Articles marked as "security" :

Get ZoneAlarm Pro FREE (Today Only!)
[ 18 November 2008 ]
Marked under general, security, windows.

Today, November 18th, is ZoneAlarm’s birthday. In celebration, they’re giving a free copy away of ZoneAlarm Pro 2009. But it’s just today! Get it while you can:

Download FREE ZoneAlarm Pro 2009

HOWTO: Edit the HOSTS File in Vista
[ 11 September 2008 ]
Marked under network, security, time savers, windows.

Recently a reader asked how to save their HOSTS file in Vista, because it wasn’t letting them save their changes. Vista is a bit different from previous versions of Windows. Vista introduced the new User Account Control (UAC) to help protect common users from malicious activities. In doing so, UAC has also hindered productivity. Not only does it ask you to confirm everything you want to do, it blocks your access to edit the HOSTS file. Let’s fix this so you can have complete control of it.

There are two methods to get around this problem:

1. Turn UAC Off

Go to Start > Control Panel. In the top right search box, enter UAC. The search will return 1 result which will let you toggle UAC on or off. Click on the result and uncheck Use UAC… This will require a reboot, but it will save you time in the future.

2. Copy, then overwrite the HOSTS file

Navigate to the etc folder located @ c:\windows\system32\drivers\etc\. Copy the HOSTS file to your Desktop and edit it accordingly. Make sure it’s named hosts, not hosts - Copy. Drag it into the etc folder and when you’re asked to overwrite the existing file, say yes.

HOWTO: Detect Behind The Scenes Changes to Your OS
[ 10 October 2007 ]
Marked under security, windows.

We’ve all done it. We start with a fresh copy of our OS, and as time goes on, we install stuff. Lot’s of stuff. At one point, we start installing junk and realize we didn’t need it, so we uninstall. And by uninstallling, we assume - or hope - that everything that we put there, is now gone. Unfortunately, that’s not always the case. This issue of behind-the-scenes changes to your OS can be solved with Tiny Watcher. Tiny Watcher, upon installation, will scan the current state of your computer. It will figure out what is running at startup, it will scan your registry and a bunch of other system files.

On every boot after install, Tiny Watcher will scan your system for any changes since the previous scan. If it detects any changes, it will alert you and give you options for handling those changes. This program is excellent to have if you often tryout new software, but are very willing to let it go if you don’t want it. If you are afraid new software will load a bunch of useless crap deep into your machine, Tiny Watcher has your back.

Benefits of Tiny Watcher:
- its a small program and runs fast
- detects most changes to your system
- it can be configured
- it’s free

HOWTO: Always Stay Logged Into Facebook
[ 25 September 2007 ]
Marked under security, time savers.

Facebook just rolled out a long-needed feature that we usually see at the infancy of every service that requires a login: Remember Me.

1. Enter your email address
2. Enter your password
3. Check the Remember Me box.

HOWTO: Quickly Scan For Malware with HijackThis
[ 3 September 2007 ]
Marked under security, windows.

HijackThis, a stand-alone free ware malware scanner, has been around for a long time. It’s one of those programs you can throw on a thumb drive and use to scan infected computers (you know, like your mom’s computer). I’ve been using HijackThis for over 4 years now. HijackThis is excellent for many reasons: it’s free, it’s small and a stand-alone file, it scans very fast, and it’s widely used — so many people are familiar with using it and analyzing results.

Download it for Free

HijackThis is now owned by TrendMicro (the very popular anti-virus company), but it is still free to download. As of the time of writing this article, there’s the standard 1.99.1 version and the 2.0 beta version. Go ahead and download one of them.

Since you will want to use this more than once, let’s keep it someplace for future use. Extract the hijackthis.exe file and put it somewhere like C:\Program Files\HijackThis\ — the reason for having it’s own folder is that it creates backups of files you remove, in the event that you need to restore them.

Run a Scan

Once you have it stored somewhere, open the executable and run a scan. It will scan your registry, startup items, any BHOs (Browser Helper Object), browser start pages, system .ini files, the HOSTS file, and more. It also does this… in a matter of seconds.

