October 21st, 2008

Posted by Andrew Nusca

A fascinating — and horrifying — new article in The New York Times offers the lowdown on “zombie computers,” the half-a-million-or-so machines that are converted, assembled into systems called “botnets” and forced to do a shadowy figure’s bidding, namely in the form of automated programs that send the majority of e-mail spam, illegally seek financial information and install malicious software cheap generic cialis on still more PCs.

Lock up your Windows and children!

In what sounds like the plot of 28 Days Later — computer “rage,” anyone? –  the Times reports that botnets are alive and strong, according to shadowserver.org, a site that tracks such things:

“The mean time to infection is less than five minutes,” said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators. The team is tackling a menace that in the last five years has grown from a computer hacker pastime to a dark business that is threatening the commercial viability of the Internet.

Great Scot! The simple reality of these bots is terrifying to the security-minded: Any computer connected to the Internet can be vulnerable. Botnet attacks can come with their own antivirus software, permitting the programs to take over a computer and then effectively remove other malware competitors.

According to the article, Microsoft investigators “were amazed recently to find a botnet that turned on the Microsoft Windows Update feature after taking over a computer, to defend its host from an invasion of competing infections.”

Good lord. What’s more, botnets have evolved quickly to make detection more difficult, recently using “fast-flux,” a technique that generates a rapidly changing set of Internet addresses to make the botnet more difficult to locate and disrupt.

Yikes. So what’s a user to do?

First, take Microsoft’s Malicious Software Removal Tool out for a ride. Then make sure your firewall is up and you’re up to date with all security patches.

Then pray. Because these zombies are hard to find, much less kill. Just last week, Secunia, a computer security firm,  tested a dozen leading PC security suites and found that the best one detected only 64 out of 300 software vulnerabilities.

Posted by Ed Bott

Fellow ZDNet blogger Jason Perlow helped a friend and colleague buy a new PC and migrate her data and settings from the old machine (Windows XP) to the new one (Windows Vista). He documents the process in The New Adventures of Christine’s Old PC.

I tip my hat to Jason for his dedication to a friend, but as someone who has been doing this for years, I shook my head at the way he turned what should be a straightforward procedure into a weekend-long geekfest, complete with the transformation of the old, slow, obsolete, spyware-ridden computer into a virtual machine on the new one. In my opinion, that’s overkill for everyone involved. (Update: Jason defends his approach in this follow-up post.)

Over the years, I’ve done this process dozens of times for business clients, family members, friends, and neighbors. I’ve got the process down to a series of checklists, all built around some core principles. First, this is a great opportunity to get rid of clutter and get a fresh start. Second, the best way to transfer data from the old machine to the new one is by physically attaching the old hard drive to the new PC. Anything else, as Jason discovered, is likely to bog down. And finally, spending time upfront figuring out what needs to be transferred and what doesn’t can save hours of time and headaches later.

Jason brought along a huge USB hard drive and a thumb drive. I agree that a USB flash drive can be useful for some small tasks, but I prefer to skip those intermediate transfers whenever possible. Trying to do large-scale data transfers with USB flash drives and cables can be problematic, especially on old, slow, problem-plagued machines, as Jason discovered. Why spend hours moving tens or hundreds of gigabytes of data from the old machine to a USB drive only to have to do it again with the new PC? Skip the two-step and do what I do: bring along a SATA/IDE-to-USB converter. Newegg sells Syba’s version of this device for around $20 including shipping. I own a couple and can recommend them without hesitation. An external power supply feeds the DC connector on the drive, and a two-headed adapter lets you connect any SATA or IDE drive directly to a USB port on the new PC. While the contents of the old computer are transferring to a folder on the new PC, you can tackle other tasks.

But before you do any of that, sit down in front of the old PC and talk to the client about what they want to accomplish with the new system. The steps in this phase are designed to make sure you don’t get stumped somewhere along the way with a detail you overlooked.

