WOW! That’s the typical response when people’s computer boots up in half the time it did just 10 minutes ago. Chances are quite good you can have this experience. Assuming your Windows computer is spyware, adware and virus-free, there are 5 simple steps you can easily do yourself or have your favourite IT person (we hope he/she is a Nerd On Site, of course) take care of for you:

1. MSCONFIG – every since Windows 95, Microsoft has made it fairly easy to manage all the programs that automatically start with your computer. Here’s what mine looks like on one of my Windows computers:
   If you are not sure which ones you need or don’t need, it is safe to uncheck most or all of them (and restart computer) and then selectively re-enable one at a time (and restart) to enable what you really need. Often there are programs in here for multi-function printers and other devices you may have connected. In some computers, the large majority of programs that load here and take all of YOUR precious time away by taking forever to boot are completely unnecessary.
2. 15% or more free disk space
   
   I know most of us are guilty of being pack-rats, right? I mean why throw anything away since it doesn’t actually take up any physical space, right? As it turns out, once you’ve reached 85% of your hard drive’s capacity, the computer will take a turn for the worst in terms of performance so keep lots of disk space free. If you’re past that usage now, here are a few tips to get you below that usage:
   • Obtain an external USB drive and copy archives to that drive. Copying, and then deleting the source is always a safer bet, by the way (as opposed to Moving a file).
   • Replace your hard drive with a larger one. This has always been my choice because it seems to be the easiest route since I don’t have to think as hard about which selection of videos or photos or large files I need to move to external drives.

   It used to be the case that defragmenting the drive increased the performance, but nowadays the performance is hardly recognizable because most drives are so fast anyway. Modern operating systems and filesystems are also better at managing fragmentation. Still not perfect, but good enough that running such a process separately will not usually make any noticeable difference.

3. Keep a clean desktop – if your desktop looks like this, you may want to simply create a new folder on the desktop and move everything into it – something like “Desktop Stuff”.

   
   You will be amazed at how much faster your computer starts up once you have no desktop clutter. The icons on the desktop actually take time to be retrieved and displayed, and that has to happen before you are able to run any other program.

4. Upgrade RAM
   
   If you’re still chugging away at 512MB or 1GB of RAM, adding more RAM is cheaper than ever and can dramatically increase not only the startup time of your computer but the speed at which all of your programs operate. In our experience, also a very common WOW! reaction follows a RAM upgrade.
   RAM upgrades you can typically obtain directly from the manufacturer, although that’s the priciest way to purchase. Of course one of our own team members would be happy to quote you as well on a memory upgrade on any type of computer. If you’re brave and wish to do this yourself, just make sure that whatever memory purchase you make is guaranteed to be compatible with your computer and you are able to return it if it doesn’t work. Some considerations to make when adding RAM:
   • Will you be able to add it to the existing memory or will it be replacing existing chip(s)?
   • Does it require pairs of chips to be installed?
   • What is the maximum your computer will take?
   • Are you running a 32-bit or 64-bit Operating System? 3 or 4GB are the maximum that 32-bit Operating Systems will recognize and/or be able to use?

   In extreme cases where some specialists operate intensive database programs such as simulations in health care research, maximizing on RAM and utilizing a 64-bit version of your Operating System may allow you to run your databases in RAM instead of the hard drive. If you spend a lot of time in front of your computer waiting, it may be worth consulting with an expert how extra RAM can result in dramatic productivity increase for you.

5. Clean install of Windows
   This one is not for the faint of heart. We call it a “wipe and reload” and it’s like having a shower! Only it’s a little harder and takes much longer!

   Provided there are no technical problems with the computer, this guarantees that the computer will run at least as fast as it did when it was new. The benefits of this “clean shower” is that your computer will feel just so very refreshed. An additional side benefit is that if you ever had any doubt about some software still lurking in there somewhere, you will now have the Peace of Mind that nothing is lingering behind. The essential process for a clean install of windows is as follows:

   • Make a complete backup of the entire computer
   • Ensure the backup is working and accessible
   • Re-install Windows from scratch
   • Restore your programs and data

   Depending on the amount of programs and data you have, this could be anywhere from a 1-4 hour process, and in extreme cases, perhaps even longer. Most nerds apply this process every 6-12 months at the most just to make sure the computer runs optimally.

The above list is by no means exhaustive, and they imply that you have administrative access to your computers, but if you pick out one, two or three of these you can apply with the least amount of effort, you may find it very worthwhile. Whether you do or don’t, we’d love to hear from you in our comments section below.