Scan Results

Now you can see a list of items the scan came across. Many of these items in the list are actually good. For example, it will report all of your startup items, and it’s up to you to choose which ones are bad and need to be fixed. Fortunately, you have lots of help choosing what to fix. When the scan is complete, choose Save Log and save the log file to your Desktop. Keep HJT open though!

Analyze the Scan

Go to the website hijackthis.de to upload your scan results. Browse to your your log file on your Desktop and let the site analyze it. It will direct you to a page explaining the severity and level of safety of each item in the log. From here, you can better see what items are harmful and what’s good. Now go back into HJT and check the items you want to fix and click Fix Checked.

That’s all there is to it. If you happen to remove something you need back, HJT stores backups wherever the .exe is located.

HOWTO: Change the Administrator password in Windows XP
[ 21 March 2007 ]
Marked under security, time savers, windows.

You should probably know that it’s quite important to create a password for the “Administrator” account in Windows. By default, this user does not have a password. To keep your PC safe, you should add a password to this account. Through the normal setup process though, you will probably create your own user account first, which will probably be an Administrator itself. Now, rather than figuring out how to get into the main ‘Administrator’ account*, why not just change the password from your own account? There are two very easy ways to do this… if you’re a loyal reader, you will know the second one.
1. User Accounts Panel

Go to the Run box and enter control userpasswords2 (make sure there’s a 2 at the end). At the bottom, click Reset Password… under the Administrator section. Enter a new password twice. Dunskie.

…OR…

2. ‘net user’ command

You can refer to an old post to get the details for this one. Just enter net user Administrator <your new password here> in the command prompt. Voila.

* To get into the Administrator account, reboot your machine and boot into Safe Mode. On the user account selection screen, you should see the Administrator account listed.

All Things Security
[ 11 December 2006 ]
Marked under security.

So here’s a little Security round-up including existing posts and some new additions.

1. Everyone uses passwords. Some people have good passwords, others don’t. Test the strength of your password at Microsoft’s password checker. Try to make your passwords hard to guess by using both uppercase and lowercase letters. Also, use numbers and even swap in some numbers for letters:

a => 4
e => 3
i => 1
o => 0
s => 5
t => 7

2. Use the free open-source encryption tool TrueCrypt to create encrypted volumes to store sensitive data (e.g. financial documents, password files, etc.). Check out an easy way to mount and open these volumes in a previous post of mine.

3. For simple text (.txt) files, you can lock them using Stegnos LockNote. Just drag the text file over LockNote and it will prompt you for a password. This text file now needs a password to be entered when you open it.

4. Need to use your home computer away from home? Use VNC over a secure tunnel to get in securely over the Internet. Check out my previous post on creating an SSH tunnel for VNC.

5. Finally, all of those passwords you have can get hard to keep track of. You can use KeePass or Password Corral to keep track of your passwords. This comes in handy if you have many different unique passwords for your accounts.

HOWTO: Securely open TrueCrypt volumes in one click (Redux)
[ 30 September 2006 ]
Marked under security, time savers, windows.

In the past, I wrote an article about a very easy way to mount and explore a TrueCrypt volume in one step. Some security issues came up about keeping the volume password in the batch file used to mount. This new article take that into account. The [almost] same script is used to mount the volume, but the password is taken out and you are instead required to enter the password at a prompt. The beginning steps are the same as the previous article, so if you just want to see the new feature, skip down to the “Create a script to mount” section.

Create your volume

Create any size TrueCrypt volume using your encryption algorithm of choice. My computer runs the Blowfish algorithm the fastest, so that’s my typical choice. Make sure you assign a good, long, hard-to-break password to it. The only way to reveal the contents of the volume is the password. We’re talking encryption standards the government uses here. So no one’s going to break in another way — you need a good password and you must remember it.

Copy TrueCrypt stand-alone files

TrueCrypt comes in an installable version and an stand-alone version. You can use the stand-alone command-only version for the batch script. The stand-alone files are inside the “Setup Files” folder inside the TrueCrypt folder. First, rename truecrypt.sys to tc.sys and truecrypt-x64.sys to tc-x64.sys. This will make it more simple for us. Go ahead and copy tc.sys and tc-x64.sys to C:\WINDOWS\. This will allow us to call the TrueCrypt program in the batch script.

