February 15, 2009

Faster, Safer Surfing with OpenDNS

Techtip 205

Faster, Safer Surfing with OpenDNS

By Scott Nesbitt – Sunday, February 15, 2009

PullQuote205cialis pills width=”255″ height=”121″ align=”left” />Even with a high-speed Internet connection, you might find that getting to certain Web sites takes a lot longer than you want it to. There are a lot of reasons for this, but one of the bottlenecks is the DNS server that your Internet service provider runs.

You can get around this bottleneck, though, by using a Web-based service called OpenDNS.

DNS: A little background

DNS is short for Domain Name System. Among other functions (which you can read about here), DNS converts the names of domains from a string of numbers – for example, an IP address like 68.177.52.6 – to something a human can read, like www.geeks.com.

Internet service providers run DNS servers (also called name servers, which assigns a human-readable domain name to the string of numbers that represents an address on the Internet. When you type the URL of a Web site into your browser, an inquiry is sent to the DNS server and based on the information that's stored on that server, you're directed to the site in question.

While using your Internet service provider's DNS server is fine, you have to remember that everyone else who subscribes to that provider will be hitting the same server (or set of servers). That slows your surfing down.

OpenDNSEnter OpenDNS

OpenDNS maintains a network of DNS servers, which are distributed in various locations, including New York, Chicago, Seattle, and London. Your request to the OpenDNS servers are routed to the server nearest you. That generally means you don't have to wait as long as you would with your Internet server provider's often busy DNS server.

On top of that, OpenDNS has options for different kinds of networks – home, school, small or medium business, or larger companies. The basic features – like phishing protection and content filters – are the same, but there are also features specific to each kind of network. Like what? For example, a school using OpenDNS has the option to counter anonymizers, while a small business can take advantage of a reliable network that supposedly has no network downtime.

Setting up

Setting up OpenDNS is fairly simple. If you're a home user (which this TechTip is going to focus on), you can set OpenDNS for a desktop computer or a laptop computer, or a router.
The process involves three step:

  1. Changing the DNS settings on your computer or on your router
  2. Create an account with OpenDNS (this step is free)
  3. Tweak your settings at the OpenDNS Web site

How you change the DNS settings on your computer varies by the operating system that you're using. You can get the instructions for the operating system that OpenDNS supports here. And, as you probably guessed, the instructions also vary by the brand of router that you're using. If your router isn't in the list, there are generic instructions that you can try.

Other useful features

Once you've changed the DNS settings for your computer or router, you can take advantage of some of the useful features that OpenDNS offers by logging into your OpenDNS account and clicking Settings.
What settings are you likely to tweak? The one that you'll probably use most is content filtering. This enables you to block access to over 50 different types of content – ranging from adult Web sites to phishing and adware sites to ones that promote hate and discrimination. OpenDNS offers four preset filtering levels, ranging from high (blocks access to all seamy sites) to minimal (only protects against phishing attacks). You can also opt to pick and choose the filtering options that you want.

You can also block or allow access to specific Web sites which may not fall into any of the content filtering categories.

On the Settings page, you can click Advanced Settings to take advantage of some of the more interesting features of OpenDNS. Two that I've found useful are enabling network shortcuts and typo correction.

Network shortcuts enables you to assign a short name to a Web site. For example, you can configure the shortcut gc to take you to www.geeks.com. Once you set up the shortcut, all you have to do is type the shortcut in your Web browser's address bar.

Typo correction fixes any URLs that you may incorrectly type. For example, if you type geeks.cmo or geeks.ocm OpenDNS will automatically change the URL to geeks.com. However, sometimes this doesn't work and can be a bit of an annoyance as I'll discuss in a moment.

Drawbacks of OpenDNS

There are a few. Most of those drawbacks are minor, and here are the main ones.

As with any Web-based application, you're at the mercy of the application itself. While OpenDNS has impressive uptime, there's always a chance that the service could go down for an extended period of time.

