Security & Privacy

I feel so special - I got an email from Robert S. Mueller III, Executive Director of the FBI. Amazingly, it appears that the Bureau is aware that I’ve been contacted by the Central Bank of Nigeria, and they felt compelled to protect my interests and investigate the contracts and related fund dispersal promised by the bank in payment for the rendering of some unspecified services.

This is good news indeed, since I didn’t even know that the CBN owed me $10,000,000.00, and now not only do I know about it, but I can rest assured that the FBI has already confirmed for me that the fund transfer is legitimate, and they will closely monitor the transfer. All I have to do is contact the CBN using the phone number and email address that the FBI has so thoughtfully provided, and follow their instructions expediently.

Seriously, does anybody fall for these scams anymore?

What is hosted email security?

Hosted (outsourced) email security is a service offered by 3rd party providers which handles the scanning of inbound (and sometimes outbound) email messages. Following the trend toward SaaS (Software as a Service), or “Cloud Computing” as it is becoming known, hosted email services handle such things as spam filtering, virus and other crimeware removal, phishing protection, etc.

Recent Growth and Projections

The last several months have seen spending on outsourced email hosting and security grow at the substantial rate, primarily among small to medium sized businesses. The growth rate within larger corporations (greater than 2500 users) is smaller but also increasing measurably. According to IDC, The Radicati Group, and other analysts, these growth rates should continue to accelerate over the next few years, exceeding an estimated $2 billion by 2012. This represents a 40% growth in the number of seats over today’s figures.

Already, about 5% of SMB users are utilizing hosted email security solutions, a figure expected to grow to 9% over the next few years.

Advantages to SMBs - Reasons for Growth

A variety of reasons are cited by researchers and subscribers for outsourcing email security, but the main ones are:

• Lower Network Resource Requirements: Spam entering a company’s network incurs bandwidth and storage costs, even if it’s caught in spam filters. Outsourced spam filtering solutions only allow legitimate email to enter the network.
• Fewer Maintenance Costs: The costs of acquiring, configuring, and keeping spam filters up to date can be extensive for in-house solutions, especially when you include the cost of the admin’s time.
• Malware Protection: While an outsourced solution shouldn’t replace in-house virus scanners, keeping up with the latest threats becomes the burden of the solution provider for email. These companies often employ up-to-the-minute malware updates and multiple scanning engines.
• Business Continuity: Should a company’s own network fail or become compromised, the external service provider can queue their mail for a period of time, until their Disaster Recovery Plan is executed (you do have a DR Plan, right?).

Reservations

Not everyone is jumping on the bandwagon. The biggest concern expressed by potential customers is the perceived security and reliability of the service providers’ network. However, research done by NetworkWold indicates that many of these providers maintain infrastructures more robust and secure than that of most of the enterprises they serve. Another issue is the concern for the safety of confidential information being in the hands of an external agency, which is why most subscribers only use these services for inbound email, even though some providers offer outbound filtering as well.

Outlook

As IT departments strive to cut costs while maintaining service levels, more will be looking at the ROI offered by outsourced security solutions.

Legendary writer and author Jerry Pournelle sent me an email! OK, so I’m a subscriber on his website and he sent it out to everybody, but still, I thought it was cool. The message was a warning about the fact that malicious hackers had compromised the online job boards and were selling their services to spammers and scam artists. Monster.com, hotjobs.com, and other mainstream job boards are affected. You can get the details here.

I became a fan of Jerry’s writing in the ’80s when he was a columnist for BYTE Magazine. This was back when magazines printed a lot of useful technical information, hacks, program listings, and electronics projects. A fellow programmer was a subscriber, and introduced me to the magazine, and particularly “Chaos Manor,” Jerry’s column. When BYTE was sold to another publisher, it’s format turned more to product reviews and coverage of the IT business industry. In other words, it became geared more for managers with IT budgets and less for programmers, hobbyists, and end users. Not long after that the magazine ceased publication altogether.

