The Naked PC - http://www.TheNakedPC.com
What You Need to Know about All Things PC
Publisher:           Lee Hudspeth and T.J. Lee
Editor in Chief:     Dan Butler
Contributing Editor: Al Gordon
This issue is for Thursday, December 20, 2001 - Vol. 4 No. 26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Table of Contents

** 01. Letter from the Publisher
** 02. Anti-Virus Software Manufacturer Links (by Lee Hudspeth)
** 03. How to Protect Yourself from Viruses and Other Malware
       (by Lee Hudspeth)
** 04. The Naked PC's Virus-Related Article Links
** 05. Belkin's Secure Networking Gateway Routers (by Al Gordon)
** 06. Featured Product - Trend Micro HouseCall (reviewed by
       Lee Hudspeth)
** 07. Featured Web Site - ICSA Labs
** 08. Newsworthy - a potpourri of current events and
       interesting stuff


** 01. Letter from the Publisher

In recent months, no doubt you either have been personally
attacked by a virus, or you know someone who has been attacked.
Perhaps Nimda was the culprit, or Snow White or SirCam or Goner
or Gokar or Badtrans or... Given the unprecedented growth of
malware, and the increased risk burden this puts on all of us,
Lee decided to put together a special issue of The Naked PC,
covering viruses and resources you can use to protect your PC
from infection.

In this issue you will find a list of anti-virus software
manufacturer links; these links point to each manufacturer's
current anti-virus product page, technical support page, virus
info page, and virus encyclopedia page. Lee gives you his
checklist that you can follow to be sure you're keeping yourself
protected from virus attacks, day in and day out. We include a
list of links to all the articles The Naked PC has published to
date on virus-related topics. Al reviews several of Belkin's
secure networking products that can help you quickly share a
cable/DSL connection (standard Ethernet and wireless). This
issue's Featured Product and Web Site articles describe HouseCall
(a free online virus scanner) and ICSA Lab's list of certified
desktop anti-virus products, respectively.

A special note for our TheNakedPCStore.com customers: due to the
holiday shipment crush you should not expect delivery by December
25th for orders placed after December 19th. If you have a
question about your order send an email to this address. Be sure
to include your seven digit invoice number and one of us will get
back to you promptly.
mailto:[EMAIL PROTECTED]

Also note that TheNakedPCStore.com's Holiday Special offering is
no longer available.

Reader support is what keeps The Naked PC free. To this end you
can help us by passing a copy on to co-workers and friends (no
spam please). We even make it easy to refer people to The Naked
PC... check out our Refer page:
http://www.TheNakedPC.com/refer/


+++------------------------- sponsor -------------------------+++

>>     "How Many Ways Will You Use These Amazing Devices?"

They're incredibly handy. When we first saw these amazing little
devices we thought, "these will look cool hanging on my key
ring." Then we started using them. WOW - every day we find more
uses. How many will you find?

http://www.TheNakedPC.com/t/a/tr.cgi?swisstech

+++------------------------- sponsor -------------------------+++


** 02. Anti-Virus Software Manufacturer Links (by Lee Hudspeth)

Here is a link to a supplemental page that lists all the anti-
virus software manufacturers we've come across (the list is too
long to publish here in the body of the newsletter). There may be
a few more out there, but this comprehensive list should get you
started.
http://www.TheNakedPC.com/t/426/tr.cgi?av1

You'll see four links for each manufacturer: anti-virus product
information, anti-virus product technical support, virus
information, and virus encyclopedia. The links are presented in
alphabetical order by the manufacturer's company name. The latest
version number of each product is also displayed (note that many
manufacturers offer multiple products).

When you look at our list, keep in mind that each manufacturer
has its own preferred way of presenting its "virus info" page as
well as a "virus encyclopedia" page. For example, at the Symantec
Security Response page when you look up Gokar in the
encyclopedia, one of the latest variants is W32.Gokar.A@mm. Here
is a breakdown of the information you'll find on W32.Gokar.A@mm:
discovery date, type, infection length, the date of the virus
definitions that include this threat, a threat assessment, an in-
the-wild assessment, damage, distribution, lengthy technical
description, and detailed step-by-step removal instructions.

