Technovice.net - Security

Free Firewall From PC Tools

nospam@example.com (jumanjisama) — Tue, 30 Jan 2007 06:39:16 +0800

PC Tools is a brand well known for it's spyware product called Spyware Doctor, which has won may awards from various magazine and websites. And previous to the release of this free firewall software, they have also released a free anti virus,which i have also covered in an earlier article. Although their anti-virus software was free but it was quite competent and offers quite a number of features. Gladly, they had also repeat the same thing when they release their free firewall software. As soon as i got to know about this free firewall, i immediately went to the website, download it, installed the firewall, restarted my PC and start testing the firewall capability. As a starters, you can bet that PC Tools Firewall is far much better than the default Windows firewall, in respect of protecting your PC. So, in this article i am just going to share some of my experience using PC Tools Firewall. First of all,upon installation, you would probably see some warning like: This driver has not passed the Windows Logo Test ; just ignore it and continue with the installation. Next, just as other firewalls out there, free or commercial, PC Tools Firewall also give out warning dialogs, just like in the image below: When you first start using PC Tools Firewall, you should expect a lot of this dialogs. But this is good, at least you know that the firewall is working :) There are a couple of test that has been done by other users and myself to see how good PC Tools Firewall actually is, it was just some basic leak test, but surprisingly, PC Tools Firewall passed them all with flying colors. Though it was just a basic leak test, but be surprise that there are some commercial firewalls that didn't passed it (you don't have to ask about the Windows firewall, everybody know that it is there only for show). But with great protection, comes a great penalty, well, not much of a penalty, but still it is a pain in the ass. This is only for P2P users or similar (Kazaa,Limewire,Mirc et cetera) - you need to include a few filtering rules (depending on how many P2P application you have) in order for the P2P application to run properly. For example, if you didn't add additional rules to allow your BitTorrent client to connect to the net, PC Tools Firewall will certainly block it from downloading and uploading any files. Not good! But actually, it is the same in all firewall system (the good ones), you need to add the filtering rules for certain type of application to function. As a conclusion, i would say that this free firewall from PC Tools is definitely a recommendation, especially if you are still using Windows Firewall. Not only it is produced by a reliable company but also the firewall itself is functional as expected. If you are already using some other firewall system, then it is totally unnecessary to change, unless you want to give it a try. But again, if you are currently using Windows Firewall, then it is best that you get yourself a solid firewall system, if not this one, maybe some others :) To download the PC Tools Firewall, please click on this link to go to the download page: Get PC Tools Firewall

ATM Scams - How They Get Your Password and Card Info

nospam@example.com (jumanjisama) — Mon, 08 Jan 2007 10:46:03 +0800

I found this site which explains (aided by images) how ATM scammers can get hold of your PIN number and ATM card information. I really didn't know that such things can be done. Honestly, i have to give some credit to these fellas, they are really creative when it comes to achieve their objective. If you have never heard about ATM scams techniques before, then i really suggest that you visit this page: ATM Scams. It explains the three techniques which are known to be used by ATM scammers to steal your hard earned money. I am really glad that there are such kind of website is available on the net. Yes, it does makes you feel insecure reading all about the ATM scam techniques, but it also undoubtedly makes you more prepared to face such threats, since now you are more informed about it. Hopefully, none of us need to encounter such scams ever.

