Many of us have run into an annoying and time-consuming error. With your machine running goofey you decide to run a scan for trojans and spyware. Following the scan, which usually takes fourty minutes or longer if you scan the entire system, you are hit with the "access denied" error. Frustrating, for sure, but being the savvy computer user that you are you decide to boot to safe mode to take care of the issue. No spyware can load when booted to safe mode, right?

Wrong.

The newer variants of the CoolWebSearch, HuntBar, and VX2 infections all load even when safe mode is used. There are a few different ways of accomplishing this, the most common being that the spyware registers itself as a critical system process. This ensures that it is loaded regardless of what happens, and makes it much harder to shut down.

If you can’t prevent it from loading then how do you kill it? The answer to that is easier than it might seem. If you’re running Windows 98 or ME, then the easiest way is to boot to DOS, and use a command-line scanner to search your hard drive. These scans actually tend to run a bit faster, since they have more system resources available to them courtesy of no GUI being loaded.

"Well, that’s all fine and dandy", you’re likely thinking to yourself, "I run Windows XP. You can’t read it from DOS." True. You can’t read NTFS hard disks from DOS. However, you can use Barts PE.

Barts PE is effectively a stripped version of Windows XP. It boots completely from a CD, and loads a simple graphical user interface. Coupled with plugins, McAfee, for example, you can scan your entire computer without the fear that your nifty little infection has somehow loaded.

For more information on how to setup Barts PE and McAfee within it, visit:

http://www.tweaksforgeeks.com/Setup_Barts_PE.html

http://www.tweaksforgeeks.com/Barts_PE_McAfee_Setup.html

Kevin Souter is a full time computer repair technician. He also operates a free spyware removal site, as well as a general computer repair site.

A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. A good firewall will help protect you from malicious attacks of spyware, adware, malware, worms, trojans, and hackers.

Firewalls are security mechanisms that control who can access and send data thru your network or computer. They can be applied to both hardware and software on your computer; many systems use a combination of each for greater protection. All data or messages entering or leaving your computer has to pass thru the firewall, which checks all messages and blocks those that don’t meet your specified security criteria or rules.

To put it in simple terms: think of a firewall as a security guard or a security scanner for your computer or network. Anything going in or out must be checked thru this system and must obey your rules!

Of course, this is just a simple explanation, firewalls can be very complex; consisting of a whole combination of techniques that can be used in concert depending on the level of security you wish to achieve.

These firewall techniques may include:

Application gateway — places security mechanisms on specific applications (FTP, Telnet, etc.)

Packet filters — examines each packet using your computer and accepts or rejects according to your rules

Circuit-level gateway — security measures for such connections as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol)

Proxy server — all messages entering or leaving your network must go thru this proxy server, effective for hiding your true network or computer address

Also, for greater security, many networks use encrypted data.

If you are operating a computer or a server, putting up firewalls will provide protection for your data and information that’s passed along your network. If you regularly surf the Internet, placing a firewall on your own personal computer is a must. There is no reason not to have a firewall in place, you can download a free firewall from www.zonealarm.com for your own personal use.

Keep in mind, no system is foolproof; any computer or network hooked up to the Internet can be hacked! Therefore, most people in the know, always keep a back-up of their important data/information on a secure off-line source: floppy disks, CDs, or on a computer that’s not connected to the Internet. Do daily or weekly back-ups to make sure your data and programs are safe.

Still, a good firewall will go a long way in protecting yourself from any unauthorized access to your computer. With the occurrences of spyware, adware, and other more invasive scumware increasing daily; putting up a firewall and protecting yourself should be your first line of defense against such unwanted and rude visitors. Nuke them at the gate and save yourself from some major headaches.

Put that firewall up right now!

To learn more about Spyware and Adware Click Here: Spyware Remover Guide

Copyright © 2005 Titus Hoskins of Internet Marketing Tools.

This article may be freely distributed if this resource box stays attached.

