Accrington Web - View Single Post

jambutty · 20-02-2007, 14:38

Computer security is much more than just about good quality anti-virus and firewall. You need some anti-spyware as well. And much, much more.

AdAware free for home use from http://www.lavasoft.com/ with almost daily updates will stop someone spying on where you have been etc.

Have you got a keylogger on your computer? Have you got an URL hijacker? Do you get loads of SPAM? What passwords do you use?

Did you know that there are some web sites that can read your computer clipboard? And you won’t know a thing about it. Don’t believe me? Then copy any old text to your clipboard and then access this web site - http://www.sourcecodesworld.com/special/clipboard.asp

If you are using IE and its like the web page will show what you have in your clipboard. If you are using Firefox it won’t. I don’t know about the Mac browser. However fear not there is a defence against clipboard readers for IE users.
Open Internet Explorer
Go to Menu Tools>Internet Options>Security>Select a security zone (Internet)>Custom Level>Scripting>Allow paste operations via script – set this to prompt.
If something tries to read your clipboard it will be blocked and you will receive a prompt asking you whether to allow it or not.

Once you have done that copy something to your clipboard and access http://www.sourcecodesworld.com/special/clipboard.asp again.

There are anti keylogger softwares around but you don’t need any. Just don’t use your keyboard to log in your logging in details. Copy and paste instead. Some sites supply a virtual keyboard to use but I don’t trust them. You might be prepared to. Better still get hold of the free version of http://www.roboform.com/ It will hold up to 10 logging in details and the Pro version for about $30 will have an unlimited capacity. 16 million people can’t be wrong. RoboForm also has a random character password generator for passwords up to 256 characters in length and a form filler.

There is only one URL hijacker that I know of and it hijacks the URL of E-Gold in your Favourites list. You do get taken to the bona fide E-Gold page but when you do your Sentinel settings have been disabled but you won’t know. Because instead of being taken to the page that shows your Sentinel settings in the normal manner you go straight to your account balance page. With your Sentinel settings disabled it leaves your account vulnerable to being compromised.

Have a look in your C: partition > WINDOWS > System32 for gdiwxp.dll and gdiw2k.sys. If they are there your E-Gold URL has been hijacked. I have no idea which file now on your computer does the hijacking though or where it is. There are two ways to counter that threat. Read each file with Notepad and delete all the rubbish that is in it and replace it with a couple of words and save. Then set the attributes to READ ONLY. Right click on the file and select Properties. Near the bottom of the window are the attributes to be set. Select Read-only and hit OK. If the URL hijacker tries to do its stuff again it will not be able to overwrite those two files. If messing around in C: fills you with dread there is a simpler solution. Delete the E-Gold URL from your favourites list and type in http://www.e-gold.com by hand instead every time that you want to go into E-Gold. Bit of a pain I know, but better that than an empty E-Gold account. This works on the principle that if there is no E-Gold URL in your Favourites list it cannot be hijacked.

However your computer security starts with your email address. Whether your email address is supplied by your ISP or you get one from a webmail site like Yahoo you are obliged to select your user name. Most people will select a real name or at least a real word as a user name. So all some spammer has to do, apart from buying a CD with over one million email addresses on it, is to send an email to [email protected] or mary or felicity etc and if there happens to be such a user name at that email domain they get the spam. Half a dozen random characters as a user name will stop that until that email address becomes common knowledge and ends up on a CD.

Passwords. Once again most people use a real word as a password and real words are guessable. Passwords should be at least 8 random characters in length and longer for the more important sites like banks, E-Gold, PayPal, E-bay etc. Random characters means both the upper and lower case alphabet letters and all the numerals and in some cases a selection of symbols. Unbelievably some people still use the SAME PASSWORD for several sites.

Many sites will also require you to give the answer to a specified ‘secret’ question. The answer can be in random characters. You can even use random characters if you have to make up your own secret question. Just separate them into groups to simulate words.

Of course with all these random character passwords, user names etc. you cannot possibly remember them all. That’s where RoboForm comes in or you can make a document in a word processor or Notepad or Wordpad that lists the name of the site, your user name for it and the password plus any other details like secret questions and answers. Then copy and paste from it. You would need to keep a backup of your list off the computer just in case or print it out. However if you print it out avoid using l and 1 and q and g for your passwords. They can look similar in hard copy.