Recommended Free Anti Viruses

nospam@example.com (jumanjisama) — Sun, 31 Dec 2006 08:26:45 +0800

In a previous article , i have recommended a couple of free anti viruses. But after a few months and reviews later, i have decided to revamp my recommendation. So, in today's article, i will recommend three anti viruses which, in my point of view, are the most competent, hi tech and reliable. Two of them are already known for quite sometime for being among the best free anti virus available, and one is a new comer in the free anti virus arena :) (the more the better) AVG Yeah, the good old AVG, been recommended by many security experts as one of the best free anti virus out there and it has been around for quite a long time now (relatively) and with the new release of AVG 7.5 , Grisoft is (not literally) telling the world that AVG ain't going anywhere anytime soon. Things that make AVG cool: # It auto updates it's virus signature # Other than having an On Demand virus capability, AVG also offers virus protection for your emails - you need to know that not all free anti viruses offer both On Demand and Email virus protection, so any free anti virus which does offer this, it can be considered as a very generous gift :-) # It has a very good reputation for being a really reliable free anti virus application If you are interested to know more about AVG, please click on this link: Read More To download the latest version of free AVG, go here: Get Free AVG Avast! Home Edition Avast can be considered AVG's most haunting rival, most security experts will either recommend AVG or Avast or both as the best free anti virus. Personally, i can't tell which one is better in respect of detecting more viruses and protecting your PC better, but Avast can really boast about it's list of features and cool design. Avast is cool because: # Just like AVG, Avast offers both On Demand virus scan and Email protection # Unlike AVG, Avast has P2P (bticomet,kazaa,limewire and etc) and Instant Messaging (IM) protection - this feature gets a lot of extra points from me :-P # Auto Updates # Has Web Shield - a protection system against attacks from websites ( don't be surprise, there are websites made today which has a sole purpose - to make your life miserable) # Protection from network attack - totally cool for people who are connected to a network such in a University's Network As i said, Avast has a long list of features compared to AVG, so if you are keen to know every tiny miny detail about Avast, head here: Read More Then, if you are interested to get your own copy of Avast, click on this link: Get Avast PC Tools Anti Virus This AV is the new kid in the block (again, relatively speaking dude!) but sure got under the spot light really fast. PC Tools AntiVirus is developed by the same company that made the famous Spyware Doctor. Though this cannot be a prove that PC Tools AntiVirus is a good free anti virus, but it has to mean something right (the made-by-the-same-company thing) - just like cars, news models from BMW or Toyota is considered good, cause both of the car manufacturers has made many really good models before (a bit off topic :-) ) Anyway, PC Tools Anti Virus is considered cool by me (that is why i recommend it :-) ) because: # It has Smart Updates function - just another funky name for auto update # It has community support - this feature, though may seem unnecessary, but it is really totally useful when you encounter any problems with the application (hopefully there are no problems in the first place) # Just like the two above, PC Tools Anti Virus has both On Demand scanning capability and Email protection # It has Internet Guard - again, this is just another funky name for protection against treats from websites to learn more about PC Tools Anti Virus, go to this link: Read More to download PC Tools Anti Virus, please click on this link: Get PC Tools Anti Virus Lastly, just as a reminder, no one AV can give you a full protection against any attacks, not even the commercial ones can, so please don't expect much from the free ones. Practice save internet activities and probably you won't have to worry about your PC getting infected by viruses :-)

Secure Your Instant Messenger

nospam@example.com (jumanjisama) — Thu, 21 Dec 2006 06:11:32 +0800

I found this cool free security software for your instant messenger while wasting my precious time surfing the net :) . Anyway, this application is called IM Secure from Zonelabs, the same company that created the famous Zone Alarm Firewall. Zonelabs offers home users the light version of the IM Secure, good enough for me, as long as it is free :) Some of the offered features are as below: #Universal, Transparent Protection Works with the IM you already use—AOL Instant Messenger, ICQ, MSN Messenger, Yahoo!, ICQ, and even universal clients like Trillian. Once IMsecure Pro is installed, it protects your IM silently, without interaction. #Inbound and Outbound Threat Protection Guards your PC by blocking dangerous inbound and outbound IM traffic, including: invalid messages, buffer overflow attacks, and more. Defends your computer and your files from hackers, thieves, vandals, and predators. #Spam Blocker Saves time by blocking unwanted messages from strangers, and protects you from dangerous and inappropriate content. #ID Lock Blocks a user-defined list of confidential terms from being sent via IM by anyone else sharing your computer. to learn more about the requirements and stuffs, click on this link: More About IM Secure Personal Opinion This is a great application, especially for people who have had experienced their IM being hijacked before. IM Secure may not able to completely secure your IM (well, nothing can) , but at least it can help you to avoid most of the attacks. One drawback of IM Secure is that, it is not compatible with a few security application such as NOD32 (i was unsuccessful in finding a reliable source to give me the list of application that IM Secure ain't compatible with) Anyway, it is a great free application from Zonelabs and i really do encourage you to download it, will surely be a valuable addition to you computer's defense system.