After Two Security Assessments I Must Be Secure, Right?
—————————————
Imagine you are the CIO of a national financial institution and you’ve recently deployed a state of the art online transaction service for your customers. To make sure your company’s network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. "Is it really possible that we are completely secure?" Given you’re skepticism, you decide to get one more opinion.

The day of the penetration test report delivery is now at hand. Based on the previous assessments, you expect to receive nothing but positive information……

The Results Were Less Than Pleasing
———————————–
During this penetration test, there were several interesting findings, but we are going to focus on one that would knock the wind out of anyone responsible for the security of online systems. Particularly if you are in the business of money.

Most people are familiar with the term "Phishing". Dictionary.com defines the word Phishing as "the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords". Although SPAM / unsolicited e-mail and direct web server compromise are the most common methods of Phishing. There are other ways to accomplish this fraudulent activity.

Internet Router Compromise Makes For A Bad Day
———————————————-
In this case, the Internet router was compromised by using a well-known CISCO vulnerability. Once this was accomplished, the sky was the limit as far as what could be done to impact the organization. Even though the company’s web server was secure, and the Firewall that was protecting the web server was configured adequately, what took place next made these defense systems irrelevant.

Instead of setting up a duplicate login site on an external system, then sending out SPAM in order to entice a customer to give up their user ID, password, and account numbers, another approach, a much more nefarious approach was taken.

Phishing For Personal Or Financial Information
———————————————-
You remember that router that was compromised? For proof of concept purposes, the router configuration was altered to forward all Internet traffic bound for the legitimate web server, to another web server where user ID, password, and account information could be collected. The first time this information was entered, the customer would receive an ambiguous error. The second time the page loaded, the fake web server redirected the customer to the real site. When the user re-entered the requested information, everything worked just fine.

No one, not the customer, nor the company had any idea that something nefarious was going on. No bells or whistle went off, no one questioned the error. Why would they, they could have put the wrong password in, or it was likely a typical error on a web page that everyone deals with from time to time.

At this point, you can let your imagination take over. The attacker may not move forward and use the information collected right away. It could be days or weeks before it is used. Any trace of what actually took place to collect the information would most likely be history.

What Do You Really Get Out Of Security Assessments
————————————————–
I can’t tell you how many times I’ve been presented with security assessment reports that are pretty much information output from an off-the-shelf or open source automated security analyzer. Although an attacker may use the same or similar tools during an attack, they do not solely rely on this information to reach their goal. An effective penetration test or security assessment must be performed by someone who understands not only "security vulnerabilities" and how to run off-the-shelf tools. The person executing the assessment must do so armed with the tools and experience that meets or exceeds those a potential attacker would have.

Conclusion
———-
Whether you are a small, medium, are large company, you must be very careful about who you decide is most qualified to perform a review of your company’s security defense systems, or security profile. Just because an organization presents you with credentials, such as consultants with their CISSP….., it does not mean these people have any real-world experience. All the certifications in the world cannot assure you the results you receive from engaging in a security assessment are thorough / complete. Getting a second opinion is appropriate given what may be at stake. If you were not feeling well, and knew that something was wrong with you, would you settle for just one Doctor’s opinion?

Quite frankly, I’ve never met a hacker (I know I will get slammed for using this term, I always do), that has a certification stating that they know what they are doing. They know what they are doing because they’ve done it, over and over again, and have a complete understanding of network systems and software. On top of that, the one thing they have that no class or certification can teach you is, imagination.

About The Author
—————-
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net. If you would like to know more about computer security please visit us at http://www.defendingthenet.com.

It’s a sad statistic, but hundreds of unsuspecting kids are lured away from home every year by strangers they meet in online chat rooms.

As frightening as this seems, it gets scarce attention in the media. We often hear about missing children, but only occasionally do we actually hear of a chat room connection.

Chat rooms are very popular because they are an easy way to talk to others annonymously. Anyone can enter a chat room with an identity- real names are rarely, if ever, given. A shy person, for example, someone who finds it hard to talk to others in person, may find it much easier to communicate because they can hide behind their identity, which gives them a sense of security.

But hiding behind an identity also poses a very real danger for young, immature minds which can be easily influenced.

