For those who aren’t tech savvy, the word “source code” refers to the so-to-speak “recipe” for the development/creation of a program.  It is literally the instructions that are more or less written by computer programmers.  This kind of information is proprietary and is often a trade secret, much like the coveted ingredients list for Coca Cola or my moms apple pie.  If one were able to obtain such information, say a competator or the creators of compuer viruses, one might use this information to one-up the software or, more importantly, exploit design flaws to circumvent the software.  In short this means it is quite likely there will be a new breed of viruses on the horizon that will be capable of outsmarting Norton, rendering it useless and crippled.

Symantec has been trying to downplay the severity of this breach by stressing the age of the code, stating that the origin is a version of their software that dates back to 2006, or so we’ve been told thus far.  This is an attempt to defuse the concern by implying that their latest software is far different at its core and that there won’t be very much that is useful to virus writers because they still don’t have their hands on the latest blueprints.  But the reality of the situation is far less peachy than they would like to paint it.  In the world of computer programming software and even entire operating systems will retain a fair chunk of old code from previous versions simply because, well, it’s already been written and if it “works” then there’s little need to rewrite it from scratch.  I’m not saying source code is never rewritten, revised or updated from time to time, but when it comes to large programs such as Norton Antivirus that’s made up of tens of thousands of lines of code it could easily be argued that there is likely a good percentage of old code that has been retained for years without ever being modified.  It would be like having a castle or fortress that is under continuous construction and maintenance.  You can’t afford to tear the whole thing down every year and rebuild it from scratch, so instead what you do is build around and upon the existing structure and make repairs to the parts that need repairing the most.  This means that likely most of the fundamental structure is retained and knowledge of the construction of such a structure could be used by an enemy to find a previously unnoticed vulnerability.

In the interest of full disclosure I will have to admit that Norton hasn’t been on my list of recommended software since the late 90s when it was practically the only anti-virus software available.  It’s early bird status was followed by years of successful marketing and advertising, which lead to its continuous wide spread recognition of the software/brand name, giving the impression to novice computer users that Norton really is the best thing out there.  ”How could it not be good when its so popular?” they might ask themselves.

I am here to tell you that the number one problem I fix for people in this line of work is virus removal and far too often I see systems that are running Norton that have become utterly trashed by multiple viruses while Norton gives inaccurate scan results, claiming the system is clean and virus free.  This is particularly irksome to me because when you consider the wide spread saturation of their software along with the monetary cost to the users for the renewal every year you would have to expect the company to use their position and resources to everyones benefit.  Despite its wide spread usage and price tag it fails to survey new viruses and develop new definitions for capturing and stopping them in an effective manner and so many users never seem to get their moneys worth.  I am willing to give the benefit of the doubt and accept the fact that there is no such thing as a “perfect” antivirus software, but you should expect to be given better treatment and results if you’re paying upwards of $70 a year for protection, especially when there are free alternatives out there that have been statistically shown to do a comparatively better job.  And to think these kinds of problems existed before some of their source code leaked.  Now that some source code has leaked and the potential for new viruses to be developed to exploit Norton itself are likely right around the corner I feel obligated to suggest that people avoid using it all together.  No amount of marketing or PR can change the consensus of most IT professionals who can see past all the BS and to me this incident is more than just one more nail in the coffin.

So what do I recommend instead of Norton?  I mentioned that there is “no such thing as a perfect antivirus” but there are alternatives that hold a higher reputation than Norton that cost a fraction of what Norton costs or even nothing at all.  In past blog entries I’ve mentioned Microsoft Security Essentials, Malwarebytes and Combofix and still recommend them, so here’s a little information about them.

Microsoft Security Essentials is a free antivirus solution that Microsoft itself actually produces and it’s quite popular in the IT community right now for a couple of reasons.  I already mentioned that its free but it is also effective and not as resource intensive as other software.  There’s also a new stand-alone bootable version of it that’s going through public beta testing right now which is handy to have for particularly difficult viruses.  You can read more about it here.  Be aware that there has, in the past, been a rogue malware impostor simply called “Security Essentials 2010/2011/2012″ which people have confused with the real deal, falling victim to a trap.  You can download the real deal from here.

Along side MSE I also recommend users purchase the full copy of Malwarebytes for the one time payment of $25.  Some of the handy features it has is an active connection monitor which will automatically block your computer from attempting to connect to known malicious web servers.  It also features an active process monitor like a traditional antivirus and will help prevent a good number of rogue malware type software from infecting your system.  There is a free version of this available but its active monitoring features are disabled. I’ve been using it in the field for over 2 years now and it has worked incredibly well for helping clean systems that had already become infected.  You can read more about it here and download/purchase it from here.

Finally a tool I use quite often to help clean systems that have already become infected is a program called Combofix, which is free.  This isn’t so much a traditional antivirus that runs in the background as it is a stand-alone utility for scanning a system after it has become infected.  It is regularly updated so it’s best to not bother downloading and using it until you actually have to.  You can read more about it here and download it from here.

In conclusion I strongly advise my clients to not use Norton Antivirus because it’s one of the most over-hyped, over-priced products out there right now and with the news of parts of its source code being leaked it only stands to become an even less effective product that will do less to protect you than other cheaper alternatives out there.

Speaking of alternatives, there is always the option of picking an alternative operating system such as Linux.

Linux is a free open-source OS that comes in many flavors.  We are already seeing Android being adopted by smartphone and tablet users like crazy and it is just one example of a Linux based OS that is taking the world by storm.  But for desktop and laptop users there remains a need for a full fledged desktop OS and there are many out there to choose from.  My personal favorite is Ubuntu Linux which you can check out at ubuntu.com.  It’s not for everyone but I can easily say that it is a very ideal choice for the average user.  Keep an eye out for future posts; I intend to record a new introductory video for Ubuntu 12.04 when it is released this coming April.

• Kaspersky TDSSKiller
• Avast Anti-Rootkit

I don’t write blogs much these days but if there’s one thing I’ve learned about writing blogs the golden rule is to make them useful and valuable to people.  As a sort of philanthropic gesture I am now going to reveal a few tricks I use in the field when repairing systems that have already become infected with viruses or malware.  Perhaps these tips will save you some money during these dark economic times.  I can’t promise that these tips will work for you but for the DIY user who’s not afraid to get their hands dirty, it might prove to be very useful.  So lets get right to it:

Phase 1:  Safe Mode (with networking?)

Almost every version of Windows out there (from Windows 95 all the way up to the most recent Windows 7) have a hidden menu you can access at boot that gives you access to a diagnostic profile called Safe Mode.  Safe Mode is a sort of back door mode into Windows that loads the absolute (or nearly) bare minimum of device drivers and background services.  It’s sort of a bare bones environment that is suitable to start your repair from primarily because most viruses aren’t auto-started by the system in this mode, but it’s not perfect.  More on that in a moment.

To access Safe Mode you need to press the F8 key on your keyboard at a VERY specific time.  Typically when you turn your computer on you’ll see a screen that either has the logo of the manufacture of the PC or perhaps some generic startup relating to your BIOS.  At some point that all goes away, your screen will be black for about 3 seconds, and then Windows will proceed to boot with the little scroll bar loading away.  It’s during (or just before) that 3 second window of blackness that you need to start tapping the F8 key.  If done correctly, you’ll be presented with a menu that looks like this:

You’ll use the arrow keys on your keyboard to move the highlighting selector bar.  Typically I will select Safe Mode With Networking, as this allows me to access the Internet and download utilities as well as give these utilities access to definition updates for itself later.

After you select Safe Mode With Networking and press Enter your screen will be bombarded with a slathering of strange and mysterious words…

Don’t worry, this is normal.  (Note: If instead of this screen above you get another menu asking what version of Windows you want to boot, just press Enter again).

Eventually you will get to the familiar blue colored user login screen and you might see an account called Administrator shown there that you’ve never seen before.  If you do, go ahead and select it to log in as “Administrator”.  Otherwise, select your own user name.