I missed Jerry’s anecdotal accounts of his struggles with technology. He did product reviews too, but always from the first-person perspective of a non-technical person (an author) actually trying to implement, rather than just cover, the products. His often humorous tales were always informative and entertaining. I was delighted when I discovered a year or so ago that Jerry was still writing his Chaos Manor Reviews, as well as Other Musings. I should have known that his talent and desire (need?) for self-expression would have steered him toward the online publishing world, and was chagrined that I hadn’t thought to search on his name sooner.

Several months ago I wrote an article for a Helium Marketplace publisher.  My submission was not selected, but I find that it is one of my more popular articles on Helium (definitely in the top 3), so I thought I’d share it here.  Please read How to find out what’s running on your PC (and why this is important).  Let me know how you like it.

The other night I spent about 2 1/2 hours at the house of a friend, trying to free his PC of some particularly nasty malware, SpyGuarder and Vista AntiVirus 2008. Both are classified as rogue anti-spyware programs. This type of malware attempts to trick you into buying their full versions by running free scans with a trial version, and showing you all sorts of viruses, trojans, keyloggers, etc. with which your system is supposedly infected. They then offer to remove all these infections if you’ll just click the link and upgrade to the full version of their program, which of course, costs money. There are a number of problems with both these programs.

1. Your system doesn’t really have the infections these programs claim. Or to be more accurate, they have no way of knowing one way or another, since the so-called “scans” they do are completely fake. Nor could they remove the infections if you did have them, since they do not actually fight spyware or viruses, but are likely to install some of their own. Of course, if you elect to do this, future scans will say that your system is now clean.
2. These programs are obnoxiously persistent. Any attempts to cancel the scans, close the windows, or kill the processes just result in another process being launched.
3. These programs prevent legitimate anti-spyware programs from installing and running. Generally, when trying to clean spyware out of a system, one of the first things I do is install and run Adaware from lavasoft. Vista AntiVirus 2008 would not let me install it, popping up a fake system message saying basically that the Administrator for the PC has configured it to disallow “installations of this type.” Spybot Search & Destroy did work, but did not remove the two nasties I was dealing with. SpyGuarder similarly prevents the task manager from launching, claiming that “Task Manager has been disbled by your Administrator.”
4. The presence of either of these programs indicates that you may have the zlob or other dangerous trojans.

No doubt some of you would have advised me to run various legitimate anti-malware applications like SpyHunter, which can apparently automate the removal of SpyGuarder and Vista AntiVirus 2008. Pride and miserliness made me opt to do it by hand, which I did with the help of instructions found here and here.

Vista AntiVirus 2008 has several other identities, all which do the same bad things to your system, such as Windows Antivirus 2008, Windows AntiVirus Pro, etc. These, as well as SpyGuarder, are advertised on professional-looking web sites, and give the appearance of being the most advanced anti-malware products on the market. Do not be fooled, do not install either of these products - the commercial or the free versions - on your computer under any circumstances. If you find you have been infected with either of these anyway (it’s possible to pick them up via “drive-by” infection), take steps to remove them immediately.

Added 7/1/2008: I had to go back and remove yet another fake security program. His commercial virus protection had long since expired, so I installed AVG Free, which found and removed about a dozen viruses and trojans, but then his desktop and taskbar disappeared. After searching around on the internet, I found that Malwarebyte’s RogueRemover Free is a great free tool which completely fixed the desktop problems and removed some additional adware / spyware. It will definitely be joining Adaware and Spybot Search & Destroy in my arsenal.

Anyone who’s used a personal computer for more than a week or two has undoubtedly noticed a gradual decrease in performance. There can be a number of causes for this, and a number of steps you can take to recover this lost performance. There are also a few preventative measures that can help keep your computer running at top efficiency.