To put it in the vernacular, "bad guys" hide behind identities, too. Men, and sometimes women, who have less than noble interests in mind. These people prey on young teens, looking for their next victim.

Once they find one, they can be oh, so persuasive! They get to know the kids, often flattering them, complimenting them, saying nice things about them and to them. They know exactly what to say and how to say it.

Soon, they’ve drawn them into their web and the kids fall for whatever they tell them, hook, line, and sinker.

The next thing you know- another youngster has gone missing. All too often, they are never seen alive again.

I realize this is a very graphic way of putting things, but how else can I impress upon anyone just how real this is? The Internet is a DANGEROUS place for our kids!

The tragedy is in almost every case it could have been prevented, if parents had taken proper precautions.

However, none of us wants to watch our kids "like a hawk"! We want them to have a measure of freedom, and that’s only right and proper. But there is a simple process whereby you CAN give your kids a great deal of freedom, while at the same time protecting them.

Software is available now that allows you, the parent, to control where your kids go, what they do, who they talk to online. It’s inexpensive, and it works! With it you can block unwanted or prohibited sites, prevent downloading of unsafe programs, eliminate unwanted or unsafe email. Since it’s also password protected, and YOU set the password, your kids cannot unblock what you’ve blocked.

Most of this software is also inexpensive, and some of it can be instantly downloaded for immediate protection. There are several places online where it can be purchased, but one word of caution: Be certain the seller includes a guarantee with it, because some of it is bogus! (Yes, there are people who will even rip you off when it comes to protecting your kids!)

Last year, over 1,000 young people became victims of pedophiles and deviants lurking in chat rooms. This year the number could go higher than that. Please take action now to protect your kids. Don’t let them become the next victim!

David Hallett is a ten year veteran of the internet. As president and CEO of TakeBackTheInternet.com, he is working to make the internet a safer place for everyone.

Remember the television show about the nosy neighbor Mrs. Kravitz always peeking out her window or over the fence, sometimes even knocking on the door just to find out what was going on in her neighborhood? If you don’t wait a month or so and the DVD or the movie will be out. Let’s move on.

Spyware is not anything like Mrs. Kravitz, it won’t knock on the door and ask permission to be downloaded to your computer and look at your personal files. It will slip onto your computer without you knowing what’s going on while you browse the Internet, check your email or just leave your computer connected to the broadband connection. Don’t go yanking that Internet connection yet, there is an easier way to prevent this from happening.

Understand that spyware is just that - software spying on your computer without permission and without your knowledge. Unfortunately for everyone a lot of people are using it and try to jsutify that it’s okay. I just want to know that if it’s okay, them why don’t you just ask me to tell you - no I don’t want my information, shopping habits, sites I’ve searched for information or anything else on my computer being sent to you to use anyway you see fit. I have a problem with that and so does the rest of the world, which is one of the reasons why spyware exists.

The other reason this creepy piece of hackerware exists is because of obsessed people who like to figure out ways to break into people’s computer and broadcast their info to millions. Now because this hackerware keeps constantly changing not just any piece-meal solution can protect your computers. Every computer needs to be protected from this menace and to get the best protect we recommend STOPzilla - look at what it does: active Popup killer, active Spyware killer, active Adware killer, active Cookie killer, active History killer, and active Hi-Jack killer. And for all those who it hasn’t happened to yet, a Hi-Jack is when the browser’s settings are altered by a trojan without the user’s knowledge or consent.

Browser hi-jack software also changes your home page, search page, adds websites with objectionable content, and record web history to transmit personal information back to what I refer to as a black hole. STOPzilla kills all the above and works 24/7 including updating itself to keep up with the ever changing hackerware.

Since you don’t want any of these things to happen with your computer save yourself the time and energy and get STOPzilla, right now.