Remember when I talked about the typo correction? Let's say you really butcher a URL – say, www.geeeks. instead of www.geeks.com. OpenDNS does something that many Internet service providers do. It redirects you to a search page, which may or may not have relevant results. On top of that, there are ads on the search page which not everyone appreciates.

After using OpenDNS for a while, you might find that some or all of the sites that you frequent don't load as fast as they did when you started using the service. This is because your computer saves DNS information in a cache. It uses the cached information whenever you try to hit one of those sites. The easy way around this is to clear your computer's DNS cache. How?

To do that, open a command prompt. In Windows, type the command ipconfig /flushdns and press Enter. In MacOS 10.5, type dscacheutil -flushcache and press Enter. In Linux, /etc/rc.d/init.d/nscd restart (you may have to do this as root).

Conclusion

OpenDNS is an interesting and potentially very useful service, especially if you want faster, smoother access to your favorite Web sites. You might not always get a huge increase in speed, but in many cases you'll notice a difference.

Best of all, it's easy to set up, well documented (the knowledgebase at the OpenDNS site is quite good), and it's free. Your best bet is to give OpenDNS a try. You'll probably find that it makes your surfing a lot faster and safer.

Filed under internet, tech hints by al

Permalink • Print • Comment

February 12, 2009

Does the glitch in .NET patching put you at risk?

Susan Bradley By Susan Bradley

People using Windows XP Service Pack 3 may not be offered all the .NET security patches their applications require.

However, if none of your PC's programs requires a version of .NET Framework, this problem will have no impact on your system.

My Dec. 4 cialis how it works title=”http://windowssecrets.com/links/casamqr63t9zd/a9dbach/?url=www.windowssecrets.com%2F2008%2F12%2F04%2F03-XP-Service-Pack-3-blocks-.NET-security-patches”>Top Story stated that, due to a bug, Windows XP SP3 users aren't being offered security patches for Microsoft's .NET Framework 3.0. I'm publishing this special column today because several of you asked whether your XP SP3 systems are at risk as a result of this glitch.

First I'll give you some background on .NET Framework, and then I'll describe how to tell whether you need to be concerned about the matter.

Microsoft created .NET Framework to provide building blocks for applications. .NET is not a component of Windows itself. I strongly recommend that you avoid downloading .NET until you install an application that requires one, at which time the program will likely install the necessary version for you.

To determine whether you have any versions of .NET Framework installed on an XP PC, open the Add or Remove Programs applet in Control Panel and look for entries reading Microsoft .NET Framework. If you don't see any such entries, you needn't worry about the update failure.

If you do see .NET Framework in the list of currently installed programs, you need to make sure you're receiving all the updates your system requires.

When you open the Microsoft Update service on Windows XP, you'll see buttons labeled Express and Custom on the Welcome screen. Click Custom to see three patching categories under Select by Type in the left pane: High Priority; Software, Optional; and Hardware, Optional.

Microsoft Update's list of optional updates
Figure 1. Clicking the Custom button on Microsoft Update's Welcome screen shows a list of high-priority and optional updates for your PC.

While all three categories can be considered security-related, in reality only the top section lists critical patches. The second section shows optional patches for Windows and your apps; the third lists driver updates.

Always install patches listed in the upper section. You can selectively install patches from the Software, Optional section, but I recommend that you never install driver updates directly from the bottom section. In the past, drivers I've downloaded from Microsoft's update service have caused problems. Instead, go to the vendor's own site and download driver updates from there. And remember: if the device isn't causing any problems, refreshing its driver software may be more trouble than it's worth.

When I tested several XP SP3 systems, the upper section of the update window — which lists critical security patches — looked much the same as it did on XP SP2 machines. However, SP2 and SP3 showed many differences in the middle section listing optional software updates, including those for .NET Framework.

There's a very good reason the updates in the middle section are listed as "optional." Until an application on your system requires .NET Framework to function, don't install any .NET Framework patches.

