Ramblings, ideas, problems, and solutions

Category: Security

  • Educate yourself on phishing today!

    Email has long been a vector for more or less targeted attacks such as virus attacks, phishing, and spearphising. In my years of working in IT, I have seen a number of examples of this, including one which in effect took down most of the fileshare in a corporate environment for as much as a week while we were restoring from backup.

    (more…)

  • Limit login to specific computers

    As much as we might want to prevent them by policies, odds are that a shared user account will be created at some point. In order to mitigate the potential issues with such accounts (lack of accountability, lack of control, account available to just about anyone to mention a few), there are a number of steps we can take, including limiting what network shares can be accessed, logon hours, and what computers the account may log on to. By default, user accounts can log on to all computers in Active Directory. This can be limited on a per-user basis. Here is how: (more…)

  • Security questions: still a very, very bad idea

    I was recently asked to update my security questions at a reputable site. They wanted three of them, and I filled them out. Once I’d done so, I became somewhat uneasy. The reason is that the questions were all pre-sets, not questions that I chose myself. More worryingly, they either had answers that frequently change (favourite actor, movie, or band), have no correct answer (first pet), or (and to my mind worst of all) are easily researched (names of family members and friends).

    (more…)

  • BitLocker asks for BitLocker Recovery Key at restart

    Having gone from Windows XP to Windows 7, we are seeing a rash of new problems. One of these is that a lot of our users are unable to boot into Windows, as they are prompted for a BitLocker Recovery Key. The temporary fix for this is simple enough; look up and tell the user the BitLocker Recovery Key, and have them enter it. Well, I say simple, but the BitLocker Recovery Key is a string of eight segments of six digits, and having to enter this each and every time you reboot gets … tiresome … very quickly.
     
    So, let’s see if we can’t improve on that. There are two methods, the first usually suffices, but sometimes, I’ve had to go for the second. The first solution is as follows:
      (more…)

  • Manually Removing Personal Security

    In a post a while back, I wrote about how to remove Personal Security, a rather nasty piece of spyware. I recently had a computer in that was badly infected.
     
    I tried removing it with MBAM, but it kept on returning. Annoyed, and not wanting to do a reinstall, I found a list of files, folders and registry entries to remove, after which the problem was solved.
     
    Files:
    c:\Program Files\PSecurity\
    c:\Program Files\PSecurity\psecurity.exe
    C:\Program Files\PersonalSec\
    C:\Program Files\PersonalSec\psecurity.exe
    C:\program files\PersSecurity\
    C:\program files\PersSecurity\psecurity.exe
    C:\program files\PersSecurity\system.dat
    C:\Program Files\PersonSecurity\
    C:\Program Files\PersonSecurity\psecurity.exe
    c:\Program Files\Common Files\PSecurityUninstall\
    c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
    c:\WINDOWS\system32\win32extension.dll
    c:\Documents and Settings\All Users\Start Menu\PSecurity
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
    c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
    %UserProfile%\Desktop\Personal Security.lnk
     
    Registry entries
    HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonalSec"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersSecurity"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonSecurity"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"
     
    Keep in mind that not all of the entries show up, and even after removing them, you might still see Personal Security on the computer. At any rate, I’d recommend running a scan with MBAM after removing these entries.

  • Removing Personal Security

    I’ve recently had a few users call in, telling me that they’ve been infected with Personal Security, a rogue anti-spyware program from the same family as Cyber Security. Luckily, it’s pretty easily removed. Here’s how:
      (more…)

  • Resolving “Database is outdated” messages in AVG when there is no available updates

    I’ve been a happy user of AVG Free for a long time. Granted, it’s never been exactly easy to get, but a google-search does the trick. Having run version 7.whatever for some time, I got a message that they’d soon stop supporting it, and that I should upgrade to version 8. All fine and well, I did so, and after another google-search found the free version, which I downloaded and installed.
     
    Now, I don’t mind paying for quality products, but frankly, there are so many good, free anti-virus solutions out there, that I really don’t see the need to pay for one (and the ones you pay for are in my experience usually inferior as well…).
     
    So, back to my story. I had “upgraded” to AVG Free 8, and updated the databases when, in the corner of my eye, I saw the following message:
     
    Your computer may be at risk etc.
     
    Naturally, I updated the signature files, but my system tray still looked like this:
     
    Updated, still annoying
     
    I browsed around the web, and found that I wasn’t the only one experiencing this problem. Browsing around some more, I found a FAQ hosted with Grisoft, telling me that: (more…)

  • Securing transfer of Anti Virus policies

    Fighting and defending against computer viruses is one of the largest challenges facing businesses and individuals in the IT world of today. To guard against this, most people have anti-virus software installed on their computers. However, even though you have anti-virus software installed, how can you be certain that the policy-files are the ones your anti-virus supplier has supplied? What is done by the different developers to secure the transfer of these files? What sort of knowledge and access would be needed to hack through the protection?
     
    I’ve asked these questions to a few of the leaders in anti-virus software development. Only two answered my questions; here’s what they said:
     
    Norman

    (more…)