Encrypted Messages For IMs

nospam@example.com (jumanjisama) — Tue, 14 Nov 2006 06:00:23 +0800

Did you know that there exists softwares that you could use to spy on people who are using Instant Messengers (IM)? Spy in this context means that you could read all of their conversation. OK, now that you know, don't start to be excited yet because this article ain't gonna disclose to you on how to do just that, but instead, how to avoid from your private messages to be misused. One way of doing that is to encrypt all out going messages, so that even if they are intercepted, it would be totally useless :) Why Encrypted ? Sometimes, you pass some private information to your friends or family using IMs. Other times you are having a secret conversation with your girlfriend or boyfriend or both through IMs. Either way, you wouldn't like if the conversation was leaked to a third party. You don't need to encrypt your messages every time you wanna chat, but you should encrypt your messages that you think are very valuable and there are probably rivals or enemies that are tagging your messages. But, i can only show you the door, it is you who needs decide whether to open it or not (i think that was the line Morpheus said to Neo when visiting the Oracle) SimpLite There are a few softwares that you could use to encrypt your messages,the first is a software from Secway, called Simp. There are two versions of the software, commercial and free. The commercial version is called SimpPro while the free version is called SimpLite. Both are just as good, but for the free version, you may only use the encryption software for one IM at a time. Plus, you need to download a specific encrypter for a specific IM. Below are the download links for the four IMs that the SimpLite supports: 1. SimpLite For MSN Messenger 2. SimpLite for Yahoo Messenger 3. SimpLite for Google Talk/Jabber 4. SimpLite for ICQ/AIM But take note that, in order to fully utilize this tool, both you and your chatting partner need to have SimpLite installed, and it must be the same version, or else, your messages won't be encrypted. Miranda and GAIM These two aren't actually encrypting softwares, but are Universal Messengers (UM). The great thing about these two is, they support message encryption, both of the UMs have plugins that are capable of encrypting all incoming and outgoing messages. But just as SimpLite, both parties need to use the same IM client. For example, if you are using Miranda, your chatting partner also need to use Miranda with the same encryption plugin in order for everything to work, this also applies to GAIM. I have written a short intro to both of these UMs in separate articles, you may read them by clicking the link below: 1. Miranda 2. GAIM As i have mentioned above, it is not required for you to encrypt all of your messages. But if you think that you are being spied on by your spouse,boss,rival,enemy or etc, encrypting your message can be a really good idea :)

HijackThis - A Great Malware Detecting Tool

nospam@example.com (jumanjisama) — Sat, 11 Nov 2006 10:37:29 +0800

HijackThis have been around for quite some time already, and it is a very popular tool to diagnose your system for malware infections. There are a few reasons to why HijackThis is a popular malware detecting and removing tool, such as: 1. It is free 2. It has a great support 3. It doesn't require installation, thus making it portable 4. It is really good at what it does, detecting and removing malwares HijackThis has a unique approach to counter malware infections. Being different from other normal malware detector and remover, upon scanning your system,HijackThis will not give any warning of malware infections or suspicious application (in case it detects any). Instead, it will produce a report, which is the most essential product of the system scanning. Using this report, you may ask for expert's opinions and help from various forums and sites, which i think is the best feature of HijackThis. Start To download HijackThis, pleas go to this link: Get HijackThis To make a quickstart using HijackThis, you may visit this link, which will explain to you in short on how to use HijackThis: HijackThis Quickstart Support Sites/Forums This link will show most, if not all, available support sites, which you could join and get advice and also help: Support Sites/Forum. But remember, in order to get any help from the experts, you will need to have the system's scan report of your system. You may ask questions,advice,suggestion and also help at all of those support sites.Anyway, for the sake of reminding, please be polite when you are asking for advice at these sites, they are helping you for free, respect that :) Web Service Other than asking for expert's advice, you may also submit your scan report to a web service at: Fast Report Submission. This web service will generate a simple analysis of your scan report and will warn you for any suspicious or known malware infection in your system. Using this web service, you could get a faster result of your scan, but still, it lacks the human touch :) As a summary, HijackThis is a really reliable tool to scan your system and make sure it is free from malware infections. It has been used by many and has proven itself to be a really great tool. Again,to download HijackThis, please go to this link: Get HijackThis