Create a script to mount (NEW stuff here)

You may download the new batch script I wrote to mount a volume. Make sure you fill in the appropriate part specific to you — the path to your volume. Place this script in C:\WINDOWS\ so you can call it from the Run box. Here’s the main line in the script which has been slightly changed from the previous version:

tc /v <path to file> /l x /p %thepass% /q

As I said, make sure you fill in the correct path to your file. The changed piece is the pulling of the password and the addition of the %thepass%. That will require you to enter a password through a prompt when you run the script. Your password will no longer be in the file for anyone to see.

You may notice, I use various flags in the call. The /v flag will make TC mount a volume; then /l x will mount it as the letter X:\ (like it’s a drive); /p means the password follows it — where in this case, it causes a prompt. Finally, /q will quit the program when done. After the mounting takes place, we call explorer on the X:\ drive to open it.

Create a script to unmount

Following the previous script’s example, I’ve also written a script to unmount your volume. Fill in the necessary changes. Place this script in C:\WINDOWS\ so you can call it from the Run box. The only new flag I use is /dx which will dismount the X:\ drive.

Test it out

Time to test it all out. Hit WinKey + R > type in mount2 (or you can rename my new script to mount.bat or whatever you want) and hit Enter. Your volume should mount and should open in Windows Explorer. Now, to unmount it, in the Run box, type in unmount (or whatever you may want to rename it to) and hit Enter. Nextel. Done.

HOWTO: Restrict unwanted access to your router
[ 21 September 2006 ]
Marked under security.

If you own or use a wireless router, you probably know about the security issues surrounding the use of a wireless network. In it’s most basic sense, the router transmits an Internet connection wirelessly to any device that can receive the signal within a proper range. That means, with an open network, anyone can connect to your router and use your Internet connection if they have a wireless card and are in range. That means external people can use up your bandwidth, AND, they may carry out malicious activity on your account. There are various security features to help keep routers protected. If you don’t care too much about the security of your data (as in packets being sent over the network), but you do want your wireless signal to be restricted, then I have an easy solution. It’s called MAC Address filtering (also called the Access List on my router).

Get your MAC Addresses

The first thing you need to do it collect your MAC Addresses from all of the computers you want to ALLOW on the network. In Windows, open a command windows and enter the command ipconfig /all. You may also follow a previous tip I wrote about and enter cmd /k ipconfig /all into the Run box. Scan through the output for the line “Physical Address“. Write down the number/letter sequence on that line and keep track of them all. The Physical address is another name for a MAC (Media Access Control) address, because the MAC is unique for each piece of hardware and burned into it.

Create your “Access List”

Now it’s time to put the list together. Each router is different. My Netgear calls MAC filtering the “Access List.” Find your version of the access list and enter your respective MAC addresses into the list.

(click image to enlarge)

What it does and doesn’t do
This method is intended to keep only the people you trust connected to your router. There is no encryption with this method. Any person not on the list will not be able to connect to the network.

This method does not include encryption, so any packets that are sent over a network can be sniffed. This means anyone outside the network can use a packet sniffer to try to see what you’re doing. This probably won’t happen, but I’m just wanring you that this method does not involve any encryption.

As you can see, the network is considered “Unsecured” since there is no encryption. To anyone, it looks like they’ve found free Internet access, but when they try to connect, they will get a message saying they are unable to connect.

HOWTO: Safely Eject Hardware (if Windows doesn’t let you)
[ 11 September 2006 ]
Marked under security, time savers, windows.

If you’ve ever plugged a USB device into your computer, you’ve probably experienced the need to properly disable it. When you are done with the device, you are supposed to safely stop the device before you shut it down. This is to make sure nothing is accessing the device at the time of shutdown.

Let’s say you have an external hard-drive that you want to turn off. If you don’t properly stop it, Windows may be accessing some files at the time of shutdown, and this may cause data corruption. Sometimes when you try to shut it down though, you get an error saying the device is in use. This may happen even if you know nothing is using the device. All explorer windows are closed, and you know no programs are using it.