"Virus info" pages typically--although not always, and not for
each manufacturer--cover topics like these: the day's active
viruses, hoax listings, new virus discoveries (for the current
day), warnings/advice articles or FAQs, virus calendar, glossary,
regional information, links to specific virus removal tools,
newsletter subscription offer (for example, "Symantec Security
Response Newsletter" or "McAfee.com Dispatch"), and so on. These
pages can be useful if you're intellectually curious about
malware, but if you're trying to disinfect a system, you are best
off in front of a friend or colleague's *uninfected* PC, studying
the encyclopedia information on whatever virus you've got.

Here are a few common malware terms (these definitions are quoted
directly from the McAfee.com virus glossary). Should you be
interested, you'll find other terms and topics defined up on the
manufacturers' virus info pages.
http://www.TheNakedPC.com/t/426/tr.cgi?avgloss

Virus - A computer program file capable of attaching to disks or
other files and replicating itself repeatedly, typically without
user knowledge or permission. Some viruses attach to files so
when the infected file executes, the virus also executes. Other
viruses sit in a computer's memory and infect files as the
computer opens, modifies or creates the files. Some viruses
display symptoms, and some viruses damage files and computer
systems, but neither symptoms nor damage is essential in the
definition of a virus; a non-damaging virus is still a virus.

Macro virus - A macro virus is a malicious macro. Macro viruses
are written a macro programming language and attach to a document
file (such as Word or Excel). When a document or template
containing the macro virus is opened in the target application,
the virus runs, does its damage and copies itself into other
documents. Continual use of the program results in the spread of
the virus.

Spyware - (from Steve Gibson's OptOut page) Spyware is any
software which employs a user's Internet connection in the
background (the so-called "backchannel") without their knowledge
or explicit permission.

Trojan horse - A Trojan horse program is a malicious program that
pretends to be a benign application; a Trojan horse program
purposefully does something the user does not expect. Trojans are
not viruses since they do not replicate, but Trojan horse
programs can be just as destructive. Many people use the term to
refer only to non-replicating malicious programs, thus making a
distinction between Trojans and viruses.

Worm - Worms are parasitic computer programs that replicate, but
unlike viruses, do not infect other computer program files. Worms
can create copies on the same computer, or can send the copies to
other computers via a network. Worms often spread via IRC
(Internet Relay Chat).

False negative - A false negative error occurs when anti-virus
software fails to indicate an infected file is truly infected.
False negatives are more serious than false positives, although
both are undesirable. False negatives are more common with anti-
virus software because the may miss a new or a heavily modified
virus.

False positive - A false positive error occurs when anti-virus
software wrongly claims a virus infects a clean file. False
positives usually occur when the string chosen for a given virus
signature is also present in another program.

If you know of an anti-virus developer that isn't on this list,
drop me a note.

You can reach Lee Hudspeth at:
mailto:[EMAIL PROTECTED]


** 03. How to Protect Yourself from Viruses and Other Malware
       (by Lee Hudspeth)

Later in this issue you'll find an article entitled "The Naked
PC's Virus-Related Article Links" with links to all the articles
we've published on virus-related topics. These articles provide
valuable checklists for activities like optimizing (and safely
testing) your anti-virus program, understanding and dealing with
hoaxes, evaluating anti-virus programs for ease of use, thwarting
virus attacks, and so on. Here's my checklist for use when
protecting yourself from malware. (Special thanks to my colleague
Mike Craven for his assistance in refining this checklist.)

Note that this list is focused on folks running stand-alone
desktops or peer-to-peer networks; if you're a network
administrator then you can certainly extract value from this
list, but I won't be talking about the special types of
protection required when running a network that support
enterprise-wide email services, Web servers, and the like.

