Windows Tips and Tricks

The Microsoft site has many pages with computing tips. Some are very elementary and not very useful but there are also some helpful ones. Among these is the article Computer viruses: description, prevention, and recovery. It includes a list of possible symptoms of a virus infection. (The term “virus” is used here to denote malware of all types.) The list is not a definitive check on whether you have a virus; you can be infected and still not show any obvious symptoms. Your system can also display one or more of these symptoms from some cause other than a virus. Nonetheless, it is a list worth keeping in mind:

Symptoms of a computer virus

• The computer runs slower than usual.
• The computer stops responding, or it locks up frequently.
• The computer crashes, and then it restarts every few minutes.
• The computer restarts on its own. Additionally, the computer does not run as usual.
• Applications on the computer do not work correctly.
• Disks or disk drives are inaccessible.
• You cannot print items correctly.
• You see unusual error messages.
• You see distorted menus and dialog boxes.
• There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
• An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
• An antivirus program cannot be installed on the computer, or the antivirus program will not run.
• New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
• Strange sounds or music plays from the speakers unexpectedly.
• A program disappears from the computer even though you did not intentionally remove the program.

Criminal activity through malware is a big business these days and an interesting (if depressing) review of the security scene is at Computerworld. Here’s an excerpt:

In contrast, today’s malware causes less overt havoc but far more deliberate harm. Most 21st-century crackers aren’t making malware to show off their skills or wreck systems for the sheer malicious fun of itall. They’re making malware that hides in your system so they can use your personal information and PC resources to make money. Welcome to the era of capitalist hacking.

In response, the security vendors come up with anti-malware programs, and we’re locked into a seemingly endless battle between crackers and the defenders for the safety of our networks, our computers and our personal information. At the moment, it appears the bad guys are winning. There’s more malware than ever before.

As indicated in the previous post, creating and marketing malware is becoming an organized industry. InfoWorld reports on the growing problem:

The latest iteration of Symantec’s Internet Security Threat Report — covering its research over the final six months of calendar 2007 and released on Tuesday at the ongoing RSA Conference 2008 in San Francisco — finds that malware authors and the ecosystem of constituencies supporting cyber-crime are advancing the sophistication of their efforts at a staggeringly expeditious pace.

From the groups of exploit developers marketing malware toolkits to aspiring attackers to the people buying and selling stolen credentials, the entire landscape of electronic crime is taking off and increasingly resembles the security software community that is working to thwart it, Symantec researchers said.

Symantec says that there is now more malicious code being created worldwide than there is legitimate software.

When I first saw this article at Ars Technica, I wondered if it was a hoax. It’s not April 1 so maybe it’s legitimate. It begins:

Selling botnets for particular attacks, black markets for stolen identities, and malware construction kits are all now par for the course for the increasingly commercial malware industry. Discovering that malware authors have actually turned to End-User License Agreements (EULAs) in an attempt to protect their own intellectual property, however, most definitely qualifies as something new, different, and beautifully ironic.

More about this irony is at Symantec.

The wide-spread infection of Web sites continues. Information Week reports:

On Friday, U.S. CERT issued a warning about SQL injection attacks that have compromised a large number of legitimate Web sites. Affected Web sites contain injected JavaScript that attempts to exploit several known vulnerabilities. U.S. CERT recommends disabling JavaScript and ActiveX.

Because otherwise legitimate Web sites deliver this attack, SAN Internet Storm Center handler Donald Smith observes that the concept of a “trusted” or “legitimate” site is no longer meaningful. The attack has reportedly affected the Web sites of the United Nations and the U.S. Department of Homeland Security, to name a few.

On Thursday, computer security firm F-Secure said that it had found the offending JavaScript code on over half a million Web pages. The company said that IT administrators should immediately block nmidahena.com, aspder.com, and nihaorr1.com, three domains associated with the injection attack.

Google (NSDQ: GOOG) may have taken some action to remove some of the affected pages from its index. A Google search for a text string associated with the malicious JavaScipt now yields only 56,700 results. A screenshot of what is presumably a similar Google search — the exact string is blurred — performed by F-Secure last week shows 510,000 results.

A search using the same text string on Microsoft’s Live Search returns 268,000 results. Yahoo Search returns 560,000 results for the text string in question.

If disabling JavaScript seems too drastic, at least watch out for Web sites that use pages created by Microsoft servers. They have the extension ASP or ASPX. This particular infection is presumably not in pages with ordinary HTML or with PHP extensions.

Normally legitimate sites continue to be hijacked and infected with malware. It’s all part of a growing problem with JavaScript. Gregg Keizer reports at Computerworld:

Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March resume.

It’s getting to the point where I am putting up with the inconvenience of disabling JavaScript (and it is inconvenient). Fortunately, the extension “No Script” for the Firefox browser allows for control over individual sites. Still, you don’t know who to trust anymore.

More details are at Websense.

Beware of something called “XP Antivirus Protection”. It is a fake anti-virus program that will install spyware on your system. More details at The Blade.

The details of the infected Flash ad that appeared on the USA Today site that was mentioned in the previous post can be seen at this Websense link.

The problem of malware infected ads in normally respectable sites is growing. Windows Secrets reports on this serious problem:

A Flash-based advertisement that appeared last week on the USA Today site downloaded malicious code to users’ computers, generating erroneous warnings of a malware infestation and offering a phony solution.

The Flash vulnerability is so widespread that such “malvertisements” may be present on thousands of sites, but there are measures you can take to reduce your exposure.

To defend yourself, it is imperative that you update your Flash plug-in as mentioned previously. This is not sufficient to block all possible problems, however, and an alternative is to turn off Flash completely. I browse with Firefox and the NoScript extension. I also have the IE7Pro add-on for Internet Explorer. Both of these plug-ins allow you to turn Flash on or off selectively. If you visit sites such as YouTube, be aware that the videos are in a Flash format and can be infected as well. The Windows Secrets article describes one way to view YouTube offerings with more security.

The sad fact is that there is no fool-proof defense against Flash problems at this time except to disable Flash. Since even trusted sites can be infected, I am currently avoiding Flash.

Addendum: Note that certain financial institutions and others use Flash cookies as a way to identify your computer. Disabling Flash entirely may cause logins to these sites to require entering additional information each time.

Readers of this blog will not be surprised to hear that ActiveX problems account for the large majority of security holes in Internet Explorer plug-ins. Greg Keizer writes about a new Symantec report:

ActiveX controls accounted for an overwhelming majority of all browser plug-in vulnerabilities in the second half of 2007, Symantec Corp. said this week in its semiannual Web security report.

Microsoft Corp.’s technology, which is used to create add-ins for Internet Explorer, accounted for 79% of the 239 plug-in bugs discovered between July and December of 2007, Symantec said. The plug-in with the next-highest number of flaws was Apple Inc.’s QuickTime, which had just 8% of the six-month’s total.

Note the statistics for the Firefox browser:

Only one vulnerability in a plug-in for Mozilla Corp.’s Firefox browser was detected in the same period, meaning Firefox’s extensions — the moniker Mozilla Corp. uses for plug-ins — accounted for only 0.4% of all flaws found.