Spyware and Adware - sources and removal
Spyware and Adware are two types of malicious software (AKA malware) that infect PCs. Spyware collects information about a user’s surfing habits, purchasing preferences, etc. and sends it to marketing agencies. Adware presents unwanted advertisements to the user. The source of infection can be email attachments or files downloaded from the internet disguised as or embedded within useful software. Some adware and spyware can also be picked up simply by surfing to certain websites.
Removal is usually accomplished with the aid of utilities written for this purpose. Spybot Search & Destroy and Adaware are two long-standing products which offer free versions for personal, home use. Some objects embed themselves so deeply within the operating system that free tools cannot completely remove them. For those, or if you’re running in a corporate environment and want continuous updates and real-time protection, consider a commercial offering.

Unnecessary Services and Processes
The default installation of Windows(c) configures a number of services that run automatically whenever the system is booted, many of which are never needed by the majority of users. Stopping these processes and preventing them from running can free up significant memory and CPU utilization. There are utilities that can make the job of identifying and disabling unnecessary processes easier. Some of this can be accomplished using Windows’ services interface. Getting to this interface differs between versions of Windows, but it will be similar to this: Start->Control Panel->Administrative Tools->Services. Here you will see the list of installed services. For each one you don’t want to run automatically every time you boot up, right-click on the name and select ‘Properties.’ In the dialog box, set the Startup Type to ‘manual.’ If you’re sure you never want the service to run (for example, if you suspect it is some kind of malware), set it to ‘disabled.’ You can always change it back to ‘automatic’ if you experience problems. Once you’ve finished setting the startup type on any services you’ve modified, you should reboot your computer. Simply stopping a service does not always completely free up resources that may have been reserved. The following are some services that are rarely needed by most users: Messenger Service (has nothing to do with instant messenger (IM) software), Remote Registry Service (do you ever need to edit your registry from a remote location?), Error Reporting Service (pops up the annoying “notify Microsoft about this bug” every time something crashes), Alerter (no need for this), Fast User Switching Compatibility (even with this disabled, you can still log off and log back on as someone else), Telnet (if you must enable a command-line log on from a remote location, use a secure shell (SSH) service instead).
There are other services which you may be able to disable, and there are other (non-service) processes that may be started by Windows. You can see which processes are running on your system by running the task manager (Ctrl-Alt-Del -> Task Manager) and selecting the Processes tab. These are started from registry entries, items in the Startup folder, and a number of other sources. With the task manager you can kill any of these processes (if you know which ones should be killed), but unless you find out where they’re coming from and remove the source, they will automatically restart. All these processes (including the services) can be managed with a program called Wintask 5 (liutilities.com). This tool gives you access to one of the most complete process libraries available, with the ability to identify, remove, or block undesirable processes. It costs about $30.00, but a free trial can be downloaded from the company’s website.

Optimize the Hard Drive(s)
Most people realize that they have to defragment their Hard Drives periodically or disk performance will suffer. Windows’ built-in defragmenter does an adequate job of defragmenting most files, but it has it’s limitations. Certain system files (including the registry) won’t be defragmented. Also, with this utility running, you can’t use your system for anything else. This program is actually a ‘light’ version of Diskeeper (diskeeper.com), which also comes in commercial flavors starting at about $30.00. For that price you get more efficient and complete defragmentation which can work in real-time, utilizing unused CPU cycles (so it doesn’t slow your system down).

Clean the Registry
The last thing I generally do when optimizing a system is to clean / optimize the registry. This removes references to obsolete objects and redundant entries, and repairs broken links. Again, this is accomplished with a utility. Remember to back up the registry first by using the File->Export menu option in the registry editor (regedit). The best type of utility for cleaning the registry is one that can defragment as well as clean it, something like RegistryBooster 2 (liutilities.com).
All of these optimization steps either require a utility or can be made easier with one. You can acquire free utilities or commercial variants. If you’re going to consider commercial software, you can save money by buying a suite. You can usually pick up a package deal for significantly less than the cost of individual components. Some, like PowerSuite from UniBlue, will also analyze and set the optimum parameters for your systems memory, CPU, and network configurations. Note that Powersuite includes a task manager, spyware removal and protection, and the RegistryBooster 2 registry cleaner, but alas, it does not include disk optimization.