1. NEVER, NEVER, NEVER OPEN OR EXECUTE AN EMAIL ATTACHMENT FROM
SOMEONE YOU DON'T KNOW. Or even someone you do know if it's not
a file you were expecting. And it's a good bet to call or other
wise verify with the sender that they did indeed send you the
file and not some virus program that commandeered their email
client.

2. INSTALL AND USE A MODERN ANTI-VIRUS PROGRAM.

Any one will do, but the most important thing is to use one. (I'm
in the process of reviewing anti-virus programs, see the link
below, and stay tuned.)
http://www.TheNakedPC.com/t/426/tr.cgi?av2

3. BE AGGRESSIVE.

Configure your anti-virus program to be aggressive in how it
detects malware.
http://www.TheNakedPC.com/t/426/tr.cgi?av3

4. GET DAILY UPDATES, AUTOMATICALLY.

Configure your anti-virus program to update its virus definition
files and its engine (and other software components) DAILY.

5. AUTOMATICALLY MONITOR ALL FILE ACTIVITY.

Turn on your anti-virus program's "auto-protect" feature.

6. AUTOMATICALLY SCAN EMAIL.

Turn on your anti-virus program's email scanning feature.

7. AUTOMATICALLY SCAN MICROSOFT DOCUMENTS WHEN OPENED.

Turn on your anti-virus program's feature for scanning Office
documents.

8. RUN WEEKLY FULL-SYSTEM SCANS.

This is easy to configure with your anti-virus program's options
settings dialog.

9. USE A FIREWALL.

I recommend that you install and use a personal firewall on your
PC(s). I personally recommend ZoneAlarm. If you have a network
that's sharing an Internet connection, be sure to familiarize
yourself with your router/gateway's built-in firewall.
http://www.TheNakedPC.com/t/426/tr.cgi?av4

10. INSTALL SOFTWARE SECURITY PATCHES.

Routinely check the Web sites of all your software programs that
connect with the outside world--operating system, email client,
browser, personal firewall, document editing tool (like Microsoft
Office) and so on--and update them by installing the
manufacturer's suggested security-related service releases and/or
patches. In our ebook "The Book That Should Have Come with Your
Computer" we devote an entire chapter--Chapter 8--to the subject
of staying ahead of the upgrade game; for information about
tracking down software upgrades see the section "Tracking Down
Upgrades."

11. SCAN FOR TROJANS AND SPYWARE.

To identify and remove trojans that might slip by your anti-virus
program, check out MooSoft's The Cleaner, available as shareware:
http://www.TheNakedPC.com/t/426/tr.cgi?av16

To identify and remove spyware, check out Lavasoft's freeware
tool Ad-aware:
http://www.TheNakedPC.com/t/426/tr.cgi?av18

Even if you've followed all the above steps, it is still
theoretically possible that a piece of malware could escape
detection.

If you're thinking these steps represent too much work, not so.
Once you've spent a few minutes configuring your anti-virus
program using my recommendations, it's "set and forget." Ditto
with your personal firewall. You can subscribe to free
newsletters that will automatically inform you of software
security patches, or you can manually peruse various "virus info"
pages (just remember to do so regularly). Other ways to stay
ahead of the upgrade game are described in the aforementioned
book.

You can reach Lee Hudspeth at:
mailto:[EMAIL PROTECTED]


+++------------------------- sponsor -------------------------+++

                   "Computer Tips Compendium"

We've collected over 460 computer tips and have packaged them as
an electronic book in PDF format. That means that the text of
each and every tip is fully text searchable... you'll find the
tip you need, when you need it. We've pulled together the BEST
TIPS, tricks, and techniques that you're likely to ever find all
onto a single CD. You also get free access to the restricted Tips
Section of The Naked PC Web site! Tips on where to find the
information you need on the Internet, shortcuts to settings,
fixes and workarounds to problems, general computer tips, tips
for specific software, over 460 tips to help people like you use
your computer even more productively.

http://www.TheNakedPC.com/t/a/tr.cgi?comptips

+++------------------------- sponsor -------------------------+++


** 04. The Naked PC's Virus-Related Article Links

Here are links to all the articles we've published to date that
cover virus-related topics, excluding the current issue's
articles (alphabetical by title).

