If your software garbles this newsletter, read this issue at WindowsSecrets.com.
| YOUR NEWSLETTER PREFERENCES Change Delivery address: sekhargreen@gmail.com Alternate address: Locale: India 713215 Reader number: 41838-13269 |
|
Windows Secrets Newsletter • Issue 181 • 2009-01-15 • Circulation: over 400,000 |
AD
|
Table of contents TOP STORY: Has your PC become a spammer's botnet zombie? KNOWN ISSUES: Downgrading Vista to XP is possible ... maybe WACKY WEB WEEK: I'd eat an apple a day to keep this doctor away! LANGALIST PLUS: Determine your PC's true memory ceiling BEST SOFTWARE: Prevent your system from becoming infected PC TUNE-UP: Google search results lead to browser hijackers PATCH WATCH: Critical patch for Windows file-sharing bug |
You're receiving only our free content. Use the following link to upgrade and get our paid content immediately: |
ADS
|
TOP STORY Has your PC become a spammer's botnet zombie?
Last November, a provider of Internet connectivity named Hurricane Electric pulled the plug on hosting company McColo. Immediately, the worldwide volume of spam dropped a whopping 65%, according to some estimates. As explained by Brian Krebs in an article at WashingtonPost.com, Hurricane — one of the two companies McColo depended on for its Internet connection — took the action after the newspaper informed the provider of McColo's role in hosting all sorts of Internet bad guys. According to Krebs, McColo's clients included "international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products, and child pornography via e-mail." The spam reduction held for a couple of weeks before rebounding, according to a Nov. 26 story at InfoWorld.com. McColo's servers didn't send out the spam themselves. Instead, they provided the command and control for a vast network of PCs infected with malware. A collection of hacked PCs that have been turned into automated spamming machines is known as a robot network or "botnet." Security professionals name these botnets after the malware that runs them, which include Asprox, Rustock, Cutwail, and Srizbil. The malware creators rent their botnets to spammers, who in turn use the control servers to coordinate the transmission of huge amounts of junk mail, as explained in another Washington Post story. Your computer could be a spam zombie and you might never know it. And if you think your security software is keeping your computer safe from botnet slavery, you'd better think again. A recent study by security firm FireEye revealed that antivirus products detect bots less than half the time. The study tested AV programs using Virus Total's free malware-scan service; consult that site for a list of the AV products tested. Your four-step spambot-safety program What can you do to prevent becoming a botnet victim? Although there are no perfect solutions, the following actions will help prevent your system from being compromised. (My thanks to the security blog written by Wiz Feinberg for many of the tips.) Step 1: Keep your security products up-to-date. Although the FireEye study found little protection against bots from antivirus products, the study's author, FireEye chief scientist Stuart Staniford, did note that "AV works better and better on old stuff — by the time something has been out for a couple of months, and is still in use, it's likely that 70% to 80% of products will detect it." Update your antivirus program regularly with the latest patches and virus definitions; even if the app doesn't catch the latest bot, your AV protection will reduce your risk of catching older malware still circulating around the Internet. Step 2: Use a software firewall. By carefully monitoring your Internet connection, you'll reduce your risk of infection by botnet malware. By default, the firewalls built into Windows XP and Vista monitor only incoming connections. The firewalls can be configured to monitor outbound traffic, but doing so is technical and problematic for most users. The differences between the firewalls in XP and Vista are described in this Microsoft TechNet article. Many free, third-party software firewalls are bidirectional. Third-party firewalls sometimes require updates after you install Patch Tuesday fixes from Microsoft, but the added functionality of these firewalls can make this inconvenience worth living with. WS senior editor Ian "Gizmo" Richards describes the best products in his July 31, 2008, column. Step 3: Get a free diagnosis. Some security products are intended specifically to combat the botnet plague. For example, RUBotted is a free utility from Trend Micro that sits quietly in your system tray and monitors suspicious activity (more info). If the program spots an infection, it alerts you to take action. The program is currently a beta, but it worked fine for me. According to a post by security blogger Feinberg, RUBotted encourages you to scan your system with Trend Micro's free HouseCall online virus-scanning service, which detects and removes many malware infections. Note that on my system, RUBotted uses 8MB of RAM. Figure 1. Scan your system with Trend Micro's RUBotted to ensure that your PC is bot-free. Full disclosure: Feinberg's blog is sponsored in part by RUBotted's manufacturer, Trend Micro. But I don't consider this to be an argument against using RUBotted. Step 4: Try Norton AntiBot. Another bot-specific security product is Symantec's Norton AntiBot (more info). This $30 program claims to monitor, detect, and remove bots before they can cause harm. Norton AntiBot uses behavioral analysis rather than definitions for specific bots and received an Editor's Choice award from PC Magazine in 2007. Security sites such as Marshal continue to report spam-bot activity. The buggers are delivering junk mail, malware, and other odious data to millions of victims. By using the above bot-prevention tools and techniques, you'll reduce the chances that your machine's a spammer's helper.
|
ADS
|
KNOWN ISSUES Downgrading Vista to XP is possible ... maybe
Last week's Top Story on Microsoft's decision to extend yet again the deadline for buying a PC with Windows XP installed caused many readers to wonder whether they could dump their copy of Vista in favor of its predecessor. Reader Jim Harvey put it this way:
Even if you installed a retail version of Vista on an XP machine, you have to purchase a new copy of XP to revert to that OS. Fortunately, OEM versions of XP Home and Pro cost as little as $90 and $120, respectively, online. (Note that OEM releases can be installed on only one system and come with zero support from the vendor.) Computerworld's Gregg Keizer describes the XP-downgrade limitations and offers step-by-step instructions for making the Vista-to-XP switch in this FAQ. Other places to look for missing disk space Fred Langa's Jan. 8, 2009, column (paid content) described several ways to recover hard-disk space. Reader Kevin Kleinhomer wrote in to remind us of a couple of other tools that might help track down the missing bytes.
chkdsk x: /r The x represents the letter of the drive you want to check, and the /r switch instructs the utility to repair errors, find bad sectors, and recover whatever data it's able to. Microsoft's Help and Support site provides complete instructions for using the Chkdsk utility in article 315265 (the article specifies XP, but the information applies to Vista as well). Scott Spanbauer reviews several free tools for detecting and removing rootkits in his May 22, 2008, Best Software column (paid content). Go to the source for a copy of Ubuntu on disc The rap on Linux — at least among Windows users — has long been that the alternative OS is too difficult to install and use. Scott Spanbauer's Jan. 8, 2009, Best Software column (paid content) described the free Wubi installer utility for the Ubuntu distribution of Linux. Reader Howard Harner points out that you can also get a free copy of Ubuntu on disc, if you're patient.
|
ADS
|
WACKY WEB WEEK I'd eat an apple a day to keep this doctor away!
|
PERMALINKS Use these permalinks to share info with friends We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.) The following link includes all articles this week: http://WindowsSecrets.com/comp/090115 Free content posted on Jan. 15, 2009:
You get all of the following in our paid content:
Thanks in advance for your support! |
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Mark Joseph Edwards, Stuart J. Johnston, Woody Leonhard, Ryan Russell, Becky Waring. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. YOUR SUBSCRIPTION PREFERENCES (change your preferences): Delivery address: sekhargreen@gmail.com Alternate address: Country: India ZIP or postal code: 713215 Reader number: 41838-13269 Bounce count: 0 Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0. To change your preferences: Please visit your preferences page. To access all past issues: Please visit our past issues page. To upgrade your free subscription to paid: Please visit our upgrade page. To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link. To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours). HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe sekhargreen@gmail.com from the Windows Secrets Newsletter,
|