Daviyd Peterson©2005 All Rights Reserved

Daviyd Peterson: 10-year consultant, instructor, trainer Helps african american homeschools bridge the digital divide by becoming computer homeschools. Free article on "Computer based Homeschooling" and other related articles http://www.homeschoolwireless.com/homeschoolwireless.htm

Free podcasts: http://daviyd.users.blogmatrix.com/podcasts/index.xml

RSS feed: http://homeschoolwireless.com/publication/homeschoolwireless.xml

Phone/fax:

My first experience with a spyware BHO based infection was several months ago. I had gone through all of the usual steps with the client’s machine to clean it. Ad-Aware was run, Spybot: Search and Destroy was as well. Nothing looked suspicious in the system’s startup. All appeared well, but it wasn’t.

After extensive testing and no further symptoms I returned the computer to my client’s home. I hooked it back up, and dialed the internet. Everything so far was progressing smoothly. But, as SOON as I loaded Internet Explorer: BAM the same pop-up advertisements and other annoying things started happening again. With much embarrassment I had to take the computer back to my office and try again.

It was all Internet Explorers fault. Microsoft Internet Explorer comes with a feature that is designed to add third-party functionality to their browser. It’s actually a very good idea. Unfortunately, it now gets taken advantage of.

The producers of spyware know that many people now have spyware removers installed on their computers. They also know that quite a few people have the ability to check what is in their start-up. Because of this, BHO’s are crafted so that the spyware lies dormant until Internet Explorer is opened. Then it can start its dirty work.

The best program to remove an errant Browser Help Object is HijackThis. This program was originally designed to remove homepage hijackers and gradually morphed into an all-around removal tool for everything. If there’s any one tool that I couldn’t part with it’s HJT.

To start, download HijackThis 1991. Once you’ve got it, open it. Click the button that says “Do a system scan only”. Following that, scroll down to the items labeled 02 – BHO. Remove anything here that looks suspicious. Internet Explorer does not require any BHO’s to run. Just keep an eye on the path that it loads from, and the name of the file. A legitimate one will be fairly easy to spot, as it’ll have a legit title and OK looking path.

If the filename looks like it was randomly made, like ASGSRT32.DLL or whatnot then there’s a good 90% chance that it’s bad. Even if you do remove one that’s good, you can always use the restore feature of HJT to bring it back.

If you need any other HijackThis help then read the previous link.

Kevin Souter is a full time computer repair technician. He also operates a free spyware removal site, as well as a general computer repair site.

Despite the current wave of identity theft and corporate security breaches it’s amazing how very few people treat their passwords with any level of seriousness. Most computers users, both at home and in the office, see passwords as a nuisance and therefore make them as easy to remember as possible. This can be a catastrophic mistake.

There are certain specific guidelines you need to follow to choose a safe and secure password. Use the following tips as a "how to" on making your password secure.

1. Your password must be alphanumeric. That simply means a mixture of numbers and letters such as xpf2778z. Why? When a hacker tries to break into a system they often use what are called dictionary or brute force hacks. A dictionary hack is an application that simply uses standard words and word combinations in an attempt to guess your password. For example many computer users use the word "password" as their actual password. A dictionary hack would crack that password in a few moments. Using alphanumeric passwords increases the number of possible password combinations by millions.

2. It should be 6 - 8 characters in length. The longer the password the harder it is for a hacking program to get around. If your password was abc then there are 6 possible password combinations. If your password was abc123 there are now over 720 password combinations possible. If your password was abc1234 there are now almost 6,000 possible combinations. Never, ever use a short password only comprised of letters.

3. Never use personal details in your password. People often use their home address, their age, husband or wives name, their social security number or their date of birth. These are incredibly easy to get access to by either a fellow employee or potential system hacker. Your password needs to be secure and hard to guess and personal details meet neither of these criteria.

4. Do not write your password down anywhere. Keeping a record of your password for somebody to find is as dangerous as keeping a copy of your ATM pin number in your wallet beside your ATM card. Create a memorable password that you’ll have no problem recalling. This is not as hard as it sounds and if you jot some password ideas down you’ll quickly come up with some good ones. Obviously burn the piece of paper you jotted your ideas down on.

5. Do not use the same password for more than 90 days. Create several variants of the same password and recycle them every 60 - 90 days. This adds an extra layer of security to your data. By recycling your password frequently you make your data 1000% more secure. You’ll notice that most large corporates force their employees to change their password every month for this exact reason.