GMER, An Anti-Rootkit For Beginners

nospam@example.com (jumanjisama) — Mon, 06 Nov 2006 05:58:07 +0800

Previously, i have written a short article about rootkits and the threats that they appose : Intro To Rootkits. In this article, i wanna introduce you guys to an anti-rootkit which is suitable for beginners. It is really tech-novice friendly, as it doesn't require you to have any knowledge identifying a rootkit and it is practically really easy to use and has some really useful features when it comes to detecting and removing the rootkits. The anti-rootkits that i am talking about is called GMER, some of the features that it has are as below: # hidden processes # hidden threads # hidden modules # hidden services # hidden files # hidden Alternate Data Streams # hidden registry keys # drivers hooking SSDT # drivers hooking IDT # drivers hooking IRP calls # inline hooks Don't worry if you don't know anything about this features and what it means, you are not alone :-). Most important thing that you need to know is that GMER allows you to lookout for any hidden or suspicious running applications. Start GMER is a lightweight application, it's size is only under 500kb (version 1.0.12). But despite the small size, it has some amazing functions under its hood. Other than being small in size, it is also free to download and use, which adds more awesomeness to it. You may download it at it's official web : Get GMER. You will see a list of files at the page, to download GMER; choose the one on top of the list. The other files are video files, examples of GMER in action. Processes GMER has a really informative process viewing feature. For a beginner, you may not understand all the information GMER may provide about all the running processes in your PC, but there are still a few types of information that may be useful ,such as, you could see where the running process is located (the executable file), how long it has been running and how much memory is it consuming. Other than being informative, it could also kill any running process that you would like to shutdown. This is a very useful feature, as you could kill a running rootkit and scan for the malware that it is hiding using your anti malware application. Click on this link to learn more on how to kill all processes and scan for the hidden malware: Learn More. Some example images that the author has provided are in Polish, but you should have no problem understanding it :) Scanning Rootkits GMER doesn't provide a real time protection, well not directly. What i mean by that is, if for example a rootkit has been downloaded into your system and starts running, GMER won't give out some warning or automatically remove the rootkit or something. To do so, you need to do it manually. GMER could be set to log all running processes or set to prompt you if any unauthorized action was made, but this requires you to identify the level of danger of the unauthorized action. But even so, GMER still has a really solid rootkit scanning capability. At the 'files' section at the official GMER website, there is a video showing GMER kicking kaspersky's ass, when GMER could detect a rootkit which kaspersky fail to. You may download the video here: Get Video. Scanning for rootkits is really simple, and after the scan has been completed, GMER will show a full report of the scan, which is really important. With this report, since rootkits can be a bit complicated,you may ask rootkit's experts to analyse the report and help you to identify if there are any rootkits that GMER has overlooked or if GMER has mistakenly identified an innocent process to be a rootkit. Even the author of GMER offers you this service, helping you to analyse your GMER's scan report. Just fill in this contact form: Contact GMER's author, include the scan report with it, and submit. Overall, i really like GMER and i really suggest it for you to use. I like it's simplicity but yet so powerful. Though it may not be the ultimate anti rootkit available, but there are a few rootkits experts out there that rate GMER to be at the same level as the best anti rootkits. Download GMER right away : Get GMER

Danger !!! - Intro to Rootkits

nospam@example.com (jumanjisama) — Fri, 03 Nov 2006 07:04:18 +0800

I am sure that you know what a computer worm,virus or a trojan is. Lately, the most popular annoying malware are spywares. In this article, i just wanna write a short intro about another less known malware, called rootkits. Unlike the other trouble making malwares, rootkits are a bit unique. What A Rootkit Does? The main nature of worms,viruses,trojans and spywares are to make damages. But rootkits are different, they don't do damages, instead, their main purpose is to conceal the existence of the malware that comes with it. Quoted from wikipedia:

A rootkit is a set of software tools intended to conceal running processes, files or system data, thereby helping an intruder to maintain access to a system whilst avoiding detection.

This is a very important characteristic of rootkits that users should be aware of, rootkits are really hard to be detected, especially the hardcore ones. Even the antivirus makers are having a lot of trouble to make sure that their software could detect as much rootkits as possible. Quoted from Mikael Albrecht, product manager for F-Secure:

Rootkit detection is a cat-and-mouse game. Sometimes the rootkit authors are ahead, sometimes the antirootkit authors.

Rootkits Are Troublesome Not enough with it's ability to conceal itself and the malwares it carries, it is also can be quite troublesome to remove it. Unlike other malwares (i am not sure if rootkits can be classified as malwares, as it doesn't directly do any damages) which you could simply use the anti malware software to remove it,removing a rootkit has a probability to cause damages to your Operating System (OS). Quoting from wikipedia again:

Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

This statement tells us that rootkits attach itself deeply into the core of the OS, which means, removing it, can cause instability to your system. Though it is undeniable that most commercial anti virus companies has made their software capable of detecting and sometimes removing rootkits, but this is only limited to basic rootkits and the number of rootkits sample that they have. Rootkits writers are making more and more complex rootkits as time goes by. The End? What about anti rootkits? Don't they exist? Well, they exist all right, and the good news is, the best anti rootkits around is free. The bad news is, since rootkits are a bit more troublesome than other malwares, most of the best anti rootkits available are mostly for expert and advance users. But, there are a few that are also suitable for beginners. Since this article is already too long to tolerate, i will post about my review of the anti rootkit, the one that is suitable for beginners, in my upcoming article :) References: Wikipedia is my friend Interview With Developer Of Icesword p/s: yeah2, i know, this article is boring, but i need you to know about rootkit before i write about detecting and removing it !!! Stop complaining and start reading :-P

