Volume 5, Number 12

December 2008

Special Holiday Edition Editor’s Note: (Wyman): This year’s Special Holiday Edition presents a comprehensive security strategy that ordinary computer users can follow, from plugging a computer into the outlet and connecting to the Internet, to keeping out the Bad Guys and preparing for disaster.

The Ten Dumbest Things People Do to Mess Up Their Computer #1: Plug into the Wall without Surge Protection All it takes to destroy your computer is an ordinary power surge coursing through it. There is no need for a raging electrical storm. Anything that interrupts the power flow to your computer and then starts it again abruptly can fry your system. Something as simple as turning on an appliance that's plugged into the same circuit (e.g., a hair dryer, electric heater, or air conditioner) can cause a power surge. Digital devices, like computers, printers and scanners, are especially vulnerable to surges. Even if your lights go out for just a minute and then come right back on, that could create a surge big enough to bring your system to its knees. And if you haven't backed up your files (see #10 below), your email and files could be gone forever. You can protect your computer, printer, scanner, and other components against damaging power surges by using a computer-grade surge protector. Cheap surge protectors may not respond quickly enough to save your computer, and are only good for one surge. Then you'll have to buy another one anyway. An uninterruptible power supply ("UPS" or "battery backup") is even better. It provides surge protection, and in an outage keeps power flowing for long enough (usually 10-20 minutes) so you can save that file and do a normal shutdown. Better UPSs will even shut down your computer for you before the battery is exhausted, and reboot your computer automatically when the power comes back on. #2: Surf the Internet without a Hardware Firewall and a Software Firewall Many home users plug their computers directly into their new cable or DSL modem and hop right onto the Internet, never stopping to think about the risks they are taking. Every Internet-connected computer should be protected by a hardware firewall. Don’t assume that one is built into your broadband modem or router -- check it out with a technician. Firewall appliances can be inserted between the modem/router and your computer. Every Internet-connected computer should also be protected by a two-way (incoming and outgoing) software firewall that can ward off any threats that get by the hardware firewall. Windows XP only has a one-way software firewall (incoming): that's not good enough anymore. Replace it with a better one. Windows Vista has a two-way firewall built in, but by default it only works one-way (incoming). You have to enable the twoway mode. Make sure you do that. That holds true for Mac OS X, too. A special note of caution for laptop owners. Whether you are on the road, staying at a hotel, or just down the street having a cup of coffee, think twice before you connect to SANS OUCH! Volume 5, Number 12 

Page 1 

someone else’s network. Do you know if it even has a hardware firewall? Especially on a wireless network, you might be sharing the safe zone created by the firewall with a dozen or more other computers, and who knows what nasty stuff might be loose on them? All the more reason to make double-sure that your laptop has a two-way software firewall installed and providing maximum protection. #3: Turn off the Antivirus Because It Slows Down Your System Antivirus programs can be a pain in the neck. Sometimes they block an application you want to use. Sometimes you have to disable them to install new software. They have to be updated on a regular basis. The software costs money, and then you have to pay more money for the update subscription, which is forever prompting you to renew it. Worst of all, it can slow down your system -- or at least appear to -- which prompts many users to shut it off or uninstall it altogether. "Wow! Now my computer is faster, and as far as I can tell, it's working fine without it." Famous last words. Good-quality antivirus software detects and neutralizes thousands of varieties of viruses, worms, Trojans, and blended-threats. If just one of those nasties makes it on to your computer, not only will your data be toast, but the same nasty can spread from your computer to other computers with disastrous results for family members and co-workers. If you are convinced that your current antivirus is bogging down your computer, don't turn it off. Instead, consider installing a more efficient product. Better yet, shop around for a computer security suite: antivirus, antispyware and a two-way software firewall rolled into one package. This will save you money and installation work, while protecting your computer against a variety of threats. If you aren't sure what to buy, talk with a computer security consultant, read reviews online and in magazines, or call the technical support line provided by the manufacturer of your computer. And don't forget about phishing protection for your browser. Internet Explorer 7 has a phishing filter built-in; make sure it is enabled. FirePhish, an antiphishing extension for Firefox, is a free download. #4: Install and Uninstall Lots of Programs, Especially Freeware Some computer users are perfectly happy with the software they've used for a long time. They even resist getting newer versions because it requires re-learning how to do things in a different way. For them, the computer is only a tool, and as long as the tool gets the job done, it's fine. Other people, the “Power Users,” insist on having the “beta” version -the pre-release version -- as soon as it comes out. Beta software is an experimental version of a new program, still under development, and not yet for sale, but which contains “new software or new features and enhancements of existing software.” Some of those may still be untested and unproven, but that adds to the adventure. Betas are usually free, and sometimes "unstable", but they hold the promise of greater things to come that you can try out before other people. There are also many freeware and shareware programs marketed by their authors directly on the Internet as downloads: antivirus programs, screensavers, Web accelerators, smiley faces for email, games, utilities to undelete your files, and music and videos. And every SANS OUCH! Volume 5, Number 12 

