At the request of some friends I prepared these computer-virus defense instructions recently.  Thought maybe a few more of you could use it.

<><><><><><><><>

2/27/05 last update

 

SECURITY and other related Issues: 

TITLE: "What you always wanted to know about viruses and spyware and were afraid to ask"  or

"The reason why I was afraid to ask was because I was afraid I would learn more than I would ever want to know." (certainly true for me)

  

Dear Friends,

I strongly urge you to heed Grant's last words, hopefully not "famous last words" (he should be famous for something much more important):  "If this e-mail is confusing to you, then you are really in peril.  So bite the bullet and get your computer protected right away. In a crunch, get some computer savvy youth to help you." -- Grant Suhm.   Grant has told you what you need to acquire.  My minimum objective is to help you know where to acquire it.  My purpose is to provide some info that will help un-confuse you (or perhaps confuse you more), but at least give you further options.  (If you are not willing to tackle some of this yourself, give a print-out of this email to your "computer savvy youth to help you" -- which Grant recommended).

 

Please allow me to construct a metaphor in an attempt to explain what I want to try and do here:  Learning technical information about using your computer is like learning English.  Just because English can be very difficult and complicated does not mean that three-year-olds cannot use it proficiently at the level that is appropriate for them.  You begin where you are.  This overview is probably more than you ever wanted to know about virus protection, and if so then you already have my apologies.  Hopefully, some or all of this will be useful to you either now or in the future.

 

I know that most of us don't have the time to deal with this awful stuff, but as Grant has said, it will pay you in the long run to do so.  You really are "in peril" (again his phrase) if you have not given some attention to protecting yourself.  Grant has already done a good job of explaining the minimum requisite level -- i.e., what's required at a minimum to protect yourself. Basically getting yourself set-up to make sure you are protected is a one time thing.  The aggravation of doing this is not nearly as bad as having to deal with a real virus.  (You lucky guys who are using Apple can ignore all this.)  I am going to be fairly rigorous about this because I have had to rebuild my computer a couple of times.  (I already have all this information from previous research, so I am mostly cutting and pasting here to share it with you.)


Before all else, it is important to realize that all the safety measures below cannot give you 100% insurance against every inevitability.  Many believe that besides atll these software protections the ultimate insurance is to have another copy (image) of you operating system on a separate drive, in its own partition, so you can reinstall it quickly in the event of a system crash.  Also, it almost goes without saying that it is better to have all your data in a separate partition from your Operating System.  In other words, buy another hard disk (they are cheap now) and put it in your system.

 

FIRST, go to http://windowsupdate.microsoft.com/ < MOST IMPORTANT LINK on this page.  (Windows updates are the most critical thing to keep up with.)  Install all service packs and security updates to the Windows operating system. Turn off any anti-virus and other windows programs when you do this. (You should run this everyday unless you set yourself up to get the automatic updates.  Automatic updates are not actually automatic if you wish to only be notified when they are available and elect when to do them.) 

 

WARNING:   http://www.microsoft.com/windowsxp/using/security/expert/russel_installsp2.mspx  Notice this paragraph:  "Before you install SP2 (Windows Service Pack 2), make sure your computer is completely free of viruses, worms, and spyware. The best place to start is the Microsoft Protect Your PC Web site. And for even more on spyware, see the excellent Expert Zone column from Jerry Honeycutt.  Failure to clean up spyware and adware on your computer before installing SP2 can cause issues and in some cases make your computer difficult to restart. You may not even know that spyware or adware programs are installed on your system. And some spyware or adware programs may not cause serious issues with SP2, but it's a good idea to run spyware and adware removal programs before installing SP2.  (See FREE Anti-Spy software under THIRD below:)

WARNING:  Get the Latest Updates and Information from Your PC Manufacturer Before Installing Windows XP Service Pack 2 

You can get SP2 via Windows Update, but for the most reliable upgrade, download the executable and install it manually.

http://www.download.com/Windows-XP-Service-Pack-2/3000-2098-10308948.html  (recommends same)

http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx (<< click here for links to SP2 Information from manufacturers)

http://www.download.com/Downloaders-Guide-to-SP2/1200-2001_4-5127017.html   (<< also read this for more info on "What is SP2?")
http://www.symantec.com/techsupp/sp2/faq.html  (Symantec's explanation of SP2)

NOTE:  According to Microsoft's own statistics, 5% of the Service Pack 2 (SP2) users are experiencing intermittent loss of connectivity-- loss of IP address.

There is a phone number for FREE support from Microsoft regarding Spyware / virus and other security issues:  1-866-PC-Safety (866-727-2338)

ALSO WAIT:  If you have XP, I recommend that before you run ANY updates or install any new software be sure to turn ON the SYSTEM RESTORE feature of windows. (<<< Click on the blue underlined words here to get a fuller explanation.)  "System Restore" is a new Windows XP feature that's similar to something Microsoft previously called "Last Known Configuration."  However, System Restore maintains multiple restore points instead of just one last restore point.  In general it is used to recover from a disaster that might occur when a program you are trying to install messes up your operating system.  (The 2005 Premier version of "SystemWorks" also has a feature called "GoBack".)  The user can manually create restore points or the SystemRestore feature can automatically create restore points during updates and installation of new software.  To enable or disable System Restore, perform the following steps:  Click the Start button (lower left-hand corner of screen) and start the System Control Panel applet. Select the System Restore tab.  You can also find this by clicking the START button, then ALL PROGRAMS, then ACCESSORIES, then SYSTEM TOOLS, then SYSTEM RESTORE.  IF you can't find it just go to START /HELP and type in System Restore.