Microsoft's update service will offer systems running XP SP2 an update to .NET Framework 3.0, but machines using XP SP3 won't see it listed among the optional patches.

Because of this difference — and the fact that .NET installs can fail, as I discussed last week — I urge you to regularly use a third-party software-update service such as Secunia's free online Software Inspector or the company's standalone program, Personal Software Inspector (obtain PSI from its download page), to check the vulnerability of your PC's software.

PSI scans for outdated and vulnerable versions of Sun's Java, Apple's QuickTime, Adobe's Flash and Acrobat, and other common programs that put your system and data at risk if they're not patched. After scanning 20,000 machines in a recent seven-day period, Secunia reported on Dec. 2 that fewer than 2% of the computers were fully patched.

By the way, several readers notified me that they had problems with the Secunia software scanner. I'll investigate these issues and report what I find in a future Patch Watch column.

Here's the bottom line: don't install any .NET Framework patches listed in Microsoft Update's "Software, Optional" section unless you're sure you have the corresponding .NET Framework installed on your system. Any application requiring a specific .NET Framework, such as Intuit's Quickbooks accounting program, will install the necessary version automatically.

Once the Framework is on your machine, install any offered security patches for it, but be prepared for potential installation glitches. Aaron Stebner's .NET Framework cleanup tool (download page) can help you out if a .NET update gets stuck. You may have to uninstall that version of .NET and reinstall it, as described by Alan Crawford in this week's Known Issues column.

Filed under tech hints by al

Permalink • Print • Comment

A manual approach to reinstalling .NET Framework

Dennis O'Reilly By Dennis O'Reilly

The Dec. 4 Top Story in Windows Secrets described how to make sure your system has the Microsoft .NET that's needed by various applications, but doing so sometimes requires a brute-force approach.

When it's time to reinstall vital Windows components — or the entire operating system — you'd best have a plan in mind.

That's what reader Alan Crawford found out after stumbling through a reinstallation of Windows XP on one of his PCs:

  • "I recently had to reinstall a PC that uses a handful of .NET apps. After installing Windows [XP] from an SP2 image, I used Microsoft Update to reinstall all necessary patches and updates, including the three .NET versions and their various service packs and other patches. Having already encountered problems with .NET patches on other machines, I wasn't surprised when .NET 1.1 SP1 wouldn't install.

    "In the past, I was able to uninstall all .NET versions and then proceed, one at a time, to get them all reinstalled. No such luck this time. After several rounds and many visits to the Microsoft Knowledge Base — even using the .NET cleanup tool — I still could not get this package to install.

    "My last-gasp effort was to try the whole exercise 'manually,' and it worked! Despite the extra time involved — and having to validate the PC on each download — had I started on this tack to begin with, I would have saved hours of frustration (seemed like hours, anyway, even if it wasn't).

    "Here's the procedure I used:

    • Step 1: I had previously downloaded the .NET cleanup tool.

    • Step 2: I removed all traces of existing .NET installations and then ran the .NET cleanup tool.

    • Step 3: I rebooted.

    • Step 4: I manually downloaded .NET 1.1, 1.1 SP1, 1.1 SP1 Hotfix, and 2.0 installers — individually — from the Microsoft download site.

    • Step 5: I installed them in the order downloaded, with reboots as required.

    I picked up at this point with downloads from Microsoft Update — installing the 2.0 Hotfix, then 3.0, then the 3.0 Hotfix in separate runs — and all now seems to be just fine.

    "Thanks, as always, for the best newsletter out there."

Free option for controlling kids' Net access

Becky Waring's Dec. 4 parental-control software review (paid content) led reader Rob de Santos to tell us about a new way to use an old, reliable — and free — Internet security service:

  • "I highly recommend an option usually overlooked by most parents (and unknown to them): control access via your router. If you utilize Open DNS and follow their instructions to change your router's DNS settings, you can then use the easy-to-configure OpenDNS settings pages to block any category of sites you choose, be it … porn, chat, or advertising.