"A Serious Reminder About Viruses and Backups"
http://www.TheNakedPC.com/t/426/tr.cgi?av5

"Evaluating Anti-virus Software for Ease of Use" (supplemental
page)
http://www.TheNakedPC.com/t/426/tr.cgi?av6

"Evaluating Anti-virus Software for Ease of Use: Panda Antivirus
6.0 Platinum"
http://www.TheNakedPC.com/t/426/tr.cgi?av7

"Norton AntiVirus: Resolving Subscription Problems and Upgrading
to Version 2002"
http://www.TheNakedPC.com/t/426/tr.cgi?av8

"Norton AntiVirus: Resolving Subscription Problems and Upgrading
to Version 2002 - Part 2"
http://www.TheNakedPC.com/t/426/tr.cgi?av9

"Optimal Norton AntiVirus 2000 Settings"
http://www.TheNakedPC.com/t/426/tr.cgi?av10

"Safely Testing Your AntiVirus Package with the EICAR Test File"
http://www.TheNakedPC.com/t/426/tr.cgi?av11

"Safely Testing Your AntiVirus Package with the EICAR Test File:
Part 2"
http://www.TheNakedPC.com/t/426/tr.cgi?av12

"Seeing Red Over AntiVirus False Positives"
http://www.TheNakedPC.com/t/426/tr.cgi?av13

"The Budweiser Frog Virus Alert Is a Hoax, and Where To Go To
Dispel Many a Tenacious Virus Myth"
http://www.TheNakedPC.com/t/426/tr.cgi?av14

"Virus Attacks and How to Thwart Them When You Get One"
http://www.TheNakedPC.com/t/426/tr.cgi?av15


+++------------------------- sponsor -------------------------+++

"You Can Laugh At Money Worries - If You Follow This Simple Plan"

Do you sometimes have more month than money? Ever wonder how to
dig out of the hole of debt? Maybe someone you know is
struggling. In today's uncertain times with tens of thousands
being laid off, this is one step you can take now to make your
future more certain. This proven multimedia course will show you
everything you need.

http://www.TheNakedPC.com/t/a/tr.cgi?financial

+++------------------------- sponsor -------------------------+++


** 05. Belkin's Secure Networking Gateway Routers (by Al Gordon)

I look upon the task of networking my computers with the same
fondness as I attach to a dentist's drill. All I want from
networking products is that they let me set up without making my
life difficult. So I was happy as a clam (that would be a New
England clam, of course) when Belkin Components rolled out a wide
lineup of Ethernet and 802.11b ("WiFi") products, and discovered
that I could actually get them to work. Quickly.

For more details, links, and pictures, please see my supplemental
page:
http://www.TheNakedPC.com/t/426/tr.cgi?al1

Belkin networking products are particularly helpful to users with
broadband Internet connections. The flagship products--the
Wireless Cable/DSL Gateway Router (F5D6230-3) and 4-Port
Cable/DSL Gateway Router (F5D5230-4)--both have robust firewall
technologies to protect your "always on" connection from hackers.
The wireless gateway also has five different encryption levels
for your wireless transmissions.

The gateways also have the crucial capability to clone your
network card's MAC address. This allows you to set up the gateway
so that as far as your broadband ISP is concerned, it is still
connected to your original card. This is a safeguard, not against
hackers, but rather against ISPs that impose extra fees for
plugging in a network to their broadband service.

The competition in small office and home networking, such as
Linksys and Netgear, are known for quality gear, but for which
setup sometimes can be a struggle. Belkin has correctly noted
that ease of use would be a major competitive edge and has
emphasized that in its products. We will have more on setup
(including setup in Windows XP) in future issues. But for now, if
your holiday shopping plans include a SOHO network, give Belkin a
look.

