It’s unfortunately only available in German but since it does not require lots of user input it can be valuable for non-German speakers as well. The only required input is a click on the button “Suchlauf Starten” to start the scan of the system. A check of the box below that button will perform a long scan of the system that requires a reboot.

Once started the application moves the mouse around and tests several behaviors. After a while it asks the user to input text. This happens three times to see if any of the running processes are reacting on the data input.

In the end all potentially dangerous applications are listed. The software seems to have troubles with Mozilla software because it did list several Firefox and Thunderbird files as potentially dangerous. The most dangerous files are listed at the top with their system path.

Related posts

• Windows Worms Door Cleaner (2)
• Perfect Keylogger lite (4)
• Kaspersky Rescue Disk (2)
• Hijack This 2.0 beta (8)
• Freeware MyPlanetSoft Anti-Keylogger (0)

The approach has a few advantages but also a disadvantage. The advantage is obviously that you can use it to remove known viruses, trojans, worms and other malicious software even if the computer cannot be booted into the operating system anymore. And since it is a standalone client it is not dependent on an installed anti-virus client but can be used on any computer that can be booted from CD. This also means that the program is independent from the installed operating system.

The disadvantage of the approach is that the virus definitions cannot be updated that easily and that it normally means that the full boot disk would have to be downloaded and burned to CD again meaning that this would have to be done regularly to stay up to date.

The good news is that you can download the Kaspersky Rescue Disk freely from an Kaspersky FTP and burn it to CD or DVD using a CD burning software like Nero.

The computer has to boot from the media and the boot sequence can be set in the computer BIOS. Make sure that the computer checks the DVD drive for a bootable device before it pulls the data from the hard drives.

The interface of the Rescue Disk is straightforward. It basically allows you to scan the computer for malicious software and offers ways to remove any that are found. This does not give a guarantee that the computer can be booted again after the cleanup though. A damaged file normally does not get repaired by anti-virus software.

Related posts

• Windows Worms Door Cleaner (2)
• Gernova Keylock (2)
• Free Kaspersky Anti-Virus for 1 year (59)
• Why Hackers take advantage of global events (0)
• Trend Micro RUBotted (5)

The main protection is gained from monitoring possible remote commands and control commands that are send from another computer . Other likely bot-related activities like mass mailings are monitored as well. RUBotted can be installed on Windows XP, Windows 2000, Windows Vista and Windows Server

The security application should work in conjunction with antivirus applications, even if those have not been designed by Trend Micro. In addition RUBotted offers to scan the computer using Trend Micro’s HouseCall, an online virus scanner. Some settings are offered to exclude specific requests from being monitored, those are: http incoming, smtp outgoing, irc requests and dns queries.

Related posts

• Windows Worms Door Cleaner (2)
• Why Hackers take advantage of global events (0)
• Online Virus Scan (3)
• Kaspersky Rescue Disk (2)
• How To Run Commercial Antivirus Software Without Paying For It (21)

The discovery was first reported by Websense on their website and several anti-virus applications have already been updated to counter this attack.

The interesting aspect in my opinion is that hackers are very quick to react on global events that trigger lots of searches for a specific subject in a short time. It took them less than 24 hours to prepare hundreds of websites with the malicious Javascript code and make it into the top 10 for several related search terms.

The Why is obvious. There is always a massive increase in searches when events that are of global interest happen. This can be assassinations, wars or catastrophes for example. The more users search for a subject the higher the chance that they will land on a prepared website.

Protecting yourself:

Here are some thoughts on how to protect your computer from falling into this trap.

• Use the excellent Firefox add-on NoScript which disables Javascript on all websites except on those that you whitelist.
• Visit trustworthy news websites only. The problem here is that you might miss good articles written by bloggers or new websites who rank highly on a subject. If you have to visit those sites be prepared. Turn of Javascript and other scripting languages before you visit those sites.
• Keep your operating system updated. This is one of the most important rules. Update your system with the latest security patches
• Don’t use Internet Explorer. Switch to another browser for increased security
• Don’t log into Windows as an administrator

Can you think of anything else ? You could use a virtual PC or a tool like Sandboxie whenever you surf the Internet.