 

Clear the "Turn off System Restore on all drives" check box (remove the check) in order to enable System Restore (or if it is already turned on and you are trying to disable it, then select this same check box to disable System Restore).  Click OK.  Also here:  To delete older restore points, but leave the system restore turned on: Right Click the Drive in question/Properties/Disk Cleanup/More Options/System Restore/Cleanup.  It's a good idea to look in on your System Restore points now and then, just to make sure it is automatically creating regular restore points.  It should automatically make at least one per day, unless you are "hybernating" XP (which I don't recommend).  It should also automatically create a restore point whenever you install new software.  BEWARE:  If you ever turn off SystemRestore, let's say during a virus hunt down process (sometimes recommended so that you don't ever re-install a virus during a restore), just be aware that ALL your restore points will be permanently erased.  I leave mine turned on all the time and regularly check it to make sure that I have plenty.

I said to turn off any anti-virus and other windows programs when you do this run your Windows Update.  In general you should turn off or exit most windows application WHENEVER you are installing a new program, ESPECIALLY it is important to turn off your antivirus program.  Here is how:  You should close and/or exit all the little icons in the tool tray found at the lower right hand corner of your screen, AND then double-check for all applications that my remain open.  Here is how:  Simultaneously press the "Ctrl / Alt / Delete" keys on your keyboard and a menu will pop up that says "Windows Task Manager."  Click on the tab that says APPLICATIONS.  Click on every one of them except the application that you are trying to install (assuming that it is already open).  After you highlight the task you want to stop from running, press the END TASK button in the lower right hand corner of the menu.

 

Enabling or Disabling Automatic Windows Update (this is for XP users only):  Depending on your settings, Windows XP may routinely activate the Windows Update feature to scan for and download updates to Windows XP automatically. If you have a fast Internet connection, and usually don't remember to check for updates yourself, you'll probably want this feature turned on.   However, if you already check for updates, and would rather not have your work interrupted by a process that can eat up your processor power, you'll probably want to disable automatic updating.  I keep mine set for the minimum automatic intrusion, since I like to know what is going on, and I feel more comfortable disabling Norton Anti-virus right before I allow Microsoft to do its thing.  Thus, I set mine to automatically download the updates, but notify me when they are ready to install.  (The most difficult part of this whole routine is remembering to turn the Anti-Virus protection back on before opening my next email however, so don't forget!  NOTE: The latest version of SystemWorks from Norton/Symantec lets you set a timer that will reactive your anti-virus so that you don't have to remember to.)

         To control or disable Windows Automatic Updating, open the System icon in Control Panel (or right-click My Computer and select Properties), and choose the Automatic Updates tab.   "MY COMPUTER" is found on your desktop or in the START menu.

         To check for updates manually, open Internet Explorer and select Windows Update from the Tools menu (or you can save the Windows Update URL in your Favorites menu).

 

Note: even if you have enabled full automatic updating, Windows XP may only install critical updates. It's a good idea to check with Windows Update manually to make sure the updates you want are installed.  See http://v4.windowsupdate.microsoft.com/en/default.asp

 

Don't forget to also update Microsoft Office at the same time: http://office.microsoft.com/OfficeUpdate/default.aspx  (A link is also provided on the Windows Update page.)  Some experts will argue that if you are behind a firewall and don't leave your computer turned on all the time that ANTI-VIRUS software is more important than Windows Updates.  However, I consider them equally important.  The new "worm viruses" that are out there now have the ability to come in through browsing, and only Windows' security features can help you fight this battle unless you have the latest version (2005) of Norton SystemWorks.

 

If you are running the Windows Update for the first time and do not have a cable modem (and don't use your computer very much), then you may choose to start by getting the first updates on a CD since it will take quite a while to run ALL the service packs and updates:  http://www.microsoft.com/athome/security/protect/cd/order.mspx  (This link also has some very good general protection information about viruses, spyware, etc.)  However, if you are checking emails everyday you'd best no wait the 2-4 weeks for delivery.  Just run the updates and go have lunch.  Remember, however, that by the time the CD gets to you it will most likely be outdated, so after you run it you will STILL have to go to Windows Update on the web and get any of the patches that may have come later.  The good news is that even if you have to do a telephone modem download and it is interrupted, you will not have to start over completely.  I believe that windows remembers how much of the download was complete and start over from there, rather than from the beginning.  It may not remember as much as GETRIGHT, however, so you may want to consider getting a downloader program that remembers where you were when your phone line drops out.  (Netscape has a "GetRight" feature built in I believe, called "SmartDownload".  However, you might have to ask Netscape to install or activate it the first time.)

 

GET GETRIGHT:  (Skip this section unless you use a phone line for your Internet connection, or if you absolutely need it.)
If for some reason you are downloading a very large update file I recommend you first download GETRIGHT, so that you can resume a long download if interrupted. You may also find it to be a useful tool for other large downloads in the future.  You will find it at http://www.getright.com/get.html

After you download Getright, double click on the downloaded file (Getrt430.exe) to install GetRight. Be sure to notice where GetRight is extracting and saving the file so you will know where to look for it in the next step. (You actually have to confirm it, so just take note what folder location it is being saved in, or you can specify one yourself.)  Now you are ready to run Getright so it can handle all your downloads.  (From the START menu select RUN and browse to the location that you know the Getrt430.exe file was saved during the download.)  This will install Getright on your computer. It will be added to your program files pull down menu. (You may also be asked if you want an icon on your desktop or your system tray.)  After the installation is complete, click on START button, select Programs and scroll up and down until you see Getright on the list. Click on "Getright Tray Icon" to start Getright running. It will run until you shut it down or turn off your computer.  Most likely it will install a shortcut in your system tray (lower right corner of your screen) and it will automatically load whenever you turn on your computer each day.  HOWEVER, remember that all these programs that are running in your system tray could also indicate that a program is running in memory, so these can be a clue whenever you are actually installing a new program that there are applications that need to be closed (Windows always warns you about this during most new program installs).

