Just the other day I was complaining about web security, and how Gmail is almost good. Secure login but might be insecure browsing afterwards...
Today, checking my email, the Ad Bar (yeah, I actually read ads sometimes there) came up with this: Official Gmail Blog - Making security easier. I don't really think I had anything to do with the change (would be nice, though:) but the important thing is that they seem to try. Me happy.... Now stop checking those emails and get back to work....
Monday 28 July 2008
Sunday 27 July 2008
Adventures with Windows security
Windows security really drives me nuts... The whole thing. It's not that it should be easier, only it shouldn't be impossible, and this unnerving.
I had to reinstall my Windows XP recently, due to a failed hard drive. I could use a back-up but it was pretty slow recently (but no other problems), so I thought, give it a fresh start. Of course Acer didn't supply any install CDs with my computer, so let's download one from the Web and use that shiny, holographic, temper proof Windows XP(TM) serial number, attached to my laptop case with superglue (i think). Yeah, right, of course the install CD told me that it is an invalid code... So here you go, I have a code but I'm a pirate, forced to use some knock off code again from the web, and we are not at security yet....
Where I was, is a fresh new install, pulling down all he necessary software updates, new Firefox, and let's get started with digging the trenches against the invading forces...
Firewall, I need one for sure... I ended up having COMODO Firewall Pro, which is free for personal use. I had two previous generations of this program (one still on Win98, and one on the previous install), and I was glad to see, that they made some effort and it loos much better now, more logical - even if the amount of possible settings could make your head spin...
One thing was different - included "Proactive Defence". What it does is checking every single operation that any and all running software does, against some malware blocking criteria, or such. In the end, it is just prompting you 10 times a minute, that:
"XYzw.dll" is trying to use "AbCD.com" for an unidentified purpose. If you thing it is a safe operation, click authorise.
Or:
"Blabla_Nice_Program.exe" is modifying the registry entry "HKLM/Software/Run/Currentrun/OMG/BBQ/WTF/", do you authorise? Well, we no longer say, instead we say affirmative...
How would ANYONE really know what to do with EVERY program? Is it alright if "system.exe" uses "explorer"? No, what ends up being is click, to "authorise", "authorise", "authorise".... So, does it protect?
I assume not. One day into the new setup, i was no longer search Google, Yahoo or Altavista. MSN was there (but no, I'm not using that for search). The answer was always "waiting for reply". No direct going to their sites, no using the searchbar in Firefox... Gmail was working and iGoogle was there, so it must be a problem with my machine not with the tubes. Fortunately there's a Terminal Server I can log in at the office, so I can look for info on this strange behaviour. Apparently there's a trojan called Qhost, which would do something similar. Download the Symantec removal tool for Qhost - nope, nothing. Look a little bit further, use carpet bombing instead of precision sniper attack, so let's get a Spyware removal. Yeah, which one? In the end again I settled for Spybot Search&Destroy. It's pretty minimalistic, and in many corners it looks as free software would look (yeah, free once more...), but apparently it does it's job...
After 20 minutes of crunching away, it came back with the diagnosis: you have Virtumonde. "Web access may also be negatively affected. Vundo may cause many websites to be unaccessible; these websites will just hang." Yeah, exactly.... Let's remove... Done.... Wow, everything works again! Great....
So, in the aftermath I just disabled the defence feature of the firewall, as it was proven pretty useless. Kept Spybot and "immunized" my system. It does a few clever-looking tricks that could cause problem sometimes later but might work: e.g. redirecting the DNS queries for known malware websites to 127.0.0.1, which makes them unable to function. We'll see how this would work in practice. And also, I'm looking for an anti-virus program. AVG Free Edition (been there, done that), Moon Secure Antivirus (it was pretty crappy when I tried, and slowed evvvvrrrryytthinng down), Avira Antivir Workstation (going to try this one now. I think I had some years ago, but let's see what it can do nowadays).
But the whole thing is just so annoying. The Windows Registry. The Windows services and system files - when the same file does a dozen different functions, and half a dozen copies are running in the same time. When there's no way to know what's a malicious attempt, and what's a legitimate request from a software.....
If this happens on my parents computer and I have to distance-diagnose it, I'd go nuts and they wouldn't have a working system for quite a while.
Anyway, my feeling is that probably I'm more lame that I thought (come on, getting infected on the first day!!!) and that even if Linux has tens and hundreds of annoying things (subject of many future posts, probably), those annoyances now feel more manageable, more transparent, and more familiar... I'm really looking forward to the day of my complete switch, when I don't have to worry about this many firewalls/spyware/virus/malware things. I'd rather fight software bugs.....
Now, just switching off the Internet, take a book that I wanted to read for a while, and let's go outside.... maybe a computer virus infection does have a positive side....