I start by sitting down in front of the old PC with the client. And yes, I make them do this with me, because it’s a great way for me to learn what they think is important and for them to learn that the inner workings of their computer are not a mystery. Here’s what we do:

• Open the Programs window from Control Panel and take inventory of all installed software on the old PC. Decide which programs you want to install on the new machine and which ones will be replaced or completely scrapped. Make sure you verify that the old programs are compatible with the new hardware and OS and that there are no known installation or upgrade issues.
• Create a new folder on the client’s desktop and call it NEW PC. You’ll use this folder to store drivers, program updates, and exported settings that can’t be easily copied as files from the old PC.
• For programs that will make the leap from old PC to new, gather installation media. If installation of any program requires serial numbers or other information to complete installation or activation, write that information down in a text file and save it in the NEW PC folder. If any programs you plan to install require updates or patches, download them and save them in a subfolder of the NEW PC folder.
• Write down login information for e-mail accounts and other online services. Save this information in a text file in the NEW PC folder.
• If you need to use custom settings to connect to the Internet or to a local area network, write down those settings and save them in the NEW PC folder. This is most common for notebooks, where setting up a wireless connection requires that you enter a network encryption key.
• Take inventory of external hardware (scanners, printers, MP3 players, and so on). Verify that any device you plan to connect to the new computer is compatible with the new hardware and operating system. If necessary, download the latest driver and any required support files and save them in the NEW PC folder.
• Find all digital media (photos, music, home movies, etc.) that the client considers valuable and make a note of their location. Consolidate them in a single folder with subfolders, if possible.
• Identify all digital music that the client has downloaded or purchased. If any of them are from the iTunes Music Store or another source that uses DRM, make sure that you know how to transfer licenses to the new PC. (For iTunes users, now is a good time to deauthorize the old computer.)
• Open the client’s e-mail program and export the address book to a file buy cialis no prescription that can be imported on the new PC. Save this in the NEW PC folder.
• While that e-mail program is open, make a note of where e-mail messages are stored and in what format. If necessary, export the messages to a file and save that file in the NEW PC folder. (For Jason’s friend, this step wasn’t necessary, because the data was in an Outlook PST file. If she had used Outlook Express, I would recommend the procedure in this Knowledge Base article.)
• Open the client’s preferred web browser and export all bookmarks to a file that can be imported on the new PC. Save this file in the NEW PC folder.
• Burn the contents of the NEW PC folder to a CD or copy them to a USB flash drive. For this job, I actually prefer a CD, which can then be stuck in an envelope along with program disks and manuals in case the client needs it again later.

There. Now you can shut down the old PC, use the SATA/IDE adapter to connect its hard drive to the new PC as a USB drive, and begin selectively restoring your backed-up data and settings, taking advantage of this opportunity to clean things up thoroughly. Here’s the order in which I do things:

• First, I remove all crapware and trial programs from the new PC. If the system came with an antivirus program and the client plans to use a different security solution, get rid of the old one first, before going even a single step further.
• Set up the Internet/network connection and download all available Windows updates.
• Set up the client’s e-mail on the new machine and verify that you can send and receive mail. I prefer to start with a completely clean inbox and leave the old mail in a separate PST (for Outlook users) or in an Old Mail folder for any other program.
• Restore the e-mail address book from the old machine.
• Reinstall the programs that you decided were worth keeping from the old machine. Be sure to install any updates or patches for each one, and then open the program and verify that you can create and save data files.
• Set up your external hardware, using the drivers and support software you downloaded previously.

This is usually the point where I stop and do an image backup using Complete PC Backup from Vista Business or Ultimate. If this option isn’t available, I like Acronis True Image, which is available in a 15-day trial version. If the PC in question has a Seagate or Maxtor drive, you can download the free OEM version of Acronis’ software (Seagate DiscWizard or Maxtor MaxBlast 5, respectively).

Finally, I’m ready to begin moving data from the old system to the new one. You can use any of the third-party programs I listed in the previous paragraph to repartition the main drive on the new PC and then clone the old drive to the new partition. (This works best if the old PC has a relatively small hard drive and the new one has a much larger drive, which is likely to be the case with most consumers upgrading a four- or five-year-old PC.) I prefer to clone a drive rather than simply copy files, because it guarantees that every file from the old PC will be available on the new one, even obscure settings and data files buried in hidden subfolders.

Because the new PC has up-to-date antivirus software, you can scan the old drive for viruses before or after transferring data files. Then it’s a matter of identifying the user’s documents, digital pictures, and music, and putting everything in the right place.

And we’re done. Disconnect the old drive and put it back in the old PC. I usually leave the old system around for a week or two until the client is confident that the new system is working properly. Once it has passed muster, I return and wipe the old system clean, restoring the original operating system and getting it ready to pass along to someone who can use it.

That’s how I do it. This rarely takes more than a few hours, and when I’m done the client has usually learned some important skills along the way, making it more likely that they’ll be able to steer clear of trouble in the future.

So, what tricks do you use to make this chore faster and easier?