Using GETRIGHT with other programs besides Windows Update:  Any time you are downloading a program from the web copy the http:// address (called a URL - Universal Resource Locator) into the Getright address line and Getright will download it. (Actually, if you capture the URL location with Ctrl-C the Getright program will automatically read the address from the buffer, USUALLY.   So, you may notice when you go to paste the address into Getright that it is already there -- and assuming you are still online, the download process automatically begins.)  If your computer or phone connection fails half-way through the download you will not lose all that time before the failure because that is the function of Getright... i.e., to be able to interrupt and resume downloads.  Getright also has another wonderful feature that allows it to search the web for multiple locations of the program or file you are downloading and for some files it can download from both locations simultaneously, thereby reducing the overall time of your download.

Somewhat redundantly, here is the typical way you make Getright take a download. Go to the site where you are supposed to download the file... If Getright is already loaded and running in the background then all you should have to do is click on the URL ( http://www..... ) and Getright will take over doing the download. If this doesn't happen, and the download begins without Getright being the agent doing the download, then stop the download.  RIGHT click (i.e., use the right mouse button, not the left) on the URL address and copy it to the "clipboard" buffer (by choosing "copy link location"). Then click on the Getright ICON (it looks like an eyeball, but it is really the earth with some arrows going around it) and then click FILE on the Menu bar at the top and select ENTER URL. As soon as you do you should see the URL already entered for you. If it is not, you can paste it manually with a Ctrl-V because you already have it in your "clipboard" buffer.  As it begins, Getright may ask you where to save the file you are about to download if you do not already have a default -- such as "C:/my downloads" or "C:/downloads" or "C:/my documents"

The Windows Firewall

If you are running XP (the latest version of the Windows operating system), you should also probably implement the Windows Firewall:  http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en  (Be sure to read everything first.)

The only time you might not want to do this is if you already have a software firewall (or a router with a built-in hardware firewall), like ZONEalarm.  See http://www.zonealarm.com/ or more specifically you can get it FREE at by using the link below under THIRD:

 

SECOND -- ANTI-VIRUS Software:  I  recommend that you install "anti-virus" software.  I prefer Norton's "SystemWorks".

Here is a link to the ones that Microsoft recommends:  http://www.microsoft.com/windowsxp/downloads/updates/sp2/antivirus/default.mspx

Click here for more detail on these companies and products for specific operating systems: http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Some software manufacturers allow you to use them for FREE for several months.  I would recommend you buy Symantec (System Works 2005) rather than "try" for 90 days, because you won't have the latest edition.  They only let you try 2004.  I do not like MacAfee anti-virus software.  (Too difficult to uninstall if you ever have too, although this is also true of Norton to some extent.)

You can buy the Norton OEM versions (same as the $40 version, but without the manual) for $4 to $20, from any number of places on the web.  Here are ways to find it:

For the $4 solution, click here >>>  http://www.nextag.com/serv/main/buyer/ProductM.jsp?nxtg=9a135_EC3FCB62B17139BB&kw=Symantec_NORTON_SYSTEMWORKS_2003&product=55349031&pdir=0&click=n&node=&core=8&page=1&lgnode=&lgsearch=norton+utilities+2003+pro

These are legitimate vendors, but who may be VERY small -- (you get a bona fide original disk from Norton, with full license and support).   I think they do this by selling last year's version (Symantec Systemworks 2003 Pro CD), but once you go online Norton will automatically update to the latest version, and it will be good for one year.  It is just as good to do it this way.  Bear in mind, however, that you will not be getting the latest version (usually it will be last year's version) and that the latest version (2005 Premier) gives you protections against the new worms that come in while browsing, which you will not have otherwise.

 

Here is another source:

http://www.salesintl.com/product.asp?0=221&1=239&3=23  ($8)

 

And another:

Technology One 310-470-2501 or  800-900-1008 Sales AND 310-470-8282 Support  -- Fax Number 562 287-2900
E-mail:  Sales sales@save365.com   Depending on where you tell them you found their add they will charge you between $9 and $17

 

http://www.symantec.com/downloads/  << Here is the link for NORTON -- from the real makers own web site  -- or what you would get off the shelf at Staples, etc.  OR  http://www.symantecstore.com/dr/v2/ec_MAIN.Entry17c?CID=48782&SID=27674&SP=10007&PN=5&PID=584418&DSP=&CUR=840&PGRP=0&CACHE_ID=48782 which will give you a complete description of the latest version and offer you a $30 rebate for an upgrade.

Once you get Norton Antivirus installed, do not rely on the "weekly updates" to keep you protected, especially if you hear of a new virus running around out there (even though Norton might llikely send an automatic update for it if it is a real dangerous one).  I prefer and recommend updating daily: http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html . 

If you want details on the difference in the two update methods read here >>>  

http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713?OpenDocument&src=sec_web_nam 

Actually I have the automatic "live update" turned on in case I forget to do the manual one, and also that way I catch the emergency updates automatically too (works better if you have a cable modem).  Right after you install Norton and get the "live update," scan your entire computer for viruses and do that at least once a week thereafter, even if you are monitoring all your emails.

REMEMBER:  Always "disable AutoProtect" (pause or stop Norton Anti-Virus) when you are installing OTHER new software.  THIS IS VERY IMPORTANT!!!  (You will usually get a message whenever you are installing new software stating that it is "highly recommended that you terminate any programs that are running."  Although you might get away with it, antivirus software has a history of messing things up during an install routine.) 

 

NOTE:  Antivirus Tools Cannot Clean Infected Files in the _Restore Folder

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q263/4/55.ASP&NoWebContent=1

 

THIRD: (a MUST, in my opinion.)