Page 2 

now and then, eager computer enthusiasts succumb to the temptation of grabbing up bootlegged software. So, where's the harm? Everywhere. The more freeware/ shareware programs you install, the more likely you are to run across one that includes malicious code, or interferes with the security software on your computer. Bootlegged software may come on an infected CD or DVD, or be stored on a download server that has been compromised. Pirates are notorious for their lack of caution and sympathy. OK, so you install only licensed, commercial software products -- lots of them. Different problem, same risk. Too many installations and uninstallations can foul up the Windows Registry or another operating system component, and along with that, your security software. Sometimes uninstallers don’t remove every component of a program. Processes may still be running in the background, and those may create security holes now or in the future. Obsolescent software often contains vulnerabilities and security holes that its manufacturer knows about, but is no longer interested in plugging. When that happens, a familiar, trusty program can become a security risk. #5: Keep Your Hard Drive Full and Fragmented Have you checked the free space on your hard drive recently? You may be surprised to find that it’s filling up fast. Why is your disk getting full? Downloading has become an everyday part of using a computer. Thanks to high-speed Internet connections, we can send and receive email attachments quickly and easily with pictures and videos that eat up hundreds of megabytes (millions of bytes) of space. Improvements in hardware and to the Web have transformed computers into all-purpose, networked, multimedia devices. Few ordinary computer users are aware that when they watch a video “online,” some or all of it is stored on their hard drive, temporarily or permanently occupying gigabytes (billions of bytes) of storage space. Operating systems and software programs require patching and updating to keep your computer safe. That’s more downloading and more space used up. New versions of software programs and operating systems with more features and improved security all require more storage space. Many programs create unseen temporary files and need extra free space on the disk to operate. That’s the space problem, but not the whole problem. The more you download and the more software you install, the greater the risk that some kind of malware (viruses, worms, and spyware) will find its way onto your computer. And while it may look like there should still be space left on your hard drive, little or none may actually be available. Your computer may slow down or start crashing. Even worse, programs and processes essential for maintaining its smooth operation may become erratic or not work at all. What began as a storage space problem has turned into a security threat. Every time you install and uninstall a program or add and delete data of any kind, your hard drive becomes “fragmented.” Disk fragmentation occurs because of the way information is stored on a hard disk: when you save something for the first time, it’s all stored in one place, in one piece, as one continuous file. Later, if you open that file, edit or change it, and save it again, part of it will often be saved in one place and the rest in SANS OUCH! Volume 5, Number 12 