Related posts

• Windows Worms Door Cleaner (2)
• Trend Micro RUBotted (5)
• Norton Antibot Free 1 Year License (15)
• Kaspersky Rescue Disk (2)
• Introduction Series Part 4: Cookies (0)

Most of the worms, in particular the most famous, use known vulnerabilities in Windows services which are enabled by default and that often can’t be disabled via the OS’s configuration.
Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit.

Related posts

• Kaspersky Rescue Disk (2)
• Gernova Keylock (2)
• Why Hackers take advantage of global events (0)
• Trend Micro RUBotted (5)
• Hijack This 2.0 beta (8)

I will explain the basics of securing your computer, will tell you what you need to secure it and give you alternatives if there are any. But first of all, all programs that I name will be freeware or open source. We want a secure computer but don´t want to pay hundreds of $$ for it. There will also be some geeks who will comment that program XY is way better and pro than the program I named and that only people with no security understanding whatsoever will use. Don´t listen to them, there are many factors that play a role in selecting a suitable software. I tried to find the best mix between security and user friendliness.

I will recommend the following type of programs for your personal computer: Anti-Virus, Anti-Spyware, Rootkit Checker, Autorun Checker and Process Checker.

Wait, no Firewall ? Yes no firewall, I will give you a short answer why there will be no firewall. This seems unusual but just wait a little more and you will know.

Before we start, let me give you a short advice. Running all these tools in the background does not make your system secure. Its more secure yes, but not totally. Therefor you should still use common sense when you do something on the internet, e.g. don´t click on mail attachments that are unknown to you aso.

Lets Start:

Anti-Virus:

There are unfortunately thousands of free anti-virus products out there, what we need is the following. It should be up to date, have internet updates and use few resources.

I suggest Antivir Personal Edition, its free, always up to date, uses only few resources and has a very good virus recognition rate. Alternatives would be Avast Antivirus and AVG Free Edition

Anti-Spyware:

Ad-Aware SE Personal, small and good, enough said. As an alternative Microsoft’s own Spyware Tool.

Rootkit-Checker:

Everyone knows about Rootkits since the Sony debacle but only a few know how to check their pc for a rootkit. Rootkit Revealer from Sysinternals does the job. Run this tool from time to time, its not necessary to run it all the time.

Autorun Checker:

There are numerous places that can hold programs that autorun at startup, its a hassle to check them manually. Run a autorun checker from time to time to check on all places and programs and disable the ones you won´t need. Your system will probably boot faster if you disable some.

I suggest Autoruns 8.4 from Sysinternals.

Process Checker:

Process Explorer from sysinternals tells you which handles or dll process have opened or loaded, small great tool.

No Firewall ?

The reasoning behind this is pretty simple. A software firewall gives the user a false sense of security. If you look up bugtraq for example you see lots and lots of firewall vulnerabilities. Every software that runs on your system raises the danger of exploits and backdoors. Many trojans and worms already know ways to bypass firewall systems and use save routes (that means use programs that are safe to use for the firewall) to execute their malicious code.

Another problem that occurs is that if a malicious tool is installed with admin rights it could alter firewall functions. You find a simple code on netfirms.com that does press the YES button of Zonealarm automatically. There are of course other more serious possibilities.

The conclusion would be, that firewalls are not secure and malicious code can find ways around the firewall and even manipulate it. Therefor i suggest you don´t use a firewall but do something different.

I suggest you download this small tool called Shutdown Windows Servers and run it on your system. This should be sufficient to avoid most of the nasty worms and trojans that float around lately without the use of a firewall. .Common sense of course applies

Related posts

• AVG-Antivirus will continue to be free (2)
• Astalavista Top 10 Freeware Tools (2)
• Zombie City Tactics (0)
• Why Hackers take advantage of global events (0)
• Who is connected to your pc right now ? (6)