Fix My Broke PC!

We learned in my previous post that a firewall is only good if we, as the user, manage the program correctly. Microsoft now bundles Firewall software in their operating systems starting with Windows XP SP2. Windows XP SP2 and older operating systems are no longer supported by Microsoft, If you are running any operating system less than Windows XP SP3, you should look into upgrading for security purposes. Here we will go over a few quick and easy ways to check your firewall settings in Windows to Make sure they are satisfactory for your internet use. Please note, if you use a third party firewall, such as Zone Alarm, these settings will not apply to you. If you are unsure of what firewall you are using, please contact your local computer technician for assistance.

Windows XP

• Verify the XP Firewall is turned on
  • Click Start
  • Click Control Panel
  • Click Security Center (If you are in classic view you will not see this option)
  • Click Windows Firewall (double click in Classic View)
  • Verify that your Firewall setting is set to On (recommended)
  • The “Don’t allow exceptions” box should only be checked if you really want to lock down your firewall
• View the programs that are marked as Exceptions to being blocked
  • From above location
  • Click on the Exceptions tab at the top of the window
  • The Program Name that is allowed (or denied) is listed here, if the check box next to the name has a checkmark in it, Windows has allowed that program to be able to communicate over the network. If it does not have a check box, it is currently being blocked from accessing the network.
  • Scroll through the list and see if there are any Program names that you may not want to be able to access the internet. Be careful when unchecking boxes here, it could turn off network access to something that you really wanted to be able to access.
• Add a program to the exception list
  • From above location
  • To add a program to your allow list
    • Click add Program
    • Select your program from the list provided, or click Browse… to browse to your program
  • To add a known Port for your program
    • Click on Add Port…
    • Fill in the Name with a recognizable name for you (I.E. Quake 3 Arena)
    • Fill in the Port number and select TCP or UDP depending on traffic (You can usually find this information by googling firewall and the program name)
    • For advanced use, if you only want to allow access to certain IP ranges, or just to your network, not external (internet) networks
      • Click on Change scope…
      • Select your option that you fit is best. You can use a custom list here. If you require a custom list, you probably should already know how to fill it out. For most users, selecting either “Any computer” or “My network only” should be sufficient.
      • Click OK
    • Click Ok
• Advanced Tab Settings
  • By this point, you may be wondering about the advanced Tab
  • Click on the Advanced Tab
  • Here you will see a list of Network Connections for your machine. The Network connections that are checked have Windows Firewall currently protecting those connections. If they are unchecked, that network connection is unprotected.
  • Feel free to look around at the rest, just remember not to make any changes here unless you are sure of what you are changing.

Windows Vista

• Windows Vista is kind of a cross between Windows 7 and Windows XP. I currently do not have access to a Vista machine to write up an adequate step by step guide, so I am going to link you to a good article (not so much step by step) explaining the settings available in Windows Vista.
  • The Windows Vista Firewall

Windows 7

• Verify Windows 7 Firewall is turned on
  • Click the Windows Button
  • Click Control Panel
  • Click System and Security
  • Click Windows Firewall
  • Verify Windows Firewall State is set to On
    • Notice in WIndows 7 you have Home or Work Network and Public Network
      • Public Networks should be used in unsecured wireless places
      • Home or Work Networks should be used when you are at home or work, or a trusted secure site
  • To turn on Windows Firewall
    • Click Turn Windows Firewall on or off
    • Select Radial buttons to turn on or off Windows Firewall
    • Select the Check Box for Notify me when Windows Firewall blocks a new program (this will let you know if a program is being blocked)
    • Only check the box for Block all incoming connections even to allowed programs only if you want to shut down network traffic
• View the programs marked as exceptions to be blocked
  • Click Allow a program or feature through Windows firewall
  • The Program Name that is allowed (or denied) is listed here, if the check box next to the name has a checkmark in it, Windows has allowed that program to be able to communicate over the network. If it does not have a check box, it is currently being blocked from accessing the network. Notice how you can configure the selections for separately for Home / Work Network and for a Public Network.
  • Scroll through the list and see if there are any Program names that you may not want to be able to access the internet. Be careful when unchecking boxes here, it could turn off network access to something that you really wanted to be able to access.
• Add a program to the exception list
  • From above location
  • To allow a program to your allow list
    • Click Allow another program…
    • Select your program from the list or click Browse and navigate to your program.
    • Click OK
  • To allow a known port for your program
    • Click Advanced Settings in the left column
    • Click Inbound Rules on the left
    • Click New Rule… on the right
    • Select Port from the radial box
    • Click Next
    • Specify your port(s) and whether you want TCP or UDP
    • Click Next
    • Select the radial box appropriate to your needs, most likely choice is Allow the connection
    • Click Next
    • Uncheck any boxes that you don’t want to be able to access the open port
    • Click Next
    • Describe the Open Ports (like what program you want in there)
    • Click Finish
• Advanced Settings
  • The advanced settings in Windows 7’s Firewall is far superior to Windows XP’s. Here you can use wizards to add or remove ports, programs and view advanced Firewall logs and settings. Feel free to look through here, but it may be best not to adjust these settings unless you told to do so. The link found above in Windows Vista Firewall explains some of these more advanced settings.