Page 3 

another place on your hard disk. That makes the file “fragmented”—divided up into pieces. The next time you open that file, your system won’t find both pieces in one place. It has to hunt around several places on the disk to retrieve all of the file’s pieces. Every time you open, edit or change and save a file, the number of pieces will go up, and opening the file will take longer. If that file happens to be part of a program, the program will run more and more slowly. A badly fragmented disk can cause your system to slow down or crash, restrict the amount of storage space available, and eventually make your data irretrievable. Some tips. Keep an eye on how much free space is available on your hard drive. In Windows, right click on the “C” drive, and ask for the Properties. On your Mac, click once on the hard drive icon, and pick “Get Info.” If there’s less than 20% space free, consider deleting some of your files -- and don’t forget to empty the recycling bin -- or providing additional storage space. Defragment your hard drive regularly, at least once a month. For Windows XP, you can use the built-in Defragmentation tool. Run Disk Cleanup at the same time to delete temporary and other unneeded files. Consider installing an inexpensive third-party utility, like Executive Software’s Diskeeper, to automate both. Mac users: You may have heard that OS X “defragments automatically,” so you don’t need to. That’s 50% true. OS X does a good job of defragmenting your files automatically, but it does not defragment your hard drive. Consider installing a utility, like Onyx or iDefrag, to keep your disk optimized automatically. #6: Open All Email Attachments Email attachments are a temptation, like getting an unexpected package in the mail. You just have to peek inside to see what’s in it. Unfortunately, that file attached to your email message could contain malicious code (malware) that will delete your files, mess up your system folder, or send malware to everyone in your address book. But aren’t some attachments “safe to open?” Glad you asked. Welcome to the OUCH! Special Holiday Edition Attachment Quiz. “True” or “False” – Test Yourself a. You should never open any attachment that ends in “exe” or “cmd” or “dll.” Answer: True. These types of files, among others, contain “executable code”—programs that can run by themselves and may contain a malicious program that will wreak havoc with your computer b. Attachments ending in “doc” or “xls” or “ppt” don’t contain any executable code (see #1 above), so they are safe to open. Answer: False. Malicious code can be embedded in these types of files (Word, Excel and PowerPoint, respectively) as macros. While macros can’t run by themselves, if you have Word, Excel or PowerPoint installed on your system—and who doesn’t?—they’ll automatically use that program to run. So, if you open the attachment, the damage will be done. SANS OUCH! Volume 5, Number 12 

Page 4 

c. Attachments ending with “txt,” “gif,” ”jpg,” or “bmp” are safe to open. Answer: False. It used to be that you could assume plain text or graphics attachments were safe, but not anymore. File names and extensions, like email addresses, can be spoofed. Attackers take advantage of the default setting in Windows that doesn’t display common file extensions (like txt) to disguise the type of file in the attachment. For example, a file with the full name “obama.jpg.exe” would contain executable code (See #1 above.). But that name appears in Windows as “obama.jpg.” Think it’s just a harmless picture of the President-Elect? Could be, but it could also be a malicious program in disguise. d. You should open attachments only when they’re from someone you know. Answer: False. A favorite tactic of spammers and other Bad Guys is to “spoof” return email addresses, making it look as if the mail came from someone else. A clever Bad Guy may even figure out how to get the name and email address of someone you know and use them. e. You should open an attachment only when it’s from someone you know and you are expecting it. Answer: False. Let’s say that the attachment was sent to you by a good friend or trusted co-worker who has no intention of doing harm to your computer. You asked for an electronic copy of the document or their wedding pictures, and here comes the reply with the attached file, as expected. Why not open it? Because the sender’s computer could be infected or otherwise compromised and so could the attachment. f. You can’t open any attachment without taking some risk. Answer: True. But you can do something about the risk. Choice 1: Avoid it by not opening any attachments. If that won’t or can’t work for you, read on. Choice 2: Minimize the risk to your computer, and verify the source of the attachment before you open it. Install a suite of security software on your computer. Make sure it is working, and keep it updated. If you receive an attachment unexpectedly, contact the sender by phone (or some means other than return email), and verify who actually sent it and what’s in it before you open it.