Two of the worst causes of problems in personal computers these days is the prevalence of spyware and adware. Spyware and adware are types of malicious software (AKA malware) that infect PCs. Unlike other malware like viruses and trojans, spyware and adware don’t exist to cause damage directly, but to collect information about a user’s surfing habits, purchasing preferences, etc. and send it to marketing agencies (spyware), or to serve advertisements to the user, often making them appear as if they are normal pop-ups encountered while surfing the web (adware). Both these types of malware consume CPU cycles, memory, and network bandwidth, causing degradation in system performance and stability. Severe infections can make surfing the internet impossible or even render the entire system unusable. On top of that, spyware serves as an invasion of privacy, because the data collected can be used not only to target you with unwanted advertising, but quite possibly with identity theft as well.

The source of these infections can be email attachments, or files downloaded from the internet disguised as (or embedded within) useful software. Some adware and spyware can also be picked up simply by surfing to certain websites.

Removal of this type of malware is usually accomplished with the aid of utilities written for this purpose. There are free and commercially products available, each with their own set of strengths. Spybot Search & Destroy (safer-networking.org) and Adaware (lavasoft.de) are two long-standing products which offer free versions for personal, home use. Running scans with both these products, one after the other, will allow you to effectively remove most malware. Some objects however embed themselves so deeply within the operating system that free tools cannot completely remove them. There are a number of other tools available for dealing with these nefarious objects, each customized for the particular type of infection they’re designed to combat. For example, CWShredder (us.trendmicro.com) was designed to remove a rather insidious form of web browser hijacker, which redirects your searches, changes your home page, and creates bookmarks to other sites. Another tool for combatting hijackers and other malware is hijackthis, also from TrendMicro. Both of these tools are for experienced, technical users. You have to know specifically what you’re looking for. This is especially true of hijackthis, which will happily let you remove components that are actually quite critical to your system.

For these infections that are harder to find and kill, or if you’re running in a corporate environment and want continuous updates and real-time protection, you should consider a commercial offering. Adaware Pro sells for $39.00. The cost of the corporate edition of Sypot S & D is not given on their website.

An ounce of Prevention
A strictly commercial product (with a free trial) is >SpyEraser 2 from Uniblue ($29.95, uniblue.com). In addition to the ability to remove most spyware and adware, it offers real-time, continuous protection against becoming infected in the first place, and automatic daily updates. A free scan of your system is available from their website, as is an award-winning process library that can help you identify potentially dangerous processes that are running invisibly on your system.

Whether you decide to collect a set of free utilities or take the plunge and purchase a product depends on your level of expertise, the amount of free time you have to investigate and learn to use the various tools, and if you want or need the technical support that comes with a commercial product. In any case, it should be clear that you have to do something to combat spyware and adware on a regular basis if you want to keep your system running efficiently.

As reported a few months ago, I wrote a series of articles for an anonymous Helium Marketplace publisher related to PC Optimization. Well, they bought one - an article written ‘on spec’ about the benefits of a paid-for registry optimizer. Since I had an inkling that the publisher is Uniblue software, I made sure to mention their product. I did not mention it in the article, but my choice for free registry optimizers is CCleaner. Aside from that omission, the article has valid information concerning features to look for in a registry cleaner. An excerpt follows. For a limited time, the article can be read in it’s entirety. Once Uniblue publishes it, it will be removed from Helium, since they bought exclusive rights to the content.

---

This content was removed per the purchase agreement.  The original article can be read here, with someone else’s byline.  They can do that because they purchased exclusive rights. –Jp

This article was originally published by Triond on their web site ComputerSight. I thought it was time to reprint it here, so it appears below in its entirety.

---

Configuration Management (’CM’ hereafter) means a lot of different things to different people. Weighty tomes have been written describing the goals, policies, procedures, benefits, pitfalls, and a variety of definitions of CM. One recent CM plan I worked on is a 20-something page document attempting to detail this information and how it relates to the client’s projects.Most of the information available can be boiled down into 4 key concepts, or what can be called the 4 cornerstones of great CM. These concepts represent ideals. The challenge is in the implementation, so that the policies, procedures, and utilities developed support these ideals, or at least the intent behind them.