A Trojan Stealing Your Precious Infos

nospam@example.com (jumanjisama) — Fri, 20 Oct 2006 20:14:00 +0800

There is a trojan circulating in the internet, detected by Panda Antivirus, which steals your personal informations (that's not new, i know). But what makes it worst, it is protected by a rootkit. Now, what in the world is a rootkit? In simple words, it is a application used to hide malwares from being detected by anti malware softwares. It is really a bad combination, once you are infected, it is really hard to detect and remove it. The malicious code writer(s) is sending this Trojan variant by attaching it to spam mails, quoted from Luis Corrons, director of PandaLabs: [quote]it seems that the author or authors of these malicious codes are mass-mailing these Trojans as attachments to spam messages. For this reason, it is recommendable to delete any suspicious or unwanted email messages.......[/quote] The Trojan steals infos such as (quoted from Panda): [quote]...designed to steal passwords for popular Internet services, such as eBay, ICQ, Pay Pal or Web Money, and for many email clients, including Outlook Express or The Bat!...[/quote] Just Reminding I am posting this entry not to make you guys scared or something, but just wanna remind you to be cautious while surfing. Since this troublesome Trojan is protected by rootkit(s), normal antivirus can't detect it (especially the free ones). You really don't want your PC to be infected by this Trojan, so takes precautions steps as suggested by Luis Corrons - don't ever, never ever, big never ever read or open attachments from spam mails, even better, just delete them of. No matter how appealing the subject of the spam mail can be, it is not worth the risk of losing your personal infos to some crazy maniac who would, no doubt bout it, make your life miserable as long as s/he can. Lastly, i got this active scan from Panda, so you could scan your PC online, just to make sure you are clean of this damn stupid Trojan, to use it, unfortunately you need to have IE 5 or IE 6 - Firefox and IE 7 ain't supported. Go to this link to scan your PC for free: Panda Active Scan Read Original Report : Panda News Extra Reading: What Is A Rootkit?

Link Scanner - Scans For Malicious Links

nospam@example.com (jumanjisama) — Mon, 16 Oct 2006 11:37:13 +0800

There is a webtool on the net that allows you to scan links for hidden exploits. Well, i am not saying that you need to scan all the links that you wanna visit, before you visit them. I just merely wanna share this cool webtool with you guys, in case anyone of you suspects a link to be malicious and but you don't know how to make sure of it. Then probably this webtool that i am recommending is the one you are looking for. Just click on this link below and visit the web that host this webtool (don't worry, i am not spreading some malicious link here :)): LinkScanner All you need to do is insert the URL of the link into the space provided then click on 'Scan', that's all. Soon after that, the web will post a report of the scan. So if you have a link that you feel suspicious about it's safety, then use this webtool, and be suspicious no more :)

Extra Defence For P2P Users - For Free

nospam@example.com (jumanjisama) — Sun, 15 Oct 2006 11:36:09 +0800

P2P (peer to peer) Users are users which uses applications such as bittorent clients (bitcomet,azureus,utorrent etc), Limewire,eMule and Kazaa. I think you got the idea already. P2P network is by itself very insecure, as soon as you log in into the network, you make your PC vulnerable to attacks. I prefer not to go all technical about how a p2p network works, but you should at least have a rough idea about it. In layman words, in a p2p network, you send and receive chunks of file to and from different PC's which has different IPs. And there are known IPs that sends bad stuffs to people. Most of p2p clients can't protect you from this evil IPs, even if they can, it is very limited. Luckily for us, the download junkies, there exist an application called PeerGuardian, from Phoenix Labs. It is a very optimized application for blocking these evil IPs that i mentioned above. Blocking is what all what it does, nothing else. It has a frequently updated list of IPs which distributes spyware,trojan, virus, just name it, it has the list. Before i go on, i want to make it clear, this is not a firewall application, though it's function is almost the same. So it wouldn't conflict with your current firewall (and please don't go on and removing your firewall after you have installed this, totally not recommended) Get It You can get your own free PeerGuardian here: Download PeerGuardian . It's current build is Peer Guardian 2 (PG2), which is also the same one that i am using right now. There is also a really, i mean , really complete documentation of PG2 available. It touches all of the important topics such as how it works, how to install it, and how to use it. It even includes images to aid the learning process, nice !!. Disadvantage When you use PG2, you will probably notice a decrease in connection speed, this is due the nature of the p2p network and how PG2 functions. But from the PG2 developers, this disadvantage may be overcome by increasing your half open connections (HOC), for Windows users only. For Bitcomet 0.73 users, there is a build in feature that allows you to edit the amount of HOC that you have, read it here: Edit HOC With Bitcomet 0.73. Personally, i don't think you should trade your PC's safety for anything, especially when you have other options to overcome the advantages that comes with security. As the writter of this article, i forbid you !! :). So, wait no more p2p junkies, strengthen your defence arsenal right now, download PG2 : Download Peer Guardian p/s: there is also a PG2 version for OS X available but for Linux users, the developers of PG2 recommends MoBlock