Hopefully these tips will help you choose a password that’s both safe and secure and that you’ll have some fun creating your new passwords too!

If you need a review of the spam blocker you intend buying then check out Spam-Site.com for spam blocker reviews.

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks.

"Combating computer viruses is essentially a game of hide and seek," says Govind Rammurthy, CEO, MicroWorld Technologies, among the leading Security Solutions providers. "Hackers riding piggyback on viruses have only a short window of opportunity to maximize their gain before the viruses are detected, neutralized and logged into Virus Definition databases, ‘vaccinating’ the system against those strains.

Without continuing system vulnerability caused by virus infection there is little they can do to further their malicious ends like stealing personal information, credit card details and other sensitive and vital data. To achieve their ends they need to keep the system vulnerability going for more time. This co-ordinated Trojan threat is an attempt to the keep that ‘backdoor’ open, essentially buying time," he concludes.

Of the three, Glieder leads the initial charge. It sneaks past anti-virus protection to download and execute files from a long, hard-coded list of URLs and "plant" the infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disable the Internet Connection Firewall and the Security Center service (introduced with Windows XP Service Pack 2). Then the Trojan accesses the URL list to download Fantibag. The way is now paved to launch the second stage of attack.

Sulabh, a tester with MicroWorld Technologies says of Fantibag, "Now Fantibag goes about attacking the networking feature of the infected system to prevent it from communicating with anti-virus firms and denying access to the Microsoft Windows Update site. It closes your escape route by making it impossible to download an anti-virus solution and any subsequent Windows security patch to your system. Effectively it helps Mitglieder (the third stage Trojan) open the ‘backdoor’ by shutting the other doors on you."

Mitglieder puts the system under complete control of the attacker by opening the ‘backdoor’ on a port using which the attacker can update the Trojan, to stay a step ahead of attempts to remove it, download and execute files, initiate an SMTP server to relay spam, execute files on the infected computer and download and execute files via an URL. "This is what makes it scary," say Aarti, Assistant Manager, QA, MicroWorld Technologies. "The fact that the system can now be used as a remote controlled ’soldier’ (bot) in an army (botnet) of similarly compromised machines to launch criminally motivated attacks, causing harm to Internet users."

Botnets thus formed can among other things, use your machine to launch Distributed Denial of service attacks which overload servers, making them crash, to send out spam, spread new Malware, plant Keylogger to retrieve your personal information like identity, passwords, account numbers etc., install Spyware, manipulate online polls/games, abuse programs like Google AdSense to cheat advertisers of revenue, and install Advertisement Addons for financial gain as in fake websites advertising services that don’t exist.

"Botnets can even encompass over 50,000 host machines. The potential for mischief is huge," reflects Govind Rammurthy. "Such a three-pronged Trojan attack where attackers change their virus code and release viruses quickly to bypass virus signature scanners, then disable network access to deny the user link-ups to anti-virus and Microsoft Windows Update site for protection has huge significance for virus-signature based protection. It is a sign of things to come," he says, remembering the scramble at MicroWorld labs to update their products to detect and remove the three Trojans.

Anti-virus updates for the three-pronged Trojan threat are available at MicroWorld Technologies site. Maybe the time for worrying about some pimply teenager turning out malicious code because they have nothing better to do on a nice sunny morning, is over. The world could be facing a determined organized crime syndicate who’ll stop at nothing to get what they want - information precious to you.

MicroWorld Technologies is one of the leading solution providers for Information Technology, Content Security and Communications Software. MicroWorld has established itself as a leader in providing content security, anti-virus and corporate communications software solutions.

When it comes to reporting Internet scams most of us either don’t have a clue who to contact or just ignore them in our email. But according to an FBI report in December 2004, nearly ten million people last year didn’t ignore them and fell for the latest Internet scams. The money those victims lost totaled nearly $5 billion.

That number of victims and their losses are probably much higher because several cases go unreported every year. People either don’t want to admit that it happened to them or have no idea who to report it to.