Once you’re logged in you have a few options you can take.  The safest way to get started is to actually bring a copy of your utility software with you on a thumb drive or CD to install it from, instead of downloading via a web browser.  The reason it’s not a good idea to try and download via a web browser is because a lot of viruses tend to wrap themselves around a browser’s EXE file so that when the browser starts, so does the virus.  This could potentially happen with a lot of other software so it’s best to try and resist the temptation to run any programs except for the cleaning utilities we’re about to install.

Phase 2:  Cleaning

There are only three pieces of software I typically use with great success in the field for removing viruses and malware.  They are:

• Malwarebytes
• Combofix
• Microsoft Security Essentials

All of the above are free with the exception of Malwarebytes, which functions with all its features on a 30 day trial when you first install it (note that you will see an error message appear when you tell it to start the trial while in Safe Mode; this is normal and you can ignore the error by clicking the OK button when it appears).  To keep the full version running you have to buy it for the low one-time payment of $25 and I strongly recommend it.  Apart from these three the only other tool I use is Google, which I’ll use to lookup exact phrases found within suspicious malware to see if I can find other people talking about that particular virus somewhere online and hopeful discover what unique thing they did to remove it.  Fair warning:  Your mileage may vary.

I typically start by installing Malwarebytes first (however I have had one experience where I wasn’t able to do this until after I ran Combofix so you might need to flip the order of these two tasks), applying the most recent update for it and then running a full scan, removing all infected objects it finds.  A typical scan can take around a half hour to do.  When it’s finished, you just need to click the “Show Results” button and then make sure the results listed all have check marks next to them and then click “Remove Selected” in the bottom left.  If an object doesn’t have a check mark when you first view the results it means Malwarebytes thinks it could be a false-positive result.  Use your best judgment and google to determine if either the file is malicious and/or if the file is a necessary part that can be removed without grief.  A reboot will likely be required when it is finished.  Be ready to hit F8 again when you do this so you can come back into Safe Mode and continue your work.

One thing I’ll often do while I’m waiting for a Malwarebytes scan to complete is take a look at the MS Config utility and see what items are enabled to auto-start when you boot into the system.  To access this, click Start, then click Run (or just click into the search box if you’re using Windows 7) and type in “msconfig” without the quotes into the box and click OK.  Then click the Startup tab at the top.

In this startup list are programs that are told to run right away when you first log into your system.  Almost all of these items are non-essential and to be on the safest side you could probably get away with unchecking all of these items, but that’s usually overkill and might rob you of some convenient feature you’d like to have.  Look carefully down the list for items that have empty path names, or very bizarre characters in their name… I have to admit that at this point experience with this stuff comes in to play.  If you don’t know what something is you could look it up by name with google on a separate computer before deciding to uncheck it  Alternatively, you could use the uncheck-all-the-things strategy and then go back later to add check marks back into the few items you know you need enabled.  You can also check out the Services tab which is to the left of the Startup tab, check the box that says “Hide all Microsoft items” and then use the same judgment to decide if there are third-party services running in the background that don’t need to be.  Google is your friend here for helping to determine if a service is useful or not.

Another thing I’ll do while waiting for a scan to complete is open the Add/Remove Program (Programs & Features) applet from the Control Panel to view all the software that’s been installed on the system.  I target toolbars of any kind first, next by software that is unfamiliar to the user.  Again, google is a useful reference here because you don’t want to remove something that’s known to not be malicious.

The next step is to run Combofix which you can find a tutorial about by clicking here.  It is pretty strait forward:  double-click on the combofix.exe file that you downloaded and follow the on screen instructions.  It’s own scan will also take about 30 minutes or so but it is very sensitive so once you kick it off, don’t touch the computer until its finished.   There is almost no interaction required with the software and it will automatically remove anything malicious it finds, producing a log with a lot of interesting jargon at the end that you can forward on to an expert for further analysis if you’d like.

After all this I’ll typically reboot the system and let it boot normally and then install Microsoft Security Essentials, running a full scan with it right after and checking to make sure the trial mode has been enabled on Malwarebytes.

If all of the above didn’t work, something I’ll try next is to reboot back into safe mode and use the control panel to create a new user account, then log off and log back in under that new account and repeat all the same steps above.  The reason this might help is because viruses tend to damage registry entries for accounts that existed when it found and infected the system.  Because we’re creating a new account in an environment that hopefully didn’t auto-launch the virus, we can then create a fresh account with it’s own default settings and preferences that hopefully won’t be manipulated by the virus.  This kind of problem could also be reversed using the System Restore utility but I’ve found that a lot of times (not always) I try to use this utility none of the restore points are any good.  I wouldn’t be surprised if previous restore points are destroyed by certain viruses making it even more difficult to undo the damage done.  In situations like that I’ve occasionally just created a new user account and migrated all the important user data (documents, etc.) from the old account to the new account, deleting the old one in the end because it’s irreversibly broken.

One last tip I’ve run across in a training video for a competitor of mine who will remain unnamed is to shut the system off by force instead of doing a soft reboot during this cleaning process.  In other words, hold the power button down for 5 seconds and then turn the computer back on after 20 seconds.  The reasoning behind this is that there are a few viruses out there that alter the shutdown script of events that take place during an ordinary shutdown and one of the events it injects into the script is to reinstall the virus during shutdown from a rogue location, as a Plan B so even if the live version of the virus is caught and removed it might be able to recreate the file from an encrypted copy of itself elsewhere.  If you decide to do this my only advice would be to backup the entire hard drive before doing so.  It’s technically dangerous… but probably not THAT dangerous… it’s best to remain on the safe side and not use shortcuts.

Finally a word about a couple of common viruses in particular I’ve run into in the last year:

A few of these viruses going around exhibit the symptom of making all your files and shortcut icons on the desktop vanish.  This is often done with a combination of changing the file attributes to enable the hidden flag, or by moving the files to a hidden location.  It is sometimes also conjoined with malware that tries to frighten you into thinking your hard drive is on the verge of failure, or at the least, claims to be antivirus software itself.  The goal of all such attempts is to get you to give up your credit card number.  Please don’t.

I’ve had great success removing the virus that causes these files to go missing but after it’s been removed it’s not always so easy to reverse the damage and restore the missing icons.  Fortunately there is one program out there that, for the most part, has been able to do this for me very simply and it’s simply called “Unhide”.  Use this program after going through all the above steps to be sure you’ve removed traces of the virus and hopefully it will get all of your stuff back for you.  You can download Unhide from here.

One other common symptom I’ve seen certain viruses exhibit is hijacking certain registry entries to alter file associations, specifically one which makes your computer forget what to run EXE files with, asking instead what program you’d like to open another program with.  I have found that in Windows 7 one trick of working around this is to right-click on a program shortcut and then click Run as Administrator.  This uses a separate registry association which hopefully has not been affected by the virus.  Using this Right-Click>Run as Administrator trick you should be able to run your scanning utilities like Malwarebytes and Combofix from within Safe Mode.