(click to enlarge)

If this happens, you can use freeware Process Explorer to hunt down the thread accessing the device. Just open Process Explorer, hit Ctrl + F to open the Search menu, and enter the drive, in my case, “E:\”.

Now I can see a hidden instance of explorer is actually accessing the E: drive, so I just need to click on the result to see the thread. Now, right-click the thread, and close the handle.

Now that the hidden instance of explorer is closed, we can go about stopping the device the right way and avoid possible data corruption.

In my experience, this happens often when I access an external drive a lot and keep opening and closing exlorer windows. Occasionally, an instance will be remain open even though I’ve closed all windows. This method is also good for other USB devices that may annoy you. Just search for the drive letter and close all handles accessing the drive.

HOWTO: Mount and explore TrueCrypt volumes in one step
[ 6 September 2006 ]
Marked under security, time savers, windows.

This article will show you how to use the power of a Windows batch script to mount a TrueCrypt volume and explore the contents as a hard drive in just one step. For those of you that don’t know, TrueCrypt is free software that you can use to encrypt files. You can create a container file (named anything you want) and mount it as a drive using the TrueCrypt software. Unmounted, it looks just like a regular file.

Create your volume

Copy TrueCrypt stand-alone files

TrueCrypt comes in an installable version and an stand-alone version. You can use the stand-alone command-only version for the batch script. The stand-alone files are inside the “Setup Files” folder inside the TrueCrypt folder. Go ahead and copy truecrypt.sys and truecrypt-x64.sys to C:\WINDOWS\. This will allow us to call the TrueCrypt program in the batch script.

Create a script to mount

You may download a batch script I wrote to mount a volume. Make sure you fill in the appropriate parts specific to you. These parts are capitalized to stand out. Place this script in C:\WINDOWS\ so you can call it from the Run box. Here’s the main line in the script:

tc /v <path to file> /l x /p <your password> /q

Make sure you fill in the correct path to your file, and the appripriate password you’ve chosen. You may notice, I use various flags in the call. The /v flag will make TC mount a volume; then /l x will mount it as the letter X:\ (like it’s a drive); /p means the password follows it. Finally, /q will quit the program. After the mounting takes place, we call explorer on the X:\ drive to open it.

Create a script to unmount

Test it out

Time to test it all out. Hit WinKey + R > type in mount and hit Enter. Your volume should mount and should open in Windows Explorer. Now, to unmount it, in the Run box, type in unmount and hit Enter. Nextel. Done.

Also, you can rename the batch scripts to something only you will know, so it’s not easy to mount on your computer. For example, change mount.bat and unmount.bat to something like xy33.bat and sysz.bat. Only you will know.

HOWTO: Block websites using the HOSTS file
[ 28 August 2006 ]
Marked under security, windows.

Blocking ad servers and malicious websites is a tough task these days. There are so many tools out there to keep ads blocked, remove spyware, and scan for viruses. Most of this unwanted content comes from known ad servers and known malicious websites. You can harness the power of the Windows’ HOSTS file to actually block some of this stuff. I’ve been doing this for years, and I’m still surprised how well it works.

In a nutshell

For your version of Windows, the HOSTS file is located in

Windows XP:
C:\WINDOWS\system32\drivers\etc\

Windows 2000:
C:\WINNT\system32\drivers\etc\

Windows 98/ME:
C:\WINDOWS\

It does not have an extension — it is just called hosts. The purpose of the HOSTS file is to allow you to manually enter IP addresses associated with websites, so the DNS server can quickly resolve an address. Say you know that google.com is the IP address 64.233.187.99 — you could enter that into the HOSTS file so when your machine requests google.com, it will immediatly know to go to http://64.233.187.99/. Instead, we can take known ad servers, and tell them their IP addresses are 127.0.0.1. For those of you that don’t know, 127.0.0.1 is your local machine, if you were running a server on it. So say, some ad server hosts a banner ad at http://www.adsite.com/ads/23bh3.jpg. If you redirect this server to your lcoal machine in the HOSTS file, when a website calls that hosted image from the ad server, it will try to load http://127.0.0.1/ads/23bh3.jpg. Since that folder and that image don’t exist on your computer, the image won’t show, and you’ve blocked the ad from showing on that website.