You can reach Al Gordon at:
mailto:[EMAIL PROTECTED]


** 06. Featured Product - Trend Micro HouseCall (reviewed by
       Lee Hudspeth)

HouseCall is a Web-based tool that scans your PC, for free, over
the Internet. To start, click the link shown below; to do an
immediate scan click the "scan without registering" link (you can
register, but it's not required). Next indicate what country
you're from (more about what data the tool gathers in a moment).
If you're interested, there's a link on the page that allows you
to see the top virus lists by continent and country.

The first time you run HouseCall you may have to wait several
minutes while the scanner loads, even if you have a high-speed
connection. (The scanner is packaged as a VeriSign-certified CAB
file from Trend Micro, so you will need to click Yes to the query
"Do you want to install and run..." to proceed.) On subsequent
visits the wait time will be shorter. When the scanner loads, a
tree view of your computer's drives appears. You select one or
more drives--or individual folders--to scan, check "Auto Clean"
to have HouseCall disinfect any suspect files (the "Auto Clean"
check box is *not* checked by default), then click the "Scan"
button. The scanner displays a dialog box with a full progress
report, including the current file being scanned, the number of
files scanned, the number of infected files found, and infection
details. You can stop the scan at any time by clicking the "Stop
Scan" button. In my test, HouseCall v5.50.0 (Engine 5.630-1025)
scanned a 1.5 GB partition in 31 minutes, and identified two of
the three EICAR test files. It caught eicar.com and eicar.zip
(with eicar.com inside), but failed to flag eicar.com.txt, a file
that Norton AntiVirus 2002 flags as an "EICAR Test String.70"
infection and Panda Antivirus Platinum 6.0 flags as "EICAR-AV-
TEST-FILE".

The information HouseCall returns to Trend's tracking center is
the country of origin and number of files scanned; if an
infection is found, HouseCall also reports the virus name, the
number of infected files found, and the number cleaned. According
to the site, "No personal files from your computer are ever sent
back to our server. All virus tracking information is anonymous.
We do not log IP addresses or collect any personal information
about individual users in the Virus Tracking Center database. The
email address you submitted for receiving security alerts is
stored in a separate database." (If you choose not to register,
no email address is gathered.) The site explains that this data
gathering process helps in the center's analysis of country-
specific malware issues.

http://www.TheNakedPC.com/t/426/tr.cgi?fprod


** 07. Featured Web Site - ICSA Labs

ICSA Labs is a division of TruSecure Corporation, a security
solutions provider. The main interest that The Naked PC readers
are likely to have in this site is the lab's list of certified
anti-virus products. "ICSA Labs Certification criteria are
public, objective, fair, credible criteria that yield a pass-fail
result. To remain consistently results-oriented, certification
criteria is based on resistance to threats and risks or on
successful outcome, and not based on fundamental design or
engineering principles or on an assessment of underlying
technology. In most cases, this mirrors a 'black-box approach'."
For the quality assurance minded among you, the site goes on at
great length to explain the details of its certification process.

ICSA Labs' main Web page is here:
http://www.TheNakedPC.com/t/426/tr.cgi?fsite1

You can study ICSA Labs' "On-Demand/On-Access Anti-Virus Product
Certification" list here:
http://www.TheNakedPC.com/t/426/tr.cgi?fsite2


** 08. Newsworthy - a potpourri of current events and
       interesting stuff

*-* Microsoft warns Internet Explorer 5.5 and 6.0 users to
IMMEDIATELY patch IE. This latest patch eliminates all security
holes discovered over the past few months, as well as three new
holes.
http://www.TheNakedPC.com/t/426/tr.cgi?news1

*-* Four Israeli teenagers have been arrested and admit to
writing the "Goner" email worm, allegedly to compete with some
rival hackers.
http://www.TheNakedPC.com/t/426/tr.cgi?news2

Get more Newsworthy bits on The Naked PC Web site:
http://www.TheNakedPC.com/newsworthy/

Have you come across something newsworthy? Drop us a line:
mailto:[EMAIL PROTECTED]