1. Version Control : Everything is maintained in a Version Control tool like Serena’s. Some agreed set of items (Configuration Items, or CI’s for short) stored within the tool represent baselines. In other words, they are the set of revisions currently in production. They are not necessarily the most recent revisions.Builds intended for deployment to any post-development environment (QA, Test, Prod, whatever) are always pulled from Version Control, and never copied directly from a development environment.
2. Separation of Duties and Least Privilege : Actually, these are two principles lumped together because Least Privilege is not possible without Separation of Duties, and Separation of Duties is pointless without Least Privilege. The former simply means that no single person has independent responsibility over more than one area of a system.For example, developers change code, perform unit test, etc., but do not deploy or promote such code to any non-development environment. CM people promote code, but do not develop applications, nor do they approve code changes made by developers (although they may participate in code reviews).
   DBAs have database privileges, but don’t develop application code nor act as system admins. And so on. The Least Privilege principle simply states that no person or running process has more access or system privilege than they need to perform their normal duties or functions at any point in time.Access or privilege for either people or processes can temporarily be increased during the performance of some activity as necessary, then immediately restricted again. Policies implementing these controls make allowances in both these principles for emergency situations.
3. Auditing : CM personnel periodically conduct audits of applications, systems, and procedures. Any updated application software or configurable item should be traceable to an approved change request, as well as through the entire set of existing quality control, tech review, and change control procedures.This includes not only application executables but database configurations as well. All items are compared with their baseline counterparts in the Version Control repository (ie; the revisions marked as ‘Production’). Discrepancies are reported as non-compliance issues and investigated, and will generally lead to procedural changes designed to eliminate future non-compliance.
4. Automate, Automate, Automate : This one is an over-riding theme for how we accomplish all this with limited resources. Checking items out of and into Version Control should be quick and painless, and integrated into development IDEs (Interactive Development Environments) if possible. Code promotions are scripted. Database changes are scripted. Auditing utilities are scripted.These scripts themselves are subject to review and kept in version control. Tying it all together gives us reliable, secure systems built with verifiable, repeatable and efficient processes.

The RIAA’s Investigators Operating Illegally?

The Recording Industry of America Association (RIAA) is the agency trying to enforce copyrights by suing suspected file sharers. They employ MediaSentry for the forensic examination of the computers owned by suspected violators, which opens up for scrutiny not only shared music, but any personal information stored on the PCs. Recently, MediaSentry has come under fire for conducting such examinations for evidence to be used in court cases without having Private Investigator (PI) licenses. Massachusetts has ordered them to cease operations there until they obtain the proper licenses. Several other states have issued various statements and warnings, including Michigan. This gives defendants the possibility of getting evidence disallowed in their trials, and opens the doors for recriminations from past defendants who settled out of court based on evidence that may not have been legally obtained. So far, MediaSentry has taken the stance that their role in the investigations does not require a PI license. This story bears watching closely. If anyone challenges the evidence gathered by MediaSentry, and it follows that they have to obtain PI licenses going forward, how many counter-suits from past cases will suddenly be filed by defendants who settled out of court on the strength of evidence that would not have been admitted in court?

Courts Can’t Force You To Reveal Your Passwords and Encryption Keys

Another case making headlines lately involves a Grand Jury’s attempt to order a defendant to reveal his encryption password so that prosecutors could assess the files on his hard drive. It turns out that passwords and encryption keys are protected under the 5th amendment, which basically prohibits the forcing of defendants to testify against themselves. A federal Magistrate ruled the Grand Jury’s subpoena unconstitutional. The government has appealed. If the suspect - a Canadian with U.S. residency by the name of Sebastien Boucher - is actually guilty of child pornography, I hope the government finds enough evidence to convict him without violating his 5th amendment rights.References:

• www.law.com reported on passwords and the 5th amendment.
• recordingindustryvspeople.blogspot.com brought the MediaSentry story to light.
• bloggernews.net - discusses the implications of the RIAA’s investigators operating illegally in certain states.

---