Putting it together

This first line of the HOSTS file should list the local IP address:

127.0.0.1 localhost

That tells the rest of the file, 127.0.0.1 is your local machine, like I explained above. You could also use 0.0.0.0 instead of 127.0.0.1 — either will work, but whatever you use for localhost, use below. After that, enter known ad servers and use your local IP (whichever you chose at the top). You can find maintained HOSTS files online or start to build your own. Here’s a little snippit of what my HOSTS file looks like:

127.0.0.1 localhost127.0.0.1 92.132.206.rev.adknowledge.com 127.0.0.1 a-con1.adknowledge.com 127.0.0.1 a-lbs.adknowledge.com 127.0.0.1 a-pwr.adknowledge.com 127.0.0.1 a-sw1.adknowledge.com 127.0.0.1 aa1-1.adknowledge.com 127.0.0.1 aa1.adknowledge.com 127.0.0.1 aa2-1.adknowledge.com 127.0.0.1 aa2.adknowledge.com 127.0.0.1 aa3-1.adknowledge.com

Extra step: Windows XP/2000 only

In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]

Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file.

Disabling/Enabling the HOSTS blocking

If you ever need to disable the blocking, just rename the hosts file to anything. I usually rename it to hosts.disable. After you do that, you need to restart your browser to see the changes. To enable it again, just rename it back to hosts.

You could also write a script to do this for you. An example called disable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts hosts.disable

And another example called enable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts.disable hosts

More info about HOSTS

To get a HOSTS file already full of servers, you may go to MVPs.org. To learn more about the HOSTS file, check this site out; it’s where I learned about it. Also, I posted this tip a while back, at Of Zen and Computing.

HOWTO: Change your XP password via the command line
[ 21 August 2006 ]
Marked under security, time savers, windows.

I submitted this quick tip to Lifehacker in the past. If you feel the need to change your Windows password, you don’t need to go through any Control Panel menus and whatnot. You can change any user’s password via the command line, as long as you have administrative access. A good example of when to use this tip would be after a fresh install of XP. One of the first things you should do is lo into the default Administrator account and set a password. That requires booting into Safe Mode as Administrator, setting a password, then booting back into Normal mode as your own user. Instead, go to Start > Run > “cmd” [Enter], then enter:

net user <username> <password>

This will set the password you supplied as the password for the user you entered. You can also do:

net user <username> *

This will prompt you for a password, then have you confirm it.
NOTE: you need administrator access to change the password via this command. However, if you are an administrator, you can change the password for any account on the machine. As you can see, this is a very powerful command, but it can also pose as a security threat.

HOWTO: Set up a Windows SSH server for VNC tunneling
[ 17 August 2006 ]
Marked under security, windows.

This tutorial will walk you through the steps to running a SSH server on your Windows machine and using it to create a secure tunnel through the Internet to use VNC.

SETUP: Server

Install the SSH server:

Log into Windows with Administrative privileges
If there is no password set for this user, set one in the Control Panel. *(a password is required)
Create a cygwin folder in the C: drive (C:\cygwin)
Download setup.exe from cygwin.com and save it to C:\cygwin
Run C:\cygwin\setup.exe
Install from the Internet and save to C:\cygwin\
For Local Package Directory, use C:\cygwin\
Select a download site from the large list.
On the Select Package screen, click View once so “Full” appears.
Scroll down to openssh in the package column, and click on “Skip” so an “X” will appear in column “Bin?”.
After the packages have been downloaded, finish the installation
Right click My Computer, Properties > Advanced > Environment Variables
Under System Variables, click New, add CYGWIN as the variable name, add ntsec as the variable value
Under System Variables, scroll down to Path, click Edit, add ;c:\cygwin\bin to the end of the string already in the field
Open Cygwin on the desktop and type in ssh-host-config
“Privilege Separation?” Yes
“Create local user SSHd?” Yes
“Install SSHd as a service?” Yes
“CYGWIN = ” enter ntsec
While in the same Cygwin window, enter net start sshd to start the SSH server
If you ever need to stop the SSH server, enter net stop sshd
In the Cygwin window enter mkpasswd –local > /etc/passwd to copy over the Windows user settings to Cygwin
In the Cygwin window enter mkgroup –local > /etc/group to copy over the Windows group settings to Cygwin

