Windows Secrets Newsletter • Issue 117 • 2005-01-20 • Circulation: over 400,000

These days I strongly recommend that all serious internet users have some form of intrusion detection software (IDS) on their PCs.

This is one of the reasons why last month I awarded the IDS product Prevx, my annual "Freeware Product of the Year."

However judging from the email that I’ve been getting from subscribers it seems folks are a little confused about how this software fits in with their other security software such as their anti-virus scanner, spyware scanner and firewall.

Let me clarify the situation:

IDS software is not intended to be a substitute for your other security products.  It should be used in addition to those products.

Its purpose is to provide another layer of protection for your computer. It’s there to catch intruders that might have been missed by your anti-virus scanner and other security products.

Yes, your anti-virus scanner can miss malware products. So can your Spyware scanner. No security product is perfect. Most are pretty good but perfect, no.

Defending your computer is very like defending a medieval castle. Castles were defended by moats, drawbridges, fortified walls, armed guards on patrol, fortified inner keeps and more.

Castles had layered defenses; they didn’t rely on one form of protection but used many. The same principle should be applied to defending your computer.

ID software plays a similar role on your computer to armed guards patrolling the castle walls.  Its role is to stop any bad guys who may have breached your computer’s primary defenses.

Can you imagine a castle surviving in the long run without guards to man the walls? Ditto for your personal computer without ID software.

Maintaining armed guards is not free. Nor is running ID software. Even if, like Prevx, the software itself is free, it will still cost you processing power to run the software and it will cost again by inconveniencing you with false alarms.

And the cost is not trivial. Some ID software consumes so much CPU power that it will really slow down all but the fastest PC’s.

False alarms, too, are common. Just like the guards on your castle walls shouting "The Visigoths are coming!" when it’s really the castle’s daily beer delivery, so too will your IDS regularly alarm you of an invader when in reality it’s only some harmless activity such as one of your software products checking for an update.

IDS products vary widely in the amount of CPU power they consume and their propensity to sound false alarm.  They also differ greatly in the protection they provide.

Selecting the right product is not easy. It involves trading off the degree of protection provided against the resources used.

To help you I’ve prepared a short guide to choosing the right IDS software product for your PC. Several of the products listed are freeware.

The guide is available right now for free from the Tech Support Alert web site at http://www.techsupportalert.com/intrusion-detection.htm

Don’t leave your castle walls undefended. If you are a serious internet user and are comfortable installing security software I suggest you check out the guide and seriously consider installing an IDS product appropriate to your needs.

See you next month.

Gizmo

The easiest way to play with Linux without messing up your Windows installation is to use the free CD-based Knoppix distro (distro?). All you need do is boot from the CD and within a minute or so you’ll have a full working version of Linux. Pull out the CD and you can boot into your normal Windows system. Discover more from the free downloadable 134-page book, "Knowing Knoppix.  It includes a very useful section on how to use Knoppix for Windows disaster recovery. http://www.pjls16812.pwp.blueyonder.co.uk/knowing-knoppix/index.html http://knopper.net/knoppix/index-en.html

One of the best ways to download large files like Knoppix is through BitTorrent. Unfortunately, several of the best BitTorrent index sites including suprnova.org have been shutdown recently by the dudes from the MPA. I have no problem with copyright holders protecting their assets but when my access to legal files is affected I feel distinctly peeved. Luckily there are many alternative sites. You’ll find a good list here: http://www.orbdesign.net/bt/

Thanks to subscriber Hans-Peter Dollhopf for letting me know about the Windows XP A to Z site that offers a comprehensive set of XP tips, tricks and resources.  It’s not the largest site I’ve seen but still well worth visiting.  Make sure you check out the "Performance" section. http://www.windowsxpatoz.com

Thinking of dropping Microsoft Office? Then check out this CD that combines the latest version of OpenOffice with the latest version of Firefox. There are full implementations for Windows, Linux and Mac. That’s a lot of great software for $29.95. http://www.oooff.com/

Here’s the scam. You get an email from your bank telling you about a new feature or offer. You click a link and go to the bank site, whose authenticity you naturally check.  It looks fine. Indeed you ARE at the real site.  Now the scam begins: a popup window appears saying to sign-in to see details of the banks new feature or offer. Innocently you type in your password and another popup window appears with details of the offer. At the bottom of the window it suggests to log out for your security, which you naturally do.  It all looks very normal but by now your password is on a hacker’s PC in North Korea or wherever. Nasty eh?  These phishing things are getting too sophisticated to easily pick. I think users should start treating all email from financial institutions as fakes unless you verify otherwise by phone. Think you can’t be fooled? Try picking these: http://www.netriplex.com/phishfraud/phishing_test.aspx

I’ve spoken with enthusiasm about using VMWare WorkStation and similar products to create a secure sandbox test PC or simply to run multiple operating systems on one PC. The system is ideal for evaluating programs and patches or for testing products across multiple operating systems in a secure and controlled environment. If you need more assurance, check out the first link below which is a review of VMWare WorkStation from the folks at Extreme Tech. If the review fires your enthusiasm, use the second link to get a 30-day trial from VMWare. Alternatively, use the third link to download a 45-day trial version of Microsoft’s virtual machine product called VPC. Cheapskate techies may want to use the last link which takes you to a free, open source CPU emulator that can be used for VM application. It works but it runs rather slowly and is a lot more hassle than the slick commercial offerings. http://www.extremetech.com/article2/0,1558,1624079,00.asp http://www.vmware.com/ http://www.microsoft.com/windows/virtualpc/default.mspx http://bochs.sourceforge.net/

The Mozilla site has a whole section dedicated to Firefox tweaks. It’s not suited to raw beginners but all others will find much of interest. http://www.mozilla.org/support/firefox/tips

A number of malware products evade detection by taking over the MBR on your hard drive. Cleaning them out is not all that difficult – just follow the instructions outlined here: http://www.itechs-systems.com/articles/a5.htm

This multi-part report from a SANS security worker illustrates with a specific example exactly what can take place when a PC gets infected with spyware. In this instance, a single visit on an unpatched PC to a malevolent web site resulted in 15 executable files downloaded giving the attacker complete control of the infected PC. The owner of the PC would have been totally unaware of what had happened.  If you have a technical interest in PCs, I strongly suggest you read this article. It will give you a realistic appreciation of the complexity and sophistication of the current crop of exploits. http://isc.sans.org/diary.php?date=2004-07-23