*************************** #7: Click on Everything Some computer users simply cannot resist clicking on hyperlinks. Spammers, scammers and hackers prey on them by embedding links in email messages that lead to rigged websites. Once there, more links, as well as drop-downs and pop-ups, lure them into running scripts or downloading malicious software. One fatal mis-click can wipe out the contents of your hard drive or infect your computer with a program that a Bad Guy can use to take control of it. It can also take you to websites that feature pornography, pirated music, videos and software, or other inappropriate content that can get you in trouble. Think before you click. Links in phishing emails messages and websites may appear to be taking you one place, but will actually take you to another. The link might say “www.safesite.com,” but will take you to “www.nastystuff.com.” Try touching the link SANS OUCH! Volume 5, Number 12 

Page 5 

with your cursor without clicking on it. Often a text bubble will appear near your cursor that shows you the website’s actual address. #8: Believe that Macs Don’t Get Viruses Let's start by distinguishing between Mac users and Mac computers. Mac users can fall prey to email scams and phishing attacks, just as Windows users can, and they are equally likely to visit a rigged website, download an infected file, or receive emails or email attachments rigged with malware. Every Mac computer on the market today is built with the same kinds of hardware as PC's. They are connected to the Internet just like PC's, and can become infected just like PC's. The Mac operating system, OS X, is not safer than Windows. There are just a lot fewer people using it, so it’s a smaller target. It comes down to numbers and market share. Since there are more computers using the Windows operating system, more malware targets PC’s. Big-time Bad Guys -- that means: organized Internet crime rings -- go for the numbers, discovering and exploiting the vulnerabilities in Windows and Windows programs. The market share for OS X, compared to Windows, is small, but it is growing, and the bigger it gets, the bigger a target Macs make. #9: Use Easy, Quick passwords The trouble with easy, quick passwords is that they are easy and quick to guess. That’s bad enough, but people who use an easy, quick one also tend to use it for everything. That is a recipe for disaster. If any one of the computers or online systems using that password is compromised, all of your other information protected by that password is in danger as well. Passwords should be created strong and protected carefully. Strong passwords contain at least 8 characters -- the longer, the better -- and include a combination of letters, numbers, and symbols. Passphrases are even better. Use words and phrases that are easy for you to remember, but difficult for others to guess. Misspelling at least one of the words in your passphrase makes it still more difficult to crack. Here’s an example: My 2 old *katz* were both grey. Too much to type every morning? Let’s turn that passphrase into an acronym: M2o*k*wbg. Here’s what not to do with your passwords and passphrases. Do not use any personally identifiable information, like your Social Security Number, home or office address, license plate number, telephone number, date of birth, maiden name, or the names of your parents, partners, or pets. Do not share them with anyone. Don’t leave records of your passwords anywhere that you would not leave the information they protect. Don’t use the same ones year after year; make up variations. Never provide them over email or in response to an email request. Do not enter them on computers that you do not control, such as those in Internet cafés, libraries, computer labs, shared systems, kiosk systems, conference centers, and airport lounges. #10: Don’t Bother with Backups Backing up your files is like flossing your teeth. We all know we should do it on a regular basis, but something else always comes up that needs to be done first. Your email and your files are the most important things on your computer, and your backup plan should focus on preserving them. After a disaster, the operating system, software SANS OUCH! Volume 5, Number 12 

Page 6 

programs, security suite, and all of the other software can be restored from CD’s or DVD’s, or re-downloaded from the Web. None of that is unique, but some of the information in your email and files surely is unique. It doesn’t exist anywhere else. Here is a simple, basic backup plan. Plug a good-sized, formatted, blank thumb drive (or “USB stick”) into your computer. This is your backup drive. Double click on it and open a directory. As you work on your latest project and it comes time to take a break, save your work, close those crucial files, and drag copy them into the directory of the thumb drive. Do not keep the original or the only copy of any file on your backup drive. Backup drives are for storing duplicates. Do not work on the copies stored on your thumb drive. The more important your project is and the closer you get to the deadline, the more often you should pause to make a copy of your crucial files. The more often you backup, the less you stand you lose. After you’ve made a backup by whatever means, check to make sure that the copies are complete and that they work. Compare the list of backed up files against the original list. Try opening some files and scanning their contents to make sure everything is there. ************************************************************************ Copyright 2008, SANS Institute (http://www.sans.org) Editorial Board: Bill Wyman, Alan Reichert, John York, Barbara Rietveld, Alan Paller. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch

SANS OUCH! Volume 5, Number 12 

Page 7