I started this question out with, what is a firewall? This is a computer shop, we are not talking about the wall that is built to resist fires. Although it does hold sort of the same meaning. According to Websters, a firewall is “computer hardware or software that prevents unauthorized access to private data by outside computer users.”

So what does this really mean? A firewall can either be software based, a program you install on your computer, or hardware based, a device that is physically plugged into the network at the point where another network would access it. (On a side note, today most household internet routers are hardware based firewalls but are usually turned off by default. You can check your manufacturers website or users manual for information on how to configure the firewall.) Another network is most commonly the internet for household users. In larger business scenarios, another network could be another office location or another department. A firewall is used as a filter to block or allow network traffic based off a set of rules. The set of rules is defined by the user! This sentence is very important, hence the bold. The network traffic can block unauthorized activity as long as it is properly set. The problem is, every network is different, and so is what applications a user uses to accomplish their tasks. For Instance:

• User A uses Program C to complete Task F
• User B uses Program D to complete Task F

Both parties accomplished the same task, but in different ways. That is why it is important that each firewall is treated in a different manor. If you turn on maximum protection on your firewall, you may notice that things like email, instant messengers, or other programs may not be able to communicate over the internet. They do a fantastic job at protecting your computer, but can be an inconvenience if the security is too high. On the other end, if you open the firewall up to allow programs that you don’t use, or relax it to allow any traffic in and out, you have defeated the purpose of having the firewall. A relaxed firewall is convenient for the user, but opens the computer up to the same security risks as not having a firewall in the first place.

So to answer the big question, yes, a firewall is required and should be used to block unauthorized activity from entering or leaving your computer. Examples on why you would want a firewall are:

• A malicious application would be able to transmit data from your computer to the attacker.
• A malicious user could use open ports (unprotected) to access your computer externally to install or retrieve data from your computer.
• A child, or other user, could install software that is used for peer to peer sharing and could accidentally share out the wrong data.

The list goes on, but I hope this helps you grasp the idea.

Part 2 will come next week for learning how to manage your firewall in Windows Vista / 7, and what to do about the built in firewall in XP SP2, or SP3.

Microsoft fires back at Google and informs the public how to actually set in place a work around in the vulnerability.

Windows Help Vulnerability Disclosure – The Microsoft Security Response Center (MSRC) – Site Home – TechNet Blogs

New vulnerability found in Microsoft’s Help and Support Center. You can read about it in the link below. There is no current solution, but workarounds consist of a Registry Edit (recommended only for advanced computer users, registry edits can cause your entire computer to crash), changing browser settings and updating Windows Media Player to version 10 or higher. You can read more about it by following the link!

US-CERT Vulnerability Note VU#578319

It’s been a while since I posted to Fix My Broke PC! I have been working on advancing my knowledge of Information Technology. I just finished a Data Communications and Networking class as well as a Discrete Mathematics course. I passed both courses and have decided to try doing one course per semester instead of two so that I can have more time to focus on Church and hobbies. Needless to say I am behind on the times and a lot of new or neat stuff has come out. I am back to start sharing some of it.

My first order of duty is to brag about an antivirus suite that I am highly recommending to all of my clients. The cost of this antivirus is, FREE! Normally I do not promote free antivirus suites, especially after running both AVG and Avast antivirus on my home computers. I have had more calls from clients running those two free antiviruses and getting infections than any other problem. This new software is supported and developed by Microsoft and is called Microsoft Security Essentials (MSE).

Here is how I tested this software. During the beta phases I signed up (prior to starting classes in August which was the reason I had not posted during that time) and started testing it on my personal machine. After a while of running it and testing stability I decided to put it to the test and created a virtual Windows XP Machine. I fully patched the machine (if you don’t keep your machine patched you might as well just install the trojans and viruses yourself) and installed Microsoft Security Essentials (MSE). I then tested the machine using Secunia PSI to make sure I had no vulnerabilities.

I then researched on the Internet about known malware sites and came across a database of sites at MalwareURL. Using these known malware sites I attempted to infect my virtual machine over and over with Malware. Internet Explorer allowed the install to start and MSE blocked the installation. Firefox allowed the download of about 4/5ths and blocked 1/5ths and MSE blocked the installation of the ones that got through. Amazingly, Google Chrome allowed the download of about 1/5th of the programs and the others were blocked by Google Chrome itself.