Phase 3: Prevention

Now that we know how much of a pain these kinds of viruses can cause we should talk a little about where they come from and the different ways they can end up on your computer.  I wrote a much longer blog about this topic which you can read here.  Basically it boils down to this:

• Make sure you install all available software updates for Windows itself as well as 3rd party software and plugins like Adobe Flash, Acrobat and Java (among others).  Updates are your friend and help to patch recently discovered security vulnerabilities.
• Pay attention to links people send you in emails.  It’s quite possible their email account has had its password stolen and is being used by a robot to send spam email with links to malicious websites out to everyone in their address book.  Warn your friends if you suspect their account has been compromised and suggest they change their email accounts password before following the steps above to attempt to remove a potential infection.
• Use good anti-virus software.  As recommended above, I prefer MSE and Malwarebytes.  Combofix is only to be used as an emergency utility; it doesn’t have a real-time monitoring feature.
• Consider using a software firewall to block unwanted inbound traffic and unexpected outbound traffic.  Zone Alarm Free is an excellent choice for this.
• Use an ad-blocking plugin to further reduce the chances of a virus sneaking in through a flash-based advertisement.  Ad-Block for Firefox is a great option.  You can also get it for Google Chrome from here.
• Along with these plugins, consider using a better browser.  Mozilla Firefox and Google Chrome have both become superior to Internet Explorer, especially in terms of security.
• Avoid installing “toolbars” for your browser.  If you install one by accident, disable it in your browser or better yet uninstall it via your control panel.
• Avoid using P2P file-sharing software like Frostwire or MP3Rocket.  These methods of file sharing do not have any form of user moderation and anybody can wrap a virus inside a file then name it something innocent/sensational looking to trick people into downloading it and installing a virus.
• Consider adding a parental filter to your computer; you don’t need kids for this.  Having a web filter like K9 Web Protection can be helpful to block your computer from accidentally trying to connect with a known malicious server.
• Lastly, though this is too extreme for most people:  Consider switching to Linux on your desktop.  Linux is free, open-source and is even more secure than MacOS.  Seriously.

I hope this advice has been helpful.  Please leave comments or suggestions about other tips and tricks you use to help remove malicious software in the comments section below!

These problems don’t strike me as novel or very interesting, mostly because you expect to see them occur at SOME point in time and at random.  Electronics wear out, lightning can strike at any moment, dust buildup shorts something out or jams a cooling fan; these things just happen from time to time.  But there was one issue I saw this year that really stood out as occurring more frequently than any other problem by far.  A problem  that seemed to happen so suddenly, so widely that you could almost call it “trend setting”.  So I wanted to take a look back and talk a bit about a problem I’ve seen more often than anything else this year:

“Warning:  You’re infected!  Click here now!”

The most prominent problem I saw this year, more than any other problem I got calls about, were from people saying they had gotten alerts popping up on their system similar to the one pictured above.  Typically you would be intimidated by a popup that said your system had a LOT of viruses on it and to click on various buttons/links to remove them.  Unfortunately it was all a ruse as these alerts were themselves part of a virus masquerading around as anti-virus software, taking computers hostage.   Their names and appearance had some variation but most of their tactics were the same:

• Prevent user from opening any other applications (including Task Manager)
• If you were able to open a web browser, any page you tried to visit would be replaced with a page that would fear-monger the user even further
• Change the browser proxy settings to point to a non-existent server and in doing so prevent the user from accessing the Internet for downloading removal tools
• Annoy the user with never-ending, obnoxious pop-ups that would invite the user to pay the developers of the fake anti-virus software ransom money
• Replicate itself across multiple, random locations on the hard drive, making it more difficult to remove manually

I began to get a lot of phone calls for this exact type of issue during the middle of the summer this year, and of course everyone wanted to know how their computer came to get this sort of junk software on their machine in the first place.  Along those lines:  Where do viruses come from, how could one have gotten on my computer and WHY on earth would someone create such an evil thing in the first place?

I don’t have the monetary resources to conduct an “official” study (and as such you should classify everything here to be anecdotal), so the next best thing I can do is look for things that were in common between PCs that fell victim to the same infection at about the same time.  The one thing that stood out the most to me was that Adobe Flash, Adobe Acrobat and/or Java were out of date and needed updates to be installed.

In the year 2010, Adobe has had to make multiple announcements about zero-day exploits found in their Flash plugin that could allow Flash to do things like crash a computer or to take control of it (e.g., facilitate the installation of a malicious payload or virus).

Just what is Flash, anyway?  Flash is a plugin for web browsers that has been a mainstay in webpages for over a decade.  Youtube videos, for example, are played within Flash.  Most advertisements you see on the web use Flash to animate video, elements, buttons, letters, etc.  Some websites are made entirely in Flash.  In the early days Flash was designed as an alternative to animated gif images and cartoon-like animations because for some uses it could actually conserve bandwidth because instead of pixels and color pallets taking up file space, you would instead be working with vectors (think connect-the-dots to create a shape of something, like a stick-figure man, and move the dots/vertices to animate it).  An awesome example of cartoon flash animation using very little bandwidth is www.homestarrunner.com (a favorite cartoon series I used to follow in the old days).  Over time Flash has evolved into quite a feature rich plugin that many have attempted to clone and dethrone, but all attempts have failed (so far).

In any case, as a result of being more efficient than animated bitmaps and saving web hosts money on bandwidth and faster loading times while increasing the “eye-candy factor” during the days of dial-up, Flash became a preferred/common means of deploying advertisements on the web, and eventually advertising itself became so big that there are now companies that do nothing but produce and host Flash-based advertisements for other websites. What this means is that many websites do not actually host/serve the advertisements that you see on their website, as they have offset the bandwidth requirements for this function to third party companies.  Unfortunately, because advertising is a big deal online, it raises the bounty and incentive a malicious hacker might have to penetrate the advertising servers and replace clean advertisements with infected versions that would download and install Malware all by itself, taking advantage of security exploits in the plugin that have not been patched by the user.  This has been going on for at least the last 4 years or more and it’s a phenomenon knows as “Malvertising”.

So what are some ways to prevent this type of thing from affecting you?

1. Make sure you apply updates for all software on your computer when presented with the opportunity

If you see an alert like the one pictured above, address it immediately.  Far too often I see users just minimize the window or click “Later” and forget about it for the rest of the session.  The same thing goes for Windows updates, Adobe updates and generally speaking any updates for software that you use on a regular basis.  Updates happen because security vulnerabilities are found and patched, or slight tweaks resulted in an increase of the programs performance, or because they are adding a new cool feature.  Whatever the case may be, software updates are your friend and you should welcome them without hesitation.  If you are asked to update a piece of software you have never heard of before,  just type the name of that software into Google.  With just 30 seconds of reading you should be able to determine if the program that has an update pending is legit or malicious.

2.  Use Anti-Virus software that is backed by a good reputation, not just hype and marketing

The two most common anti-virus programs I’ve encountered  on computers THAT WERE ALREADY INFECTED has either been Norton or McAfee; both have never seemed to live up to their hype or justify the sponsorship of PC manufactures and Internet Service Providers.  Norton in particular spends gobs of money on absurd advertisements about how you should protect your oscillating fan from David Hasselhoff or saving your unicorn from Dolf Lundgren.  The use of silly metaphors in them are meant to parody the fact that most people don’t understand viruses anymore than they understand Dolf scorching My Little Pony with a flame thrower, purely for illustrative purposes of course.  Lets dumb it down so much that people will say, “This is so dumb, it’s smart (advertising).”  Now we know why a copy of their software costs around $60 or $70 per year…

The sad truth about anti-virus software is that NONE OF THEM are perfect or necessarily worth their weight in dollars, simply because virus programmers have the upper hand.  If a hacker discovers a vulnerability that no one else has discovered yet, he may just keep it in his “stash” for use later.  OR, he might sell that knowledge to the Russian mafia or any number of other interested parties who have their own stash and secret agendas.  It is suspected the Stuxnet worm that ran rampant through Iran earlier this year was the product of a government agency, due to the sheer amount of zero-day exploits it contained for propagating itself, along with its overall sophistication and extremely specific targeting.

Was it a coincidence that days after Adobe announced the discovery of a zero-day exploit in their Flash and Acrobat Reader software in early June that a lot of people started to call me for the exact same Malware problem?  It’s quite likely the vandalism on advertising servers was timed to correspond with these vulnerabilities to maximize exposure.  It takes Adobe around 2 weeks to release patches for vulnerabilities like this so there is a window of time users are exposed and at risk, and this window of time extends out further if you avoid applying updates.