Worm Attack - From Internet Explorer to Yahoo Messenger

nospam@example.com (jumanjisama) — Sat, 07 Oct 2006 20:40:05 +0800

There is a recent worm breakout for Yahoo Messenger (YM) users. As usual, the worm exploits the link usage in YM. If infected, the worm will send links to your buddy network, other than that, it also takes advantage of the status mode in YM, making a really innocent looking linked status for your friends to click. The interesting part is, the link will direct you to a webpage filled with high value Google Ads, so practically, the hackers (i assuming there are more than one) is trying to make a living out of worms. Another point of interest is that, you can get infected by this worm by visiting certain web build by the hackers, with Internet Explorer, no surprise there :) Tips to avoid getting infected by worm, for this particular situation, are as below: Use Firefox Though there are some recently stir about the security vulnerabilities of Firefox, Mozilla made a patch for that in lightning Internet speed. Even better, the updates were sent to the browser when it is activated. I can go on and on telling you all the better security features of Firefox compared to IE (IE 7 is an exception). But you get the idea, don't compromise the safety of your PC, use Firefox. If you don't already have one, get it here : Get Firefox. If you already have and are using Firefox, then hooray for you 8-) Below are tips quoted from my previous entry titled : Worm Spreading Using MSN Messenger Use IM in a Virtual Environment This is at the moment, my best suggestion. It may require a little extra effort for you to activate the IM in a virtual environment, but i really believe it is better to be safe than sorry. Using IM within a virtual environment decreases your percentage of getting worms like this one into your system ,down to nothing. Any worms that tries to infect your PC will be stuck in the virtual folder. If you would like to learn more about Virtualization, read this : Read Virtualization Article. Ask Ask your friend whether the link is legitimate, just make sure it was a human that sent you the link, not a bot. Sounds a bit silly for some people to do this, but there is not harm from asking, there is a lot of harm that follows a worm though, if it infects your PC :-) You may read the full report of the worm attack here : Read Full Report

Worm Spreading Using MSN Messenger

nospam@example.com (jumanjisama) — Tue, 26 Sep 2006 21:47:21 +0800

Another threat to Msn Messenger users, this time, according to Kaspersky, the worm is sent using a link, an innocent looking link, with a .PIF extension. What's worst is that, people will receive this links from their IM friends, which they trust and have almost no reason to doubt the link. Well, now you need to think again before you click on the links that you get. The extension of the file comes in a few variation, but all are the same, still worms. Though Microsoft has filtered the .pif extension, but it is case sensitive, so the worm writers got smart and toyed with this flaw, using .PIF or .Pif or other variation instead, from Kaspersky:

So the criminals used capital letters, ".PIF" and the network filters let the message flow right through. Other variations like .Pif, .pIf, and so on also work.

If your IM friend is already infected, there is very little that you can do to stop the link from being sent to you, but there are a few precaution steps that i would suggest to prevent the worm from getting into your system. Use IM in a Virtual Environment This is at the moment, my best suggestion. It may require a little extra effort for you to activate the IM in a virtual environment, but i really believe it is better to be safe than sorry. Using IM within a virtual environment decreases your percentage of getting worms like this one into your system ,down to nothing. Any worms that tries to infect your PC will be stuck in the virtual folder. If you would like to learn more about Virtualization, read this : Read Virtualization Article. Ask Ask your friend whether the link is legitimate, just make sure it was a human that sent you the link, not a bot. Sounds a bit silly for some people to do this, but there is not harm from asking, there is a lot of harm that follows a worm though, if it infects your PC :-) Skip the .pif file and it's variations Well, this is just common sense, but i still wanna point it out. Microsoft must have good reasons for filtering out this extension, it is best if you follow them. Just in case one of your friend is trying to prank you because you didn't invite him/her to share pizzas with you the other night. By following the three suggestions of mine, hopefully none of you will get infected from this notorious worm (i am hoping i won't get infected again this way, once is more that enough :-)) Read the original article from Kaspersky : Read Original Article

