If you will be shopping for a new PC or a Mac for yourself or a loved one this holiday season, you may find this article quite helpful. We do indeed have lots of choices.
Operating Systems Offer New Choices in PC Shopping
Friday, October 30, 2009
Wednesday, October 28, 2009
Windows 7 endless reboot answer evades Microsoft
It seems that there is a problem for some users who attempt to migrate an existing Vista machine to Windows 7. This comes as no surprise, since upgrading in place is always one of the toughest ways to go. It would be prudent to hold off on upgrading Vista to Windows 7 until problems like this one are all corrected.
ComputerWorld Article: Windows 7 endless reboot answer evades Microsoft
ComputerWorld Article: Windows 7 endless reboot answer evades Microsoft
Tuesday, October 27, 2009
Comments
This new blog allows for comments on all posts. Look at the bottom right side of any post and you'll see the word "Comments". To leave a comment on any post simply click on that word and the rest is pretty simple. You do not need to register or enter a userid and password. Just enter your comment. You can even leave anonymous posts, but of course I'd prefer to know who you are.
I welcome any questions or general or specific comments on any and all posts. It would make my blog a much better place for you to visit if I had your comments to help me shape future posts.
Please think about it and then give comments a try.
I welcome any questions or general or specific comments on any and all posts. It would make my blog a much better place for you to visit if I had your comments to help me shape future posts.
Please think about it and then give comments a try.
Monday, October 26, 2009
Rootkits - Be afraid, be very afraid
I had heard of, and read about, rootkits. I have even used some free, standalone rootkit detectors on my own systems. However, I had never met a rootkit until this past weekend, when a customer said her machine had become unusable. I think rootkits came into existence about 5 years ago. This is from a 2005 Computerworld article:
"Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or "rootkits," that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals. The researchers discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms."
The rootkit I encountered over the weekend blocked all of the tools I normally use to attack a virus-, rogue-, or trojan-infected system. I tried Malwarebytes Anti-Malware, Superantispyware, and Spybot. None of these programs would even start. They were completely blocked, as was AVG Free Anti-virus. So I went into Safe Mode (Windows XP) and lo and behold, they were blocked there too! I had never run into such a situation before, and didn't know what I was faced with other than a really tough cleaning job.
I had thought of using 2 approaches: one, a complete reinstall of XP, and two, removing the customer's hard drive, slipping it into an enclosure, and then attacking it as an external hard drive attached to my own machine. Fortunately, I didn't have to do either.
I was so frustrated at not being able to start any of the usual tools, that I kept trying different approaches. It was then that I noticed an option offered by SuperAntiSpyware called "SuperAntiSpyware Alternate Start". Have you ever noticed this option and wondered what it was all about? If you click on START/ALL PROGRAMS/SuperAntiSpyware, a menu appears and one of the entries in the menu is SuperAntiSpyware Alternate Start. I tried this and IT WORKED! I think what the folks have done is to start their program using a fabricated name, and this was not recognized by the rootkit. It's too late to make a long story short, but the Alternate version ran and found and eliminated the rootkit! Thank you, once again, SuperAntiSpyware.
It also found a bunch of viruses and trojans and killed them all. I then ran the vanilla flavor of Spybot and Anti-Malware, and as has been my experience, they both found additional serious problems and fixed them!
At this point the system was completely usable and I was able to continue with a badly-needed cleaning and tuning.
Rootkits have ingenious methods for making themselves undetectable to the operating system, but I also think that they open the door to viruses and trojans, and may even intentionally seek them and allow them to be installed. This belief is based only on this one experience.
I think today's security tools do a much better job at preventing rootkits from getting into our systems, but the hackers are working every day at finding other ways to "get us". So do be afraid, be very afraid. Take the steps I have recommended in this blog, and be careful out there. Just because you are not paranoid does not mean they are not out to get you.
Review my October 16 & March 9 blog posts for my security recommendations.
"Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or "rootkits," that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals. The researchers discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms."
The rootkit I encountered over the weekend blocked all of the tools I normally use to attack a virus-, rogue-, or trojan-infected system. I tried Malwarebytes Anti-Malware, Superantispyware, and Spybot. None of these programs would even start. They were completely blocked, as was AVG Free Anti-virus. So I went into Safe Mode (Windows XP) and lo and behold, they were blocked there too! I had never run into such a situation before, and didn't know what I was faced with other than a really tough cleaning job.
I had thought of using 2 approaches: one, a complete reinstall of XP, and two, removing the customer's hard drive, slipping it into an enclosure, and then attacking it as an external hard drive attached to my own machine. Fortunately, I didn't have to do either.
I was so frustrated at not being able to start any of the usual tools, that I kept trying different approaches. It was then that I noticed an option offered by SuperAntiSpyware called "SuperAntiSpyware Alternate Start". Have you ever noticed this option and wondered what it was all about? If you click on START/ALL PROGRAMS/SuperAntiSpyware, a menu appears and one of the entries in the menu is SuperAntiSpyware Alternate Start. I tried this and IT WORKED! I think what the folks have done is to start their program using a fabricated name, and this was not recognized by the rootkit. It's too late to make a long story short, but the Alternate version ran and found and eliminated the rootkit! Thank you, once again, SuperAntiSpyware.
It also found a bunch of viruses and trojans and killed them all. I then ran the vanilla flavor of Spybot and Anti-Malware, and as has been my experience, they both found additional serious problems and fixed them!
At this point the system was completely usable and I was able to continue with a badly-needed cleaning and tuning.
Rootkits have ingenious methods for making themselves undetectable to the operating system, but I also think that they open the door to viruses and trojans, and may even intentionally seek them and allow them to be installed. This belief is based only on this one experience.
I think today's security tools do a much better job at preventing rootkits from getting into our systems, but the hackers are working every day at finding other ways to "get us". So do be afraid, be very afraid. Take the steps I have recommended in this blog, and be careful out there. Just because you are not paranoid does not mean they are not out to get you.
Review my October 16 & March 9 blog posts for my security recommendations.
Subscribe to:
Posts (Atom)