Finally emails. Interrogate your emails at your mailbox at the ISP or webmail site BEFORE downloading them to your computer. Mailwasher free from http://www.mailwasher.net/ will enable you to do that and you can tag for deletion unwanted emails so that the next time the same one turns up it will be tagged automatically. You can also tag those emails that you want to receive and they too will be tagged as wanted next time that you get one. The Pro version for $37 has extra features. So you use Mailwasher to sort out the emails that you want to download and trash those that you don’t.

If you get an email that you were not expecting with an attachment, trash it right away. Especially if you get one of those greetings cards. Don’t get curious. You will probably regret it.

If you ever get an email that claims to come from E-Gold, PayPal your Bank etc and it contains a link to click on to go to the site – DON’T CLICK ON THE LINK. The email may look genuine and I don’t care how real it may seem it isn’t. E-Gold etc do not send such emails. Always access PayPal, your bank etc using the way that you have done in the past and NEVER, EVER FROM AN EMAIL. You can also get another clue about spoof or phishing emails. They will invariably be sent to the email address that gets all the spam and not to the one that you used to register on E-Gold etc with. So use a different email address to register with important sites like E-Gold etc to your general purpose one.

I have five different email addresses, one for E-Gold etc, one for general purposes like for forums, one for HYIP’s and the like and one for friends and relatives. The other one is a ready use spare for when my general purposes address becomes too well known and is attracting too much spam. So far after several years I have not needed to use my spare email address and I do a lot of surfing around.

Does you computer send out emails unknown to you? Well you wouldn’t know if it does or it doesn’t. If your computer gets infected with a virus, as well as creating problems on your computer it replicates itself by sending an email to every person listed in your address book and you won’t know a thing about it until someone complains that you are sending them a virus. But if the only address in your address book were your own you would be the only person to get such an email. If that happens you will KNOW that something nasty is lurking on your computer.

“But I can’t remember all my friends’ email address” is the objection. You don’t need to. Open whatever text processor you have, type in the name of the person at the top and their email address underneath and under that you can compose your message. Save the document under the person name and you have one document for each person. If you do it in Word the email address is active and when you click on it, it will launch your email client’s “New Message” window with the send to email address already in place. Otherwise you will have to copy and paste.

Sorry this has been so long but there was no short way to say what was required.