Recommended Free Defences For Normal PC Users

nospam@example.com (jumanjisama) — Mon, 25 Sep 2006 10:10:41 +0800

OK, let me first define normal PC users. This species of people just use their PC to do their work or surf the Internet to check emails, to send email, to read news, simply put, they just browse the net, no more. Chatting using Yahoo Messenger or Windows Messenger may be also added to the list, though this actually increases the channel of threats the user is vulnerable to. If you are classified as normal PC users and aren't using any security applications to protect your PC, then you may want to read this article. If i may class the users, i will say it would be something like this: 1st level, threat vulnerability = low -Check e-mails, and -Send e-mails, and/or -Only browse the web, and/or 2nd level, threat vulnerability = medium -Same as above, and -Chatting using Instant messengers, such as Yahoo Messenger Users categorized in the first level are the one most suitable to use free security applications, but users in the 2nd level may need to be more cautious if they also choose to use free security software. Free Anti-virus Free AV from Grisoft or AVG is my first recommendation. I have experiences using it before, it had served well defending my PC from infections. You may get your own copy of AVG by clicking on this link : Get Free AVG . Installation and usage of the program is quite simple and well organized. You should have no problem using this piece of software. It supports email scanning and on demand scanning. My second recommendation is Bitdefender free edition. But since Bitdefender only supports on demand virus scanning, i wouldn't suggest for frequent Internet and instant messenger users, even the provider seems to think it that way.

BitDefender 8 Free Edition is an on-demand virus scanner, which is best used in a system recovery or forensics role. If you are on an "always-on" Internet connection, we strongly advise you to consider using a more complex antivirus solution.

You can download the free copy of Bitdefender at : Get Free Bitdefender Free Spyware Scanner/Remover Again recommending another free security application from Grisoft, Ewido. Evaluating Ewido for all the time it had protected my PC from spywares, it must say, it is an awesome free software. Updates are frequent and it can even detect unknown threats, which is a plus to the product. Try it for yourself : Get Free Ewido Another spyware scanner and remover that i would like to promote is the AdAware from Larasoft. It is popular free software, most probably you have already heard about it. AdAware boast about it's Code Sequence Identification (CSI) technology, which allows the software to detect unknown malware infection. Other than that, Larasoft also offers addon's for Adware at it's website. Just choose which addons that you like, download and install it. Like Ewido, AdAware hasn't yet failed me when it comes to detect irritating spywares in my PC. Dont take my word for it, download and test it : Get Free AdAware That are the four main free defence software that i highly recommend. Just keep in mind, i wouldn't recommend them if i haven't personally tested and used them in a period of time. But just a reminder from me, no one security software can protect you from all the threats out there in the Internet, my suggestion is, use a couple of software to give your PC more protection. In this case, unfortunately for the Anti virus, you may just choose one, but for the spyware protection, you may use both. Like the old saying goes, two heads are better than one :)