At least that’s the word from this banking industry report. The explosion of bogus antivirus “rogue” scams is largely responsible for the increase.

Targeted phishing attacks (spear phishing) have also risen sharply. Corporate bank accounts are still the juiciest targets, but medium and even small businesses are also being attacked because they often have lower levels of security awareness.

The past week has seen some major compromises of email passwords

Gmail, Yahoo, Hotmail, AOL, and others were attacked and the passwords were made public. The email providers have asserted that this was a massive phishing attack, but another researcher has suggested that it was the result of botnets or keyloggers. In either case, email account security is a BIG problem. The best defense – use strong passwords to defeat guessing attacks and use some COMMON SENSE – educate clients about the types of phishing scams that they are likely to encounter at EVERY opportunity!!

Not surprisingly, this has spawned a flurry of spam phishing attacks – some offering low prices on goods. Warn users and clients that an email that comes from a friend or colleague is not necessarily trustworthy – that person’s email account could been been hijacked.

Dennis H in West Virginia, US

October 7, 2009

This will come as no big surprise to most of us, but the threat model for cybersecuriy has shifted considerably in the past couple years. Believe it or not, operating system security has gotten better. The number of vulnerabilities is down, and more people are getting automatic updates and keeping their operating systems patched. This is the good news. By far the most common threats exploiting Windows vulnerabilities are variants of the Conficker / Downadup virus, which exploits a hole patched almost a year ago. Unfortunately, there are still lots of un-patched systems left to infect. Amazingly, Sasser and Blaster, those worms of old from 2003 an 2004 are still infecting unpatched systems!

Now for the bad news – the attacks have shifted to applications and web vulnerabilities. Applications that are exposed to the web, such as browser plugins like flash, and applications that open files that are commonly downloaded from the web, such as Quicktime and Acrobat Reader, have been a common source of infection. Most users and organizations are less likely to keep these applications up to date because they do not understand the risks.

Worse yet – websites are positively under siege. Password guessing attacks have become more prevalent, as have web application attacks, such as SQL injection attacks, PHP include attacks, and cross-site scripting attacks. Recently, many users with unpatched browsers were infected by simply visiting major commercial websites that were displaying malicious banner ads.

The final, an most disturbing, piece of bad news – social engineering, phishing, and spear phishing attacks are on the rise and have become even more sophisticated.

What do we do to help protect ourselves and our clients? First, check for unpatched applications in addition to checking for OS patches. We have discussed Secunia PSI in past Security Corner articles, but I want to do another article on it soon – it is a great tool for finding unpatched applications running on systems. Second, educate, educate, and then educate some more. Remind clients at every opportunity that the weakest link is always the users. We don’t want to be fear mongers or make people paranoid, but everyone must be aware and vigilant. Finally, web facing services MUST use strong passwords – this is the best defense against brute-force password guessing attacks.

Over the next couple of months, the Nerds On Site Security Team will be rolling out a number of services and tools to help you in this battle, including external and internal vulnerability scanning, regular port scanning for routers and gateways, intrusion detection and prevention, security policy creation and review, endpoint security, full-scale penetration testing, and user-awareness training.

If you have an interest in the changing security landscape, take a few minutes to look over the latest report from SANS. it covers the period from September 2008 to August 2009.

Dennis H in West Virginia, US

October 3, 2009

It’s NOT the Tax Man – It’s ZEUS

The biggest email phishing scam on the internet is aimed at Americans, but might even pull in a few Canadians who do business in the US. It asserts that US Internal Revenue Service is contacting you about unclaimed income. Most of us are afraid of those “two certainties” – death and taxes, so the letters “IRS” get our attention. The payload is Zeus (see the last Security Corner posting) – a nasty virus that could cost you more than back taxes.

Beware Dangerous Websites – Like Google and Yahoo!?

Banner ads can kill (at least kill your computer). Over the last few days, it has been reported that malicious banner ads have been displayed on major sites, including Google and Yahoo. Of course these ads exploit unpatched versions of flash. If you are using the latest version of Firefox, it will warn if you are running a vulnerable version of Flash.

Think Before You Tweet!!

Apparently, some medical students are not sufficiently thoughtful about their tweets, and some have even been expelled as a result. As consultants, we are often in possession of sensitive client information, so THINK BEFORE YOU TWEET, and remind clients to do the same.