Despite this sad and depressing fact, you’ll be happy to know that many anti-virus programs do provide generous protections that you cannot otherwise get without them.  There are two programs I recommend everyone check out:

• Microsoft Security Essentials
• Malwarebytes

Microsoft Security Essentials is produced by Microsoft itself and is a free program you can install on your system.  It will actively monitor your computers activity and help prevent virus infection.  I encounter network security professionals in web forums here and there and most of them have really begun to sing praise for this program, because of it’s small footprint and high level of virus detection and removal.  Malwarebytes is another program that comes in a free form (though there is a paid version that automates all of it’s functions so you don’t have to do manual scans and updates with it).  Malwarebytes has been an absolute life saver for me this year as it was able to effectively cure about 8 out of 10 PCs of all their woes with one scan.

There are many other commercial (pay) anti-virus programs out there that are good, such as AVG, Avira Anti-Virus, Avast, etc., but I don’t have the time or resources to review all that are available.  While you might be able to find other websites out there that post “comprehensive reviews” of this type of software, it should not surprise you that sometimes these articles are just advertisements for commercial anti-virus software dressed up to look legit and non-partisan.  In my opinion, the best reviews for these things come from individual users and a great place to find reviews for antivirus software is Amazon.com.  They sell some anti-virus software and each of them have their own collection of user reviews that are worth reading over if you decide you want spend money on extra protection not offered by free solutions.

3.  Install A Software Firewall Solution

If your computer is directly connected to the Internet (and does not pass through a router of any kind) then you are putting your computer on the front line and you should protect it with some armor if you want to stand a chance in the wild jungle that is the Internet.  Firewalls prevent unwanted network traffic from passing between your computer and the Internet.  In the same way Flash has it’s own flaws and vulnerabilities from time to time, so too does Windows itself and many vulnerabilities can be exploited with nothing more than a network connection.  Having a firewall in place helps eliminate this possibility.  A firewall can also prevent rogue software that is already on your system from “phoning home, contacting the mother ship” to update itself or otherwise expose your personal data to would be data thieves..  It’s not anti-virus software, but it does add a critical layer of protection.  Windows itself comes with a firewall built in but it’s not as feature rich as some third-party applications out there.  The most popular free firewall that I know of Zone Alarm Free.

4.  Use a proper Ad Blocking browser extension

One of the great features of Zone Alarm Free is the ability to let it block advertisements for you, although its not very smart about it as it basically blocks all gifs or flash content embedded in a website.  This can break a lot of websites that have legit uses for Flash, like Youtube.  So you may want to look into a more proper ad-blocking plugin/add-on/extension for your browser.  A great one for Firefox is called Adblock Plus.

5.  Use a safe web browser

Recently I stumbled across a funny description of Internet Explorer:  “It’s a great tool for downloading Firefox or Google Chrome.”  And it’s the truth.  Internet Explorer has struggled to achieve a respectable reputation among security experts as being a secure browser, when compared to others that compete against it.  Among them are:

• Mozilla Firefox
• Google Chrome
• Opera

These are all very capable browsers that have a great reputation for handling security and also have shown impressive turnaround when vulnerabilities are discovered.  I would highly recommend you download and install one of the above browsers and start to use it instead of Internet Explorer.

6.  Avoid And Uninstall Web Browser “Toolbars”

The above image is an exaggeration of a point I would like to drill home:  Toolbars are 99% junk and often facilitate no additional functionality than a web browser already has built into itself.  Pop-up blocking and search bars are standard in all modern web browsers, for example.  Many times I have seen toolbars for “MyWebSearch” on computers that happened to be infected with a virus.  I can’t necessarily say there is a causal connection between that particular toolbar and an increase in exposure to malicious software, but its fair to suspect it because if you search for “mywebsearch” on google, every single link (except the first one) goes to instructions for how to remove it.  It’s clear that NOBODY wants this toolbar, and the same could easily be said for most toolbars.  Get rid of them, please!

The easiest way to remove most of these is to use the Add/Remove Software applet in your control panel (In Windows Vista/7, it’s called “Programs and Features”).  If this fails to work then you can often find instructions for manual removal by searching for them with Google.

7.  Avoid P2P Filesharing Programs

Limewire is dead, but the way it worked will live on in other programs like it.  The way Limewire worked mostly relied on you connecting to other peers like yourself and the mesh collective would commence to pass files back and forth in a decentralized fashion.  The problem for Limewire is that it wasn’t entirely decentralized, which is why they were able to shut it down like they did Napster several years ago.  But still, the primary way it worked was by letting anybody share pretty much ANYTHING they wanted, without any real fear if they did something like disguise a virus as a popular new song by some teen-pop musician and share it out to the world as a “joke.”  Using software like this is your call and any legal considerations involved weighs entirely on you.  If you do decide to use file sharing software of this nature, make sure you police all your downloads to be sure you haven’t downloaded a Trojan horse.

8.  Consider Adding Parental Controls To Your PC

Not everybody reading this (in fact, few people reading this) would be willing to walk forward and admit to visiting porn websites online, but such websites make up a large chunk of the web and due to the rogue nature of some of them you are more likely to find ads, script code laced with viruses or strait up automatic downloads for executable binaries with names like “Video.exe” that can lead to your computer being infected.  It’s quite plausible that you might even visit one of these sites “TOTALLY BY ACCIDENT!!!”  So one thing you might consider using is a parental control blocking application that filters out web addresses and reduces the chance of you visiting one by accident or otherwise.  A robust, free parental control program worth trying is K9 Web Protection.

9. Consider Using Linux For Internet Stuff

It would be hard for me to write all of the above out without making a passing mention of using a different operating system, at least part of the time.  I realize not many users are interested in making a big switch from one OS to another, but it is very easy to at least get your feet wet with a Live CD.  In the case of Ubuntu Linux you can boot the entire OS from a CD without making any changes to your computer.  It’s like playing a demo for a video game before deciding to install the full copy, for free.  Instructions for downloading, burning and booting are right on Ubuntu’s website so if you’re even SLIGHTLY tech savvy you may find you enjoy working in Ubuntu more than you do Windows and feel relief from not having to worry about viruses or malware infecting your system.

Conclusion

As I mentioned before, this Malvertising problem is not new but the spike in its frequency of occurrence this year was interesting to me.  It wouldn’t be far out to predict another wave of infections like this striking again, but with the above advice and your increased awareness of the possibility of being infected in such a way should help to drastically reduce the chances of you falling victim to something like this.

You don’t need anti-virus for Linux. Others in here will do a better job at explaining why this is, but in short, the OS has a big advantage here due to it being open source. The operating system is a product of crowd-sourcing, much in the same way as Wikipedia has been since it first showed up several years ago. And much like the highly-moderated articles of Wikipedia that require membership and an approval process for changes made to locked articles, so to is a strict moderation that goes on with the source code for Linux before it’s allowed to become part of the official distribution. Everybody is out to identify possible flaws or weaknesses or bugs in the source code and it’s much easier for any single person to make a contribution because the OS and much of the software that runs on it is open-source.

In Windows, the users don’t have the luxury of being able to dig through the source code to look for flaws. All they can do is report symptoms of problems to Microsoft, and the limited number of paid programmers that do have access to the source code then have to decide what flaws are the most important and which ones don’t merit their attention. So with Windows, a bug that affects only 500 people won’t be as important as a bug that affects 500,000 and probably won’t be fixed at all. But if it were Linux and if just one or two of those 500 people were a programmer who had access to the source code and figured out how to fix the problem on their own, the other 498 would actually stand to benefit from a patch that ends up being released thanks to the work of that one developer who had some spare time on his hands and decided to do something about a bug simply because he could.

So throughout the long life of Linux there has been this much more diversified, seasoned, multi-cultured source for development feedback that has helped to make it a much stronger, more “mature” operating system, especially in terms of the way security was designed. If there was ever a person out there who found a way to circumvent that security, there is at least one other who knows exactly how to repair the flaw. The reason viruses are able to best Windows is because their developers can only patch so many holes, and the ones they don’t have time to get around to end up being exploited the most. Third-party software developers that make Anti-Virus software make a killing because Microsoft is unable to handle this responsibility all by themselves, and even still, the best anti-virus software isn’t perfect.