Sandboxie - Working In A Virtual Environment

nospam@example.com (jumanjisama) — Sun, 24 Sep 2006 08:32:08 +0800

I spent the whole day testing and playing with the Sandboxie. Despite it's simplicity, i found that there are a few adjustment and things that i need to get use to, if i want to continue using this application. If you don't know what Sandboxie is, please read my previous entry, it may clear things up a bit for you. But in case you already know, you may just continue reading this post, as i share with you what i have gain, in the hope that it may help you to use the Sandboxie easier. In case you are also interested in testing this piece of free virtualization software, you may go to the Sandboxie dedicated website to get you own copy of Sandboxie version 2.60: Download Sandboxie, but this isn't the latest release, there is another newer version, Sandboxie 2.62, for some unknown reason, the author has decided not to publish this release on the official download page. Personally, i would recommend version 2.62, as it has improved security measures implemented. Anyway, Sandboxie is relatively a small sized software, only around 250kb, so downloading it shouldn't take very long, even for dial-up users. After you have downloaded the application, you can install it right away. The installation is pretty simple and straight forward, nothing a beginner can't handle. When Sandboxie has been successfully installed to your machine, you may start using it right away. Double clicking the Sandboxie shortcut in your Desktop or Start Menu will bring a yellow 4 angle image to your tray icon.Right clicking on the yellow icon will bring out the option pane of Sandboxie. Run,View and Delete Sanboxed Programs To start using Sandboxie to browse the Internet, you just need to right click on the yellow icon and choose Run Sanboxed->Default Browser or, if there are more than one web browser installed in you PC other than Internet Explorer and you want to sandbox Internet Explorer instead, just click Run Sandboxed->Internet Explorer. Your web browser should appear with '[#]' symbol at both ends of it's name, for example: Examples using sandboxed Internet Explorer, Opera and Thunderbird Other than that, you will also notice that the yellow icon have red dots in it now, it is a sign that Sandboxie is active and currently running application in a virtual environment. Other than browsing the net with the protection of Sandboxie, you may also do other things. If you want to install a software but not sure it is infected or not, you may sandbox it, just right click the yellow icon again and choose Run Sandboxed->Any Program: Then a small vertical window will appear, click on browse and go to the place, where the software you want to test, is located: Again, a [#] symbol will wrap the name of the application's name, just like the example i showed above. Other than testing an installation, you may also follow the same steps (Run Sandboxed->Any Program) or choose Run Sandboxed->From Start Menu,to run any program on your PC, such as p2p application. You can download files using p2p such as Limewire or Bitcomet with very little or no risk at all if you run them within the virtual environment provided Sandboxie. All you need to do is right click on the yellow icon, choose Run Sandboxed->Any Program or From Start Menu, and select any p2p or program of your liking. Any infection or threat that may come from downloading a file using p2p will stay in the virtual environment and will not disturb your main system. But just as a reminder, if you were downloading using a sandboxed p2p application and wish to continue the download later, you will need to continue the download with a sandboxed p2p application too, otherwise, your may not continue the download from where you have stopped. In another situation, you have downloaded an executable file from the Internet and the file is situated in the virtual environment, you need to right click the yellow icon, choose Run Sandboxed->Windows Installer Service, in order to enable the executable file to installed right from the virtual environment. There is also option to run sandboxed email reader, right click the yellow icon, choose Run Sandboxed->Email Reader, this way, any malicious attack from your emails won't interfere with your system. To check what programs are running sandboxed, you just need to double click on the yellow icon, and a window will appear showing all sandboxed application, almost similar to this one below: If you want to terminate all sandboxed processes, just right click the yellow icon, Terminate Sandboxed Processes->in Current Sandbox or In All Sandbox, if you have more that one sandboxie running. Within The Virtual Folders To view files that is contained in the virtual environment, for example, you have downloaded a file from the net while using a sandboxed Firefox, the file will be located in this folders, just right click the yellow icon again, choose Content Of Sandbox->Explore Contents, the start browsing trough the folder. In case there are files in the virtual folders that you want to retrieve or bring it outside of the virtual folders, just choose Content Of Sandbox->Recover Files A window will pop-up listing all the possible files to be recovered,then,you may choose to place the file to the same folder it should have been if it was downloaded outside the virtual environment (downloaded the way you use too) , by clicking Recover to Same Folder on the window. But if you decided to place it somewhere else, the just click Recover to Any Folder. Another window will appear,you just need to browse to the location where you want the file to be. If you want to delete all the files within the virtual folders, just choose Content of Sandbox->Delete Contents. In case there are still files that can be recovered within the virtual folder, you will be prompted if you want recover the files or just delete them. After you have decided what are you going to do with the recoverable file, you will be asked whether you want to continue all files within the virtual folders. One thing you need to remember, if you have made any changes in your browser, such as bookmark a new site, while the browser is sandboxed, the bookmark will be lost if you didn't save it using extensions like Foxmark or using social bookmarks like del.icio.us. Changing the Virtual Directory Sandboxie default path for it's virtual folders are under the drive C: , and this can be a bit if problem for some of you if you made C: your Windows partition, which usually has small harddisk space, aroun 10GB only. If this is the case, then you need to reconfigure the Sandboxie.ini file, which is located in the Windows directory, or you can just double click the yellow icon, go to Configuration->Edit Configuration. Upon clicking on Edit Configuration, a text editor will pop-up, and what you are seeing is the content of the Sandboxie.ini file. What you need to find in this file are lines almost like this one: [GlobalSettings] ConfigLevel=1 BoxRootFolder=%apps% At the BoxRootFolder line, in the %apps% area, you may enter the path that you want your virtual directory to be, lets say in drive X: and in folder Virtual, the path will be X:\Virtual\ Remember one thing, the configuration is case sensitif, if you put x:\Virtual\ or X:\virtual\ it will not work. Other than editting the SandboxINI file,you can change the folder path by going to the Sandbox Control, click Configuration->Global Settings->Set Sandbox Top Level Folder, and set your desired path there. Then, after you have edited the path, you need to reload the configuration, just double click the yellow icon again and go to Configuration->Reload Configuration, and you are done, but your setting will only affect applications running after the configuration is editted. Thats all from me, i think i have covered all the basics. If you want to know more about configuring the sandboxie.ini file, please click : More Sandboxie.ini . Good luck and hopefully you guys aren't furious about my extra long entry. :D