   **PLEASE SUPPORT THE NAKED PC BY VISITING OUR ADVERTISERS**
+++----------------------- classifieds -----------------------+++

                    Tweaki...for Power Users
Designed for all Windows operating systems, Tweaki is your Swiss
army knife of utilities. Implement security, lock down your
Desktop, tweak Microsoft Office, optimize Windows--roughly 500
tweaks in all! Tweaki also comes with a built-in undo function
that restores any tweaked setting the utility tracks, no matter
how long ago you tweaked it!
http://www.TheNakedPC.com/t/a/tr.cgi?tweaki

+++-----------------------------------------------------------+++

            PROTECT Your PRIVACY with Anonymizer!
Sign up and use our proxy server to stay 100% anonymous!
Convenient and effective privacy protection -- no one can see
where you surf. Blocks Cookies, Java, JavaScript, and other
tracking methods. Cookie Encryption - lets you safely access
and use Web sites that require cookies. URL Encryption -
encrypts your page requests so your ISP can't log them.
http://www.TheNakedPC.com/t/426/tr.cgi?anon

+++-----------------------------------------------------------+++

             **NEED INK? SAVE 40-70% OVER RETAIL!**
High Quality Inkjet Printer Cartridges, JetPaks, Refill
Kits. Super Prices! Your Satisfaction IS Guaranteed. NEW! We now
offer High Quality Remanufactured Toner Cartridges Save 30-40%
       * FREE Printer Utilities! * MaxPatch Ink Supplies
http://www.TheNakedPC.com/t/a/tr.cgi?maxpatch

+++-----------------------------------------------------------+++

          LEARN HOW TO USE A FEW SPARE BUCKS
          TO START ANY BUSINESS YOU WANT OR
          EXPAND YOUR CURRENT BUSINESS WITH
                LITTLE OR NO RISK
    http://www.TheNakedPC.com/t/426/tr.cgi?class2

+++-----------------------------------------------------------+++


DISCLAIMER
Personal computers are individual machines with performance that
can vary with components, software, and operator ability. The
Naked PC is not responsible for the manner in which the
information presented is used or interpreted. Also, although we
work hard to provide you with accurate Internet links in The
Naked PC, we are not responsible for Internet links herein that
represent sites owned and operated by third parties. We are not
responsible for the content, accuracy, performance, or
availability of any such third-party sites. So there.

REDISTRIBUTION POLICY
We encourage you to forward this newsletter to your friends,
associates, and colleagues for their review and enjoyment.
However, please do so only by sending it in full, thereby keeping
the copyright and subscription information intact. We do request
that, once they've reviewed an issue or two, they subscribe
independently rather than continue to receive issues from you.
This helps The Naked PC grow and prosper, thereby funding its
continued publication.

Also, if you wish to post this newsletter to a newsgroup or
electronic discussion group, you may do so if you preserve the
copyright and subscription information. Thanks.

SUBSCRIPTION SERVICES
To subscribe or unsubscribe, surf on over to:
http://www.TheNakedPC.com/subscribe.html

To make comments or suggestions, surf on over to:
http://www.TheNakedPC.com/tnpfeedback.html
or send email directly to:
mailto:[EMAIL PROTECTED]

WEB BULLETIN BOARD
Check out our 24x7 Web bulletin board. If you've got a technical
question about PC issues, or suggestions of your own, this is the
place to hang out:
http://www.PRIMEConsulting.com/annoyanceboard/

ADVERTISING
To advertise in The Naked PC go to:
http://www.TheNakedPC.com/tnpcadvertising.html

Mail services provided by Blue Horizon Enterprises, one of the
very few "Mom and Pop" operations left on the Web:
http://www.bhorizon.com

Copyright (c) 2001, PRIME Consulting Group, Inc. and Dan Butler.
All Rights Reserved. The Naked PC is a trademark of PRIME
Consulting Group, Inc.
ISSN: 1522-4422


Reply via email to