The reason anti-virus software isn’t necessary in Linux is simply because the OS and its updates that patch vulnerabilities do the exact job anti-virus software in Windows is meant for: Prevent unwanted, malicious software or network activity from compromising the system. If there were a flaw in Linux found that allowed something like that, it wouldn’t be the job of some third-party software to safeguard the user against but the job of the OS itself. The reason anti-virus software even exists is simply because Microsoft is unable to handle the immense work load of patching their own source code as well as a crowd of Linux geeks can.

Am I saying Linux is perfect and invincible to viruses? Might it become more susceptible to viruses in the future if it were to ever become as popular as Windows is today? I would think that with an increase in the number of users would also come a complimentary increase in the number of clever developers that would only help to increase the number of eyes available to find flaws and fix them. Saying that Linux would get a lot of viruses down the road because more people are going to use it is like saying Wikipedia will become rife with widespread, uncontrollable vandalism because more people visit it. It hasn’t happened yet, and very likely never will happen because of the way it is designed, moderated and improved upon by the hive mind.

EDIT to add: As mentioned in the first comments below, I failed to acknowledge that while Linux is more robust in the area of security, nothing can compensate for the weakest link in this arrangement:  The User.  A novice user could easily be enticed by a sinister website  that tells them to download a deb file which might contain malicious code and absentmindedly install it or execute a destructive command from the terminal window because they didn’t know any better (like rm -rf ~/*).  Fortunately for novice users there is little if any need to actually venture out into uncharted territory like a terminal window or strange websites to get software, thanks to the official repositories that contain a HUGE collection of software which continues to grow.  I’ve even heard you will soon be able to purchase proprietary Linux-based software through it.  Unfortunately, little can really be done to compensate for user negligence, and trying to compensate for all possibilities would likely result in too many annoying alerts and prompts for the average user (like when Windows Vista sprang the UAC on its users).

There are only a couple of circumstances that I believe anti-virus software on a Linux platform would might be worth having which involve helping to protect other Windows systems.  Say you got an email from someone that contained a virus but you never knew it was there and forwarded it onto someone else who uses Windows, resulting in their day being ruined and you being blamed.  So that’s one scenario.  You might also have a Linux server administrating a network of Windows based workstations which you have read/write access to and use the server to conduct scans of these machines over the network, but at the expense of finite network bandwidth and CPU cycles on the server.

About 2 months ago or so I read the tutorial in the above link to help get my fingerprint sensor setup in Ubuntu.  The problem was that it left one simple instruction out:  Paste a line of  text AT THE TOP of a config file (and not at the bottom like I did).  The mistake has been corrected and I’m happy to say my finger print sensor is working in Ubuntu 9.04.  Based on the directions from the the link above, here’s how to set it up (these instructions are meant for version 9.04; see the above link for instructions for 8.04 and 8.10):

Step 1: Click Applications>Accessories>Terminal and paste in the following command:

sudo apt-get update && sudo apt-get install aes2501-wy fprint-demo libfprint0 libpam-fprint

Step 2: Still in Terminal, paste in the following text:

sudo gedit /etc/pam.d/common-auth

This will open a text file called common-auth in Gnome Text Editor.  (Here’s where I screwed up last time).

Step 3: If you want to use both the password and the fingerprint to authenticate (more secure) add at the bottom:

auth required pam_fprint.so

If you want to use either the fingerprint or the password to authenticate (i.e. completely bypass the password through the fingerprint) the following string must be placed at the top of the file:

auth sufficient pam_fprint.so

Once pasted, save and close the file.

Step 4: Press Alt-F2, type “fprint_demo” without the quotes and press enter.

This will launch the fingerprint utility that you can use to enroll the finger you wish to use for future authentications.

That’s basically it.  Special notes:

• If you happen to screw something up in the config file by mistake and lock yourself out of your PC by accident, you can boot into Recovery Mode from the GRUB boot menu to access a root command prompt and edit the above config file using nano (nano /etc/pam.d/common-auth).
• Not all login screens are compatible with this feature.
• To test your finger print in fprint_demo, click on the verify tab at the top and use the verify button to compare an enrolled fingerprint to another finger (or the same finger) and you’ll see the difference.

As of Ubuntu 9.04, I’ve noticed the following quirks:

• Often you will not see an on-screen prompt asking you to swipe your finger across the sensor if the system is waiting for it.  Examples include the login screen, running Update Manager or Synaptic Package Manager, and otherwise most other programs that required your password to run them.
• The only actual on-screen requests I’ve seen so far is when you are unlocking a screen-saver, or are running a program with sudo privileges in a terminal window.

http://en.wikipedia.org/wiki/Conficker
http://mtc.sri.com/Conficker/addendumC/

As stated in the links above, the virus takes advantage of a buffer-overflow vulnerability of certain server services on Windows based machines.  Microsoft issued an update (MS08-067) for Windows 2000 SP4, XP SP2 & SP3, and Vista to patch this hole back in October of last year. So if you have installed all available Windows updates you should be fine and not need to worry.  It is highly recommended you install all available updates if you have not done so lately.  To force your PC to check for available updates, click Start>All Programs>Windows Update and follow the on-screen instructions.

If your computer is directly connected to the Internet it is advised that you have a quality software firewall installed and blocking unexpected inbound traffic.  A comparison of free firewall software can be found here:  http://www.techsupportalert.com/best-free-firewall.htm

In addition you should also have a quality anti-virus software solution in place.  Any of the following will suffice:

• CA Anti-Virus
• Symantec Anti-Virus
• F-Secure Anti-Virus
• Panda Anti-Virus
• Kaspersky Anti-Virus
• McAfee Anti-Virus
• BitDefender Anti-Virus

I personally recommend  AVG Free Edition

In summery:

• Be sure to apply all available updates for Microsoft Windows
• Ensure you have some form of firewall blocking unwanted network traffic
• Install a quality anti-virus solution

Now lets all have a happy April Fools day!

1) Go click Applications > Accessories > Passwords and Encryption keys
2) The should be entries there listing an array of keyring password.
3) Right click on them and select change password
4) Enter the old password if you have one then leave the new password blank. (A warning message should appear)

I’ve not done this personally (I haven’t had to) but if I’m guessing correctly, the “warning message” mentioned above in step 4 is likely the same warning message pictured below, asking if you are sure you want to use “Unsafe Storage”.  You can read more about what this means below.

—————-[Begin old post]—————-

I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long…  Anyway, you might be wondering what the keyring password manager is.  It is a built in feature of Ubuntu (specifically, a package called “Seahorse“) that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts.  So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician.  The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.

As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience.  For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network.  This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update.  The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.

So what I’ve always wanted to have happen is this:

• I start or restart the computer by remote (such as through SSH or VNC).
• After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.

I’ve finally learned how to do this, and it’s stupid easy to do.

There is of course a few security drawbacks about doing this.  For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.

Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned.  If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working from an encrypted HD with the required /boot partition on a USB key, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system.  But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway.  So for this particular PC, I see little harm in opting out of using this security feature.

So here’s how you get rid of the keyring manager.  Please note: This will erase saved passwords you have so be sure you know or remember them before you make your computer forget them!

1. Open up your Home Folder by clicking Places>Home Folder
2. Press CTRL-H (or click View>Show Hidden Files)
3. Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
4. Inside of the .gnome2 folder, there is another folder called keyrings.  Open it up.
5. Delete any files you find within the keyrings folder
6. Restart the computer

After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key (because we made it forget).  After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring.  The box looks like this:

Instead of typing in a new password, leave both boxes completely empty and click Create.

You’ll then be asked if you know what the hell you’re doing:

Go ahead and click Use Unsafe Storage.

WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form.  So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc).  Proceed with caution.

From here on all keyring-stored passwords you enter will not safeguarded behind a master password or encryption.  Whether or not you want to do this is entirely up to you.  I personally have had enough of the keyring manager and consider it kind of annoying.  But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea.  Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software.  You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.