Conficker STILL Not Dead

Sad, but true. Conficker is still a source of concern. It goes undetected on systems that have antivirus software running because it disables the protection. This virus is still evolving, but it is also still easily detected if you use the proper tools.

Dennis H in West Virginia, US

September 26, 2009

The password-stealing trojan Zeus, aka Zbot, PRG has gotten very good at evading antivirus. According to this study, 55% of the computers infected with this virus are running antivirus that is current. I was unable to find any information rating the ability of various antivirus programs to detect this threat, or whether it is detected by rootkit detection tools, such asRootKitRevealer, Blacklight, or Ice Sword.

Zeus, like many other malware infections, can remain on computers for a long time. According to this article,half of infected PCs have been infected for at least 300 days and four out of five had been infected for at least a month or had multiple infections.

MS Fights Scareware in Court

Microsoft is now taking a different approach to fighting back against the purveyors of “scareware” – by taking them to court. The problem is, most the culprits cannot be identified, so these are filed as so-called “John Doe” suits in the hopes that a judgment will serve as a deterrent to the malware writers if they are caught. Whether this will have any effect remains to be seen, but at least it sends the right message.

Google Safe Surfing Tool

For anyone who missed this week’s episode of Security Now!, here is a tip that is VERY COOL. Google indexes the directories of web sites and knows what is there. This gives them the ability to detect malware that is just waiting to execute a “drive-by” download attack on visitors with un-patched browsers or applications. By going to the following URL, followed by the URL of the website you want to check, you can get a report from Google (just going to this page will give you an 400 Bad Request error, but if you append the URL you want to check, you will get the report):

http://google.com/safebrowsing/diagnostic?site=

Dennis H in West Virginia, US

September 20, 2009

An excellent solution to add some speed while surfing the internet, has many useful features and once you get used to use is really useful.

Don’t just surf the web — command it!

Ubiquity is a time-saving Firefox extension that simplifies common web activities by letting you give commands to Firefox. Ubiquity includes about 80 commands for speeding up common web activities (searching, translating, mapping, emailing, etc.), but also provides an API so you can write your own commands using Javascript.

You can also share the commands you write, and subscribe to commands shared by other users.

To make it easy for users to run these commands, Ubiquity provides a unique pseudo-natural-language input method: You type what you want to do, and Ubiquity guesses what you mean and suggests the best-matching commands. For instance, you can select some foreign-language text on a web page, hit a hotkey to bring up the Ubiquity interface, and type “translate” (or just type “tr” and let Ubiquity figure out that you mean the translate command); then hit enter to have the selected text replaced, right in the page, with a translation to your language.

You can see a little demo or get it Here

Diego T in Cochabamba, BO

October 23, 2009

Vulnerabilities have been found in current versions of Foxit and Xpdf readers as well. Patches are not yet available, so open unsolicited .pdf files with care.

A new round of website attacks is also exploiting un-patched web applications. These can be difficult to detect, because the malicious files have the same directory and file names as legitimate files. Most previous attacks re-directed visitors to malicious sites, but this attack actually insert the malicious code on the site, making cleanup more difficult.

This does not mean that the previous methods are being replaced. In fact, there has been a resurgence of these previous attacks as well.

This highlight the fact that the attack trends have shifted from operating system attacks to application attacks. Most users are not as diligent about patching applications as they are about patching their operating systems. When servicing client computers, it is just as important to check for application updates as it is to check for operating system updates.

Dennis H in West Virginia, US

October 20, 2009

Today is “Patch Tuesday”, and Microsoft will be rolling out a record number of critical (8) and important (5) patches. There is also a patch for a critical vulnerability in Adobe Acrobat Reader due for release today. Adobe coordinates their patches with Microsoft’s patches to make the second Tuesday of every month doubly important.

Checker for Compromised E-mail Accounts

Here is a useful tool. Anyone with an email account on Hotmail, Yahoo, Gmail, or AOL should take a moment to make sure their account was not one of the 40,000 or so that were compromised recently. The passwords for the compromised accounts have been released publicly.

It’s Only a Drop in the Bucket – But It’s a Start

The FBI’s Operation Phish Phry won’t make much of a dent in the proliferation of phishing scams that have invaded users’ inboxes, but at least some effort is being made to find and prosecute the criminals responsible. 100 arrests is a modest start, but a start nonetheless.

Dennis H in West Virginia, US

October 13, 2009