20-02-2007, 14:38	#5
jambutty Apprentice Geriatric Join Date: Jan 2004 Location: Darwen, Lancashire Posts: 3,706 Liked: 0 times Rep Power: 89	Re: Antivirus Computer security is much more than just about good quality anti-virus and firewall. You need some anti-spyware as well. And much, much more. AdAware free for home use from http://www.lavasoft.com/ with almost daily updates will stop someone spying on where you have been etc. Have you got a keylogger on your computer? Have you got an URL hijacker? Do you get loads of SPAM? What passwords do you use? Did you know that there are some web sites that can read your computer clipboard? And you won’t know a thing about it. Don’t believe me? Then copy any old text to your clipboard and then access this web site - http://www.sourcecodesworld.com/special/clipboard.asp If you are using IE and its like the web page will show what you have in your clipboard. If you are using Firefox it won’t. I don’t know about the Mac browser. However fear not there is a defence against clipboard readers for IE users. Open Internet Explorer Go to Menu Tools>Internet Options>Security>Select a security zone (Internet)>Custom Level>Scripting>Allow paste operations via script – set this to prompt. If something tries to read your clipboard it will be blocked and you will receive a prompt asking you whether to allow it or not. Once you have done that copy something to your clipboard and access http://www.sourcecodesworld.com/special/clipboard.asp again. There are anti keylogger softwares around but you don’t need any. Just don’t use your keyboard to log in your logging in details. Copy and paste instead. Some sites supply a virtual keyboard to use but I don’t trust them. You might be prepared to. Better still get hold of the free version of http://www.roboform.com/ It will hold up to 10 logging in details and the Pro version for about $30 will have an unlimited capacity. 16 million people can’t be wrong. RoboForm also has a random character password generator for passwords up to 256 characters in length and a form filler. There is only one URL hijacker that I know of and it hijacks the URL of E-Gold in your Favourites list. You do get taken to the bona fide E-Gold page but when you do your Sentinel settings have been disabled but you won’t know. Because instead of being taken to the page that shows your Sentinel settings in the normal manner you go straight to your account balance page. With your Sentinel settings disabled it leaves your account vulnerable to being compromised. Have a look in your C: partition > WINDOWS > System32 for gdiwxp.dll and gdiw2k.sys. If they are there your E-Gold URL has been hijacked. I have no idea which file now on your computer does the hijacking though or where it is. There are two ways to counter that threat. Read each file with Notepad and delete all the rubbish that is in it and replace it with a couple of words and save. Then set the attributes to READ ONLY. Right click on the file and select Properties. Near the bottom of the window are the attributes to be set. Select Read-only and hit OK. If the URL hijacker tries to do its stuff again it will not be able to overwrite those two files. If messing around in C: fills you with dread there is a simpler solution. Delete the E-Gold URL from your favourites list and type in http://www.e-gold.com by hand instead every time that you want to go into E-Gold. Bit of a pain I know, but better that than an empty E-Gold account. This works on the principle that if there is no E-Gold URL in your Favourites list it cannot be hijacked. However your computer security starts with your email address. Whether your email address is supplied by your ISP or you get one from a webmail site like Yahoo you are obliged to select your user name. Most people will select a real name or at least a real word as a user name. So all some spammer has to do, apart from buying a CD with over one million email addresses on it, is to send an email to [email protected] or mary or felicity etc and if there happens to be such a user name at that email domain they get the spam. Half a dozen random characters as a user name will stop that until that email address becomes common knowledge and ends up on a CD. Passwords. Once again most people use a real word as a password and real words are guessable. Passwords should be at least 8 random characters in length and longer for the more important sites like banks, E-Gold, PayPal, E-bay etc. Random characters means both the upper and lower case alphabet letters and all the numerals and in some cases a selection of symbols. Unbelievably some people still use the SAME PASSWORD for several sites. Many sites will also require you to give the answer to a specified ‘secret’ question. The answer can be in random characters. You can even use random characters if you have to make up your own secret question. Just separate them into groups to simulate words. Of course with all these random character passwords, user names etc. you cannot possibly remember them all. That’s where RoboForm comes in or you can make a document in a word processor or Notepad or Wordpad that lists the name of the site, your user name for it and the password plus any other details like secret questions and answers. Then copy and paste from it. You would need to keep a backup of your list off the computer just in case or print it out. However if you print it out avoid using l and 1 and q and g for your passwords. They can look similar in hard copy. Finally emails. Interrogate your emails at your mailbox at the ISP or webmail site BEFORE downloading them to your computer. Mailwasher free from http://www.mailwasher.net/ will enable you to do that and you can tag for deletion unwanted emails so that the next time the same one turns up it will be tagged automatically. You can also tag those emails that you want to receive and they too will be tagged as wanted next time that you get one. The Pro version for $37 has extra features. So you use Mailwasher to sort out the emails that you want to download and trash those that you don’t. If you get an email that you were not expecting with an attachment, trash it right away. Especially if you get one of those greetings cards. Don’t get curious. You will probably regret it. If you ever get an email that claims to come from E-Gold, PayPal your Bank etc and it contains a link to click on to go to the site – DON’T CLICK ON THE LINK. The email may look genuine and I don’t care how real it may seem it isn’t. E-Gold etc do not send such emails. Always access PayPal, your bank etc using the way that you have done in the past and NEVER, EVER FROM AN EMAIL. You can also get another clue about spoof or phishing emails. They will invariably be sent to the email address that gets all the spam and not to the one that you used to register on E-Gold etc with. So use a different email address to register with important sites like E-Gold etc to your general purpose one. I have five different email addresses, one for E-Gold etc, one for general purposes like for forums, one for HYIP’s and the like and one for friends and relatives. The other one is a ready use spare for when my general purposes address becomes too well known and is attracting too much spam. So far after several years I have not needed to use my spare email address and I do a lot of surfing around. Does you computer send out emails unknown to you? Well you wouldn’t know if it does or it doesn’t. If your computer gets infected with a virus, as well as creating problems on your computer it replicates itself by sending an email to every person listed in your address book and you won’t know a thing about it until someone complains that you are sending them a virus. But if the only address in your address book were your own you would be the only person to get such an email. If that happens you will KNOW that something nasty is lurking on your computer. “But I can’t remember all my friends’ email address” is the objection. You don’t need to. Open whatever text processor you have, type in the name of the person at the top and their email address underneath and under that you can compose your message. Save the document under the person name and you have one document for each person. If you do it in Word the email address is active and when you click on it, it will launch your email client’s “New Message” window with the send to email address already in place. Otherwise you will have to copy and paste. Sorry this has been so long but there was no short way to say what was required. __________________ Thanks for reading. If you have a few minutes to spare please visit my web site at http://popye.bravehost.com