I’ll just keep this very short.  Internet Explorer has once again dropped the ball in the realm of Internet security and it’s something that’s been present for over 48 hours already.  You can read about the problem via BBC’s website by clicking here.

The article states in bold letters at the top, “Security experts recommend switching to a rival browser until the problem is fixed.”  Need a rival web browser?  Download Firefox at www.firefox.com.  It’s free, faster and much more secure than Internet Explorer ever will be.  Seriously.  Why is it more secure, you ask?  Because it’s open-source, just like Linux.  But again… don’t wanna turn this into a “Microsoft sucks” bashing post.

Also, on the side, I should mention that I’ve see a LOT of Windows systems get hit with viruses in the last 3 weeks, a good chunk of which have come in from emails on Facebook.  Which isn’t to say that Facebook is bad.  It just doesn’t have much of an effective spam filter or virus scanner built into it.  You would think that after a few people have recieved the same spam from their friend whose computer was compromised, they’d start filtering messages with the same links, the same stupid subject line, and all the rest that comes along with basic social engineering-based viruses.  It’s what Yahoo and Google do.  So to you Facebook/Myspace users out there (and everyone else who doesn’t uses these services), be VERY cautious about clicking on links to websites you’ve never visited to before in email sent to you by a friend.  They may not have actually sent you something.  In fact, it’s possible their account password was phished, changed, and their account used as a lauch pad for spreading the same infection to other people (like you).  So be careful.

Clearly, this user is not running Windows XP but Ubuntu Linux.  Yet with their pop-up blocker disabled in Firefox 3, a malicious website presents a window that mimics a “real” warning.  But it’s actually a trap.  This is probably the most common reason viruses find their way into Windows systems — by exploiting a users lack of expertise and susceptibility to intimidation on a technical level.  So fair warning to you Windows users out there.  Fortunately for our Linux user, he’ll just laugh and close this window.  If you’re a Windows user and you see an alert like this, you should close it too (but run a virus scan using something like AVG immediately afterwords).

Well, it turns out the Wii itself is causing quite a bit of mystery.  Spoofing it’s MAC address, I was able to get the agreement page to re-appear on my laptop.  But after shutting Backtrack down and trying again, the Wii still couldn’t gain access to the Internet for some odd reason.

I went ahead and contacted their IT department and within a couple minutes, they had granted the MAC address of the Wii access to the Internet.  Yet it still doesn’t work.  Which… doesn’t exactly surprise me, especially after the IT guy told me I was the first person to attempt to connect a Wii while staying at a Holiday Inn.  We sat on the phone for about 15 minutes testing and testing, power cycling and testing again, but the Wii wasn’t doing anything except giving up.  It would seem that the IT department and myself are both stumped about this.  So for the time being, the spoofing tutorial is useless.  But still, it was a fun experiment.

In the meantime, I’m going to sit down with Google and see if I can find an alternate solution.  If I find one, I’ll be sure to write about it here.

Fortunately she is being put up in nice hotels (which I would imagine is coming out of her bosses bonus checks this year, and that sort of makes me feel a tad bit better about the whole long-distance relationship mini-drama). But there are many days I can’t stay with her, and spending time in a hotel alone can get really boring after a month or two or three (hopefully not four, but I’m a little pessimistic at this point).

Holiday Inn’s WiFi Meets Nintendo Wii

One of the things my girlfriend purchased before this stretch of work was delivered to her was a Nintendo Wii. I showed her at my house how to configure the wireless network connection settings and talked her through it over the phone when the time came. But for some reason, it just wouldn’t connect. By “connect”, I don’t mean wireless association followed by authentication (which, in this case, means nothing because the network does not use encryption). What I mean is, you’re not granted gateway access to external IP addresses until you’ve clicked on a link indicating that you agree to certain legal usage terms. Once you click the “I agree” button, you are then given full access to the Internet.

What the Nintendo Wii is trying to do is phone home (access Nintendo’s servers) immediately after it’s assigned a default gateway with the assumption that the gateway is not blocking traffic to external IP addresses. If it were to ping the gateway, it would likely get a reply. Any other site, nothing. The Wii assumes your router to be working, but the cable modem is broken, so it gives up and asks you to try a different network.

Since I’ve already agreed to a certain group of usage terms I shouldn’t be required to click “agree” again so as to personally access the Internet. But it’s the MAC address that acts as my identity, more like a name-badge, and the MAC on the Wii will be different from the MAC on the laptop. Your MAC address is a hard-coded number used to uniquely identify your wireless networking adapter. No two MAC addresses are said to be the same. So at first, it would seem there’s nothing I can do with the Wii to get it to connect to the Internet… Or is there?

What can be done about this?

There are a couple solutions. The first is to contact customer service and see if they can get their IT guy on the phone. I would then ask him if he could manually add the MAC address of the Wii to their routing tables and grant the device access. For some, this would be the simpler solution… though your mileage may vary. How long do you think it would take? Because I really don’t feel like placing bets on them being immediately available. I’m just telling you right now that the IT people at this particular hotel are not very advanced. The reason I say this is because the channels they picked for their 3 routers are all within the same frequency range (channels 1, 2 and 3) instead of spread out (channels 1, 6 and 11). In other words: They’re not very professional. Bandwidth is being lost because the routers are overlapping each others frequencies, and this is basic wireless network design technique we’re talking about here.

The other solution is to trick their wireless networks into thinking my laptop is the Wii and click “I agree” a second time, and then disconnect. I would do this by changing the MAC address of my wireless adapter. This is what is known as “MAC address spoofing”, the act of using a networking device to appear to be another (not to be confused with a “spoofing attack”, because we’re not going to attack anybody). Not all networking devices can do this. I happen to be using one that contains an Atheros chipset (it’s a D-Link WNA-2330 to be exact), which can be made to do anything I want it to do in the world of Linux. (Another blog I’m going to write in the future about Wireless Adapter hacking is turning my laptop into a Wireless router, and then share my cellphone’s Internet access wirelessly).

The Trick

I intend to use a copy of Backtrack 3 beta to carry out this little experiment. But it’s late, I’m away from home and have to download a fresh ISO and burn it to a disc first before I can try this out. By the way, spoofing a MAC address can be done in Windows, but I’m not going to write about Windows software that does this in here (because I’m lazy. But if you’re really curious, google can help).

In Backtrack (or even Ubuntu if I install the MadWifi drivers, which is not as easy as burning a Backtrack Live CD) the commands to change the MAC are as follows (reference link):

• wlanconfig ath0 destroy

You can use any mac address you like. In this example: 00:11:22:33:44:55

• macchanger -m 00:11:22:33:44:55 wifi0
  
• wlanconfig ath0 create wlandev wifi0 wlanmode managed
• ifconfig wifi0 up

After this, I can just use a plain old connection manager to connect to the network.  I could also use this command to do it manually:

• iwconfig ath0 essid [NetworkName] key [WepKeyHere]

Pretty simple. Note though that if your card uses a chipset other than Atheros, you might not be able to do this with your card, and the first command “wlanconfig ath0 destroy” might be slightly different (like “eth1″ for instance), depending on the device name Linux assigns your wireless adapter.

Isn’t this a little extreme?

If by “extreme” you mean “illegal”, the answer is no. Spoofing doesn’t become illegal until you use it in to acquire private information you’re not supposed to have access to (which requires a lot more work anyway). The Nintendo Wii is flawed in that it doesn’t included a web browser with it by default, and even if it were installed, it wouldn’t believe it was actually able to connect to the Internet. Perhaps I’ll send Nintendo a little suggestion so they’ll release a patch in their next update sweep. Though it surprises me that they’ve not encountered this problem, considering they sell Nintendo Wii carrying cases for smug Wii-owners to take their Wii’s to their non-Wii-owning friends’ house so they can show it off over and over… though this probably doesn’t take place in nice Hotels with moderate network security in place. And Nintendo would probably ignore me because they charge people to buy their web browser (you have to be able to download it from their servers anyway), which is required to agree to view Holiday Inn’s agreement page.