I had to reinstall my Windows XP recently, due to a failed hard drive. I could use a back-up but it was pretty slow recently (but no other problems), so I thought, give it a fresh start. Of course Acer didn't supply any install CDs with my computer, so let's download one from the Web and use that shiny, holographic, temper proof Windows XP(TM) serial number, attached to my laptop case with superglue (i think). Yeah, right, of course the install CD told me that it is an invalid code... So here you go, I have a code but I'm a pirate, forced to use some knock off code again from the web, and we are not at security yet....
Where I was, is a fresh new install, pulling down all he necessary software updates, new Firefox, and let's get started with digging the trenches against the invading forces...
Firewall, I need one for sure... I ended up having COMODO Firewall Pro, which is free for personal use. I had two previous generations of this program (one still on Win98, and one on the previous install), and I was glad to see, that they made some effort and it loos much better now, more logical - even if the amount of possible settings could make your head spin...
One thing was different - included "Proactive Defence". What it does is checking every single operation that any and all running software does, against some malware blocking criteria, or such. In the end, it is just prompting you 10 times a minute, that:
"XYzw.dll" is trying to use "AbCD.com" for an unidentified purpose. If you thing it is a safe operation, click authorise.
Or:
"Blabla_Nice_Program.exe" is modifying the registry entry "HKLM/Software/Run/Currentrun/OMG/BBQ/WTF/", do you authorise? Well, we no longer say, instead we say affirmative...
How would ANYONE really know what to do with EVERY program? Is it alright if "system.exe" uses "explorer"? No, what ends up being is click, to "authorise", "authorise", "authorise".... So, does it protect?
I assume not. One day into the new setup, i was no longer search Google, Yahoo or Altavista. MSN was there (but no, I'm not using that for search). The answer was always "waiting for reply". No direct going to their sites, no using the searchbar in Firefox... Gmail was working and iGoogle was there, so it must be a problem with my machine not with the tubes. Fortunately there's a Terminal Server I can log in at the office, so I can look for info on this strange behaviour. Apparently there's a trojan called Qhost, which would do something similar. Download the Symantec removal tool for Qhost - nope, nothing. Look a little bit further, use carpet bombing instead of precision sniper attack, so let's get a Spyware removal. Yeah, which one? In the end again I settled for Spybot Search&Destroy. It's pretty minimalistic, and in many corners it looks as free software would look (yeah, free once more...), but apparently it does it's job...
After 20 minutes of crunching away, it came back with the diagnosis: you have Virtumonde. "Web access may also be negatively affected. Vundo may cause many websites to be unaccessible; these websites will just hang." Yeah, exactly.... Let's remove... Done.... Wow, everything works again! Great....
So, in the aftermath I just disabled the defence feature of the firewall, as it was proven pretty useless. Kept Spybot and "immunized" my system. It does a few clever-looking tricks that could cause problem sometimes later but might work: e.g. redirecting the DNS queries for known malware websites to 127.0.0.1, which makes them unable to function. We'll see how this would work in practice. And also, I'm looking for an anti-virus program. AVG Free Edition (been there, done that), Moon Secure Antivirus (it was pretty crappy when I tried, and slowed evvvvrrrryytthinng down), Avira Antivir Workstation (going to try this one now. I think I had some years ago, but let's see what it can do nowadays).
But the whole thing is just so annoying. The Windows Registry. The Windows services and system files - when the same file does a dozen different functions, and half a dozen copies are running in the same time. When there's no way to know what's a malicious attempt, and what's a legitimate request from a software.....
If this happens on my parents computer and I have to distance-diagnose it, I'd go nuts and they wouldn't have a working system for quite a while.
Anyway, my feeling is that probably I'm more lame that I thought (come on, getting infected on the first day!!!) and that even if Linux has tens and hundreds of annoying things (subject of many future posts, probably), those annoyances now feel more manageable, more transparent, and more familiar... I'm really looking forward to the day of my complete switch, when I don't have to worry about this many firewalls/spyware/virus/malware things. I'd rather fight software bugs.....
Now, just switching off the Internet, take a book that I wanted to read for a while, and let's go outside.... maybe a computer virus infection does have a positive side....
Monday 21 July 2008
Why is secure browsing so... nowhere?
Whenever I read about the Black Hat conference or Defcon (which I'd love to see one day), I was always amused, how they tried to see, whether all the participants followed (or not followed, more likely) the best practices of online security....
My favorite was the Wall of Sheep, which is basically scans for unsecured network traffic through the wireless access points, and if it finds an unencrypted login name/password combo, just posts it on a giant screen... If someone spots the info, they can pwn the careless user in a second... Is it rude? I don't think so... On the Interwebs nobody will notify you when you leak information out to people who will take advantage of it. Nobody will take your hand and tell you - hey little boy, you seemed to drop this wallet/login/credit card number.... Oh, noez, you'll only notice when it is too late....
So, since I've read about the Wall of Sheep, I wanted to make sure, I do follow a few easy steps that can make things at least a bit safer. For example using "https" instead of "http", whenever it is possible. That extra "s" stands for security, and all it does is preventing people to read my communication with the website I'm currently using.