I am unable to verify the sites that supposedly had keyloggers or viruses that I attempted to install but “supposedly” they were legit. I had a bunch of blocked notices from MSE so maybe they were. Either way I have been completely happy with the program and have replaced using ESET’s Nod32 Antivirus for this free application (not because I would cheap out on security either). So head on over and try it out before renewing your antivirus software again. Also I highly recommend everyone trying out Secunia before I blog about it.

Microsoft Security Essentials

Last week I signed up for and started Beta testing Microsoft Security Essentials (MSE). I am currently running it on a live machine (I was going to do Virtual but was having an issue with hard drive space) so I haven’t been able to test it with live viruses or malware. I plan to overcome this hard drive space issue so that I can continue testing within a virtual environment.

The test that I did use was the Eicars test virus. It’s a known test virus string that is used to test how the antivirus will react to certain situations. So far I am impressed with the way the it reacts. I copied the text into Memory and before I could paste it into a text file MSE already recognized and cleaned the memory. I downloaded the string within a text file and it allowed the download, but upon opening before it would show the string on the screen MSE had already cleaned the file. The responses cleaned the file and left a message on the bottom right of the screen asking for a response to Clean the computer. Very easy to use and notification was sufficient for my use.

Downsides so far include not having the ability to schedule an update. There is a check box to check for updates before running “A” scan, but you can’t configure updates any other way. Also, it only has the ability schedule one scan, and by default that is a quick scan. I personally prefer having a quick scan done nightly and a full scan done weekly but at this time we are unable to configure both. It’s one or the other!

These downsides have already been submitted as feedback via Microsoft’s beta test site. I eagerly await the full release of MSE and feel that it will have a strong impact on the security of Microsoft’s software.

Malware is a portmanteau of the words malicious and software. Often times Malware is associated with spyware and viruses, but can also be used as a means of transporting spyware or viruses onto a computer. Malware is usually installed onto a computer unknowingly to the “end user”, or person using the computer, through security vulnerabilities in a web browser. Other times the malicious software is designed to look and feel like regular software, like Antivirus, but then attacks the computer when ready. Here are a few ways that attackers use malware to their advantage.

Keyloggers: Malware can be used to hide a program that records all the keys pressed on your keyboard and then transmit the data to the attacker unknowingly to the end user. Attackers use this to get credit card information,usernames or passwords, identity theft and anything else that you can imagine that you type on a computer.

Botnets: A botnet is a computer that can be utilized by an attacker how and when they choose. Attackers use botnets to use computer resources, cpu power, memory or bandwidth, for attacking other computers. With a chain of computer resources at their power, attackers can shut down a whole website by flooding it with requests, called denial of service attack, or to use CPU power for cracking passwords. The end user in these scenarios are usually not aware that their computer is infected or being used for malicious purposes.

Profit: Some attackers use malware as annoyances to force an end user to pay the attacker to stop the annoyance, or to steal the end users information. This is probably the most commonly seen type ofmalware , because it is most notably found by having pop ups or system sluggishness all the time. Attackers like to disguise this type ofmalware as antivirus programs (antivirus 2009) or spyware programs and try to deceive the end user into believing that their computer is infected with a virus so that they have to purchase the program to remove it. Once purchased, themalware then silently sits and either collects data or waits until the key expires to pop up again.

The two most common ways to get malware is by security holes in web browsers or by accidental acceptance by the end user. The accidental acceptance usually comes because of a pop up that deceives the end user (i.e. Your computer is infected, click here to scan now) or by a program loop that continually asks you if you want to install and are you sure until you finally click OK.

Preventive measures for not acquiring malware is to be sure to keep your operating system and browsers up to date with automatic updates and by understanding ways that attackers use to deceive the end user. If you end up in a loop, it is better to close your browser (by using the task manager “Ctrl + Alt + Del” or by continually pressing F4 until the browser closes) than to be infected by the malware.

Most antivirus software will not detect malware until its already infected the system and does a poor job of removing it. In my IT experience, I have found a program that does a really good job at detecting and removing malware programs, and that is Malware Bytes. The program is free for detection and removal, and they offer a paid version (one time fee) for doing real time detection and updating so that it is hands free for the end user. I recommend installing it on any computer running Microsoft Windows and doing regular scans as malware today has infected over one in four U.S. computers. (Statistic according to the Organization for Economic Co-operation and Development)

Information derived from multiple sources:

http://en.wikipedia.org/wiki/Malware
Security+ Guide to Network Security Fundamentals