So I suppose the next best place to put the blame is on Holiday Inn….and we know that IT guy isn’t in the mood to revamp company policy (and I can’t really think of an easy solution, other than unblocking the MAC). You see, it becomes this dilemma of, “Just how out of my way should I have to go?” If I had a backtrack CD with me right now, I’d hopefully be able to solve this problem in 5 minutes. To me, that’s the opposite of extreme. I’d call it practical (for me). For most people, they’re either stuck with a design flaw in their game console, or hotel Internet policies that were not designed to accommodate these kinds of dumb devices.  Quite a double-bind we have here.

Well, I’ve got some sleep to get… At least they have nice pillows here and the bathroom sink is to die for!

A client of mine recently wiped his computer clean when they accidentally initiated a destructive recovery via the F10 key during POST. This caused their hard drive to be formated and their OS to be reinstalled as it was when it was originally installed at the factory. The lost files on the system were not recoverable, and the only alternative would be to have an advanced data forensics lab extract the old data off, the cost of which could go up as high as a couple thousand dollars.

There are some simple things you should get in the habit of doing if you want to decrease your odds of facing such a horrid situation as the one above:

Unplug your PC when there is lightning outside

I shouldn’t have to tell people this, but some of you uber-nerds out there think that the bigger their basement-computer-bedroom-cave-hermit dwelling is, the more invincible they are. It’s not a matter of probability of being struck, but probability of surviving a lightning strike unscathed. Like the Black Knight from Monty Python.

Don’t let the price tag on that expensive Uninterrupted Power Supply fool you. Its purpose isn’t to safe-guard you from a lightning strike, but to sustain power to your PC in the event of an unexpected outage and to compensate for brownouts and power spikes. Lightning can still penetrate it and make its way to your computer. Once there, it’s up in the air how much damage it might inflict, and hard to diagnose the extent of damage after the fact. Every time I’ve seen a system that’s been hit by lightning, I’ve ended up having to tell people to buy a new computer, because so many parts were damaged in a split second.

Do what most people do during severe weather: Watch TV till the power goes out, grab a radio and flash light, salvage the remaining beer from the unpowered refrigerator, and hope for the best when you regain consciousness in the morning. Or whatever floats your boat.  If you have an Internet addiction like I do, use a wireless device like a laptop or a cell phone to get your info fix.

Backup to an external storage device

Here’s what I’ve got pictured above from left to right:

• An external USB hard drive. Advantages: Cheap for price per megabyte, easy to setup and use. Disadvantages: Subject to failure from old age after several years of use (see your warranty), and sometimes bulky (depends on how cheap you are).
• A USB Flash Drive. Advantages: Small, handy, convenient, instant plug-and-play capable (usually). Disadvantages: Must be replaced after about 250 uses, easy to misplace and lose (get a nice 4 dollar lanyard like I did). Costly if you have lots of data to backup.
• A cell phone with a MicroSD card. Same as the USB flash drive, but slower. The advantage is that it’s in your phone, and you probably aren’t as likely to misplace that thing.
• Network Attached Storage. Network attached storage is basically a “computer-less” hard drive that attaches to your local network (router) and shares hard drive space to other computers on the network. Advantage: Highest fault tolerance (there are multiple copies of files spread across hard drives, so if one drive fails, the file is not lost). Disadvantage: Expensive.

You can also backup data to external CD’s or DVD’s and keep them in a dark place. Doing so will keep your data safe for a long time. But it’s good to shed old storage media after several years of data sitting on them and move data to a fresher medium that is less likely to suddenly flake out unexpectedly.

You can also use software to automate backing data up. A good one is Amanda Open Source Backup. I’ll write more about it sometime in the future. But for now, you should consider using one of the external devices above and practice good habits to protect your computer and your documents from being lost.

The Early Days of Wireless Networking

The 1990′s was a period of great excitement for computer hobbyists and nerds alike. Particularly the few who enjoyed building electronic toys on breadboards with little capacitors and microchips from Radio Shack. As rare as such people are, I once knew a man named Rick who had actually built his own serial cable adapter to hook his 66Mhz computer up to a CB radio and use it to send data over the air to someone else with the same setup on their end, using only radio frequencies to transmit data for miles and miles. This little idea of wireless data sharing wasn’t all that ground breaking at the time, mostly because it was SLOWWWW.

Still, it was the early 90′s, and just plain dial-up Internet access was THE wet dream of nerds like myself and the fellow I mentioned above. The Internet came late in the rural area I grew up in, so the next best thing was to connect directly to someone else’s computer via one means or another, usually a phone modem. (I have many very fond memories of playing Duke Nukem with a friend by using our phone lines to dial each others’ computers and start playing head to head. It was a degree more personal, direct, instant and consequently more fun than most of today’s impersonal multi-player games played against strangers, I think, but that’s just my opinion).

Fortunately, dial-up (and later DSL and cable) availability soon swept the nation, and most computer users now had a dependable method to access this so-called Internet. The old lost hobby of transmitting data from one computer wirelessly to another located miles away — seemingly for nothing more than a tiny fraction of your electric bill — became obsolete compared to the fast speed of 14.4 baud modem that was always available (unless you were using the busy-signal service provider AOL). It also had the added benefit of being a network with many millions of regular and increasingly diverse users. Suddenly, you didn’t have to be a student in a university to get access to hundreds of thousands of interesting websites and anybody could get an e-mail address from Yahoo with their very own 2 MB mailbox for free. The Internet was in the early stages of flowering, and many ISP services popped up to offer access for about 20 or 30 bucks a month.

Trying to build your own private network wirelessly with a CB radio wasn’t a bad idea. But if you had tried to do what Rick had done with a CB radio, and attempted to send a file the size of a 3 1/2 floppy over the air, it would have probably of taken at least an hour to send the whole thing. By comparison today, the same file can be downloaded via standard cable Internet in just 2 seconds (even over today’s wireless networks). In fact an increasing number of home users are now installing wireless networks in their homes for the convenience of being able to put their laptop anywhere in the house and get access to the Internet. This makes me wonder: What if the entire Internet were to be rebuilt (theoretically) with wireless radio signals instead of copper and fiber optics? We’ll come back to this idea later…

Net Neutrality

You have probably heard the term Net Neutrality come across the news on occasion, but not really have much of an understanding of what it is. In short, Net Neutrality is exercised when an ISP such as Cox, Road Runner or Comcast refuse to interfere with your Internet bandwidth based upon the types of traffic sent over the wire to your computer. An example of what a non-neutral ISP might do is if they sell their Internet in tiered packages, sold the same way cable companies sell their TV channel packages. You get the standard cable for X dollars, the premium channels for X dollars more, then there’s pay per view, etc. Do you want the Internet to be sold and regulated like that?

(Don’t worry. It’s fake….for now)

The current debate going on in congress is whether or not regulations should be put in place that would prevent companies like Cox or Comcast from establishing such tiered packages. Since the debate was brought to Congress in the middle of 2006, every bill proposed thus far has been killed. In a world where the Internet is packaged and sold under dubious terms and conditions such as limiting which websites you are allowed to visit, you’d soon realize that restricting access in such a manner would brush up against violating the First Ammendment.

One of the overlooked reasons behind cable based ISPs wanting to restrict and split Internet access into more controllable tiers is bandwidth usage by P2P file-sharing protocols such as the popular Bittorrent, which uses an efficient mesh-topology for sharing files. It allows users to upload and download files to each other in “swarms”, spreading the overhead of file transfer across many users at once, instead of relying on one individual to get stuck with the overhead of sending the whole file to multiple users one after another. The end result: You could theoretically share a file with thousands (if not millions) of people in the same amount of time as it used to take to share it with just 2 or 3 users.