Zonealarm... at http://www.zonelabs.com/store/content/home.jsp

More specifically, click >> HERE.  This is a software firewall.  I run this program constantly (except when installing new software), even though I use a "HARD" firewall (built into my router -- which is reason enough to buy a router by the way, if you use it for nothing else).  I recommend it even you decide to use the built-in Windows software firewall.  http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en  ( I use it partly to tell me what Windows itself is doing, which the Windows firewall will not.)

 

While all this other stuff protects you against what is COMING IN to your computer, ZONEALARM will also protect you against the stuff that has already gotten in and is trying to access "the mother ship" over the Internet.  Zonealarm allows you to give permission to ANY program that is attempting access the web using your computer.  I would not be without it.  (Most likely the FREE version is all you will need. It is a little hard to find so here is the link:   http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Other versions of their product are here: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp )

 

Finally, you might wish to seriously consider abandoning OUTLOOK and OUTLOOK express as your email client. These are the programs most hackers are targeting, though any email can have an attachment with a virus.  As an option you can use Netscape, Mozilla, or Eudora.  All are free.  For example, Eudora is free unless you want the anti-spam version:  http://www.eudora.com/download/

 

free ANTI-SPY software:


What is Spyware?

Spyware, like a virus, is a malicious software planted on your PC by a third party in order to secretly monitor what you do online.

Once your browsing habits are analyzed, you are flooded with endless Commercials, Popups and Spam from inside your PC!

Spyware also dramatically slows down your computer and Internet connection speeds.

It is installed on your computer through websites, spam and as hidden additions to legitimate programs you install.

The presence of the infection is hidden, and is not revealed even by Anti Virus or Firewall programs.


Some folks feel that once they have learned how to routinely install the Windows Updates, and obtained Antivirus software they have done enough.  For some, maybe so, but others consider anti-spy software a necessity at some point.  (For example, even Microsoft recommends you use these programs BEFORE you install a serious UPDATE to Windows, especially something as major as Service Pack 2 -- SP2 -- see http://www.microsoft.com/windowsxp/using/security/expert/russel_installsp2.mspx  NOTICE this paragraph: "Before you install SP2, make sure your computer is completely free of viruses, worms, and spyware. The best place to start is the Microsoft Protect Your PC Web site. And for even more on spyware, see the excellent Expert Zone column from Jerry Honeycutt."   Anti-spy programs are a bit of a mixed blessing.  Sometimes, for some people, they can lead to more problems than they are worth.... but you should read all this anyway before you make your decision.

 

If you do a lot of browsing on the web you will want to consider protecting against SPY software, particularly if you use a credit card on the web. Some spy software can actually obtain your credit card number. To read more about it see http://safespy.net/ProtectYourPrivacy.htm  (This is very good introduction to how spyware works... and how they can even get your credit card number, but don't download Spybot from there.  Better to get it from the original maker's website.)  

 

Take time to educate yourself:
General Information from Microsoft:  http://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=adware

Also this is a good source of information: http://www.spywareguide.com/index.php with free online scanner. (Also, see #5 below.)

Another good source of information: http://anti-virus.com/sbsearch
Here is another EXCELLENT source of information: http://www.theeldergeek.com/spyware_applications.htm
Quote:  "
Is it truly necessary? I don't know if it is or not. Judging from an article on ZDNet called Study: Anti-spyware market to boom in 2005 it seems that may be the case. The article states that, "Sixty-five percent of businesses--big and small--surveyed by Forrester Research said they plan to put money into protecting their systems from malicious and prying software programs in 2005.  If it's that big a problem in business situations, you can pretty safely rest assured it's an even larger problem on home systems."
You may wish to read this first:  http://www.microsoft.com/athome/security/default.mspx
Also, will find that Microsoft now has a BETA version of their own: http://www.microsoft.com/athome/security/spyware/software/default.mspx


WARNINGS: 

Anti-Popup software can impede some of your normal browsing activities.  There are many pop-up blockers available now -- Earthlink has one, Google has one you can implement, along with a tool-bar.  Norton has one.  Naviscope is good one, but  interferes with my ability to interface with the host of my home page on my web site.  When I want to edit or post new information to my web site I have to disable Naviscope for a few minutes.  It incompatible with the normal functioning of www.homestead.com (not for visitors, just me and anyone else trying to edit their web site).  You can just temporarilty close these applications if you are having trouble browsing certain pages.

Anti-Spy software may cripple some software on your computer, so it is best to have some help from someone who has used it before and proceed very carefully.  Avoid "global" changes to your computer and always do a system restore before you install programs.  You will want to be selective about disabling cookies, as this could keep your browser from reaching some of your favorite websites (including the host to your own home page web site if you have one).  If Internet Explorer seems to work differently (in a way you don't like) after you quarantine spyware you may be able to unquarantine the spyware you isolated previously and things will go back to normal.  Then you can go through the list of programs and websites that will be isolated again and be more selective.

NOTE: Windows XP Service Pack 2: Block Pop-up Windows with Internet Explorer
Windows XP Service Pack 2 includes a pop-up blocker for Internet Explorer.
http://www.microsoft.com/windowsxp/using/web/sp2_popupblocker.mspx

 

Here are five good Anit-Spy programs that are FREE to help protect you against SPY software: (To really detect all spyware you have to run more than one and you may need a combination of these:  Spybot, SpywareBlaster, Spysweeper, and Ad-awareYou can (and "should") use them in combination.  They are complementary.

 

(1)  http://www.spybot.info/en/download/index.html (latest version of Spybot Search and Destroy 1.3)

http://www.safer-networking.org/en/mirrors/index.html  << Also)    Here is a review:  http://freebies.about.com/cs/securityfreebies/a/spybot.htm
 

(2)  http://www.javacoolsoftware.com/spywareblaster.html 

SPYBOT allows you to do something like a CREATE / RESTORE operation called SNAPSHOT that you can undo.  Most interesting, however, is its IMMUNIZE feature, which can be used with more precise definition than SPYBLASTER, although Spyblaster give you lots of control.   Spybot also lets you click on the type of critter it finds and it then gives you all kinds of information about it definitionally, including links to its manufacturer.  Lots of FREE updates and definitions. Be careful with the immunize feature, however, because it can stop some software other than spyware (maybe even other anti-spy) from working. 