Q:
Some of the programs I use quite frequently on my computer seem to crash an awful lot. Why do they keep doing that and is there anything I can do to prevent it?

A:
If you have started to see a "crash" increase in either your Windows operating system or any other programs you use, luckily, there are a few things you can do. Let's take a look!

First, if the same problem is repeated regularly, you should take down some notes about your actions that led up to the crash. Try to remember your sequence of actions and write down everything you did up until the time the program stopped working. Make sure you take note of the contents of any error messages or other dialogue boxes that may have come up on your screen as well.

After you have everything written down, you're going to want to go to the program manufacturer's Web site. There you can look for a patch or an update you might be missing that can solve the crashing problem. A lot of times, that's an easy answer. If the patch or update already exists, you can just take care of the problem right then and there. If it doesn't have a fix, you can try to find something by doing a search for the product's name, including some of the symptoms you're experiencing while using the program.

Another thing you can do is check your Windows event log. Windows often logs details about system and application crashes. To access the event log, right click on your My Computer icon and choose Manage. Once you're there, look in the left pane and find Event Viewer. Go ahead and click on the little plus sign (+) to expand it. That will bring up three different sections: Application, Security and System. Choose Application. Once you do that, you will see a list of different actions in the right pane. There are quite a few of them, so I will give you some time to look over them.

Okay, now, if you see any that have a red X next to them, it means your system found a serious problem with that particular application. When you double click on the red X, an Event Properties box will appear. That will give you some information about what happened to cause the application to error out, etc.

Even though you have that information, it may still be hard to decipher what's really going on. If that's the case, Microsoft has a database called Event ID that you can use to get more information. Go here to see Event ID. You will have to enter all the information you know about the application and the problem in order to get a result. Once you have it all filled in, click Go and you will be taken to an explanation.

Another place you can go (which seems to be more preferable) is EventID.net. That allows you to take the Event ID and source of the application error (found in the Event Properties box we talked about earlier) to see a description of the problem. The site also includes other acheter cialis original users' experiences with the same error, along with some possible solutions to fix the error problem. You do have to subscribe to the Web site, but it's only $9 for three months worth of help or $24 for one year.

Either of the sites may help you better understand why your programs keep crashing on you. They could definitely save you some peace of mind as well, so give them a try today!

Q:
I heard the term "wikis" the other day. What does that mean?

A:
Ah, yes, the famous wikis term. I love this question, so thank you very much for asking. I think I love this question so much because of the answer, which just happens to be something I myself use quite often. It seems as if different types of wikis have been popping up all over the Internet these days, so some of you may have already briefed over this before. Either way, keep reading to learn more about the awesome things that make up wikis!

Just to give you an idea, the most popular wiki is called Wikipedia. (You may have heard of this one before). It's a huge online encyclopedia that always offers definitions, explanations, etc. on any term you look up through the Google search engine. Wikipedia offers up more than a million articles on all sorts of subjects. It's also among the top 100 most popular Web sites in the world.

Now, back to wikis themselves. All the other wikis available today are massive online resources that anyone can access. They are just full of simple, plainly laid out information. The simplicity is their highest selling point, because people just flock to simple things. Don't you? I know I do! I like to keep things as easy as possible in every situation. Along with the simplicity, wikis are easy to find for anyone who uses the Internet regularly.

The next thing that makes wikis so popular is that anyone who goes in and reads the information provided can edit it if they deem it necessary. If you feel there should be some changes made to an article, just click on the Edit link at the bottom and you can type in or delete what you want. You and everyone else who use the wikis act as a community to keep the information factual to anyone who reads it. Everyone works together to keep spammers away and to make sure everything stays reliable. Editors, writers and the administrators of the wikis also work within the community.

Some of you may be hesitant to trust the information from the sites, but that's where the community and the community tools come into play. The wikis provide a set of tools for anyone to use while they visit a site. Some of those include a revision history, a watchlist, a recent changes page, etc.

Some of the other popular wikis are WikiTravel, WikiHow, Wikitionary and SwitchWiki (and don't forget Wikipedia). You can find any of those and more by doing a Google search online. If you haven't already, check out some of the wikis. They are awesome propecia worked for me sources of information and you'll be amazed at what you can find!

A tool like Spider 3 can protect sensitive data with little effort or cost.