(Above: Bittorrent in action, starting with one “seed” and seven “leeches” which all become seeds themselves in the end)

While a majority of Bittorrent traffic on the web is currently used for illegal file-sharing, it is also a technology that is used for legitimate purposes and poses unlimited potential to TV program producers. So much so that large TV networks will inevitably use it to distribute their programs (new value chain = Producer<Advertiser), instead of through tradition means (Producer<Distributor<Broadcaster<Advertiser); effectively cutting out middle men like Direct TV or Cox and replacing them with the Internet in general. The term used to describe TV distributed via Bittorrent or similar file sharing protocols is called “hyper distribution,” and it’s a threat Cable companies are attempting to squash.

So what do you do when your ISP starts to block your downloads when ABC start to distribute Desperate Housewives over the Internet for free? Well, you’d do the natural thing, and choose a competing ISP who doesn’t filter your traffic… But what if that wasn’t a very easy thing to do? In a world where you are forced to seek out an alternative method of accessing an uncensored Internet, it might be difficult to find an outlet. Because if one ISP practices such traffic filtering, what would stop others from following suit in some form? What if DSL Internet access suddenly cost a lot more money so you could access and download legitimate, legal torrent files? What then?

Municipal Wireless Internet

There are many metropolitan areas in the US that have established or are attempting to build what is called a Municipal Broadband Wireless Internet. This is essentially a government supported infrastructure that allows anyone in the public free or low-cost wireless Internet access from anywhere within city limits. You could be sitting on a park bench reading Yahoo News for instance and it would be paid for by tax dollars. The flaw with this setup (from an Orwellian perspective) is that it was built by the government, or at least heavily subsidized by it. This defaults to them the ability to regulate and/or monitor that particular avenue of Internet access more quickly and at their discretion. After all, they built it via tax dollars you gave them in the first place, which governments like ours so often use in our best interests… right?

Enter Orwell’s Internet (Tinfoil hats optional)

At this point I will attempt to introduce elements of a hypothetical scenario that George Orwell would have likely written into his classic novel 1984 had he known the Internet would exist on such a global scale as it does today. Granted, it is hard to picture what such a world would be like — where the information you are allowed to download to your computer is sanctioned and closely monitored by your own government. But all you have to do is look at the many places in the world that actually practice heavy Internet censorship, like China or Burma, to see that such restrictions exist in many places and are very scary to think about.

Could such restrictions and unwarranted surveillance be visited upon the general public here in America? To a degree, it already does occur, though it’s exercised under the banner of national security and anti-terrorism efforts. There is a remote possibility that it could get a lot worse, but that strongly depends on the public’s misunderstanding about topics like Net Neutrality, combined with the heavy lobbying efforts put forth by the nations largest media corporations, not to mention who ever happens to be President at the time and what the FCC has to say about it. So what I’d like to bring up is this remote possibility of such intense government regulations over the Internet taking place, and why such a scenario would never actually fly if it were implemented in the US.

So far I’ve touched base on the boom of the Internet, followed by Net Neutrality and now the dawn of Municipal WiFi, with a warning that it’s not so delightful a thing in a typical Orwellian dystopia: Googleing the word “democracy” would get you no search results. Personal privacy would be complete fantasy, everybody would be their own brothers policeman, so on and so forth. You’d be surprised what a government might be able to get its own citizens to do with enough fear propaganda. Ask any German who lived when Hitler was in power, or anyone from China who is accustomed to reading state sanctioned “news.”

Fortunately, things are much better off for us today. We have an Internet that is still very very neutral and open and booming. Blogging and alternative channels of news are replacing mainstream news, and criticism of the Iraq war and our current President (for instance) are at an all time high. I believe the Internet is the primary reason for such rapid disapproval percentages. Back in the days of Vietnam, you didn’t see hundreds of thousands of people protesting in the streets of New York before the invasion. You didn’t see approval ratings of the war and the president drop until after 20,000 of our men were killed. And you likely didn’t hear any open commentary on the TV about whether or not the Gulf of Tonkin Incident had actually occurred, since such news was dictated down to the media by the government, who simply transcribed and repeated the line. Why? Well, probably because the Internet as we know it today didn’t exist, nor anything like it at that time.

Now the tables are turned, as there is an infinite choice of outlets to get information at the click of a mouse. The Internet isn’t just a great resource for finding information, but also for finding diverse opinions, instead of canned opinions espoused by pundits. You see, news papers and TV stations and magazines are essentially owned by their advertisers. That doesn’t sound quite right at first but that’s the way it’s always been in the mainstream. What you see reported or discussed on TV is strongly influenced by the money that is coming in from advertisers. If a news report holds a potential for dramatically affecting the bottom line of a company that pays the news outlet money to advertise, it might choose to take it’s money elsewhere, lest the news outlet leave certain bits out, or drop a story all together. The increased use of the Internet for gathering and cross-referencing the veracity behind a headline or article or even an opinionated blog (like this one) is a sign of great change in our culture. Whether it be by leaving a comment, starting their own blog, using Digg to bring attention to something important, organizing a grassroots organization, whatever, the bottom line is the public now feels an increased sense of empowerment and participation and ability to be more involved with political movements.

But what if access were suddenly limited? What if, in a perfect George Orwell dystopia, the Internet as we know it died, and was replaced with one where public dissent is censored, its authors secretly jailed, and all the rest that goes with living within an absolute monarchy? How might a freedom-willed public which has roots going back to the Constitution or Bill of Rights counter act such an anti-democratic place when the most popular form of communication is swept out from under them and controlled by some invisible overlord?

Wireless Darknet

Remember Rick? The guy who had successfully sent data to someone else using a computer and his own CB radio? We’ve come a long way from that kind of technology. Today, we have Wireless B and G, soon to be Wireless N, and others yet to be invented. Wireless N is pretty noteworthy as it will be able to go about 4-8 times faster than Wireless G. Let’s put this in perspective. The average cable modem can download ~5 megabits of data per second and upload ~0.60 per second. Wireless N is capable of uploading and downloading ~240 Megabits per second simultaneously. That’s 48 times faster than cable!

Now, think back on how Bittorrent works. Every person (or node) on the network uploads and downloads to a few other people simultaneously as a collective swarm. This is called a mesh-topology, where each users acts as a client/server and pseudo-router at the same time. Lets say you were to build a network of a few thousand computers on a Wireless N backbone, combining the bandwidth of all nodes together, and you’d have yourself one damn fast network of computers. Those computers could all share their own resources with each other if they wish, such as files or other networks they’re connected to that are off the grid (such as the “real” Internet), acting as a source or simply an intermediary between two points.

So what does Orwell have to say about all this? Well, he’d probably pipe up and start asking about security. If your data is being transmitted over the web through dozens, if not thousands of other computers in the public, whats keeping someone from capturing your data out of the air and stealing information from you? The same question could be asked about the Internet as it exists today, but doesn’t come up much because you’re supposed to trust your ISP not to spy on you. One answer to this problem is strong encryption. In addition, cypher keys could shift at random intervals, making the task of locking onto one for the purposes of exploiting it extremely difficult, if not entirely pointless.

There are obviously more details and concerns that arise from attempting to build such a wireless darknet of sorts, but simply knowing that you could easily get it off the ground with the right software speaks volumes. Especially to the millions of people in America who already own wireless adapters on their home PC’s and Laptops. You theoretically wouldn’t even have to purchase any new hardware; it’s already in place if you live in the right neighborhood. The difference would be in how you use it, and a simple piece of software could take care of that.

The idea of a wireless darknet being built in a country where Internet censorship is exercised is not new, just unconventional for us at the moment. However, China is one country that has all the right ingredients for seeing such a technology take off: high-tech culture, dictatorship, aggressive suppression of political dissent, and most importantly a high population density. Now all they need is a little motivation. It doesn’t take much for us Americans to get motivated though. We’d more likely embrace a darknet of sorts simply to save a lot of money than we would to read the news or post a blog. Nevertheless, it is an option we have at our disposal.