You even have to be careful giving total control to POP-UP blockers.  Once I unwittingly allowed one to disable the FLASH video features of Internet Explorer:  Pop-up blockers blocking Flash: The most common cause of Flash movies failing to display is the presence of a pop-up/ad blocker software that specifically targets Flash content. To find out more about this please see Flash movies do not appear after installing the Flash Player (TN 19091).  Reason:  This error can be caused by a "kill bit" entry installed in the Windows registry. This type of registry entry is usually created by an ad/pop-up blocker installation. Uninstalling the pop-up blocker will not necessarily remove this registry entry.  You would not be able to see the video on this new Temple in Chile, for example.  Note: Windows Service Pack 2 has a built-in pop-up blocker that might not cause this problem, I don't know.  Probably not wise to give it total control until we find out.


(3) http://www.spysweeper.com/

Seems only Spysweeper (FREE initially but requires license to update definitions) allows you to QUARANTINE stuff (including BackWeb and cookies) so it can be undone later.  Affiliated with Earthlink, so pretty reputable I guess.  (see further information from their website below, between the ======  lines)

 

(4) Ad-aware protects against companies and individuals who want to monitor how you browse the web and then advertise to you.  You may or may not care to protect yourself against this.  Some are not invidious.  Some use cookies and some put their hooks right into your Windows registry.  Then they harvest information and market that information to other marketers.  They can store files in your registry, on your hard disk (as separate files) and as cookies.  Not all cookies are bad.  Some of these you may want.  "Backweb" (a generic term) is sometimes considered to be spyware but is generally used for legitimate purposes. This software should only be removed by advanced users after careful research and consideration.  It will pay you to educate yourself a bit on this.   If you wish to protect yourself against this go to http://www.lavasoftusa.com/  and click on the "Download.com" button.  I recommend that you don't try to customize or configure it yourself unless you are computer savvy.  However, that being said, there are some definite advantages.  For example, you may wish to have it scan your host files, the banned URLs, and any extra drives on your computer besides drive C:  (The default settings do not include these.)  Deep in the customize of the free version you can even set up automatic notification and continuous intercept, so I am not sure what the difference is between the one you pay for and the one you don't pay for.   If you prefer not to customize, running it once a week should be enough for most folks.  Use the default ("smart system scan").

 

(5) ZoneLabs (the same folks that make ZoneAlarm) have one for FREE called PestScan that works ONLINE.  Click >>  HERE.

FREE! Instant Online Pest Scan

http://www.zonelabs.com/store/content/promotions/pestscan/pestscan_01165.jsp;jsessionid=Bn1QIvp7CTKyJK0rQhjonLSpyo21ywkybZNtw3tDP1FZKILKqUjN!1803334343!-1062696904!7551!7552!-875195465!-1062696905!7551!7552

 

A word about cookies:  A cookie is a small piece of information stored by your browser to help identify who you are -- so you will be recognized when you visit a previously visited website where you want to be known.  Web sites use cookies to keep you logged into your account as you move from page to page, etc. If your cookie is not being accepted correctly, you will be logged out of your account as soon as you move to a different page. That can block your ability to sign in or stay signed in to something like your Yahoo or eBay.  See info on this at http://help.yahoo.com/help/in/mail/access/access-03.html  Here are a couple of quotes from that page: "If your browser gives you the option to accept all cookies, you should choose it. If your browser gives you the option to show an alert before accepting a cookie, you should not select it."  I think this is only during the diagnosis of a problem, however, an alert at every page can become a nuisance. Corrupted cookie files sometimes cease to support something like Yahoo! Mail. Try shutting all of your browser's windows, and then deleting the cookie files in your browser's directories. Usually, these files will be called simply "Cookies." As always, be sure that you have selected the proper files before actually deleting them.  Cookies can be useful, so be careful to delete them selectively.  To save time, you can set automatic parameters in something like Norton/Symantec's "one-button checkup" so that your selection criteria is set in advance -- ready for whenever you want to do this.  Warning: Some anti-spy software can not only remove your cookies (when you ask), but make Internet Explorer unable to revisit those pages even when you reset IE to accept cookies, in which case you may have to reinstall your IE browser.  Be selective in those you wish to delete or you may have to start using another browser.  (Mozilla FoxFire appears to be the best, by the way:  http://www.mozilla.org/about/

 

==============================================

APPENDIX  

Seems only Spysweeper (FREE initially but requires license to update definitions) allows you to QUARANTINE backweb stuff so it can be undone later.

Webroot, the maker of Spysweeper, says this about backweb at : http://www.webroot.com/php/spysweeper_spydesc.php

"BackWeb" is a background downloading tool that software vendors can incorporate into their product to download data to their customersí computers. The information most commonly distributed are product updates, although some companies do use BackWeb for advertising purposes. Method of Infection: Companies that bundle their products with BackWeb include AT&T, British Telecommunications, Cisco Systems, Compaq, Ericsson, Fidelity Investments, F-Secure, HP, IBM, Logitech, NBC, Network Associates, Nortel Networks, Real Networks, Siemens, Verizon Wireless, and WatchGuard Technologies.  Additional Comments: Backweb is sometimes considered to be spyware but is generally used for legitimate purposes. This software should only be removed by advanced users after careful research and consideration.   BackWeb helps companies maximize their content investments by prioritizing, delivering and promoting the usage of critical information to customers, suppliers, partners and employees across the enterprise. BackWeb ProactivePortalTM technologies allow companies to ensure that the right people have the right information at the right time. These technologies are the result of hundreds of man-years of development effort and experience with hundreds of customers.
    Many Fortune 500 companies rely on BackWeb to manage critical communications across the enterprise, maximize their portal investments, and streamline their e-businesses. By ensuring that critical portal content is automatically prioritized, delivered, received and used across the enterprise, CIOs can promote their business-critical communications and leverage their portal investments. For more information, please visit us on the Web at www.backweb.com.