Test the SSH server:

Enter ssh localhost in a Cygwin window
Any time you SSH into a server for the first time, you will get an authenticity warning. The RSA key will be listed and it will ask you if you want to continue. Type in ‘yes‘ to continue.
If you get a prompt without any errors, enter ls -lh /cygdrive/c
If you see a directory listing of your C:\ drive, everything went right

Install the VNC server:

Install your VNC client of choice. Make sure you install the server portion of the client
If you are given the option to “allow loopback connections” choose Yes
Make sure you register the VNC Server as a system service. Various clients do this in different ways
Once it’s registered as a service, it will auto-run at Windows startup as a service

Tweak your firewall (if applicable) to allow port 22:

In your firewall, open TCP port 22 for SSH use
Example: in Norton Internet Security, Personal Firewall > Configure button > Advanced tab > General button > click Add. Permit to and from connections for TCP port 22. Name the rule something like SSH
Example: in Windows Firewall for SP2, Start > Control Panel > Windows Firewall > Exceptions Tab > Add port > port name SSH, port 22 TCP

Tweak your router (if applicable) to forward port 22:

If you’re behind a router, forward TCP port 22 to your internal IP
This means that any traffic coming in through port 22 (the SSH port) will be passed through the router and directed (forwarded) to your internal IP

SETUP: Remote machine

Install the SSH client and create a tunnel:

Install your SSH client of choice (mine is PuTTY)
Create a tunnel to your SSH server
In PuTTY, click the Add button under the tunnels section
Make the source port = 5900 and the destination = 127.0.0.1:5900
In the SSH Secure Shell client, edit your profile and go to the Tunneling tab
Make the listen port 5900, the Destination host 127.0.0.1 and the destination port 5900. Choose TCP for the type and uncheck “Allow local connections only.”

Configure PuTTY for auto-login (if you choose to use PuTTY):

Make a shortcut to putty.exe on your Desktop
Right click the shortcut, Properties > Shortcut tab > Target field
Add the following to the end of the string in the field: -load “[your profile name]” -l [login name] -pw [password]
Example: -load “home” -l Mark -pw mypassword

Install the VNC viewer:

Find a VNC program of your choice and install the VNC Viewer portion of the package.

EXECUTE: VNC over SSH

Open your SSH client, connect to your remote IP address
Open your VNC viewer, connect to 127.0.0.1:5900

Articles marked as "security" :

Get ZoneAlarm Pro FREE (Today Only!) [ 18 November 2008 ] Marked under general, security, windows.

HOWTO: Edit the HOSTS File in Vista [ 11 September 2008 ] Marked under network, security, time savers, windows.

HOWTO: Detect Behind The Scenes Changes to Your OS [ 10 October 2007 ] Marked under security, windows.

HOWTO: Always Stay Logged Into Facebook [ 25 September 2007 ] Marked under security, time savers.

HOWTO: Quickly Scan For Malware with HijackThis [ 3 September 2007 ] Marked under security, windows.

HOWTO: Change the Administrator password in Windows XP [ 21 March 2007 ] Marked under security, time savers, windows.

All Things Security [ 11 December 2006 ] Marked under security.

HOWTO: Securely open TrueCrypt volumes in one click (Redux) [ 30 September 2006 ] Marked under security, time savers, windows.

HOWTO: Restrict unwanted access to your router [ 21 September 2006 ] Marked under security.

HOWTO: Safely Eject Hardware (if Windows doesn’t let you) [ 11 September 2006 ] Marked under security, time savers, windows.

HOWTO: Mount and explore TrueCrypt volumes in one step [ 6 September 2006 ] Marked under security, time savers, windows.

HOWTO: Block websites using the HOSTS file [ 28 August 2006 ] Marked under security, windows.

HOWTO: Change your XP password via the command line [ 21 August 2006 ] Marked under security, time savers, windows.

HOWTO: Set up a Windows SSH server for VNC tunneling [ 17 August 2006 ] Marked under security, windows.