—————————————————————————————

There are many reasons why you would want to do a thorough scan on a PC for specific data. You could be recycling computers, bringing in new employees (to take over previous employees’ machines), or simply removing sensitive information from a permanently networked machine. Regardless of your reason, a 120GB hard drive is a large drive to manually search for strings of data. But with the help of Cornell University’s Spider tool, this task becomes quite a bit easier.

Spider works by scanning archive, normal, compressed, and temporary files (so long as the file isn’t locked for use or encrypted) for data types such as U.S. Social Security numbers, Canadian Social Security numbers, credit card numbers, U.K. National Health Insurance numbers, and any data type for which the user supplies a regular expression. Spider can be run in two different ways: GUI and command line. And best of all, Spider is open source and crossplatform (Windows, OS X, UNIX.)

This blog post is also available in PDF format in a TechRepublic download.

Getting and installing

You first need to download the correct binary package (which includes the source) from the download Cornell University security tools page. For Windows you will be downloading a compressed .zip archive. Uncompress that file, and you will have a new directory called “Spider_release.” Inside this folder is a README, a installation binary, and a directory containing the source propecia order code. Double-click on the installer package to install Spider 3.

The installation is a no-brainer. Just let it do its thing, and you will wind up with a new entry in your Start menu. This entry, Spider 3, contains three subentries:

Starting Spider 3

From the Spider 3 menu, click the spider_3.0.exe entry to fire up Spider 3. The first window you will see is the main window (there is no initial configuration). Figure A shows the main window ready for a scan.

Figure A

Not much to it on the outside. It’s what’s on the inside that counts.

If you click Run Spider, you are going to initiate a default scan that will scan drive and network shares for strings matching: 15-string credit card numbers and U.S. social security numbers. This scan will create a log on your local drive (it is critical that this file be deleted when you are finished examining Spiders’ findings).

So click Run Spider. The window will only change by showing what file the application is scanning (see Figure B).

Figure B

If Spider is taking a long time on a particular file, you can skip that file by hitting the Esc key.

During the scan you will probably notice when Spider locates any multimedia files because it will slow down. This is only because of the size of the file. As stated above you can skip this file by hitting the Esc key. If you have a lot of these, this process can be a pain. Fortunately Spider 3 has a way around this.

Configuring Spider 3

From the main window, click on the Configure menu and select the only entry: Settings. From this window (Figure C) you can take care of every possible Spider configuration you could hope for.

Figure C

Any time you feel you have monkeyed with the options beyond recognition you can reset to default.

Say you do not want Spider 3 spending too much time with your music collection (and any file associated with said collection). To avoid this, you will want to go to the File Extension Management tool. To get there, click on the Scan Options tab and then click the File Extension Management button (see Figure D).

Figure D

As you can see the default skip list is fairly lengthy.

By default most media extensions are already included in the skip list. But say you have another type of file (or even an in-house file type) that you want to skip. To add a new extension to skip is simple. Click on the Add button under File Extensions to Skip, which will open up a new window (Figure E).

Figure E

Once you have added the new extension, click OK and the window will close.

Naturally, depending on the size of the drive and the amount of files on the drive, the scan can take quite some time. But once the scan is done, the log viewer will open to show you the complete results of the scan.

Viewing the results

Once the scan is complete, the Spider 3 log viewer will automatically open. This log viewer is a very helpful tool in that it gives you instant information on each file and what hit type Spider 3 has found. Take a look at Figure F. You will see a number of files that drew flags from Spider 3.

Figure F

I actually had more hits than I thought I would.

When you highlight a suspected file, below the file listing you will see all the information you will need to have. In the example above you can see that the file klein.pdf is flagged with a credit card number. I happen to know this is a false positive, so I can ignore that file. However there were file listings (not shown) that did have bank account information. Those files had been backed up, and their location was mostly obfuscated. So I most likely would have completely forgotten of their existence. Thanks to Spider 3 I can delete them.

Taking action

To take action on a file (which basically means to delete the file), you do not have to open up Explorer and navigate to said file. Instead you can simply highlight the file within the log viewer and click the Erase or Delete File button.

Now the Run button is interesting. Say the file flagged has an associated application (for example Adobe Reader for PDF files). If you have a PDF file highlighted, clicking the Run button will open that highlighted file in Adobe Reader. This is a quick way to view the file to make sure Spider hasn’t hit a false positive.

Final thoughts

Without applications like Spider 3 many people would be exchanging PC hard drives with very sensitive data on them. But thankfully applications like this do exist and they are simple to use. I would highly recommend Spider 3 to any IT admin (or even home user) who wants to make sure sensitive data is not found on their hard drives.