http://www.pestpatrol.com/PestInfo/B/Backweb.asp  Pestpatrol says this: BackWeb is a generic, background downloading tool that software vendors can incorporate into their product to download data (e.g. product updates) to the user's PC. Its operation depends on the instructions given to it by the individual software vendor who bundles it.  BackWeb has been associated with numerous large companies working on a corporate level to deliver timely information and updates. Essentially, BackWeb is a communications program whereby a large amount of users may be contacted in an instant.  Information may be collected from many sources including applications which may then be delivered to the collection site. Further, this technology is based upon an open architecture whereby third-party developers may develop customized applications to meet their needs.  BackWeb has plug-in module capabilities to further extend features and capabilities of the core program. One such established plug-in module is the "BackWeb Polite Upstream" which allows for the reverse flow of communications. Communications from the client may be delivered to the server for assimilation into a collection point for further processing.  May use port 6670 (as may other games and programs.)

==============================================

Now if you want the ultimate in protection, IF you have a PC, you could even abandon Windows for internet stuff and use Linux http://www.linux.org/ )

You would have to have two operating systems on your computer, and would need something like "Partition Magic" to set up separate partitions on your hard disk.  I have not yet gone to this extreme, but I am thinking about it.  It is a bit radical to make this move.  Everything above this paragraph, however, is not extreme.  It is what you have to do nowadays to make sure you are protected.  Eventually you WILL be hit if you are not.  That is, if you are doing anything on the WEB or with email communication.

 

Occasionally there are "false positives" with respect to Trojans.  (Consider http://sdp.ppona.com/security_issue.html at  http://sdp.ppona.com/

Most likely you would only be interested in this if you were attempting to develop Windows Media Streaming products.)

 

In conclusion, in goes without saying that you should also have a "backup" of your data, in case a virus actually corrupts your system.

There are numerous ways to do this.  The only comprehensive way is to protect against hardware failure and an Operating System (Windows) failure -- either of which can be hit by a virus.  I use both "real-time" and "archive" backup.  The real-time makes a mirror-image backup of everything I have on a separate drive, but the problem is that both will be infected, so archive on another drive (or CDs or DVDs) is also necessary.  (I keep only one image backup on a separate USB drive and copies of my important documents on a USB FLASH memory stick that is always on my car keys. Example:  http://www.microcenter.com/single_product_results.phtml?product_id=0157074  That way, if there is a fire in my house while I am away and my computer burns up, God forbid, I am not totally lost.)  Making a mirror image file of your entire hard disk requires a program like Norton Ghost (comes with Norton System Works) or Drive Image Plus (which is better than Ghost).  Only the "plus" version (6.0 and higher I believe) can handle the latest version of the Windows XP operating system (which uses NTFS "plus" even though they don't tell you.)  Search www.google.com to find best price.  This kind of archive backup routine can take 30 minutes or 8 hours, depending on how big your hard disk is and whether you have lots of compressed files on it already (like pictures stored as JPEGs). You can run it over night one a week, or whenever.

 

All this information is intended to help make your life easier, rather than more complicated.  Also, I hope that you now more "strongly urged" to follow Grant's advice.

Good luck and be well.

Greg Kagira-Watson


P.S.  Below is an interesting article that I found at: http://freebies.about.com/cs/freesoftware/a/thunderbird.htm


Enjoy secure and spam free email for free: 

From Lee Seats,
A guide to Freebies.

"I was once a die-hard Microsoft Outlook user and I know many people use Outlook Express since it comes free with Windows. When Outlook 2002 came out, I upgraded and found that it was so full of bugs that I couldn't stand to use it. That prompted me to migrate all six of the email accounts I monitor to Mozilla Mail. I've been very happy with Mozilla Mail ever since.

If you read my most recent previous article, you know that I switched from using the Mozilla browser to using its lighter, faster, little brother Mozilla Firebird. Well, Mozilla Mail also has lighter, and faster sibling called Mozilla Thunderbird. Iím currently using Mozilla Thunderbird to manage all six email accounts.
http://texturizer.net/thunderbird/faq.html#why
If you pay attention to version numbers of software, you may have noticed that at this writing, Mozilla Thunderbird is at version .3 and Mozilla Firebird is at version .7.
[NOTE from Greg: It is now at .9 on January 29th, 2005.  I highly recommend Thunderbird and Firefox.  See Mozilla.org ]
Sponsored Links

Collaborate with OthersImprove productivity with Microsoft Office System. See new features.www.microsoft.com

Reach IT ExecutivesHighest quality niche & vertical market IT postal & email lists.www.l-i-s-t.com

Best Outlook Spam FilterBest Spam Filter (PC World) Most Accurate Blocker (PC Magazine)www.cloudmark.com

Neither one has reached the magic 1.0 version number, but from what I have seen so far, both are very stable and work better than many programs that have had a long history of version releases.

The following are the major reasons to consider using Mozilla Thunderbird as your email client: Mozilla Thunderbird has made email management a pleasure instead of a chore for me. If you want to give it a try you can download it from Mozilla.org "
All the best,
from Lee Seats

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

JPEG Processing (GDI+) Vulnerability Targets Microsoft Users



Microsoft is warning Windows and other Microsoft software users about a JPEG processing vulnerability that leaves a user's system susceptible to receiving outside software code, which can in turn install malicious programs or viruses on, or otherwise harm, unprotected computer systems.