    "This is an excellent supplement to any PC-based software and much harder for any child to override or avoid. It can also be remotely changed if necessary. Best of all, it's free!"

Free is good. Difficult for a clever child to overcome is even better. And I know a lot of Internet users who'd be interested in a free, effective way to block Web ads.

Note that in her July 24, 2008, Patch Watch column (paid content), Susan Bradley described how to use the OpenDNS forwarding service to improve the security of routers and Web servers.

Speaking of Susan, since her lead story about problems patching Microsoft's .NET Framework appeared on cialis herbal alternative color=”#000099″>Dec. 4, she's dug up additional information. Although she usually writes for Windows Secrets' paid content, her follow-up on .NET appears today as a free column.

Filed under tech hints by al

Permalink • Print • Comment

The warning signs of a PC infected with malware

Dennis O'Reilly By Dennis O'Reilly

Last week's news alert by Woody Leonhard described the high level of sophistication behind the Sinowal/Mebroot Trojan and described tools that attempt to remove the malware.

Many readers asked for more information on symptoms they should look for if they fear for their machines' security.

Subscriber Leslie Kight asks the following question:

  • "Great article. I'm curious, though: what makes Woody suspect his XP machine is infected by Mebroot? What symptoms did he see to raise that question?"

Here's Woody's reply:

  • "I kept getting weird virus warnings from AVG — viruses would appear, I would remove them, then they would reappear in different locations, or entirely different viruses would show up. AVG reported that the MBR [Master Boot Record] was being changed every time I rebooted, even when I did nothing.

    "I did a deep scan — first with AVG, then with NOD32 — to remove all the reported malware, but the viruses kept reappearing. Antirootkit scans turned up nothing. Then I couldn't connect to F-Secure's Web site, so I pulled the plug.

    "As I said in the article, I have no idea at all if it was Mebroot. But I couldn't find any reports of similar collections of problems and decided to err on the safe side.

    "Periodically reinstalling Windows is something I recommend anyway: once a year is ideal, in my experience. I'm happy to report that I've reinstalled XP Pro (SP3, of course), reactivated [Windows], and brought back the data files; everything appears to be working just fine. The machine's snappier than ever."

Double up to remove a virus from a hard drive

In deference to animal lovers, I will avoid the cat-skinning analogy, but as reader Bob Biegon points out, there's more than one way to return an infected hard drive to a healthy state:

  • "One of the easiest and, by my experience, most effective ways to remove many serious virus-spyware-rootkit infections is to remove the PC's hard drive, put it in another PC (or connect to another PC via a USB-to-IDE/SATA adaptor), and scan the drive with the second PC's anti-malware software.

    "This method ought to work well for the Mebroot virus without compromising the host PC's drive. My favorite products to use in this endeavor are AVG 8 and Sunbelt Software's Vipre."

Since when did mice start hunting cats?

The best analogies have a basis in reality (not the one I mentioned above relating to feline pelts, thank goodness). But another kind of cat reference in Woody's column from last week gave reader John Walsh pause:

  • "I do enjoy Woody Leonard's cialis generic vs brand articles and have been a fan of his for many years. However, in his latest article, Woody notes 'Detecting and preventing Mebroot is a cat-and-mouse game, and the black cats are winning.'

    "In my mind, the cats are actually the good guys trying to help eradicate the vermin (malware) represented by the mice. Therefore, I would suggest it is actually the black mice who are winning and proliferating, much to the consternation of the white cats."

Indeed, the bad guys are scavenging for your data and your money while the good guys hunt them down. However, Woody's use of "black cats" in this sense plays off the term "black hat" to describe a hacker with evil intent.

Mixing puns and analogies is dangerous business, but that's the kind of adventurous, risk-taking writer Woody is. That's only one reason why his readers love him so.

