

Check out my email etiquette ebook here.

Want to see what this disaster of an email looked like? Get your barf bag ready…

(intentionally blurred to protect the innocent)

Then, eventually..

here’s the original message: (Direct from Microsoft & Norton! - rrriiiiight!)

>
> Many of you may have already received this – but am passing it along.
>
>
>
> Anyone-using Internet mail such as Yahoo, Hotmail, AOL and so on.
>>>
>>> This information arrived this morning, Direct from both Microsoft
>>> and Norton.
>>>
>>> Please send it to everybody you know who has access to the Internet.
>>>
>>> You may receive an apparently harmless e-mail with a Power Point
>>> presentation ‘ Life is Beautiful’
>>> If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and
>>> delete it immediately.
>>>
>>> If you open this file, a message will appear on your screen saying:
>>> ‘It is too late now, your life is no longer beautiful.’
>>>
>>> Subsequently you will LOSE EVERYTHING IN YOUR PC, And the person who
>>> sent it t o you will gain access to your name, e-mail and password.
>>>
>>> This is a new virus which started to circulate on Saturday afternoon.
>>> AOL has already confirmed the severity, and the anti virus
> software’s are
>>> not capable of destroying it.
>>>
>>> The virus has been created by a hacker who calls himself ‘life owner’.
>>>
>>> PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS, And ask them
>>> to PASS IT ON IMMEDIATELY!
>>> THIS HAS BEEN CONFIRMED BY SNOPES
>
> ———————————————————————-
> –

Then a signature block here with a favorite quote (omitted)

>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.6/1150 - Release Date:
> 11/24/2007 5:58 PM
>
>———————————————————————–
>-
>
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.503 / Virus Database: 269.16.8/1154 - Release Date:
>11/27/2007 11:40 AM
>
>

Then FINALLY, we get to the message that the sender wanted us to know:

This email has been circulating for a long time. Click on the Snopes check below

Snopes.com <http://www.snopes.com/computer/virus/life.asp>

How many people will scroll that far down (past all of that GARBAGE) to read what you have to say?

Which is why I prefer to put my reply at the top, and if the person needs to read the history, they can keep reading.

But do you see what I mean?

Enough said.

Good news for privacy advocates and Skype users. In fact, this is likely applicable to most VoIP telephony solutions.

German Police report that they cannot decipher the encryption used by Skype to monitor calls. One of the problems is not just the encryption, but the way in which VoIP calls are conducted. Skype and other VoIP calls are broken into small data packets and routed over many internet paths and routers to get from one end to the other.

This means that Police really need to have access at the source, before the encryption preferably, in order to monitor the call.

I’m sure they’ll be working on that. They likely will be trying to install Trojan Horse programs on the originating PC of the suspect. In the U.S., I think that would fall under the category of a clandestine entry of the property.

Read the full story here.

Comodo’s BOClean is quite adept at fighting Trojan Horse programs, and it’s free.

I had a discussion yesterday with a client about security and trusted third parties. The point I am always trying to make is that when you trust a company, you not only trust them, but every employee they have. Think about that before trusting.

Related in a different way is an article in Wired titled Encrypted E-Mail Company Hushmail Spills to Feds. Hushmail provides secure web based email in that it normally is encrypted with a Java client on your PC and decrypted at reader’s PC. Hushmail servers only see encrypted data.

But that method is slightly inconvenient, so Hushmail offers another option. With the other option, the encryption key is known to the Hushmail server for a short time. You really need to read the article to understand the full details, but the bottom line is this: convenience will cost you security.

Is anyone surprised by this?

I was at a conference recently where I was discussing secure communications with a person who has ties in high places. He assured me that no level of encryption is more than a slight inconvenience to the Feds. This article, to me, indicates otherwise.

But just sending encrypted data is a red flag that says “look here”. So weigh those options before encrypting anything. Unless of course you have a high volume of junk you can encrypt to act as red herrings.

The real Federal Trade Commission is warning email users NOT to open emails that appear to be from frauddep (at) ftc.gov. These emails contain a virus that is designed to steal passwords and account numbers.

It isn’t hard to spoof, or fake, the return address of an email. This has been done before with the FBI, CIA and other .gov addresses.

As usual, don’t open suspicious emails of any kind. If the government wants to talk to you, they’ll be happy to break down your door in the middle of the night, not send you an email.

Further info is available at this government computer fraud website.