How the JPEG Processing Vulnerability works:
Simply by viewing an infected JPEG image (a file with the extension ".jpg" on the end - usually a photograph) on a Web page, e-mail attachment, or other method, malicious commands may be executed on an unpatched (unprotected) computer, allowing the hacker to take over control of the computer.

This vulnerability may be used in conjunction with other hacking and phishing methods to obtain a user's passwords and financial information. It can also turn the compromised computer into what is called a "zombie" computer, which can then be controlled remotely by the hacker to attack other networks or to send spam.

What you can do to protect your computer:
There are security patches available to help you protect your computer from the JPEG Processing (GDI+) Vulnerability. We urge you to visit the software update site appropriate for your software. Depending on the software you are using, you may need to install multiple updates from multiple locations. For more information and to download the appropriate Microsoft security update that applies to this vulnerability, visit the Microsoft security updates page on GDI+ vulnerability.

Other popular security software sites also have information available describing this threat and recommending the appropriate course of action to follow. For Symantec (Norton Anti-Virus products), please visit the Symantec site. For McAfee security products, please visit the McAfee Home and Home Office site.

Depending on the software you are using, you may need to install multiple updates from multiple locations.

Important  Windows XP Service Pack 2 (SP2) is not affected by the GDI+ issue, and installing Windows XP SP2 eliminates the GDI+ issue in affected Microsoft developer tools and imaging software. However, Windows XP SP2 users may have other Microsoft software installed that requires updating. If you use Windows XP SP2 and Microsoft Office, please visit the Office Update Web site to scan your computer for needed updates.

There is a phone number for FREE support from Microsoft regarding Spyware / virus and other security issues:  1-866-PC-Safety (866-727-2338)

For users of Windows System Restore and Symantec's System Works:  (Norton Anit-virus, etc.)

Symantec (Norton) has the reputation for having some of the best products in this domain of utilities (Norton) and antivirus software.  However, live tech support is virtually non-existent, and their web site is somewhat confusing and hard to navigate.  I once waited on the phone for 4 hours before being able to talk with anyone.  However, Symantec has online CHAT tech support.  Can't vouch for it.  Some who use it seem happy with it.  Their documentation is also rather poor.  Often you have to go online (instead of using the paper manual that comes with the product.)   Sometimes you can only find your answer online (or in a PDF), neither of which is useful if your computer is down because of the problem you are having. 

NORTON Ghost (drive image backup) cannot recognize RAID drives UNLESS you download their latest update from the web, (after buying the product of course). In other words, Ghost cannot recognize RAID drives unless and until you do a LIVE-UPDATE for Ghost while online.  You CAN do image backups from your RAID drives without the CD however (only after running Live Update for GHOST.)  This is of no use however if and when your system goes down-- which is why you bought it, right?-- because then you would need to use the CD. 

So, you have to have prepared your own bootable CD (good luck... the program does not do it for you) if you expect to include your RAID drives in your recovery process (almost certain since you usually boot from one).  Again, the bootable rescue CD from Norton (Symantec) does not have a RAID compatible Ghost program on it.  Trying to recover with the rescue disk that comes packaged in the box with their latest and greatest Premier 2005 SystemWorks doesn't work.  So, as I said, you have to make your own bootable CD, installing your own drivers for your RAID drives (where you want to restore your backup image), your USB drive (if that is where you saved your image file), etc. etc.   A real pain, and for most folks and beyond their technical competence.

SOLUTION:  ACRONIS recognizes both RAID and USB.  This is the only other company that I know of  claims to be able to do incremental backup:  Acronis True Image v8: http://www.acronis.com/ Also see:  http://forums.anandtech.com/messageview.aspx?catid=33&threadid=1467272&enterthread=y   See MORE ON BACKUP at the bottom of this page..

More problems with GHOST:  PQV2iSvc.exe is the "Drive Image" backup program Ghost uses to produce backup images.  It has been reincarnated as part of Norton Ghost in the 2005 version of Norton System Works.  After creating a backup using Ghost 2005 I have found that PQV2iSvc does not close. It continues to use 60-90% of your CPU resources and cannot be closed by using the End Task button in Windows Task Manager. Only a reboot makes it go away until the next backup.  I am waiting a response from Symantec as to how this brand new bug can be fixed.  Even when Ghost is working the way it is supposed to be working it is unpredictable.  You want to do only incremental backups during the day, but it will decide on its own to do a full backup, bring all your system resources to a stand still.  You computer may become virtually unusable for 45 minutes.  I have found that the ONLY solution to this is to disable completely all automatic processes (which is why I bought it in the first place) and only do a manual backup when I am willing to restart the computer just afterwards.  Scheduled backup during the day is impractical for large systems, especially if all  your OS, program files and data are in one partition, but the main problem is this PQV2iSvc.exe eating up resources even when you are not using it.... after you thought you were done using it. I have not found any way to set the program to LOW priority in Task Manager.  It is blocked.  It eats up nearly all the CPU power when set to normal priority.... even though it is supposed to be a background task.  . SEE THIS LINK

More problems with NORTON utilities:   "NOPDB.EXE" is a service (program) used by Speed Disk. It is mainly associated with scheduling Speed Disk, but it does run by default. If you disable it, Speed Disk will still run when manually launched.  To disable Speed Disk's scheduling service, NOPDB.EXE:  Click Start, point to Settings, and then click Control Panel. The Control Panel appears. Double-click Administrative Tools, and then double-click Services. The Services dialog box appears. Right-click Speed Disk service. A menu appears. Click Properties. The Speed Disk service Properties dialog box appears. Change the Startup Type from Automatic to Manual. Click OK. Good luck, if you are using XP just goto Admin Tools and follow from there.  You can see if you have this thing running by pulling up TaskManager (cntrl-alt-del) and looking at the "Processes" TAB.  See this link: http://www.neuber.com/taskmanager/process/nopdb.exe.html

 

Using Norton GoBack and Ghost together?