Filed under security, tech hints by al

Permalink • Print • Comment

XP Service Pack 3 blocks .NET security patches

Susan Bradley By Susan Bradley

Installing SP3 on Windows XP eliminates the operating system's ability to install important security patches for Microsoft's .NET technology and possibly other software.

This problem forces XP SP3 users to apply patches manually to complete vital updates.

The new error is the latest in a long series of glitches relating to XP's SP3, which Scott Dunn described in his Sept. 11 Top Story. The issues include spontaneous rebooting of systems based on AMD chipsets, as documented by Jesper Johansson in a blog post from last May.

To determine whether your XP SP3 system has a version — or multiple versions — of the .NET Framework installed, open Control Panel's Add or Remove Programs applet and look for it among the list of currently installed programs. If you don't see any .NET entries, you don't have the framework installed on your system and needn't be concerned about the update problem.

If you do see a listing for Microsoft .NET Framework, you need to use a third-party update service such as Secunia's Software Inspector (described below) to patch the program.

A Sept. 16 post on the Windows Server Update Services (WSUS) blog disclosed that .NET 3.0 would not be offered to XP SP3 users. On Sept. 23, Microsoft Knowledge Base article 894199, which tracks changes in the company's patches, indicated that .NET 3.0 and .NET 3.0 Service Pack 1 should be offered to XP SP3 workstations as optional patches.

However, when I tested this on various Windows XP SP3 configurations, I wasn't offered .NET 3.0 as an optional patch. Things got really dicey on my first attempt to install .NET on a Windows XP SP3 machine. During that test, updates for .NET 1.1 and .NET 2.0 failed midstream. I had to use the Windows Installer CleanUp Utility (which is described in KB article 290301) and Aaron Stebner's .NET Framework cleanup tool (download page) to uninstall the partially installed .NET frameworks.

Ultimately, I had to install .NET 3.5 SP1 in order to get any .NET framework loaded onto the test XP workstation. While the latest version of .NET 3.5 is a cumulative patch and thus could be installed in place of prior versions of .NET, what invariably occurs is that line-of-business applications require and install earlier versions of .NET.

For example, one of the programs I use regularly is QuickBooks, which includes .NET 1.1 in some versions and 2.0 in the 2008 and 2009 releases. I recommend against removing various versions of .NET if the frameworks were installed by your applications.

On my second and third tests of Windows XP SP3 machines, Windows Update did not detect .NET 3.0 as an optional update, but the frameworks were installed without error just the same. However, to manually update the XP systems, I first had to install Microsoft's Windows Genuine Advantage tool, which is described in KB article 892130.

Next, I had to upgrade the installer program, as described in KB article 898461. After installing these two programs and returning to the Windows Update service, the XP SP3 machine was offered .NET 1.1 and .NET 2.0 as optional updates but not .NET 3.0 as a patchable item.

Windows Update skips .NET 3.0 for XP SP3
Figure 1. Windows Update fails to offer Windows XP SP3 the most recent .NET 3.0 framework.

When I attempted to update a system running Windows XP SP2, I was offered .NET 3.0 as an optional update, as shown in Figure 2 below.

On a PC running XP SP2, Windows Update does offer .NET 3.0
Figure 2. On a PC running XP SP2, Windows Update does offer .NET 3.0.

I recommend that you install any version of the .NET framework only when your applications need it. However, Microsoft security bulletins dated as recently as Nov. 25 indicate that XP SP3 machines should be offered .NET 3.0. Clearly, XP SP2 PCs are prompted to install .NET 1.1, 2.0, and 3.0, while XP SP3 users are offered only .NET 1.1 and 2.0.

A full three months after Microsoft's WSUS support blog disclosed that PCs using XP SP3 aren't offered .NET 3.0 as an optional patch, the problem still has not been fixed. If you rely on Windows Update or Microsoft Update for your patching needs, use Secunia's online Software Inspector service to ensure that you're getting all the updates you need.