Some sites are reasonably good, for example Gmail now seems to default to secure login page - though if I don't want someone to read my emails, i still have to manually change the current URL to "https" after login...
But some sites are pretty useless in this sense... Even take Blogger - the "https" version of the page which has all my settings, all my info, just redirects back to the unsecured page... Or this blog - just try https://clickedyclick.blogspot.com ... why does it redirect to the Google frontpage?? Is it something that the Hypertext Transfer Protocol over Secure Socket Layer cannot handle or the site owners don't care?
Or, the reason of this post, Facebook... You can have all the pages in https version, but every single link on that page will point to http.... No security y'all.... Just let everyone read your juicy messages (well, I don't have any, but those who have...)
Is even a minimal effort such as this, too much to ask? Never mind that, if I can voice my concerns to whom it may concern - but can I challenge anyone to find an appropriate feedback page on Facebook? It's like total robot call centre - Sorry sir, no human operators are in today, take it or leave it....
Well, I take it now, but not sure how long, though...
My favorite was the Wall of Sheep, which is basically scans for unsecured network traffic through the wireless access points, and if it finds an unencrypted login name/password combo, just posts it on a giant screen... If someone spots the info, they can pwn the careless user in a second... Is it rude? I don't think so... On the Interwebs nobody will notify you when you leak information out to people who will take advantage of it. Nobody will take your hand and tell you - hey little boy, you seemed to drop this wallet/login/credit card number.... Oh, noez, you'll only notice when it is too late....
So, since I've read about the Wall of Sheep, I wanted to make sure, I do follow a few easy steps that can make things at least a bit safer. For example using "https" instead of "http", whenever it is possible. That extra "s" stands for security, and all it does is preventing people to read my communication with the website I'm currently using.
Some sites are reasonably good, for example Gmail now seems to default to secure login page - though if I don't want someone to read my emails, i still have to manually change the current URL to "https" after login...
But some sites are pretty useless in this sense... Even take Blogger - the "https" version of the page which has all my settings, all my info, just redirects back to the unsecured page... Or this blog - just try https://clickedyclick.blogspot.com ... why does it redirect to the Google frontpage?? Is it something that the Hypertext Transfer Protocol over Secure Socket Layer cannot handle or the site owners don't care?
Or, the reason of this post, Facebook... You can have all the pages in https version, but every single link on that page will point to http.... No security y'all.... Just let everyone read your juicy messages (well, I don't have any, but those who have...)
Is even a minimal effort such as this, too much to ask? Never mind that, if I can voice my concerns to whom it may concern - but can I challenge anyone to find an appropriate feedback page on Facebook? It's like total robot call centre - Sorry sir, no human operators are in today, take it or leave it....
Well, I take it now, but not sure how long, though...
Thursday 17 July 2008
to start off with
Well, if so many of my friends have technical blogs, then it's maybe time for me as well... Maybe it will work, maybe it will die a fiery death (or more like it a very quiet and frozen-to-silence one). But never going to know unless I give it a try.
Not that I wouldn't have anythings to say. Loads of technologies I'm interested in... Linux, OpenStreetMap, Openmoko, XFCE, EeePC, GPS, Wikipedia... Oh, so much more.... And don't get me started on old computer games.... Mmm the sweetness of accomplished levels in Commander Keen 4 are truly comparable to finished subroutines in a homebrewed software....
Anyway, I'm just going to get my Openmoko in a week or so, that's why I started to write this. It's out for a few weeks (maybe two?) now, and I still couldn't find any proper usability review. I don't care much about the "this is how the box looks, now booting, look: pretty, it's this big, kthxbye..." sort of reviews... Want something that is useful to tell people what does it feel like, how does it behave, what is it like to use it every day as people would use it, and so on... And if I couldn't find a review that I want, better write it myself. And hope it won't suck.... ;)
Well, still a bit of waiting for that, though, and lots of technology to do in the meantime... ;)
Not that I wouldn't have anythings to say. Loads of technologies I'm interested in... Linux, OpenStreetMap, Openmoko, XFCE, EeePC, GPS, Wikipedia... Oh, so much more.... And don't get me started on old computer games.... Mmm the sweetness of accomplished levels in Commander Keen 4 are truly comparable to finished subroutines in a homebrewed software....
Anyway, I'm just going to get my Openmoko in a week or so, that's why I started to write this. It's out for a few weeks (maybe two?) now, and I still couldn't find any proper usability review. I don't care much about the "this is how the box looks, now booting, look: pretty, it's this big, kthxbye..." sort of reviews... Want something that is useful to tell people what does it feel like, how does it behave, what is it like to use it every day as people would use it, and so on... And if I couldn't find a review that I want, better write it myself. And hope it won't suck.... ;)
Well, still a bit of waiting for that, though, and lots of technology to do in the meantime... ;)
Subscribe to:
Posts (Atom)