Due to the fact that GoBack writes to boot records, it is necessary to disable GoBack before being able to use Ghost.   If you plan to use Ghost with constant/ongoing incremental backups you probably do not wish to use GoBack.  You may disable GoBack from Windows, or press the space bar on the keyboard when GoBack 'counts down' to boot into Windows. Alternatively, use a Norton Ghost boot disk when entering Ghost whilst GoBack is still running - it may work on some Ghost functions only. Note that disabling GoBack causes all GoBack history to be deleted. This is normal.   You may think this means GoBack is worthless for folks who use Ghost everyday, especially if using the "incremental" backup (the most powerful feature of the NEW Ghost in System Works Premier 2005).  However, remember that GoBack creates its own restore points (including backup files) every hour, whereas Windows System restore only one per day, but not always (and only if you turn your computer off everyday).  There may be issues with SATA RAID drives, so be careful.  I have mixed feelings about GoBack.  Once it saved me.  Another time it locked up my system BEFORE it would even boot.  I had to boot from another drive and disable GoBack from there.  Right afterwards I removed if from my system permanently..

 
Using Windows System Restore on your computer with GoBack:

By default, when installing Norton GoBack onto a Windows ME system, Windows' System Restore would be disabled automatically. However, when installing onto a Windows XP system, System Restore will not be disabled. Users may wish to disable System Restore to ensure the system can be rolled back to a correct point with  GoBack, but  it still seems to work  with Windows System  Retore still running.  (See last paragraph below.)

 

Some GoBack history disappeared?

Some utilities software such as Speed Disk may cause GoBack history to be deleted because of the way these utilities operate. History will be built up again after a brief period of time.  

 
You can still use Windows System Restore to create restore points if GoBack is running, but apparently you cannot restore a Windows restore point using Windows System Restore unless and until you turn off GoBack. 
Note that disabling GoBack causes all GoBack history to be deleted.

 

MORE ON BACKUP

Only one other company that I know of  claims to be able to do incremental backup:  Acronis True Image v8: http://www.acronis.com/ Also see:  http://forums.anandtech.com/messageview.aspx?catid=33&threadid=1467272&enterthread=y
Version 8.0 is compatible with RAID drives.  (I tried it.)   I am pretty impressed with this company.  Unlike Symantec, the program will automatically make a bootable CD that recognizes your RAID drives and your USB-- in less than a minute after you first install the program.  Gone are the hassles with Symantec.  They have a FREE trial version you can test for 15 days before purchase:  http://www.acronis.com/homecomputing/products/trueimage/   No need to uninstall, when you are ready for the full blown version, and all the backups you made with the trial are fully functional with the full version.  (Without the full version you will not have ability to restore system files. That's the only difference.)

TrueImage creates Virtual Drives in a secure zone (inside a logical drive partition that it creates).  This makes it a little hard to determine your space requirements because your virtual drive will look just like your source drive.  E.g. a 40GB drive with the image of 120GB drive will look like 120GB drive, although this is impossible for the actual physical size on the drive  Obviously the image file physically has to fit within 40GB.   There may be a way to find the size of the image file itself, but I have not yet figured it out.  Basically, they recommend 1.5 times the size of the data for your "secure zone"-- where you are going to store your image.  If you want more than one image then multiply the number by 1.5.  Thus for two image files of 40GB worth of data, you should create a partition of 120GB.  I think that the .5 multiplier might be for the incrementals, but not sure.  I am still experimenting with this.

Here is the link for the FREE download of the trial version.  http://www.acronis.com/homecomputing//download/trueimage/  You are not required to put in any credit card information to try it.
I tried their online CHAT support and it is very effective for support:  Got this message in less than 2 minutes:  "Acronis True Image rescue mode supports all levels (RAID 0,1,2,3,4,5) of most SCSI RAID controllers and also Promise and Highpoint IDE controllers in stripe mode (RAID 0,1) only. Some SATA controllers (Highpoint, Intel, Promise, Silicon Image) are supported as well. Other RAID controller models and modes support will be implemented in future version with our development team being continually working on implementing better hardware support in every new build. Only the full version allows you to create and restore images, and clone disks when Acronis True Image 8.0 is launched from the bootable rescue media. You can create a bootable CD, and it shows if the program recognizes your configuration.  A bootable CD made with trial version recognizes the same drives as full version."  For more technical answers they have 24-48 hour turn-around on email.

 

MORE ON SYMANTEC


Here is how to send questions to SYMANTEC
http://www.symantec.com/techsupp/nsys/nsw_2005_pe_tasks.html  (This link lets you select the product)
so, for GHOST, for example you arrive here: >http://www.symantec.com/techsupp/ghost/ghost_9_tasks.html 
http://www.symantec.com/techsupp/ghost/ghost_9_contact_tscs_solve.html  (contact)
Now you can click on CONTACT, which gives you a form to fill out:
https://symantec.iseva.net/support.aspx

Same is true for Norton Antivirus:
http://www.symantec.com/techsupp/nsys/nsw_2005_pe_tasks.html http://www.symantec.com/techsupp/nav/nav_2005_tasks.html
http://www.symantec.com/techsupp/nav/nav_2005_info_solve.html
http://www.symantec.com/techsupp/nav/nav_2005_contact_tscs_solve.html
Now you can click on CONTACT, which gives you a form to fill out:

https://symantec.iseva.net/support.aspx

And UTILITIES for SystemWorks:
http://www.symantec.com/techsupp/nu/nu_2005_tasks.html
http://www.symantec.com/techsupp/nu/nu_2005_info_solve.html (other software issues)
http://www.symantec.com/techsupp/nu/nu_2005_contact_tscs_solve.html  (contact)
Now you can click on CONTACT, which gives you a form to fill out:
https://symantec.iseva.net/support.aspx