But that’s how these thieves get away with Internet email scams for so long without getting caught. The only way to stop these con artists from operating is by reporting Internet scams to the proper authorities.

If you or someone you know has become a victim one of these scams here is where you can report it and do your part to catch these criminals. The best place to report email scams is The Internet Fraud Complaint Center or (IFCC). They are a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). Their web address is: http://www1.ifccfbi.gov

The IFCC’s mission is to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.

Reporting email scams to The Internet Fraud Complaint Center helps them arrest and convict the criminals that are ruining the Internet for everyone. Anyone should have the right to safe Internet surfing without having to worry about predators stealing their money or their identity.

Identity theft and these recent Internet scams are the fastest growing crimes in America today. You can make the Internet safer for everyone and help put a stop to this terrible crime just by reporting Internet scams to the IFCC. It will make a difference.

Copyright © 2005 Spyware Information.com All Rights Reserved.

This article is provided by http://www.spyware-information.com where you will find free spyware cleaners, downloads, removal software, valuable tips and updated articles about adware and spyware that show you how protect yourself from identity theft. For other informative spyware and identity protection articles go to http://spyware-information.com/articles_1.html

Watching how the traditional media covers the latest virus or scam would make one think we are all innocent victims and it is the “evil Internet” at work once again. News flash! Innocent? More like uninformed. Victim? In many cases add the word “willing.” The media’s point of view and how they choose to portray these occurrences always makes me chuckle.

In the past decade, there has been very little progress when it comes to onliners wanting to acquire just enough information and knowledge to know how to protect themselves. They throw their hands up claiming “I’m not a techie!” while they proceed to want to participate in “technienology.” The truth is these issues are part and parcel of participation.

Many do not update their virus programs (that is if they even have one in the first place) and they believe some of the most gratuitously ridiculous offers. That is as long as those “offers” insinuate easy riches with little effort or expense. To that end; there is your weakest link. The propensity to believe misinformation that caters to one’s inner desires.

When did plain old common sense go out the window? Why do the natural rules of trust, common sense and due diligence for some reason not seem to apply online? Off-line if these tactics were used, most would probably laugh the salesperson right out of the building! But online, we enter the surreal world of possibilities combined with the perception that some of the most important issues of all are ours to ignore or disregard if we so please.

When it comes to impeding scams and viruses there are three simple solutions:

1. For Scams: Simply don’t believe it; none of it! If it comes in an e-mail you didn’t request—just hit delete! If it’s on a Web site, do your due diligence to confirm claims and to ask for recommendations and proof. Investigate how long the site has been online. Read their terms and conditions. E-mail them with every single question you may have before you give them one red cent of your hard earned dollars. Only proceed if you receive timely and concise answers. Not willing to make these efforts? Then plan on getting ripped off and you deserve it! Buyer beware? More like buyer be informed!

2. For Viruses: Update your virus software every time you log on. Simple. Don’t click on any links within e-mails that you are not expecting. Most virus software has an automatic scheduler so that the software can update daily at specified times. Once this is setup you will no longer have to manually update. Then, keep your update subscription current. Remember, you computer doesn’t know what to protect you from without these updates!

3. Make an effort in both these areas to understand the tools and resources available to you to help you participate in a smart and informed manner. You can literally check anything out online by searching Google to find reviews, warnings or even accolades and recommendations. Take the time to use and absorb the information available to you if you want to participate in information technology!

By following the above three steps, those who create viruses wouldn’t have a leg to stand on and the scammers would not be in business by taking advantage of what folks don’t want to take the time to understand or verify.

As long as Netizens do not make a concerned effort to be informed there will be someone out there willing to take advantage of them. Don’t blame technology; don’t blame the scammers and hackers. The blame should be placed with those who can easily avoid these situations, but choose to not be informed enough to do so.

About the Author:

Judith Kallos is an authoritative and good-humored Technology Muse who has played @ http://www.TheIStudio.com for over a decade.

Check out her popular Technology Cheat Sheets: http://www.LearnAndThrive.com