Leaky ComputersApril 10, 2008 at 1:45 pm | Posted in Computers, Security | 4 Comments
Back in December, I wrote an update on Firewalls and security. When you explore how secure your computer is, new issues that can be exploited come up regularly, hence the regular security updates by all vendors. Many programs have the annoying habit of wanting to check in all the time for updates, especially during your computers boot-up. So we end up turning off or disabling such nags and bogging. But then we have to watch for updates. In a previous post, I talked about keeping your computer current and secure. More recently, i tried the new install version of Secunia Software Inspector (which I again don’t want running all the time). It checks a LOT more software. On my system it found a few old things I had installed to test and forgotten about. They had become albatrosses. And it found more stuff much in need of update. https://psi.secunia.com/ Well recommended.
Its also widely suggested you use a more secure (and less targeted) browser like Firefox. Throw in NoScript and Stop Autoplay Addins and you can control what runs and plays on your computer, allowing only the good guys. Stop Autoplay reduces issues with embedded media like Flash. I also recommend the free SiteAdvisor Addin (for IE and FF) as it will give you a heads up if a site has a history of problematic downloads, spams, and so forth. The bad neighborhood sign.
Stanford University has a little demo page of a recent issue of ‘DNS rebinding’. I tried it out and was fine in Firefox with NoScript. But look with IE and 3 vectors opened. I was telneting in a few seconds, thus opening a command doorway. If you’ve ever used Telnet, you know its a way to remotely access & control a system. If you get a pick list here on this link, you’re vulnerable on a web page thats infected with the exploit. http://crypto.stanford.edu/dns/
I’ve noticed lately that some people are getting more complacent about security – they keep Windows and a firewall and anti-virus up to date. They feel covered, right? Not really. The attackers are getting more sophisticated, using web pages to attack, like the above. They are breaking into name brand web sites and placing their compromised pages to infect you. And they don’t even have to attack the site itself. They can get in through sites that feed the pages, like advertisers, weather, stocks, and so forth. One of my co-workers get a web page virus the other day but she was protected so it was blocked. You may not even realize its happened if you are not properly secured and current.
Just look at all the spam email you get. If this was coming from real sites, they would have been shut down. This is mostly coming from banks of average joe computers that have been compromised and are now used as zombies to spread their warez. The crackers run the computers remotely to do their bidding, taking advantage of the decentralized nature of the internet, and the very low default security of an off-the-shelf computer.
If you’ve not been by recently, you may also want to browse Steve Gibson’s site. The firewall leak test is now an application. He’s a little eclectic. For example, you can sign up for his newsletter but he hasn’t sent anything in years. He also tends to rant a bit and go into very great detail. But he offers some great free tools and lots of explanations. http://www.grc.com/
Computer security is not a huge deal. The rules are just like ‘real world’. Don’t go into any nasty neighborhoods. Be careful when you talk to strangers. And make sure you’re door is closed and locked before you go out. Get your car a tuneup once in awhile. Keeping your tools up to date is simple with the right tools, as I suggest here.
Hopefully, one day soon, Windows will be like Linux. With Linux, it checks all of your applications from one place (there are hundreds), updates any that need it and the most you have to do is restart the network or similar service. No rebooting unless you’re changing hardware. Much faster and easier to stay current.
Have fun. The web is an amazing place.