Even better than the online detection tool is Secunia's Personal Software Inspector (download page), which you download and install onto your PC to constantly monitor the update status of the software on your system. The free program will alert you to older versions of Java, Flash, and other common applications, including Microsoft's .NET Framework. You'll be walked through the process of removing older — and possibly vulnerable — versions.

Based on the numbers from Secunia for the first week following the removal of the program's "beta" tag, you need to scan your PC for out-of-date apps right away. Secunia PSI Partner Manager Mikkel Locke Winther reports that of the 20,000 new system scans conducted in the first seven days of PSI's official release, only 1.91% had no insecure programs, and a whopping 45.76% had 11 or more insecure programs installed.

For a complete rundown of the early PSI scan results, check out Jakob Balle's Dec. 3 blog post.

MS08-067 (958644)
Malware targets recent Windows worm threat

The Microsoft Security Resource Center reports an increase in malware attempting to take advantage of the security breach described in Security Bulletin MS08-067. If you have not already done so, please ensure that you have installed this patch.

There are few reports of problems resulting from this fix, and most of those glitches concern wireless connectivity. In those rare cases, uninstalling and reinstalling the patch, or deactivating your antivirus and firewall programs, appears to remedy the problems.

Support desks are seeing an increased number of calls from people infected by this malware. Quite honestly, there's no excuse for not patching this hole. After an easy install and a quick reboot, you're protected.

Vista Service Pack 2 beta goes public

If you're the type who enjoys paper cuts, tight-fitting shoes, and tax planning, you'll want to know about the public beta of Service Pack 2 for Windows Vista and Windows Server 2008. You can now visit this page to sign up for Microsoft's Customer Preview Program (CPP) and volunteer as a Vista SP2 tester.

According to a post on the Windows Vista blog by Windows Product Management VP Mike Nash, the CPP is intended for "technology enthusiasts, developers, and IT pros" who want to test the service pack on their networks. Nash recommends that "most customers" wait to install the final release of the service pack.

I'll go even further: most Vista users should wait until several weeks after the service pack's final release to install it. That way, you can let the early adopters work through all the service pack's inevitable glitches and incompatibilities.

You know what they say: you can tell the pioneers because they're the ones with the arrows sticking out of their backs.

MS08-067 (958644)
Malware targets recent Windows worm threat

The Microsoft Security Resource Center reports an increase in malware attempting to take advantage of the security breach described in Security Bulletin MS08-067. If you have not already done so, please ensure that you have installed this patch.

There are few reports of problems resulting from this fix, and most of those glitches concern wireless connectivity. In those rare cases, uninstalling and reinstalling the patch, or deactivating your antivirus and firewall programs, appears to remedy the problems.

Support desks are seeing an increased number of calls from people infected by this malware. Quite honestly, there's no excuse for not patching this hole. After an easy install and a quick reboot, you're protected.

Vista Service Pack 2 beta goes public

If you're the type who enjoys paper cuts, tight-fitting shoes, and tax planning, you'll want to know about the public beta of Service Pack 2 for Windows Vista and Windows Server 2008. You can now visit this page to sign up for Microsoft's Customer Preview Program (CPP) and volunteer as a Vista SP2 tester.

According to a cialis generic price color=”#000099″>post on the Windows Vista blog by Windows Product Management VP Mike Nash, the CPP is intended for "technology enthusiasts, developers, and IT pros" who want to test the service pack on their networks. Nash recommends that "most customers" wait to install the final release of the service pack.

I'll go even further: most Vista users should wait until several weeks after the service pack's final release to install it. That way, you can let the early adopters work through all the service pack's inevitable glitches and incompatibilities.

You know what they say: you can tell the pioneers because they're the ones with the arrows sticking out of their backs.

Filed under OS XP, tech hints by al

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and a healthy dose of Semiologic • Sky Gold skin by Denis de Bernardy